🧹It's time for some spring cleaning! All researchers earn over 6.25x our normal bounty rates, through May 27th, 2024, when Wordfence handles responsible disclosure for our Spring Cleaning Bug Extravaganza! Learn more about our bug bounty program
Register as a researcher and submit your vulnerabilities today!

Wordfence Intelligence > Vulnerability Researchers > thiennv

thiennv

All Time Ranking

121

All Time Discoveries

Showing 21-40 of 121 Vulnerabilities

Cooked <= 1.7.14 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVE-2023-44477

Sep 29, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

Hero Banner Ultimate <= 1.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcodes

6.4

CVE-2022-45818

Feb 22, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

Jobs for WordPress <= 2.5.10.2 - Authenticated (Author+) Cross Site Scripting

6.4

CVE-2022-44743

Feb 2, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

GC Testimonials <= 1.3.2 - Authenticated (Contributor+) Cross-Site Scripting

6.4

CVE-2022-45817

Dec 7, 2022

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

WP Calendar <= 1.5.3 - Authenticated (Contributor+) Cross-Site Scripting

6.4

CVE-2022-45814

Dec 7, 2022

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

WHA Puzzle <= 1.0.9 - Authenticated (Contributor+) Cross-Site Scripting

6.4

CVE-2022-45839

Nov 24, 2022

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

Simple Video Embedder <= 2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVE-2022-44590

Nov 9, 2022

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

Gallery Images Ape <= 2.2.8 - Authenticated (Contributor+) Cross-Site Scripting

6.4

CVE-2022-41785

Oct 31, 2022

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

Draw Attention <= 2.0.15 - Improper Access Control via register_cpt

6.3

CVE-2023-46616

Oct 24, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

WP Helper Premium < 4.6.0 - Reflected Cross-Site Scripting

6.1

CVE-2024-32595

Apr 16, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tax Rate Upload <= 2.4.5 - Reflected Cross-Site Scripting

6.1

CVE-2024-31105

Mar 29, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Specific Content For Mobile – Customize the mobile version without redirections <= 0.1.9.5 - Reflected Cross-Site Scripting

6.1

CVE-2024-29126

Mar 16, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Biteship <= 2.2.24 - Reflected Cross-Site Scripting via biteship_error and biteship_message

6.1

CVE-2024-24866

Feb 2, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

WOLF <= 1.0.8 - Unauthenticated Stored Cross-Site Scripting via profile_title

6.1

CVE-2024-22159

Jan 16, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Shortcodes Finder <= 1.5.3 - Reflected Cross-Site Scripting

6.1

CVE-2023-47695

Nov 9, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Products, Order & Customers Export for WooCommerce <= 2.0.10 - Reflected Cross-Site Scripting via date parameters

6.1

CVE-2023-47547

Nov 7, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Smart Online Order for Clover <= 1.5.4 - Reflected Cross-Site Scripting

6.1

CVE-2023-46312

Oct 22, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Ultimate Taxonomy Manager <= 2.0 - Unauthenticated Cross-Site Scripting

6.1

CVE-2023-45837

Oct 13, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Proofreading <= 1.1 - Reflected Cross-Site Scripting

6.1

CVE-2023-45772

Oct 12, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Responsive Image Gallery, Gallery Album <= 2.0.3 - Unauthenticated Cross-Site Scripting

6.1

CVE-2023-45630

Oct 11, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Title	CVE ID	CVSS	Vector	Date
Cooked <= 1.7.14 - Authenticated (Contributor+) Stored Cross-Site Scripting	CVE-2023-44477	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	September 29, 2023
Hero Banner Ultimate <= 1.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcodes	CVE-2022-45818	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	February 22, 2023
Jobs for WordPress <= 2.5.10.2 - Authenticated (Author+) Cross Site Scripting	CVE-2022-44743	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	February 2, 2023
GC Testimonials <= 1.3.2 - Authenticated (Contributor+) Cross-Site Scripting	CVE-2022-45817	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	December 7, 2022
WP Calendar <= 1.5.3 - Authenticated (Contributor+) Cross-Site Scripting	CVE-2022-45814	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	December 7, 2022
WHA Puzzle <= 1.0.9 - Authenticated (Contributor+) Cross-Site Scripting	CVE-2022-45839	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	November 24, 2022
Simple Video Embedder <= 2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting	CVE-2022-44590	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	November 9, 2022
Gallery Images Ape <= 2.2.8 - Authenticated (Contributor+) Cross-Site Scripting	CVE-2022-41785	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	October 31, 2022
Draw Attention <= 2.0.15 - Improper Access Control via register_cpt	CVE-2023-46616	6.3	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L	October 24, 2023
WP Helper Premium < 4.6.0 - Reflected Cross-Site Scripting	CVE-2024-32595	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	April 16, 2024
Tax Rate Upload <= 2.4.5 - Reflected Cross-Site Scripting	CVE-2024-31105	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	March 29, 2024
Specific Content For Mobile – Customize the mobile version without redirections <= 0.1.9.5 - Reflected Cross-Site Scripting	CVE-2024-29126	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	March 16, 2024
Biteship <= 2.2.24 - Reflected Cross-Site Scripting via biteship_error and biteship_message	CVE-2024-24866	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	February 2, 2024
WOLF <= 1.0.8 - Unauthenticated Stored Cross-Site Scripting via profile_title	CVE-2024-22159	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	January 16, 2024
Shortcodes Finder <= 1.5.3 - Reflected Cross-Site Scripting	CVE-2023-47695	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	November 9, 2023
Products, Order & Customers Export for WooCommerce <= 2.0.10 - Reflected Cross-Site Scripting via date parameters	CVE-2023-47547	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	November 7, 2023
Smart Online Order for Clover <= 1.5.4 - Reflected Cross-Site Scripting	CVE-2023-46312	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	October 22, 2023
Ultimate Taxonomy Manager <= 2.0 - Unauthenticated Cross-Site Scripting	CVE-2023-45837	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	October 13, 2023
Proofreading <= 1.1 - Reflected Cross-Site Scripting	CVE-2023-45772	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	October 12, 2023
Responsive Image Gallery, Gallery Album <= 2.0.3 - Unauthenticated Cross-Site Scripting	CVE-2023-45630	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	October 11, 2023

Share this researcher's vulnerability discoveries

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation