Nguyen Xuan Chien

Say thanks

3512.8

XP

557

Reports

18

Reports, last 90 days

#5

17 Nov, 2025

Lvl 6

Website

GitHub

Exploited

Affected software \| Vulnerability	AXP	Severity	Reported
Simple Payment<= 2.4.6 Cross Site Scripting (XSS)	24.5	7.1	Sep 29, 2025
Simple Payment<= 2.4.6 Local File Inclusion	51.75	7.5	Sep 29, 2025
FanBridge signup<= 0.6 Cross Site Request Forgery (CSRF)	0.44	7.1	No date
CloudSearch<= 3.0.0 Cross Site Request Forgery (CSRF)	0.44	7.1	No date
NikanWP WooCommerce Reporting<= 1.0.0 Cross Site Request Forgery (CSRF)	0.44	7.1	No date
Reloadly<= 2.0.1 Cross Site Request Forgery (CSRF)	0.44	7.1	No date
replyMail<= 1.2.0 Cross Site Request Forgery (CSRF)	22.96	7.1	Sep 22, 2025
Block Country<= 1.0 Cross Site Request Forgery (CSRF)	1.78	7.1	Sep 26, 2025
Slick Google Map<= 0.3 Cross Site Request Forgery (CSRF)	1.78	7.1	Sep 27, 2025
wpNamedUsers<= 0.5 Cross Site Request Forgery (CSRF)	1.78	7.1	Sep 27, 2025
Simple Stripe<= 0.9.17 Cross Site Request Forgery (CSRF)	1.78	7.1	Sep 27, 2025
Did Prestashop Display<= 1.0.30 Cross Site Request Forgery (CSRF)	0.44	7.1	No date
Fix Multiple Redirects<= 1.2.3 Cross Site Scripting (XSS)	7.1	7.1	Sep 28, 2025
Password only login<= 0.2 Cross Site Scripting (XSS)	7.1	7.1	Sep 30, 2025
Simple Finance Calculator<= 1.0 Cross Site Scripting (XSS)	7.1	7.1	Sep 30, 2025
WSAnalytics<= 1.1.2 Cross Site Scripting (XSS)	7.1	7.1	Sep 27, 2025
WP Business Hours<= 1.4 Cross Site Request Forgery (CSRF)	0.44	7.1	No date
Awesome Testimonials<= 2.2.1 Cross Site Request Forgery (CSRF)	0.44	7.1	No date
Multilang Contact Form<= 1.5 Cross Site Request Forgery (CSRF)	0.44	7.1	No date
GST for WooCommerce<= 2.0 Cross Site Request Forgery (CSRF)	1.78	7.1	Aug 23, 2025
Flytedesk Digital<= 20181101 Cross Site Request Forgery (CSRF)	1.78	7.1	Aug 24, 2025
Conditional Cart Messages for WooCommerce – YourPlugins.com<= 1.2.10 Cross Site Request Forgery (CSRF)	1.78	7.1	Aug 26, 2025
HTACCESS IP Blocker<= 1.0 Cross Site Request Forgery (CSRF)	1.78	7.1	Aug 23, 2025
W3SCloud Contact Form 7 to Zoho CRM<= 3.0 Cross Site Request Forgery (CSRF)	1.78	7.1	Aug 24, 2025
HotelRunner Booking Widget<= 1.6 Cross Site Request Forgery (CSRF)	1.78	7.1	Aug 24, 2025
Instapage Plugin<= 3.7.0 Cross Site Request Forgery (CSRF)	2.15	4.3	Aug 26, 2025
Groovy Menu<= 1.4.3 Cross Site Request Forgery (CSRF)	2.15	4.3	Aug 26, 2025
VOD Infomaniak<= 1.5.11 Cross Site Scripting (XSS)	42.6	7.1	Aug 24, 2025
Printcart Web to Print Product Designer for WooCommerce<= 2.4.5 Broken Access Control	N/A	4.3	Jul 10, 2025
LinkedInclude<= 3.0.4 Cross Site Request Forgery (CSRF)	1.78	7.1	Jul 10, 2025
Show Pages List<= 1.2.0 Cross Site Request Forgery (CSRF)	N/A	4.3	Jul 30, 2025
Printeers Print & Ship<= 1.17.0 Cross Site Request Forgery (CSRF)	N/A	5.4	Jul 30, 2025
Mavis HTTPS to HTTP Redirection<= 1.4.3 Cross Site Request Forgery (CSRF)	1.78	7.1	Aug 7, 2025
Sweet Energy Efficiency<= 1.0.6 Cross Site Request Forgery (CSRF)	1.78	7.1	Aug 7, 2025
Stock Message<= 1.1.0 Cross Site Request Forgery (CSRF)	1.78	7.1	Aug 9, 2025
WPMK PDF Generator<= 1.0.1 Cross Site Request Forgery (CSRF)	1.78	7.1	Aug 10, 2025
NIX Anti-Spam Light<= 0.0.4 Cross Site Request Forgery (CSRF)	1.78	7.1	Aug 10, 2025
Grid<= 2.3.1 Cross Site Request Forgery (CSRF)	1.78	7.1	Aug 12, 2025
WP Content Protection<= 1.3 Cross Site Request Forgery (CSRF)	1.78	7.1	Aug 16, 2025
Auction Feed<= 1.1.3 Cross Site Request Forgery (CSRF)	1.78	7.1	Aug 16, 2025
HORIZONTAL SLIDER<= 2.4 Cross Site Request Forgery (CSRF)	1.78	7.1	Aug 17, 2025
ShrinkTheWeb (STW) Website Previews<= 2.8.5 Cross Site Request Forgery (CSRF)	1.78	7.1	Aug 17, 2025
Current Age Plugin<= 1.6 Cross Site Request Forgery (CSRF)	1.78	7.1	Aug 19, 2025
Casengo Live Chat Support<= 2.1.4 Cross Site Request Forgery (CSRF)	1.78	7.1	Aug 20, 2025
Doliconnect<= 9.5.7 Cross Site Request Forgery (CSRF)	1.78	7.1	Aug 21, 2025
SEO Pyramid<= 1.9.8 Cross Site Scripting (XSS)	7.1	7.1	Aug 21, 2025
Likert Survey Master<= 0.8.0.1 Cross Site Scripting (XSS)	7.1	7.1	Aug 21, 2025
Author: Munzir<= 0.9 Cross Site Scripting (XSS)	7.1	7.1	Sep 18, 2025
WP Tactical Popup<= 1.1 Cross Site Scripting (XSS)	7.1	7.1	Sep 15, 2025
Falang multilanguage<= 1.3.65 PHP Object Injection	35.2	8.8	Aug 15, 2025
Fidelo Snippet<= 1.12 Cross Site Scripting (XSS)	7.1	7.1	Aug 13, 2025
Calendar Plus<= 1.2.4 Cross Site Scripting (XSS)	7.1	7.1	Aug 13, 2025
WooCommerce Booking Bundle Hours<= 0.7.4 Cross Site Request Forgery (CSRF)	1.78	7.1	Aug 24, 2025
WC Return products<= 1.5 Cross Site Scripting (XSS)	7.1	7.1	Sep 6, 2025
Easy Woocommerce Customizer<= 1.0.2 Cross Site Scripting (XSS)	7.1	7.1	Sep 6, 2025
Toast Mobile Menu<= 1.0.8 Cross Site Scripting (XSS)	7.1	7.1	Aug 8, 2025
Quick Event Calendar<= 1.4.9 Cross Site Request Forgery (CSRF)	1.78	7.1	Jun 24, 2025
Enable Latex<= 1.2.16 Cross Site Request Forgery (CSRF)	1.78	7.1	Jun 24, 2025
Add to Feedly<= 1.2.11 Cross Site Request Forgery (CSRF)	1.78	7.1	Jun 24, 2025
Table of content<= 1.5.3.1 Cross Site Request Forgery (CSRF)	1.78	7.1	Jun 23, 2025
Woocommerce Notify Updated Product<= 1.6 Cross Site Request Forgery (CSRF)	1.63	6.5	Jun 22, 2025
AP HoneyPot WordPress Plugin<= 1.4 Cross Site Request Forgery (CSRF)	1.78	7.1	Jun 21, 2025
Ultimate AJAX Login<= 1.2.1 Cross Site Request Forgery (CSRF)	1.78	7.1	Jun 21, 2025
Popping Sidebars and Widgets Light<= 1.27 Cross Site Request Forgery (CSRF)	1.78	7.1	Jun 21, 2025
MSTW League Manager<= 2.10 Cross Site Request Forgery (CSRF)	1.78	7.1	Jun 21, 2025
Hide Real Download Path<= 1.6 Cross Site Request Forgery (CSRF)	1.78	7.1	Jun 17, 2025
WP likes<= 3.1.1 Cross Site Request Forgery (CSRF)	1.78	7.1	Jun 17, 2025
WN Flipbox Pro<= 2.1 Cross Site Request Forgery (CSRF)	1.78	7.1	Jun 17, 2025
WordPress Buffer – HYPESocial. Social Media Auto Post, Social Media Auto Publish and <= 2020.1.0 Cross Site Request Forgery (CSRF)	1.78	7.1	Jun 16, 2025
Bulk Watermark<= 1.6.10 Cross Site Request Forgery (CSRF)	1.78	7.1	Jun 14, 2025
Database to Excel<= 1.0 Cross Site Request Forgery (CSRF)	1.78	7.1	Jun 8, 2025
Auto Last Youtube Video<= 1.0.7 Cross Site Request Forgery (CSRF)	1.78	7.1	Jun 7, 2025
To Lead For Salesforce<= 2.7.3.9 Cross Site Request Forgery (CSRF)	3.55	7.1	Jun 18, 2025
Purge Varnish Cache<= 2.6 Cross Site Request Forgery (CSRF)	3.55	7.1	Jun 8, 2025
WordPress Error Monitoring by Bugsnag<= 1.6.3 Cross Site Request Forgery (CSRF)	3.55	7.1	Jun 7, 2025
WooCommerce Single Page Checkout<= 1.2.7 Cross Site Request Forgery (CSRF)	2.15	4.3	Jun 22, 2025
TrustMate.io – WooCommerce integration<= 1.15.0 Cross Site Request Forgery (CSRF)	2.15	4.3	Jun 20, 2025
Responder<= 4.3.8 Cross Site Request Forgery (CSRF)	2.7	5.4	Jun 18, 2025
WP Email Template<= 2.8.3 Cross Site Request Forgery (CSRF)	2.15	4.3	Jun 15, 2025
Custom WooCommerce Checkout Fields Editor<= 1.3.4 Cross Site Request Forgery (CSRF)	2.15	4.3	Jun 15, 2025
BCM Duplicate Menu<= 1.1.2 Cross Site Request Forgery (CSRF)	2.15	4.3	Jun 15, 2025
Payoneer Checkout<= 3.4.0 Content Spoofing	10.6	4.3	Jun 22, 2025
Notification for Telegram<= 3.4.7 Cross Site Request Forgery (CSRF)	2.15	4.3	Jun 22, 2025
Tickera<= 3.5.5.6 Cross Site Request Forgery (CSRF)	2.15	4.3	Jun 20, 2025
Constant Contact for WordPress<= 4.1.1 PHP Object Injection	35.2	8.8	Aug 14, 2025
Printeers Print & Ship<= 1.17.0 Broken Access Control	3.25	6.5	Jul 30, 2025
Nifty Backups<= 1.08 Cross Site Scripting (XSS)	7.1	7.1	Jul 30, 2025
Instant Breaking News<= 1.0 Cross Site Request Forgery (CSRF)	1.78	7.1	Aug 9, 2025
Podlove Podcast Publisher<= 4.2.5 Open Redirection	9.4	4.7	Jul 10, 2025
Simple Page Access Restriction<= 1.0.32 Cross Site Request Forgery (CSRF)	2.15	4.3	Aug 7, 2025
Printeers Print & Ship<= 1.17.0 Directory Traversal	N/A	5.3	Aug 12, 2025
WooCommerce Payment Gateway for Saferpay<= 0.4.9 Path Traversal	7.5	7.5	Aug 21, 2025
Captcha.eu< 1.0.61 Cross Site Scripting (XSS)	7.1	7.1	Jul 7, 2025
Theme Blvd Widget Areas<= 1.3.0 Cross Site Scripting (XSS)	14.2	7.1	May 12, 2025
XM-Backup<= 0.9.1 Cross Site Request Forgery (CSRF)	1.78	7.1	Aug 14, 2025
Savyour Affiliate Partner<= 2.1.4 Cross Site Request Forgery (CSRF)	1.78	7.1	Aug 18, 2025
Google XML News Sitemap plugin<= 0.02 Cross Site Request Forgery (CSRF)	1.78	7.1	Aug 12, 2025
SEO For Images<= 1.0.0 Cross Site Request Forgery (CSRF)	1.78	7.1	Aug 20, 2025
Newsletter subscription optin module<= 1.2.9 Cross Site Request Forgery (CSRF)	1.78	7.1	Aug 12, 2025
BetPress<= 1.0.1 Lite Cross Site Request Forgery (CSRF)	1.78	7.1	Aug 9, 2025

Report vulnerabilities to earn bounties and rewards!

Include pending