🔎 Have you found a vulnerability in a WordPress plugin or theme? Report vulnerabilities in WordPress plugins and themes through our bug bounty program and earn a bounty on all in-scope submissions, while we handle the responsible disclosure process on your behalf.

Wordfence Intelligence > Vulnerability Researchers > Tien Nguyen Ahn

Tien Nguyen Ahn

113

All Time Ranking

All Time Discoveries

Showing 1-20 of 23 Vulnerabilities

Analytify <= 4.2.3 - Missing Authorization & Cross-Site Request Forgery

4.3

CVE-2022-45830

Jan 3, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

Photo Gallery, Images, Slider in Rbs Image Gallery <= 3.2.9 - Missing Authorization

8.1

CVE-2022-45841

Dec 12, 2022

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Post Teaser <= 4.1.5 - Missing Authorization

5.4

CVE-2022-45811

Dec 2, 2022

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

Better Click To Tweet <= 5.10.3 - Missing Authorization

6.5

CVE-2022-45839

Nov 28, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

WP-FormAssembly <= 2.0.5 - Authenticated (Contributor+) Arbitrary File Read

6.5

CVE-2022-45852

Nov 23, 2022

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

WooSwipe WooCommerce Gallery <= 3.0.2 - Missing Authorization

5.4

CVE-2022-45066

Nov 17, 2022

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L

ULTIMATE TABLES <= 1.6.5 - Reflected Cross-Site Scripting

6.1

CVE-2022-36357

Nov 17, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

WP Glossary <= 3.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVE-2022-41831

Oct 29, 2022

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

Advanced Floating Content <= 1.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVE-2022-43458

Oct 24, 2022

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

WordPress Importer: Import any XML File to WordPress <= 1.0.2 - Reflected Cross-Site Scripting

6.1

CVE-2022-40209

Oct 11, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

FontMeister <= 1.08 - Reflected Cross-Site Scripting

6.1

CVE-2022-33978

Oct 4, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CRM Perks Forms <= 1.1.0 - Reflected Cross-Site Scripting

6.1

CVE-2022-38467

Sep 30, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Photospace Gallery <= 2.3.5 - Missing Authorization to Plugin Settings Update

6.5

CVE-2022-38135

Sep 12, 2022

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Pop-up <= 1.1.5 - Privilege Escalation

5.4

CVE-2022-38070

Sep 2, 2022

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L

ActiveDEMAND <= 0.2.27 - Missing Authorization Checks

9.8

CVE-2022-36296

Aug 2, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

GS Testimonial Slider <= 1.9.6 - Authenticated (Author+) Stored Cross-Site Scripting

6.4

CVE-2022-35882

Jul 27, 2022

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

Custom Product Tabs for WooCommerce <= 1.7.7 - Subscriber+ Settings Update

6.3

CVE-2022-28666

Jun 28, 2022

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Slideshow, Image Slider by 2J <= 1.3.54 - Reflected Cross-Site Scripting

5.4

CVE-2022-29426

May 4, 2022

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Ravpage <= 2.16 - Reflected Cross-Site Scripting

6.1

CVE-2022-29415

Apr 28, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

ShortPixel Adaptive Images <= 3.3.1 - Subscriber+ Arbitrary Settings Update

4.3

CVE-2022-29417

Apr 25, 2022

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Title	CVE ID	CVSS	Vector	Date
Analytify <= 4.2.3 - Missing Authorization & Cross-Site Request Forgery	CVE-2022-45830	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L	January 3, 2023
Photo Gallery, Images, Slider in Rbs Image Gallery <= 3.2.9 - Missing Authorization	CVE-2022-45841	8.1	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N	December 12, 2022
Post Teaser <= 4.1.5 - Missing Authorization	CVE-2022-45811	5.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N	December 2, 2022
Better Click To Tweet <= 5.10.3 - Missing Authorization	CVE-2022-45839	6.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N	November 28, 2022
WP-FormAssembly <= 2.0.5 - Authenticated (Contributor+) Arbitrary File Read	CVE-2022-45852	6.5	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N	November 23, 2022
WooSwipe WooCommerce Gallery <= 3.0.2 - Missing Authorization	CVE-2022-45066	5.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L	November 17, 2022
ULTIMATE TABLES <= 1.6.5 - Reflected Cross-Site Scripting	CVE-2022-36357	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	November 17, 2022
WP Glossary <= 3.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting	CVE-2022-41831	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	October 29, 2022
Advanced Floating Content <= 1.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting	CVE-2022-43458	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	October 24, 2022
WordPress Importer: Import any XML File to WordPress <= 1.0.2 - Reflected Cross-Site Scripting	CVE-2022-40209	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	October 11, 2022
FontMeister <= 1.08 - Reflected Cross-Site Scripting	CVE-2022-33978	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	October 4, 2022
CRM Perks Forms <= 1.1.0 - Reflected Cross-Site Scripting	CVE-2022-38467	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	September 30, 2022
Photospace Gallery <= 2.3.5 - Missing Authorization to Plugin Settings Update	CVE-2022-38135	6.5	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N	September 12, 2022
Pop-up <= 1.1.5 - Privilege Escalation	CVE-2022-38070	5.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L	September 2, 2022
ActiveDEMAND <= 0.2.27 - Missing Authorization Checks	CVE-2022-36296	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	August 2, 2022
GS Testimonial Slider <= 1.9.6 - Authenticated (Author+) Stored Cross-Site Scripting	CVE-2022-35882	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	July 27, 2022
Custom Product Tabs for WooCommerce <= 1.7.7 - Subscriber+ Settings Update	CVE-2022-28666	6.3	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L	June 28, 2022
Slideshow, Image Slider by 2J <= 1.3.54 - Reflected Cross-Site Scripting	CVE-2022-29426	5.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N	May 4, 2022
Ravpage <= 2.16 - Reflected Cross-Site Scripting	CVE-2022-29415	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	April 28, 2022
ShortPixel Adaptive Images <= 3.3.1 - Subscriber+ Arbitrary Settings Update	CVE-2022-29417	4.3	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N	April 25, 2022

Share this researcher's vulnerability discoveries

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation