johska

5,794.52

XP

298

Reports

122

Reports, last 90 days

#2

1 Apr, 2026

🇦🇹

Lvl 8

Website

GitHub

Exploited

Affected software \| Vulnerability	AXP	Severity	Reported
Five Star Restaurant Reservations<= 2.7.9 Broken Access Control	14.95	6.5	05/01/2026
File Uploader for WooCommerce<= 1.0.4 Path Traversal	15	7.5	31/12/2025
KiviCare<= 3.6.16 Cross Site Scripting (XSS)	16.33	7.1	20/01/2026
RSFirewall!<= 1.1.45 Cross Site Scripting (XSS)	14.2	7.1	10/01/2026
WP Telegram Widget and Join Link<= 2.2.13 Cross Site Scripting (XSS)	32.66	7.1	10/01/2026
VikRestaurants<= 1.5.2 Cross Site Scripting (XSS)	32.66	7.1	04/01/2026
Contact Manager<= 9.1 Cross Site Scripting (XSS)	7.1	7.1	22/01/2026
WpEvently<= 5.1.4 Cross Site Scripting (XSS)	32.66	7.1	16/01/2026
Bit SMTP<= 1.2.2 Broken Authentication	62.1	9	23/01/2026
Print Invoice & Delivery Notes for WooCommerce<= 5.9.0 Broken Access Control	30	7.5	27/12/2025
Automated FedEx live/manual rates with shipping labels<= 5.1.8 Broken Access Control	14.6	7.3	19/12/2025
Icon List Block<= 1.2.3 Cross Site Scripting (XSS)	11.21	6.5	16/01/2026
Passster<= 4.2.25 Broken Access Control	11.21	6.5	13/01/2026
PublishPress Authors<= 4.10.1 Broken Access Control	7.42	4.3	07/01/2026
Modula Image Gallery<= 2.13.4 Cross Site Scripting (XSS)	27.14	5.9	05/01/2026
Quiz And Survey Master<= 10.3.4 Insecure Direct Object References (IDOR)	48.76	5.3	02/01/2026
Gallery PhotoBlocks<= 1.3.2 Cross Site Scripting (XSS)	11.21	6.5	27/12/2025
ABG Rich Pins<= 1.1 Cross Site Scripting (XSS)	4.88	6.5	23/12/2025
Advanced iFrame<= 2025.10 Cross Site Scripting (XSS)	14.63	6.5	20/12/2025
RIS Version Switcher – Downgrade or Upgrade WP Versions Easily<= 1.0 Cross Site Request Forgery (CSRF)	1.63	6.5	08/07/2025
Yahoo! WebPlayer<= 2.0.6 Cross Site Scripting (XSS)	7.1	7.1	22/05/2025
re.place<= 0.2.1 Cross Site Request Forgery (CSRF)	1.78	7.1	22/05/2025
Track Everything<= 2.0.1 Cross Site Request Forgery (CSRF)	1.78	7.1	27/05/2025
RSS Digest<= 1.5 Cross Site Request Forgery (CSRF)	1.78	7.1	22/05/2025
Społecznościowa 6 PL 2013<= 2.0.6 Cross Site Request Forgery (CSRF)	1.78	7.1	22/05/2025
WP2LEADS<= 3.5.0 Cross Site Scripting (XSS)	16.33	7.1	16/05/2025
BP Profile as Homepage<= 1.1 Cross Site Request Forgery (CSRF)	3.55	7.1	23/04/2025
Affiliates Manager Google reCAPTCHA Integration<= 1.0.6 Cross Site Request Forgery (CSRF)	2.66	7.1	09/05/2025
Aptivada for WP<= 2.0.0 Cross Site Scripting (XSS)	N/A	6.5	15/04/2025
ShayanWeb Admin FontChanger<= 1.9.1 Cross Site Request Forgery (CSRF)	3.55	7.1	11/04/2025
WP2LEADS<= 3.5.0 Cross Site Request Forgery (CSRF)	4.08	7.1	19/04/2025
Supertext Translation and Proofreading<= 4.26 Cross Site Request Forgery (CSRF)	3.55	7.1	31/03/2025
Martins Free Monetized Ad Exchange Network<= 1.0.6 Cross Site Request Forgery (CSRF)	3.55	7.1	03/04/2025
WP DPE-GES<= 1.6 Cross Site Scripting (XSS)	4.88	6.5	24/04/2025
ELI's Related Posts Footer Links and Widget<= 1.2.04.20 Cross Site Request Forgery (CSRF)	3.55	7.1	07/04/2025
IGIT Related Posts With Thumb Image After Posts<= 4.5.3 Cross Site Scripting (XSS)	6.5	6.5	07/04/2025
EC Authorize.net<= 0.3.3 Cross Site Scripting (XSS)	14.2	7.1	16/04/2025
Author Box Plugin With Different Description<= 1.3.5 Cross Site Request Forgery (CSRF)	N/A	4.3	21/04/2025
Best Posts Summary<= 1.0 Cross Site Request Forgery (CSRF)	3.55	7.1	21/04/2025
CheckBot<= 1.05 Cross Site Request Forgery (CSRF)	3.55	7.1	18/04/2025
WP Vegas<= 2.2 Cross Site Scripting (XSS)	4.88	6.5	18/04/2025
Enhanced Paypal Shortcodes<= 0.5a Cross Site Scripting (XSS)	N/A	6.5	15/04/2025
My Custom Widgets<= 2.0.5 Cross Site Scripting (XSS)	14.2	7.1	07/04/2025
360 View<= 1.1.0 Cross Site Scripting (XSS)	4.88	6.5	16/04/2025
Peekaboo<= 1.1 Cross Site Scripting (XSS)	4.88	6.5	16/04/2025
Mixcloud Embed<= 2.2.0 Cross Site Scripting (XSS)	4.88	6.5	16/04/2025
Mini twitter feed<= 3.0 Cross Site Scripting (XSS)	4.88	6.5	16/04/2025
Multi-Column Taxonomy List<= 1.5 Cross Site Scripting (XSS)	4.88	6.5	16/04/2025
Peadig’s Google +1 Button<= 0.1.2 Cross Site Scripting (XSS)	N/A	6.5	16/04/2025
BBCode Deluxe<= 2020.08.01.2 Cross Site Scripting (XSS)	N/A	6.5	15/04/2025
Able Player<= 1.2.1 Cross Site Scripting (XSS)	N/A	6.5	15/04/2025
WP Custom Post Popup<= 1.0.1 Cross Site Scripting (XSS)	N/A	6.5	15/04/2025
RAphicon<= 2.1.2 Cross Site Scripting (XSS)	N/A	6.5	15/04/2025
RRSSB<= 1.0.1 Cross Site Scripting (XSS)	N/A	6.5	15/04/2025
Wp Custom CMS Block<= 2.1 Cross Site Request Forgery (CSRF)	3.55	7.1	15/04/2025
Zoho Creator Forms<= 1.0.5 Cross Site Scripting (XSS)	N/A	6.5	15/04/2025
WoWHead Tooltips<= 2.0.1 Cross Site Scripting (XSS)	N/A	7.1	15/04/2025
External Markdown<= 0.0.1 Cross Site Scripting (XSS)	N/A	6.5	15/04/2025
GTDB Guitar Tuners<= 4.2.2 Cross Site Scripting (XSS)	N/A	6.5	15/04/2025
Xpert Tab<= 1.3 Cross Site Scripting (XSS)	N/A	6.5	15/04/2025
GNA Search Shortcode<= 0.9.5 Cross Site Scripting (XSS)	N/A	6.5	15/04/2025
Inline Text Popup<= 1.0.0 Cross Site Scripting (XSS)	N/A	6.5	14/04/2025
Carousel-of-post-images<= 1.07 Cross Site Scripting (XSS)	N/A	6.5	14/04/2025
Image Style Hover<= 1.0.6 Cross Site Scripting (XSS)	N/A	6.5	14/04/2025
Tooltip<= 1.0.1 Cross Site Scripting (XSS)	N/A	6.5	11/04/2025
Hacklog Remote Attachment<= 1.3.2 Cross Site Request Forgery (CSRF)	3.55	7.1	11/04/2025
Availability Calendar<= 0.2.4 Cross Site Request Forgery (CSRF)	3.55	7.1	11/04/2025
WP Filter Post Category<= 2.1.4 Cross Site Request Forgery (CSRF)	3.55	7.1	07/04/2025
Tabs<= 4.0.3 Cross Site Request Forgery (CSRF)	3.55	7.1	07/04/2025
Related Posts via Taxonomies<= 1.0.1 Cross Site Request Forgery (CSRF)	3.55	7.1	07/04/2025
Twitter Card Generator<= 1.0.5 Cross Site Request Forgery (CSRF)	N/A	7.1	07/04/2025
Milat jQuery Automatic Popup<= 1.3.1 Cross Site Request Forgery (CSRF)	3.55	7.1	04/04/2025
Custom Functions Plugin<= 1.1 Cross Site Request Forgery (CSRF)	3.55	7.1	04/04/2025
Contact Form 7 Calendar<= 3.0.1 Cross Site Request Forgery (CSRF)	3.55	7.1	04/04/2025
Advanced lazy load<= 1.6.0 Cross Site Request Forgery (CSRF)	3.55	7.1	04/04/2025
WpZon – Amazon Affiliate Plugin<= 1.3 Cross Site Request Forgery (CSRF)	3.55	7.1	04/04/2025
Vasaio QR Code<= 1.2.5 Cross Site Request Forgery (CSRF)	3.55	7.1	04/04/2025
LSD Custom taxonomy and category meta<= 1.3.2 Cross Site Request Forgery (CSRF)	3.55	7.1	03/04/2025
PayPal Express Checkout<= 2.1.2 Cross Site Request Forgery (CSRF)	3.55	7.1	03/04/2025
Navegg Analytics<= 3.3.3 Cross Site Request Forgery (CSRF)	3.55	7.1	03/04/2025
Drop Caps<= 2.1 Cross Site Request Forgery (CSRF)	3.25	6.5	03/04/2025
Call Now PHT Blog<= 2.4.1 Cross Site Request Forgery (CSRF)	3.55	7.1	03/04/2025
spam-stopper<= 3.1.3 Cross Site Request Forgery (CSRF)	3.55	7.1	04/04/2025
Social Media Links<= 1.0.3 Cross Site Request Forgery (CSRF)	3.55	7.1	04/04/2025
translit it!<= 1.6 Cross Site Request Forgery (CSRF)	3.55	7.1	04/04/2025
Redirect wordpress to welcome or landing page<= 2.0 Cross Site Request Forgery (CSRF)	3.55	7.1	04/04/2025
RSS Manager<= 0.06 Cross Site Request Forgery (CSRF)	3.55	7.1	04/04/2025
Revision Diet<= 1.0.1 Cross Site Request Forgery (CSRF)	3.55	7.1	04/04/2025
I Draw<= 1.0 Arbitrary File Upload	N/A	9.1	01/04/2025
WP Twitter Button<= 1.4.1 Cross Site Request Forgery (CSRF)	3.55	7.1	04/04/2025
WP Sticky Side Buttons<= 2.1 Cross Site Request Forgery (CSRF)	3.55	7.1	04/04/2025
WP Social Bookmarking<= 3.6 Cross Site Request Forgery (CSRF)	3.55	7.1	04/04/2025
Add to Header<= 1.0 Cross Site Request Forgery (CSRF)	3.55	7.1	04/04/2025
Simple Maps<= 0.98 Cross Site Request Forgery (CSRF)	3.55	7.1	03/04/2025
mLanguage<= 1.6.1 Cross Site Request Forgery (CSRF)	3.55	7.1	03/04/2025
Amazon Showcase WordPress Plugin<= 2.2 Cross Site Request Forgery (CSRF)	3.55	7.1	03/04/2025
bbPress2 shortcode whitelist<= 2.2.1 Cross Site Request Forgery (CSRF)	3.55	7.1	03/04/2025
Bknewsticker<= 1.0.5 Cross Site Request Forgery (CSRF)	3.55	7.1	03/04/2025
My Marginalia<= 1.0.6 Cross Site Request Forgery (CSRF)	3.55	7.1	03/04/2025
Broken Links Remover<= 1.2.2 Cross Site Request Forgery (CSRF)	3.55	7.1	03/04/2025

Report vulnerabilities to earn bounties and rewards!

Include pending