🧹It's time for some spring cleaning! All researchers earn over 6.25x our normal bounty rates, through May 27th, 2024, when Wordfence handles responsible disclosure for our Spring Cleaning Bug Extravaganza! Learn more about our bug bounty program
Register as a researcher and submit your vulnerabilities today!

Wordfence Intelligence > Vulnerability Researchers > thiennv

thiennv

All Time Ranking

124

All Time Discoveries

Showing 81-100 of 124 Vulnerabilities

Dynamic QR Code Generator <= 0.0.5 - Reflected Cross-Site Scripting

6.1

CVE-2023-34022

May 31, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

bbp style pack <= 5.5.5 - Reflected Cross-Site Scripting

6.1

CVE-2023-33997

May 30, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

6.1

CVE-2023-34175

May 30, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Front End Users <= 3.2.27 - Unauthenticated Cross-Site Scripting

6.1

CVE-2023-33322

May 22, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Leyka <= 3.30.1 - Reflected Cross-Site Scripting

6.1

CVE-2023-33325

May 22, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Jazz Popups <= 1.8.7 - Reflected Cross-Site Scripting via 'wpjazzpopup_switchonoff'

6.1

CVE-2023-32965

May 18, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Donations Made Easy – Smart Donations <= 4.0.12 - Reflected Cross-Site Scripting

6.1

CVE-2023-32603

May 12, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

GTmetrix for WordPress <= 0.4.6 - Reflected Cross-Site Scripting via 'report_id' and 'event_id'

6.1

CVE-2023-32503

May 9, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Albo Pretorio Online <= 4.6.3 - Reflected Cross-Site Scripting

6.1

CVE-2023-32108

May 3, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Zip Recipes <= 8.0.6 - Reflected Cross-Site Scripting via 's' parameter

6.1

CVE-2023-31076

Apr 24, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Continuous Image Carousel With Lightbox <= 1.0.15 - Reflected Cross-Site Scripting via search_term, order_by and order_pos

6.1

CVE-2023-28792

Mar 27, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Contact Forms by Cimatti <= 1.5.4 - Reflected Cross-Site Scripting via 'form-field-id', 'edit-fid', 'id', 'name', 'type', 'description' Parameters

6.1

CVE-2023-28789

Mar 27, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Contest Gallery <= 21.1.2 - Reflected Cross-Site Scripting

6.1

CVE-2023-28784

Mar 27, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Camera slideshow <= 1.4.0.1 - Reflected Cross-Site Scripting

6.1

CVE-2023-22682

Jan 19, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Contest Gallery <= 13.1.0.9 - Cross-Site Scripting

6.1

CVE-2022-45848

Nov 23, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Draw Attention <= 2.0.15 - Improper Access Control via register_cpt

6.3

CVE-2023-46616

Oct 24, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Event post <= 5.9.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode

6.4

CVE-2023-49179

Nov 29, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

Donations Made Easy – Smart Donations <= 4.0.12 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVE-2023-47550

Nov 7, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

Newsletter & Bulk Email Sender <= 2.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVE-2023-45829

Oct 13, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

Cooked <= 1.7.14 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVE-2023-44477

Sep 29, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

Title	CVE ID	CVSS	Vector	Date
Dynamic QR Code Generator <= 0.0.5 - Reflected Cross-Site Scripting	CVE-2023-34022	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	May 31, 2023
bbp style pack <= 5.5.5 - Reflected Cross-Site Scripting	CVE-2023-33997	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	May 30, 2023
Login Configurator <= 2.1 - Reflected Cross-Site Scripting	CVE-2023-34175	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	May 30, 2023
Front End Users <= 3.2.27 - Unauthenticated Cross-Site Scripting	CVE-2023-33322	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	May 22, 2023
Leyka <= 3.30.1 - Reflected Cross-Site Scripting	CVE-2023-33325	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	May 22, 2023
Jazz Popups <= 1.8.7 - Reflected Cross-Site Scripting via 'wpjazzpopup_switchonoff'	CVE-2023-32965	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	May 18, 2023
Donations Made Easy – Smart Donations <= 4.0.12 - Reflected Cross-Site Scripting	CVE-2023-32603	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	May 12, 2023
GTmetrix for WordPress <= 0.4.6 - Reflected Cross-Site Scripting via 'report_id' and 'event_id'	CVE-2023-32503	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	May 9, 2023
Albo Pretorio Online <= 4.6.3 - Reflected Cross-Site Scripting	CVE-2023-32108	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	May 3, 2023
Zip Recipes <= 8.0.6 - Reflected Cross-Site Scripting via 's' parameter	CVE-2023-31076	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	April 24, 2023
Continuous Image Carousel With Lightbox <= 1.0.15 - Reflected Cross-Site Scripting via search_term, order_by and order_pos	CVE-2023-28792	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	March 27, 2023
Contact Forms by Cimatti <= 1.5.4 - Reflected Cross-Site Scripting via 'form-field-id', 'edit-fid', 'id', 'name', 'type', 'description' Parameters	CVE-2023-28789	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	March 27, 2023
Contest Gallery <= 21.1.2 - Reflected Cross-Site Scripting	CVE-2023-28784	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	March 27, 2023
Camera slideshow <= 1.4.0.1 - Reflected Cross-Site Scripting	CVE-2023-22682	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	January 19, 2023
Contest Gallery <= 13.1.0.9 - Cross-Site Scripting	CVE-2022-45848	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	November 23, 2022
Draw Attention <= 2.0.15 - Improper Access Control via register_cpt	CVE-2023-46616	6.3	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L	October 24, 2023
Event post <= 5.9.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode	CVE-2023-49179	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	November 29, 2023
Donations Made Easy – Smart Donations <= 4.0.12 - Authenticated (Contributor+) Stored Cross-Site Scripting	CVE-2023-47550	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	November 7, 2023
Newsletter & Bulk Email Sender <= 2.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting	CVE-2023-45829	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	October 13, 2023
Cooked <= 1.7.14 - Authenticated (Contributor+) Stored Cross-Site Scripting	CVE-2023-44477	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	September 29, 2023

Share this researcher's vulnerability discoveries

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation