🧹It's time for some spring cleaning! All researchers earn over 6.25x our normal bounty rates, through May 27th, 2024, when Wordfence handles responsible disclosure for our Spring Cleaning Bug Extravaganza! Learn more about our bug bounty program
Register as a researcher and submit your vulnerabilities today!

Wordfence Intelligence > Vulnerability Researchers > thiennv

thiennv

All Time Ranking

121

All Time Discoveries

Showing 1-20 of 121 Vulnerabilities

WP Helper Premium < 4.6.0 - Reflected Cross-Site Scripting

6.1

CVE-2024-32595

Apr 16, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

GEO my WordPress <= 4.1 - Cross-Site Request Forgery

4.3

CVE-2024-32097

Apr 11, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Table & Contact Form 7 Database – Tablesome <= 1.0.25 - Cross-Site Request Forgery

4.3

CVE-2024-31388

Apr 10, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

ProfileGrid <= 5.7.8 - Cross-Site Request Forgery

4.3

CVE-2024-31362

Apr 8, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Smart Online Order for Clover <= 1.5.4 - Cross-Site Request Forgery

4.3

CVE-2024-31238

Apr 5, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Tax Rate Upload <= 2.4.5 - Reflected Cross-Site Scripting

6.1

CVE-2024-31105

Mar 29, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Specific Content For Mobile – Customize the mobile version without redirections <= 0.1.9.5 - Reflected Cross-Site Scripting

6.1

CVE-2024-29126

Mar 16, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Biteship <= 2.2.24 - Reflected Cross-Site Scripting via biteship_error and biteship_message

6.1

CVE-2024-24866

Feb 2, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

WOLF <= 1.0.8 - Unauthenticated Stored Cross-Site Scripting via profile_title

6.1

CVE-2024-22159

Jan 16, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Word Replacer Pro <= 1.0 - Missing Authorization

6.5

CVE-2023-52229

Jan 8, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

Custom Twitter Feeds (Tweets Widget) <= 2.1.2 - Cross-Site Request Forgery

4.3

CVE-2023-52136

Dec 28, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Business Directory Plugin <= 6.3.9 - Missing Authorization via dispatch

5.4

CVE-2023-51516

Dec 27, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L

LA-Studio Element Kit for Elementor <= 1.1.5 - Missing Authorization

5.3

CVE-2023-50884

Dec 26, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

WC Marketplace <= 4.0.23 - Missing Authorization via mvx_save_dashpages

7.5

CVE-2023-51355

Dec 26, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Customize My Account for WooCommerce <= 1.8.3 - Cross-Site Request Forgery via restore_my_account_tabs

4.3

CVE-2023-51369

Dec 26, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Product Catalog Feed by PixelYourSite <= 2.1.1 - Cross-Site Request Forgery

4.3

CVE-2023-49824

Dec 5, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Product Enquiry for WooCommerce <= 3.0 - Cross-Site Request Forgery

4.3

CVE-2023-49761

Dec 4, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Event post <= 5.9.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode

6.4

CVE-2023-49179

Nov 29, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

RegistrationMagic <= 5.2.2.6 - Cross-Site Request Forgery

4.3

CVE-2023-47645

Nov 27, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Awesome Support <= 6.1.4 - Cross-Site Request Forgery via wpas_edit_reply_ajax()

4.3

CVE-2023-48323

Nov 23, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Title	CVE ID	CVSS	Vector	Date
WP Helper Premium < 4.6.0 - Reflected Cross-Site Scripting	CVE-2024-32595	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	April 16, 2024
GEO my WordPress <= 4.1 - Cross-Site Request Forgery	CVE-2024-32097	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	April 11, 2024
Table & Contact Form 7 Database – Tablesome <= 1.0.25 - Cross-Site Request Forgery	CVE-2024-31388	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	April 10, 2024
ProfileGrid <= 5.7.8 - Cross-Site Request Forgery	CVE-2024-31362	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	April 8, 2024
Smart Online Order for Clover <= 1.5.4 - Cross-Site Request Forgery	CVE-2024-31238	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	April 5, 2024
Tax Rate Upload <= 2.4.5 - Reflected Cross-Site Scripting	CVE-2024-31105	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	March 29, 2024
Specific Content For Mobile – Customize the mobile version without redirections <= 0.1.9.5 - Reflected Cross-Site Scripting	CVE-2024-29126	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	March 16, 2024
Biteship <= 2.2.24 - Reflected Cross-Site Scripting via biteship_error and biteship_message	CVE-2024-24866	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	February 2, 2024
WOLF <= 1.0.8 - Unauthenticated Stored Cross-Site Scripting via profile_title	CVE-2024-22159	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	January 16, 2024
Word Replacer Pro <= 1.0 - Missing Authorization	CVE-2023-52229	6.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L	January 8, 2024
Custom Twitter Feeds (Tweets Widget) <= 2.1.2 - Cross-Site Request Forgery	CVE-2023-52136	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	December 28, 2023
Business Directory Plugin <= 6.3.9 - Missing Authorization via dispatch	CVE-2023-51516	5.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L	December 27, 2023
LA-Studio Element Kit for Elementor <= 1.1.5 - Missing Authorization	CVE-2023-50884	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N	December 26, 2023
WC Marketplace <= 4.0.23 - Missing Authorization via mvx_save_dashpages	CVE-2023-51355	7.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N	December 26, 2023
Customize My Account for WooCommerce <= 1.8.3 - Cross-Site Request Forgery via restore_my_account_tabs	CVE-2023-51369	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	December 26, 2023
Product Catalog Feed by PixelYourSite <= 2.1.1 - Cross-Site Request Forgery	CVE-2023-49824	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	December 5, 2023
Product Enquiry for WooCommerce <= 3.0 - Cross-Site Request Forgery	CVE-2023-49761	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	December 4, 2023
Event post <= 5.9.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode	CVE-2023-49179	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	November 29, 2023
RegistrationMagic <= 5.2.2.6 - Cross-Site Request Forgery	CVE-2023-47645	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	November 27, 2023
Awesome Support <= 6.1.4 - Cross-Site Request Forgery via wpas_edit_reply_ajax()	CVE-2023-48323	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	November 23, 2023

Share this researcher's vulnerability discoveries

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation