Alliance bounty program
About Alliance Leaderboard Vulnerability database WordPress security
Login

bugb hunter

0
0
0
0
Twitter Github Website
28 November, 2022
bugb hunter
Alliance XP
0
Contributions
55
Contributions 55
Achievements Soon

Report WordPress vulnerabilities, earn prizes and become an Alliance member!

Join Patchstack Alliance

Plugin

Super Testimonial Pro < 1.0.8 Auth. Stored CrossSite Scripting (XSS) vulnerability

4.8

15 November, 2022

Plugin

Testimonials <= 2.6 Auth. Stored CrossSite Scripting (XSS) vulnerability

4.8

15 November, 2022

Plugin

WP CSV Exporter <= 1.3.6 Auth. SQL Injection (SQLi) vulnerability

6.6

9 November, 2022

Plugin

Image Hover Effects Css3 <= 4.5 Auth. Stored CrossSite Scripting (XSS) vulnerability

5.9

3 November, 2022

Plugin

Salat Times <= 3.2.1 Auth. Stored CrossSite Scripting (XSS) vulnerability

4.8

2 November, 2022

Plugin

WP Contact Slider <= 2.4.7 Auth. Stored CrossSite Scripting (XSS) vulnerability

+0 AXP

4.8

10 October, 2022

Plugin

Social Media Follow Buttons Bar <= 4.73 Authenticated Stored CrossSite Scripting (XSS) vulnerability

4.8

27 September, 2022

Plugin

Comment Guestbook <= 0.8.0 Authenticated Stored CrossSite Scripting (XSS) vulnerability

4.8

26 September, 2022

Plugin

Meks Easy Social Share <= 1.2.7 Authenticated Stored CrossSite Scripting (XSS) vulnerability

4.8

26 September, 2022

Plugin

We’re Open! <= 1.41 Authenticated Stored CrossSite Scripting (XSS) vulnerability

4.8

20 September, 2022

Plugin

Top Bar <= 3.0.3 Authenticated Stored CrossSite Scripting (XSS) vulnerability

4.8

19 September, 2022

Plugin

Social Rocket <= 1.3.2 Authenticated Stored CrossSite Scripting (XSS) vulnerability

4.8

19 September, 2022

Plugin

Advanced Comment Form <= 1.2.0 Auth. Stored CrossSite Scripting (XSS) vulnerability

4.8

15 September, 2022

Plugin

Donation Thermometer <= 2.1.2 Authenticated Stored CrossSite Scripting (XSS) vulnerability

4.8

7 September, 2022

Plugin

Launcher: Coming Soon & Maintenance Mode <= 1.0.11 Authenticated Stored CrossSite Scripting (XSS) vulnerability

4.8

25 August, 2022

Plugin

Scroll To Top <= 1.4.0 Authenticated Stored CrossSite Scripting (XSS) vulnerability

4.8

23 August, 2022

Plugin

Float to Top Button <= 2.3.6 Authenticated Stored CrossSite Scripting (XSS) vulnerability

4.8

23 August, 2022

Plugin

Social Media Share Buttons | MashShare <= 3.8.4 Authenticated Stored CrossSite Scripting (XSS) vulnerability

3.4

16 June, 2022

Plugin

Ninja Forms <= 3.6.9 Authenticated Stored CrossSite Scripting (XSS) vulnerability

4.8

7 June, 2022

Plugin

Custom Share Buttons with Floating Sidebar <= 4.1 Authenticated Stored CrossSite Scripting (XSS) vulnerability

3.4

26 May, 2022

Plugin

underConstruction <= 1.20 Authenticated Stored CrossSite Scripting (XSS) vulnerability

4.8

26 May, 2022

Plugin

Export any WordPress data to XML/CSV <= 1.3.4 Authenticated SQL Injection (SQLi) vulnerability

6.6

20 May, 2022

Plugin

WP Subscribe <= 1.2.12 Authenticated Stored CrossSite Scripting (XSS) vulnerability

3.4

29 April, 2022

Plugin

Webba Booking <= 4.2.21 Authenticated Stored CrossSite Scripting (XSS) vulnerability

4.8

15 April, 2022

Plugin

WP Maintenance <= 6.0.7 Authenticated Stored CrossSite Scripting (XSS) vulnerability

3.4

15 April, 2022

Plugin

Chaty <= 2.8.3 Authenticated Stored CrossSite Scripting (XSS) vulnerability

4.8

8 April, 2022

Plugin

Ad Injection <= 1.2.0.19 Stored CrossSite Scripting (XSS) & RCE vulnerabilities

7.5

23 March, 2022

Plugin

Export All URLs <= 4.1 Reflected CrossSite Scripting (XSS) vulnerability

6.1

21 March, 2022

Plugin

Export All URLs <= 4.2 Private/Draft Post/Page Title Disclosure via CrossSite Request Forgery (CSRF) vulnerability

4.3

21 March, 2022

Plugin

MC4WP <= 4.8.6 Authenticated Stored CrossSite Scripting (XSS) vulnerability

4.8

2 March, 2022

Plugin

Social Media Feather <= 2.0.4 Authenticated Stored CrossSite Scripting (XSS) vulnerability

3.4

10 February, 2022

Plugin

Floating Social Media Icon <= 4.3.5 Authenticated Stored CrossSite Scripting (XSS) vulnerability

4.8

27 October, 2021

Plugin

Testimonial <= 1.5.9 Stored CrossSite Scripting (XSS) vulnerability

4.8

13 October, 2021

Plugin

Storefront Footer Text <= 1.0.1 Stored CrossSite Scripting (XSS) vulnerability

4.8

11 October, 2021

Plugin

Booking.com Banner Creator <= 1.4.2 Stored CrossSite Scripting (XSS) vulnerability

4.8

5 October, 2021

Plugin

Booking.com Product Helper <= 1.0.1 Stored CrossSite Scripting (XSS) vulnerability

4.8

5 October, 2021

Plugin

Google Language Translator <= 6.0.11 Stored CrossSite Scripting (XSS) vulnerability

4.8

5 October, 2021

Plugin

Coming Soon, Under Construction & Maintenance Mode By Dazzler <= 1.6.3 Stored CrossSite Scripting (XSS) vulnerability

4.8

4 October, 2021

Plugin

Video Gallery – Vimeo and YouTube Gallery <= 1.1.4 Stored CrossSite Scripting (XSS) vulnerability

4.8

21 September, 2021

Plugin

YITH Maintenance Mode <= 1.3.7 Authenticated Stored CrossSite Scripting (XSS) vulnerability

6.9

15 September, 2021

Plugin

Simple Social Media Share Buttons <= 3.2.3 Authenticated Stored CrossSite Scripting (XSS) vulnerability

6.9

13 September, 2021

Plugin

Coming soon and Maintenance mode <= 3.5.2 Authenticated Stored CrossSite Scripting (XSS) vulnerability

6.9

13 September, 2021

Plugin

Easy Accordion <= 2.0.21 Authenticated Stored CrossSite Scripting (XSS) vulnerability

6.9

10 September, 2021

Plugin

Appointment Hour Booking <= 1.3.15 Stored CrossSite Scripting (XSS) vulnerability

6.9

6 September, 2021

Plugin

Cookie Notice & Compliance for GDPR / CCPA <= 2.1.3 Stored CrossSite Scripting (XSS) vulnerability

6.9

30 August, 2021

Plugin

Icegram <= 2.0.2 Authenticated Stored CrossSite Scripting (XSS) vulnerability

4.8

17 August, 2021

Plugin

Daily Prayer Time <= 2021.08.07 Authenticated Stored CrossSite Scripting (XSS) vulnerability

4.8

10 August, 2021

Plugin

AddToAny Share Buttons <= 1.7.45 Authenticated Stored CrossSite Scripting (XSS) vulnerability

+0 AXP

4.8

9 August, 2021

Plugin

Site Reviews <= 5.13.0 Authenticated Stored CrossSite Scripting (XSS) vulnerability

+0 AXP

4.8

9 August, 2021

Plugin

Sitewide Notice WP <= 2.2 Authenticated Stored CrossSite Scripting (XSS) vulnerability

+0 AXP

4.8

2 August, 2021

Plugin

Business Hours Indicator <= 2.3.4 Authenticated Stored CrossSite Scripting (XSS) vulnerability

+0 AXP

4.8

2 August, 2021

Plugin

HD Quiz <= 1.8.3 Authenticated Stored CrossSite Scripting (XSS) vulnerability

+0 AXP

5.4

26 July, 2021

Plugin

Simple Banner <= 2.10.3 Authenticated Stored CrossSite Scripting (XSS) vulnerability

4.8

26 July, 2021

Plugin

GiveWP <= 2.11.3 Authenticated Stored CrossSite Scripting (XSS) vulnerability

4.8

26 July, 2021

Plugin

Export Users With Meta <= 0.6.4 Authenticated SQL Injection (SQLi) vulnerability

+0 AXP

5.4

21 June, 2021

Back to top

Solutions

WordPress security Vulnerability database Vulnerability API Bug bounty program Plugin auditing Active security programs NEW

WordPress security

Pricing & features For care plans For hosts For plugins NEW Documentation

Patchstack

About us Careers Media Kit Articles & insight Whitepaper 2022 NEW

Social

DPA Privacy Policy Terms & Conditions © 2023 Patchstack

Solutions

WordPress security Vulnerability database Vulnerability API Bug bounty program Plugin auditing Active security programs NEW

WordPress security

Pricing & features For care plans For hosts For plugins NEW Documentation

Patchstack

About us Careers Media Kit Articles & insight Whitepaper 2022 NEW

Social

Let us know if we have missed a vulnerability reported elsewhere

Report arrow right Close

Thank you for contributing!

Successfully submit vulnerabilities and receive an invite to our Alliance platform.

Learn more arrow right Close