Nabil Irawan

Say thanks

2078.68

XP

563

Reports

17

Reports, last 90 days

#15

17 Jan, 2026

Lvl 5

Website

GitHub

Exploited

Affected software \| Vulnerability	AXP	Severity	Reported
Tickera<= 3.5.6.4 Broken Access Control	4.3	4.3	Dec 10, 2025
Better Business Reviews<= 0.1.1 Broken Access Control	4.3	4.3	Dec 10, 2025
NextGEN Download Gallery<= 1.6.2 Sensitive Data Exposure	10.6	5.3	Dec 9, 2025
Campaign Monitor for WordPress<= 2.9.0 Broken Access Control	4.3	4.3	Dec 9, 2025
RSS Feed Widget<= 3.0.2 Broken Access Control	5.4	5.4	Dec 8, 2025
Bulk Landing Page Creator for WordPress LPagery<= 2.4.9 Broken Access Control	4.05	5.4	Dec 8, 2025
Image Slider Slideshow<= 1.8 Insecure Direct Object References (IDOR)	3.23	4.3	Dec 8, 2025
Dashboard Welcome for Beaver Builder<= 1.0.8 Broken Access Control	10.6	5.3	Dec 8, 2025
Speed Kit<= 2.0.2 Broken Access Control	4.3	4.3	Dec 8, 2025
teachPress<= 9.0.12 Cross Site Request Forgery (CSRF)	0.68	5.4	Dec 7, 2025
IMGspider<= 2.3.12 Server Side Request Forgery (SSRF)	3.68	4.9	Dec 7, 2025
BD Courier Order Ratio Checker<= 2.0.1 Broken Access Control	4.3	4.3	Dec 7, 2025
BulletProof Security<= 6.9 Sensitive Data Exposure	30	7.5	Oct 22, 2025
WP MapIt<= 3.0.3 Broken Access Control	3.23	4.3	Dec 5, 2025
Form to Chat App<= 1.2.5 Cross Site Scripting (XSS)	4.88	6.5	Dec 5, 2025
Add Polylang support for Customizer<= 1.4.5 Cross Site Request Forgery (CSRF)	0.54	4.3	Dec 5, 2025
Signature Add-On for Gravity Forms<= 1.8.6 Broken Access Control	4.3	4.3	Sep 24, 2025
Pardakht Delkhah<= 3.0.0 Cross Site Request Forgery (CSRF)	0.54	4.3	Sep 26, 2025
Co-marquage service-public.fr<= 0.5.77 Cross Site Request Forgery (CSRF)	0.54	4.3	Oct 11, 2025
WP Gmail SMTP<= 1.0.7 Cross Site Request Forgery (CSRF)	0.54	4.3	Oct 13, 2025
Hide Plugins<= 1.0.4 Broken Access Control	4.3	4.3	Oct 11, 2025
Post Snippets<= 4.0.11 Cross Site Request Forgery (CSRF)	1.08	4.3	Oct 15, 2025
Accordion Slider Gallery<= 2.7 Broken Access Control	3.23	4.3	Oct 19, 2025
FormFacade<= 1.4.1 Cross Site Request Forgery (CSRF)	0.54	4.3	Oct 21, 2025
Post Video Players<= 1.163 Sensitive Data Exposure	3.23	4.3	Oct 27, 2025
Robots.txt rewrite<= 1.6.1 Cross Site Request Forgery (CSRF)	0.54	4.3	Oct 27, 2025
Download Media Library<= 0.2.1 Sensitive Data Exposure	10.6	5.3	Oct 11, 2025
Trash Duplicate and 301 Redirect<= 1.9.1 Broken Access Control	10.6	5.3	Oct 13, 2025
AI Copilot<= 1.4.7 Broken Access Control	10.6	5.3	Oct 11, 2025
Realbig<= 1.1.3 Broken Access Control	10.6	5.3	Oct 27, 2025
DMCA Protection Badge<= 2.2.0 Broken Access Control	10.6	5.3	Oct 27, 2025
Portfolio Gallery<= 1.4.8 Broken Access Control	5.4	5.4	Sep 24, 2025
Reuters Direct<= 3.0.0 Broken Access Control	N/A	5.3	Nov 4, 2025
Add Custom Codes<= 4.80 Broken Access Control	5.4	5.4	Oct 9, 2025
EasyIndex<= 1.1.1704 Cross Site Request Forgery (CSRF)	0.68	5.4	Oct 11, 2025
OpenHook<= 4.3.1 Cross Site Request Forgery (CSRF)	0.68	5.4	Oct 13, 2025
Contact Form Widget<= 1.5.1 Cross Site Request Forgery (CSRF)	0.68	5.4	Oct 21, 2025
Core Web Vitals & PageSpeed Booster<= 1.0.27 Broken Access Control	5.4	5.4	Oct 27, 2025
Add Featured Image Custom Link<= 2.0.0 Cross Site Scripting (XSS)	2.95	5.9	Oct 13, 2025
Logo Slider , Logo Carousel , Logo showcase , Client Logo<= 1.8.1 Cross Site Scripting (XSS)	2.95	5.9	Oct 13, 2025
WP Post Signature<= 0.4.1 Cross Site Scripting (XSS)	2.95	5.9	Oct 13, 2025
Post Video Players<= 1.163 Cross Site Scripting (XSS)	2.95	5.9	Oct 27, 2025
MX Time Zone Clocks<= 5.1.1 Cross Site Scripting (XSS)	4.88	6.5	Oct 27, 2025
Import into Easy Property Listings<= 2.2.1 Cross Site Request Forgery (CSRF)	0.54	4.3	Oct 9, 2025
CodeColorer<= 0.10.1 Cross Site Scripting (XSS)	14.2	7.1	Sep 30, 2025
Civic Cookie Control<= 1.53 Broken Access Control	10.6	5.3	Nov 30, 2025
Slider Templates<= 1.0.3 Broken Access Control	13	6.5	Sep 24, 2025
Discussion Board<= 2.5.7 Broken Access Control	3.71	4.3	Nov 28, 2025
WP Document Revisions<= 3.7.2 Broken Access Control	1.35	2.7	Nov 25, 2025
Vimeotheque<= 2.3.5.2 Cross Site Request Forgery (CSRF)	0.54	4.3	Nov 25, 2025
Fast User Switching<= 1.4.10 Cross Site Request Forgery (CSRF)	0.54	4.3	Nov 25, 2025
Category Icon<= 1.0.2 Cross Site Scripting (XSS)	2.95	5.9	Nov 25, 2025
YITH Slider for page builders<= 1.0.11 Broken Access Control	5.4	5.4	Nov 24, 2025
Advanced Classifieds & Directory Pro<= 3.2.9 Cross Site Request Forgery (CSRF)	0.54	4.3	Nov 24, 2025
Virusdie<= 1.1.6 Broken Access Control	4.3	4.3	Nov 21, 2025
Virusdie<= 1.1.6 Sensitive Data Exposure	4.3	4.3	Nov 21, 2025
WPBakery Visual Composer WHMCS Elements<= 1.0.4.3 Cross Site Scripting (XSS)	4.43	5.9	Nov 17, 2025
Simple Keyword to Link<= 1.5 Cross Site Request Forgery (CSRF)	0.68	5.4	Nov 17, 2025
Yaad Sarig Payment Gateway For WC<= 2.2.10 Broken Access Control	10.6	5.3	Nov 15, 2025
UseStrict's Calendly Embedder<= 1.1.7.2 Cross Site Scripting (XSS)	4.43	5.9	Nov 17, 2025
VK Google Job Posting Manager<= 1.2.22 Cross Site Scripting (XSS)	4.88	6.5	Nov 16, 2025
Semrush Content Toolkit<= 1.1.32 Cross Site Request Forgery (CSRF)	0.68	5.4	Nov 16, 2025
Meks Quick Plugin Disabler<= 1.0 Cross Site Request Forgery (CSRF)	0.68	5.4	Nov 16, 2025
Accessibility by AudioEye<= 1.0.49 Broken Access Control	4.3	4.3	Nov 14, 2025
Import external attachments<= 1.5.12 Broken Access Control	4.3	4.3	Nov 14, 2025
Trinity Audio<= 5.23.3 Broken Access Control	4.3	4.3	Nov 12, 2025
Fix Media Library<= 2.0 Sensitive Data Exposure	10.6	5.3	Nov 12, 2025
WP Coupons and Deals<= 3.2.4 Broken Access Control	4.3	4.3	Nov 11, 2025
Freshchat<= 2.3.4 Cross Site Request Forgery (CSRF)	0.54	4.3	Nov 11, 2025
RTL Tester<= 1.2 Cross Site Request Forgery (CSRF)	0.54	4.3	Nov 11, 2025
WP Flashy Marketing Automation<= 2.0.8 Cross Site Request Forgery (CSRF)	0.54	4.3	Nov 8, 2025
WP Email Capture<= 3.12.4 Broken Access Control	12.19	5.3	Nov 8, 2025
Integration for Salesforce and Contact Form 7, WPForms, Elementor, Formidable, Ninja <= 1.4.6 Broken Access Control	4.95	4.3	Nov 8, 2025
Table Block by Tableberg<= 0.6.9 Broken Access Control	4.3	4.3	Nov 8, 2025
Social Photo Fetcher<= 3.0.4 Cross Site Request Forgery (CSRF)	0.54	4.3	Nov 8, 2025
Just TinyMCE Custom Styles<= 1.2.1 Cross Site Request Forgery (CSRF)	0.54	4.3	Nov 8, 2025
PDF Thumbnail Generator<= 1.4 Cross Site Request Forgery (CSRF)	0.62	4.3	Nov 6, 2025
Gravitec.net – Web Push Notifications<= 2.9.17 Broken Access Control	4.3	4.3	Nov 6, 2025
Ergonet Cache<= 1.0.13 Broken Access Control	4.3	4.3	Nov 6, 2025
Auto Alt Text<= 2.5.2 Cross Site Request Forgery (CSRF)	0.54	4.3	Nov 6, 2025
Advanced FAQ Manager<= 1.5.2 Cross Site Scripting (XSS)	2.95	5.9	Nov 6, 2025
Post Cloner<= 1.0.0 Broken Access Control	10.6	5.3	Nov 5, 2025
SendPulse Email Marketing Newsletter<= 2.2.1 Sensitive Data Exposure	4.3	4.3	Nov 5, 2025
Portfolio and Projects<= 1.5.5 Sensitive Data Exposure	3.23	4.3	Nov 5, 2025
Image Cleanup<= 1.9.2 Sensitive Data Exposure	10.6	5.3	Nov 4, 2025
Image Cleanup<= 1.9.2 Broken Access Control	4.3	4.3	Nov 4, 2025
User Spam Remover<= 1.1 Sensitive Data Exposure	10.6	5.3	Nov 4, 2025
SMTP Mail<= 1.3.51 Cross Site Request Forgery (CSRF)	0.54	4.3	Nov 4, 2025
Media Library Downloader<= 1.4.0 Cross Site Request Forgery (CSRF)	0.54	4.3	Nov 4, 2025
Custom Sidebars by ProteusThemes<= 1.0.3 Cross Site Request Forgery (CSRF)	0.54	4.3	Nov 4, 2025
TNC Toolbox: Web Performance<= 2.0.4 Broken Access Control	4.3	4.3	Oct 30, 2025
Quick Interest Slider<= 3.1.5 Cross Site Request Forgery (CSRF)	0.54	4.3	Oct 30, 2025
Quick Interest Slider<= 3.1.5 Broken Access Control	10.6	5.3	Oct 30, 2025
Flexmls® IDX<= 3.15.7 Open Redirection	9.4	4.7	Oct 30, 2025
ConveyThis<= 269 Broken Access Control	10.6	5.3	Oct 30, 2025
Featured Post Creative<= 1.5.5 Broken Access Control	3.23	4.3	Oct 27, 2025
ANAC XML Viewer<= 1.8.2 Server Side Request Forgery (SSRF)	3.68	4.9	Oct 27, 2025
Giveaways and Contests by RafflePress<= 1.12.20 Cross Site Request Forgery (CSRF)	1.24	4.3	Oct 22, 2025
Offload, AI & Optimize with Cloudflare Images<= 1.9.5 Broken Access Control	6.5	6.5	Oct 21, 2025
CBX Bookmark & Favorite<= 2.0.1 Broken Access Control	4.3	4.3	Oct 19, 2025

Report vulnerabilities to earn bounties and rewards!

Include pending