Muhammad Daffa

Say thanks

633.89

XP

97

Reports

0

Reports, last 90 days

#9

1 Apr, 2026

🇮🇩

Lvl 3

Website

GitHub

Exploited

Affected software \| Vulnerability	AXP	Severity	Reported
Pinpoint Booking System<= 2.9.9.5.7 Broken Access Control	6.3	6.3	01/08/2024
Pinpoint Booking System<= 2.9.9.5.7 Cross Site Request Forgery (CSRF)	10.8	5.4	01/08/2024
Edwiser Bridge<= 3.0.7 Server Side Request Forgery (SSRF)	4.9	4.9	02/08/2024
Edwiser Bridge<= 3.0.7 Cross Site Scripting (XSS)	6.5	6.5	02/08/2024
WordPress Portfolio Builder – Portfolio Gallery<= 1.1.7 Cross Site Scripting (XSS)	4.88	6.5	04/08/2024
Like Button Rating<= 2.6.53 Cross Site Request Forgery (CSRF)	3.55	7.1	06/08/2024
EasyJobs<= 2.4.14 Cross Site Request Forgery (CSRF)	3.55	7.1	06/08/2024
Podlove Podcast Publisher<= 4.1.13 Cross Site Request Forgery (CSRF)	4.8	9.6	05/08/2024
Podlove Podcast Publisher<= 4.1.13 Cross Site Scripting (XSS)	4.88	6.5	05/08/2024
GetPaid<= 2.8.11 Broken Access Control	3.23	4.3	06/08/2024
WPMobile.App<= 11.48 Cross Site Request Forgery (CSRF)	8.6	7.1	04/08/2024
Print Barcode Labels for your WooCommerce products/orders<= 3.4.9 Broken Access Control	6.5	6.5	02/08/2024
WP Telegram Widget and Join Link<= 2.1.27 Cross Site Scripting (XSS)	4.88	6.5	04/08/2024
Event Management Tickets Booking<= 1.4.3 Sensitive Data Exposure	10.6	5.3	27/10/2023
Contact Form Widget<= 1.3.9 Sensitive Data Exposure	10.6	5.3	27/10/2023
Realtyna Organic IDX plugin<= 4.14.4 Cross Site Scripting (XSS)	14.2	7.1	25/10/2023
Forms to Zapier, Integromat, IFTTT, Workato, Automate.io, elastic.io, Built.io, APIAN<= 1.1.12 SQL Injection	N/A	7.6	26/10/2023
CBX Bookmark & Favorite<= 1.7.20 SQL Injection	N/A	7.6	25/10/2023
User Activity Log<= 1.9 SQL Injection	N/A	7.6	19/10/2023
Edwiser Bridge<= 3.0.2 SQL Injection	N/A	7.6	25/10/2023
10Web Map Builder for Google Maps<= 1.0.74 SQL Injection	N/A	7.6	24/10/2023
Paid Memberships Pro – Mailchimp Add On<= 2.3.4 Sensitive Data Exposure	10.6	5.3	09/11/2023
WordPress Announcement & Notification Banner Plugin – Bulletin<= 3.8.5 SQL Injection	N/A	7.6	25/10/2023
Albo Pretorio Online<= 4.6.6 Sensitive Data Exposure	10.6	5.3	27/10/2023
Recipe Maker For Your Food Blog from Zip Recipes<= 8.1.0 SQL Injection	8.55	7.6	25/10/2023
Product Feed Manager<= 7.3.15 Directory Traversal	N/A	5.5	23/10/2023
Events Shortcodes & Templates For The Events Calendar<= 2.3.1 SQL Injection	8.55	7.6	20/10/2023
WS Form LITE<= 1.9.170 SQL Injection	N/A	7.6	25/10/2023
GEO my WordPress<= 4.0.2 SQL Injection	N/A	7.6	25/10/2023
Most And Least Read Posts Widget<= 2.5.16 SQL Injection	9.56	8.5	25/10/2023
WP Adminify<= 3.1.6 SQL Injection	N/A	7.6	25/10/2023
Page Generator<= 1.7.1 SQL Injection	N/A	7.6	25/10/2023
eCommerce Product Catalog<= 3.3.26 Sensitive Data Exposure	10.6	5.3	09/11/2023
Product Catalog Simple<= 1.7.6 Sensitive Data Exposure	10.6	5.3	09/11/2023
FunnelKit Automations<= 2.6.1 SQL Injection	N/A	7.6	19/10/2023
Funnel Builder by FunnelKit<= 2.14.3 SQL Injection	N/A	7.6	23/10/2023
Pre* Party Resource Hints<= 1.8.19 SQL Injection	N/A	7.6	26/10/2023
Squirrly SEO - Advanced Pack< 2.4.02 SQL Injection	N/A	7.6	06/11/2023
Advanced Form Integration<= 1.75.0 SQL Injection	N/A	7.6	23/10/2023
BookIt<= 2.4.3 SQL Injection	N/A	7.6	18/10/2023
Simply Schedule Appointments< 1.6.6.1 SQL Injection	N/A	7.6	18/10/2023
e2pdf<= 1.20.23 SQL Injection	N/A	7.6	18/10/2023
404 Solution<= 2.34.0 SQL Injection	N/A	7.6	18/10/2023
Welcart e-Commerce<= 2.9.3 SQL Injection	5.7	7.6	17/10/2023
RegistrationMagic<= 5.2.4.5 SQL Injection	N/A	7.6	18/10/2023
GeoDirectory<= 2.3.28 SQL Injection	N/A	7.6	17/10/2023
WP Mail Catcher<= 2.1.3 SQL Injection	N/A	7.6	17/10/2023
Cookie Bar<= 2.0 Cross Site Scripting (XSS)	N/A	5.9	17/10/2023
Link Whisper Free<= 0.6.5 SQL Injection	19.13	8.5	19/10/2023
Quick Call Button<= 1.2.9 Cross Site Scripting (XSS)	N/A	5.9	17/10/2023
iPages Flipbook<= 1.4.8 SQL Injection	N/A	7.6	25/10/2023
ImageLinks Interactive Image Builder<= 1.5.4 SQL Injection	N/A	7.6	25/10/2023
Store Exporter<= 2.7.2 Cross Site Scripting (XSS)	14.2	7.1	23/10/2023
GD Security Headers<= 1.7 SQL Injection	N/A	7.6	25/10/2023
ICS Calendar<= 10.12.0.3 Arbitrary File Download	9.23	8.2	18/10/2023
Table of Contents Plus<= 2302 Cross Site Request Forgery (CSRF)	13.5	5.4	27/08/2023
Meks Video Importer<= 1.0.10 Cross Site Request Forgery (CSRF)	2.15	4.3	20/02/2023
Meks Time Ago<= 1.1.6 Cross Site Request Forgery (CSRF)	2.15	4.3	20/02/2023
Meks ThemeForest Smart Widget<= 1.4 Cross Site Request Forgery (CSRF)	2.15	4.3	20/02/2023
Meks Smart Author Widget<= 1.1.3 Cross Site Request Forgery (CSRF)	4.3	4.3	20/02/2023
Meks Audio Player<= 1.2 Cross Site Request Forgery (CSRF)	2.15	4.3	20/02/2023
Meks Easy Maps<= 2.1.3 Cross Site Request Forgery (CSRF)	2.15	4.3	20/02/2023
Meks Easy Photo Feed Widget<= 1.2.7 Cross Site Request Forgery (CSRF)	4.3	4.3	20/02/2023
Meks Simple Flickr Widget<= 1.2 Cross Site Request Forgery (CSRF)	4.3	4.3	19/02/2023
Meks Easy Ads Widget<= 2.0.7 Cross Site Request Forgery (CSRF)	2.15	4.3	20/02/2023
Royal Elementor Addons<= 1.3.75 Cross Site Request Forgery (CSRF)	17.2	4.3	09/12/2022
Meks Smart Social Widget<= 1.6 Cross Site Request Forgery (CSRF)	4.3	4.3	19/02/2023
ShopLentor<= 2.6.2 Cross Site Request Forgery (CSRF)	12.9	4.3	09/12/2022
Visibility Logic for Elementor<= 2.3.4 Cross Site Request Forgery (CSRF)	8.6	4.3	09/12/2022
Enhanced Text Widget<= 1.5.8 Broken Access Control	12.9	4.3	10/01/2023
Product Gallery Slider for WooCommerce<= 2.2.8 Cross Site Request Forgery (CSRF)	4.3	4.3	11/11/2022
Custom Twitter Feeds (Tweets Widget)<= 1.8.4 Cross Site Request Forgery (CSRF)	N/A	5.4	No date
Performance Lab<= 2.2.0 Cross Site Request Forgery (CSRF)	8.6	4.3	10/12/2022
Simple Share Buttons Adder<= 8.5.2 Cross Site Request Forgery (CSRF)	12.9	4.3	10/12/2022
Ninja Tables<= 4.3.4 Cross Site Scripting (XSS)	N/A	5.9	12/12/2022
Ninja Tables<= 4.3.4 Cross Site Request Forgery (CSRF)	12.9	4.3	12/12/2022
ShopEngine<= 4.1.1 Cross Site Request Forgery (CSRF)	5.4	5.4	11/11/2022
YellowPencil Visual CSS Style Editor<= 7.5.8 Cross Site Scripting (XSS)	N/A	4	No date
Themify Portfolio Post<= 1.2.4 Cross Site Scripting (XSS)	6.5	4.1	28/01/2022
Custom Order Numbers for WooCommerce<= 1.4.0 Cross Site Request Forgery (CSRF)	4.3	4.3	11/11/2022
Shortlinks by Pretty Links<= 3.4.0 Cross Site Request Forgery (CSRF)	21.5	4.3	10/12/2022
Health Check & Troubleshooting<= 1.5.1 Cross Site Request Forgery (CSRF)	21	4.3	14/12/2022
Happy Addons for Elementor<= 3.8.2 Cross Site Request Forgery (CSRF)	21.5	4.3	13/12/2022
Popup Anything<= 2.2.1 Cross Site Request Forgery (CSRF)	N/A	4.3	14/04/2022
Product Feed PRO for WooCommerce<= 12.4.4 Cross Site Request Forgery (CSRF)	21.6	5.4	30/09/2022
WordPress Ping Optimizer<= 2.35.1.2.3 Cross Site Request Forgery (CSRF)	N/A	5.4	No date
WooCommerce Weight Based Shipping<= 5.4.1 Cross Site Request Forgery (CSRF)	12.9	4.3	03/10/2022
Print Invoice & Delivery Notes for WooCommerce<= 4.7.2 Cross Site Request Forgery (CSRF)	13	6.5	30/09/2022
When Last Login<= 1.2.1 Cross Site Request Forgery (CSRF)	4.3	4.3	19/02/2023
WP Meteor Page Speed Optimization Topping<= 3.1.4 Cross Site Request Forgery (CSRF)	4.3	4.3	19/02/2023
The Post Grid<= 5.0.4 Cross Site Request Forgery (CSRF)	8.6	4.3	09/12/2022
Starter Templates<= 3.1.20 Cross Site Request Forgery (CSRF)	30.1	4.3	09/12/2022
WP Table Builder<= 1.4.6 Cross Site Scripting (XSS)	N/A	5.9	11/12/2022
TeraWallet – For WooCommerce<= 1.3.24 Cross Site Request Forgery (CSRF)	N/A	5.4	No date
Void Contact Form 7 Widget For Elementor Page Builder<= 2.1.1 Cross Site Request Forgery (CSRF)	8.6	4.3	09/12/2022
Responsive Pricing Table<= 5.1.6 Cross Site Scripting (XSS)	6.5	6.5	11/12/2022
A2 Optimized WP<= 3.0.4 Cross Site Request Forgery (CSRF)	12.9	4.3	10/01/2023
CURCY<= 2.1.25 Broken Access Control	6.5	6.5	30/09/2022
ShopLentor<= 2.5.1 Cross Site Request Forgery (CSRF)	16.2	5.4	03/10/2022
Conversios.io<= 5.2.3 Cross Site Request Forgery (CSRF)	16.2	5.4	03/10/2022

Report vulnerabilities to earn bounties and rewards!

Include pending