minhtuanact

Say thanks

599.3

XP

66

Reports

0

Reports, last 90 days

#11

27 Dec, 2025

Lvl 2

Website

GitHub

Exploited

Affected software \| Vulnerability	AXP	Severity	Reported
Easy Google Maps<= 1.11.18 XML External Entity (XXE)	6.6	6.6	Nov 25, 2024
Category Icon<= 1.0.1 Arbitrary File Download	3.68	4.9	Nov 26, 2024
Fonto<= 1.2.2 Arbitrary File Download	3.68	4.9	Nov 26, 2024
WordPress Tag Cloud Plugin – Tag Groups<= 2.0.4 Cross Site Scripting (XSS)	14.2	7.1	Nov 27, 2024
BSK Forms Blacklist<= 3.9 Cross Site Request Forgery (CSRF)	4.1	8.2	Nov 26, 2024
Persian Woocommerce SMS<= 7.0.5 Cross Site Scripting (XSS)	28.4	7.1	Nov 28, 2024
Landing Page Builder<= 1.5.1.5 Open Redirection	9.4	4.7	Mar 31, 2023
Ultimate Addons for Contact Form 7<= 3.2.6 Broken Access Control	15	7.5	Jun 22, 2023
EazyDocs<= 2.3.5 Cross Site Scripting (XSS)	11.8	6.8	Mar 27, 2023
Integrate Google Drive<= 1.3.2 Open Redirection	9.4	4.7	Mar 29, 2023
Icons Font Loader<= 1.1.2 SQL Injection	12.75	8.5	Mar 28, 2023
Libsyn Publisher Hub<= 1.4.4 Cross Site Scripting (XSS)	14.2	7.1	Mar 30, 2023
Libsyn Publisher Hub<= 1.4.4 Sensitive Data Exposure	10.6	5.3	Mar 30, 2023
Accessibility Suite<= 4.12 SQL Injection	12.75	8.5	Mar 31, 2023
Copy Or Move Comments<= 5.0.4 Cross Site Scripting (XSS)	11.6	5.8	Mar 24, 2023
affiliate-toolkit<= 3.3.9 Open Redirection	9.4	4.7	Mar 22, 2023
Copy Or Move Comments<= 5.0.4 SQL Injection	12.75	8.5	Mar 23, 2023
GD Security Headers<= 1.6.1 Cross Site Scripting (XSS)	14.2	7.1	Mar 28, 2023
Contact form 7 Custom validation<= 1.1.3 SQL Injection	24.6	8.2	Mar 23, 2023
Doofinder for WooCommerce<= 1.5.49 Open Redirection	9.4	4.7	Mar 27, 2023
PixTypes<= 1.4.15 Cross Site Scripting (XSS)	14.2	7.1	Feb 2, 2023
Donations Made Easy – Smart Donations<= 4.0.12 SQL Injection	N/A	7.6	Dec 21, 2022
Onepage Builder – Easiest Landing Page Builder For WordPress<= 2.4.1 SQL Injection	N/A	6.7	Dec 21, 2022
Dynamic Visibility for Elementor<= 5.0.5 Broken Access Control	10.8	5.4	May 31, 2023
WP ERP<= 1.12.3 Cross Site Scripting (XSS)	14.2	7.1	Mar 27, 2023
MailChimp Subscribe Forms <= 4.0.9.3 Open Redirection	9.4	4.7	Mar 30, 2023
Order Your Posts Manually<= 2.2.5 Cross Site Scripting (XSS)	14.2	7.1	Mar 31, 2023
Order Your Posts Manually<= 2.2.5 Cross Site Scripting (XSS)	14.2	7.1	Mar 31, 2023
Order Your Posts Manually<= 2.2.5 SQL Injection	N/A	7.6	Mar 31, 2023
Woo Custom Emails<= 2.2 Broken Access Control	14.6	7.3	Mar 31, 2023
Ultimate Addons for Contact Form 7<= 3.1.23 SQL Injection	8.2	8.2	Dec 22, 2022
Radio Station<= 2.4.0.9 Cross Site Scripting (XSS)	14.2	7.1	Mar 31, 2023
Maintenance Switch<= 1.6.2 Cross Site Scripting (XSS)	7.1	7.1	Dec 14, 2022
Mass Email To users<= 1.1.4 Cross Site Scripting (XSS)	7.1	7.1	Dec 14, 2022
Advanced Category Template<= 0.1 Cross Site Scripting (XSS)	14.2	7.1	Mar 19, 2023
vSlider Multi Image Slider for WordPress<= 4.1.2 Cross Site Request Forgery (CSRF)	4.3	4.3	Dec 22, 2022
Shortcode IMDB<= 6.0.8 SQL Injection	N/A	6.7	Dec 21, 2022
The School Management – Education & Learning Management<= 4.1 SQL Injection	N/A	6.7	Dec 21, 2022
Accessibility Suite<= 4.12 SQL Injection	6.4	6.4	Dec 19, 2022
Kodex Posts likes<= 2.4.3 Cross Site Request Forgery (CSRF)	4.3	4.3	Dec 8, 2022
Email Subscription Popup<= 1.2.16 Cross Site Scripting (XSS)	14.2	7.1	Mar 27, 2023
Neshan Maps<= 1.1.4 SQL Injection	N/A	6	Dec 19, 2022
Amelia<= 1.0.75 Cross Site Scripting (XSS)	42.6	7.1	Mar 22, 2023
Dynamics 365 Integration<= 1.3.13 Broken Access Control	4.3	4.3	Mar 31, 2023
Product Catalog Simple<= 1.6.17 Cross Site Scripting (XSS)	14.2	7.1	Mar 31, 2023
Magic Post Thumbnail<= 4.1.10 Cross Site Scripting (XSS)	14.2	7.1	Mar 30, 2023
PropertyHive<= 1.5.46 Cross Site Scripting (XSS)	14.2	7.1	Mar 31, 2023
Affiliates Manager<= 2.9.20 Cross Site Request Forgery (CSRF)	2.7	5.4	Mar 22, 2023
Advanced Page Visit Counter<= 6.4.2 SQL Injection	7.99	7.1	Mar 19, 2023
WooCommerce JazzCash Gateway Plugin<= 2.0 Cross Site Scripting (XSS)	7.1	7.1	Dec 8, 2022
Open RDW kenteken voertuiginformatie<= 2.0.14 Cross Site Scripting (XSS)	7.1	7.1	Dec 15, 2022
Mortgage Calculator Estatik<= 2.0.12 Cross Site Scripting (XSS)	N/A	7.1	No date
Open Graphite<= 1.6.0 Cross Site Scripting (XSS)	7.1	7.1	Dec 15, 2022
Slideshow Gallery<= 1.7.6 SQL Injection	N/A	6.7	Dec 21, 2022
Broadcast Live Video<= 5.5.15 Remote Code Execution (RCE)	9	9	Dec 28, 2022
Multi Rating<= 5.0.6 Cross Site Scripting (XSS)	7.1	7.1	Dec 15, 2022
微信机器人高级版<= 6.2.2.1 Cross Site Scripting (XSS)	7.1	7.1	Nov 28, 2022
Responsive Image Gallery, Gallery Album<= 2.0.1 Cross Site Scripting (XSS)	7.1	7.1	Dec 17, 2022
Multi Rating<= 5.0.6 Broken Access Control	N/A	5.3	No date
Image Hover Effects - Caption Hover with Carousel<= 2.8 Cross Site Scripting (XSS)	7.1	7.1	Nov 29, 2022
WPComplete<= 2.9.4 Cross Site Scripting (XSS)	7.1	7.1	Nov 29, 2022
Simple Photo Gallery<= v1.8.1 SQL Injection	N/A	6.7	Dec 21, 2022
User Meta Manager<= 3.5.0 Cross Site Scripting (XSS)	7.1	7.1	Jan 12, 2023
Custom 404 Pro<= 3.7.0 SQL Injection	N/A	8.3	Dec 22, 2022
Map Multi Marker<= 3.2.1 Cross Site Scripting (XSS)	7.1	7.1	Dec 14, 2022
MagicForm<= 0.1 Cross Site Scripting (XSS)	7.1	7.1	Dec 14, 2022
Joli Table Of Contents<= 1.3.9 Cross Site Request Forgery (CSRF)	5.4	5.4	Dec 8, 2022
Launchpad – Coming Soon & Maintenance Mode Plugin<= 1.0.13 Cross Site Request Forgery (CSRF)	5.4	5.4	Dec 9, 2022
Advanced Booking Calendar<= 1.7.1 SQL Injection	N/A	10	No date
Advanced Booking Calendar<= 1.7.1 Cross Site Request Forgery (CSRF)	N/A	5.4	No date
WP ULike<= 4.6.4 Race Condition	N/A	5.3	No date
WP-Polls<= 2.76.0 Race Condition	N/A	4.3	No date
Store Locator WordPress<= 1.4.5 Cross Site Request Forgery (CSRF)	N/A	6.1	No date
Rate my Post<= 3.3.4 Race Condition	N/A	4.3	No date
Rate my Post<= 3.3.4 Cross Site Request Forgery (CSRF)	N/A	4.3	No date
WP-PostRatings<= 1.89 Race Condition	N/A	4.3	No date
Event Calendar – Calendar<= 1.4.6 Broken Access Control	N/A	6.5	No date
Contest Gallery<= 17.0.4 SQL Injection	N/A	7.6	No date
Admin Management Xtended <= 2.4.4 Cross Site Request Forgery (CSRF)	N/A	5.4	No date
Image Hover Effects Ultimate<= 9.7.1 Cross Site Scripting (XSS)	N/A	4.8	No date
Download Monitor<= 4.4.6 Cross Site Scripting (XSS)	N/A	4.8	No date
ThirstyAffiliates<= 3.9.2 Cross Site Scripting (XSS)	N/A	5.4	No date

Report vulnerabilities to earn bounties and rewards!

Include pending