Peter Thaleikis

1243.91

XP

178

Reports

4

Reports, last 90 days

#25

17 Nov, 2025

Lvl 4

Website

GitHub

Exploited

Affected software \| Vulnerability	AXP	Severity	Reported
Booking Calendar<= 10.14.7 Cross Site Scripting (XSS)	14.63	6.5	No date
Gutenberg<= 21.8.2 Cross Site Scripting (XSS)	24.38	6.5	No date
WP AdCenter<= 2.6.1 Cross Site Scripting (XSS)	4.88	6.5	No date
Estatik<= 4.1.13 Cross Site Scripting (XSS)	4.88	6.5	No date
WP Travel Gutenberg Blocks<= 3.9.2 Cross Site Scripting (XSS)	4.88	6.5	No date
UiChemy<= 4.0.0 Broken Access Control	12.9	4.3	No date
Easy Pricing Table WP<= 1.1.3 Local File Inclusion	N/A	7.5	Jul 3, 2025
Wp tabber widget<= 4.0 SQL Injection	N/A	8.5	Jul 7, 2025
Editor Custom Color Palette<= 3.5 Broken Access Control	N/A	6.5	Jul 9, 2025
AnyClip Luminous Studio<= 1.3.3 Cross Site Scripting (XSS)	N/A	6.5	Jul 9, 2025
Adverts<= 1.4 Cross Site Scripting (XSS)	N/A	6.5	Jul 9, 2025
immonex Kickstart Team<= 1.6.9 Local File Inclusion	N/A	7.5	Jul 11, 2025
Sticky Header Effects for Elementor<= 2.1.2 Broken Access Control	16.13	4.3	Aug 5, 2025
Verowa Connect<= 3.2.3 Cross Site Scripting (XSS)	N/A	6.5	Aug 7, 2025
Website Chat Button: Kommo integration<= 1.3.1 Broken Access Control	4.3	4.3	Aug 15, 2025
Simple User Registration<= 6.7 Privilege Escalation	N/A	8.8	Aug 21, 2025
Essential Addons for Elementor<= 6.2.4 Broken Access Control	32.4	2.7	No date
Course Booking Platform<= 1.0.0 Cross Site Scripting (XSS)	N/A	6.5	Jun 25, 2025
New Simple Gallery<= 8.0 SQL Injection	N/A	8.5	Jun 23, 2025
StoryMap<= 2.1 Cross Site Scripting (XSS)	N/A	6.5	Jun 11, 2025
WP-GraphViz<= 1.5.1 Cross Site Scripting (XSS)	N/A	6.5	Jun 11, 2025
Zoomify embed for WP<= 1.5.2 Cross Site Scripting (XSS)	N/A	6.5	Jun 18, 2025
Showpass WordPress Extension<= 4.0.3 Cross Site Scripting (XSS)	N/A	6.5	Jun 18, 2025
Donation Forms WP by Givecloud<= 1.0.9 Cross Site Scripting (XSS)	N/A	6.5	Jun 24, 2025
short.io<= 2.4.2 Cross Site Scripting (XSS)	N/A	6.5	Jun 11, 2025
WP Mail<= 1.3 Cross Site Scripting (XSS)	3.66	6.5	Jun 10, 2025
Product Carousel Slider for Elementor<= 2.1.3 Broken Access Control	3.5	3.5	Jun 24, 2025
Themify Popup<= 1.4.2 Cross Site Scripting (XSS)	4.88	6.5	Jun 23, 2025
Document Engine<= 1.2 Cross Site Scripting (XSS)	N/A	6.5	Jul 11, 2025
immonex Kickstart<= 1.11.6 Local File Inclusion	N/A	7.5	Jul 10, 2025
Brizy<= 2.7.12 Broken Access Control	9.68	4.3	Aug 1, 2025
WP Visitor Statistics (Real Time Traffic)<= 8.2 Cross Site Scripting (XSS)	9.75	6.5	Jul 4, 2025
Vertical scroll slideshow gallery v2<= 9.1 SQL Injection	N/A	8.5	Jul 8, 2025
The Plus Addons for Elementor Page Builder Lite<= 6.3.13 Broken Access Control	39	6.5	Aug 3, 2025
Billplz Addon for Contact Form 7<= 1.2.0 Cross Site Scripting (XSS)	N/A	7.1	Jun 5, 2025
FundEngine<= 1.7.4 Local File Inclusion	15	7.5	Jun 10, 2025
Inpersttion For Theme<= 1.0 Arbitrary Code Execution	N/A	7.7	Jul 8, 2025
Blogger Buzz<= 1.2.6 Cross Site Scripting (XSS)	N/A	6.5	Jun 20, 2025
myCred<= 2.9.4.3 Cross Site Scripting (XSS)	5.61	6.5	Dec 27, 2024
Image Wall<= 3.1 Cross Site Scripting (XSS)	N/A	6.5	Jun 13, 2025
Card flip image slideshow<= 1.5 Cross Site Scripting (XSS)	N/A	6.5	Jun 4, 2025
Pixelating image slideshow gallery<= 8.0 SQL Injection	N/A	8.5	Jun 4, 2025
iFrame Images Gallery<= 9.0 SQL Injection	N/A	8.5	Jun 3, 2025
Cool fade popup<= 10.1 SQL Injection	N/A	8.5	Jun 4, 2025
Posts Slider Shortcode<= 1.0 Cross Site Scripting (XSS)	N/A	6.5	Jun 4, 2025
Contact Form 7 reCAPTCHA<= 1.2.0 Cross Site Request Forgery (CSRF)	2.15	4.3	Jun 1, 2025
Raise The Money<= 5.2 Cross Site Scripting (XSS)	N/A	6.5	May 27, 2025
Free Downloads EDD<= 1.0.4 Cross Site Scripting (XSS)	N/A	6.5	May 27, 2025
Smart Agenda<= 4.9 Cross Site Scripting (XSS)	3.66	6.5	May 27, 2025
WP DataTable<= 0.2.7 Cross Site Scripting (XSS)	3.66	6.5	May 25, 2025
WP VR<= 8.5.46 Cross Site Scripting (XSS)	8.41	6.5	No date
Thumbnail Editor<= 2.3.3 Cross Site Scripting (XSS)	3.66	6.5	May 28, 2025
WP AdCenter<= 2.6.0 Cross Site Scripting (XSS)	4.88	6.5	May 28, 2025
Leyka<= 3.31.9 Cross Site Scripting (XSS)	4.88	6.5	May 28, 2025
Hello FSE Blog<= 1.0.6 Broken Access Control	N/A	4.3	May 14, 2025
Spark Multipurpose<= 1.0.7 Cross Site Scripting (XSS)	N/A	6.5	May 13, 2025
Fitness Park<= 1.1.1 Cross Site Scripting (XSS)	N/A	6.5	May 13, 2025
Fyrebox Quizzes<= 3.1 Cross Site Scripting (XSS)	N/A	6.5	May 18, 2025
Buying Buddy IDX CRM<= 2.3.0 Cross Site Scripting (XSS)	N/A	6.5	May 12, 2025
WP Roadmap<= 2.1.3 SQL Injection	N/A	8.5	May 9, 2025
ANON::form embedded secure form<= 1.7 Cross Site Scripting (XSS)	N/A	6.5	Jun 4, 2025
Arconix FAQ<= 1.9.6 Broken Access Control	4.3	4.3	May 15, 2025
Meks Flexible Shortcodes<= 1.3.7 Cross Site Scripting (XSS)	4.88	6.5	May 16, 2025
WPDM – Premium Packages<= 6.0.6 Cross Site Scripting (XSS)	4.88	6.5	Apr 29, 2025
Greenshift<= 11.5.5 Cross Site Scripting (XSS)	14.63	6.5	May 28, 2025
WebHotelier<= 1.9.2 Cross Site Scripting (XSS)	3.66	6.5	May 15, 2025
Event post<= 5.10.1 Cross Site Scripting (XSS)	5.61	6.5	May 6, 2025
MC Woocommerce Wishlist<= 1.9.1 Cross Site Scripting (XSS)	16.33	7.1	Apr 21, 2025
Active Products Tables for WooCommerce<= 1.0.6.8 Cross Site Scripting (XSS)	4.88	6.5	Apr 26, 2025
MultiVendorX<= 4.2.22 Cross Site Scripting (XSS)	4.88	6.5	Apr 29, 2025
bunny.net<= 2.3.0 Cross Site Scripting (XSS)	6.38	8.5	May 8, 2025
WP Image Mask<= 3.1.2 Cross Site Scripting (XSS)	N/A	6.5	May 8, 2025
Arconix Shortcodes<= 2.1.16 Cross Site Scripting (XSS)	14.2	7.1	Mar 24, 2025
RS WP Book Showcase<= 6.7.54 Cross Site Scripting (XSS)	4.88	6.5	Mar 22, 2025
Beds24 Online Booking<= 2.0.29 Cross Site Scripting (XSS)	4.88	6.5	Apr 29, 2025
Bold Page Builder<= 5.3.2 Cross Site Scripting (XSS)	14.63	6.5	Apr 28, 2025
Booster for WooCommerce<= 7.2.5 Cross Site Scripting (XSS)	28.4	7.1	Jan 6, 2025
Sirat<= 1.5.1 Broken Access Control	4.3	4.3	Mar 1, 2025
Themify Shortcodes<= 2.1.3 Cross Site Scripting (XSS)	4.88	6.5	Mar 25, 2025
WP Data Access<= 5.5.36 Cross Site Scripting (XSS)	4.88	6.5	Mar 25, 2025
License Manager for WooCommerce<= 3.0.9 Cross Site Scripting (XSS)	14.2	7.1	Nov 21, 2024
Rich Table of Contents<= 1.4.0 Broken Access Control	3.23	4.3	Feb 19, 2025
WP Table Builder<= 2.0.5 Cross Site Scripting (XSS)	42.6	7.1	Jan 3, 2025
Ai Image Alt Text Generator for WP<= 1.1.9 Sensitive Data Exposure	4.3	4.3	Feb 15, 2025
Ai Image Alt Text Generator for WP<= 1.1.1 Broken Access Control	5.4	5.4	Feb 15, 2025
SimpLy Gallery<= 3.2.5 Cross Site Scripting (XSS)	9.75	6.5	Jan 13, 2025
YaMaps for WordPress<= 0.6.31 Cross Site Scripting (XSS)	4.88	6.5	Feb 6, 2025
Social proof testimonials and reviews by Repuso<= 5.21 Broken Access Control	4.3	4.3	Feb 17, 2025
Hyperlink Group Block<= 2.0.1 Cross Site Scripting (XSS)	4.88	6.5	Feb 19, 2025
WebinarPress<= 1.33.28 Broken Access Control	3.23	4.3	Feb 24, 2025
WebberZone Snippetz<= 2.1.1 Cross Site Scripting (XSS)	4.88	6.5	Jan 14, 2025
MX Time Zone Clocks<= 5.1.1 Cross Site Scripting (XSS)	4.88	6.5	Feb 10, 2025
Zoho Flow<= 2.13.3 Broken Access Control	4.3	4.3	Feb 27, 2025
ShortPixel Adaptive Images<= 3.10.0 Broken Authentication	9.32	5.4	Feb 28, 2025
Cal.com<= 1.0.0 Cross Site Scripting (XSS)	4.88	6.5	Dec 25, 2024
Quantity Dynamic Pricing & Bulk Discounts for WooCommerce<= 4.0.3 Cross Site Scripting (XSS)	4.88	6.5	Dec 29, 2024
Timeline Event History<= 3.2 Cross Site Scripting (XSS)	4.88	6.5	Jan 1, 2025
WP Date and Time Shortcode<= 2.6.7 Cross Site Scripting (XSS)	4.88	6.5	Jan 10, 2025
Gallery – Photo Albums Plugin<= 1.3.170 Cross Site Scripting (XSS)	4.88	6.5	Jan 13, 2025
IMPress for IDX Broker<= 3.2.3 Cross Site Scripting (XSS)	4.88	6.5	Feb 9, 2025

Report vulnerabilities to earn bounties and rewards!

Include pending