Le Ngoc Anh

4,264.84

XP

270

Reports

0

Reports, last 90 days

#8

3 Apr, 2026

🇻🇳

Lvl 7

Website

GitHub

Exploited

Affected software \| Vulnerability	AXP	Severity	Reported
Magazine Saga<= 1.2.7 Local File Inclusion	16.2	8.1	26/05/2025
Magazine Elite<= 1.2.4 Local File Inclusion	16.2	8.1	26/05/2025
Glamer<= 1.0.2 Local File Inclusion	16.2	8.1	26/05/2025
Magazine<= 1.2.2 Local File Inclusion	16.2	8.1	26/05/2025
BlogMarks<= 1.0.8 Local File Inclusion	16.2	8.1	26/05/2025
Neom Blog<= 0.0.9 Cross Site Scripting (XSS)	7.1	7.1	20/05/2025
Magze<= 1.0.9 Local File Inclusion	16.2	8.1	26/05/2025
Magways<= 1.2.1 Local File Inclusion	16.2	8.1	26/05/2025
Magty<= 1.0.6 Local File Inclusion	16.2	8.1	26/05/2025
Blogvy<= 1.0.7 Local File Inclusion	16.2	8.1	26/05/2025
Blogty<= 1.0.11 Local File Inclusion	16.2	8.1	26/05/2025
Blogprise<= 1.0.9 Local File Inclusion	16.2	8.1	26/05/2025
Blogmine<= 1.1.7 Local File Inclusion	16.2	8.1	26/05/2025
Blogbyte<= 1.1.1 Local File Inclusion	16.2	8.1	26/05/2025
WP SmartPay<= 2.7.13 Broken Authentication	26.4	8.8	24/04/2025
Subaccounts for WooCommerce<= 1.6.6 Broken Authentication	26.4	8.8	24/04/2025
TrackShip for WooCommerce<= 1.9.1 SQL Injection	3.8	7.6	09/04/2025
Easy Guide<= 1.0.0 SQL Injection	37.2	9.3	09/04/2025
Arigato Autoresponder and Newsletter<= 2.7.2.4 Cross Site Scripting (XSS)	14.2	7.1	31/03/2025
Quentn WP<= 1.2.8 SQL Injection	37.2	9.3	27/03/2025
Quentn WP<= 1.2.8 Privilege Escalation	58.8	9.8	27/03/2025
Rating by BestWebSoft<= 1.7 PHP Object Injection	17.6	8.8	16/03/2025
GoodBarber<= 1.0.26 Open Redirection	9.4	4.7	11/03/2025
KiotViet Sync<= 1.8.4 SQL Injection	17	8.5	23/12/2024
Kata Plus<= 1.5.3 PHP Object Injection	39.2	9.8	23/12/2024
PDF 2 Post<= 2.4.0 Remote Code Execution (RCE)	29.7	9.9	26/12/2024
Kargo Entegratör<= 1.1.14 SQL Injection	N/A	7.6	25/03/2025
WP Easy Poll<= 2.2.9 Cross Site Scripting (XSS)	14.2	7.1	15/12/2024
WP Featured Screenshot<= 1.3 Cross Site Scripting (XSS)	14.2	7.1	14/12/2024
WP-Hijri<= 1.5.3 Cross Site Scripting (XSS)	14.2	7.1	15/12/2024
Hamburger Icon Menu Lite<= 1.0 Cross Site Scripting (XSS)	14.2	7.1	06/12/2024
DN Shipping by Weight for WooCommerce<= 1.2 Cross Site Scripting (XSS)	14.2	7.1	30/11/2024
Easy Post Duplicator<= 1.0.1 Cross Site Scripting (XSS)	14.2	7.1	30/11/2024
Interactive Geo Maps<= 1.6.24 Cross Site Scripting (XSS)	28.4	7.1	26/11/2024
WebinarPress<= 1.33.28 Open Redirection	9.4	4.7	10/03/2025
Ultimate WP Mail<= 1.3.10 Open Redirection	9.4	4.7	10/03/2025
WP Remote Thumbnail<= 1.3.2 Arbitrary File Upload	22.28	9.9	29/12/2024
WordPress 5sterrenspecialist Plugin<= 1.4 Cross Site Scripting (XSS)	14.2	7.1	04/10/2024
Easy Query – WP Query Builder<= 2.0.4 SQL Injection	N/A	7.6	28/03/2025
XV Random Quotes<= 2.0.0 Cross Site Scripting (XSS)	14.2	7.1	11/12/2024
Awesome Logos<= 1.2 Cross Site Scripting (XSS)	14.2	7.1	14/10/2024
Integration of Zoho CRM and Contact Form 7<= 1.0.7 Open Redirection	9.4	4.7	23/02/2025
Multiple Shipping And Billing Address For Woocommerce<= 1.5 PHP Object Injection	39.2	9.8	16/03/2025
The Ultimate WordPress Toolkit – WP Extended<= 3.0.14 Cross Site Scripting (XSS)	16.33	7.1	22/02/2025
Bit Form<= 2.18.0 Open Redirection	9.4	4.7	23/02/2025
Bit Integrations<= 2.4.10 Open Redirection	9.4	4.7	23/02/2025
AliNext<= 3.5.1 Open Redirection	9.4	4.7	28/02/2025
FunnelKit Automations<= 3.5.1 Open Redirection	9.4	4.7	23/02/2025
Scheduled & Automatic Order Status Controller for WooCommerce<= 3.7.1 Open Redirection	9.4	4.7	10/03/2025
Blue Captcha<= 1.7.4 Cross Site Scripting (XSS)	14.2	7.1	25/02/2025
Responsive Slider by MetaSlider<= 3.94.0 PHP Object Injection	58.8	9.8	23/12/2024
WP Sessions Time Monitoring Full Automatic<= 1.1.1 Cross Site Scripting (XSS)	14.2	7.1	10/01/2025
Import Excel to Gravity Forms<= 1.18 Cross Site Scripting (XSS)	14.2	7.1	30/11/2024
FundPress<= 2.0.6 PHP Object Injection	39.2	9.8	26/11/2024
WP Load Gallery<= 2.1.6 Arbitrary File Upload	13.65	9.1	29/12/2024
Muzaara Google Ads Report<= 3.1 PHP Object Injection	39.2	9.8	23/12/2024
wp-flickr-press<= 2.6.4 Cross Site Scripting (XSS)	14.2	7.1	15/12/2024
WordPress File Search<= 1.2 Cross Site Scripting (XSS)	14.2	7.1	12/12/2024
ImageMeta<= 1.1.2 Cross Site Scripting (XSS)	14.2	7.1	08/12/2024
Guten Free Options<= 0.9.7 Cross Site Scripting (XSS)	14.2	7.1	06/12/2024
URL Shortener \| Conversion Tracking \| AB Testing \| WooCommerce<= 9.0.2 Cross Site Scripting (XSS)	14.2	7.1	30/11/2024
Easy Code Placement<= 18.11 Cross Site Scripting (XSS)	14.2	7.1	30/11/2024
Easy Filter<= 1.10 Cross Site Scripting (XSS)	14.2	7.1	30/11/2024
Easy Bet<= 1.0.7 Cross Site Scripting (XSS)	14.2	7.1	30/11/2024
DN Sitemap Control<= 1.0.6 Cross Site Scripting (XSS)	14.2	7.1	31/10/2024
Data Dash<= 1.2.3 Cross Site Scripting (XSS)	14.2	7.1	31/10/2024
Custom Widget Creator<= 1.0.5 Cross Site Scripting (XSS)	14.2	7.1	31/10/2024
ComparePress<= 2.0.8 Cross Site Scripting (XSS)	14.2	7.1	31/10/2024
Form To Online Booking<= 1.0 Cross Site Scripting (XSS)	14.2	7.1	29/10/2024
Contact Form 7 – Paystack Add-on<= 1.2.3 Cross Site Scripting (XSS)	14.2	7.1	29/10/2024
CBX Accounting & Bookkeeping<= 1.3.14 Cross Site Scripting (XSS)	14.2	7.1	28/10/2024
Contact Form 7 – CCAvenue Add-on<= 1.0 Cross Site Scripting (XSS)	14.2	7.1	28/10/2024
Causes – Donation Plugin<= 1.0.01 Cross Site Scripting (XSS)	14.2	7.1	28/10/2024
Catch Duplicate Switcher<= 2.0 Cross Site Scripting (XSS)	14.2	7.1	28/10/2024
Captchelfie – Captcha by Selfie<= 1.0.7 Cross Site Scripting (XSS)	14.2	7.1	28/10/2024
Canalplan<= 5.31 Cross Site Scripting (XSS)	14.2	7.1	28/10/2024
Calendi<= 1.1.1 Cross Site Scripting (XSS)	14.2	7.1	28/10/2024
CAMOO SMS<= 3.0.1 Cross Site Scripting (XSS)	14.2	7.1	28/10/2024
Call To Action Popup<= 1.0.2 Cross Site Scripting (XSS)	14.2	7.1	28/10/2024
Blrt WP Embed<= 1.6.9 Cross Site Scripting (XSS)	14.2	7.1	20/10/2024
Awesome Twitter Feeds<= 1.0 Cross Site Scripting (XSS)	14.2	7.1	14/10/2024
AW WooCommerce Kode Pembayaran<= 1.1.4 Cross Site Scripting (XSS)	14.2	7.1	14/10/2024
Attach Gallery Posts<= 1.6 Cross Site Scripting (XSS)	14.2	7.1	13/10/2024
Author Showcase<= 1.4.3 Cross Site Scripting (XSS)	14.2	7.1	13/10/2024
AlT Report<= 1.12.0 Cross Site Scripting (XSS)	14.2	7.1	09/10/2024
Altima Lookbook Free for WooCommerce<= 1.1.0 Cross Site Scripting (XSS)	14.2	7.1	09/10/2024
Wishlist<= 1.0.39 Cross Site Scripting (XSS)	14.2	7.1	16/12/2024
Contact Form With Shortcode<= 4.2.5 Cross Site Scripting (XSS)	14.2	7.1	31/10/2024
WP BASE Booking<= 4.9.2 Cross Site Scripting (XSS)	14.2	7.1	16/12/2024
WP Post Corrector<= 1.0.2 Cross Site Scripting (XSS)	14.2	7.1	13/12/2024
WP Order By<= 1.4.2 Cross Site Scripting (XSS)	14.2	7.1	13/12/2024
GSheetConnector for Forminator Forms<= 1.0.12 Cross Site Scripting (XSS)	14.2	7.1	05/12/2024
Catalog Importer, Scraper & Crawler<= 5.1.3 Cross Site Scripting (XSS)	14.2	7.1	10/12/2024
WP Bulletin Board<= 1.1.4 Cross Site Scripting (XSS)	14.2	7.1	16/12/2024
World Cup Predictor<= 1.9.8 Cross Site Scripting (XSS)	14.2	7.1	16/12/2024
XML for Avito<= 2.5.2 Cross Site Scripting (XSS)	14.2	7.1	11/12/2024
MindValley Super PageMash<= 1.1 SQL Injection	N/A	7.6	23/12/2024
NC Wishlist for Woocommerce<= 1.0.1 SQL Injection	17	8.5	23/12/2024
Scanventory<= 1.1.3 Cross Site Scripting (XSS)	14.2	7.1	16/12/2024
Mailing Group Listserv<= 2.0.9 Cross Site Scripting (XSS)	14.2	7.1	14/12/2024

Report vulnerabilities to earn bounties and rewards!

Include pending