b3z.dev

b3z@terminal:~$ ./profile --summary

Thinnawarth Mathuros

Senior Cybersecurity Consultant | Security Researcher | Builder with engineering roots

Cybersecurity consultant with hands-on experience in SOC operations, penetration testing, vulnerability research, and secure system development. Background in full-stack engineering and DevOps helps bridge practical security work with delivery.

view CVE researchopen blog

current_role

Senior Cybersecurity Consultant

Secure D Center Co.,Ltd.

research

45 CVE records found

Latest publication: Dec 18, 2025

scroll

> ls skills/

Skills

Penetration Testing

01
Burp SuiteNmapSQLmapCymulateAkamai WAF

SOC & Monitoring

02
SecuronixAlienVaultCloudsekIncident ResponseThreat Hunting

Programming

03
GoJavaScriptSQLPythonBash

Infrastructure

04
DockerKubernetesRedisMySQLPostgreSQL

Frontend

05
ReactNext.js

Delivery

06
GitGitLabGitLab CI/CDSecure Coding

> ls projects/

Featured Work

Security Operations

Worked on SOC monitoring, alert analysis, response workflows, and visibility improvements for enterprise environments.

SOCThreat DetectionIncident Response

Security Automation

Built automation that reduced repetitive security operations work and improved operational consistency.

AutomationSecurity OperationsWorkflow

Pentesting and Assessment

Performed application, network, and infrastructure security assessments with remediation-focused reporting.

PentestReportingValidation

WordPress Vulnerability Research

Conducted vulnerability research and responsible disclosure work across WordPress plugins, with published CVE records and recognition from vulnerability programs.

ResearchDisclosureCVE

Cybersecurity Training

Delivered practical blue team and red team training focused on detection, response, and offensive testing exercises.

TrainingBlue TeamRed Team

Payment Platform Engineering

Built backend systems for payment-related workflows, automation, and operational support.

GoMySQLRedisKubernetes

> ./fetch-cves --source cve.org

CVE Research

unique_cves

45

merged from both public search terms

query_benzdeus

40

open source query

query_thinnawarth

5

open source query
CVE-2025-66078PatchstackCritical 9.1

Published Dec 18, 2025

WordPress Hotel Booking Lite plugin <= 5.2.3 - Remote Code Execution (RCE) vulnerability

Improper Control of Generation of Code ('Code Injection') vulnerability in jetmonsters Hotel Booking Lite motopress-hotel-booking-lite allows Remote Code Inclusion.This issue affects Hotel Booking Lite: from n/a through <= 5.2.3.

benzdeus
CVE-2025-66095PatchstackHigh 8.5

Published Nov 21, 2025

WordPress KiviCare plugin <= 3.6.13 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Iqonic Design KiviCare kivicare-clinic-management-system allows SQL Injection.This issue affects KiviCare: from n/a through <= 3.6.13.

benzdeus
CVE-2025-68550PatchstackHigh 7.6

Published Dec 23, 2025

WordPress WPBulky plugin <= 1.1.13 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in VillaTheme WPBulky wpbulky-wp-bulk-edit-post-types allows Blind SQL Injection.This issue affects WPBulky: from n/a through <= 1.1.13.

benzdeus
CVE-2026-24941PatchstackHigh 7.5

Published Feb 20, 2026

WordPress WP Job Portal plugin <= 2.4.4 - Broken Access Control vulnerability

Missing Authorization vulnerability in wpjobportal WP Job Portal wp-job-portal allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Job Portal: from n/a through <= 2.4.4.

benzdeus
CVE-2025-69401PatchstackHigh 7.5

Published Feb 20, 2026

WordPress WooODT Lite plugin <= 2.5.2 - Payment Bypass Vulnerability vulnerability

Authentication Bypass by Spoofing vulnerability in mdalabar WooODT Lite byconsole-woo-order-delivery-time allows Identity Spoofing.This issue affects WooODT Lite: from n/a through <= 2.5.2.

benzdeus
CVE-2025-68035PatchstackHigh 7.5

Published Jan 22, 2026

WordPress Tabby Checkout plugin <= 5.8.4 - Sensitive Data Exposure vulnerability

Insertion of Sensitive Information Into Sent Data vulnerability in tabbyai Tabby Checkout tabby-checkout allows Retrieve Embedded Sensitive Data.This issue affects Tabby Checkout: from n/a through <= 5.8.4.

benzdeus

Showing 6 of 45 CVE records

> cat contact.txt

Contact & Proof

> cat awards.txt

  • NCSA AI CTF 2026: achieved 2nd place.
  • Thailand Cyber Top Talent 2025: placed 9th out of 725 participants in the individual category.
  • Reached #7 on the Patchstack researcher leaderboard in October 2025, becoming the first Thai researcher in the Top 10.
  • Startup Thailand 2017: awarded 100,000 Baht in funding.

> cat education.txt

Bachelor of Science in Information TechnologyKhon Kaen University . 2014 - 2018Specialization: Computer Science
HCCDA-AI, HuaweiAdvanced Cybersecurity Specialist Program (2024), THNCA under NCSA ThailandThailand Cyber Top Talent 2025Akamai Web App & APIGolang Certification, KBTGCyber security classnest #2, KBTG