LVT-tholv2k

8,700.30

XP

469

Reports

0

Reports, last 90 days

#23

3 Apr, 2026

🇻🇳

Lvl 9

Website

GitHub

Exploited

Affected software \| Vulnerability	AXP	Severity	Reported
GLS Shipping for WooCommerce<= 1.4.0 Cross Site Scripting (XSS)	14.2	7.1	28/09/2025
Netgsm<= 2.9.63 Cross Site Scripting (XSS)	16.33	7.1	28/09/2025
Subscribe to Unlock Lite<= 1.3.0 Local File Inclusion	22.5	7.5	10/03/2025
WPMobile.App<= 11.71 Cross Site Scripting (XSS)	24.5	7.1	26/09/2025
Gutenify<= 1.5.7 Cross Site Scripting (XSS)	14.2	7.1	29/05/2025
Easy Elementor Addons<= 2.2.8 Local File Inclusion	12.94	7.5	13/09/2025
Ray Enterprise Translation<= 1.7.2 Broken Access Control	5.4	5.4	13/06/2025
InPost Gallery<= 2.1.4.5 Local File Inclusion	15	7.5	03/06/2025
Gutenify<= 1.5.4 Local File Inclusion	30	7.5	29/05/2025
Funnel Builder by FunnelKit<= 3.11.1 Local File Inclusion	60	7.5	27/06/2025
WP Pipes<= 1.4.3 Cross Site Scripting (XSS)	10.65	7.1	05/06/2025
CF7 WOW Styler<= 1.7.2 Local File Inclusion	34.5	7.5	21/06/2025
GMap Targeting<= 1.1.6 Local File Inclusion	8.8	8.8	03/06/2025
Realtyna Organic IDX plugin<= 5.0.0 Local File Inclusion	30	7.5	22/06/2025
Anchor smooth scroll<= 1.0.2 Local File Inclusion	16.2	8.1	29/06/2025
Paid Member Subscriptions<= 2.15.4 Local File Inclusion	30	7.5	21/06/2025
PoloPag – Pix Automático para Woocommerce<= 2.0.9 Local File Inclusion	15	7.5	28/06/2025
News Magazine X<= 1.2.37 Local File Inclusion	30	7.5	02/06/2025
Graphina<= 3.1.1 Local File Inclusion	30	7.5	04/06/2025
WP REST Cache<= 2025.1.0 Local File Inclusion	30	7.5	04/06/2025
Gutenberg Blocks<= 3.3.1 Local File Inclusion	60	7.5	15/06/2025
Premmerce Wishlist for WooCommerce<= 1.1.10 Local File Inclusion	51.75	7.5	28/06/2025
Premmerce Wholesale Pricing for WooCommerce<= 1.1.10 Local File Inclusion	51.75	7.5	28/06/2025
Premmerce User Roles<= 1.0.13 Local File Inclusion	51.75	7.5	28/06/2025
Responsive Sidebar<= 1.2.2 Local File Inclusion	22.5	7.5	28/06/2025
Premmerce Product Search for WooCommerce<= 2.2.4 Local File Inclusion	51.75	7.5	28/06/2025
Lazy Load Optimizer<= 1.4.7 Local File Inclusion	30	7.5	28/06/2025
Finale Lite<= 2.20.0 Cross Site Scripting (XSS)	14.2	7.1	28/06/2025
NextMove Lite<= 2.24.0 Cross Site Scripting (XSS)	14.2	7.1	28/06/2025
SEOPress for MainWP<= 1.4 Local File Inclusion	30	7.5	21/06/2025
WP Pipes<= 1.4.3 Local File Inclusion	24.3	8.1	05/06/2025
Simple Contact Forms<= 1.6.4 Local File Inclusion	16.2	8.1	22/06/2025
LearnPress Export Import<= 4.0.9 Cross Site Scripting (XSS)	14.2	7.1	22/06/2025
LearnPress Export Import<= 4.1.2 Local File Inclusion	30	7.5	21/06/2025
WP Customer Area<= 8.3.4 Local File Inclusion	30	7.5	21/06/2025
Favorites<= 2.3.6 Local File Inclusion	30	7.5	21/06/2025
Widget for Google Reviews<= 1.0.15 Local File Inclusion	32.4	8.1	01/06/2025
Ghost Kit<= 3.4.1 Local File Inclusion	32.4	8.1	29/05/2025
Store Exporter<= 2.7.6 Local File Inclusion	51.75	7.5	15/06/2025
WooCommerce Store Toolkit<= 2.4.3 Local File Inclusion	51.75	7.5	15/06/2025
WP Pipes<= 1.4.3 SQL Injection	27.9	9.3	05/06/2025
WP Pipes<= 1.4.3 Arbitrary File Deletion	38.7	8.6	06/06/2025
WP Travel Gutenberg Blocks<= 3.9.0 Local File Inclusion	32.4	8.1	29/05/2025
FW Gallery<= 8.0.0 Arbitrary File Upload	N/A	10	25/04/2025
Gmedia Photo Gallery<= 1.23.0 Local File Inclusion	11.25	7.5	28/05/2025
FW Gallery<= 8.0.0 Local File Inclusion	N/A	8.1	25/04/2025
FW Food Menu <= 6.0.0 Arbitrary File Deletion	N/A	8.6	25/04/2025
Classified Listing<= 4.2.0 Local File Inclusion	12.94	7.5	01/06/2025
HUSKY<= 1.3.7 Local File Inclusion	51.75	7.5	03/06/2025
Woocommerce Line Notify<= 1.1.7 Cross Site Scripting (XSS)	14.2	7.1	29/04/2025
FunnelKit Automations<= 3.6.0 Open Redirection	9.4	4.7	28/04/2025
FW Food Menu <= 6.0.0 Arbitrary File Upload	N/A	10	25/04/2025
WP Job Portal<= 2.3.2 SQL Injection	42.78	9.3	24/04/2025
FW Gallery<= 8.0.0 Arbitrary File Deletion	N/A	8.6	25/04/2025
Stock Locations for WooCommerce<= 2.8.6 Broken Access Control	7.1	7.1	21/04/2025
MultiVendorX<= 4.2.22 Sensitive Data Exposure	15	7.5	30/04/2025
Wishlist<= 1.0.43 Cross Site Scripting (XSS)	4.88	6.5	17/02/2025
WP Job Portal<= 2.3.2 Arbitrary File Download	25.88	7.5	24/04/2025
Majestic Support<= 1.1.0 SQL Injection	42.78	9.3	22/04/2025
WordPress Social Login and Register<= 7.6.10 Local File Inclusion	48.6	8.1	24/03/2025
miniOrange Discord Integration<= 2.2.2 Local File Inclusion	48.6	8.1	24/03/2025
Essential Real Estate<= 5.2.9 Local File Inclusion	48.6	8.1	14/04/2025
WP Event Manager<= 3.1.51 Local File Inclusion	97.2	8.1	14/04/2025
Majestic Support<= 1.1.0 Broken Access Control	12.19	5.3	22/04/2025
WP Job Portal<= 2.3.2 Insecure Direct Object References (IDOR)	12.19	5.3	25/04/2025
Printcart Web to Print Product Designer for WooCommerce<= 2.3.9 Arbitrary File Upload	60	10	30/03/2025
Printcart Web to Print Product Designer for WooCommerce<= 2.4.0 SQL Injection	37.2	9.3	30/03/2025
Ajar in5 Embed<= 3.1.5 Arbitrary File Upload	60	10	30/03/2025
Lead Form Data Collection to CRM<= 3.1 Privilege Escalation	26.4	8.8	18/03/2025
PSW Front-end Login & Registration<= 1.13 Broken Authentication	58.8	9.8	29/03/2025
Challan<= 3.7.58 Cross Site Request Forgery (CSRF)	13.2	8.8	15/04/2025
Evergreen Content Poster<= 1.4.5 Broken Access Control	7.42	4.3	04/02/2025
Popup Builder<= 1.1.35 Local File Inclusion	22.5	7.5	16/04/2025
Booking and Rental Manager<= 2.3.6 Broken Access Control	10.6	5.3	15/02/2025
Booking and Rental Manager<= 2.2.8 Broken Access Control	10.6	5.3	15/02/2025
Hotel Booking<= 3.6 Local File Inclusion	48.6	8.1	27/12/2024
Xelion Webchat<= 9.1.0 Privilege Escalation	26.4	8.8	12/03/2025
Starfish Review Generation & Marketing<= 3.1.19 Privilege Escalation	26.4	8.8	13/03/2025
WP Subscription Forms<= 1.2.3 Broken Access Control	5.4	5.4	10/03/2025
Subscribe to Unlock Lite<= 1.3.0 Local File Inclusion	16.88	7.5	10/03/2025
HelpGent<= 2.2.5 PHP Object Injection	39.2	9.8	21/02/2025
Testimonial Slider And Showcase Pro<= 2.1.7 Local File Inclusion	45	7.5	20/02/2025
Course Booking System<= 6.1.2 Cross Site Scripting (XSS)	14.2	7.1	18/10/2024
Local Magic<= 2.9.0 SQL Injection	37.2	9.3	04/02/2025
JS Job Manager<= 2.0.2 Arbitrary File Upload	60	10	23/02/2025
Administrator Z<= 2025.03.24 Privilege Escalation	26.4	8.8	18/03/2025
TuriTop Booking System<= 1.0.10 PHP Object Injection	17.6	8.8	22/12/2024
Email Notifications for Updates<= 1.1.6 Privilege Escalation	26.4	8.8	11/03/2025
Question Answer<= 1.2.73 PHP Object Injection	17.6	8.8	14/02/2025
Booking and Rental Manager<= 2.2.8 Local File Inclusion	16.88	7.5	12/02/2025
Paid Videochat Turnkey Site<= 7.3.11 Broken Authentication	58.8	9.8	30/03/2025
Rankology SEO – On-site SEO<= 2.2.4 Privilege Escalation	29.4	9.8	31/03/2025
Stop Registration Spam<= 1.24 Cross Site Scripting (XSS)	14.2	7.1	16/12/2024
Question Answer<= 1.2.70 Cross Site Scripting (XSS)	14.2	7.1	14/02/2025
WP-BusinessDirectory<= 3.1.2 Cross Site Scripting (XSS)	14.2	7.1	30/01/2025
TableOn<= 1.0.4.3 PHP Object Injection	39.2	9.8	21/12/2024
EmpikPlace for Woocommerce<= 1.4.3 PHP Object Injection	19.6	9.8	19/12/2024
Checkout Mestres WP<= 8.7.5 Privilege Escalation	58.8	9.8	10/03/2025
Material Dashboard<= 1.4.5 Local File Inclusion	22.5	7.5	22/03/2025
Seo Meta Tags<= 1.4 Cross Site Request Forgery (CSRF)	13.2	8.8	27/03/2025

Report vulnerabilities to earn bounties and rewards!

Include pending