Nguyen Xuan Chien

Vulnerabilities Discovered:

18
All Time Discoveries
7
Discoveries since May 1, 2023

18 vulnerabilities

Title CVE ID CVSS Vector Date
WooCommerce Product Categories Selection Widget <= 2.0 - Reflected Cross-Site Scripting CVE-2023-33925 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N May 25, 2023
Easy Google Maps <= 1.11.7 - Cross-Site Request Forgery CVE-2023-33926 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L May 24, 2023
BEAR <= 1.1.3.1 - Cross-Site Request Forgery via Multiple Functions CVE-2023-33314 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N May 22, 2023
Better Notifications for WP <= 1.9.2 - Cross-Site Request Forgery via handle_actions CVE-2023-32964 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N May 18, 2023
Pro Mime Types - Manage file media types <= 1.0.7 - Cross-Site Request Forgery via pmt_settings_section_callback_tab_1 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N May 9, 2023
Pro Mime Types <= 1.0.7 - Cross-Site Request Forgery CVE-2023-32502 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N May 9, 2023
WPO365 | Mail Integration for Office 365 / Outlook <= 1.9.0 - reflected Cross-Site Scripting via error_description CVE-2023-32119 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N May 5, 2023
WP Directory Kit <= 1.1.9 - Open Redirect CVE-2023-31229 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N April 27, 2023
Zephyr Project Manager <= 3.3.9 - Open Redirect CVE-2023-31237 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N April 27, 2023
PropertyHive <= 1.5.48 - Reflected Cross-Site Scripting via date_post_id CVE-2023-22706 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N April 19, 2023
WooCommerce Easy Duplicate Product <= 0.3.0.0 - Reflected Cross-Site Scripting via wedp_duplicated CVE-2023-30747 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N April 17, 2023
Popup box <= 3.4.4 - Reflected Cross-Site Scripting via 'ays_pb_tab' Parameter CVE-2023-27414 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N March 8, 2023
GTmetrix for WordPress <= 0.4.5 - Reflected Cross-Site Scripting via 'url' CVE-2023-23677 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N March 2, 2023
Easy Testimonial Slider and Form <= 1.0.15 - Unauthenticated Reflected Cross-Site Scripting via search_term CVE-2022-46799 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N March 2, 2023
Booking Ultra Pro <= 1.1.4 - Cross-Site Request Forgery CVE-2022-46816 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H February 21, 2023
VikBooking Hotel Booking Engine & PMS <= 1.6.1 - Cross-Site Request Forgery in multiple functions in admin/controller.php CVE-2023-32501 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N February 15, 2023
VikBooking Hotel Booking Engine & PMS <= 1.6.1 - Cross-Site Request Forgery in listenTosFieldSavingTask function CVE-2023-32501 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N February 15, 2023
teachPress <= 8.1.8 - Unauthenticated Stored Cross-Site Scripting CVE-2023-22704 7.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N January 17, 2023

Share this researcher's vulnerability discoveries

All the threat data shared in this database is powered by Wordfence Intelligence Enterprise.
Interested in integrating this data into your platform or network?
Contact us now to discuss API access to our Wordfence Intelligence Enterprise Data Feeds.

Inquire Now

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation