🧹It's time for some spring cleaning! All researchers earn over 6.25x our normal bounty rates, through May 27th, 2024, when Wordfence handles responsible disclosure for our Spring Cleaning Bug Extravaganza! Learn more about our bug bounty program
Register as a researcher and submit your vulnerabilities today!

Wordfence Intelligence > Vulnerability Researchers > thiennv

thiennv

All Time Ranking

121

All Time Discoveries

Showing 41-60 of 121 Vulnerabilities

Download canvasio3D Light <= 2.5.0 - Reflected Cross-Site Scripting

6.1

CVE-2023-45062

Oct 3, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Click To Tweet <= 2.0.14 - Reflected Cross-Site Scripting

6.1

CVE-2023-41856

Sep 5, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Restrict <= 2.2.4 - Reflected Cross-Site Scripting

6.1

CVE-2023-41861

Sep 5, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

WP Bannerize Pro <= 1.6.9 - Reflected Cross-Site Scripting

6.1

CVE-2023-41663

Sep 1, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Donations Made Easy – Smart Donations <= 4.0.12 - Unauthenticated Stored Cross-Site Scripting

6.1

CVE-2023-40664

Aug 18, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

ImageRecycle pdf & image compression <= 3.1.11 - Reflected Cross-Site Scripting

6.1

CVE-2023-40196

Aug 11, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

WP Affiliate Links <= 0.1.1 - Reflected Cross-Site Scripting

6.1

CVE-2023-35097

Jun 15, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Dynamic QR Code Generator <= 0.0.5 - Reflected Cross-Site Scripting

6.1

CVE-2023-34022

May 31, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

bbp style pack <= 5.5.5 - Reflected Cross-Site Scripting

6.1

CVE-2023-33997

May 30, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

6.1

CVE-2023-34175

May 30, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Front End Users <= 3.2.27 - Unauthenticated Cross-Site Scripting

6.1

CVE-2023-33322

May 22, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Leyka <= 3.30.1 - Reflected Cross-Site Scripting

6.1

CVE-2023-33325

May 22, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Jazz Popups <= 1.8.7 - Reflected Cross-Site Scripting via 'wpjazzpopup_switchonoff'

6.1

CVE-2023-32965

May 18, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Donations Made Easy – Smart Donations <= 4.0.12 - Reflected Cross-Site Scripting

6.1

CVE-2023-32603

May 12, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

GTmetrix for WordPress <= 0.4.6 - Reflected Cross-Site Scripting via 'report_id' and 'event_id'

6.1

CVE-2023-32503

May 9, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Albo Pretorio Online <= 4.6.3 - Reflected Cross-Site Scripting

6.1

CVE-2023-32108

May 3, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Zip Recipes <= 8.0.6 - Reflected Cross-Site Scripting via 's' parameter

6.1

CVE-2023-31076

Apr 24, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Continuous Image Carousel With Lightbox <= 1.0.15 - Reflected Cross-Site Scripting via search_term, order_by and order_pos

6.1

CVE-2023-28792

Mar 27, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Contact Forms by Cimatti <= 1.5.4 - Reflected Cross-Site Scripting via 'form-field-id', 'edit-fid', 'id', 'name', 'type', 'description' Parameters

6.1

CVE-2023-28789

Mar 27, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Contest Gallery <= 21.1.2 - Reflected Cross-Site Scripting

6.1

CVE-2023-28784

Mar 27, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Title	CVE ID	CVSS	Vector	Date
Download canvasio3D Light <= 2.5.0 - Reflected Cross-Site Scripting	CVE-2023-45062	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	October 3, 2023
Click To Tweet <= 2.0.14 - Reflected Cross-Site Scripting	CVE-2023-41856	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	September 5, 2023
Restrict <= 2.2.4 - Reflected Cross-Site Scripting	CVE-2023-41861	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	September 5, 2023
WP Bannerize Pro <= 1.6.9 - Reflected Cross-Site Scripting	CVE-2023-41663	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	September 1, 2023
Donations Made Easy – Smart Donations <= 4.0.12 - Unauthenticated Stored Cross-Site Scripting	CVE-2023-40664	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	August 18, 2023
ImageRecycle pdf & image compression <= 3.1.11 - Reflected Cross-Site Scripting	CVE-2023-40196	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	August 11, 2023
WP Affiliate Links <= 0.1.1 - Reflected Cross-Site Scripting	CVE-2023-35097	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	June 15, 2023
Dynamic QR Code Generator <= 0.0.5 - Reflected Cross-Site Scripting	CVE-2023-34022	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	May 31, 2023
bbp style pack <= 5.5.5 - Reflected Cross-Site Scripting	CVE-2023-33997	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	May 30, 2023
Login Configurator <= 2.1 - Reflected Cross-Site Scripting	CVE-2023-34175	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	May 30, 2023
Front End Users <= 3.2.27 - Unauthenticated Cross-Site Scripting	CVE-2023-33322	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	May 22, 2023
Leyka <= 3.30.1 - Reflected Cross-Site Scripting	CVE-2023-33325	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	May 22, 2023
Jazz Popups <= 1.8.7 - Reflected Cross-Site Scripting via 'wpjazzpopup_switchonoff'	CVE-2023-32965	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	May 18, 2023
Donations Made Easy – Smart Donations <= 4.0.12 - Reflected Cross-Site Scripting	CVE-2023-32603	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	May 12, 2023
GTmetrix for WordPress <= 0.4.6 - Reflected Cross-Site Scripting via 'report_id' and 'event_id'	CVE-2023-32503	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	May 9, 2023
Albo Pretorio Online <= 4.6.3 - Reflected Cross-Site Scripting	CVE-2023-32108	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	May 3, 2023
Zip Recipes <= 8.0.6 - Reflected Cross-Site Scripting via 's' parameter	CVE-2023-31076	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	April 24, 2023
Continuous Image Carousel With Lightbox <= 1.0.15 - Reflected Cross-Site Scripting via search_term, order_by and order_pos	CVE-2023-28792	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	March 27, 2023
Contact Forms by Cimatti <= 1.5.4 - Reflected Cross-Site Scripting via 'form-field-id', 'edit-fid', 'id', 'name', 'type', 'description' Parameters	CVE-2023-28789	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	March 27, 2023
Contest Gallery <= 21.1.2 - Reflected Cross-Site Scripting	CVE-2023-28784	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	March 27, 2023

Share this researcher's vulnerability discoveries

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation