🧹It's time for some spring cleaning! All researchers earn over 6.25x our normal bounty rates, through May 27th, 2024, when Wordfence handles responsible disclosure for our Spring Cleaning Bug Extravaganza! Learn more about our bug bounty program
Register as a researcher and submit your vulnerabilities today!

Wordfence Intelligence > Vulnerability Researchers > Le Ngoc Anh

Le Ngoc Anh

Organization: sun*inc

All Time Ranking

All Time Discoveries

Showing 1-20 of 89 Vulnerabilities

Find Duplicates <= 1.4.6 - Authenticated (Subscriber+) SQL Injection

9.9

CVE-2024-32127

Apr 12, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Media Library Folders <= 8.1.7 - Authenticated (Author+) SQL Injection

9.9

CVE-2024-30486

Mar 28, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

ChatBot <= 5.1.0 - Unauthenticated PHP Object Injection

9.8

CVE-2024-22309

Jan 19, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Asgaros Forum <= 2.7.2 - Unauthenticated PHP Object Injection in prepare_unread_status

9.8

CVE-2024-22284

Jan 16, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Email posts to subscribers <= 6.2 - Unauthenticated SQL Injection

9.8

CVE-2022-46818

Apr 19, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

ARMember <= 3.4.11 - Unauthenticated SQL Injection

9.8

CVE-2022-46808

Mar 27, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Product Feed on WooCommerce for Google <= 3.5.7 - Authenticated (Administrator+) SQL Injection

9.1

CVE-2024-32087

Apr 11, 2024

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Advanced Page Visit Counter <= 8.0.6 - Authenticated (Administrator+) SQL Injection

9.1

CVE-2024-32098

Apr 11, 2024

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

LearnPress Export Import <= 4.0.3 - Authenticated (Administrator+) SQL Injection

9.1

CVE-2024-31241

Apr 5, 2024

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

WP Testimonials <= 1.4.3 - Authenticated (Contributor+) SQL Injection

8.8

CVE-2024-25924

Jan 12, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Page Builder: Live Composer <= 1.5.25 - Authenticated (Author+) PHP Object Injection

8.8

CVE-2023-52206

Jan 3, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

SP Project & Document Manager <= 4.67 - Authenticated (Subscriber+) SQL Injection

8.8

CVE-2023-36677

Jun 30, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Short URL <= 1.6.4 - Authenticated (Subscriber+) SQL Injection

8.8

CVE-2022-46860

Jun 28, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

WP Booklet <= 2.1.8 - Authenticated (Subscriber+) Remote Code Execution

8.8

CVE-2023-22677

Jan 13, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

MultiVendorX Marketplace <= 4.1.2 - Missing Authorization

8.6

CVE-2024-24703

Jan 31, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L

pTypeConverter <= 0.2.8.1 - Authenticated (Editor+) SQL Injection

7.2

CVE-2023-52201

Jan 3, 2024

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Coming Soon Page <= 1.5.9 - Authenticated (Administrator+) SQL Injection

7.2

CVE-2022-46849

Jul 5, 2023

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

PostX – Gutenberg Blocks for Post Grid <= 2.9.9 - Unauthenticated Cross-Site Scripting

7.2

CVE-2023-36385

Jun 23, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

Return and Warranty Management System for WooCommerce <= 1.2.3 - Unauthenticated Stored Cross-Site Scripting

7.2

CVE-2023-22710

Mar 17, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

Welcart e-Commerce <= 2.8.10 - Unauthenticated Stored Cross-Site Scripting

7.2

CVE-2023-22705

Jan 27, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

Title	CVE ID	CVSS	Vector	Date
Find Duplicates <= 1.4.6 - Authenticated (Subscriber+) SQL Injection	CVE-2024-32127	9.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H	April 12, 2024
Media Library Folders <= 8.1.7 - Authenticated (Author+) SQL Injection	CVE-2024-30486	9.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H	March 28, 2024
ChatBot <= 5.1.0 - Unauthenticated PHP Object Injection	CVE-2024-22309	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	January 19, 2024
Asgaros Forum <= 2.7.2 - Unauthenticated PHP Object Injection in prepare_unread_status	CVE-2024-22284	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	January 16, 2024
Email posts to subscribers <= 6.2 - Unauthenticated SQL Injection	CVE-2022-46818	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	April 19, 2023
ARMember <= 3.4.11 - Unauthenticated SQL Injection	CVE-2022-46808	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	March 27, 2023
Product Feed on WooCommerce for Google <= 3.5.7 - Authenticated (Administrator+) SQL Injection	CVE-2024-32087	9.1	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H	April 11, 2024
Advanced Page Visit Counter <= 8.0.6 - Authenticated (Administrator+) SQL Injection	CVE-2024-32098	9.1	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H	April 11, 2024
LearnPress Export Import <= 4.0.3 - Authenticated (Administrator+) SQL Injection	CVE-2024-31241	9.1	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H	April 5, 2024
WP Testimonials <= 1.4.3 - Authenticated (Contributor+) SQL Injection	CVE-2024-25924	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	January 12, 2024
Page Builder: Live Composer <= 1.5.25 - Authenticated (Author+) PHP Object Injection	CVE-2023-52206	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	January 3, 2024
SP Project & Document Manager <= 4.67 - Authenticated (Subscriber+) SQL Injection	CVE-2023-36677	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	June 30, 2023
Short URL <= 1.6.4 - Authenticated (Subscriber+) SQL Injection	CVE-2022-46860	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	June 28, 2023
WP Booklet <= 2.1.8 - Authenticated (Subscriber+) Remote Code Execution	CVE-2023-22677	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	January 13, 2023
MultiVendorX Marketplace <= 4.1.2 - Missing Authorization	CVE-2024-24703	8.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L	January 31, 2024
pTypeConverter <= 0.2.8.1 - Authenticated (Editor+) SQL Injection	CVE-2023-52201	7.2	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H	January 3, 2024
Coming Soon Page <= 1.5.9 - Authenticated (Administrator+) SQL Injection	CVE-2022-46849	7.2	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H	July 5, 2023
PostX – Gutenberg Blocks for Post Grid <= 2.9.9 - Unauthenticated Cross-Site Scripting	CVE-2023-36385	7.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N	June 23, 2023
Return and Warranty Management System for WooCommerce <= 1.2.3 - Unauthenticated Stored Cross-Site Scripting	CVE-2023-22710	7.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N	March 17, 2023
Welcart e-Commerce <= 2.8.10 - Unauthenticated Stored Cross-Site Scripting	CVE-2023-22705	7.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N	January 27, 2023

Share this researcher's vulnerability discoveries

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation