Nguyen Van Khanh

Title	CVE ID	CVSS	Vector	Date
Asset CleanUp: Page Speed Booster <= 1.3.8.4 - Reflected Cross-Site Scripting	CVE-2021-36899	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	September 28, 2022
Age Gate <= 2.17.0 - Cross-Site Scripting via Data Import	CVE-2021-36901	7.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N	June 10, 2022
WP Google Map <= 1.8.0 - Missing Authorization	CVE-2021-45729	5.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L	December 8, 2021
Quiz And Survey Master <= 7.1.11 - Authenticated SQL injection via shortcode	CVE-2021-24221	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	March 26, 2021
Backup Guard <= 1.5.9 - Authenticated Arbitrary File Upload	CVE-2021-24155	7.2	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H	February 18, 2021
Theme Editor <= 2.5 - Authenticated Arbitrary File Download	CVE-2021-24154	4.9	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N	February 13, 2021
WP Editor <= 1.2.6.3 - Authenticated (Admin+) SQL injection	CVE-2021-24151	7.2	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H	February 1, 2021
Modern Events Calendar Lite <= 5.16.5 - Authenticated SQL Injection	CVE-2021-24149	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	January 29, 2021
Modern Events Calendar Lite <= 5.16.4 - Authenticated Arbitrary File Upload leading to Remote Code Execution	CVE-2021-24145	7.2	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H	January 29, 2021
Modern Events Calendar Lite <= 5.16.4 - Authenticated Stored Cross-Site Scripting	CVE-2021-24147	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	January 29, 2021
Modern Events Calendar Lite <= 5.16.4 - Unauthenticated Events Export	CVE-2021-24146	7.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N	January 29, 2021
301 Redirects - Easy Redirect Manager < 2.51 - SQL Injection	CVE-2021-24142	7.2	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H	January 18, 2021
AccessPress Social Icons <= 1.8.0 - Author+ SQL Injection	CVE-2021-24143	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	November 2, 2020
Advanced Database Cleaner <= 3.0.1 - SQL injection	CVE-2021-24141	7.2	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H	September 6, 2020
Autoptimize <= 2.7.6 - Authenticated Arbitrary File Upload	CVE-2020-24948	7.2	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H	August 24, 2020
Ajax Load More plugin < 5.3.2 - SQL Injection	CVE-2021-24140	7.2	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H	May 18, 2020
WordPress Core < 5.3.1 - Authenticated Stored Cross-Site Scripting	CVE-2019-16781	5.8	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:N/A:N	December 13, 2019
WordPress Core < 5.3.1 - Stored Cross-Site Scripting via Block Editor	CVE-2019-16780	5.8	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:N/A:N	December 13, 2019

Share this researcher's vulnerability discoveries

All the threat data shared in this database is powered by Wordfence Intelligence Enterprise.
Interested in integrating this data into your platform or network?
Contact us now to discuss API access to our Wordfence Intelligence Enterprise Data Feeds.

Inquire Now

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation