Wordfence Intelligence   >   Vulnerability Researchers   >   Le Ngoc Anh

Le Ngoc Anh

Organization: sun*inc

34
All Time Ranking
107
All Time Discoveries

1 Achievement

Learn more about Achievements
Submitted 1 Vulnerability
Submitted 1 Vulnerability
May 21, 2024
Learn more Learn more about Achievements

Showing 1-20 of 107 Vulnerabilities

WooCommerce Report <= 1.4.5 - Reflected Cross-Site Scripting
6.1
CVE-2024-38683
Jul 10, 2024
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
MakeCommerce for WooCommerce <= 3.5.1 - Reflected Cross-Site Scripting
6.1
CVE-2024-37509
Jul 4, 2024
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Media Library Assistant <= 3.17 - Reflected Cross-Site Scripting
6.1
CVE-2024-5544
Jul 1, 2024
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
PayPlus Payment Gateway <= 6.6.8 - Reflected Cross-Site Scripting
6.1
CVE-2024-37459
Jul 1, 2024
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
WP-Lister Lite for Amazon <= 2.6.16 - Reflected Cross-Site Scripting
6.1
CVE-2024-37261
Jun 27, 2024
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Online Booking & Scheduling Calendar for WordPress by vcita <= 4.4.2 - Reflected Cross-Site Scripting
6.1
CVE-2024-37262
Jun 27, 2024
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Auto Coupons for WooCommerce <= 3.0.14 - Reflected Cross-Site Scripting
6.1
CVE-2024-35733
Jun 6, 2024
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Active Products Tables for WooCommerce. Use constructor to create tables <= 1.0.6.3 - Reflected Cross-Site Scripting
6.1
CVE-2024-35730
Jun 6, 2024
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Event Tickets with Ticket Scanner <= 2.3.1 - Reflected Cross-Site Scripting
6.1
CVE-2024-35652
Jun 3, 2024
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
POST SMTP Mailer – Email log, Delivery Failure Notifications and Best Mail SMTP for WordPress <= 2.9.3 - Authenticated (Administrator+) SQL Injection
7.2
CVE-2024-5207
May 22, 2024
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Media Library Assistant <= 3.15 - Reflected Cross-Site Scripting via lang
6.1
CVE-2024-3519
May 21, 2024
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Unlimited Elements For Elementor (Free Widgets, Addons, Templates) <= 1.5.102 - Reflected Cross-Site Scripting
6.1
CVE-2024-3547
May 9, 2024
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Shipment Tracking, Tracking, and Order Tracking for WooCommerce – ParcelPanel (Free to install) <= 3.8.2 - Authenticated (Subscriber+) SQL Injection
9.9
CVE-2024-34412
May 6, 2024
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
CodeBard's Patron Button and Widgets for Patreon <= 2.2.0 - Reflected Cross-Site Scripting
6.1
CVE-2024-33928
Apr 29, 2024
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Seers | GDPR & CCPA Cookie Consent & Compliance <= 8.1.0 - Cross-Site Request Forgery
6.1
CVE-2024-32789
Apr 22, 2024
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
The Pack Elementor addons (Header Footer & WooCommerce Builder, Template Library) <= 2.0.8.3 - Reflected Cross-Site Scripting
6.1
CVE-2024-32785
Apr 22, 2024
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Regenerate post permalink <= 1.0.3 - Cross-Site Request Forgery
4.3
CVE-2024-33681
Apr 19, 2024
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Freshdesk (official) <= 2.3.6 - Open Redirect
6.1
CVE-2024-32129
Apr 12, 2024
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Find Duplicates <= 1.4.6 - Authenticated (Subscriber+) SQL Injection
9.9
CVE-2024-32127
Apr 12, 2024
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Advanced Page Visit Counter <= 8.0.6 - Authenticated (Administrator+) SQL Injection
9.1
CVE-2024-32098
Apr 11, 2024
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Title CVE ID CVSS Vector Date
WooCommerce Report <= 1.4.5 - Reflected Cross-Site Scripting CVE-2024-38683 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N July 10, 2024
MakeCommerce for WooCommerce <= 3.5.1 - Reflected Cross-Site Scripting CVE-2024-37509 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N July 4, 2024
Media Library Assistant <= 3.17 - Reflected Cross-Site Scripting CVE-2024-5544 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N July 1, 2024
PayPlus Payment Gateway <= 6.6.8 - Reflected Cross-Site Scripting CVE-2024-37459 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N July 1, 2024
WP-Lister Lite for Amazon <= 2.6.16 - Reflected Cross-Site Scripting CVE-2024-37261 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N June 27, 2024
Online Booking & Scheduling Calendar for WordPress by vcita <= 4.4.2 - Reflected Cross-Site Scripting CVE-2024-37262 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N June 27, 2024
Auto Coupons for WooCommerce <= 3.0.14 - Reflected Cross-Site Scripting CVE-2024-35733 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N June 6, 2024
Active Products Tables for WooCommerce. Use constructor to create tables <= 1.0.6.3 - Reflected Cross-Site Scripting CVE-2024-35730 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N June 6, 2024
Event Tickets with Ticket Scanner <= 2.3.1 - Reflected Cross-Site Scripting CVE-2024-35652 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N June 3, 2024
POST SMTP Mailer – Email log, Delivery Failure Notifications and Best Mail SMTP for WordPress <= 2.9.3 - Authenticated (Administrator+) SQL Injection CVE-2024-5207 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H May 22, 2024
Media Library Assistant <= 3.15 - Reflected Cross-Site Scripting via lang CVE-2024-3519 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N May 21, 2024
Unlimited Elements For Elementor (Free Widgets, Addons, Templates) <= 1.5.102 - Reflected Cross-Site Scripting CVE-2024-3547 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N May 9, 2024
Shipment Tracking, Tracking, and Order Tracking for WooCommerce – ParcelPanel (Free to install) <= 3.8.2 - Authenticated (Subscriber+) SQL Injection CVE-2024-34412 9.9 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H May 6, 2024
CodeBard's Patron Button and Widgets for Patreon <= 2.2.0 - Reflected Cross-Site Scripting CVE-2024-33928 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N April 29, 2024
Seers | GDPR & CCPA Cookie Consent & Compliance <= 8.1.0 - Cross-Site Request Forgery CVE-2024-32789 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N April 22, 2024
The Pack Elementor addons (Header Footer & WooCommerce Builder, Template Library) <= 2.0.8.3 - Reflected Cross-Site Scripting CVE-2024-32785 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N April 22, 2024
Regenerate post permalink <= 1.0.3 - Cross-Site Request Forgery CVE-2024-33681 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N April 19, 2024
Freshdesk (official) <= 2.3.6 - Open Redirect CVE-2024-32129 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N April 12, 2024
Find Duplicates <= 1.4.6 - Authenticated (Subscriber+) SQL Injection CVE-2024-32127 9.9 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H April 12, 2024
Advanced Page Visit Counter <= 8.0.6 - Authenticated (Administrator+) SQL Injection CVE-2024-32098 9.1 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H April 11, 2024

Share this researcher's vulnerability discoveries

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation