István Márton

Say thanks

1363.7

XP

198

Reports

0

Reports, last 90 days

#1

28 Dec, 2025

Lvl 4

Website

GitHub

Exploited

Affected software \| Vulnerability	AXP	Severity	Reported
Really Simple SSL9.0.0-9.1.1.1 Broken Authentication	N/A	9.8	No date
Really Simple Security Pro9.0.0-9.1.1.1 Broken Authentication	N/A	9.8	No date
Really Simple Security Pro multisite9.0.0-9.1.1.1 Broken Authentication	N/A	9.8	No date
Photo Gallery by 10Web<= 1.8.18 Cross Site Scripting (XSS)	N/A	5.9	No date
Slick Social Share Buttons<= 2.4.11 Broken Access Control	N/A	8.8	No date
GG Woo Feed for WooCommerce<= 1.2.4 Broken Access Control	N/A	6.5	No date
Shortcode Menu<= 3.2 Cross Site Scripting (XSS)	N/A	6.5	No date
FareHarbor for WordPress<= 3.6.7 Cross Site Scripting (XSS)	N/A	6.5	No date
Jquery news ticker<= 3.0 SQL Injection	N/A	8.5	No date
Superb slideshow gallery<= 13.1 SQL Injection	N/A	8.5	No date
Wp photo text slider 50<= 8.0 SQL Injection	N/A	8.5	No date
WP fade in text news<= 12.0 SQL Injection	N/A	8.5	No date
Popup with fancybox<= 3.5 SQL Injection	N/A	8.5	No date
Vertical Marquee Plugin<= 7.1 SQL Injection	N/A	8.5	No date
Wp anything slider<= 9.1 SQL Injection	N/A	8.5	No date
Information Reel<= 10.0 SQL Injection	N/A	8.5	No date
Left right image slideshow gallery<= 12.0 SQL Injection	N/A	8.5	No date
Image horizontal reel scroll slideshow<= 13.2 SQL Injection	N/A	8.5	No date
Image vertical reel scroll slideshow<= 9.0 SQL Injection	N/A	8.5	No date
Jquery accordion slideshow<= 8.1 SQL Injection	N/A	8.5	No date
Up down image slideshow gallery<= 12.0 SQL Injection	N/A	8.5	No date
wp image slideshow<= 12.0 SQL Injection	N/A	8.5	No date
Message ticker<= 9.2 SQL Injection	N/A	8.5	No date
Ads by datafeedr.com<= 1.1.3 Remote Code Execution (RCE)	N/A	9	No date
idbbee<= 1.0 Cross Site Scripting (XSS)	N/A	6.5	No date
iframe forms<= 1.0 Cross Site Scripting (XSS)	N/A	6.5	No date
Bellows Accordion Menu<= 1.4.2 Cross Site Scripting (XSS)	N/A	6.5	No date
PHP to Page<= 0.3 Remote Code Execution (RCE)	N/A	9.9	No date
Simple Shortcodes<= 1.0.20 Cross Site Scripting (XSS)	N/A	6.5	No date
WP Simple Galleries<= 1.34 PHP Object Injection	N/A	8.8	No date
Google Maps made Simple<= 0.6 SQL Injection	N/A	8.5	No date
Related Products for WooCommerce<= 3.3.15 Cross Site Scripting (XSS)	N/A	6.5	No date
Grid Plus<= 1.3.3 Local File Inclusion	N/A	6.4	No date
Weather Atlas Widget<= 1.2.1 Cross Site Scripting (XSS)	N/A	6.5	No date
Accordion<= 2.6 Cross Site Scripting (XSS)	N/A	6.5	No date
Giveaways and Contests by RafflePress<= 1.12.0 Cross Site Scripting (XSS)	N/A	6.5	No date
Buzzsprout Podcasting<= 1.8.4 Cross Site Scripting (XSS)	N/A	6.5	No date
VK Filter Search<= 2.3.1 Cross Site Scripting (XSS)	N/A	6.5	No date
CallRail Phone Call Tracking<= 0.5.2 Cross Site Scripting (XSS)	N/A	6.5	No date
WhatsApp Share Button<= 1.0.1 Cross Site Scripting (XSS)	N/A	6.4	No date
CPO Shortcodes<= 1.5.0 Cross Site Scripting (XSS)	N/A	6.4	No date
WP Post Columns<= 2.2 Cross Site Scripting (XSS)	N/A	6.4	No date
TCD Google Maps<= 1.8 Cross Site Scripting (XSS)	N/A	6.4	No date
Tab Ultimate<= 1.3 Cross Site Scripting (XSS)	N/A	6.4	No date
Theme Blvd Shortcodes<= 1.6.8 Cross Site Scripting (XSS)	N/A	6.4	No date
iPanorama 360 WordPress Virtual Tour Builder<= 1.8.0 SQL Injection	N/A	8.8	No date
Team Showcase<= 2.1 Cross Site Scripting (XSS)	N/A	6.4	No date
Booster for WooCommerce<= 7.1.2 Cross Site Scripting (XSS)	N/A	6.4	No date
OpenHook<= 4.3.0 Remote Code Execution (RCE)	N/A	9.9	No date
Comments by Startbit<= 1.4 Cross Site Scripting (XSS)	N/A	6.4	No date
Advanced Custom Fields: Extended<= 0.8.9.3 Cross Site Scripting (XSS)	N/A	6.4	No date
CP Blocks<= 1.0.20 Cross Site Request Forgery (CSRF)	5.4	5.4	Oct 14, 2022
WooCommerce Conversion Tracking<= 2.0.10 Cross Site Request Forgery (CSRF)	12.9	4.3	Dec 6, 2022
weMail<= 1.14.1 Cross Site Request Forgery (CSRF)	4.3	4.3	Dec 6, 2022
Legal Pages<= 1.4.1 Cross Site Request Forgery (CSRF)	4.3	4.3	Dec 6, 2022
Directorist<= 7.7.1 Broken Access Control	4.3	4.3	Dec 6, 2022
Texty – SMS Notification for WordPress, WooCommerce, Dokan and more<= 1.1.1 Cross Site Request Forgery (CSRF)	4.3	4.3	Dec 6, 2022
Exclusive Team for Elementor<= 1.2.4 Cross Site Request Forgery (CSRF)	4.3	4.3	Dec 6, 2022
WordPress CTA<= 1.5.8 Cross Site Request Forgery (CSRF)	4.3	4.3	Dec 6, 2022
Product Category Showcase for WooCommerce<= 1.1.9 Cross Site Request Forgery (CSRF)	4.3	4.3	Dec 6, 2022
weDocs<= 1.7.5 Cross Site Request Forgery (CSRF)	4.3	4.3	Dec 6, 2022
WP Project Manager<= 2.6.0 Cross Site Request Forgery (CSRF)	4.3	4.3	Dec 6, 2022
GS Logo Slider<= 3.4.2 Cross Site Request Forgery (CSRF)	4.3	4.3	Dec 6, 2022
Unlimited Elementor Inner Sections By BoomDevs< 1.0.0 Cross Site Request Forgery (CSRF)	4.3	4.3	Dec 6, 2022
Font Awesome 4 Menus<= 4.7.0 Cross Site Scripting (XSS)	N/A	6.4	No date
Slimstat Analytics<= 5.0.9 Cross Site Scripting (XSS)	N/A	6.5	No date
AffiliateWP2.14.0 Broken Access Control	N/A	4.3	No date
Email Encoder Bundle<= 2.1.7 Cross Site Scripting (XSS)	N/A	6.5	No date
Charitable<= 1.7.0.12 Privilege Escalation	N/A	9.8	No date
Printful Integration for WooCommerce<= 2.2.3 Broken Access Control	12.9	4.3	Dec 5, 2022
Futurio Extra<= 1.9.0 Cross Site Request Forgery (CSRF)	13	6.5	Jan 5, 2023
WP HTML Mail<= 3.4.1 Cross Site Request Forgery (CSRF)	5.4	5.4	Jan 6, 2023
MailChimp Forms by MailMunch<= 3.1.4 Broken Access Control	8.6	4.3	Jan 6, 2023
WP Project Manager<= 2.6.4 Broken Access Control	N/A	8.8	No date
The Post Grid<= 7.2.7 Cross Site Request Forgery (CSRF)	10.8	5.4	Jan 6, 2023
WP Ultimate CSV Importer<= 7.9.8 Privilege Escalation	N/A	6.6	No date
WP Ultimate CSV Importer<= 7.9.8 Sensitive Data Exposure	N/A	7.5	No date
WP Ultimate CSV Importer<= 7.9.8 Remote Code Execution (RCE)	N/A	8	No date
WP Ultimate CSV Importer<= 7.9.8 Remote Code Execution (RCE)	N/A	8	No date
JupiterX Core<= 4.6.6 Arbitrary File Download	N/A	7.5	No date
Social Share Icons & Social Share Buttons<= 3.5.7 Broken Access Control	8.6	4.3	Jan 5, 2023
Advanced AJAX Product Filters<= 1.6.3.3 Broken Access Control	16.2	5.4	Dec 1, 2022
Exit Popups & Onsite Retargeting by OptiMonk<= 2.0.4 Cross Site Request Forgery (CSRF)	4.3	4.3	Jan 9, 2023
Classified Listing<= 2.4.5 Cross Site Request Forgery (CSRF)	5.4	5.4	Jan 6, 2023
Media Library Helper by Codexin<= 1.2.0 Cross Site Request Forgery (CSRF)	1.35	5.4	Oct 3, 2022
ND Shortcodes For Visual Composer< 7.0 Cross Site Scripting (XSS)	N/A	6.5	No date
User Registration<= 3.0.2 Arbitrary File Upload	N/A	9.9	No date
Web3 – Crypto wallet Login & NFT token gating<= 2.6.0 Bypass Vulnerability	N/A	9.8	No date
SP Project & Document Manager <= 4.67 Insecure Direct Object References (IDOR)	N/A	8.8	No date
WordPress Social Login and Register<= 7.6.4 Broken Authentication	N/A	9.8	No date
Salon booking system<= 8.4.7 Cross Site Request Forgery (CSRF)	N/A	4.3	No date
LearnDash LMS<= 4.6.0 Broken Authentication	N/A	8.8	No date
Contact Form & Lead Form Elementor Builder<= 1.8.4 Broken Access Control	5.4	5.4	Sep 10, 2022
Th Product Compare<= 1.2.5 Broken Access Control	5.4	5.4	Sep 10, 2022
EmbedPress<= 3.7.3 Sensitive Data Exposure	N/A	5.3	No date
Lana Text to Image<= 1.0.0 Cross Site Scripting (XSS)	N/A	6.4	No date
BookIt<= 2.3.7 Broken Authentication	N/A	9.8	No date
myCred<= 2.5 Cross Site Request Forgery (CSRF)	5.4	5.4	Jan 9, 2023
Abandoned Cart Lite for WooCommerce<= 5.14.2 Broken Authentication	N/A	9.8	No date
Page Builder with Image Map by AZEXO<= 1.27.133 Cross Site Request Forgery (CSRF)	N/A	6.3	No date

Report vulnerabilities to earn bounties and rewards!

Include pending