Yudistira Arya

Say thanks

1115.84

XP

83

Reports

0

Reports, last 90 days

#31

22 Dec, 2025

Lvl 4

Website

GitHub

Exploited

Affected software \| Vulnerability	AXP	Severity	Reported
Tockify Events Calendar<= 2.2.13 Cross Site Scripting (XSS)	4.88	6.5	Jan 31, 2025
Moloni<= 4.7.4 Cross Site Scripting (XSS)	24.85	7.1	Feb 13, 2024
ARForms Form Builder<= 1.6.7 Cross Site Scripting (XSS)	14.2	7.1	May 27, 2024
ARI Fancy Lightbox<= 1.3.14 Cross Site Scripting (XSS)	N/A	4	Jun 3, 2024
BSK PDF Manager<= 3.6 Cross Site Scripting (XSS)	N/A	4	Jun 3, 2024
e2pdf<= 1.24.00 Cross Site Scripting (XSS)	2.3	4	Jun 3, 2024
EmbedPress<= 4.0.2 Cross Site Scripting (XSS)	N/A	4	Jun 3, 2024
Wonder PDF Embed<= 2.7 Cross Site Scripting (XSS)	N/A	4	Jun 3, 2024
PDF Viewer<= 1.1.0 Cross Site Scripting (XSS)	N/A	4	Jun 3, 2024
PDF Poster<= 2.1.21 Cross Site Scripting (XSS)	N/A	4	Jun 3, 2024
PDF Viewer for Elementor<= 2.9.3 Cross Site Scripting (XSS)	N/A	4	Jun 3, 2024
PDF.js Viewer<= 2.1.8.1 Cross Site Scripting (XSS)	N/A	6.5	Jun 3, 2024
Tainacan<= 0.21.5 Cross Site Scripting (XSS)	N/A	6.5	Jun 3, 2024
The Ultimate WordPress Toolkit – WP Extended<= 2.4.7 Cross Site Scripting (XSS)	14.2	7.1	May 27, 2024
Optinly<= 1.0.18 Broken Access Control	10.6	5.3	Feb 1, 2024
Ibtana<= 1.2.3.3 Broken Access Control	10.6	5.3	Feb 1, 2024
Newsletters<= 4.9.5 Cross Site Scripting (XSS)	14.2	7.1	Jan 18, 2024
WPvivid Backup for MainWP<= 0.9.32 Cross Site Scripting (XSS)	14.2	7.1	Jan 16, 2024
AdFoxly – Ad Manager, AdSense Ads & Ads.txt<= 1.8.5 Broken Access Control	10.6	5.3	Jan 12, 2024
Crafthemes Demo Import<= 3.3 Broken Access Control	7.6	7.6	Jan 9, 2024
Post Grid Master<= 3.4.11 Cross Site Scripting (XSS)	4.88	6.5	Dec 27, 2023
Knowledge Base documentation & wiki plugin – BasePress<= 2.16.1 Server Side Request Forgery (SSRF)	5	5	Dec 6, 2023
KB Support<= 1.6.0 Broken Access Control	6.5	6.5	Dec 5, 2023
Knowledge Base documentation & wiki plugin – BasePress<= 2.16.1 Broken Access Control	5.4	5.4	Dec 6, 2023
BuddyForms<= 2.8.8 Arbitrary File Download	25.8	8.6	Jan 11, 2024
Sendinblue for WooCommerce<= 4.0.17 Arbitrary File Download	6.38	8.5	Jan 31, 2024
FG Joomla to WordPress<= 4.20.2 Sensitive Data Exposure	10.6	5.3	Dec 22, 2023
Conversational Forms for ChatBot<= 1.1.8 Arbitrary File Download	22.5	7.5	Jan 29, 2024
Olive One Click Demo Import<= 1.1.1 Arbitrary File Download	22.5	7.5	Jan 31, 2024
HUSKY<= 1.3.5.2 Remote Code Execution (RCE)	70.4	8.8	Jan 11, 2024
Support Genix<= 1.2.3 Broken Access Control	N/A	9.9	Dec 2, 2023
WP Dummy Content Generator<= 3.2.1 Arbitrary Code Execution	20	10	Jan 30, 2024
EnvíaloSimple<= 2.2 Cross Site Scripting (XSS)	11.6	5.8	Jan 18, 2024
Import Content in WordPress & WooCommerce with Excel<= 4.2 Cross Site Scripting (XSS)	11.8	5.9	Jan 19, 2024
DirectoryPress<= 3.6.7 Cross Site Scripting (XSS)	24.85	7.1	Feb 13, 2024
WP File Download Light<= 1.3.3 Cross Site Scripting (XSS)	3.25	6.5	Jan 11, 2024
WP Poll Maker<= 3.4 Arbitrary File Upload	19.8	9.9	Dec 25, 2023
Product Feed PRO for WooCommerce<= 13.3.1 Sensitive Data Exposure	31.8	5.3	Dec 29, 2023
Amelia<= 1.0.95 Cross Site Request Forgery (CSRF)	8.1	5.4	Jan 4, 2024
MP3 Audio Player for Music, Radio & Podcast by Sonaar<= 4.10.1 Arbitrary File Download	22.5	7.5	Jan 14, 2024
App Builder<= 3.8.7 Open Redirection	9.4	4.7	Feb 1, 2024
Product Designer<= 1.0.32 PHP Object Injection	17.4	8.7	Dec 29, 2023
ARForms Form Builder<= 1.6.1 Cross Site Request Forgery (CSRF)	3.15	6.3	Jan 9, 2024
ARForms Form Builder<= 1.6.1 Broken Access Control	7.6	7.6	Jan 9, 2024
FG Drupal to WordPress<= 3.70.3 Sensitive Data Exposure	10.6	5.3	Dec 22, 2023
WP Poll Maker<= 3.1 Arbitrary File Deletion	11.55	7.7	Dec 25, 2023
User Rights Access Manager<= 1.1.4 Cross Site Scripting (XSS)	11.6	5.8	Jan 18, 2024
Kanban Boards for WordPress<= 2.5.21 Cross Site Scripting (XSS)	14.2	7.1	Jan 18, 2024
New Order Notification for Woocommerce<= 2.0.2 Broken Access Control	8.1	7.1	Jan 12, 2024
WP Hotel Booking<= 2.0.9.2 Broken Access Control	13	6.5	Jan 31, 2024
WP Travel Engine<= 5.7.9 SQL Injection	N/A	7.6	Dec 18, 2023
WP Travel Engine<= 5.7.9 SQL Injection	27.9	9.3	Dec 18, 2023
FG PrestaShop to WooCommerce<= 4.45.1 Sensitive Data Exposure	10.6	5.3	Dec 22, 2023
Finale Lite<= 2.18.0 Remote Code Execution (RCE)	17.6	8.8	Dec 26, 2023
WordPress Tooltips< 9.4.5 SQL Injection	9.56	8.5	Dec 24, 2023
PDF Invoices and Packing Slips For WooCommerce<= 1.3.7 PHP Object Injection	8.2	8.2	Dec 29, 2023
WP-Lister Lite for Amazon<= 2.6.8 Cross Site Scripting (XSS)	14.2	7.1	Jan 18, 2024
PropertyHive<= 2.0.8 Cross Site Scripting (XSS)	14.2	7.1	Jan 18, 2024
WPDM – Premium Packages<= 5.8.2 Cross Site Scripting (XSS)	14.2	7.1	Jan 19, 2024
Crypto Converter Widget<= 1.8.4 Cross Site Scripting (XSS)	4.88	6.5	Jan 12, 2024
MDTF<= 1.3.2 Cross Site Scripting (XSS)	4.88	6.5	Jan 12, 2024
Co-marquage service-public.fr<= 0.5.72 Cross Site Scripting (XSS)	24.85	7.1	Feb 13, 2024
Olive One Click Demo Import<= 1.1.1 Broken Access Control	16.4	8.2	Jan 31, 2024
Restrict User Access – Membership Plugin with Force<= 2.5 Cross Site Scripting (XSS)	24.85	7.1	Feb 13, 2024
RegistrationMagic<= 5.2.5.9 Cross Site Scripting (XSS)	14.2	7.1	Jan 16, 2024
HT Easy GA4 ( Google Analytics 4 )<= 1.1.7 Cross Site Scripting (XSS)	24.85	7.1	Feb 1, 2024
YITH WooCommerce Product Add-Ons<= 4.5.0 Cross Site Scripting (XSS)	14.2	7.1	Jan 19, 2024
Defender Security<= 4.4.1 Bypass Vulnerability	36.57	5.3	Dec 13, 2023
NextMove Lite<= 2.17.0 Remote Code Execution (RCE)	17.6	8.8	Dec 26, 2023
Link Library<= 7.5.13 Cross Site Scripting (XSS)	14.2	7.1	Jan 16, 2024
Total Upkeep<= 1.15.8 Arbitrary File Download	67.5	7.5	Jan 15, 2024
SP Project & Document Manager <= 4.69 SQL Injection	9.56	8.5	Dec 24, 2023
WP Visitor Statistics (Real Time Traffic)<= 6.9.4 Sensitive Data Exposure	10.6	5.3	Dec 21, 2023
Mighty Addons for Elementor<= 1.9.3 Cross Site Scripting (XSS)	14.2	7.1	Jan 16, 2024
ERE Recently Viewed<= 1.3 PHP Object Injection	19.6	9.8	Dec 25, 2023
PropertyHive<= 2.0.6 Broken Access Control	3.25	4.3	Dec 28, 2023
PropertyHive<= 2.0.5 PHP Object Injection	17.4	8.7	Dec 28, 2023
WowStore<= 3.1.4 PHP Object Injection	17.4	8.7	Dec 28, 2023
Delhivery Logistics Courier<= 1.0.107 SQL Injection	12.75	8.5	Dec 23, 2023
Shield Security<= 18.5.7 Cross Site Scripting (XSS)	42.6	7.1	Dec 13, 2023
WooCommerce PDF Invoices & Packing Slips<= 3.7.5 SQL Injection	14.25	7.6	Jan 3, 2024
Fluent Support<= 1.7.6 SQL Injection	N/A	7.6	Nov 28, 2023
Participants Database<= 2.5.5 Broken Access Control	4.3	4.3	Nov 23, 2023

Report vulnerabilities to earn bounties and rewards!

Include pending