Nabil Irawan

Say thanks

2,715.44

XP

637

Reports

62

Reports, last 90 days

#26

17 Mar, 2026

🇮🇩

Lvl 6

Website

GitHub

Exploited

Affected software \| Vulnerability	AXP	Severity	Reported
Atarim<= 4.3.2 Broken Access Control	9.89	4.3	Feb 6, 2026
WordPress CTA<= 2.0.0 Broken Access Control	13	6.5	Dec 4, 2025
VW School Education<= 1.4.6 Broken Access Control	5.3	5.3	Jan 31, 2026
VW Portfolio<= 1.3.3 Broken Access Control	5.3	5.3	Jan 31, 2026
VW Photography<= 1.3.8 Broken Access Control	5.3	5.3	Jan 31, 2026
VW Pet Shop<= 1.4.7 Broken Access Control	5.3	5.3	Jan 31, 2026
VW Fitness<= 4.3.4 Broken Access Control	5.3	5.3	Jan 31, 2026
Popup Like box<= 3.7.7 Broken Access Control	5.3	5.3	Jan 30, 2026
VW Education Lite<= 2.2.0 Broken Access Control	5.3	5.3	Jan 30, 2026
Payment Gateway Pix For GiveWP<= 2.2.3 Broken Access Control	5.3	5.3	Jan 29, 2026
Sprout Clients<= 3.2.2 Cross Site Scripting (XSS)	11.21	6.5	Jan 28, 2026
Pochipp< 1.18.9 Broken Access Control	5.4	5.4	Jan 26, 2026
PDF Poster<= 2.4.0 Broken Access Control	9.32	5.4	Jan 26, 2026
Squeeze<= 1.7.7 Directory Traversal	3.75	5	Jan 26, 2026
Studio99 WP Monitor<= 1.0.3 Broken Access Control	5.3	5.3	Jan 22, 2026
Image Slider by Ays<= 2.7.1 Broken Access Control	5.3	5.3	Jan 22, 2026
Xpro Addons For Beaver Builder – Lite<= 1.5.6 Broken Access Control	7.95	5.3	Jan 21, 2026
PublishPress Capabilities<= 2.31.0 Broken Access Control	39.56	4.3	Jan 21, 2026
Checkout for PayPal<= 1.0.46 Broken Access Control	7.95	5.3	Jan 20, 2026
Image Photo Gallery Final Tiles Grid<= 3.6.10 Broken Access Control	7.42	4.3	Jan 19, 2026
Geo to Lat<= 1.0.19 SQL Injection	9.56	8.5	Jan 17, 2026
Modal Dialog<= 3.5.16 Remote Code Execution (RCE)	N/A	9.1	Jan 17, 2026
WP Sessions Time Monitoring Full Automatic<= 1.1.3 Broken Access Control	7.95	5.3	Jan 16, 2026
Simple Blog Card<= 2.37 Server Side Request Forgery (SSRF)	4.8	6.4	Jan 15, 2026
MAS Videos<= 1.3.2 Broken Access Control	10.6	5.3	Jan 12, 2026
Real 3D FlipBook<= 4.19.1 Broken Access Control	1.9	3.8	Dec 28, 2025
Cliengo – Chatbot<= 3.0.4 Broken Access Control	6.5	6.5	Nov 25, 2025
Textmetrics<= 3.6.4 Broken Access Control	6.21	5.4	Jan 9, 2026
Mizan Demo Importer<= 0.1.3 Broken Access Control	5.4	5.4	Dec 31, 2025
WP Sync for Notion<= 1.7.0 Broken Access Control	3.23	4.3	Dec 31, 2025
Atarim<= 4.3.1 Broken Access Control	24.38	5.3	Dec 31, 2025
WP Wand<= 1.3.07 Broken Access Control	4.05	5.4	Dec 31, 2025
OSM<= 6.1.12 Broken Access Control	3.23	4.3	Dec 30, 2025
Knowledge Base for Documentation, FAQs with AI Assistance<= 16.011.0 Broken Access Control	4.3	4.3	Dec 30, 2025
Broken Link Notifier<= 1.3.5 Broken Access Control	10.6	5.3	Dec 30, 2025
SupportCandy<= 3.4.4 Broken Access Control	10.6	5.3	Dec 30, 2025
JAMstack Deployments<= 1.1.1 Broken Access Control	4.3	4.3	Dec 29, 2025
WP-CORS<= 0.2.2 Broken Access Control	4.3	4.3	Dec 29, 2025
Zita Elementor Site Library<= 1.6.6 Cross Site Request Forgery (CSRF)	4.3	4.3	Dec 29, 2025
Revision Manager TMC<= 2.8.22 Cross Site Request Forgery (CSRF)	4.3	4.3	Dec 29, 2025
Enter Addons<= 2.3.2 Cross Site Request Forgery (CSRF)	4.3	4.3	Dec 29, 2025
Kama Thumbnail<= 3.5.1 Cross Site Request Forgery (CSRF)	4.3	4.3	Dec 27, 2025
WP Subscribe<= 1.2.16 Broken Access Control	4.3	4.3	Dec 27, 2025
WP FullCalendar<= 1.6 Sensitive Data Exposure	10.6	5.3	Dec 27, 2025
Nexter Blocks<= 4.6.3 Sensitive Data Exposure	9.89	4.3	Dec 27, 2025
Tablesome<= 1.2.6 Broken Access Control	4.95	4.3	Dec 27, 2025
CLP Varnish Cache<= 1.0.2 Broken Access Control	10.6	5.3	Dec 27, 2025
SiteLock Security – WP Hardening, Login Security & Malware Scans<= 5.0.2 Broken Access Control	4.3	4.3	Dec 26, 2025
Share This Image<= 2.09 Broken Access Control	24.38	5.3	Dec 26, 2025
TOP Table Of Contents<= 1.3.31 Broken Access Control	4.3	4.3	Dec 26, 2025
Booter<= 1.5.7 Broken Access Control	4.3	4.3	Dec 26, 2025
Automatic Featured Images from Videos<= 1.2.7 Broken Access Control	3.23	4.3	Dec 26, 2025
Protección de datos – RGPD<= 0.68 Broken Access Control	10.6	5.3	Dec 25, 2025
Integrate Google Drive<= 1.5.6 Broken Access Control	6.21	5.4	Dec 25, 2025
Download After Email<= 2.1.9 Broken Access Control	10.6	5.3	Dec 25, 2025
WP Term Order<= 2.1.0 Cross Site Request Forgery (CSRF)	4.3	4.3	Dec 25, 2025
WP Job Portal<= 2.4.3 Insecure Direct Object References (IDOR)	9.89	4.3	Dec 25, 2025
Materialis Companion<= 1.3.52 Broken Access Control	4.3	4.3	Dec 25, 2025
HD Quiz<= 2.0.9 Broken Access Control	4.3	4.3	Dec 25, 2025
Sunshine Photo Cart<= 3.5.7.2 Broken Access Control	24.38	5.3	Dec 24, 2025
Radio Player<= 2.0.91 Server Side Request Forgery (SSRF)	12.42	5.4	Dec 24, 2025
Monetag Official Plugin<= 1.1.3 Broken Access Control	5.4	5.4	Dec 24, 2025
Extensions For CF7<= 3.4.0 Insecure Direct Object References (IDOR)	3.98	5.3	Dec 24, 2025
ElementCamp<= 2.3.2 Broken Access Control	10.6	5.3	Dec 23, 2025
Contact Form 7 GetResponse Extension<= 1.0.8 Sensitive Data Exposure	10.6	5.3	Dec 23, 2025
Integration for Contact Form 7 HubSpot<= 1.4.3 Sensitive Data Exposure	5.3	5.3	Dec 23, 2025
Autoshare for Twitter<= 2.3.1 Broken Access Control	12.42	5.4	Dec 23, 2025
Cloudinary<= 3.3.2 Broken Access Control	5.4	5.4	Dec 23, 2025
FluentBoards<= 1.91.1 Broken Access Control	6.21	5.4	Dec 23, 2025
Anything Order by Terms<= 1.4.0 Broken Access Control	3.23	4.3	Dec 22, 2025
WP Travel<= 11.1.0 Broken Access Control	12.19	5.3	Dec 22, 2025
Media Library File Size<= 1.6.7 Broken Access Control	4.3	4.3	Dec 22, 2025
Edwiser Bridge<= 4.3.2 Broken Access Control	5.4	5.4	Dec 22, 2025
BOX NOW Delivery<= 3.0.2 Broken Access Control	4.3	4.3	Dec 22, 2025
Simple Membership WP user Import<= 1.9.1 Cross Site Request Forgery (CSRF)	5.4	5.4	Dec 21, 2025
Ai Image Alt Text Generator for WP<= 1.1.9 Broken Access Control	4.3	4.3	Dec 21, 2025
GDPR CCPA Compliance Support<= 2.7.4 Broken Access Control	6.5	6.5	Oct 30, 2025
WP Forms Signature Contract Add-On<= 1.8.2 Broken Access Control	9.89	4.3	Dec 20, 2025
Tutor LMS BunnyNet Integration<= 1.0.0 Cross Site Scripting (XSS)	5.9	5.9	Dec 20, 2025
AJAX Hits Counter + Popular Posts Widget<= 0.10.210305 Broken Access Control	4.05	5.4	Dec 19, 2025
Turn Yoast SEO FAQ Block to Accordion<= 1.0.6 Cross Site Scripting (XSS)	4.88	6.5	Dec 17, 2025
Element Invader – Template Kits for Elementor<= 1.2.4 Broken Access Control	4.3	4.3	Dec 17, 2025
Client Portal<= 1.2.1 Broken Access Control	4.3	4.3	Dec 17, 2025
Zoho CRM Lead Magnet<= 1.8.1.9 Broken Access Control	6.21	5.4	Dec 16, 2025
Wheel of Life<= 1.2.0 Broken Access Control	12.19	5.3	Dec 16, 2025
Multilanguage by BestWebSoft<= 1.5.2 Broken Access Control	3.23	4.3	Dec 16, 2025
WPMasterToolKit<= 2.14.0 Broken Access Control	9.89	4.3	Dec 16, 2025
Tickera<= 3.5.6.4 Broken Access Control	4.3	4.3	Dec 10, 2025
Better Business Reviews<= 0.1.1 Broken Access Control	4.3	4.3	Dec 10, 2025
Add Expires Headers & Optimized Minify<= 3.1.0 Broken Access Control	10.6	5.3	Dec 10, 2025
WP Quick Post Duplicator<= 2.1 Broken Access Control	3.71	4.3	Dec 9, 2025
NextGEN Download Gallery<= 1.6.2 Sensitive Data Exposure	10.6	5.3	Dec 9, 2025
Kenta Companion<= 1.3.3 Cross Site Request Forgery (CSRF)	4.3	4.3	Dec 9, 2025
Campaign Monitor for WordPress<= 2.9.0 Broken Access Control	4.3	4.3	Dec 9, 2025
Media Search Enhanced<= 0.9.1 SQL Injection	7.6	7.6	Dec 8, 2025
RSS Feed Widget<= 3.0.2 Broken Access Control	5.4	5.4	Dec 8, 2025
Bulk Landing Page Creator for WordPress LPagery<= 2.4.9 Broken Access Control	4.05	5.4	Dec 8, 2025
Image Slider Slideshow<= 1.8 Insecure Direct Object References (IDOR)	3.23	4.3	Dec 8, 2025
Dashboard Welcome for Beaver Builder<= 1.0.8 Broken Access Control	10.6	5.3	Dec 8, 2025
Speed Kit<= 2.0.2 Broken Access Control	4.3	4.3	Dec 8, 2025

Report vulnerabilities to earn bounties and rewards!

Include pending