Nguyen Xuan Chien

Title	CVE ID	CVSS	Vector	Date
WooCommerce Product Categories Selection Widget <= 2.0 - Reflected Cross-Site Scripting	CVE-2023-33925	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	May 25, 2023
Easy Google Maps <= 1.11.7 - Cross-Site Request Forgery	CVE-2023-33926	5.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L	May 24, 2023
BEAR <= 1.1.3.1 - Cross-Site Request Forgery via Multiple Functions	CVE-2023-33314	6.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N	May 22, 2023
Better Notifications for WP <= 1.9.2 - Cross-Site Request Forgery via handle_actions	CVE-2023-32964	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	May 18, 2023
Pro Mime Types - Manage file media types <= 1.0.7 - Cross-Site Request Forgery via pmt_settings_section_callback_tab_1		6.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N	May 9, 2023
Pro Mime Types <= 1.0.7 - Cross-Site Request Forgery	CVE-2023-32502	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	May 9, 2023
WPO365 \| Mail Integration for Office 365 / Outlook <= 1.9.0 - reflected Cross-Site Scripting via error_description	CVE-2023-32119	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	May 5, 2023
WP Directory Kit <= 1.1.9 - Open Redirect	CVE-2023-31229	5.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N	April 27, 2023
Zephyr Project Manager <= 3.3.9 - Open Redirect	CVE-2023-31237	5.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N	April 27, 2023
PropertyHive <= 1.5.48 - Reflected Cross-Site Scripting via date_post_id	CVE-2023-22706	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	April 19, 2023
WooCommerce Easy Duplicate Product <= 0.3.0.0 - Reflected Cross-Site Scripting via wedp_duplicated	CVE-2023-30747	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	April 17, 2023
Popup box <= 3.4.4 - Reflected Cross-Site Scripting via 'ays_pb_tab' Parameter	CVE-2023-27414	5.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N	March 8, 2023
GTmetrix for WordPress <= 0.4.5 - Reflected Cross-Site Scripting via 'url'	CVE-2023-23677	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	March 2, 2023
Easy Testimonial Slider and Form <= 1.0.15 - Unauthenticated Reflected Cross-Site Scripting via search_term	CVE-2022-46799	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	March 2, 2023
Booking Ultra Pro <= 1.1.4 - Cross-Site Request Forgery	CVE-2022-46816	8.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H	February 21, 2023
VikBooking Hotel Booking Engine & PMS <= 1.6.1 - Cross-Site Request Forgery in multiple functions in admin/controller.php	CVE-2023-32501	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	February 15, 2023
VikBooking Hotel Booking Engine & PMS <= 1.6.1 - Cross-Site Request Forgery in listenTosFieldSavingTask function	CVE-2023-32501	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	February 15, 2023
teachPress <= 8.1.8 - Unauthenticated Stored Cross-Site Scripting	CVE-2023-22704	7.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N	January 17, 2023

Share this researcher's vulnerability discoveries

All the threat data shared in this database is powered by Wordfence Intelligence Enterprise.
Interested in integrating this data into your platform or network?
Contact us now to discuss API access to our Wordfence Intelligence Enterprise Data Feeds.

Inquire Now

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation