Nguyen Anh Tien

71
All Time Ranking
42
All Time Discoveries

Showing 1-20 of 42 Vulnerabilities

Title CVE ID CVSS Vector Date
Auto Amazon Links <= 5.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting CVE-2023-52175 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N December 29, 2023
Easy Digital Downloads <= 3.1.5 - Missing Authorization CVE-2023-40005 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N December 26, 2023
HUSKY – Products Filter for WooCommerce (formerly WOOF) <= 1.3.4.2 - Unauthenticated SQL Injection via search terms CVE-2023-40010 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H November 27, 2023
Easy Social Icons <= 3.2.4 - Missing Authorization via cnss_save_ajax_order CVE-2023-33998 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N November 7, 2023
BetterLinks <= 1.6.0 - Improper Authorization to Data Import and Export CVE-2023-45104 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N October 18, 2023
IMPress Listings <= 2.6.2 - Missing Authorization CVE-2023-45633 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L October 11, 2023
Redirection for Contact Form 7 <= 2.9.2 - Missing Authorization CVE-2023-39920 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N October 3, 2023
WPvivid Backup Plugin <= 0.9.90 - Missing Authorization via 'start_staging' and 'get_staging_progress' CVE-2023-41243 8.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H September 12, 2023
Carousel Slider <= 2.2.2 - Missing Authorization CVE-2023-41848 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N September 5, 2023
Simple Giveaways <= 2.46.0 - Missing Authorization via AJAX actions CVE-2023-23893 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N July 4, 2023
Download Monitor <= 4.8.3 - Authenticated(Subscriber+) Arbitrary File Upload via upload_file CVE-2023-34007 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H June 7, 2023
Leyka <= 3.30.2 - Privilege Escalation via Admin Password Reset CVE-2023-33327 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H May 22, 2023
Link Whisper Free <= 0.6.3 - Missing Authorization via init() CVE-2023-32506 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N May 10, 2023
Easy Digital Downloads 3.1 - 3.1.1.4.1 - Unauthenticated Arbitrary Password Reset to Privilege Escalation CVE-2023-30869 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H May 2, 2023
If Menu <= 0.16.3 - Missing Authorization to Admin Settings Modification CVE-2022-41698 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N March 22, 2023
WordPress Email Marketing Plugin – WP Email Capture <= 3.10 - Information Exposure via wp_email_capture_options_process CVE-2023-28421 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N March 15, 2023
WordPress Email Marketing Plugin – WP Email Capture <= 3.10 - Missing Authorization to Email Capture List Download CVE-2023-28421 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N March 14, 2023
WP-RecentComments <= 2.2.7 - Unauthenticated Information Exposure CVE-2023-23886 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N February 22, 2023
Gutenberg Forms <= 2.2.8.3 - Authenticated(Subscriber+) Sensitive Information Disclosure CVE-2022-45803 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N February 6, 2023
Auto Affiliate Links <= 6.2.1.5 - Authenticated (Subscriber+) Plugin Settings Change CVE-2022-45840 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N February 6, 2023

Share this researcher's vulnerability discoveries

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation