Nabil Irawan

Say thanks

1216.34

XP

446

Reports

33

Reports, last 90 days

#11

17 Nov, 2025

Lvl 4

Website

GitHub

Exploited

Affected software \| Vulnerability	AXP	Severity	Reported
Auto Prune Posts<= 3.0.0 Cross Site Request Forgery (CSRF)	0.81	6.5	No date
WP Content Pilot<= 2.1.7 Broken Access Control	5.4	5.4	No date
Slider Templates<= 1.0.3 Server Side Request Forgery (SSRF)	4.9	4.9	No date
WPComplete<= 2.9.5.3 Broken Access Control	18.29	5.3	No date
Sendle Shipping<= 6.02 Broken Access Control	10.6	5.3	No date
Raychat<= 2.2.1 Cross Site Request Forgery (CSRF)	0.54	4.3	No date
Headline Analyzer<= 1.3.7 Cross Site Scripting (XSS)	4.88	6.5	No date
BuddyForms<= 2.9.0 Broken Access Control	10.6	5.3	No date
Social proof testimonials and reviews by Repuso<= 5.29 Broken Access Control	4.3	4.3	No date
Easy Post Submission<= 1.7.0 Sensitive Data Exposure	10.6	5.3	No date
Product Catalog Simple<= 1.8.4 Cross Site Request Forgery (CSRF)	0.54	4.3	No date
UPC/EAN/GTIN Code Generator<= 2.0.2 Cross Site Request Forgery (CSRF)	N/A	4.3	No date
Custom CSS<= 1.4.0 Broken Access Control	13	6.5	Sep 26, 2025
Export Categories<= 1.0 Broken Access Control	10.6	5.3	No date
Bulk Auto Image Title Attribute<= 2.0.1 Cross Site Scripting (XSS)	4.88	6.5	No date
USERCENTRICS CMP<= 1.0.9 Cross Site Scripting (XSS)	N/A	5.9	No date
Google+ Comments<= 1.0 Cross Site Scripting (XSS)	N/A	5.9	Jul 1, 2025
kontur Admin Style<= 1.0.4 Cross Site Scripting (XSS)	N/A	5.9	Jul 1, 2025
SEO Search Permalink<= 1.0.3 Cross Site Scripting (XSS)	N/A	5.9	Jul 1, 2025
Silencesoft RSS Reader<= 0.6 Cross Site Scripting (XSS)	N/A	5.9	Jul 1, 2025
Silencesoft RSS Reader<= 0.6 Server Side Request Forgery (SSRF)	N/A	5.4	Jul 1, 2025
Click & Tweet<= 0.8.9 Cross Site Scripting (XSS)	N/A	5.9	Jul 14, 2025
Recaptcha – wp<= 0.2.6 Cross Site Scripting (XSS)	N/A	5.9	Jul 14, 2025
WP Tesseract<= 1.0.2 Cross Site Scripting (XSS)	N/A	5.9	Jul 14, 2025
PopAd<= 1.0.4 Server Side Request Forgery (SSRF)	N/A	4.4	Jul 14, 2025
NewsmanApp<= 2.7.7 Cross Site Request Forgery (CSRF)	1.78	7.1	Jul 31, 2025
Smart Related Products<= 2.0.6 Cross Site Scripting (XSS)	N/A	5.9	Jul 13, 2025
Nota Fiscal Eletrônica WooCommerce<= 3.4.0.7 Broken Access Control	6.45	4.3	Jul 13, 2025
Nota Fiscal Eletrônica WooCommerce<= 3.4.0.7 Cross Site Scripting (XSS)	1.11	5.9	Jul 13, 2025
MWW Disclaimer Buttons<= 3.41 Cross Site Scripting (XSS)	N/A	5.9	Apr 28, 2025
Notely<= 1.8.0 Cross Site Scripting (XSS)	N/A	5.9	May 4, 2025
Map Categories to Pages<= 1.3.2 Cross Site Scripting (XSS)	N/A	5.9	Jul 2, 2025
Lenix scss compiler<= 1.2 Cross Site Request Forgery (CSRF)	1.61	4.3	Jul 3, 2025
Lenix scss compiler<= 1.2 Cross Site Scripting (XSS)	N/A	5.9	Jul 3, 2025
Netgsm<= 2.9.62 Broken Access Control	3.23	4.3	Jul 3, 2025
Simple Meta Tags<= 1.5 Cross Site Scripting (XSS)	3.66	6.5	Jul 3, 2025
The Tribal<= 1.3.3 Cross Site Scripting (XSS)	N/A	5.9	Jul 3, 2025
The Tribal<= 1.3.3 Sensitive Data Exposure	7.95	5.3	Jul 3, 2025
Post Featured Video<= 1.7 Cross Site Request Forgery (CSRF)	2.15	4.3	Jul 12, 2025
User Notes<= 1.0.2 Cross Site Scripting (XSS)	N/A	5.9	Jul 12, 2025
WeShare Buttons<= 13.0.0 Cross Site Scripting (XSS)	N/A	5.9	Jul 12, 2025
WP Media Categories<= 2.1.0 Cross Site Request Forgery (CSRF)	2.15	4.3	Jul 12, 2025
PE Easy Slider<= 1.1.0 Cross Site Scripting (XSS)	N/A	5.9	Jul 13, 2025
Video Blogster Lite<= 1.2 Cross Site Request Forgery (CSRF)	3.55	7.1	Jul 13, 2025
Werk aan de Muur<= 1.5 Cross Site Scripting (XSS)	N/A	5.9	Jul 13, 2025
WEDOS Global<= 1.2.2 Broken Access Control	10.6	5.3	Jul 15, 2025
Yext<= 1.1.3 Broken Access Control	10.6	5.3	Jul 15, 2025
CopySafe Web Protection<= 5.1 Broken Access Control	5.4	5.4	Jul 20, 2025
YayCurrency<= 3.3 Remote Code Execution (RCE)	N/A	6.6	Apr 20, 2025
Ultimate WP Mail<= 1.3.8 Cross Site Scripting (XSS)	3.66	6.5	Jul 4, 2025
CashBill.pl – Płatności WooCommerce<= 3.2.1 Cross Site Scripting (XSS)	N/A	5.9	Jul 4, 2025
SEO Backlink Monitor<= 1.6.0 Cross Site Request Forgery (CSRF)	1.61	4.3	Jul 4, 2025
SEO Backlink Monitor<= 1.6.0 Server Side Request Forgery (SSRF)	N/A	4.4	Jul 4, 2025
AffiliateWP – External Referral Links<= 1.2.0 Cross Site Scripting (XSS)	N/A	5.9	Jul 5, 2025
Beaf<= 1.6.2 Server Side Request Forgery (SSRF)	N/A	4.4	Jul 5, 2025
Better Find and Replace<= 1.7.6 Cross Site Scripting (XSS)	N/A	5.9	Jul 6, 2025
BMI Adult & Kid Calculator<= 1.2.2 Cross Site Scripting (XSS)	N/A	5.9	Jul 7, 2025
WooCommerce Additional Fees On Checkout (Free)<= 1.5.0 Cross Site Scripting (XSS)	N/A	5.9	Jul 9, 2025
Sales Count Manager for WooCommerce<= 2.5 Cross Site Scripting (XSS)	N/A	5.9	Jul 9, 2025
AgreeMe Checkboxes For WooCommerce<= 1.1.3 Cross Site Request Forgery (CSRF)	1.61	4.3	Jul 9, 2025
Epeken All Kurir<= 2.0.5 Cross Site Scripting (XSS)	1.11	5.9	Jul 9, 2025
Heureka<= 1.1.0 Broken Access Control	7.95	5.3	Jul 9, 2025
Product Time Countdown for WooCommerce<= 1.6.4 Cross Site Scripting (XSS)	1.11	5.9	Jul 9, 2025
Deliver via Shipos for WooCommerce<= 3.0.2 Cross Site Request Forgery (CSRF)	1.61	4.3	Jul 10, 2025
TOCHAT.BE<= 1.3.4 Cross Site Request Forgery (CSRF)	2.15	4.3	Jul 10, 2025
WP System Information<= 1.5 Sensitive Data Exposure	4.3	4.3	Jul 10, 2025
Envíos Coordinadora Woocommerce<= 1.1.31 Sensitive Data Exposure	7.95	5.3	Jul 11, 2025
UK Address Postcode Validation<= 3.9.2 Sensitive Data Exposure	7.95	5.3	Jul 11, 2025
Developer<= 1.2.6 Cross Site Request Forgery (CSRF)	2.15	4.3	Jul 11, 2025
Double the Donation<= 2.0.0 Cross Site Scripting (XSS)	N/A	5.9	Jul 12, 2025
Double the Donation<= 2.0.0 Cross Site Request Forgery (CSRF)	2.15	4.3	Jul 12, 2025
LWS Affiliation<= 2.3.6 Cross Site Request Forgery (CSRF)	2.15	4.3	Jul 16, 2025
Bot Block – Stop Spam Referrals in Google Analytics<= 2.6 Cross Site Scripting (XSS)	N/A	5.9	Jul 17, 2025
Subresource Integrity (SRI) Manager<= 0.4.0 Broken Access Control	4.3	4.3	Jul 17, 2025
Append extensions on Pages<= 1.1.2 Cross Site Scripting (XSS)	N/A	5.9	Jul 18, 2025
Append Link on Copy<= 0.2 Cross Site Scripting (XSS)	N/A	5.9	Jul 18, 2025
Emergency Password Reset<= 9.0 Cross Site Request Forgery (CSRF)	2.15	4.3	Jul 18, 2025
Skimlinks Affiliate Marketing Tool<= 1.3 Server Side Request Forgery (SSRF)	N/A	4.4	Jul 18, 2025
Skimlinks Affiliate Marketing Tool<= 1.3 Broken Access Control	10.6	5.3	Jul 18, 2025
WP Advanced PDF<= 1.1.7 Cross Site Scripting (XSS)	N/A	5.9	Jul 18, 2025
payOS<= 1.0.73 Cross Site Request Forgery (CSRF)	2.03	5.4	Jul 18, 2025
Plugin Security Scanner<= 2.0.2 Cross Site Scripting (XSS)	N/A	5.9	Jul 19, 2025
SiteNarrator Text-to-Speech Widget<= 1.9 Cross Site Scripting (XSS)	N/A	5.9	Jul 19, 2025
Maps for WP<= 1.2.5 Cross Site Scripting (XSS)	N/A	5.9	Jul 19, 2025
WooMS<= 9.12 Cross Site Scripting (XSS)	N/A	5.9	Jul 19, 2025
WooMS<= 9.12 Broken Access Control	7.95	5.3	Jul 19, 2025
WowAddons<= 1.5.2 Broken Access Control	7.95	5.3	Jul 19, 2025
Slightly troublesome permalink<= 1.2.0 Cross Site Scripting (XSS)	N/A	5.9	Jul 20, 2025
Travel Map<= 1.0.3 Cross Site Request Forgery (CSRF)	2.15	4.3	Jul 20, 2025
Hide WP Toolbar<= 2.7 Broken Access Control	4.3	4.3	Jul 22, 2025
SALESmanago<= 3.8.1 Cross Site Request Forgery (CSRF)	2.15	4.3	Jul 22, 2025
SALESmanago<= 3.8.1 Broken Access Control	10.6	5.3	Jul 22, 2025
Helpdesk Support Ticket System for WooCommerce<= 2.1.0 Broken Access Control	2.42	4.3	Jul 22, 2025
Advanced Appointment Booking & Scheduling<= 1.9 Cross Site Request Forgery (CSRF)	2.15	4.3	Jul 23, 2025
AuthorSure<= 2.3 Cross Site Scripting (XSS)	N/A	5.9	Jul 23, 2025
Safety Exit<= 1.8.0 Cross Site Scripting (XSS)	N/A	5.9	Jul 23, 2025
Advance Portfolio Grid<= 1.07.6 Cross Site Scripting (XSS)	N/A	5.9	Jul 24, 2025
BP Disable Activation Reloaded<= 1.2.1 Cross Site Request Forgery (CSRF)	3.25	6.5	Jul 24, 2025
MakeStories (for Google Web Stories)<= 3.0.4 Server Side Request Forgery (SSRF)	2.2	4.4	Jul 24, 2025
Ultimate Watermark<= 1.1 Broken Access Control	4.3	4.3	Jul 24, 2025

Report vulnerabilities to earn bounties and rewards!

Include pending