Phat RiO - BlueRock

5406.06

XP

257

Reports

63

Reports, last 90 days

#6

17 Dec, 2025

Lvl 7

Website

GitHub

Exploited

Affected software \| Vulnerability	AXP	Severity	Reported
Image Caption Hover Pro< 20.0 Broken Access Control	N/A	5.4	No date
Sober<= 3.5.11 Sensitive Data Exposure	10.6	5.3	No date
User Extra Fields<= 16.8 Broken Access Control	10.6	5.3	No date
xPromoter<= 1.3.4 SQL Injection	N/A	8.5	No date
CountDown With Image or Video Background<= 1.5 SQL Injection	N/A	8.5	No date
Accordion Slider PRO<= 1.2 SQL Injection	N/A	8.5	No date
Directory Pro<= 2.5.6 Broken Access Control	4.3	4.3	No date
WP Webhooks<= 3.3.8 Arbitrary File Upload	54	9	Nov 8, 2025
Buttoner for Elementor<= 1.0.6 Settings Change	N/A	5.4	No date
Reformer for Elementor<= 1.0.6 Broken Access Control	N/A	5.4	No date
Modalier for Elementor<= 1.0.6 Broken Access Control	N/A	5.4	No date
Huger for Elementor<= 1.1.5 Broken Access Control	N/A	5.4	No date
Lottier<= 1.1.1 Broken Access Control	N/A	5.4	No date
Lottier for Elementor<= 1.0.9 Broken Access Control	N/A	5.4	No date
Lottier for WPBakery<= 1.1.7 Broken Access Control	N/A	5.4	No date
Laser<= 1.1.1 Broken Access Control	N/A	5.4	No date
Masker for Elementor<= 1.1.4 Broken Access Control	N/A	5.4	No date
Spoter for Elementor<= 1.04 Broken Access Control	N/A	5.4	No date
Grider for Elementor<= 1.0.8 Broken Access Control	N/A	5.4	No date
Coder for Elementor<= 1.0.13 Broken Access Control	N/A	5.4	No date
Page View Count<= 2.8.7 Settings Change	5.4	5.4	No date
Custom Field Template<= 2.7.5 Sensitive Data Exposure	8.6	4.3	No date
Contact Form by BestWebSoft<= 4.3.5 Broken Access Control	8.6	4.3	No date
WooCommerce PDF Invoices & Packing Slips<= 4.9.1 Broken Access Control	16.13	4.3	No date
WP Webhooks<= 3.3.8 PHP Object Injection	N/A	7.2	No date
Polylang<= 3.7.3 Deserialization of untrusted data	212.52	8.8	No date
Advanced Coupons for WooCommerce Coupons<= 4.6.8 SQL Injection	45.6	7.6	No date
TranslatePress<= 2.10.2 Deserialization of untrusted data	194.4	8.1	Aug 25, 2025
TF Woo Product Grid Addon For Elementor<= 1.0.1 Deserialization of untrusted data	39.2	9.8	Apr 23, 2025
Perfect Brands for WooCommerce<= 3.6.2 SQL Injection	38.25	8.5	Aug 19, 2025
Dokan<= 4.1.3 Privilege Escalation	16.2	7.2	Aug 21, 2025
Quiz And Survey Master<= 10.2.5 PHP Object Injection	78.4	9.8	Jul 15, 2025
Drag and Drop File Upload for Elementor Forms<= 1.5.3 Arbitrary File Upload	45	10	Jul 22, 2025
PDF for Gravity Forms + Drag And Drop Template Builder<= 6.3.0 PHP Object Injection	7.5	7.5	Jul 24, 2025
PDF for Contact Form 7<= 6.3.4 Deserialization of untrusted data	8.8	8.8	Jul 24, 2025
PDF for WPForms<= 6.3.1 Deserialization of untrusted data	13.2	8.8	Jul 24, 2025
PDF Invoice Builder for WooCommerce<= 6.3.2 Deserialization of untrusted data	8.8	8.8	Jul 24, 2025
PDF for Elementor Forms + Drag And Drop Template Builder<= 6.3.1 PHP Object Injection	17.6	8.8	Jul 23, 2025
Ovatheme Events<= 1.2.8 Local File Inclusion	16.2	8.1	May 2, 2025
Filr<= 1.2.10 Arbitrary File Deletion	69.3	7.7	Jul 18, 2025
Quiz And Survey Master<= 10.2.4 SQL Injection	25.5	8.5	Jul 16, 2025
WP Gravity Forms FreshDesk Plugin<= 1.3.5 Deserialization of untrusted data	19.6	9.8	Jul 10, 2025
WP Gravity Forms Insightly<= 1.1.6 Deserialization of untrusted data	19.6	9.8	Jul 10, 2025
WP Gravity Forms Keap/Infusionsoft<= 1.2.3 Deserialization of untrusted data	19.6	9.8	Jul 9, 2025
WP Gravity Forms Zoho CRM and Bigin<= 1.2.9 Deserialization of untrusted data	29.4	9.8	Jul 9, 2025
WP Gravity Forms Constant Contact Plugin<= 1.1.2 Deserialization of untrusted data	29.4	9.8	Jul 9, 2025
WP Gravity Forms HubSpot<= 1.2.6 Deserialization of untrusted data	29.4	9.8	Jul 9, 2025
Connector for Gravity Forms and Google Sheets<= 1.2.6 PHP Object Injection	39.2	9.8	Jul 9, 2025
WP Gravity Forms Salesforce<= 1.5.1 PHP Object Injection	39.2	9.8	Jul 9, 2025
Easy Form Builder<= 3.8.15 SQL Injection	37.2	9.3	Jun 19, 2025
Form Block<= 1.5.5 Arbitrary File Upload	108	9	Jul 8, 2025
Cube Portfolio<= 1.16.8 SQL Injection	17	8.5	May 8, 2025
Simple File List<= 6.1.14 Arbitrary File Download	45	7.5	Jun 18, 2025
Wholesale Suite<= 2.2.4.2 Privilege Escalation	9.32	7.2	Jun 23, 2025
ReachShip WooCommerce Multi-Carrier & Conditional Shipping<= 4.3.1 Arbitrary File Upload	N/A	9.9	Apr 18, 2025
Allmart<= 1.0.0 Server Side Request Forgery (SSRF)	N/A	7.2	Apr 25, 2025
Everest Forms - Frontend Listing<= 1.0.5 PHP Object Injection	39.2	9.8	Jun 2, 2025
Elessi< 6.4.1 Local File Inclusion	15	7.5	May 2, 2025
SureForms<= 1.7.3 Arbitrary File Deletion	N/A	8.1	No date
WooCommerce Product Multi-Action<= 1.3 Deserialization of untrusted data	N/A	9.8	Apr 23, 2025
Kossy - Minimalist eCommerce WordPress Theme<= 1.45 Local File Inclusion	16.2	8.1	May 12, 2025
Domnoo<= 1.49 Local File Inclusion	16.2	8.1	May 13, 2025
PrintXtore< 1.7.7 Local File Inclusion	48.6	8.1	Apr 27, 2025
Puca<= 2.6.33 Local File Inclusion	48.6	8.1	Apr 30, 2025
Sofass<= 1.3.4 Local File Inclusion	48.6	8.1	Apr 25, 2025
Zenny<= 1.7.5 Local File Inclusion	48.6	8.1	Apr 25, 2025
WPKit For Elementor<= 1.1.0 Privilege Escalation	58.8	9.8	Apr 20, 2025
Diza<= 1.3.8 Local File Inclusion	48.6	8.1	Apr 30, 2025
Aora<= 1.3.9 Local File Inclusion	48.6	8.1	Apr 30, 2025
Hara<= 1.2.10 Local File Inclusion	48.6	8.1	Apr 30, 2025
Maia<= 1.1.15 Local File Inclusion	48.6	8.1	Apr 30, 2025
Zota<= 1.3.8 Local File Inclusion	48.6	8.1	Apr 30, 2025
Sapa<= 1.1.14 Local File Inclusion	48.6	8.1	Apr 30, 2025
Ruza<= 1.0.7 Local File Inclusion	48.6	8.1	Apr 30, 2025
Nika<= 1.2.8 Local File Inclusion	48.6	8.1	Apr 30, 2025
Lasa<= 1.1 Local File Inclusion	48.6	8.1	Apr 30, 2025
Besa<= 2.3.8 Local File Inclusion	48.6	8.1	Apr 30, 2025
Fana<= 1.1.28 Local File Inclusion	48.6	8.1	Apr 30, 2025
Reformer for Elementor<= 1.0.5 Arbitrary File Upload	N/A	10	Apr 23, 2025
Flozen< 1.5.1 Arbitrary File Upload	20	10	May 2, 2025
Themify Edmin<= 2.0.0 PHP Object Injection	N/A	8.8	Apr 6, 2025
GiftXtore<= 1.7.5 Local File Inclusion	48.6	8.1	Apr 28, 2025
Fitrush<= 1.3.4 Local File Inclusion	48.6	8.1	Apr 28, 2025
CraftXtore<= 1.7 Local File Inclusion	48.6	8.1	Apr 28, 2025
Petito<= 1.6.4 Local File Inclusion	48.6	8.1	Apr 28, 2025
Civi Framework<= 2.1.6 Cross Site Request Forgery (CSRF)	3.55	7.1	Jun 1, 2025
BRW<= 1.8.6 Cross Site Scripting (XSS)	4.88	6.5	May 4, 2025
BRW<= 1.8.6 Local File Inclusion	11.25	7.5	May 4, 2025
Nasa Core< 6.4.1 Cross Site Scripting (XSS)	4.88	6.5	May 4, 2025
Simple Business Directory Pro< 15.6.9 Privilege Escalation	58.8	9.8	Apr 11, 2025
DZS Video Gallery<= 12.25 PHP Object Injection	17.6	8.8	Apr 13, 2025
ELEX WordPress HelpDesk & Customer Ticketing System<= 3.2.9 Arbitrary File Upload	29.7	9.9	Mar 27, 2025
Message Filter for Contact Form 7<= 1.6.3.2 SQL Injection	N/A	7.6	Jan 22, 2025
Team Members Plugin<= 3.4.4 PHP Object Injection	13.2	8.8	Mar 7, 2025
uListing<= 2.2.0 Deserialization of untrusted data	17.6	8.8	Feb 25, 2025
Split Test For Elementor<= 1.8.3 SQL Injection	7.6	7.6	Jan 20, 2025
uListing<= 2.2.0 SQL Injection	N/A	7.6	Jan 26, 2025
Easy Contact<= 0.1.2 Cross Site Scripting (XSS)	14.2	7.1	Jan 23, 2025
BookingPress<= 1.1.28 SQL Injection	N/A	7.6	Jan 26, 2025
Vitepos<= 3.1.4 Broken Authentication	26.4	8.8	Feb 1, 2025

Report vulnerabilities to earn bounties and rewards!

Include pending