Joshua Chan

Say thanks

1745.68

XP

166

Reports

0

Reports, last 90 days

#16

19 Dec, 2025

Lvl 5

Website

GitHub

Exploited

Affected software \| Vulnerability	AXP	Severity	Reported
Online Booking & Scheduling Calendar for WordPress by vcita<= 4.5.5 Sensitive Data Exposure	4.3	4.3	Sep 9, 2024
AIO Performance Profiler, Monitor, Optimize, Compress & Debug<= 1.2 Broken Access Control	N/A	4.3	Oct 5, 2024
WP Go Maps<= 9.0.40 Cross Site Request Forgery (CSRF)	10.75	4.3	Sep 21, 2024
Wp-Scribd-List<= 1.2 Cross Site Request Forgery (CSRF)	3.55	7.1	Oct 9, 2024
WP PT-Viewer<= 2.0.2 Cross Site Scripting (XSS)	3.55	7.1	Oct 9, 2024
WordPress form builder plugin for contact forms, surveys and quizzes – Tripetto<= 8.0.6 Cross Site Scripting (XSS)	14.2	7.1	Aug 28, 2024
Floating Video Player<= 1.0 Cross Site Request Forgery (CSRF)	3.55	7.1	Oct 31, 2024
WP-NERD Toolkit<= 1.1 Sensitive Data Exposure	15	7.5	Oct 3, 2024
Import Export For WooCommerce<= 1.6.2 Arbitrary File Upload	29.7	9.9	Oct 23, 2024
Advanced What should we write next about<= 1.0.3 Cross Site Request Forgery (CSRF)	3.55	7.1	Oct 11, 2024
Content Audit Exporter<= 1.1 Sensitive Data Exposure	N/A	5.3	Oct 16, 2024
Multi Feed Reader<= 2.2.4 Cross Site Request Forgery (CSRF)	3.55	7.1	Oct 19, 2024
MooWoodle<= 3.2.4 Sensitive Data Exposure	15	7.5	Oct 17, 2024
Exclusive Content Password Protect<= 1.1.0 Cross Site Request Forgery (CSRF)	14.4	9.6	Oct 24, 2024
Hacklog DownloadManager<= 2.1.4 Cross Site Request Forgery (CSRF)	14.4	9.6	Oct 24, 2024
CDI<= 5.5.3 Arbitrary File Upload	N/A	9.1	Oct 22, 2024
SV Forms<= 2.0.05 Cross Site Scripting (XSS)	4.88	6.5	Oct 29, 2024
Tigris Flexplatform<= 1.0.2 Cross Site Scripting (XSS)	4.88	6.5	Oct 28, 2024
MyCurator Content Curation<= 3.78 Cross Site Scripting (XSS)	2.95	5.9	Sep 30, 2024
Admin SMS Alert<= 1.1.0 Cross Site Request Forgery (CSRF)	3.55	7.1	Oct 11, 2024
GMO Social Connection<= 1.2 Cross Site Request Forgery (CSRF)	3.55	7.1	Oct 11, 2024
Schema & Structured Data for WP & AMP<= 1.3.5 Sensitive Data Exposure	42.4	5.3	Sep 2, 2024
EKC Tournament Manager<= 2.2.1 Cross Site Request Forgery (CSRF)	14.4	9.6	Oct 14, 2024
WP SendFox<= 1.3.1 Sensitive Data Exposure	10.6	5.3	Sep 9, 2024
VOD Infomaniak<= 1.5.7 Cross Site Request Forgery (CSRF)	6.21	5.4	Aug 24, 2024
Contact Forms, Live Support, CRM, Video Messages<= 1.10.2 Sensitive Data Exposure	15	7.5	Oct 4, 2024
Wsify Widget<= 1.0 Cross Site Request Forgery (CSRF)	3.55	7.1	Oct 9, 2024
Keep Backup Daily<= 2.1.1 Sensitive Data Exposure	15	7.5	Oct 6, 2024
Strong Testimonials<= 3.1.16 Broken Access Control	17.2	4.3	Aug 26, 2024
uListing<= 2.1.5 Sensitive Data Exposure	10.6	5.3	Aug 7, 2024
GiveWP<= 3.15.1 Cross Site Request Forgery (CSRF)	10.8	5.4	Aug 18, 2024
Templately<= 3.1.2 Broken Access Control	65	6.5	Aug 19, 2024
Contest Gallery<= 23.1.2 Sensitive Data Exposure	12.19	5.3	Jun 27, 2024
Clearfy Cache<= 2.2.4 Broken Access Control	16.2	5.4	Mar 29, 2024
Order Export for WooCommerce<= 3.23 Sensitive Data Exposure	12.19	5.3	Mar 30, 2024
Social Slider Feed<= 2.2.2 Broken Access Control	12.9	4.3	Apr 1, 2024
Robin image optimizer<= 1.6.9 Broken Access Control	26	6.5	Mar 29, 2024
Sender – Newsletter, SMS and Email Marketing Automation for WooCommerce<= 2.6.18 Cross Site Request Forgery (CSRF)	2.15	4.3	Jun 29, 2024
LiquidPoll – Advanced Polls for Creators and Brands<= 3.3.77 Cross Site Scripting (XSS)	13	6.5	Jun 27, 2024
Sign-up Sheets<= 2.2.12 Broken Access Control	12.19	5.3	Jun 27, 2024
Custom Query Blocks<= 5.2.0 Broken Access Control	10.6	5.3	Apr 24, 2024
Event Tickets<= 5.11.0.4 Cross Site Request Forgery (CSRF)	6.45	4.3	Apr 29, 2024
Zephyr Project Manager<= 3.3.99 Sensitive Data Exposure	15	7.5	Mar 4, 2024
Send Users Email<= 1.5.1 Sensitive Data Exposure	10.6	5.3	Feb 27, 2024
Coming Soon<= 1.6.3 Sensitive Data Exposure	10.6	5.3	Feb 20, 2024
HitPay Payment Gateway for WooCommerce<= 4.1.3 Sensitive Data Exposure	15	7.5	Feb 28, 2024
MBE eShip<= 2.1.2 Sensitive Data Exposure	10.6	5.3	Mar 27, 2024
Amazing Hover Effects<= 2.4.9 Cross Site Scripting (XSS)	4.88	6.5	Mar 20, 2024
Titan Anti-spam & Security<= 7.3.6 Broken Access Control	26	6.5	Mar 29, 2024
MBE eShip<= 2.1.2 Cross Site Request Forgery (CSRF)	2.7	5.4	Mar 8, 2024
Auto Featured Image (Auto Post Thumbnail)<= 4.1.2 Broken Access Control	12.9	4.3	Mar 28, 2024
Wallet System for WooCommerce<= 2.5.13 Sensitive Data Exposure	15	7.5	Mar 25, 2024
Power BI Embedded for WordPress<= 1.1.7 Cross Site Scripting (XSS)	4.43	6.5	Mar 21, 2024
Meks Smart Author Widget<= 1.1.4 Cross Site Scripting (XSS)	4.88	6.5	Mar 22, 2024
TOCHAT.BE<= 1.3.0 Cross Site Scripting (XSS)	13	6.5	Jun 27, 2024
Testimonials Widget<= 4.0.4 Cross Site Scripting (XSS)	4.88	6.5	Mar 24, 2024
Social Media & Share Icons<= 2.9.1 Cross Site Scripting (XSS)	N/A	5.9	Mar 24, 2024
Meks Easy Ads Widget<= 2.0.8 Cross Site Scripting (XSS)	N/A	5.9	Mar 22, 2024
CC & BCC for Woocommerce Order Emails<= 1.4.1 Cross Site Scripting (XSS)	N/A	5.9	Mar 13, 2024
affiliate-toolkit<= 3.4.4 Sensitive Data Exposure	10.6	5.3	Dec 7, 2023
Contact Form Builder, Contact Widget<= 2.1.7 Bypass Vulnerability	10.6	5.3	Jan 20, 2024
WP EasyCart<= 5.5.19 Broken Access Control	10.6	5.3	Jan 15, 2024
ActiveDEMAND<= 0.2.43 Cross Site Request Forgery (CSRF)	2.15	4.3	Apr 25, 2024
Integration for Contact Form 7 and Constant Contact<= 1.1.5 Cross Site Request Forgery (CSRF)	2.15	4.3	Mar 27, 2024
Fastly<= 1.2.25 Broken Access Control	5.3	5.3	Apr 18, 2024
Integration for Contact Form 7 HubSpot<= 1.3.1 Cross Site Request Forgery (CSRF)	2.15	4.3	Mar 27, 2024
Integration for Salesforce and Contact Form 7, WPForms, Elementor, Formidable, Ninja <= 1.3.9 Cross Site Request Forgery (CSRF)	2.15	4.3	Mar 27, 2024
WP Discourse<= 2.5.1 Broken Access Control	4.3	4.3	Mar 28, 2024
Integration for Pipedrive and Contact Form 7, WPForms, Elementor, Ninja Forms<= 1.2.0 Cross Site Request Forgery (CSRF)	2.15	4.3	Mar 27, 2024
Ghost<= 1.4.0 Sensitive Data Exposure	15	7.5	Mar 25, 2024
Dynamics 365 Integration<= 1.3.17 Sensitive Data Exposure	10.6	5.3	Mar 25, 2024
Archives Calendar Widget<= 1.0.15 Cross Site Scripting (XSS)	N/A	5.9	Mar 22, 2024
Min and Max Purchase for WooCommerce<= 2.0.0 Cross Site Scripting (XSS)	4.88	6.5	Mar 19, 2024
TweetScroll Widget<= 1.3.7 Cross Site Scripting (XSS)	4.13	5.5	Mar 19, 2024
Media Cleaner<= 6.7.2 Sensitive Data Exposure	31.8	5.3	Sep 29, 2023
CF7 File Download – File Download for CF7<= 2.0 Cross Site Scripting (XSS)	N/A	5.9	Mar 6, 2024
WordPress Ad Widget<= 2.20.1 Cross Site Scripting (XSS)	N/A	5.9	Mar 24, 2024
Fan Page Widget by ThemeNcode<= 2.0 Cross Site Scripting (XSS)	N/A	5.9	Mar 23, 2024
Meks ThemeForest Smart Widget<= 1.5 Cross Site Scripting (XSS)	N/A	5.9	Mar 22, 2024
Meks Smart Social Widget<= 1.6.4 Cross Site Scripting (XSS)	N/A	5.9	Mar 22, 2024
Smart Recent Posts Widget<= 1.0.4 Cross Site Scripting (XSS)	N/A	5.9	Mar 22, 2024
Leaky Paywall<= 4.20.8 Broken Access Control	15	7.5	Jan 16, 2024
Easy Accept Payments<= 4.9.10 Broken Access Control	15	7.5	Jan 11, 2024
Video Conferencing with Zoom<= 4.4.4 Open Redirection	9.4	4.7	Jan 23, 2024
WP Time Slots Booking Form<= 1.2.06 Broken Access Control	15	7.5	Mar 13, 2024
WordPress Assistant<= 1.4.9.1 Sensitive Data Exposure	10.6	5.3	Mar 26, 2024
Blocksy<= 2.0.33 Cross Site Scripting (XSS)	19.5	6.5	Mar 25, 2024
WP ADA Compliance Check Basic<= 3.1.3 Cross Site Request Forgery (CSRF)	2.15	4.3	Mar 14, 2024
WP-Lister Lite for eBay<= 3.5.11 Arbitrary File Upload	6.83	9.1	Mar 14, 2024
WooCommerce Shipping Label<= 2.3.8 Cross Site Scripting (XSS)	1.48	5.9	Mar 20, 2024
List Custom Taxonomy Widget<= 4.1 Cross Site Scripting (XSS)	N/A	5.9	Mar 23, 2024
Accessibility Widget<= 2.2 Cross Site Scripting (XSS)	11.8	6.5	Mar 23, 2024
All-in-one Like Widget<= 2.2.7 Cross Site Scripting (XSS)	N/A	5.9	Mar 24, 2024
USPS Shipping for WooCommerce – Live Rates<= 1.9.4 Sensitive Data Exposure	10.6	5.3	Jan 25, 2024
Widget Post Slider<= 1.3.5 Cross Site Scripting (XSS)	4.43	5.9	Mar 23, 2024
Paid Memberships Pro<= 2.12.10 Cross Site Request Forgery (CSRF)	6.45	4.3	Feb 22, 2024
BizPrint<= 4.3.39 Broken Access Control	15	7.5	Jan 26, 2024
Advanced Floating Content<= 1.2.5 Cross Site Scripting (XSS)	3.25	5.9	Mar 21, 2024
RSS Feed Widget<= 2.9.7 Cross Site Scripting (XSS)	N/A	5.9	Mar 23, 2024
Navigation menu as Dropdown Widget<= 1.3.4 Cross Site Scripting (XSS)	N/A	5.9	Mar 23, 2024

Report vulnerabilities to earn bounties and rewards!

Include pending