🧹It's time for some spring cleaning! All researchers earn over 6.25x our normal bounty rates, through May 27th, 2024, when Wordfence handles responsible disclosure for our Spring Cleaning Bug Extravaganza! Learn more about our bug bounty program
Register as a researcher and submit your vulnerabilities today!

Wordfence Intelligence > Vulnerability Researchers > Nguyen Xuan Chien

Nguyen Xuan Chien

All Time Ranking

117

All Time Discoveries

Showing 61-80 of 117 Vulnerabilities

Glossary <= 3.1.2 - Missing Authorization

5.3

CVE-2023-46633

Oct 25, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Custom Header Images <= 1.2.1 - Cross-Site Request Forgery

4.3

CVE-2023-46636

Oct 25, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Contact Forms by Cimatti <= 1.6.0 - Cross-Site Request Forgery via accua_forms_list_page_table

4.3

CVE-2023-47230

Oct 25, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

WP Helper Premium <= 4.5.1 - Cross-Site Request Forgery via whp_fields

4.3

CVE-2023-46614

Oct 24, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Google Calendar Events <= 3.2.5 - Cross-Site Request Forgery via bulk_actions

4.3

CVE-2023-46189

Oct 18, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Product Category Tree <= 2.5 - Cross-Site Request Forgery

4.3

CVE-2023-46151

Oct 17, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

WP Radio – Worldwide Online Radio Stations Directory for WordPress <= 3.1.9 - Cross-Site Request Forgery

4.3

CVE-2023-46150

Oct 17, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

The Awesome Feed – Custom Feed <= 2.2.5 - Reflected Cross-Site Scripting

6.1

CVE-2023-46077

Oct 16, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

WP Open Street Map <= 1.25 - Cross-Site Request Forgery via wp_openstreetmaps

4.3

CVE-2023-45645

Oct 12, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Contact Form <= 2.0.11 - Cross-Site Request Forgery

4.3

CVE-2023-44231

Sep 29, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

WP Site Protector <= 2.0 - Cross-Site Request Forgery

4.3

CVE-2023-44237

Sep 29, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

WP Hide Pages <= 1.0 - Cross-Site Request Forgery

4.3

CVE-2023-44232

Sep 29, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Shockingly Simple Favicon <= 1.8.2 - Cross-Site Request Forgery

4.3

CVE-2023-44246

Sep 29, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Remove slug from custom post type <= 1.0.3 - Cross-Site Request Forgery

4.3

CVE-2023-44238

Sep 29, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Instant CSS <= 1.2.1 - Cross-Site Request Forgery

4.3

CVE-2023-44243

Sep 29, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Keap Landing Pages <= 1.4.2 - Cross-Site Request Forgery

4.3

CVE-2023-44241

Sep 29, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Woocommerce ESTO <= 2.23.1 - Cross-Site Request Forgery via saveSetting

4.3

CVE-2023-44260

Sep 27, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Comment Blacklist Updater <= 1.1.0 - Cross-Site Request Forgery via update_blacklist_manual

5.4

CVE-2023-44147

Sep 23, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L

Laposta Signup Basic <= 1.4.1 - Cross-Site Request Forgery

4.3

CVE-2023-41950

Sep 5, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Use Memcached <= 1.0.5 - Cross-Site Request Forgery

4.3

CVE-2023-41670

Sep 4, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Title	CVE ID	CVSS	Vector	Date
Glossary <= 3.1.2 - Missing Authorization	CVE-2023-46633	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N	October 25, 2023
Custom Header Images <= 1.2.1 - Cross-Site Request Forgery	CVE-2023-46636	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	October 25, 2023
Contact Forms by Cimatti <= 1.6.0 - Cross-Site Request Forgery via accua_forms_list_page_table	CVE-2023-47230	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	October 25, 2023
WP Helper Premium <= 4.5.1 - Cross-Site Request Forgery via whp_fields	CVE-2023-46614	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	October 24, 2023
Google Calendar Events <= 3.2.5 - Cross-Site Request Forgery via bulk_actions	CVE-2023-46189	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	October 18, 2023
Product Category Tree <= 2.5 - Cross-Site Request Forgery	CVE-2023-46151	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	October 17, 2023
WP Radio – Worldwide Online Radio Stations Directory for WordPress <= 3.1.9 - Cross-Site Request Forgery	CVE-2023-46150	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	October 17, 2023
The Awesome Feed – Custom Feed <= 2.2.5 - Reflected Cross-Site Scripting	CVE-2023-46077	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	October 16, 2023
WP Open Street Map <= 1.25 - Cross-Site Request Forgery via wp_openstreetmaps	CVE-2023-45645	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	October 12, 2023
Contact Form <= 2.0.11 - Cross-Site Request Forgery	CVE-2023-44231	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	September 29, 2023
WP Site Protector <= 2.0 - Cross-Site Request Forgery	CVE-2023-44237	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	September 29, 2023
WP Hide Pages <= 1.0 - Cross-Site Request Forgery	CVE-2023-44232	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	September 29, 2023
Shockingly Simple Favicon <= 1.8.2 - Cross-Site Request Forgery	CVE-2023-44246	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	September 29, 2023
Remove slug from custom post type <= 1.0.3 - Cross-Site Request Forgery	CVE-2023-44238	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	September 29, 2023
Instant CSS <= 1.2.1 - Cross-Site Request Forgery	CVE-2023-44243	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	September 29, 2023
Keap Landing Pages <= 1.4.2 - Cross-Site Request Forgery	CVE-2023-44241	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	September 29, 2023
Woocommerce ESTO <= 2.23.1 - Cross-Site Request Forgery via saveSetting	CVE-2023-44260	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	September 27, 2023
Comment Blacklist Updater <= 1.1.0 - Cross-Site Request Forgery via update_blacklist_manual	CVE-2023-44147	5.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L	September 23, 2023
Laposta Signup Basic <= 1.4.1 - Cross-Site Request Forgery	CVE-2023-41950	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	September 5, 2023
Use Memcached <= 1.0.5 - Cross-Site Request Forgery	CVE-2023-41670	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	September 4, 2023

Share this researcher's vulnerability discoveries

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation