🧹It's time for some spring cleaning! All researchers earn over 6.25x our normal bounty rates, through May 27th, 2024, when Wordfence handles responsible disclosure for our Spring Cleaning Bug Extravaganza! Learn more about our bug bounty program
Register as a researcher and submit your vulnerabilities today!

Wordfence Intelligence > Vulnerability Researchers > Nguyen Anh Tien

Nguyen Anh Tien

All Time Ranking

All Time Discoveries

Showing 1-20 of 42 Vulnerabilities

Photo Gallery by 10Web <= 1.5.54 - SQL Injection via bwg_search_x Parameter

9.8

CVE-2021-24139

May 15, 2020

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Blog2Social: Social Media Auto Post & Scheduler <= 6.3.0 - Authenticated SQL Injection

8.8

CVE-2021-24137

May 29, 2020

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AdRotate < 5.8.4 - Authenticated SQL Injection

7.2

CVE-2021-24138

Jun 3, 2020

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Testimonials Widget <= 3.5.1 - Multiple Authenticated Stored Cross-Site Scripting

5.4

CVE-2021-24136

Jul 3, 2020

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

WP Customer Reviews <= 3.4.2 - Multiple Stored Cross-Site Scripting

6.1

CVE-2021-24135

Aug 20, 2020

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

ActiveCampaign < 8.0.2 - Cross-Site Request Forgery

4.3

CVE-2021-24133

Sep 6, 2020

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Constant Contact Forms <= 1.8.7 Editor+ Stored Cross-Site Scripting

5.5

CVE-2021-24134

Sep 6, 2020

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N

Slider by 10Web <= 1.2.35 - SQL Injection

8.8

CVE-2021-24132

Sep 29, 2020

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Anti-Spam by CleanTalk < 5.149 - Authenticated SQL Injection

7.2

CVE-2021-24131

Nov 20, 2020

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

WP Google Map Plugin <= 4.1.4 - Authenticated SQL Injection via Orderby

7.2

CVE-2021-24130

Nov 25, 2020

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Themify Portfolio Post <= 1.1.5 - Authenticated Stored Cross-Site Scripting

5.4

CVE-2021-24129

Dec 4, 2020

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Ivory Search – WordPress Search Plugin <= 4.5.10 - Reflected Cross-Site Scripting

6.1

CVE ID Unknown

Feb 1, 2021

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Popup Builder <= 3.73 - Reflected Cross-Site Scripting

6.1

CVE-2021-24152

Feb 2, 2021

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Testimonial Rotator <= 3.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVE-2021-24156

Feb 19, 2021

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

5.4

CVE-2021-24180

Mar 15, 2021

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

SEO Redirection Plugin - 301 Redirect Manager <= 6.3 - Reflected Cross-Site Scripting

6.1

CVE-2021-24187

Mar 16, 2021

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Customizable WordPress Gallery Plugin – Modula Image Gallery <= 2.6.9 - Missing Authorization to Plugin Settings Change

7.5

CVE-2022-41135

Oct 28, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Subscribe to Category <= 2.7.3 - Missing Authorization

5.4

CVE-2022-43476

Oct 31, 2022

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

Permalink Manager Lite <= 2.2.20 - Missing Authorization

6.5

CVE-2022-41781

Nov 1, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

LoginPress | Custom Login Page Customizer <= 1.6.2 - Missing Authorization to Settings Changes

5.3

CVE-2022-41839

Nov 7, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Title	CVE ID	CVSS	Vector	Date
Photo Gallery by 10Web <= 1.5.54 - SQL Injection via bwg_search_x Parameter	CVE-2021-24139	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	May 15, 2020
Blog2Social: Social Media Auto Post & Scheduler <= 6.3.0 - Authenticated SQL Injection	CVE-2021-24137	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	May 29, 2020
AdRotate < 5.8.4 - Authenticated SQL Injection	CVE-2021-24138	7.2	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H	June 3, 2020
Testimonials Widget <= 3.5.1 - Multiple Authenticated Stored Cross-Site Scripting	CVE-2021-24136	5.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N	July 3, 2020
WP Customer Reviews <= 3.4.2 - Multiple Stored Cross-Site Scripting	CVE-2021-24135	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	August 20, 2020
ActiveCampaign < 8.0.2 - Cross-Site Request Forgery	CVE-2021-24133	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	September 6, 2020
Constant Contact Forms <= 1.8.7 Editor+ Stored Cross-Site Scripting	CVE-2021-24134	5.5	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N	September 6, 2020
Slider by 10Web <= 1.2.35 - SQL Injection	CVE-2021-24132	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	September 29, 2020
Anti-Spam by CleanTalk < 5.149 - Authenticated SQL Injection	CVE-2021-24131	7.2	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H	November 20, 2020
WP Google Map Plugin <= 4.1.4 - Authenticated SQL Injection via Orderby	CVE-2021-24130	7.2	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H	November 25, 2020
Themify Portfolio Post <= 1.1.5 - Authenticated Stored Cross-Site Scripting	CVE-2021-24129	5.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N	December 4, 2020
Ivory Search – WordPress Search Plugin <= 4.5.10 - Reflected Cross-Site Scripting		6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	February 1, 2021
Popup Builder <= 3.73 - Reflected Cross-Site Scripting	CVE-2021-24152	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	February 2, 2021
Testimonial Rotator <= 3.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting	CVE-2021-24156	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	February 19, 2021
Related Posts for WordPress <= 2.0.3 - Reflected Cross-Site Scripting	CVE-2021-24180	5.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N	March 15, 2021
SEO Redirection Plugin - 301 Redirect Manager <= 6.3 - Reflected Cross-Site Scripting	CVE-2021-24187	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	March 16, 2021
Customizable WordPress Gallery Plugin – Modula Image Gallery <= 2.6.9 - Missing Authorization to Plugin Settings Change	CVE-2022-41135	7.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N	October 28, 2022
Subscribe to Category <= 2.7.3 - Missing Authorization	CVE-2022-43476	5.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N	October 31, 2022
Permalink Manager Lite <= 2.2.20 - Missing Authorization	CVE-2022-41781	6.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L	November 1, 2022
LoginPress \| Custom Login Page Customizer <= 1.6.2 - Missing Authorization to Settings Changes	CVE-2022-41839	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N	November 7, 2022

Share this researcher's vulnerability discoveries

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation