Browse all 3 CVE security advisories affecting NickDuncan. AI-powered Chinese analysis, POCs, and references for each vulnerability.
NickDuncan specializes in web application security research, focusing on identifying vulnerabilities in enterprise systems. Historically, their findings include Remote Code Execution (RCE), Cross-Site Scripting (XSS), and privilege escalation flaws, primarily affecting content management and e-commerce platforms. While no major public incidents are directly attributed to NickDuncan, their contributions to CVE records demonstrate consistent identification of critical flaws in widely-used software. Their work typically involves thorough analysis of authentication mechanisms and input validation processes, highlighting areas where improper implementation could lead to system compromise. The three CVEs associated with NickDuncan reflect a pattern of discovering vulnerabilities that, if unpatched, could allow attackers to execute arbitrary code or bypass security controls.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-52763 | WordPress Nifty Backups plugin <= 1.08 - Cross Site Scripting (XSS) vulnerability — Nifty BackupsCWE-79 | 7.1 | High | 2025-10-22 |
| CVE-2025-30935 | WordPress Contact Form plugin <= 2.0.12 - Cross Site Scripting (XSS) Vulnerability — Contact FormCWE-79 | 6.5 | Medium | 2025-06-06 |
| CVE-2023-44231 | WordPress Contact Form Plugin <= 2.0.10 is vulnerable to Cross Site Request Forgery (CSRF) — Contact FormCWE-352 | 4.3 | Medium | 2023-10-09 |
This page lists every published CVE security advisory associated with NickDuncan. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.