Pricing
Solutions
WordPress security
Instantly fix and mitigate vulnerabilities
Plugin auditing
Paid auditing for WordPress vendors
Managed VDP
Start a security program for your plugins
Bug Bounty
Join the community and earn bounties
Enterprise API
At scale monitoring and vPatching for hosts
Vulnerability database
The latest WordPress security intelligence
Login
Start trial
minhtuanact
Say thanks
599.3
XP
66
Reports
0
Reports, last 90 days
#11
18 Nov, 2025
Lvl 2
1
0
0
1
Website
X
GitHub
Sort by
Priority
Severity
Exploited
Search
Affected software | Vulnerability
CVE
AXP
Severity
Reported
Easy Google Maps
<= 1.11.18
XML External Entity (XXE)
6.6
6.6
Nov 25, 2024
Category Icon
<= 1.0.1
Arbitrary File Download
3.68
4.9
Nov 26, 2024
Fonto
<= 1.2.2
Arbitrary File Download
3.68
4.9
Nov 26, 2024
WordPress Tag Cloud Plugin – Tag Groups
<= 2.0.4
Cross Site Scripting (XSS)
14.2
7.1
Nov 27, 2024
BSK Forms Blacklist
<= 3.9
Cross Site Request Forgery (CSRF)
4.1
8.2
Nov 26, 2024
Persian Woocommerce SMS
<= 7.0.5
Cross Site Scripting (XSS)
28.4
7.1
Nov 28, 2024
Landing Page Builder
<= 1.5.1.5
Open Redirection
9.4
4.7
Mar 31, 2023
Ultimate Addons for Contact Form 7
<= 3.2.6
Broken Access Control
15
7.5
Jun 22, 2023
EazyDocs
<= 2.3.5
Cross Site Scripting (XSS)
11.8
6.8
Mar 27, 2023
Integrate Google Drive
<= 1.3.2
Open Redirection
9.4
4.7
Mar 29, 2023
Icons Font Loader
<= 1.1.2
SQL Injection
12.75
8.5
Mar 28, 2023
Libsyn Publisher Hub
<= 1.4.4
Cross Site Scripting (XSS)
14.2
7.1
Mar 30, 2023
Libsyn Publisher Hub
<= 1.4.4
Sensitive Data Exposure
10.6
5.3
Mar 30, 2023
Accessibility Suite
<= 4.12
SQL Injection
12.75
8.5
Mar 31, 2023
Copy Or Move Comments
<= 5.0.4
Cross Site Scripting (XSS)
11.6
5.8
Mar 24, 2023
affiliate-toolkit
<= 3.3.9
Open Redirection
9.4
4.7
Mar 22, 2023
Copy Or Move Comments
<= 5.0.4
SQL Injection
12.75
8.5
Mar 23, 2023
GD Security Headers
<= 1.6.1
Cross Site Scripting (XSS)
14.2
7.1
Mar 28, 2023
Contact form 7 Custom validation
<= 1.1.3
SQL Injection
24.6
8.2
Mar 23, 2023
Doofinder for WooCommerce
<= 1.5.49
Open Redirection
9.4
4.7
Mar 27, 2023
PixTypes
<= 1.4.15
Cross Site Scripting (XSS)
14.2
7.1
Feb 2, 2023
Donations Made Easy – Smart Donations
<= 4.0.12
SQL Injection
N/A
7.6
Dec 21, 2022
Onepage Builder – Easiest Landing Page Builder For WordPress
<= 2.4.1
SQL Injection
N/A
6.7
Dec 21, 2022
Dynamic Visibility for Elementor
<= 5.0.5
Broken Access Control
10.8
5.4
May 31, 2023
WP ERP
<= 1.12.3
Cross Site Scripting (XSS)
14.2
7.1
Mar 27, 2023
MailChimp Subscribe Forms
<= 4.0.9.3
Open Redirection
9.4
4.7
Mar 30, 2023
Order Your Posts Manually
<= 2.2.5
Cross Site Scripting (XSS)
14.2
7.1
Mar 31, 2023
Order Your Posts Manually
<= 2.2.5
Cross Site Scripting (XSS)
14.2
7.1
Mar 31, 2023
Order Your Posts Manually
<= 2.2.5
SQL Injection
N/A
7.6
Mar 31, 2023
Woo Custom Emails
<= 2.2
Broken Access Control
14.6
7.3
Mar 31, 2023
Ultimate Addons for Contact Form 7
<= 3.1.23
SQL Injection
8.2
8.2
Dec 22, 2022
Radio Station
<= 2.4.0.9
Cross Site Scripting (XSS)
14.2
7.1
Mar 31, 2023
Maintenance Switch
<= 1.6.2
Cross Site Scripting (XSS)
7.1
7.1
Dec 14, 2022
Mass Email To users
<= 1.1.4
Cross Site Scripting (XSS)
7.1
7.1
Dec 14, 2022
Advanced Category Template
<= 0.1
Cross Site Scripting (XSS)
14.2
7.1
Mar 19, 2023
vSlider Multi Image Slider for WordPress
<= 4.1.2
Cross Site Request Forgery (CSRF)
4.3
4.3
Dec 22, 2022
Shortcode IMDB
<= 6.0.8
SQL Injection
N/A
6.7
Dec 21, 2022
The School Management – Education & Learning Management
<= 4.1
SQL Injection
N/A
6.7
Dec 21, 2022
Accessibility Suite
<= 4.12
SQL Injection
6.4
6.4
Dec 19, 2022
Kodex Posts likes
<= 2.4.3
Cross Site Request Forgery (CSRF)
4.3
4.3
Dec 8, 2022
Email Subscription Popup
<= 1.2.16
Cross Site Scripting (XSS)
14.2
7.1
Mar 27, 2023
Neshan Maps
<= 1.1.4
SQL Injection
N/A
6
Dec 19, 2022
Amelia
<= 1.0.75
Cross Site Scripting (XSS)
42.6
7.1
Mar 22, 2023
Dynamics 365 Integration
<= 1.3.13
Broken Access Control
4.3
4.3
Mar 31, 2023
Product Catalog Simple
<= 1.6.17
Cross Site Scripting (XSS)
14.2
7.1
Mar 31, 2023
Magic Post Thumbnail
<= 4.1.10
Cross Site Scripting (XSS)
14.2
7.1
Mar 30, 2023
PropertyHive
<= 1.5.46
Cross Site Scripting (XSS)
14.2
7.1
Mar 31, 2023
Affiliates Manager
<= 2.9.20
Cross Site Request Forgery (CSRF)
2.7
5.4
Mar 22, 2023
Advanced Page Visit Counter
<= 6.4.2
SQL Injection
7.99
7.1
Mar 19, 2023
WooCommerce JazzCash Gateway Plugin
<= 2.0
Cross Site Scripting (XSS)
7.1
7.1
Dec 8, 2022
Open RDW kenteken voertuiginformatie
<= 2.0.14
Cross Site Scripting (XSS)
7.1
7.1
Dec 15, 2022
Mortgage Calculator Estatik
<= 2.0.12
Cross Site Scripting (XSS)
N/A
7.1
No date
Open Graphite
<= 1.6.0
Cross Site Scripting (XSS)
7.1
7.1
Dec 15, 2022
Slideshow Gallery
<= 1.7.6
SQL Injection
N/A
6.7
Dec 21, 2022
Broadcast Live Video – Live Streaming : WebRTC, HLS, RTSP, RTMP
<= 5.5.15
Remote Code Execution (RCE)
9
9
Dec 28, 2022
Multi Rating
<= 5.0.6
Cross Site Scripting (XSS)
7.1
7.1
Dec 15, 2022
微信机器人高级版
<= 6.2.2.1
Cross Site Scripting (XSS)
7.1
7.1
Nov 28, 2022
Responsive Image Gallery, Gallery Album
<= 2.0.1
Cross Site Scripting (XSS)
7.1
7.1
Dec 17, 2022
Multi Rating
<= 5.0.6
Broken Access Control
N/A
5.3
No date
Image Hover Effects - Caption Hover with Carousel
<= 2.8
Cross Site Scripting (XSS)
7.1
7.1
Nov 29, 2022
WPComplete
<= 2.9.4
Cross Site Scripting (XSS)
7.1
7.1
Nov 29, 2022
Simple Photo Gallery
<= v1.8.1
SQL Injection
N/A
6.7
Dec 21, 2022
User Meta Manager
<= 3.5.0
Cross Site Scripting (XSS)
7.1
7.1
Jan 12, 2023
Custom 404 Pro
<= 3.7.0
SQL Injection
N/A
8.3
Dec 22, 2022
Map Multi Marker
<= 3.2.1
Cross Site Scripting (XSS)
7.1
7.1
Dec 14, 2022
MagicForm
<= 0.1
Cross Site Scripting (XSS)
7.1
7.1
Dec 14, 2022
Joli Table Of Contents
<= 1.3.9
Cross Site Request Forgery (CSRF)
5.4
5.4
Dec 8, 2022
Launchpad – Coming Soon & Maintenance Mode Plugin
<= 1.0.13
Cross Site Request Forgery (CSRF)
5.4
5.4
Dec 9, 2022
Advanced Booking Calendar
<= 1.7.1
SQL Injection
N/A
10
No date
Advanced Booking Calendar
<= 1.7.1
Cross Site Request Forgery (CSRF)
N/A
5.4
No date
WP ULike
<= 4.6.4
Race Condition
N/A
5.3
No date
WP-Polls
<= 2.76.0
Race Condition
N/A
4.3
No date
Store Locator WordPress
<= 1.4.5
Cross Site Request Forgery (CSRF)
N/A
6.1
No date
Rate my Post
<= 3.3.4
Race Condition
N/A
4.3
No date
Rate my Post
<= 3.3.4
Cross Site Request Forgery (CSRF)
N/A
4.3
No date
WP-PostRatings
<= 1.89
Race Condition
N/A
4.3
No date
Event Calendar – Calendar
<= 1.4.6
Broken Access Control
N/A
6.5
No date
Contest Gallery
<= 17.0.4
SQL Injection
N/A
7.6
No date
Admin Management Xtended
<= 2.4.4
Cross Site Request Forgery (CSRF)
N/A
5.4
No date
Image Hover Effects Ultimate
<= 9.7.1
Cross Site Scripting (XSS)
N/A
4.8
No date
Download Monitor
<= 4.4.6
Cross Site Scripting (XSS)
N/A
4.8
No date
ThirstyAffiliates
<= 3.9.2
Cross Site Scripting (XSS)
N/A
5.4
No date
Report vulnerabilities to earn bounties and rewards!
Read more
Include pending
Back to top