🧹It's time for some spring cleaning! All researchers earn over 6.25x our normal bounty rates, through May 27th, 2024, when Wordfence handles responsible disclosure for our Spring Cleaning Bug Extravaganza! Learn more about our bug bounty program
Register as a researcher and submit your vulnerabilities today!

Wordfence Intelligence > Vulnerability Researchers > Ngô Thiên An (ancorn_)

Ngô Thiên An (ancorn_)

Organization: VNPT-VCI

All Time Ranking

182

All Time Discoveries

About

Working for passion

4 Achievements

Learn more about Achievements

Learn more Learn more about Achievements

Showing 121-140 of 182 Vulnerabilities

Keap Official Opt-in Forms <= 1.0.11 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVE-2023-52192

Jan 3, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

oEmbed Gist <= 4.9.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVE-2023-52194

Jan 3, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

Posts to Page <= 1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVE-2023-52195

Jan 3, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

Private Google Calendars <= 20231125 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVE-2023-52198

Jan 3, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

Page Builder: Live Composer <= 1.5.23 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVE-2023-52193

Jan 3, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

Randomize <= 1.4.3 - Authenticated (Contributor+) SQL Injection

8.8

CVE-2023-52204

Jan 3, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EmbedPress – Embed PDF, YouTube, Google Docs, Vimeo, Wistia Videos, Audios, Maps & Any Documents in Gutenberg & Elementor <= 3.9.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

6.4

CVE-2023-6986

Jan 2, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

CBX Bookmark & Favorite <= 1.7.13 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVE-2023-51514

Dec 27, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

WPCS – WordPress Currency Switcher Professional <= 1.2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVE-2023-51506

Dec 27, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

CRM Perks Forms <= 1.1.2 - Authenticated (Administrator+) Stored Cross-Site Scripting

4.4

CVE-2023-51536

Dec 27, 2023

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N

Custom Post Carousels with Owl <= 1.4.6 - Authenticated (Editor+) Stored Cross-Site Scripting

4.4

CVE-2023-51493

Dec 27, 2023

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N

Dan's Embedder for Google Calendar <= 1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

6.4

CVE-2023-51504

Dec 27, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

Easy Video Player <= 1.2.2.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

6.4

CVE-2023-51689

Dec 27, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

Calculated Fields Form <= 1.2.28 - Authenticated (Contributor+) Open Redirect via Shortcode

4.3

CVE-2023-51517

Dec 27, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Back Button Widget <= 1.6.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

6.4

CVE-2023-51399

Dec 26, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

Advanced Access Manager <= 6.9.15 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVE-2023-50881

Dec 26, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

WordPress Infinite Scroll – Ajax Load More <= 6.1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVE-2023-50874

Dec 22, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

Booking for Appointments and Events Calendar – Amelia <= 1.0.85 - Stored Cross-Site Scripting via Shortcode

6.4

CVE-2023-50860

Dec 22, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

BookingPress <= 1.0.72 - Authenticated (Contributor+) SQL Injection

8.8

CVE-2023-50841

Dec 21, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Booking Manager <= 2.1.5 - Authenticated(Contributor+) SQL Injection via Shortcode

8.8

CVE-2023-50840

Dec 21, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Title	CVE ID	CVSS	Vector	Date
Keap Official Opt-in Forms <= 1.0.11 - Authenticated (Contributor+) Stored Cross-Site Scripting	CVE-2023-52192	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	January 3, 2024
oEmbed Gist <= 4.9.1 - Authenticated (Contributor+) Stored Cross-Site Scripting	CVE-2023-52194	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	January 3, 2024
Posts to Page <= 1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting	CVE-2023-52195	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	January 3, 2024
Private Google Calendars <= 20231125 - Authenticated (Contributor+) Stored Cross-Site Scripting	CVE-2023-52198	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	January 3, 2024
Page Builder: Live Composer <= 1.5.23 - Authenticated (Contributor+) Stored Cross-Site Scripting	CVE-2023-52193	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	January 3, 2024
Randomize <= 1.4.3 - Authenticated (Contributor+) SQL Injection	CVE-2023-52204	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	January 3, 2024
EmbedPress – Embed PDF, YouTube, Google Docs, Vimeo, Wistia Videos, Audios, Maps & Any Documents in Gutenberg & Elementor <= 3.9.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode	CVE-2023-6986	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	January 2, 2024
CBX Bookmark & Favorite <= 1.7.13 - Authenticated (Contributor+) Stored Cross-Site Scripting	CVE-2023-51514	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	December 27, 2023
WPCS – WordPress Currency Switcher Professional <= 1.2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting	CVE-2023-51506	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	December 27, 2023
CRM Perks Forms <= 1.1.2 - Authenticated (Administrator+) Stored Cross-Site Scripting	CVE-2023-51536	4.4	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N	December 27, 2023
Custom Post Carousels with Owl <= 1.4.6 - Authenticated (Editor+) Stored Cross-Site Scripting	CVE-2023-51493	4.4	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N	December 27, 2023
Dan's Embedder for Google Calendar <= 1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode	CVE-2023-51504	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	December 27, 2023
Easy Video Player <= 1.2.2.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode	CVE-2023-51689	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	December 27, 2023
Calculated Fields Form <= 1.2.28 - Authenticated (Contributor+) Open Redirect via Shortcode	CVE-2023-51517	4.3	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N	December 27, 2023
Back Button Widget <= 1.6.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode	CVE-2023-51399	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	December 26, 2023
Advanced Access Manager <= 6.9.15 - Authenticated (Contributor+) Stored Cross-Site Scripting	CVE-2023-50881	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	December 26, 2023
WordPress Infinite Scroll – Ajax Load More <= 6.1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting	CVE-2023-50874	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	December 22, 2023
Booking for Appointments and Events Calendar – Amelia <= 1.0.85 - Stored Cross-Site Scripting via Shortcode	CVE-2023-50860	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	December 22, 2023
BookingPress <= 1.0.72 - Authenticated (Contributor+) SQL Injection	CVE-2023-50841	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	December 21, 2023
Booking Manager <= 2.1.5 - Authenticated(Contributor+) SQL Injection via Shortcode	CVE-2023-50840	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	December 21, 2023

Share this researcher's vulnerability discoveries

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation