🧹It's time for some spring cleaning! All researchers earn over 6.25x our normal bounty rates, through May 27th, 2024, when Wordfence handles responsible disclosure for our Spring Cleaning Bug Extravaganza! Learn more about our bug bounty program
Register as a researcher and submit your vulnerabilities today!

Wordfence Intelligence > Vulnerability Researchers > Nguyen Anh Tien

Nguyen Anh Tien

All Time Ranking

All Time Discoveries

Showing 21-40 of 42 Vulnerabilities

Ivory Search – WordPress Search Plugin <= 4.5.10 - Reflected Cross-Site Scripting

6.1

CVE ID Unknown

Feb 1, 2021

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

WP Customer Reviews <= 3.4.2 - Multiple Stored Cross-Site Scripting

6.1

CVE-2021-24135

Aug 20, 2020

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Auto Amazon Links <= 5.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVE-2023-52175

Dec 29, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

Testimonial Rotator <= 3.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVE-2021-24156

Feb 19, 2021

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

BetterLinks <= 1.6.0 - Improper Authorization to Data Import and Export

6.5

CVE-2023-45104

Oct 18, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

IMPress Listings <= 2.6.2 - Missing Authorization

6.5

CVE-2023-45633

Oct 11, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

Simple Giveaways <= 2.46.0 - Missing Authorization via AJAX actions

6.5

CVE-2023-23893

Jul 4, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Gutenberg Forms <= 2.2.8.3 - Authenticated(Subscriber+) Sensitive Information Disclosure

6.5

CVE-2022-45803

Feb 6, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Permalink Manager Lite <= 2.2.20 - Missing Authorization

6.5

CVE-2022-41781

Nov 1, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

WP Google Map Plugin <= 4.1.4 - Authenticated SQL Injection via Orderby

7.2

CVE-2021-24130

Nov 25, 2020

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Anti-Spam by CleanTalk < 5.149 - Authenticated SQL Injection

7.2

CVE-2021-24131

Nov 20, 2020

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

AdRotate < 5.8.4 - Authenticated SQL Injection

7.2

CVE-2021-24138

Jun 3, 2020

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Customizable WordPress Gallery Plugin – Modula Image Gallery <= 2.6.9 - Missing Authorization to Plugin Settings Change

7.5

CVE-2022-41135

Oct 28, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

WordPress Email Marketing Plugin – WP Email Capture <= 3.10 - Missing Authorization to Email Capture List Download

8.2

CVE-2023-28421

Mar 14, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

WPvivid Backup Plugin <= 0.9.90 - Missing Authorization via 'start_staging' and 'get_staging_progress'

8.3

CVE-2023-41243

Sep 12, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H

Download Monitor <= 4.8.3 - Authenticated(Subscriber+) Arbitrary File Upload via upload_file

8.8

CVE-2023-34007

Jun 7, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Slider by 10Web <= 1.2.35 - SQL Injection

8.8

CVE-2021-24132

Sep 29, 2020

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Blog2Social: Social Media Auto Post & Scheduler <= 6.3.0 - Authenticated SQL Injection

8.8

CVE-2021-24137

May 29, 2020

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

HUSKY – Products Filter for WooCommerce (formerly WOOF) <= 1.3.4.2 - Unauthenticated SQL Injection via search terms

9.8

CVE-2023-40010

Nov 27, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Leyka <= 3.30.2 - Privilege Escalation via Admin Password Reset

9.8

CVE-2023-33327

May 22, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Title	CVE ID	CVSS	Vector	Date
Ivory Search – WordPress Search Plugin <= 4.5.10 - Reflected Cross-Site Scripting		6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	February 1, 2021
WP Customer Reviews <= 3.4.2 - Multiple Stored Cross-Site Scripting	CVE-2021-24135	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	August 20, 2020
Auto Amazon Links <= 5.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting	CVE-2023-52175	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	December 29, 2023
Testimonial Rotator <= 3.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting	CVE-2021-24156	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	February 19, 2021
BetterLinks <= 1.6.0 - Improper Authorization to Data Import and Export	CVE-2023-45104	6.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N	October 18, 2023
IMPress Listings <= 2.6.2 - Missing Authorization	CVE-2023-45633	6.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L	October 11, 2023
Simple Giveaways <= 2.46.0 - Missing Authorization via AJAX actions	CVE-2023-23893	6.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N	July 4, 2023
Gutenberg Forms <= 2.2.8.3 - Authenticated(Subscriber+) Sensitive Information Disclosure	CVE-2022-45803	6.5	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N	February 6, 2023
Permalink Manager Lite <= 2.2.20 - Missing Authorization	CVE-2022-41781	6.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L	November 1, 2022
WP Google Map Plugin <= 4.1.4 - Authenticated SQL Injection via Orderby	CVE-2021-24130	7.2	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H	November 25, 2020
Anti-Spam by CleanTalk < 5.149 - Authenticated SQL Injection	CVE-2021-24131	7.2	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H	November 20, 2020
AdRotate < 5.8.4 - Authenticated SQL Injection	CVE-2021-24138	7.2	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H	June 3, 2020
Customizable WordPress Gallery Plugin – Modula Image Gallery <= 2.6.9 - Missing Authorization to Plugin Settings Change	CVE-2022-41135	7.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N	October 28, 2022
WordPress Email Marketing Plugin – WP Email Capture <= 3.10 - Missing Authorization to Email Capture List Download	CVE-2023-28421	8.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N	March 14, 2023
WPvivid Backup Plugin <= 0.9.90 - Missing Authorization via 'start_staging' and 'get_staging_progress'	CVE-2023-41243	8.3	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H	September 12, 2023
Download Monitor <= 4.8.3 - Authenticated(Subscriber+) Arbitrary File Upload via upload_file	CVE-2023-34007	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	June 7, 2023
Slider by 10Web <= 1.2.35 - SQL Injection	CVE-2021-24132	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	September 29, 2020
Blog2Social: Social Media Auto Post & Scheduler <= 6.3.0 - Authenticated SQL Injection	CVE-2021-24137	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	May 29, 2020
HUSKY – Products Filter for WooCommerce (formerly WOOF) <= 1.3.4.2 - Unauthenticated SQL Injection via search terms	CVE-2023-40010	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	November 27, 2023
Leyka <= 3.30.2 - Privilege Escalation via Admin Password Reset	CVE-2023-33327	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	May 22, 2023

Share this researcher's vulnerability discoveries

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation