Ngô Thiên An (ancorn_ from VNPT-VCI)

Say thanks

1,289.91

XP

154

Reports

0

Reports, last 90 days

#20

3 Apr, 2026

🇻🇳

Lvl 4

Website

GitHub

Exploited

Affected software \| Vulnerability	AXP	Severity	Reported
Ecwid Shopping Cart<= 7.0 Cross Site Scripting (XSS)	4.88	6.5	26/09/2024
EventON<= 2.4.1 Local File Inclusion	16.88	7.5	28/09/2024
All Bootstrap Blocks<= 1.3.19 Local File Inclusion	16.88	7.5	24/07/2024
Blockspare<= 3.2.4 Cross Site Scripting (XSS)	4.88	6.5	27/07/2024
ElementsKit Pro<= 3.6.0 Local File Inclusion	29.25	6.5	13/04/2024
DSGVO All in one for WP<= 4.5 Cross Site Scripting (XSS)	4.88	6.5	29/07/2024
WP Delicious<= 1.6.7 Cross Site Scripting (XSS)	4.88	6.5	28/07/2024
Collapsing Archives<= 3.0.5 Cross Site Scripting (XSS)	4.88	6.5	28/07/2024
All Bootstrap Blocks<= 1.3.19 Cross Site Scripting (XSS)	4.88	6.5	30/04/2024
Custom Layouts – Post + Product grids made easy<= 1.4.11 Cross Site Scripting (XSS)	4.88	6.5	28/07/2024
Meta Field Block<= 1.2.13 Cross Site Scripting (XSS)	4.88	6.5	29/07/2024
Blockspare<= 3.2.0 Cross Site Scripting (XSS)	4.88	6.5	31/05/2024
Arkhe Blocks<= 2.22.1 Cross Site Scripting (XSS)	4.88	6.5	30/04/2024
Caxton – Create Pro page layouts in Gutenberg<= 1.30.1 Cross Site Scripting (XSS)	4.88	6.5	31/05/2024
Livemesh Addons for Elementor<= 8.4.0 Local File Inclusion	43.88	6.5	13/04/2024
Ultimate Addons for Elementor<= 1.36.31 Privilege Escalation	79.2	8.8	31/05/2024
Church Admin<= 4.4.4 Broken Access Control	4.95	4.3	31/05/2024
Elegant Themes Icons<= 1.3 Cross Site Scripting (XSS)	4.88	6.5	09/11/2023
DImage 360<= 2.0 Cross Site Scripting (XSS)	4.88	6.5	30/10/2023
Church Admin<= 4.4.4 Cross Site Scripting (XSS)	5.61	6.5	31/05/2024
Online Booking & Scheduling Calendar for WordPress by vcita<= 4.4.0 Cross Site Scripting (XSS)	4.88	6.5	12/12/2023
Element Pack Elementor Addons<= 5.6.11 Cross Site Scripting (XSS)	N/A	6.5	No date
Easy Forms for Mailchimp<= 6.9.0 Broken Access Control	31.8	5.3	20/03/2024
The Plus Addons for Elementor Page Builder Lite<= 5.5.4 Cross Site Scripting (XSS)	19.5	6.5	13/04/2024
Block for Font Awesome<= 1.4.4 Cross Site Scripting (XSS)	4.88	6.5	30/04/2024
BlockArt Blocks<= 2.1.5 Cross Site Scripting (XSS)	4.88	6.5	30/04/2024
Sina Extension for Elementor<= 3.5.3 Cross Site Scripting (XSS)	14.63	6.5	30/04/2024
ShopLentor<= 2.8.7 Cross Site Scripting (XSS)	19.5	6.5	19/04/2024
Content Blocks (Custom Post Widget)<= 3.3.0 Cross Site Scripting (XSS)	4.88	6.5	30/09/2023
Print-O-Matic<= 2.1.10 Cross Site Scripting (XSS)	4.88	6.5	23/12/2023
PB MailCrypt<= 3.1.0 Cross Site Scripting (XSS)	4.88	6.5	14/12/2023
Mini Loops<= 1.4.1 Cross Site Scripting (XSS)	4.88	6.5	12/12/2023
Login Logout Register Menu<= 2.0 Cross Site Scripting (XSS)	4.88	6.5	12/12/2023
Giphypress<= 1.6.2 Cross Site Scripting (XSS)	4.88	6.5	11/12/2023
GWP-Histats<= 1.0 Cross Site Scripting (XSS)	4.88	6.5	11/12/2023
AJAX Login and Registration modal popup + inline form<= 2.23 Cross Site Scripting (XSS)	2.95	5.9	19/09/2023
CPO Companion<= 1.1.0 Cross Site Scripting (XSS)	4.88	6.5	29/09/2023
Recencio Book Reviews<= 1.66.0 Cross Site Scripting (XSS)	4.88	6.5	28/12/2023
Advanced Most Recent Posts Mod<= 1.6.5.2 Cross Site Scripting (XSS)	2.95	5.9	17/09/2023
YITH WooCommerce Compare<= 2.37.0 Cross Site Request Forgery (CSRF)	10.75	4.3	13/03/2024
Mortgage Calculators WP<= 1.56 Cross Site Scripting (XSS)	4.88	6.5	12/12/2023
Element Pack Elementor Addons<= 5.6.0 Cross Site Scripting (XSS)	19.5	6.5	16/03/2024
Exclusive Addons Elementor<= 2.6.9.2 Cross Site Scripting (XSS)	14.63	6.5	30/03/2024
Jotform Online Forms<= 1.3.1 Cross Site Scripting (XSS)	4.88	6.5	09/11/2023
Easy Textillate<= 2.02 Cross Site Scripting (XSS)	4.88	6.5	09/11/2023
Simple Registration for WooCommerce<= 1.5.6 Privilege Escalation	29.4	9.8	29/12/2023
ElementsKit Elementor addons Lite<= 3.0.6 Cross Site Scripting (XSS)	34.13	6.5	15/03/2024
Payment Forms for Paystack<= 4.0.0 Cross Site Scripting (XSS)	4.88	6.5	14/12/2023
Essential Blocks for Gutenberg<= 4.5.3 Cross Site Scripting (XSS)	19.5	6.5	15/03/2024
Form to Chat App<= 1.1.6 Cross Site Scripting (XSS)	4.88	6.5	11/12/2023
Formsite \| Embed online forms to collect orders, registrations, leads, and surveys<= 1.6 Cross Site Scripting (XSS)	4.88	6.5	11/12/2023
s2Member<= 240315 Privilege Escalation	22.5	7.5	27/12/2023
GetResponse for WordPress<= 5.5.35 Cross Site Scripting (XSS)	4.88	6.5	11/12/2023
AI Twitter Feeds (Twitter widget & shortcode)<= 2.4 Cross Site Scripting (XSS)	4.88	6.5	18/09/2023
ProfileGrid <= 5.7.1 SQL Injection	9.56	8.5	24/12/2023
affiliate-toolkit<= 3.4.5 Cross Site Scripting (XSS)	3.25	6.5	21/12/2023
Exchange Rates Widget<= 1.4.0 Cross Site Scripting (XSS)	4.88	6.5	13/11/2023
Fancy Comments WordPress<= 1.2.14 Cross Site Scripting (XSS)	4.88	6.5	11/12/2023
FlatPM< 3.1.05 Cross Site Scripting (XSS)	4.88	6.5	11/12/2023
Football Pool<= 2.11.3 Cross Site Scripting (XSS)	4.88	6.5	11/12/2023
Fullscreen Galleria<= 1.6.11 Cross Site Scripting (XSS)	4.88	6.5	11/12/2023
WP Fast Total Search<= 1.59.211 Cross Site Scripting (XSS)	4.88	6.5	11/12/2023
Gratisfaction<= 4.3.4 Cross Site Scripting (XSS)	4.88	6.5	11/12/2023
Grid Shortcodes<= 1.1 Cross Site Scripting (XSS)	4.88	6.5	11/12/2023
Hot Random Image<= 1.8.1 Cross Site Scripting (XSS)	4.88	6.5	11/12/2023
Media Cloud for Amazon S3, Imgix, Google Cloud Storage, DigitalOcean Spaces and more<= 4.5.24 Cross Site Scripting (XSS)	4.88	6.5	11/12/2023
MailChimp Forms by MailMunch<= 3.2.2 Cross Site Scripting (XSS)	9.75	6.5	12/12/2023
OneClick Chat to Order<= 1.0.5 Cross Site Scripting (XSS)	9.75	6.5	14/12/2023
Podlove Web Player<= 5.7.1 Cross Site Scripting (XSS)	4.88	6.5	16/12/2023
Smart Online Order for Clover<= 1.5.5 Cross Site Scripting (XSS)	4.88	6.5	29/09/2023
Shariff Wrapper<= 4.6.10 Cross Site Scripting (XSS)	14.63	6.5	26/12/2023
FormFacade<= 1.0.0 Cross Site Scripting (XSS)	4.88	6.5	11/12/2023
MyWaze<= 1.6 Cross Site Scripting (XSS)	4.88	6.5	14/12/2023
NEX-Forms<= 8.5.5 Cross Site Scripting (XSS)	4.88	6.5	14/12/2023
Paytium<= 4.4.2 Cross Site Scripting (XSS)	4.88	6.5	14/12/2023
PB oEmbed HTML5 Audio<= 2.6 Cross Site Scripting (XSS)	4.88	6.5	14/12/2023
TNC PDF viewer<= 2.8.0 Cross Site Scripting (XSS)	4.88	6.5	14/12/2023
PJ News Ticker<= 1.9.5 Cross Site Scripting (XSS)	4.88	6.5	16/12/2023
Before After Image Slider WP<= 2.2 Cross Site Scripting (XSS)	4.88	6.5	27/09/2023
Buttons Shortcode and Widget<= 1.16 Cross Site Scripting (XSS)	4.88	6.5	28/09/2023
Content Cards<= 0.9.7 Cross Site Scripting (XSS)	4.88	6.5	29/09/2023
Knowledge Base for Documentation, FAQs with AI Assistance<= 11.30.2 PHP Object Injection	17.4	8.7	29/12/2023
GDPR Data Request Form<= 1.6 Cross Site Scripting (XSS)	4.88	6.5	11/12/2023
WpEvently<= 4.1.1 PHP Object Injection	6.15	8.2	30/12/2023
Heateor Social Login<= 1.1.30 Cross Site Scripting (XSS)	4.88	6.5	11/12/2023
Scheduling Plugin – Online Booking for WordPress<= 3.5.10 Cross Site Scripting (XSS)	4.88	6.5	28/09/2023
CC BMI Calculator<= 2.0.1 Cross Site Scripting (XSS)	4.88	6.5	28/09/2023
Click To Tweet<= 2.0.14 Cross Site Scripting (XSS)	4.88	6.5	29/09/2023
PDF Viewer & 3D PDF Flipbook – DearPDF<= 2.0.38 Cross Site Scripting (XSS)	4.88	6.5	03/10/2023
Posts List Designer by Category – List Category Posts Or Recent Posts<= 3.3.2 Cross Site Scripting (XSS)	4.88	6.5	17/12/2023
Formzu WP<= 1.6.7 Cross Site Scripting (XSS)	4.88	6.5	11/12/2023
Albo Pretorio Online<= 4.6.6 Cross Site Scripting (XSS)	4.88	6.5	19/09/2023
CBX Map for Google Map & OpenStreetMap<= 1.1.11 Cross Site Scripting (XSS)	4.88	6.5	28/09/2023
PowerFolio<= 3.1 Cross Site Scripting (XSS)	4.88	6.5	16/12/2023
Beds24 Online Booking<= 2.0.24 Cross Site Scripting (XSS)	4.88	6.5	27/09/2023
Randomize<= 1.4.3 SQL Injection	9.56	8.5	26/12/2023
Private Google Calendars<= 20231125 Cross Site Scripting (XSS)	4.88	6.5	23/12/2023
Posts to Page<= 1.7 Cross Site Scripting (XSS)	4.88	6.5	17/12/2023
oEmbed Gist<= 4.9.1 Cross Site Scripting (XSS)	4.88	6.5	14/12/2023
Page Builder: Live Composer<= 1.5.23 Cross Site Scripting (XSS)	4.88	6.5	12/12/2023

Report vulnerabilities to earn bounties and rewards!

Include pending