Rafie Muhammad (Patchstack)

Say thanks

0

XP

0

Reports

17

Reports, last 90 days

-

17 Nov, 2025

Lvl 0

Website

GitHub

Exploited

Affected software \| Vulnerability	AXP	Severity	Reported
Kallyas<= 4.22.0 Broken Access Control	95.4	5.3	No date
Kallyas<= 4.22.0 Broken Access Control	36.45	5.4	No date
MasterStudy LMS Pro< 4.7.16 Broken Access Control	5.4	5.4	No date
Masterstudy Elementor Widgets<= 1.2.4 Broken Access Control	10.6	5.3	No date
Masterstudy Elementor Widgets<= 1.2.4 Broken Access Control	5.4	5.4	No date
ListingPro<= 2.9.8 Broken Access Control	10.8	5.4	Aug 15, 2025
XStore< 9.6 Content Injection	31.8	5.3	Aug 11, 2025
TheGem<= 5.10.5 Broken Access Control	16.2	5.4	Aug 4, 2025
TheGem (Elementor)<= 5.10.5 Broken Access Control	16.2	5.4	Aug 4, 2025
Houzez Theme - Functionality<= 4.1.2 Broken Access Control	22.8	7.6	Aug 11, 2025
Houzez Theme - Functionality<= 4.1.2 Arbitrary File Download	58.5	6.5	Aug 11, 2025
Oshine Core<= 1.5.5 Broken Access Control	10.8	5.4	Aug 13, 2025
ListingPro Reviews<= 1.6 Broken Access Control	10.8	5.4	Aug 15, 2025
WPLMS <= 4.970 Broken Access Control	8.6	4.3	Aug 15, 2025
WPLMS<= 1.9.9.8 Cross Site Scripting (XSS)	28.4	7.1	Aug 15, 2025
WPLMS<= 1.9.9.7 Broken Access Control	30	7.5	Aug 15, 2025
UDesign Core<= 4.14.0 Broken Access Control	18.9	6.3	Aug 7, 2025
UDesign Core<= 4.14.0 Cross Site Scripting (XSS)	42.6	7.1	Aug 7, 2025
Kallyas<= 4.22.0 Arbitrary File Upload	200.48	9.9	Aug 7, 2025
TheGem (Elementor)<= 5.10.5 Cross Site Scripting (XSS)	19.5	6.5	Aug 4, 2025
TheGem<= 5.10.5 Cross Site Scripting (XSS)	19.5	6.5	Aug 4, 2025
Houzez<= 4.1.1 Cross Site Scripting (XSS)	42.6	7.1	Aug 7, 2025
Houzez<= 4.1.1 Local File Inclusion	97.2	8.1	Aug 7, 2025
Houzez CRM<= 1.4.7 Broken Access Control	19.5	6.5	Aug 11, 2025
Uncode< 2.9.4.4 Cross Site Scripting (XSS)	56.8	7.1	Aug 4, 2025
Houzez<= 4.1.1 Broken Access Control	31.8	5.3	Aug 7, 2025
LoginWP - Pro<= 4.0.8.5 Settings Change	15	7.5	Dec 13, 2024
The Plus Addons for Elementor Pro< 6.3.7 Broken Access Control	6.5	6.5	Dec 13, 2024
LoginWP - Pro<= 4.0.8.5 Broken Access Control	13	6.5	Dec 13, 2024
Mollie Payments for WooCommerce<= 8.0.2 Insecure Direct Object References (IDOR)	52	6.5	Jul 17, 2024
WP VR<= 8.5.26 Arbitrary File Upload	25.62	9.9	Apr 25, 2025
Photography<= 7.7.2 PHP Object Injection	36	9	May 20, 2024
PayU India< 3.8.8 Broken Authentication	58.8	9.8	May 6, 2025
Password Policy Manager<= 2.0.4 Broken Authentication	26.4	8.8	Apr 25, 2025
Motors - Events<= 1.4.7 Local File Inclusion	54	9	May 7, 2024
Advanced Database Cleaner PRO<= 3.2.10 Path Traversal	6.4	6.4	Dec 13, 2024
Photography<= 7.7.2 PHP Object Injection	17	8.5	May 20, 2024
Element Pack Pro< 8.0.0 Cross Site Request Forgery (CSRF)	2.15	4.3	Dec 13, 2024
Element Pack Pro< 8.0.0 Broken Access Control	5.4	5.4	Dec 13, 2024
The Plus Addons for Elementor Pro< 6.3.7 Broken Access Control	4.05	5.4	Dec 13, 2024
TI WooCommerce Wishlist<= 2.9.2 Arbitrary File Upload	240	10	Mar 26, 2025
Tours<= 1.0.0 Broken Access Control	3.23	4.3	Apr 21, 2024
Jetpack Debug Tools< 2.0.1 Broken Access Control	10.6	5.3	Apr 21, 2024
FS Poster<= 6.5.8 Broken Access Control	8.3	8.3	May 22, 2024
FS Poster<= 6.5.8 Cross Site Scripting (XSS)	14.2	7.1	May 22, 2024
WooCommerce Multilingual & Multicurrency<= 5.3.8 Broken Access Control	42.4	5.3	Jul 25, 2024
Brizy Pro<= 2.6.1 Cross Site Request Forgery (CSRF)	4.3	4.3	Dec 13, 2024
Brizy Pro<= 2.6.1 Broken Access Control	6.45	4.3	Dec 13, 2024
Photography<= 7.7.2 Server Side Request Forgery (SSRF)	10.8	5.4	May 20, 2024
ShareThis Dashboard for Google Analytics<= 3.2.3 Cross Site Request Forgery (CSRF)	8.6	4.3	Jul 18, 2024
RTMKit<= 1.5.4 Remote Code Execution (RCE)	34.16	9.9	Jan 14, 2025
Traveler< 3.2.1 Broken Access Control	7.6	7.6	May 20, 2024
Traveler< 3.2.1 Broken Access Control	16.4	8.2	May 20, 2024
Traveler< 3.2.1 SQL Injection	27.9	9.3	May 20, 2024
Traveler< 3.2.1 PHP Object Injection	36	9	May 20, 2024
SEO Plugin by Squirrly SEO<= 12.4.07 Broken Access Control	21.3	7.1	Jul 18, 2024
Fresh Framework<= 1.70.0 Remote Code Execution (RCE)	60	10	May 28, 2024
Fresh Framework<= 1.70.0 Broken Access Control	17.2	8.6	May 28, 2024
Ark Theme Core< 1.71.0 Remote Code Execution (RCE)	60	10	May 28, 2024
PrivateContent<= 8.11.5 Broken Authentication	19.6	9.8	May 22, 2024
PrivateContent<= 8.11.4 SQL Injection	12.75	8.5	May 22, 2024
PrivateContent<= 8.11.5 Broken Access Control	8.3	8.3	May 22, 2024
PrivateContent<= 8.11.5 Cross Site Scripting (XSS)	14.2	7.1	May 22, 2024
FS Poster<= 6.5.8 SQL Injection	12.75	8.5	May 22, 2024
Massive Dynamic<= 8.2 Local File Inclusion	54	9	May 7, 2024
Essential Blocks for Gutenberg<= 4.8.3 Broken Access Control	12.9	4.3	Jul 18, 2024
K Elements< 5.4.0 Privilege Escalation	29.4	9.8	May 7, 2024
Admin and Site Enhancements (ASE) Pro<= 7.6.2.1 Privilege Escalation	22.5	7.5	Dec 13, 2024
Meta Tag Manager<= 3.1 Broken Access Control	17.2	4.3	Jul 17, 2024
Shortcodes and extra features for Phlox theme<= 2.17.4 Broken Access Control	17.2	4.3	Jul 17, 2024
Traveler Code< 3.1.2 SQL Injection	27	9	May 20, 2024
Traveler Code< 3.1.3 SQL Injection	12.75	8.5	May 20, 2024
Traveler Layout Essential For Elementor< 1.4 Server Side Request Forgery (SSRF)	10.8	5.4	May 20, 2024
Photography<= 7.7.2 Broken Access Control	6.3	6.3	May 20, 2024
Oshine Modules< 3.3.8 Server Side Request Forgery (SSRF)	21.6	5.4	May 7, 2024
Oshine Modules< 3.3.8 Cross Site Scripting (XSS)	28.4	7.1	May 7, 2024
Starter Templates<= 4.4.9 Cross Site Request Forgery (CSRF)	15.05	4.3	Nov 8, 2024
Admin and Site Enhancements (ASE)<= 7.6.2 Broken Access Control	17.2	4.3	Dec 13, 2024
Admin and Site Enhancements (ASE) Pro<= 7.6.1.1 Broken Access Control	4.3	4.3	Dec 13, 2024
FluentSMTP<= 2.2.80 Cross Site Request Forgery (CSRF)	10.75	4.3	Sep 6, 2024
Call Now Button<= 1.4.13 Cross Site Request Forgery (CSRF)	10.75	4.3	Sep 6, 2024
ExactMetrics<= 8.1.0 Broken Access Control	24.3	5.4	Oct 8, 2024
CoBlocks<= 3.1.13 Broken Access Control	19.35	4.3	Oct 8, 2024
Gutenberg Blocks by Kadence Blocks<= 3.3.1 Broken Access Control	22.25	4.3	Oct 8, 2024
Admin and Site Enhancements (ASE)<= 7.6.2.1 Privilege Escalation	90	7.5	Dec 13, 2024
Brizy Pro<= 2.6.1 Cross Site Scripting (XSS)	28.4	7.1	Dec 13, 2024
Post SMTP<= 2.9.11 Broken Access Control	29.67	4.3	Oct 8, 2024
Fancy Product Designer<= 6.4.3 SQL Injection	55.8	9.3	Mar 17, 2024
Fancy Product Designer<= 6.4.3 Arbitrary File Upload	108	9	Mar 17, 2024
Contact Form by WPForms<= 1.9.2.2 Broken Access Control	32.25	4.3	Nov 8, 2024
Envato Elements<= 2.0.14 Server Side Request Forgery (SSRF)	14.35	4.1	Oct 10, 2024
WPvivid Backup and Migration<= 0.9.106 Broken Access Control	51.6	4.3	Oct 8, 2024
Royal Elementor Addons<= 1.7.1001 Broken Access Control	22.25	4.3	Oct 8, 2024
Royal Elementor Addons<= 1.7.1001 Cross Site Scripting (XSS)	97.98	7.1	Oct 8, 2024
Premium Addons for Elementor<= 4.10.56 Broken Access Control	27.95	5.4	Oct 10, 2024
Widget Options<= 4.0.6.1 Broken Access Control	12.9	4.3	Jul 18, 2024
Contact Form 7 Dynamic Text Extension<= 5.0.1 Cross Site Request Forgery (CSRF)	8.6	4.3	Jul 18, 2024
Userpro<= 5.1.9 Local File Inclusion	99.6	8.3	Mar 17, 2024
Download Manager<= 3.3.03 Broken Access Control	12.9	4.3	Jul 17, 2024
Kleo< 5.4.4 Cross Site Scripting (XSS)	14.2	7.1	May 7, 2024

Report vulnerabilities to earn bounties and rewards!

Include pending