0xd4rk5id3

Say thanks

3777.37

XP

288

Reports

19

Reports, last 90 days

#18

22 Dec, 2025

Lvl 6

Website

GitHub

Exploited

Affected software \| Vulnerability	AXP	Severity	Reported
Eupago Gateway For Woocommerce<= 4.6.3 Broken Access Control	10.6	5.3	No date
PopupKit<= 2.1.5 SQL Injection	34	8.5	Oct 22, 2025
GoDAM<= 1.4.6 Broken Access Control	N/A	5.3	No date
WordPress Contact Form 7 PDF, Google Sheet & Database<= 3.0.0 Arbitrary File Upload	22.28	9.9	Sep 28, 2025
SUMO Memberships for WooCommerce< 7.8.0 Cross Site Request Forgery (CSRF)	N/A	7.1	No date
Education WordPress Theme \| HiStudy< 3.1.0 SQL Injection	37.2	9.3	Sep 15, 2025
WooCommerce Vehicle Parts Finder<= 3.7 Cross Site Scripting (XSS)	24.5	7.1	Aug 31, 2025
Taskbot<= 6.4 Arbitrary File Deletion	11.55	7.7	Aug 31, 2025
Norebro Extra<= 1.6.8 Content Injection	10.6	5.3	No date
Workreap (theme's plugin)<= 3.3.5 Arbitrary File Deletion	23.1	7.7	Aug 27, 2025
Cozy Blocks<= 2.1.29 Content Injection	21.2	5.3	Aug 27, 2025
MasterStudy LMS<= 3.6.15 Broken Access Control	13	6.5	Jul 30, 2025
Miraculous Core Plugin< 2.0.9 Insecure Direct Object References (IDOR)	14.7	9.8	Jul 21, 2025
SUMO Memberships for WooCommerce< 7.8.0 Arbitrary Content Deletion	6.5	6.5	Jul 28, 2025
WooTour<= 3.6.3 Cross Site Scripting (XSS)	14.2	7.1	Jul 28, 2025
WooCommerce csv import export<= 2.0.6 Arbitrary File Deletion	17.33	7.7	Jul 16, 2025
Super Store Finder<= 7.6 Cross Site Scripting (XSS)	16.33	7.1	Jun 15, 2025
Miraculous Core Plugin<= 2.0.7 Privilege Escalation	44.1	9.8	Jul 21, 2025
SUMO Memberships for WooCommerce<= 7.8.0 Privilege Escalation	19.8	8.8	Jul 22, 2025
tPlayer<= 1.2.1.6 SQL Injection	37.2	9.3	Jul 16, 2025
Findgo<= 1.3.57 Cross Site Request Forgery (CSRF)	3.3	8.8	Jul 29, 2025
Real Estate Manager Pro<= 12.7.3 Cross Site Scripting (XSS)	14.2	7.1	Jun 15, 2025
PressForward<= 5.9.4 Server Side Request Forgery (SSRF)	3.2	6.4	May 5, 2025
Advanced Google Universal Analytics<= 1.0.3 Broken Access Control	6.5	6.5	Apr 24, 2025
Universal Video Player - Addon for WPBakery Page Builder<= 3.2.1 Cross Site Scripting (XSS)	10.65	7.1	Jun 5, 2025
Responsive HTML5 Audio Player PRO With Playlist<= 3.5.8 Cross Site Scripting (XSS)	14.2	7.1	Jun 7, 2025
Youtube Vimeo Video Player and Slider WP Plugin<= 3.8 Cross Site Scripting (XSS)	7.1	7.1	Jun 8, 2025
DB Backup<= 6.0 Broken Access Control	3.25	6.5	May 21, 2025
Custom User Registration Fields for WooCommerce<= 2.1.2 Arbitrary File Upload	60	10	Jun 14, 2025
gAppointments<= 1.14.1 Cross Site Scripting (XSS)	14.2	7.1	Jun 11, 2025
Helpdesk Support Ticket System for WooCommerce<= 2.1.0 Arbitrary File Upload	30	10	Jun 11, 2025
Medical Prescription Attachment Plugin for WooCommerce<= 1.2.3 Arbitrary File Upload	30	10	Jun 4, 2025
WooCommerce Registration Fields Plugin - Custom Signup Fields<= 3.2.3 Cross Site Scripting (XSS)	14.2	7.1	Jun 8, 2025
WooCommerce Registration Fields Plugin - Custom Signup Fields<= 3.2.3 Privilege Escalation	26.4	8.8	Jun 8, 2025
Auto Login After Registration<= 1.0.0 Cross Site Scripting (XSS)	7.1	7.1	Jun 8, 2025
Easy Video Player Wordpress & WooCommerce<= 10.0 Arbitrary File Download	33.75	7.5	Jun 5, 2025
Paytiko for WooCommerce<= 1.3.21 Broken Access Control	3.25	6.5	May 20, 2025
Easy Stripe<= 1.1 Remote Code Execution (RCE)	20	10	May 3, 2025
Masteriyo LMS PRO<= 2.20.0 Privilege Escalation	29.4	9.8	Jun 11, 2025
Aviation Weather from NOAA<= 0.7.2 Arbitrary File Deletion	23.1	7.7	Apr 27, 2025
File Manager Plugin For Wordpress<= 7.5 Arbitrary File Upload	N/A	9.1	May 25, 2025
Frontend Admin by DynamiApps<= 3.28.7 Arbitrary File Download	5.1	6.8	May 21, 2025
Drop Uploader for CF7 - Drag&Drop File Uploader Addon<= 2.4.1 Arbitrary File Upload	40	10	May 25, 2025
Mobile DJ Manager<= 1.7.6.3 Privilege Escalation	13.2	8.8	May 17, 2025
Download Counter<= 1.4 Arbitrary File Download	7.5	7.5	May 23, 2025
Real Estate Manager<= 7.3 Cross Site Request Forgery (CSRF)	3.3	8.8	May 20, 2025
WP Media File Type Manager<= 2.3.0 Cross Site Request Forgery (CSRF)	N/A	4.3	Apr 30, 2025
Subscription Renewal Reminders for WooCommerce<= 1.4.1 Cross Site Request Forgery (CSRF)	N/A	4.3	May 1, 2025
onOffice for WP-Websites<= 6.5.1 Broken Access Control	5.4	5.4	Apr 27, 2025
WP-Recall<= 16.26.14 Cross Site Request Forgery (CSRF)	4.73	6.3	May 4, 2025
WooCommerce Orders & Customers Exporter<= 5.0 Sensitive Data Exposure	3.75	7.5	May 29, 2025
Projectopia<= 5.1.17 Broken Access Control	6.5	6.5	Apr 30, 2025
Dot html,php,xml etc pages<= 1.0 Cross Site Scripting (XSS)	14.2	7.1	Feb 26, 2025
Drag and Drop File Upload for Elementor Forms<= 1.4.3 Arbitrary File Deletion	51.6	8.6	Apr 24, 2025
Contact Form Widget<= 1.4.6 Cross Site Request Forgery (CSRF)	3.7	7.4	Apr 9, 2025
MemberPress< 1.12.0 Cross Site Scripting (XSS)	14.2	7.1	Jan 11, 2025
BruteGuard – Brute Force Login Protection<= 0.1.4 Cross Site Scripting (XSS)	14.2	7.1	Jan 5, 2025
Spice Blocks<= 2.0.7.5 Broken Access Control	15	7.5	Mar 11, 2025
Dashi<= 3.1.8 Broken Access Control	N/A	5.8	Mar 7, 2025
CRM Perks<= 1.1.7 Cross Site Scripting (XSS)	14.2	7.1	Feb 25, 2025
WooMS<= 9.12 Cross Site Scripting (XSS)	14.2	7.1	Jan 8, 2025
Import from YML<= 3.1.17 Cross Site Scripting (XSS)	14.2	7.1	Dec 7, 2024
Verowa Connect<= 3.0.4 Cross Site Scripting (XSS)	14.2	7.1	Jan 19, 2025
Movylo Marketing Automation<= 2.0.7 Cross Site Scripting (XSS)	14.2	7.1	Jan 18, 2025
All push notification for WP<= 1.5.3 Cross Site Request Forgery (CSRF)	3.55	7.1	Dec 5, 2024
WooCommerce Products without featured images<= 0.1 Cross Site Request Forgery (CSRF)	3.55	7.1	Dec 5, 2024
OTP-less one tap Sign in<= 2.0.58 Cross Site Scripting (XSS)	14.2	7.1	Jan 23, 2025
MemberPress Discord Addon<= 1.1.1 Cross Site Scripting (XSS)	14.2	7.1	Jan 11, 2025
Wireless Butler<= 1.0.11 Cross Site Scripting (XSS)	N/A	7.1	Nov 27, 2024
GB Gallery Slideshow<= 1.3 Cross Site Scripting (XSS)	14.2	7.1	Feb 15, 2025
Clinked Client Portal<= 1.10 Cross Site Scripting (XSS)	14.2	7.1	Jan 21, 2025
Credova_Financial<= 2.4.8 Cross Site Scripting (XSS)	14.2	7.1	Dec 29, 2024
Product Excel Import Export & Bulk Edit for WooCommerce<= 4.7 Cross Site Scripting (XSS)	14.2	7.1	Mar 5, 2025
SERPed.net<= 4.6 Cross Site Scripting (XSS)	14.2	7.1	Feb 16, 2025
Arconix FAQ<= 1.9.5 Cross Site Scripting (XSS)	14.2	7.1	Nov 29, 2024
Wallet System for WooCommerce<= 2.6.8 Cross Site Scripting (XSS)	14.2	7.1	Nov 29, 2024
License For Envato<= 1.0.0 Cross Site Scripting (XSS)	14.2	7.1	Dec 17, 2024
Linet ERP-Woocommerce Integration<= 3.5.12 Arbitrary File Deletion	N/A	5.9	Mar 27, 2025
Cart66 Cloud<= 2.3.7 Cross Site Scripting (XSS)	14.2	7.1	Feb 18, 2025
AWSA Shipping<= 1.3.0 Cross Site Scripting (XSS)	14.2	7.1	Jan 10, 2025
Spark GF Failed Submissions<= 1.3.5 Cross Site Scripting (XSS)	14.2	7.1	Feb 28, 2025
MSRP (RRP) Pricing for WooCommerce<= 1.8.1 Cross Site Scripting (XSS)	14.2	7.1	Dec 10, 2024
Ultra Demo Importer<= 1.0.5 Cross Site Request Forgery (CSRF)	4.8	9.6	Mar 31, 2025
Tournamatch<= 4.7.0 Cross Site Scripting (XSS)	14.2	7.1	Jan 5, 2025
Task Scheduler<= 1.6.3 Cross Site Scripting (XSS)	14.2	7.1	Jan 5, 2025
RestroPress<= 3.2.4.2 Cross Site Scripting (XSS)	14.2	7.1	Dec 10, 2024
Store Exporter<= 2.7.4 Cross Site Scripting (XSS)	14.2	7.1	Nov 30, 2024
Twispay Credit Card Payments<= 2.1.2 Cross Site Scripting (XSS)	14.2	7.1	Jan 8, 2025
Canonical Attachments<= 1.8 Cross Site Scripting (XSS)	14.2	7.1	Dec 1, 2024
ChillPay WooCommerce<= 2.5.3 Cross Site Request Forgery (CSRF)	3.55	7.1	Dec 21, 2024
IP2Location World Clock<= 1.1.9 Cross Site Request Forgery (CSRF)	3.55	7.1	Feb 11, 2025
Custom Posts Order<= 4.4 Cross Site Request Forgery (CSRF)	3.55	7.1	Feb 13, 2025
Print Science Designer<= 1.3.155 Arbitrary File Download	22.5	7.5	Mar 1, 2025
Processing Projects<= 1.0.2 Arbitrary File Upload	N/A	9.1	Dec 24, 2024
Wptobe-signinup<= 1.1.2 Cross Site Scripting (XSS)	14.2	7.1	Mar 16, 2025
Videos<= 1.0.5 Cross Site Scripting (XSS)	14.2	7.1	Dec 24, 2024
Team Rosters<= 4.7 Cross Site Scripting (XSS)	14.2	7.1	Dec 10, 2024
NanoSupport<= 0.6.0 Cross Site Scripting (XSS)	14.2	7.1	Mar 23, 2025
DigiWidgets Image Editor<= 1.10 Remote Code Execution (RCE)	60	10	Mar 10, 2025
WP Profitshare<= 1.4.9 Cross Site Request Forgery (CSRF)	3.55	7.1	Dec 26, 2024

Report vulnerabilities to earn bounties and rewards!

Include pending