Phat RiO

8,073.82

XP

333

Reports

71

Reports, last 90 days

#17

6 Feb, 2026

🇻🇳

Lvl 9

Website

GitHub

Exploited

Affected software \| Vulnerability	AXP	Severity	Reported
The Grid< 2.8.0 Broken Access Control	10.6	5.3	Dec 30, 2025
Booked<= 3.0.0 Broken Authentication	40.2	6.7	Nov 20, 2025
Konte<= 2.4.6 Broken Access Control	13	6.5	Nov 20, 2025
Emerce Core<= 1.8 SQL Injection	N/A	9.3	Nov 19, 2025
Uroan Core<= 1.4.4 SQL Injection	18.6	9.3	Nov 19, 2025
Woodly Core<= 1.4 SQL Injection	18.6	9.3	Nov 19, 2025
Saasplate Core<= 1.2.8 SQL Injection	18.6	9.3	Nov 19, 2025
Nestbyte Core<= 1.2 SQL Injection	18.6	9.3	Nov 19, 2025
ModelTheme Framework<= 1.9.2 Broken Access Control	15	7.5	Nov 19, 2025
Medinik Core<= 1.3.6 SQL Injection	18.6	9.3	Nov 19, 2025
Electio Core<= 1.4 SQL Injection	18.6	9.3	Nov 19, 2025
Crete Core<= 1.4.3 SQL Injection	18.6	9.3	Nov 19, 2025
HAPPY<= 1.0.8 Broken Access Control	37.72	8.2	Nov 18, 2025
DesignThemes Core Features<= 2.3 Cross Site Scripting (XSS)	14.2	7.1	Nov 18, 2025
Allmart<= 1.1 SQL Injection	N/A	9.3	Nov 19, 2025
ModelTheme Addons for WPBakery and Elementor< 1.5.6 PHP Object Injection	13.2	8.8	Nov 17, 2025
Coven Core<= 1.3 SQL Injection	18.6	9.3	Nov 14, 2025
Final User<= 1.2.5 Privilege Escalation	13.2	8.8	Nov 13, 2025
WP Membership<= 1.6.4 Privilege Escalation	26.4	8.8	Nov 13, 2025
WP Membership<= 1.6.4 Broken Access Control	14.6	7.3	Nov 12, 2025
Real Estate Pro<= 2.1.5 Broken Access Control	14.6	7.3	Nov 12, 2025
ListingHub<= 1.2.7 Broken Access Control	7.3	7.3	Nov 12, 2025
Listihub<= 1.0.6 Broken Access Control	N/A	7.3	Nov 12, 2025
JobBank<= 1.2.3 Broken Access Control	7.3	7.3	Nov 12, 2025
fitness-trainer<= 1.7.1 Broken Access Control	7.3	7.3	Nov 12, 2025
Final User<= 1.2.5 Broken Access Control	7.3	7.3	Nov 12, 2025
Hospital Doctor Directory<= 1.3.9 Broken Access Control	3.8	7.6	Nov 12, 2025
Institutions Directory<= 1.3..4 Broken Access Control	3.8	7.6	Nov 12, 2025
Hotel Listing<= 1.4.2 Broken Access Control	3.8	7.6	Nov 12, 2025
Hospital Doctor Directory<= 1.3.9 Broken Access Control	7.3	7.3	Nov 12, 2025
Hotel Listing<= 1.4.2 Broken Access Control	7.3	7.3	Nov 12, 2025
Institutions Directory<= 1.3.4 Broken Access Control	7.3	7.3	Nov 12, 2025
Hospital Doctor Directory<= 1.3.9 Privilege Escalation	13.2	8.8	Nov 12, 2025
Institutions Directory<= 1.3.4 Privilege Escalation	13.2	8.8	Nov 12, 2025
Lawyer Directory<= 1.3.4 Broken Access Control	7.3	7.3	Nov 12, 2025
Lawyer Directory<= 1.3.3 Broken Access Control	3.8	7.6	Nov 12, 2025
Lawyer Directory<= 1.3.3 Privilege Escalation	13.2	8.8	Nov 12, 2025
Ultra Portfolio<= 6.7 SQL Injection	12.75	8.5	Nov 11, 2025
Movie Booking<= 1.1.5 Arbitrary File Deletion	25.8	8.6	Nov 10, 2025
WPO365<= 40.0 Server Side Request Forgery (SSRF)	6.4	6.4	Nov 9, 2025
Smart Product Viewer<= 1.5.4 Broken Access Control	4.3	4.3	Dec 19, 2025
Premium Addons for Elementor<= 4.11.63 Settings Change	74.52	5.4	Dec 18, 2025
AWP Classifieds<= 4.4.3 Sensitive Data Exposure	10.6	5.3	Dec 17, 2025
Laurent Core<= 2.4.1 Local File Inclusion	11.25	7.5	Dec 14, 2025
Laurent<= 3.1 Local File Inclusion	11.25	7.5	Dec 14, 2025
MetForm Pro<= 3.9.1 Broken Access Control	4.3	4.3	Dec 13, 2025
The Events Calendar<= 6.15.12.2 Broken Access Control	74.52	5.4	Dec 10, 2025
WeDesignTech Ultimate Booking Addon<= 1.0.3 Broken Access Control	5.4	5.4	Dec 2, 2025
Worker for Elementor<= 1.0.10 Broken Access Control	N/A	5.4	Nov 10, 2025
Logger for Elementor<= 1.0.9 Broken Access Control	N/A	5.4	Nov 10, 2025
Worker for WPBakery<= 1.1.1 Broken Access Control	N/A	5.4	Nov 10, 2025
Appender<= 1.1.1 Broken Access Control	N/A	5.4	Nov 10, 2025
UnGrabber<= 3.1.3 Broken Access Control	N/A	5.4	Nov 10, 2025
Conformer for Elementor<= 1.0.7 Broken Access Control	N/A	5.4	Nov 10, 2025
Criptopayer for Elementor<= 1.0.1 Broken Access Control	N/A	5.4	Nov 10, 2025
Countdowner for Elementor<= 1.0.4 Broken Access Control	N/A	5.4	Nov 10, 2025
Headinger for Elementor<= 1.1.4 Broken Access Control	N/A	5.4	Nov 10, 2025
Couponer for Elementor<= 1.1.7 Broken Access Control	N/A	5.4	Nov 10, 2025
Watcher for Elementor<= 1.0.9 Broken Access Control	N/A	5.4	Nov 10, 2025
Questionar for Elementor<= 1.1.7 Broken Access Control	N/A	5.4	Nov 10, 2025
Gmaper for Elementor<= 1.0.9 Broken Access Control	N/A	5.4	Nov 10, 2025
Sliper for Elementor<= 1.0.10 Broken Access Control	N/A	5.4	Nov 10, 2025
Select Graphist for Elementor Graphist for Elementor<= 1.2.10 Broken Access Control	N/A	5.4	Nov 11, 2025
Walker for Elementor<= 1.1.6 Broken Access Control	N/A	5.4	Nov 10, 2025
Ultimate Store Kit Elementor Addons<= 2.9.4 Broken Access Control	9.89	4.3	Nov 30, 2025
Vango<= 1.3.3 Local File Inclusion	48.6	8.1	Apr 29, 2025
Rashy<= 1.1.3 Local File Inclusion	48.6	8.1	Apr 29, 2025
Lindo<= 1.2.5 Local File Inclusion	48.6	8.1	Apr 29, 2025
Dekoro<= 1.0.7 Local File Inclusion	48.6	8.1	Apr 29, 2025
Bfres<= 1.2.1 Local File Inclusion	48.6	8.1	Apr 29, 2025
Bailly<= 1.3.4 Local File Inclusion	48.6	8.1	Apr 29, 2025
Hyori<= 1.3.6 Local File Inclusion	48.6	8.1	Apr 29, 2025
Pippo<= 1.2.3 Local File Inclusion	48.6	8.1	Apr 29, 2025
Tech Life CPT<= 16.4 PHP Object Injection	13.2	8.8	Apr 26, 2025
Dental Care CPT<= 20.2 PHP Object Injection	13.2	8.8	Apr 26, 2025
Medicalequipment<= 1.0.9 Broken Access Control	N/A	5.3	Nov 26, 2025
WpEvently<= 5.0.8 Deserialization of untrusted data	30.36	8.8	Nov 25, 2025
Contentstudio<= 1.3.7 Arbitrary File Upload	31.4	9.1	Aug 30, 2025
Responsive Posts Carousel Pro<= 15.1 Local File Inclusion	8.44	7.5	Nov 25, 2025
Product Loops for WooCommerce<= 2.1.2 Broken Access Control	N/A	5.3	Nov 23, 2025
Share, Print and PDF Products for WooCommerce<= 3.1.2 Broken Access Control	N/A	5.3	Nov 23, 2025
Responsive Posts Carousel Pro<= 15.2 Cross Site Scripting (XSS)	3.66	6.5	Nov 25, 2025
BWL Knowledge Base Manager<= 1.6.3 Cross Site Scripting (XSS)	3.66	6.5	Nov 22, 2025
BWL Pro Voting Manager<= 1.4.9 Cross Site Scripting (XSS)	3.66	6.5	Nov 22, 2025
BWL Pro Voting Manager<= 1.4.9 SQL Injection	9.56	8.5	Nov 22, 2025
DesignThemes LMS Addon<= 2.6 Broken Access Control	N/A	5.3	Nov 18, 2025
HomeFix Elementor Portfolio<= 1.0.1 Broken Access Control	N/A	5.3	Nov 18, 2025
WeDesignTech Portfolio<= 1.0.2 Broken Access Control	10.6	5.3	Nov 18, 2025
DesignThemes Core<= 1.6 Cross Site Scripting (XSS)	4.88	6.5	Nov 17, 2025
DesignThemes Portfolio Addon<= 1.5 Cross Site Scripting (XSS)	4.88	6.5	Nov 17, 2025
ModelTheme Addons for WPBakery and Elementor< 1.5.6 Cross Site Scripting (XSS)	4.88	6.5	Nov 17, 2025
Image Caption Hover Pro< 20.0 Broken Access Control	N/A	5.4	Nov 25, 2025
Sober<= 3.5.11 Sensitive Data Exposure	10.6	5.3	Nov 20, 2025
User Extra Fields<= 16.8 Broken Access Control	10.6	5.3	Nov 23, 2025
xPromoter<= 1.3.4 SQL Injection	N/A	8.5	Nov 14, 2025
CountDown With Image or Video Background<= 1.5 SQL Injection	N/A	8.5	Nov 14, 2025
Accordion Slider PRO<= 1.2 SQL Injection	N/A	8.5	Nov 14, 2025
Directory Pro<= 2.5.6 Broken Access Control	4.3	4.3	Nov 12, 2025
WP Webhooks<= 3.3.8 Arbitrary File Upload	54	9	Nov 8, 2025
Buttoner for Elementor<= 1.0.6 Settings Change	N/A	5.4	Nov 11, 2025

Report vulnerabilities to earn bounties and rewards!

Include pending