Wordfence Intelligence   >   Vulnerability Researchers   >   Ngô Thiên An (ancorn_)

Ngô Thiên An (ancorn_)

Organization: VNPT-VCI

11
All Time Ranking
229
All Time Discoveries

About

Working for passion

5 Achievements

Learn more about Achievements
Submitted 50 Vulnerabilities
Submitted 50 Vulnerabilities
May 15, 2024
Submitted 25 Vulnerabilities
Submitted 25 Vulnerabilities
April 12, 2024
Submitted 10 Vulnerabilities
Submitted 10 Vulnerabilities
March 7, 2024
Submitted 5 Vulnerabilities
Submitted 5 Vulnerabilities
February 2, 2024
Submitted 1 Vulnerability
Submitted 1 Vulnerability
December 18, 2023
Learn more Learn more about Achievements

Showing 1-20 of 229 Vulnerabilities

vCita Online Booking & Scheduling Calendar <= 4.4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
6.4
CVE-2024-35761
Jul 17, 2024
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
Arkhe Blocks <= 2.22.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
6.4
CVE-2024-38675
Jul 10, 2024
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
Caxton – Create Pro page layouts in Gutenberg <= 1.30.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
6.4
CVE-2024-37948
Jul 10, 2024
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
Genesis Blocks <= 3.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Sharing Block Attributes
6.4
CVE-2024-3563
Jul 8, 2024
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
Elementor Addons by Livemesh <= 8.3.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Posts Grid
6.4
CVE-2024-3639
Jul 3, 2024
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
Ultimate Addons for Elementor <= 1.36.31 - Authenticated (Contributor+) Privilege Escalation
8.8
CVE-2024-37455
Jul 1, 2024
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Church Admin <= 4.4.4 - Missing Authorization
5.3
CVE-2024-37440
Jun 28, 2024
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce <= 5.6.0- Authenticated (Contributor+) Stored Cross-Site Scripting
6.4
CVE-2024-4983
Jun 26, 2024
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
Elementor Addon Elements <= 1.13.5 - Authenticated (Contributor+) Stored Cross-Site Scripting
6.4
CVE-2024-4569
Jun 26, 2024
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
Elegant Themes Icons <= 1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting
6.4
CVE-2024-37100
Jun 20, 2024
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
DImage 360 <= 2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
6.4
CVE-2024-35774
Jun 18, 2024
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
Divi <= 4.25.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
6.4
CVE-2024-5533
Jun 17, 2024
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
Church Admin <= 4.4.4 - Authenticated (Contributor+) Stored Cross-Site Scripting
6.4
CVE-2024-35764
Jun 17, 2024
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
Shariff Wrapper <= 4.6.13 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
6.4
CVE-2024-2695
Jun 14, 2024
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
ElementsKit PRO <= 3.6.1 - Authenticated (Contributor+) Server-Side Request Forgery
8.5
CVE-2024-4404
Jun 13, 2024
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N
Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) <= 5.6.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via onclick events
6.4
CVE-2024-3925
Jun 11, 2024
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
SiteOrigin Widgets Bundle <= 1.61.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via SiteOrigin Blog Widget
6.4
CVE-2024-5090
Jun 10, 2024
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
Clever Fox <= 25.2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
6.4
CVE-2024-1768
Jun 6, 2024
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
Royal Elementor Addons and Templates <= 1.3.976 - Authenticated (Contributor+) Stored Cross-Site Scripting
6.4
CVE-2024-4488
Jun 6, 2024
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel – Combo Blocks <= 2.2.80 - Authenticated (Contributor+) Stored Cross-Site Scripting
6.4
CVE-2024-1988
Jun 6, 2024
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
Title CVE ID CVSS Vector Date
vCita Online Booking & Scheduling Calendar <= 4.4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting CVE-2024-35761 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N July 17, 2024
Arkhe Blocks <= 2.22.1 - Authenticated (Contributor+) Stored Cross-Site Scripting CVE-2024-38675 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N July 10, 2024
Caxton – Create Pro page layouts in Gutenberg <= 1.30.1 - Authenticated (Contributor+) Stored Cross-Site Scripting CVE-2024-37948 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N July 10, 2024
Genesis Blocks <= 3.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Sharing Block Attributes CVE-2024-3563 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N July 8, 2024
Elementor Addons by Livemesh <= 8.3.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Posts Grid CVE-2024-3639 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N July 3, 2024
Ultimate Addons for Elementor <= 1.36.31 - Authenticated (Contributor+) Privilege Escalation CVE-2024-37455 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H July 1, 2024
Church Admin <= 4.4.4 - Missing Authorization CVE-2024-37440 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N June 28, 2024
The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce <= 5.6.0- Authenticated (Contributor+) Stored Cross-Site Scripting CVE-2024-4983 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N June 26, 2024
Elementor Addon Elements <= 1.13.5 - Authenticated (Contributor+) Stored Cross-Site Scripting CVE-2024-4569 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N June 26, 2024
Elegant Themes Icons <= 1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting CVE-2024-37100 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N June 20, 2024
DImage 360 <= 2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting CVE-2024-35774 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N June 18, 2024
Divi <= 4.25.1 - Authenticated (Contributor+) Stored Cross-Site Scripting CVE-2024-5533 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N June 17, 2024
Church Admin <= 4.4.4 - Authenticated (Contributor+) Stored Cross-Site Scripting CVE-2024-35764 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N June 17, 2024
Shariff Wrapper <= 4.6.13 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode CVE-2024-2695 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N June 14, 2024
ElementsKit PRO <= 3.6.1 - Authenticated (Contributor+) Server-Side Request Forgery CVE-2024-4404 8.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N June 13, 2024
Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) <= 5.6.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via onclick events CVE-2024-3925 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N June 11, 2024
SiteOrigin Widgets Bundle <= 1.61.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via SiteOrigin Blog Widget CVE-2024-5090 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N June 10, 2024
Clever Fox <= 25.2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting CVE-2024-1768 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N June 6, 2024
Royal Elementor Addons and Templates <= 1.3.976 - Authenticated (Contributor+) Stored Cross-Site Scripting CVE-2024-4488 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N June 6, 2024
Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel – Combo Blocks <= 2.2.80 - Authenticated (Contributor+) Stored Cross-Site Scripting CVE-2024-1988 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N June 6, 2024

Share this researcher's vulnerability discoveries

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation