Alliance bounty program
About Alliance Leaderboard Vulnerability database WordPress security
Login

Muhammad Daffa

0
1
1
2
Twitter Github Website
28 November, 2022
Alliance XP
494.2
Contributions
89
Contributions 89
Achievements Soon

Report WordPress vulnerabilities, earn prizes and become an Alliance member!

Join Patchstack Alliance

Plugin

Meks Video Importer <= 1.0.10 Cross Site Request Forgery (CSRF) vulnerability

+2.15 AXP

4.3

5 September, 2023

Plugin

Meks Time Ago <= 1.1.6 Cross Site Request Forgery (CSRF) vulnerability

+2.15 AXP

4.3

5 September, 2023

Plugin

Meks ThemeForest Smart Widget <= 1.4 Cross Site Request Forgery (CSRF) vulnerability

+2.15 AXP

4.3

5 September, 2023

Plugin

Meks Smart Author Widget <= 1.1.3 Cross Site Request Forgery (CSRF) vulnerability

+4.3 AXP

4.3

5 September, 2023

Plugin

Meks Audio Player <= 1.2 Cross Site Request Forgery (CSRF) vulnerability

+2.15 AXP

4.3

5 September, 2023

Plugin

Meks Easy Maps <= 2.1.3 Cross Site Request Forgery (CSRF) vulnerability

+2.15 AXP

4.3

5 September, 2023

Plugin

Meks Easy Photo Feed Widget <= 1.2.7 Cross Site Request Forgery (CSRF) vulnerability

+4.3 AXP

4.3

5 September, 2023

Plugin

Meks Simple Flickr Widget <= 1.2 Cross Site Request Forgery (CSRF) vulnerability

+4.3 AXP

4.3

5 September, 2023

Plugin

Meks Easy Ads Widget <= 2.0.7 Cross Site Request Forgery (CSRF) vulnerability

+2.15 AXP

4.3

5 September, 2023

Plugin

Royal Elementor Addons <= 1.3.75 Multiple Cross Site Request Forgery (CSRF)

+17.2 AXP

4.3

22 August, 2023

Plugin

Meks Smart Social Widget <= 1.6 Cross Site Request Forgery (CSRF) vulnerability

+4.3 AXP

4.3

26 July, 2023

Plugin

WooLentor <= 2.6.2 Cross Site Request Forgery (CSRF) vulnerability

+12.9 AXP

4.3

5 July, 2023

Plugin

Visibility Logic for Elementor <= 2.3.4 Cross Site Request Forgery (CSRF)

+8.6 AXP

4.3

5 July, 2023

Plugin

Enhanced Text Widget <= 1.5.8 Broken Access Control vulnerability

+12.9 AXP

4.3

28 June, 2023

Plugin

Product Gallery Slider for WooCommerce <= 2.2.8 CrossSite Request Forgery (CSRF) vulnerability

+4.3 AXP

4.3

25 May, 2023

Plugin

Custom Twitter Feeds (Tweets Widget) <= 1.8.4 CrossSite Request Forgery (CSRF) vulnerability

5.4

25 May, 2023

Plugin

Performance Lab <= 2.2.0 Cross Site Request Forgery (CSRF)

+8.6 AXP

4.3

18 May, 2023

Plugin

Simple Share Buttons Adder <= 8.4.8 Cross Site Request Forgery (CSRF)

+12.9 AXP

4.3

19 April, 2023

Plugin

Ninja Tables <= 4.3.4 Cross Site Scripting (XSS)

+0 AXP

5.9

19 April, 2023

Plugin

Ninja Tables <= 4.3.4 Cross Site Request Forgery (CSRF)

+12.9 AXP

4.3

19 April, 2023

Plugin

ShopEngine <= 4.1.1 CrossSite Request Forgery (CSRF) vulnerability

+5.4 AXP

5.4

19 April, 2023

Plugin

YellowPencil Visual CSS Style Editor <= 7.5.8 Auth. Reflected CrossSite Scripting (XSS) vulnerability

+0 AXP

4.0

18 April, 2023

Plugin

Themify Portfolio Post <= 1.2.4 Auth. Stored CrossSite Scripting (XSS) vulnerability

+0 AXP

4.1

18 April, 2023

Plugin

Custom Order Numbers for WooCommerce <= 1.4.0 CrossSite Request Forgery (CSRF) vulnerability

+4.3 AXP

4.3

14 April, 2023

Plugin

Shortlinks by Pretty Links <= 3.4.0 CrossSite Request Forgery (CSRF)

+21.5 AXP

4.3

13 April, 2023

Plugin

Health Check & Troubleshooting <= 1.5.1 Cross Site Request Forgery (CSRF)

+21 AXP

4.3

6 April, 2023

Plugin

Happy Addons for Elementor <= 3.8.2 Cross Site Request Forgery (CSRF) vulnerability

+21.5 AXP

4.3

29 March, 2023

Plugin

Popup Anything <= 2.2.1 CrossSite Request Forgery (CSRF) vulnerability

+0 AXP

4.3

28 March, 2023

Plugin

Product Feed PRO for WooCommerce <= 12.4.4 CrossSite Request Forgery (CSRF) vulnerability

+21.6 AXP

5.4

22 March, 2023

Plugin

WordPress Ping Optimizer <= 2.35.1.2.3 CrossSite Request Forgery (CSRF) vulnerability

5.4

16 March, 2023

Plugin

WooCommerce Weight Based Shipping <= 5.4.1 Cross Site Request Forgery (CSRF) Vulnerability

+12.9 AXP

4.3

13 March, 2023

Plugin

Print Invoice & Delivery Notes for WooCommerce <= 4.7.2 CSRF Plugin Settings Reset vulnerability

+13 AXP

6.5

13 March, 2023

Plugin

When Last Login <= 1.2.1 Cross Site Request Forgery (CSRF) vulnerability

+4.3 AXP

4.3

2 March, 2023

Plugin

WP Meteor Page Speed Optimization Topping <= 3.1.4 Cross Site Request Forgery (CSRF) vulnerability

+4.3 AXP

4.3

28 February, 2023

Plugin

The Post Grid <= 5.0.4 Cross Site Request Forgery (CSRF)

+8.6 AXP

4.3

20 February, 2023

Plugin

Starter Templates <= 3.1.20 Cross Site Request Forgery (CSRF)

+30.1 AXP

4.3

20 February, 2023

Plugin

WP Table Builder – WordPress Table Plugin <= 1.4.6 Cross Site Scripting (XSS)

+0 AXP

5.9

20 February, 2023

Plugin

TeraWallet – For WooCommerce <= 1.3.24 Cross Site Request Forgery (CSRF)

5.4

15 February, 2023

Plugin

Void Contact Form 7 Widget For Elementor Page Builder <= 2.1.1 Cross Site Request Forgery (CSRF)

+8.6 AXP

4.3

12 February, 2023

Plugin

Responsive Pricing Table <= 5.1.6 Auth. CrossSite Scripting (XSS) vulnerability

+6.5 AXP

6.5

7 February, 2023

Plugin

A2 Optimized WP <= 3.0.4 Cross Site Request Forgery (CSRF) vulnerability

+12.9 AXP

4.3

6 February, 2023

Plugin

CURCY <= 2.1.25 Unauthenticated plugin settings change vulnerability

+6.5 AXP

6.5

6 February, 2023

Plugin

WooLentor <= 2.5.1 CSRF Leading to Plugin Settings Change Vulnerability

+16.2 AXP

5.4

6 February, 2023

Plugin

Conversios.io <= 5.2.3 Cross Site Request Forgery (CSRF)

+16.2 AXP

5.4

6 February, 2023

Plugin

Mercado Pago payments for WooCommerce <= 6.3.1 CrossSite Request Forgery (CSRF) vulnerability

+17.2 AXP

4.3

6 February, 2023

Plugin

Mercado Pago payments for WooCommerce <= 6.3.1 CrossSite Request Forgery (CSRF) vulnerability

+21.6 AXP

5.4

6 February, 2023

Plugin

Visualizer <= 3.9.1 Auth. CrossSite Scripting (XSS) vulnerability

+13 AXP

6.5

6 February, 2023

Plugin

Flexible Elementor Panel <= 2.3.8 CrossSite Request Forgery (CSRF) vulnerability

+8.6 AXP

4.3

2 February, 2023

Plugin

Side Cart Woocommerce (Ajax) < 2.1 CrossSite Request Forgery (CSRF) vulnerability

+12.9 AXP

4.3

2 February, 2023

Plugin

Unlimited Elements For Elementor (Free Widgets, Addons, Templates) <= 1.5.48 Cross Site Scripting (XSS)

+0 AXP

5.9

27 January, 2023

Plugin

WooCommerce PDF Invoices & Packing Slips <= 3.2.5 Cross Site Request Forgery (CSRF)

+21.5 AXP

4.3

27 January, 2023

Plugin

Exclusive Addons Elementor <= 2.6.1 CrossSite Request Forgery (CSRF) vulnerability

+8.6 AXP

4.3

27 January, 2023

Plugin

PixelYourSite – Your smart PIXEL (TAG) Manager <= 9.3.0 Cross Site Request Forgery (CSRF) vulnerability

+21.5 AXP

4.3

20 January, 2023

Plugin

AdRotate Banner Manager <= 5.9 Multiple CrossSite Request Forgery (CSRF) vulnerabilities

5.4

11 November, 2022

Plugin

Content Egg <= 5.4.0 CrossSite Request Forgery (CSRF) vulnerability

4.3

31 October, 2022

Plugin

TeraWallet – For WooCommerce <= 1.3.24 CrossSite Request Forgery (CSRF) vulnerability

5.4

30 October, 2022

Plugin

Advanced Coupons for WooCommerce Coupons <= 4.5 CrossSite Request Forgery (CSRF) vulnerability

5.4

30 October, 2022

Plugin

Advanced Dynamic Pricing for WooCommerce <= 4.1.5 CrossSite Request Forgery (CSRF) vulnerability

5.4

30 October, 2022

Plugin

Advanced Dynamic Pricing for WooCommerce <= 4.1.5 CrossSite Request Forgery (CSRF) vulnerability

5.4

30 October, 2022

Plugin

Custom Product Tabs for WooCommerce <= 1.7.9 Auth. Stored CrossSite Scripting (XSS) vulnerability

4.8

30 October, 2022

Plugin

Booster for WooCommerce <= 5.6.6 CrossSite Request Forgery (CSRF) vulnerability

5.4

28 October, 2022

Plugin

Creative Mail <= 1.5.4 CrossSite Request Forgery (CSRF) vulnerability

5.4

28 October, 2022

Plugin

Creative Mail <= 1.5.4 CrossSite Request Forgery (CSRF) vulnerability

5.4

28 October, 2022

Plugin

Backup Guard <= 1.6.9.0 Auth. Stored CrossSite Scripting (XSS) vulnerability

+0 AXP

4.8

27 October, 2022

Plugin

Analytify <= 4.2.2 CrossSite Request Forgery (CSRF) vulnerability

4.3

29 September, 2022

Plugin

Advanced Ads – Ad Manager & AdSense <= 1.31.1 Authenticated Stored CrossSite Scripting (XSS) vulnerability

4.8

28 September, 2022

Plugin

Manage Notification E-mails <= 1.8.2 CrossSite Request Forgery (CSRF) vulnerability

+0 AXP

4.3

27 September, 2022

Plugin

WP Page Widget <= 3.9 CrossSite Request Forgery (CSRF) vulnerability

5.4

26 September, 2022

Plugin

Seriously Simple Podcasting <= 2.16.0 CrossSite Request Forgery (CSRF) vulnerability

5.4

23 September, 2022

Plugin

SEO Redirection <= 8.9 CrossSite Request Forgery (CSRF) vulnerability

5.4

23 September, 2022

Plugin

MailOptin <= 1.2.49.0 Unauthenticated Optin Campaign Cache Deletion vulnerability

6.5

23 September, 2022

Plugin

Customer Reviews for WooCommerce <= 5.3.5 Authenticated Broken Access Control vulnerability

4.3

22 September, 2022

Plugin

Customer Reviews for WooCommerce <= 5.3.5 CrossSite Request Forgery (CSRF) vulnerability

4.3

22 September, 2022

Plugin

Customer Reviews for WooCommerce <= 5.3.5 Sensitive Information Disclosure vulnerability

5.3

22 September, 2022

Plugin

Advanced Dynamic Pricing for WooCommerce <= 4.1.3 CrossSite Request Forgery (CSRF) vulnerability

5.4

14 September, 2022

Plugin

Booking Calendar <= 9.2.1 CrossSite Request Forgery (CSRF) leading to Translations Update

5.4

6 September, 2022

Plugin

WP Shamsi <= 4.1.1 Authenticated Plugin Setting change vulnerability

4.3

5 September, 2022

Plugin

Video Gallery <= 1.3.4.5 Broken Authentication

4.3

22 August, 2022

Plugin

Search Exclude <= 1.2.6 Authenticated Stored CrossSite Scripting (XSS) vulnerability

4.8

22 August, 2022

Plugin

MaxButtons <= 9.2 Authenticated Stored CrossSite Scripting (XSS) vulnerability

3.4

2 August, 2022

Plugin

MaxButtons <= 9.2 Multiple CrossSite Request Forgery (CSRF) vulnerabilities

4.3

2 August, 2022

Plugin

Download Manager <= 3.2.48 CrossSite Request Forgery (CSRF) vulnerability

4.2

2 August, 2022

Plugin

MailerLite – Signup forms <= 1.5.7 CrossSite Request Forgery (CSRF) vulnerability

6.3

1 August, 2022

Plugin

Modern Events Calendar Lite <= 6.5.1 Authenticated Stored CrossSite Scripting (XSS) vulnerability

3.4

14 April, 2022

Plugin

WPvivid Backup and Migration <= 0.9.70 Arbitrary File Read vulnerability

2.7

7 April, 2022

Plugin

wpDataTables <= 2.1.27 Stored CrossSite Scripting (XSS) vulnerability

3.4

4 April, 2022

Plugin

WP Content Copy Protection & No Right Click <= 3.4.4 CrossSite Request Forgery (CSRF) leads to Settings Update vulnerability

4.3

16 February, 2022

Plugin

wpDiscuz <= 7.3.11 Sensitive Information Disclosure

3.7

10 February, 2022

Plugin

Charitable <= 1.6.50 Authenticated Stored CrossSite Scripting (XSS) vulnerability

5.4

21 July, 2021

Back to top

Solutions

WordPress security Vulnerability database Vulnerability API Bug bounty program Plugin auditing Active security programs NEW

WordPress security

Pricing & features For care plans For hosts For plugins NEW Documentation

Patchstack

About us Careers Media Kit Articles & insight Whitepaper 2022 NEW

Social

DPA Privacy Policy Terms & Conditions © 2023 Patchstack

Solutions

WordPress security Vulnerability database Vulnerability API Bug bounty program Plugin auditing Active security programs NEW

WordPress security

Pricing & features For care plans For hosts For plugins NEW Documentation

Patchstack

About us Careers Media Kit Articles & insight Whitepaper 2022 NEW

Social

Let us know if we have missed a vulnerability reported elsewhere

Report arrow right Close

Thank you for contributing!

Successfully submit vulnerabilities and receive an invite to our Alliance platform.

Learn more arrow right Close