Ananda Dhakal (Patchstack)

Say thanks

0

XP

0

Reports

1

Reports, last 90 days

-

27 Dec, 2025

Lvl 0

Website

GitHub

Exploited

Affected software \| Vulnerability	AXP	Severity	Reported
JNews Paywall< 12.0.1 Cross Site Request Forgery (CSRF)	1.08	4.3	No date
JNews Gallery< 12.0.1 Cross Site Scripting (XSS)	9.75	6.5	No date
Rehub<= 19.9.9.1 Sensitive Data Exposure	21.2	5.3	No date
Email Subscribers & Newsletters<= 5.9.10 PHP Object Injection	N/A	7.2	No date
Listify<= 3.2.5 Cross Site Request Forgery (CSRF)	0.54	4.3	No date
RTMKit<= 1.6.5 Arbitrary File Upload	76.85	9.9	Sep 18, 2025
Link Whisper Free<= 0.9.0 Broken Access Control	21.2	5.3	No date
Download Manager<= 3.3.24 Cross Site Request Forgery (CSRF)	8.6	4.3	Aug 22, 2025
Download Manager<= 3.3.25 Sensitive Data Exposure	42.4	5.3	Aug 22, 2025
WPeMatico RSS Feed Fetcher<= 2.8.10 Sensitive Data Exposure	4.3	4.3	Jul 17, 2025
Klarna Order Management for WooCommerce<= 1.9.8 Sensitive Data Exposure	1.65	6.6	Aug 22, 2025
Jobmonster<= 4.7.8 Cross Site Scripting (XSS)	14.2	7.1	Aug 1, 2025
MultiSite Clone Duplicator<= 1.5.3 Cross Site Scripting (XSS)	7.1	7.1	Jul 30, 2025
WpEvently<= 4.4.8 PHP Object Injection	26.4	8.8	Jul 30, 2025
Poll, Survey & Quiz Maker Plugin by Opinion Stage<= 19.11.0 Local File Inclusion	45	7.5	Apr 24, 2025
Jannah< 7.5.1 Local File Inclusion	48.6	8.1	Mar 6, 2025
miniOrange's Google Authenticator<= 6.1.1 Broken Access Control	6.5	6.5	Jul 24, 2025
Jobmonster<= 4.8.0 Sensitive Data Exposure	10.6	5.3	Aug 1, 2025
Jobmonster<= 4.8.0 Cross Site Scripting (XSS)	4.88	6.5	Aug 1, 2025
Kalium<= 3.18.3 Broken Access Control	21.2	5.3	Dec 5, 2024
NEX-Forms<= 9.1.3 Cross Site Request Forgery (CSRF)	4.4	8.8	Jul 30, 2025
WP Rentals<= 3.13.1 Cross Site Scripting (XSS)	4.88	6.5	Feb 21, 2025
Awesome Support<= 6.3.6 Sensitive Data Exposure	10.6	5.3	Oct 2, 2024
App, SaaS & Software Startup Tech Theme - Stratus<= 4.2.5 Broken Access Control	4.3	4.3	Dec 5, 2024
Modernize<= 3.4.0 Cross Site Scripting (XSS)	4.88	6.5	Dec 2, 2024
Modernize<= 3.4.0 Broken Access Control	4.3	4.3	Dec 2, 2024
Thim Core<= 2.3.3 Cross Site Request Forgery (CSRF)	4.3	4.3	Nov 13, 2024
Thim Core<= 2.3.3 Broken Access Control	8.6	4.3	Nov 13, 2024
Kalium<= 3.18.3 Cross Site Request Forgery (CSRF)	4.3	4.3	Dec 5, 2024
Savoy<= 3.0.8 Sensitive Data Exposure	10.6	5.3	Aug 1, 2025
Post Grid and Gutenberg Blocks<= 2.3.11 PHP Object Injection	26.4	8.8	May 7, 2025
Integrate Google Drive<= 1.5.2 Cross Site Request Forgery (CSRF)	2.15	4.3	Jul 17, 2025
HT Contact Form 7<= 2.0.0 Local File Inclusion	N/A	6.6	May 7, 2025
SMTP2GO<= 1.12.1 Broken Access Control	4.3	4.3	May 15, 2025
FluentSnippets<= 10.50 Cross Site Request Forgery (CSRF)	4.8	9.6	May 6, 2025
QuickCab<= 1.3.3 Broken Access Control	10.6	5.3	Jul 3, 2024
Bimber - Viral Magazine WordPress Theme<= 9.2.5 Local File Inclusion	19.8	8.8	Sep 17, 2024
Kleo< 5.4.4 Broken Access Control	10.6	5.3	Sep 17, 2024
JNews<= 11.6.16 Broken Access Control	21.2	5.3	Sep 17, 2024
Car Park Booking System for WordPress<= 2.6 Broken Access Control	N/A	4.3	May 13, 2024
Bellevue<= 4.2.2 Broken Access Control	4.3	4.3	Sep 17, 2024
Grand Restaurant<= 7.0 PHP Object Injection	39.2	9.8	Nov 12, 2024
Grand Restaurant<= 7.0 Arbitrary Content Deletion	16.4	8.2	Nov 12, 2024
Grand Restaurant<= 7.0 Path Traversal	19.6	9.8	Nov 12, 2024
Grand Restaurant<= 7.0 Cross Site Request Forgery (CSRF)	2.15	4.3	Nov 12, 2024
Grand Restaurant<= 7.0 Broken Access Control	10.6	5.3	Nov 12, 2024
Master Slider<= 3.11.0 Broken Access Control	12.9	4.3	Oct 2, 2024
Simple Sitemap – Create a Responsive HTML Sitemap<= 3.6.0 Broken Access Control	12.9	4.3	Oct 2, 2024
Real Estate 7<= 3.5.2 Privilege Escalation	21.9	7.3	Feb 21, 2025
Eduma<= 5.6.4 Broken Access Control	21.2	5.3	Feb 21, 2025
WooCommerce Social Login< 2.8.3 Cross Site Request Forgery (CSRF)	2.15	4.3	May 10, 2024
WPJobBoard< 5.11.1 Path Traversal	5.4	5.4	Mar 27, 2024
WPJobBoard< 5.11.1 Cross Site Request Forgery (CSRF)	57.6	9.6	Mar 28, 2024
WPJobBoard< 5.11.1 Cross Site Request Forgery (CSRF)	2.15	4.3	Mar 27, 2024
News & Blog Designer Pack<= 4.0 Local File Inclusion	97.2	8.1	Mar 7, 2025
Bridge Core< 3.3.1 Cross Site Scripting (XSS)	24.38	6.5	Sep 24, 2024
Conversios.io<= 7.2.3 Broken Access Control	4.3	4.3	Jan 17, 2025
TranslatePress<= 2.9.6 PHP Object Injection	N/A	7.2	Mar 12, 2025
WP Rentals<= 3.13.1 Cross Site Request Forgery (CSRF)	0.67	4.3	No date
Pie Register Premium<= 3.8.3.2 Path Traversal	N/A	6.3	Jun 6, 2024
Pie Register Premium<= 3.8.3.2 Broken Access Control	N/A	4.3	Jun 6, 2024
Booknetic<= 4.0.9 Cross Site Request Forgery (CSRF)	2.15	4.3	Jun 4, 2024
MediCenter - Health Medical Clinic< 14.7 Sensitive Data Exposure	10.6	5.3	Aug 13, 2024
WPJobBoard<= 5.10.1 Cross Site Scripting (XSS)	14.2	7.1	Mar 27, 2024
Better Find and Replace<= 1.6.7 Privilege Escalation	89.1	8.8	Jan 27, 2025
Product Size Charts Plugin for WooCommerce<= 2.4.5 Broken Access Control	4.3	4.3	Oct 2, 2024
Avada<= 7.11.10 Broken Access Control	74.2	5.3	Oct 2, 2024
uDesign<= 4.11.2 Broken Access Control	31.8	5.3	Oct 2, 2024
Houzez<= 3.4.0 Broken Access Control	8.6	4.3	Oct 2, 2024
Houzez<= 3.4.0 Broken Access Control	21.2	5.3	Oct 2, 2024
Really Simple SSL<= 9.1.4 Cross Site Request Forgery (CSRF)	19.35	4.3	Dec 2, 2024
Bridge Core<= 3.3 Broken Access Control	21.5	4.3	Sep 24, 2024
SendGrid for WordPress<= 1.4 Broken Access Control	4.3	4.3	Jul 25, 2024
Link Whisper Free<= 0.7.7 Sensitive Data Exposure	21.2	5.3	Aug 8, 2024
Kalium<= 3.18.3 Cross Site Scripting (XSS)	28.4	7.1	Dec 5, 2024
Thim Core<= 2.3.3 Arbitrary Code Execution	13	6.5	Nov 13, 2024
Avada<= 7.11.10 Cross Site Request Forgery (CSRF)	15.05	4.3	Oct 2, 2024
Pie Register Premium< 3.8.3.3 Arbitrary File Upload	N/A	10	Jun 6, 2024
Pie Register Premium< 3.8.3.3 Cross Site Scripting (XSS)	N/A	7.1	Jun 5, 2024
Tutor LMS Elementor Addons<= 2.1.5 Broken Access Control	8.6	4.3	Oct 2, 2024
Jobify< 4.3.0 Arbitrary File Download	22.5	7.5	Aug 13, 2024
Jobify< 4.3.0 Broken Access Control	10.6	5.3	Aug 13, 2024
Jobify< 4.3.0 Cross Site Request Forgery (CSRF)	2.15	4.3	Aug 13, 2024
Jobify< 4.3.0 Cross Site Scripting (XSS)	4.88	6.5	Aug 13, 2024
Disable Admin Notices individually<= 1.4.0 Cross Site Request Forgery (CSRF)	8.6	4.3	Jul 23, 2024
Pie Register Premium< 3.8.3.3 Broken Access Control	N/A	5.3	Jun 5, 2024
Dynamic Widgets<= 1.6.4 Cross Site Request Forgery (CSRF)	2.15	4.3	Oct 2, 2024
Kallyas<= 4.2 Cross Site Request Forgery (CSRF)	1.61	4.3	No date
Smart Manager<= 8.45.0 Broken Access Control	4.3	4.3	Aug 7, 2024
Social Auto Poster<= 5.3.15 Cross Site Request Forgery (CSRF)	2.15	4.3	Aug 7, 2024
LatePoint<= 4.9.91 Cross Site Scripting (XSS)	6.5	6.5	Mar 27, 2024
Login As Users<= 1.4.3 Broken Access Control	N/A	8.8	Aug 5, 2024
SendGrid for WordPress<= 1.4 SQL Injection	24.6	8.2	Jul 25, 2024
MemberPress<= 1.11.34 Broken Access Control	13	6.5	May 15, 2024
LatePoint<= 4.9.91 Cross Site Request Forgery (CSRF)	3.25	6.5	Mar 25, 2024
JobSearch<= 2.5.3 PHP Object Injection	39.2	9.8	Jul 17, 2024
JobSearch<= 2.5.3 Cross Site Request Forgery (CSRF)	4.3	4.3	Jul 17, 2024
JobSearch<= 2.5.4 Broken Access Control	13	6.5	Jul 17, 2024
JobSearch<= 2.5.4 Broken Access Control	5.4	5.4	Jul 17, 2024
Advanced Form Integration<= 1.89.4 Cross Site Request Forgery (CSRF)	2.15	4.3	Jul 25, 2024

Report vulnerabilities to earn bounties and rewards!

Include pending