🧹It's time for some spring cleaning! All researchers earn over 6.25x our normal bounty rates, through May 27th, 2024, when Wordfence handles responsible disclosure for our Spring Cleaning Bug Extravaganza! Learn more about our bug bounty program
Register as a researcher and submit your vulnerabilities today!

Wordfence Intelligence > Vulnerability Researchers > minhtuanact

minhtuanact

All Time Ranking

All Time Discoveries

Showing 1-20 of 67 Vulnerabilities

Accessibility Suite by Online ADA <= 4.11 - Authenticated (Subscriber+) SQL Injection

9.8

CVE-2023-45830

Oct 13, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Contact form 7 Custom validation <= 1.1.3 - Unauthenticated SQL Injection via 'post'

9.8

CVE-2023-40609

Aug 17, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Ultimate Addons for Contact Form 7 <= 3.1.23 - Unauthenticated SQL Injection via form_id

9.8

CVE-2022-47586

May 9, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Advanced Booking Calendar <= 1.7.1 - Unauthenticated SQL Injection

9.8

CVE-2022-45822

Dec 2, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Event Espresso Free/Lite <= 3.1.37.12.L - Unauthenticated SQL Injection

9.8

CVE-2017-14760

Sep 30, 2019

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Live Streaming - Broadcast Live Video <= 5.5.15 - Missing Authorization to Unauthenticated Remote Code Execution

9.1

CVE-2023-25699

Feb 20, 2023

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Simple Photo Gallery <= 1.8.1 - Authenticated (Admin+) SQL Injection

9.1

CVE-2022-47588

Jan 27, 2023

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Icons Font Loader <= 1.1.2 - Authenticated (Subscriber+) SQL Injection

8.8

CVE-2023-46084

Oct 16, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Copy Or Move Comments <= 5.0.4 - Authenticated (Subscriber+) SQL Injection

8.8

CVE-2023-28748

Oct 3, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Accessibility Suite by Online ADA <= 4.12 - Authenticated (Subscriber+) SQL Injection

8.8

CVE-2022-47420

Apr 19, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Advanced Page Visit Counter <= 6.4.2 - Authenticated (Contributor+) SQL Injection

8.8

CVE-2023-28788

Mar 27, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Launchpad <= 1.0.13 - Cross-Site Request Forgery

8.8

CVE-2022-46854

Dec 12, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Advanced Booking Calendar <= 1.7.1 - Cross Site Request Forgery

8.8

CVE-2022-45824

Dec 1, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Donations Made Easy – Smart Donations <= 4.0.12 - Authenticated (Administrator+) SQL Injection

7.2

CVE-2023-40207

Aug 11, 2023

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Onepage Builder – Easiest Landing Page Builder For WordPress <= 2.4.1 - Authenticated (Administrator+) SQL Injection

7.2

CVE-2023-38391

Jul 20, 2023

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Order Your Posts Manually <= 2.2.5 - Authenticated (Administrator+) SQL Injection via 'sortdata'

7.2

CVE-2023-32508

May 10, 2023

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Shortcode IMDB <= 6.0.8 - Authenticated (Administrator+) SQL Injection

7.2

CVE-2022-47432

Apr 19, 2023

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

The School Management – Education & Learning Management <= 4.1 - Authenticated (Administrator+) SQL Injection

7.2

CVE-2022-47430

Apr 19, 2023

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Magic Post Thumbnail <= 4.1.10 - Unauthenticated Stored Cross-Site Scripting

7.2

CVE-2023-29171

Apr 3, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

Multi Rating <= 5.0.5 - Unauthenticated Stored Cross-Site Scripting

7.2

CVE-2022-47433

Feb 14, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

Title	CVE ID	CVSS	Vector	Date
Accessibility Suite by Online ADA <= 4.11 - Authenticated (Subscriber+) SQL Injection	CVE-2023-45830	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	October 13, 2023
Contact form 7 Custom validation <= 1.1.3 - Unauthenticated SQL Injection via 'post'	CVE-2023-40609	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	August 17, 2023
Ultimate Addons for Contact Form 7 <= 3.1.23 - Unauthenticated SQL Injection via form_id	CVE-2022-47586	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	May 9, 2023
Advanced Booking Calendar <= 1.7.1 - Unauthenticated SQL Injection	CVE-2022-45822	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	December 2, 2022
Event Espresso Free/Lite <= 3.1.37.12.L - Unauthenticated SQL Injection	CVE-2017-14760	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	September 30, 2019
Live Streaming - Broadcast Live Video <= 5.5.15 - Missing Authorization to Unauthenticated Remote Code Execution	CVE-2023-25699	9.1	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H	February 20, 2023
Simple Photo Gallery <= 1.8.1 - Authenticated (Admin+) SQL Injection	CVE-2022-47588	9.1	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H	January 27, 2023
Icons Font Loader <= 1.1.2 - Authenticated (Subscriber+) SQL Injection	CVE-2023-46084	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	October 16, 2023
Copy Or Move Comments <= 5.0.4 - Authenticated (Subscriber+) SQL Injection	CVE-2023-28748	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	October 3, 2023
Accessibility Suite by Online ADA <= 4.12 - Authenticated (Subscriber+) SQL Injection	CVE-2022-47420	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	April 19, 2023
Advanced Page Visit Counter <= 6.4.2 - Authenticated (Contributor+) SQL Injection	CVE-2023-28788	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	March 27, 2023
Launchpad <= 1.0.13 - Cross-Site Request Forgery	CVE-2022-46854	8.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H	December 12, 2022
Advanced Booking Calendar <= 1.7.1 - Cross Site Request Forgery	CVE-2022-45824	8.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H	December 1, 2022
Donations Made Easy – Smart Donations <= 4.0.12 - Authenticated (Administrator+) SQL Injection	CVE-2023-40207	7.2	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H	August 11, 2023
Onepage Builder – Easiest Landing Page Builder For WordPress <= 2.4.1 - Authenticated (Administrator+) SQL Injection	CVE-2023-38391	7.2	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H	July 20, 2023
Order Your Posts Manually <= 2.2.5 - Authenticated (Administrator+) SQL Injection via 'sortdata'	CVE-2023-32508	7.2	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H	May 10, 2023
Shortcode IMDB <= 6.0.8 - Authenticated (Administrator+) SQL Injection	CVE-2022-47432	7.2	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H	April 19, 2023
The School Management – Education & Learning Management <= 4.1 - Authenticated (Administrator+) SQL Injection	CVE-2022-47430	7.2	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H	April 19, 2023
Magic Post Thumbnail <= 4.1.10 - Unauthenticated Stored Cross-Site Scripting	CVE-2023-29171	7.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N	April 3, 2023
Multi Rating <= 5.0.5 - Unauthenticated Stored Cross-Site Scripting	CVE-2022-47433	7.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N	February 14, 2023

Share this researcher's vulnerability discoveries

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation