Nguyen Xuan Chien

Say thanks

3,512.80

XP

557

Reports

0

Reports, last 90 days

#5

3 Apr, 2026

🇻🇳

Lvl 6

Website

GitHub

Exploited

Affected software \| Vulnerability	AXP	Severity	Reported
wpDataTables<= 6.5.0.1 Local File Inclusion	103.5	7.5	26/09/2025
Photo Gallery<= 2.7.7.26 Cross Site Scripting (XSS)	16.33	7.1	09/08/2025
Zoho ZeptoMail<= 3.3.1 Cross Site Request Forgery (CSRF)	3.55	7.1	16/06/2025
WP-BusinessDirectory<= 4.0.1 Cross Site Scripting (XSS)	7.1	7.1	29/09/2025
Pinpoll<= 4.0.0 Cross Site Scripting (XSS)	7.1	7.1	28/09/2025
e-shops<= 1.0.4 Cross Site Scripting (XSS)	7.1	7.1	28/09/2025
PRIMER by chloédigital<= 1.0.25 Cross Site Scripting (XSS)	7.1	7.1	28/09/2025
Visitor Stats Widget<= 1.5.0 Cross Site Scripting (XSS)	7.1	7.1	28/09/2025
WP App Bar<= 1.5 Cross Site Scripting (XSS)	7.1	7.1	27/09/2025
Flaming Password Reset<= 1.0.3 Cross Site Scripting (XSS)	6.5	6.5	25/09/2025
Scroll rss excerpt<= 5.0 Cross Site Scripting (XSS)	7.1	7.1	23/09/2025
Invelity SPS connect<= 1.0.8 Cross Site Scripting (XSS)	7.1	7.1	23/09/2025
CedCommerce Integration for Good Market<= 1.0.6 Local File Inclusion	15	7.5	22/09/2025
Advanced Custom CSS<= 1.1.0 Cross Site Scripting (XSS)	7.1	7.1	15/09/2025
CookieHint WP<= 1.0.0 Local File Inclusion	15	7.5	07/09/2025
Wp Text Slider Widget<= 1.0 Cross Site Scripting (XSS)	3.25	6.5	06/09/2025
Content Grid Slider<= 1.5 Cross Site Scripting (XSS)	7.1	7.1	05/09/2025
Docket Cache<= 24.07.03 Local File Inclusion	32.4	8.1	16/08/2025
Simple Payment<= 2.4.6 Cross Site Scripting (XSS)	24.5	7.1	29/09/2025
PDF Creator Lite<= 1.2 Cross Site Request Forgery (CSRF)	0.44	7.1	29/09/2025
Simple Payment<= 2.4.6 Local File Inclusion	51.75	7.5	29/09/2025
Create Posts & Terms<= 1.3.1 Cross Site Request Forgery (CSRF)	0.44	7.1	27/09/2025
Sprout Clients<= 3.2.1 Cross Site Scripting (XSS)	32.66	7.1	23/09/2025
FanBridge signup<= 0.6 Cross Site Request Forgery (CSRF)	0.44	7.1	23/09/2025
CloudSearch<= 3.0.0 Cross Site Request Forgery (CSRF)	0.44	7.1	16/09/2025
NikanWP WooCommerce Reporting<= 1.0.0 Cross Site Request Forgery (CSRF)	0.44	7.1	15/09/2025
Reloadly<= 2.0.1 Cross Site Request Forgery (CSRF)	0.44	7.1	15/09/2025
replyMail<= 1.2.0 Cross Site Request Forgery (CSRF)	22.96	7.1	22/09/2025
Block Country<= 1.0 Cross Site Request Forgery (CSRF)	1.78	7.1	26/09/2025
Slick Google Map<= 0.3 Cross Site Request Forgery (CSRF)	1.78	7.1	27/09/2025
wpNamedUsers<= 0.5 Cross Site Request Forgery (CSRF)	1.78	7.1	27/09/2025
Simple Stripe<= 0.9.17 Cross Site Request Forgery (CSRF)	1.78	7.1	27/09/2025
Did Prestashop Display<= 1.0.30 Cross Site Request Forgery (CSRF)	0.44	7.1	10/09/2025
Fix Multiple Redirects<= 1.2.3 Cross Site Scripting (XSS)	7.1	7.1	28/09/2025
Password only login<= 0.2 Cross Site Scripting (XSS)	7.1	7.1	30/09/2025
Simple Finance Calculator<= 1.0 Cross Site Scripting (XSS)	7.1	7.1	30/09/2025
WSAnalytics<= 1.1.2 Cross Site Scripting (XSS)	7.1	7.1	27/09/2025
WP Business Hours<= 1.4 Cross Site Request Forgery (CSRF)	0.44	7.1	07/09/2025
Awesome Testimonials<= 2.2.1 Cross Site Request Forgery (CSRF)	0.44	7.1	07/09/2025
Multilang Contact Form<= 1.5 Cross Site Request Forgery (CSRF)	0.44	7.1	27/08/2025
GST for WooCommerce<= 2.0 Cross Site Request Forgery (CSRF)	1.78	7.1	23/08/2025
Flytedesk Digital<= 20181101 Cross Site Request Forgery (CSRF)	1.78	7.1	24/08/2025
Conditional Cart Messages for WooCommerce – YourPlugins.com<= 1.2.10 Cross Site Request Forgery (CSRF)	1.78	7.1	26/08/2025
HTACCESS IP Blocker<= 1.0 Cross Site Request Forgery (CSRF)	1.78	7.1	23/08/2025
W3SCloud Contact Form 7 to Zoho CRM<= 3.2 Cross Site Request Forgery (CSRF)	1.78	7.1	24/08/2025
HotelRunner Booking Widget<= 1.6 Cross Site Request Forgery (CSRF)	1.78	7.1	24/08/2025
Instapage Plugin<= 3.7.0 Cross Site Request Forgery (CSRF)	2.15	4.3	26/08/2025
Groovy Menu<= 1.4.3 Cross Site Request Forgery (CSRF)	2.15	4.3	26/08/2025
VOD Infomaniak<= 1.5.11 Cross Site Scripting (XSS)	42.6	7.1	24/08/2025
Printcart Web to Print Product Designer for WooCommerce<= 2.4.8 Broken Access Control	N/A	4.3	10/07/2025
LinkedInclude<= 3.0.4 Cross Site Request Forgery (CSRF)	1.78	7.1	10/07/2025
Show Pages List<= 1.2.0 Cross Site Request Forgery (CSRF)	N/A	4.3	30/07/2025
Printeers Print & Ship<= 1.17.0 Cross Site Request Forgery (CSRF)	N/A	5.4	30/07/2025
Mavis HTTPS to HTTP Redirection<= 1.4.3 Cross Site Request Forgery (CSRF)	1.78	7.1	07/08/2025
Sweet Energy Efficiency<= 1.0.8 Cross Site Request Forgery (CSRF)	1.78	7.1	07/08/2025
Stock Message<= 1.1.0 Cross Site Request Forgery (CSRF)	1.78	7.1	09/08/2025
WPMK PDF Generator<= 1.0.1 Cross Site Request Forgery (CSRF)	1.78	7.1	10/08/2025
NIX Anti-Spam Light<= 0.0.4 Cross Site Request Forgery (CSRF)	1.78	7.1	10/08/2025
Grid<= 2.3.1 Cross Site Request Forgery (CSRF)	1.78	7.1	12/08/2025
WP Content Protection<= 1.3 Cross Site Request Forgery (CSRF)	1.78	7.1	16/08/2025
Auction Feed<= 1.1.4 Cross Site Request Forgery (CSRF)	1.78	7.1	16/08/2025
HORIZONTAL SLIDER<= 2.4 Cross Site Request Forgery (CSRF)	1.78	7.1	17/08/2025
ShrinkTheWeb (STW) Website Previews<= 2.8.5 Cross Site Request Forgery (CSRF)	1.78	7.1	17/08/2025
Current Age Plugin<= 1.6 Cross Site Request Forgery (CSRF)	1.78	7.1	19/08/2025
Casengo Live Chat Support<= 2.1.4 Cross Site Request Forgery (CSRF)	1.78	7.1	20/08/2025
Doliconnect<= 9.5.7 Cross Site Request Forgery (CSRF)	1.78	7.1	21/08/2025
SEO Pyramid<= 1.9.8 Cross Site Scripting (XSS)	7.1	7.1	21/08/2025
Likert Survey Master<= 0.8.0.1 Cross Site Scripting (XSS)	7.1	7.1	21/08/2025
Author: Munzir<= 0.9 Cross Site Scripting (XSS)	7.1	7.1	18/09/2025
WP Tactical Popup<= 1.1 Cross Site Scripting (XSS)	7.1	7.1	15/09/2025
Falang multilanguage<= 1.3.65 PHP Object Injection	35.2	8.8	15/08/2025
Fidelo Snippet<= 1.12 Cross Site Scripting (XSS)	7.1	7.1	13/08/2025
Calendar Plus<= 1.2.4 Cross Site Scripting (XSS)	7.1	7.1	13/08/2025
WooCommerce Booking Bundle Hours<= 0.7.4 Cross Site Request Forgery (CSRF)	1.78	7.1	24/08/2025
WC Return products<= 1.5 Cross Site Scripting (XSS)	7.1	7.1	06/09/2025
Easy Woocommerce Customizer<= 1.0.2 Cross Site Scripting (XSS)	7.1	7.1	06/09/2025
Toast Mobile Menu<= 1.0.8 Cross Site Scripting (XSS)	7.1	7.1	08/08/2025
Quick Event Calendar<= 1.4.9 Cross Site Request Forgery (CSRF)	1.78	7.1	24/06/2025
Enable Latex<= 1.2.16 Cross Site Request Forgery (CSRF)	1.78	7.1	24/06/2025
Add to Feedly<= 1.2.11 Cross Site Request Forgery (CSRF)	1.78	7.1	24/06/2025
Table of content<= 1.5.3.1 Cross Site Request Forgery (CSRF)	1.78	7.1	23/06/2025
Woocommerce Notify Updated Product<= 1.6 Cross Site Request Forgery (CSRF)	1.63	6.5	22/06/2025
AP HoneyPot WordPress Plugin<= 1.4 Cross Site Request Forgery (CSRF)	1.78	7.1	21/06/2025
Ultimate AJAX Login<= 1.2.1 Cross Site Request Forgery (CSRF)	1.78	7.1	21/06/2025
Popping Sidebars and Widgets Light<= 1.27 Cross Site Request Forgery (CSRF)	1.78	7.1	21/06/2025
MSTW League Manager<= 2.10 Cross Site Request Forgery (CSRF)	1.78	7.1	21/06/2025
Hide Real Download Path<= 1.6 Cross Site Request Forgery (CSRF)	1.78	7.1	17/06/2025
WP likes<= 3.1.1 Cross Site Request Forgery (CSRF)	1.78	7.1	17/06/2025
WN Flipbox Pro<= 2.1 Cross Site Request Forgery (CSRF)	1.78	7.1	17/06/2025
WordPress Buffer – HYPESocial. Social Media Auto Post, Social Media Auto Publish and <= 2020.1.0 Cross Site Request Forgery (CSRF)	1.78	7.1	16/06/2025
Bulk Watermark<= 1.6.10 Cross Site Request Forgery (CSRF)	1.78	7.1	14/06/2025
Database to Excel<= 1.0 Cross Site Request Forgery (CSRF)	1.78	7.1	08/06/2025
Auto Last Youtube Video<= 1.0.7 Cross Site Request Forgery (CSRF)	1.78	7.1	07/06/2025
To Lead For Salesforce<= 2.7.3.9 Cross Site Request Forgery (CSRF)	3.55	7.1	18/06/2025
Purge Varnish Cache<= 2.6 Cross Site Request Forgery (CSRF)	3.55	7.1	08/06/2025
WordPress Error Monitoring by Bugsnag<= 1.6.3 Cross Site Request Forgery (CSRF)	3.55	7.1	07/06/2025
WooCommerce Single Page Checkout<= 1.2.7 Cross Site Request Forgery (CSRF)	2.15	4.3	22/06/2025
TrustMate.io – WooCommerce integration<= 1.16.0 Cross Site Request Forgery (CSRF)	2.15	4.3	20/06/2025
Responder<= 4.3.8 Cross Site Request Forgery (CSRF)	2.7	5.4	18/06/2025
WP Email Template<= 2.8.5 Cross Site Request Forgery (CSRF)	2.15	4.3	15/06/2025

Report vulnerabilities to earn bounties and rewards!

Include pending