🧹It's time for some spring cleaning! All researchers earn over 6.25x our normal bounty rates, through May 27th, 2024, when Wordfence handles responsible disclosure for our Spring Cleaning Bug Extravaganza! Learn more about our bug bounty program
Register as a researcher and submit your vulnerabilities today!

Wordfence Intelligence > Vulnerability Researchers > Nguyen Xuan Chien

Nguyen Xuan Chien

All Time Ranking

117

All Time Discoveries

Showing 21-40 of 117 Vulnerabilities

GTmetrix for WordPress <= 0.4.5 - Reflected Cross-Site Scripting via 'url'

6.1

CVE-2023-23677

Mar 2, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Easy Testimonial Slider and Form <= 1.0.15 - Unauthenticated Reflected Cross-Site Scripting via search_term

6.1

CVE-2022-46799

Mar 2, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

PilotPress <= 2.0.30 - Authenticated(Subscriber+) Missing Authorization via multiple AJAX functions

5.4

CVE-2024-23524

Jan 31, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L

Accessibility <= 1.0.6 - Cross-Site Request Forgery

5.4

CVE-2024-24705

Jan 31, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L

ARI Stream Quiz <= 1.2.32 - Cross-Site Request Forgery

5.4

CVE-2023-51487

Dec 27, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L

Stylish Price List <= 7.0.17 - Missing Authorization

5.4

CVE-2023-51673

Dec 27, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L

Comment Blacklist Updater <= 1.1.0 - Cross-Site Request Forgery via update_blacklist_manual

5.4

CVE-2023-44147

Sep 23, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L

WP-FB-AutoConnect <= 4.6.1 - Cross-Site Request Forgery via jfb_admin_page

5.4

CVE-2023-37974

Jul 12, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L

WordPress Social Login <= 3.0.4 - Reflected Cross-Site Scripting

5.4

CVE-2023-34023

May 31, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

Easy Google Maps <= 1.11.7 - Cross-Site Request Forgery

5.4

CVE-2023-33926

May 24, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L

WP Directory Kit <= 1.1.9 - Open Redirect

5.4

CVE-2023-31229

Apr 27, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

Zephyr Project Manager <= 3.3.9 - Open Redirect

5.4

CVE-2023-31237

Apr 27, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

Popup box <= 3.4.4 - Reflected Cross-Site Scripting via 'ays_pb_tab' Parameter

5.4

CVE-2023-27414

Mar 8, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

Leadinfo <= 1.0 - Cross-Site Request Forgery

5.3

CVE-2024-32112

Apr 11, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Block IPs for Gravity Forms <= 1.0.1 - Cross-Site Request Forgery

5.3

CVE-2023-51358

Dec 26, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Alt Manager <= 1.6.1 - Missing Authorization

5.3

CVE-2023-50373

Dec 7, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Square Thumbnails <= 1.1.0 - Missing Authorization

5.3

CVE-2023-49851

Dec 7, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Sharkdropship dropshipping for Aliexpress, eBay, Amazon, etsy <= 2.1.1 - Missing Authorization

5.3

CVE-2023-49848

Dec 6, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Gift Up 2.21.3 - Cross-Site Request Forgery via consume_post

5.3

CVE-2023-49744

Dec 4, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Preloader for Website <= 1.2.2 - Missing Authorization via plwao_register_settings()

5.3

CVE-2023-48273

Nov 21, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Title	CVE ID	CVSS	Vector	Date
GTmetrix for WordPress <= 0.4.5 - Reflected Cross-Site Scripting via 'url'	CVE-2023-23677	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	March 2, 2023
Easy Testimonial Slider and Form <= 1.0.15 - Unauthenticated Reflected Cross-Site Scripting via search_term	CVE-2022-46799	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	March 2, 2023
PilotPress <= 2.0.30 - Authenticated(Subscriber+) Missing Authorization via multiple AJAX functions	CVE-2024-23524	5.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L	January 31, 2024
Accessibility <= 1.0.6 - Cross-Site Request Forgery	CVE-2024-24705	5.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L	January 31, 2024
ARI Stream Quiz <= 1.2.32 - Cross-Site Request Forgery	CVE-2023-51487	5.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L	December 27, 2023
Stylish Price List <= 7.0.17 - Missing Authorization	CVE-2023-51673	5.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L	December 27, 2023
Comment Blacklist Updater <= 1.1.0 - Cross-Site Request Forgery via update_blacklist_manual	CVE-2023-44147	5.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L	September 23, 2023
WP-FB-AutoConnect <= 4.6.1 - Cross-Site Request Forgery via jfb_admin_page	CVE-2023-37974	5.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L	July 12, 2023
WordPress Social Login <= 3.0.4 - Reflected Cross-Site Scripting	CVE-2023-34023	5.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N	May 31, 2023
Easy Google Maps <= 1.11.7 - Cross-Site Request Forgery	CVE-2023-33926	5.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L	May 24, 2023
WP Directory Kit <= 1.1.9 - Open Redirect	CVE-2023-31229	5.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N	April 27, 2023
Zephyr Project Manager <= 3.3.9 - Open Redirect	CVE-2023-31237	5.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N	April 27, 2023
Popup box <= 3.4.4 - Reflected Cross-Site Scripting via 'ays_pb_tab' Parameter	CVE-2023-27414	5.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N	March 8, 2023
Leadinfo <= 1.0 - Cross-Site Request Forgery	CVE-2024-32112	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N	April 11, 2024
Block IPs for Gravity Forms <= 1.0.1 - Cross-Site Request Forgery	CVE-2023-51358	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N	December 26, 2023
Alt Manager <= 1.6.1 - Missing Authorization	CVE-2023-50373	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N	December 7, 2023
Square Thumbnails <= 1.1.0 - Missing Authorization	CVE-2023-49851	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N	December 7, 2023
Sharkdropship dropshipping for Aliexpress, eBay, Amazon, etsy <= 2.1.1 - Missing Authorization	CVE-2023-49848	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N	December 6, 2023
Gift Up 2.21.3 - Cross-Site Request Forgery via consume_post	CVE-2023-49744	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N	December 4, 2023
Preloader for Website <= 1.2.2 - Missing Authorization via plwao_register_settings()	CVE-2023-48273	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N	November 21, 2023

Share this researcher's vulnerability discoveries

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation