🧹It's time for some spring cleaning! All researchers earn over 6.25x our normal bounty rates, through May 27th, 2024, when Wordfence handles responsible disclosure for our Spring Cleaning Bug Extravaganza! Learn more about our bug bounty program
Register as a researcher and submit your vulnerabilities today!

Wordfence Intelligence > Vulnerability Researchers > Nguyen Xuan Chien

Nguyen Xuan Chien

All Time Ranking

117

All Time Discoveries

Showing 81-100 of 117 Vulnerabilities

Sharkdropship dropshipping for Aliexpress, eBay, Amazon, etsy <= 2.1.1 - Missing Authorization

5.3

CVE-2023-49848

Dec 6, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Gift Up 2.21.3 - Cross-Site Request Forgery via consume_post

5.3

CVE-2023-49744

Dec 4, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Preloader for Website <= 1.2.2 - Missing Authorization via plwao_register_settings()

5.3

CVE-2023-48273

Nov 21, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Glossary <= 3.1.2 - Missing Authorization

5.3

CVE-2023-46633

Oct 25, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Accessibility <= 1.0.6 - Cross-Site Request Forgery

5.4

CVE-2024-24705

Jan 31, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L

PilotPress <= 2.0.30 - Authenticated(Subscriber+) Missing Authorization via multiple AJAX functions

5.4

CVE-2024-23524

Jan 31, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L

Stylish Price List <= 7.0.17 - Missing Authorization

5.4

CVE-2023-51673

Dec 27, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L

ARI Stream Quiz <= 1.2.32 - Cross-Site Request Forgery

5.4

CVE-2023-51487

Dec 27, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L

Comment Blacklist Updater <= 1.1.0 - Cross-Site Request Forgery via update_blacklist_manual

5.4

CVE-2023-44147

Sep 23, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L

WP-FB-AutoConnect <= 4.6.1 - Cross-Site Request Forgery via jfb_admin_page

5.4

CVE-2023-37974

Jul 12, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L

WordPress Social Login <= 3.0.4 - Reflected Cross-Site Scripting

5.4

CVE-2023-34023

May 31, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

Easy Google Maps <= 1.11.7 - Cross-Site Request Forgery

5.4

CVE-2023-33926

May 24, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L

WP Directory Kit <= 1.1.9 - Open Redirect

5.4

CVE-2023-31229

Apr 27, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

Zephyr Project Manager <= 3.3.9 - Open Redirect

5.4

CVE-2023-31237

Apr 27, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

Popup box <= 3.4.4 - Reflected Cross-Site Scripting via 'ays_pb_tab' Parameter

5.4

CVE-2023-27414

Mar 8, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

User Avatar <= 1.4.11 - Reflected Cross-Site Scripting

6.1

CVE-2023-46621

Oct 25, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

The Awesome Feed – Custom Feed <= 2.2.5 - Reflected Cross-Site Scripting

6.1

CVE-2023-46077

Oct 16, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

User Email Verification for WooCommerce <= 3.5.0 - Reflected Cross-Site Scripting

6.1

CVE-2023-39162

Jul 26, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Variation Images Gallery for WooCommerce <= 2.3.3 - Reflected Cross-Site Scripting via style

6.1

CVE-2023-37894

Jul 12, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

WCP OpenWeather <= 2.5.0 - Reflected Cross-Site Scripting via 'tab'

6.1

CVE-2023-25471

Jun 28, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Title	CVE ID	CVSS	Vector	Date
Sharkdropship dropshipping for Aliexpress, eBay, Amazon, etsy <= 2.1.1 - Missing Authorization	CVE-2023-49848	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N	December 6, 2023
Gift Up 2.21.3 - Cross-Site Request Forgery via consume_post	CVE-2023-49744	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N	December 4, 2023
Preloader for Website <= 1.2.2 - Missing Authorization via plwao_register_settings()	CVE-2023-48273	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N	November 21, 2023
Glossary <= 3.1.2 - Missing Authorization	CVE-2023-46633	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N	October 25, 2023
Accessibility <= 1.0.6 - Cross-Site Request Forgery	CVE-2024-24705	5.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L	January 31, 2024
PilotPress <= 2.0.30 - Authenticated(Subscriber+) Missing Authorization via multiple AJAX functions	CVE-2024-23524	5.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L	January 31, 2024
Stylish Price List <= 7.0.17 - Missing Authorization	CVE-2023-51673	5.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L	December 27, 2023
ARI Stream Quiz <= 1.2.32 - Cross-Site Request Forgery	CVE-2023-51487	5.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L	December 27, 2023
Comment Blacklist Updater <= 1.1.0 - Cross-Site Request Forgery via update_blacklist_manual	CVE-2023-44147	5.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L	September 23, 2023
WP-FB-AutoConnect <= 4.6.1 - Cross-Site Request Forgery via jfb_admin_page	CVE-2023-37974	5.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L	July 12, 2023
WordPress Social Login <= 3.0.4 - Reflected Cross-Site Scripting	CVE-2023-34023	5.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N	May 31, 2023
Easy Google Maps <= 1.11.7 - Cross-Site Request Forgery	CVE-2023-33926	5.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L	May 24, 2023
WP Directory Kit <= 1.1.9 - Open Redirect	CVE-2023-31229	5.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N	April 27, 2023
Zephyr Project Manager <= 3.3.9 - Open Redirect	CVE-2023-31237	5.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N	April 27, 2023
Popup box <= 3.4.4 - Reflected Cross-Site Scripting via 'ays_pb_tab' Parameter	CVE-2023-27414	5.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N	March 8, 2023
User Avatar <= 1.4.11 - Reflected Cross-Site Scripting	CVE-2023-46621	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	October 25, 2023
The Awesome Feed – Custom Feed <= 2.2.5 - Reflected Cross-Site Scripting	CVE-2023-46077	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	October 16, 2023
User Email Verification for WooCommerce <= 3.5.0 - Reflected Cross-Site Scripting	CVE-2023-39162	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	July 26, 2023
Variation Images Gallery for WooCommerce <= 2.3.3 - Reflected Cross-Site Scripting via style	CVE-2023-37894	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	July 12, 2023
WCP OpenWeather <= 2.5.0 - Reflected Cross-Site Scripting via 'tab'	CVE-2023-25471	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	June 28, 2023

Share this researcher's vulnerability discoveries

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation