Brandon Roldan

389.1

XP

52

Reports

0

Reports, last 90 days

#4

19 Dec, 2025

Lvl 2

Website

GitHub

Exploited

Affected software \| Vulnerability	AXP	Severity	Reported
MainWP Child Reports<= 2.1.1 Cross Site Request Forgery (CSRF)	8.1	5.4	Oct 27, 2023
FameTheme Demo Importer<= 1.1.5 Cross Site Request Forgery (CSRF)	6.45	4.3	Oct 26, 2023
Giveaways and Contests by RafflePress<= 1.12.7 Bypass Vulnerability	10.6	5.3	Nov 29, 2023
Royal Elementor Addons<= 1.3.93 Bypass Vulnerability	53	5.3	Nov 29, 2023
Zero Spam<= 5.5.6 Bypass Vulnerability	21.2	5.3	Nov 13, 2023
WP Google Analytics Events<= 2.8.0 Cross Site Scripting (XSS)	14.2	7.1	Oct 31, 2023
UsersWP< 1.2.6 Cross Site Request Forgery (CSRF)	2.7	5.4	Oct 31, 2023
Simple Post Notes<= 1.7.6 Cross Site Request Forgery (CSRF)	2.15	4.3	Oct 30, 2023
Page Builder: Live Composer<= 1.5.35 Cross Site Request Forgery (CSRF)	2.7	5.4	Oct 27, 2023
Inline Related Posts<= 3.3.1 Cross Site Request Forgery (CSRF)	8.6	4.3	Oct 27, 2023
Post Views Counter<= 1.4.4 Cross Site Request Forgery (CSRF)	10.75	4.3	Oct 27, 2023
Easy Social Feed<= 6.5.6 Cross Site Request Forgery (CSRF)	6.45	4.3	Oct 26, 2023
Simple Revisions Delete<= 1.5.3 Cross Site Request Forgery (CSRF)	2.15	4.3	Oct 31, 2023
Contact Form 7 – PayPal & Stripe Add-on<= 2.0 Cross Site Scripting (XSS)	14.2	7.1	Nov 30, 2023
Awesome Support<= 6.1.6 Broken Access Control	5.4	5.4	Oct 25, 2023
WordPress Manutenção<= 1.0.6 Bypass Vulnerability	7.4	3.7	Nov 27, 2023
MailerLite – WooCommerce integration<= 2.0.8 Cross Site Request Forgery (CSRF)	2.7	5.4	Oct 31, 2023
Malware Scanner<= 4.7.1 Bypass Vulnerability	10.6	5.3	Nov 29, 2023
Affiliates Manager<= 2.9.31 Cross Site Request Forgery (CSRF)	2.15	4.3	Oct 25, 2023
White Label<= 2.9.0 Cross Site Request Forgery (CSRF)	2.15	4.3	Oct 31, 2023
WPC Product Bundles for WooCommerce<= 7.3.1 Cross Site Request Forgery (CSRF)	2.15	4.3	Oct 31, 2023
Strong Testimonials<= 3.1.10 Cross Site Request Forgery (CSRF)	8.6	4.3	Oct 31, 2023
Simple Job Board<= 2.10.6 Cross Site Request Forgery (CSRF)	2.15	4.3	Oct 31, 2023
NitroPack<= 1.10.2 Cross Site Request Forgery (CSRF)	10.8	5.4	Oct 31, 2023
NEX-Forms<= 8.5.2 Cross Site Request Forgery (CSRF)	2.7	5.4	Oct 31, 2023
Icegram<= 3.1.18 Cross Site Request Forgery (CSRF)	2.15	4.3	Oct 31, 2023
Rate my Post<= 3.4.2 Broken Access Control	10.6	5.3	Nov 26, 2023
RegistrationMagic<= 5.2.5.0 Bypass Vulnerability	10.6	5.3	Nov 29, 2023
Branda<= 3.4.14 Bypass Vulnerability	10.6	5.3	Nov 29, 2023
Apollo13 Framework Extensions<= 1.9.1 Cross Site Request Forgery (CSRF)	5.4	5.4	Oct 25, 2023
Awesome Support<= 6.1.5 Cross Site Request Forgery (CSRF)	2.15	4.3	Oct 25, 2023
Awesome Support<= 6.1.5 Broken Access Control	10.6	5.3	Oct 25, 2023
Spam protection, AntiSpam, FireWall by CleanTalk<= 6.20 Cross Site Request Forgery (CSRF)	10.75	4.3	Oct 26, 2023
Ecwid Shopping Cart<= 6.12.4 Cross Site Request Forgery (CSRF)	2.7	5.4	Oct 26, 2023
Thrive Automator<= 1.17 Cross Site Request Forgery (CSRF)	2.7	5.4	Oct 27, 2023
GS Logo Slider<= 3.5.1 Cross Site Request Forgery (CSRF)	2.15	4.3	Oct 27, 2023
HT Mega<= 2.3.3 Cross Site Request Forgery (CSRF)	8.6	4.3	Oct 27, 2023
GPT3 AI Content Writer<= 1.8.12 Cross Site Request Forgery (CSRF)	2.15	4.3	Oct 27, 2023
GPT3 AI Content Writer<= 1.8.2 Sensitive Data Exposure	10.6	5.3	Oct 27, 2023
WP Simple Booking Calendar<= 2.0.8.4 Cross Site Request Forgery (CSRF)	2.15	4.3	Oct 29, 2023
Paid Member Subscriptions<= 2.10.4 Cross Site Request Forgery (CSRF)	2.15	4.3	Oct 30, 2023
Quiz And Survey Master<= 8.1.18 Cross Site Request Forgery (CSRF)	5.4	5.4	Oct 30, 2023
WOOCS – WooCommerce Currency Switcher<= 1.4.1.4 Cross Site Request Forgery (CSRF)	8.1	5.4	Oct 31, 2023
LiveChat<= 4.5.15 Cross Site Request Forgery (CSRF)	2.7	5.4	Oct 29, 2023
WP Photo Album Plus<= 8.5.02.005 Bypass Vulnerability	10.6	5.3	Nov 29, 2023
Business Directory<= 6.3.10 Cross Site Request Forgery (CSRF)	2.15	4.3	Oct 26, 2023
Qode Essential Addons<= 1.5.2 Remote Code Execution (RCE)	19.8	9.9	Oct 26, 2023
Legal Pages<= 1.3.8 Cross Site Request Forgery (CSRF)	2.7	5.4	Oct 27, 2023
Profile Builder<= 3.10.3 Cross Site Request Forgery (CSRF)	8.1	5.4	Oct 30, 2023
Top 10<= 3.3.2 Cross Site Request Forgery (CSRF)	2.15	4.3	Oct 31, 2023
WP Google My Business Auto Publish<= 3.7 Cross Site Request Forgery (CSRF)	2.7	5.4	Oct 31, 2023
Kadence WooCommerce Email Designer<= 1.5.11 Cross Site Request Forgery (CSRF)	8.6	4.3	Oct 27, 2023
Newsmag<= 2.4.4 Cross Site Scripting (XSS)	N/A	6.5	No date
Activello<= 1.4.4 Cross Site Scripting (XSS)	N/A	5.4	No date
Activello<= 1.4.4 Cross Site Scripting (XSS)	N/A	5.4	No date
Media Library Assistant<= 3.00 Sensitive Data Exposure	N/A	3.7	No date
iQ Block Country<= 1.2.18 Bypass Vulnerability	N/A	5.3	No date
wpForo Forum<= 2.0.5 Cross Site Request Forgery (CSRF)	N/A	6.3	No date
WPIDE – File Manager & Code Editor<= 2.6 Directory Traversal	N/A	4.9	No date
MultiSafepay plugin for WooCommerce<= 4.15.0 Directory Traversal	N/A	5.3	No date
Shareaholic<= 9.7.5 Sensitive Data Exposure	N/A	4.3	No date
MapSVG<= 6.2.19 SQL Injection	N/A	8.3	No date
HubSpot<= 8.8.13 Server Side Request Forgery (SSRF)	N/A	6.4	No date
LifterLMS PayPal<= 1.3.0 Cross Site Scripting (XSS)	N/A	6.1	No date
DW Question & Answer Pro<= 1.3.4 Cross Site Request Forgery (CSRF)	N/A	5.4	No date
DW Question & Answer Pro<= 1.3.4 Insecure Direct Object References (IDOR)	N/A	6.5	No date
Plezi<= 1.0.2 Cross Site Scripting (XSS)	N/A	6.1	No date
Drag and Drop Multiple File Upload – Contact Form 7<= 1.3.6.2 Cross Site Scripting (XSS)	N/A	6.1	No date
FormCraft 3<= 3.8.27 Server Side Request Forgery (SSRF)	N/A	5.3	No date
WP Voting Contest<= 2.1 Cross Site Scripting (XSS)	N/A	6.1	No date
AnyComment<= 0.2.17 Race Condition	N/A	4.3	No date
AnyComment<= 0.2.17 Cross Site Request Forgery (CSRF)	N/A	4.6	No date
BP Better Messages<= 1.9.9.148 Cross Site Request Forgery (CSRF)	N/A	3.1	No date
SupportCandy<= 2.2.6 Cross Site Request Forgery (CSRF)	N/A	5.4	No date
SupportCandy<= 2.2.4 Broken Access Control	N/A	6.5	No date
AnyComment<= 0.3.4 Open Redirection	N/A	6.5	No date
Tab – Accordion, FAQ<= 1.3.1 Cross Site Scripting (XSS)	N/A	5.3	No date
Support Board<= 3.3.5 Cross Site Request Forgery (CSRF)	N/A	5.4	No date
wpDiscuz<= 7.3.3 Cross Site Request Forgery (CSRF)	N/A	5.4	No date
BP Better Messages<= 1.9.9.37 Cross Site Request Forgery (CSRF)	N/A	4.6	No date
BP Better Messages<= 1.9.9.37 Cross Site Scripting (XSS)	N/A	6.1	No date

Report vulnerabilities to earn bounties and rewards!

Include pending