Pricing
Solutions
WordPress security
Instantly fix and mitigate vulnerabilities
Plugin auditing
Paid auditing for WordPress vendors
Managed VDP
Start a security program for your plugins
Bug Bounty
Join the community and earn bounties
Enterprise API
At scale monitoring and vPatching for hosts
Vulnerability database
The latest WordPress security intelligence
Login
Start trial
Hakiduck
450.25
XP
28
Reports
0
Reports, last 90 days
#17
18 Nov, 2025
Lvl 2
0
0
0
0
Website
X
GitHub
Sort by
Priority
Severity
Exploited
Search
Affected software | Vulnerability
CVE
AXP
Severity
Reported
s2Member
<= 250419
Local File Inclusion
N/A
4.9
Sep 24, 2024
SMS Alert Order Notifications
<= 3.7.8
SQL Injection
37.2
9.3
Jan 31, 2025
SMS Alert Order Notifications
<= 3.7.8
Cross Site Scripting (XSS)
14.2
7.1
Jan 31, 2025
RapidLoad
<= 2.4.4
Broken Access Control
4.3
4.3
Jan 28, 2025
WordPress Auction Plugin
<= 3.7
SQL Injection
N/A
7.6
Sep 11, 2024
WordPress Auction Plugin
<= 3.7
Cross Site Scripting (XSS)
N/A
5.9
Sep 11, 2024
WordPress Auction Plugin
<= 3.7
SQL Injection
N/A
9.3
Sep 11, 2024
s2Member
<= 241114
Remote Code Execution (RCE)
54
9
Sep 23, 2024
WordPress Portfolio Builder – Portfolio Gallery
<= 1.1.7
Cross Site Scripting (XSS)
2.95
5.9
Sep 24, 2024
Ni WooCommerce Cost Of Goods
<= 3.2.8
SQL Injection
N/A
7.6
Aug 28, 2024
Post SMTP
<= 2.9.9
SQL Injection
N/A
7.6
Sep 24, 2024
Popup by Supsystic
<= 1.10.29
Remote Code Execution (RCE)
N/A
9.1
Sep 18, 2024
Event Tickets with Ticket Scanner
<= 2.3.11
Remote Code Execution (RCE)
14.85
9.9
Sep 12, 2024
Podlove Podcast Publisher
<= 4.1.15
Remote Code Execution (RCE)
N/A
9.1
Sep 13, 2024
Premium SEO Pack
<= 1.6.001
SQL Injection
12.75
8.5
Sep 20, 2024
Namaste! LMS
<= 2.6.2
Cross Site Scripting (XSS)
6.5
6.5
Oct 2, 2024
Namaste! LMS
<= 2.6.2
Cross Site Scripting (XSS)
14.2
7.1
Oct 2, 2024
Product Filter by WBW
<= 2.7.0
SQL Injection
N/A
7.6
Sep 30, 2024
Backup and Staging by WP Time Capsule
<= 1.22.21
PHP Object Injection
N/A
7.2
Sep 3, 2024
Unlimited Elements For Elementor (Free Widgets, Addons, Templates)
<= 1.5.121
Remote Code Execution (RCE)
78.49
9.1
Sep 16, 2024
CSV Product Import Export for WooCommerce
<= 1.0.0
SQL Injection
17
8.5
Oct 3, 2024
Contact Form by Supsystic
<= 1.7.28
Remote Code Execution (RCE)
N/A
9.1
Sep 18, 2024
Backup and Staging by WP Time Capsule
<= 1.22.21
SQL Injection
12.75
8.5
Sep 3, 2024
Slideshow Gallery
<= 1.8.3
Cross Site Scripting (XSS)
N/A
5.9
Sep 18, 2024
YITH WooCommerce Ajax Search
<= 2.8.0
SQL Injection
85.56
9.3
Sep 25, 2024
Multi Step for Contact Form
<= 2.7.7
SQL Injection
55.8
9.3
Aug 30, 2024
Classic Editor and Classic Widgets
<= 1.4.1
SQL Injection
25.5
8.5
Aug 30, 2024
Secure Copy Content Protection and Content Locking
<= 4.2.3
Cross Site Scripting (XSS)
14.2
7.1
Sep 4, 2024
Report vulnerabilities to earn bounties and rewards!
Read more
Include pending
Back to top