ch4r0n

1061.28

XP

85

Reports

0

Reports, last 90 days

#23

15 Dec, 2025

Lvl 4

Website

GitHub

Exploited

Affected software \| Vulnerability	AXP	Severity	Reported
Image Hover Effects – Elementor Addon<= 1.4.4 Broken Access Control	N/A	5.3	Jul 18, 2025
AfterShip Tracking<= 1.17.17 Broken Access Control	10.6	5.3	Jul 15, 2025
Premium Age Verification / Restriction for WordPress<= 3.0.2 Arbitrary File Download	33.75	7.5	Jun 27, 2025
Pro Bulk Watermark Plugin for WordPress<= 2.0 Path Traversal	3.23	4.3	Jun 26, 2025
Templately<= 3.2.7 Sensitive Data Exposure	14.7	4.9	Jun 24, 2025
Captcha.eu<= 1.0.61 Server Side Request Forgery (SSRF)	N/A	5.4	No date
Thank You Page Customizer for WooCommerce<= 1.1.7 Broken Access Control	6.5	6.5	Apr 23, 2025
Premium Age Verification / Restriction for WordPress<= 3.0.2 SQL Injection	12.75	8.5	Jun 26, 2025
The E-Commerce ERP<= 2.1.1.3 Broken Access Control	10.95	7.3	May 21, 2025
Maya Business<= 1.2.0 Insecure Direct Object References (IDOR)	15	7.5	Apr 25, 2025
URL Shortener<= 3.0.7 Broken Access Control	12.9	8.6	Jun 2, 2025
URL Shortener<= 3.0.7 SQL Injection	27.9	9.3	Jun 2, 2025
The E-Commerce ERP<= 2.1.1.3 Privilege Escalation	44.1	9.8	May 21, 2025
URL Shortener<= 3.0.7 PHP Object Injection	29.4	9.8	Jun 2, 2025
Wishlist for WooCommerce<= 3.2.3 Broken Access Control	13	6.5	May 9, 2025
Profiler - What Slowing Down Your WP<= 1.0.0 Broken Access Control	9.75	6.5	May 23, 2025
Multi-language Responsive Contact Form<= 2.8 Broken Access Control	15	7.5	Apr 26, 2025
Gallery Widget<= 1.2.1 SQL Injection	9.56	8.5	Jun 2, 2025
Contact Us page - Contact people LITE<= 3.7.4 SQL Injection	9.56	8.5	Jun 2, 2025
URL Shortener<= 3.0.7 Server Side Request Forgery (SSRF)	8.1	5.4	Jun 2, 2025
bSecure – Your Universal Checkout<= 1.7.9 SQL Injection	18.6	9.3	May 8, 2025
NGG Smart Image Search<= 3.4.1 SQL Injection	27.9	9.3	May 19, 2025
MobiLoud<= 4.6.6 Broken Access Control	6.08	8.1	May 15, 2025
iCount Payment Gateway<= 2.0.7 Broken Access Control	7.95	5.3	May 20, 2025
Spreadconnect<= 2.1.5 Broken Access Control	4.05	5.4	May 27, 2025
HurryTimer<= 2.13.1 Broken Access Control	10.6	5.3	May 28, 2025
GG Bought Together for WooCommerce<= 1.0.2 SQL Injection	37.2	9.3	Apr 27, 2025
Image Shadow<= 1.1.0 Arbitrary File Deletion	23.1	7.7	Apr 29, 2025
Selling Commander for WooCommerce<= 1.2.46 Privilege Escalation	29.4	9.8	May 20, 2025
Image Sizes Controller, Create Custom Image Sizes, Disable Image Sizes<= 1.0.10 Broken Access Control	3.23	4.3	May 21, 2025
Auto Upload Images<= 3.3.2 Server Side Request Forgery (SSRF)	7.35	4.9	Apr 28, 2025
CRM ERP Business Solution<= 1.13 Broken Access Control	N/A	5.3	May 13, 2025
Zapier for WordPress<= 1.5.2 Broken Access Control	16.2	5.4	Apr 26, 2025
DELUCKS SEO<= 2.5.9 Broken Access Control	12.19	5.3	No date
Widget Logic<= 6.0.5 Remote Code Execution (RCE)	89.1	9.9	Apr 28, 2025
TicketBAI Facturas para WooCommerce<= 3.38 Broken Access Control	N/A	5.4	Apr 29, 2025
bbPress API<= 1.0.14 Broken Access Control	N/A	5.3	Apr 29, 2025
Responsive Flipbooks<= 1.0 Broken Access Control	N/A	5.4	Apr 23, 2025
No Spam At All<= 1.3 Broken Access Control	N/A	5.4	Apr 23, 2025
Viral Loops WP Integration<= 3.8.1 Broken Access Control	N/A	4.3	Apr 26, 2025
Viral Loops WP Integration<= 3.8.1 Broken Access Control	N/A	5.3	Apr 26, 2025
Payment QR WooCommerce<= 1.1.6 Broken Access Control	10.6	5.3	Apr 23, 2025
FraudLabs Pro for WooCommerce<= 2.22.11 Broken Access Control	7.95	5.3	May 27, 2025
Icegram Collect<= 1.3.18 Broken Access Control	7.1	7.1	Apr 21, 2025
Multi CryptoCurrency Payments<= 2.0.7 SQL Injection	37.2	9.3	Apr 17, 2025
Recover abandoned cart for WooCommerce<= 2.5 SQL Injection	37.2	9.3	Apr 5, 2025
Spreadsheet Price Changer for WooCommerce and WP E-commerce – Light<= 2.4.37 SQL Injection	37.2	9.3	Apr 14, 2025
Spreadsheet Price Changer for WooCommerce and WP E-commerce – Light<= 2.4.37 Arbitrary File Download	22.5	7.5	Apr 14, 2025
CryptoCloud - Crypto Payment Gateway<= 2.1.2 Broken Access Control	13	6.5	Apr 18, 2025
StyleAI<= 1.0.4 Broken Access Control	13	6.5	Apr 16, 2025
MetalpriceAPI<= 1.1.4 Remote Code Execution (RCE)	N/A	9.9	Apr 17, 2025
TableOn<= 1.0.4.2 Content Injection	24.5	7.1	Apr 22, 2025
Spreadsheet Price Changer for WooCommerce and WP E-commerce – Light<= 2.4.37 Remote Code Execution (RCE)	60	10	Apr 14, 2025
Spreadsheet Price Changer for WooCommerce and WP E-commerce – Light<= 2.4.37 Privilege Escalation	58.8	9.8	Apr 14, 2025
Embed and Integrate Etsy Shop<= 1.0.4 Broken Access Control	N/A	5.3	Apr 20, 2025
Bot for Telegram on WooCommerce<= 1.2.6 Broken Access Control	N/A	4.3	Apr 26, 2025
Bux Woocommerce<= 1.2.3 Broken Access Control	13	6.5	Apr 18, 2025
Sharespine Woocommerce Connector<= 4.7.55 Broken Access Control	3.23	4.3	Apr 14, 2025
Push notification for Mobile and Web app<= 2.0.3 Broken Access Control	13	6.5	Apr 14, 2025
ValidateCertify<= 1.6.4 Cross Site Request Forgery (CSRF)	2.15	4.3	Apr 11, 2025
Experto CTA Widget – Call To Action, Sticky CTA, Floating Button Plugin<= 1.1.1 Settings Change	13	6.5	Apr 29, 2025
Awin – Advertiser Tracking for WooCommerce<= 2.0.0 Cross Site Request Forgery (CSRF)	2.15	4.3	Apr 1, 2025
Calculate Prices based on Distance For WooCommerce<= 1.3.5 Broken Access Control	N/A	5.4	Apr 7, 2025
WP Podcasts Manager<= 1.2 Cross Site Request Forgery (CSRF)	N/A	4.3	Apr 8, 2025
Soccer Live Scores<= 1.0.5 Cross Site Request Forgery (CSRF)	N/A	4.3	Apr 8, 2025
Ovation Elements<= 1.1.2 Broken Access Control	4.3	4.3	Apr 23, 2025
GS Variation Swatches for WooCommerce<= 3.0.4 Broken Access Control	N/A	5.4	Apr 7, 2025
Crossword Compiler Puzzles<= 5.4 Cross Site Scripting (XSS)	6.5	6.5	Apr 9, 2025
Web3Press<= 3.2.0 Arbitrary File Download	7.31	6.5	Apr 14, 2025
Custom PC Builder Lite for WooCommerce<= 1.0.1 Settings Change	13	6.5	Apr 20, 2025
WP AVCL Automation Helper (formerly WPFlyLeads)<= 3.4 Server Side Request Forgery (SSRF)	4.9	4.9	Apr 15, 2025
Media Library Downloader<= 1.3.1 Broken Access Control	4.3	4.3	Apr 13, 2025
BeerXML Shortcode<= 0.7.1 Server Side Request Forgery (SSRF)	N/A	6.4	Apr 13, 2025
Simple Google Photos Grid<= 1.5 Server Side Request Forgery (SSRF)	3.68	4.9	Apr 11, 2025
Bulk Assign Linked Products For WooCommerce<= 2.1 Broken Access Control	N/A	5.3	Apr 7, 2025
CM Answers<= 3.3.3 Cross Site Request Forgery (CSRF)	N/A	4.3	Apr 9, 2025
CM Ad Changer<= 2.0.5 Cross Site Request Forgery (CSRF)	N/A	4.3	Apr 8, 2025
Advanced Linked Variations for Woocommerce<= 1.0.3 Broken Access Control	N/A	5.3	Apr 5, 2025
Recover abandoned cart for WooCommerce<= 2.2 Cross Site Request Forgery (CSRF)	N/A	4.3	Apr 5, 2025
Theme Changer<= 1.4 Cross Site Request Forgery (CSRF)	N/A	4.3	Apr 2, 2025
wpLike2Get<= 1.2.9 Sensitive Data Exposure	N/A	5.3	Apr 2, 2025
BP Email Assign Templates<= 1.6 Cross Site Scripting (XSS)	N/A	5.9	Feb 26, 2025
BP Email Assign Templates<= 1.7 Other Vulnerability Type	N/A	6.5	Feb 26, 2025

Report vulnerabilities to earn bounties and rewards!

Include pending