Wordfence Intelligence   >   Vulnerability Researchers   >   Le Ngoc Anh

Le Ngoc Anh

Organization: sun*inc

32
All Time Ranking
96
All Time Discoveries

Showing 81-96 of 96 Vulnerabilities

Contact Form to Any API <= 1.1.8 - Authenticated (Subscriber+) SQL Injection
9.9
CVE-2024-30242
Mar 26, 2024
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Media Library Folders <= 8.1.7 - Authenticated (Author+) SQL Injection
9.9
CVE-2024-30486
Mar 28, 2024
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
LearnPress Export Import <= 4.0.3 - Authenticated (Administrator+) SQL Injection
9.1
CVE-2024-31241
Apr 5, 2024
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
OAuth Server <= 4.3.3 - Open Redirect
5.4
CVE-2024-31253
Apr 5, 2024
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
WebinarPress <= 1.33.9 - Reflected Cross-Site Scripting
6.1
CVE-2024-31256
Apr 5, 2024
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
ELEX WooCommerce Dynamic Pricing and Discounts <= 2.1.2 - Reflected Cross-Site Scripting
6.1
CVE-2024-31255
Apr 5, 2024
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Advanced Page Visit Counter <= 8.0.6 - Authenticated (Administrator+) SQL Injection
9.1
CVE-2024-32098
Apr 11, 2024
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Product Feed on WooCommerce for Google <= 3.5.7 - Authenticated (Administrator+) SQL Injection
9.1
CVE-2024-32087
Apr 11, 2024
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Freshdesk (official) <= 2.3.6 - Open Redirect
6.1
CVE-2024-32129
Apr 12, 2024
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Find Duplicates <= 1.4.6 - Authenticated (Subscriber+) SQL Injection
9.9
CVE-2024-32127
Apr 12, 2024
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Regenerate post permalink <= 1.0.3 - Cross-Site Request Forgery
4.3
CVE-2024-33681
Apr 19, 2024
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
The Pack Elementor addons (Header Footer & WooCommerce Builder, Template Library) <= 2.0.8.3 - Reflected Cross-Site Scripting
6.1
CVE-2024-32785
Apr 22, 2024
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Seers | GDPR & CCPA Cookie Consent & Compliance <= 8.1.0 - Cross-Site Request Forgery
6.1
CVE-2024-32789
Apr 22, 2024
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
CodeBard's Patron Button and Widgets for Patreon <= 2.2.0 - Reflected Cross-Site Scripting
6.1
CVE-2024-33928
Apr 29, 2024
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Shipment Tracking, Tracking, and Order Tracking for WooCommerce – ParcelPanel (Free to install) <= 3.8.2 - Authenticated (Subscriber+) SQL Injection
9.9
CVE-2024-34412
May 6, 2024
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Unlimited Elements For Elementor (Free Widgets, Addons, Templates) <= 1.5.102 - Reflected Cross-Site Scripting
6.1
CVE-2024-3547
May 9, 2024
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Title CVE ID CVSS Vector Date
Contact Form to Any API <= 1.1.8 - Authenticated (Subscriber+) SQL Injection CVE-2024-30242 9.9 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H March 26, 2024
Media Library Folders <= 8.1.7 - Authenticated (Author+) SQL Injection CVE-2024-30486 9.9 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H March 28, 2024
LearnPress Export Import <= 4.0.3 - Authenticated (Administrator+) SQL Injection CVE-2024-31241 9.1 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H April 5, 2024
OAuth Server <= 4.3.3 - Open Redirect CVE-2024-31253 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N April 5, 2024
WebinarPress <= 1.33.9 - Reflected Cross-Site Scripting CVE-2024-31256 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N April 5, 2024
ELEX WooCommerce Dynamic Pricing and Discounts <= 2.1.2 - Reflected Cross-Site Scripting CVE-2024-31255 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N April 5, 2024
Advanced Page Visit Counter <= 8.0.6 - Authenticated (Administrator+) SQL Injection CVE-2024-32098 9.1 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H April 11, 2024
Product Feed on WooCommerce for Google <= 3.5.7 - Authenticated (Administrator+) SQL Injection CVE-2024-32087 9.1 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H April 11, 2024
Freshdesk (official) <= 2.3.6 - Open Redirect CVE-2024-32129 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N April 12, 2024
Find Duplicates <= 1.4.6 - Authenticated (Subscriber+) SQL Injection CVE-2024-32127 9.9 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H April 12, 2024
Regenerate post permalink <= 1.0.3 - Cross-Site Request Forgery CVE-2024-33681 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N April 19, 2024
The Pack Elementor addons (Header Footer & WooCommerce Builder, Template Library) <= 2.0.8.3 - Reflected Cross-Site Scripting CVE-2024-32785 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N April 22, 2024
Seers | GDPR & CCPA Cookie Consent & Compliance <= 8.1.0 - Cross-Site Request Forgery CVE-2024-32789 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N April 22, 2024
CodeBard's Patron Button and Widgets for Patreon <= 2.2.0 - Reflected Cross-Site Scripting CVE-2024-33928 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N April 29, 2024
Shipment Tracking, Tracking, and Order Tracking for WooCommerce – ParcelPanel (Free to install) <= 3.8.2 - Authenticated (Subscriber+) SQL Injection CVE-2024-34412 9.9 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H May 6, 2024
Unlimited Elements For Elementor (Free Widgets, Addons, Templates) <= 1.5.102 - Reflected Cross-Site Scripting CVE-2024-3547 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N May 9, 2024

Share this researcher's vulnerability discoveries

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation