🧹It's time for some spring cleaning! All researchers earn over 6.25x our normal bounty rates, through May 27th, 2024, when Wordfence handles responsible disclosure for our Spring Cleaning Bug Extravaganza! Learn more about our bug bounty program
Register as a researcher and submit your vulnerabilities today!

Wordfence Intelligence > Vulnerability Researchers > Nguyen Anh Tien

Nguyen Anh Tien

All Time Ranking

All Time Discoveries

Showing 1-20 of 42 Vulnerabilities

Auto Amazon Links <= 5.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVE-2023-52175

Dec 29, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

Easy Digital Downloads <= 3.1.5 - Missing Authorization

5.3

CVE-2023-40005

Dec 26, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

HUSKY – Products Filter for WooCommerce (formerly WOOF) <= 1.3.4.2 - Unauthenticated SQL Injection via search terms

9.8

CVE-2023-40010

Nov 27, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Easy Social Icons <= 3.2.4 - Missing Authorization via cnss_save_ajax_order

4.3

CVE-2023-33998

Nov 7, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

BetterLinks <= 1.6.0 - Improper Authorization to Data Import and Export

6.5

CVE-2023-45104

Oct 18, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

IMPress Listings <= 2.6.2 - Missing Authorization

6.5

CVE-2023-45633

Oct 11, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

Redirection for Contact Form 7 <= 2.9.2 - Missing Authorization

5.3

CVE-2023-39920

Oct 3, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

WPvivid Backup Plugin <= 0.9.90 - Missing Authorization via 'start_staging' and 'get_staging_progress'

8.3

CVE-2023-41243

Sep 12, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H

Carousel Slider <= 2.2.2 - Missing Authorization

4.3

CVE-2023-41848

Sep 5, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Simple Giveaways <= 2.46.0 - Missing Authorization via AJAX actions

6.5

CVE-2023-23893

Jul 4, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Download Monitor <= 4.8.3 - Authenticated(Subscriber+) Arbitrary File Upload via upload_file

8.8

CVE-2023-34007

Jun 7, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Leyka <= 3.30.2 - Privilege Escalation via Admin Password Reset

9.8

CVE-2023-33327

May 22, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Link Whisper Free <= 0.6.3 - Missing Authorization via init()

5.3

CVE-2023-32506

May 10, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Easy Digital Downloads 3.1 - 3.1.1.4.1 - Unauthenticated Arbitrary Password Reset to Privilege Escalation

9.8

CVE-2023-30869

May 2, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

If Menu <= 0.16.3 - Missing Authorization to Admin Settings Modification

5.3

CVE-2022-41698

Mar 22, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

WordPress Email Marketing Plugin – WP Email Capture <= 3.10 - Information Exposure via wp_email_capture_options_process

5.3

CVE-2023-28421

Mar 15, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

WordPress Email Marketing Plugin – WP Email Capture <= 3.10 - Missing Authorization to Email Capture List Download

8.2

CVE-2023-28421

Mar 14, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

WP-RecentComments <= 2.2.7 - Unauthenticated Information Exposure

5.3

CVE-2023-23886

Feb 22, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Gutenberg Forms <= 2.2.8.3 - Authenticated(Subscriber+) Sensitive Information Disclosure

6.5

CVE-2022-45803

Feb 6, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Auto Affiliate Links <= 6.2.1.5 - Authenticated (Subscriber+) Plugin Settings Change

5.4

CVE-2022-45840

Feb 6, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

Title	CVE ID	CVSS	Vector	Date
Auto Amazon Links <= 5.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting	CVE-2023-52175	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	December 29, 2023
Easy Digital Downloads <= 3.1.5 - Missing Authorization	CVE-2023-40005	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N	December 26, 2023
HUSKY – Products Filter for WooCommerce (formerly WOOF) <= 1.3.4.2 - Unauthenticated SQL Injection via search terms	CVE-2023-40010	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	November 27, 2023
Easy Social Icons <= 3.2.4 - Missing Authorization via cnss_save_ajax_order	CVE-2023-33998	4.3	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N	November 7, 2023
BetterLinks <= 1.6.0 - Improper Authorization to Data Import and Export	CVE-2023-45104	6.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N	October 18, 2023
IMPress Listings <= 2.6.2 - Missing Authorization	CVE-2023-45633	6.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L	October 11, 2023
Redirection for Contact Form 7 <= 2.9.2 - Missing Authorization	CVE-2023-39920	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N	October 3, 2023
WPvivid Backup Plugin <= 0.9.90 - Missing Authorization via 'start_staging' and 'get_staging_progress'	CVE-2023-41243	8.3	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H	September 12, 2023
Carousel Slider <= 2.2.2 - Missing Authorization	CVE-2023-41848	4.3	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N	September 5, 2023
Simple Giveaways <= 2.46.0 - Missing Authorization via AJAX actions	CVE-2023-23893	6.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N	July 4, 2023
Download Monitor <= 4.8.3 - Authenticated(Subscriber+) Arbitrary File Upload via upload_file	CVE-2023-34007	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	June 7, 2023
Leyka <= 3.30.2 - Privilege Escalation via Admin Password Reset	CVE-2023-33327	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	May 22, 2023
Link Whisper Free <= 0.6.3 - Missing Authorization via init()	CVE-2023-32506	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N	May 10, 2023
Easy Digital Downloads 3.1 - 3.1.1.4.1 - Unauthenticated Arbitrary Password Reset to Privilege Escalation	CVE-2023-30869	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	May 2, 2023
If Menu <= 0.16.3 - Missing Authorization to Admin Settings Modification	CVE-2022-41698	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N	March 22, 2023
WordPress Email Marketing Plugin – WP Email Capture <= 3.10 - Information Exposure via wp_email_capture_options_process	CVE-2023-28421	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N	March 15, 2023
WordPress Email Marketing Plugin – WP Email Capture <= 3.10 - Missing Authorization to Email Capture List Download	CVE-2023-28421	8.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N	March 14, 2023
WP-RecentComments <= 2.2.7 - Unauthenticated Information Exposure	CVE-2023-23886	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N	February 22, 2023
Gutenberg Forms <= 2.2.8.3 - Authenticated(Subscriber+) Sensitive Information Disclosure	CVE-2022-45803	6.5	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N	February 6, 2023
Auto Affiliate Links <= 6.2.1.5 - Authenticated (Subscriber+) Plugin Settings Change	CVE-2022-45840	5.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N	February 6, 2023

Share this researcher's vulnerability discoveries

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation