Nabil Irawan

Say thanks

2,715.44

XP

637

Reports

5

Reports, last 90 days

#26

27 Apr, 2026

🇮🇩

Lvl 6

Website

GitHub

Exploited

Affected software \| Vulnerability	AXP	Severity	Reported
Rescue Shortcodes<= 3.3 Cross Site Scripting (XSS)	4.88	6.5	09/10/2025
ACF Galerie 4<= 1.4.2 Broken Access Control	4.3	4.3	30/09/2025
HAPPY<= 1.0.10 Broken Access Control	29.9	6.5	04/02/2026
ElementInvader Addons for Elementor<= 1.4.2 SQL Injection	17	8.5	19/12/2025
WPCargo Track & Trace<= 8.0.2 Broken Access Control	15	7.5	30/12/2025
Kargo Takip< 0.2.4 Broken Access Control	6.5	6.5	16/01/2026
WP Terms Popup<= 2.10.0 Broken Access Control	15	7.5	17/01/2026
Petitioner<= 0.7.3 Broken Access Control	3.25	6.5	21/01/2026
WP Insightly for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms<= 1.1.5 Broken Access Control	3.25	6.5	28/01/2026
WPVulnerability<= 4.2.1 Broken Access Control	6.5	6.5	28/12/2025
Nexa Blocks<= 1.1.1 PHP Object Injection	39.2	9.8	27/12/2025
Integration for Mailchimp and Contact Form 7, WPForms, Elementor, Ninja Forms<= 1.2.2 Broken Access Control	6.5	6.5	27/12/2025
avalex<= 3.1.3 Broken Access Control	13	6.5	19/12/2025
WP EasyPay<= 4.2.11 Broken Access Control	5.4	5.4	11/01/2026
InstaWP Connect<= 0.1.2.5 Broken Access Control	24.84	5.4	09/02/2026
Atarim<= 4.3.2 Broken Access Control	9.89	4.3	06/02/2026
WordPress CTA<= 2.1.2 Broken Access Control	13	6.5	04/12/2025
AnyTrack Affiliate Link Manager<= 1.5.5 Broken Access Control	5.3	5.3	31/01/2026
Mailercloud – Integrate webforms and synchronize website contacts<= 1.0.7 Broken Access Control	5.3	5.3	31/01/2026
VW School Education<= 1.4.6 Broken Access Control	5.3	5.3	31/01/2026
VW Portfolio<= 1.3.3 Broken Access Control	5.3	5.3	31/01/2026
VW Photography<= 1.3.8 Broken Access Control	5.3	5.3	31/01/2026
VW Pet Shop<= 1.4.7 Broken Access Control	5.3	5.3	31/01/2026
VW Fitness<= 4.3.4 Broken Access Control	5.3	5.3	31/01/2026
The Tribal<= 1.3.4 Sensitive Data Exposure	7.95	5.3	31/01/2026
Accept PayPal Payments using Contact Form 7<= 4.0.5 Broken Access Control	7.95	5.3	30/01/2026
Make My Trivia<= 1.1.0 Broken Access Control	5.3	5.3	30/01/2026
Precious Metals Automated Product Pricing – Pro<= 4.0.5 Broken Access Control	5.3	5.3	30/01/2026
Popup Like box<= 3.7.7 Broken Access Control	5.3	5.3	30/01/2026
3D viewer – Embed 3D Models<= 1.8.5 Broken Access Control	7.42	4.3	30/01/2026
VW Education Lite<= 2.2.0 Broken Access Control	5.3	5.3	30/01/2026
ShopWP<= 5.2.4 Broken Access Control	7.95	5.3	30/01/2026
WowOptin<= 1.4.34 Broken Access Control	7.95	5.3	30/01/2026
Payment Gateway Pix For GiveWP<= 2.2.3 Broken Access Control	5.3	5.3	29/01/2026
AI Workflow Automation<= 1.4.2 Broken Access Control	5.3	5.3	28/01/2026
The Publisher Desk ads.txt<= 1.5.0 Broken Access Control	5.3	5.3	28/01/2026
Sprout Clients<= 3.2.2 Cross Site Scripting (XSS)	11.21	6.5	28/01/2026
Magazine Blocks<= 1.8.3 Broken Access Control	7.42	4.3	27/01/2026
Podigee<= 1.4.0 Server Side Request Forgery (SSRF)	8.1	5.4	27/01/2026
Pochipp< 1.18.9 Broken Access Control	5.4	5.4	26/01/2026
PDF Poster<= 2.4.0 Broken Access Control	9.32	5.4	26/01/2026
Squeeze<= 1.7.7 Directory Traversal	3.75	5	26/01/2026
FSM Custom Featured Image Caption<= 1.25.1 Cross Site Scripting (XSS)	2.95	5.9	26/01/2026
Cryptocurrency Donation Box – Bitcoin & Crypto Donations<= 2.2.13 Broken Access Control	7.95	5.3	24/01/2026
Author Avatars List/Block<= 2.1.25 Broken Access Control	12.19	5.3	24/01/2026
Garden Gnome Package<= 2.4.1 Cross Site Scripting (XSS)	2.95	5.9	22/01/2026
linkPizza-Manager<= 5.5.5 Broken Access Control	7.95	5.3	22/01/2026
Studio99 WP Monitor<= 1.0.3 Broken Access Control	5.3	5.3	22/01/2026
Image Slider by Ays<= 2.7.1 Broken Access Control	5.3	5.3	22/01/2026
Xpro Addons For Beaver Builder – Lite<= 1.5.6 Broken Access Control	7.95	5.3	21/01/2026
PublishPress Capabilities<= 2.31.0 Broken Access Control	39.56	4.3	21/01/2026
Court Reservation<= 1.10.13 Broken Access Control	5.3	5.3	20/01/2026
Checkout for PayPal<= 1.0.46 Broken Access Control	7.95	5.3	20/01/2026
Korea SNS<= 1.7.0 Cross Site Scripting (XSS)	2.95	5.9	19/01/2026
Hello Bar Popup Builder<= 1.5.1 Cross Site Scripting (XSS)	4.88	6.5	19/01/2026
Leadrebel<= 1.0.2 Broken Access Control	5.3	5.3	19/01/2026
Image Photo Gallery Final Tiles Grid<= 3.6.10 Broken Access Control	7.42	4.3	19/01/2026
TrueBooker<= 1.1.6 Broken Access Control	7.95	5.3	19/01/2026
Panda Pods Repeater Field<= 1.5.12 Broken Access Control	7.95	5.3	18/01/2026
Geo to Lat<= 1.0.19 SQL Injection	9.56	8.5	17/01/2026
Modal Dialog<= 3.5.16 Remote Code Execution (RCE)	N/A	9.1	17/01/2026
Video Conferencing with Zoom<= 4.6.6 Broken Access Control	4.95	4.3	16/01/2026
WP Sessions Time Monitoring Full Automatic<= 1.1.3 Broken Access Control	7.95	5.3	16/01/2026
Simple Blog Card<= 2.37 Server Side Request Forgery (SSRF)	4.8	6.4	15/01/2026
WPSchoolPress<= 2.2.38 Broken Access Control	4.9	4.9	14/01/2026
Getty Images<= 4.1.0 Server Side Request Forgery (SSRF)	4.8	6.4	14/01/2026
MAS Videos<= 1.3.2 Broken Access Control	10.6	5.3	12/01/2026
Real 3D FlipBook<= 4.19.1 Broken Access Control	1.9	3.8	28/12/2025
JW Player for WordPress<= 2.3.7 Broken Access Control	4.05	5.4	11/01/2026
Cliengo – Chatbot<= 3.0.4 Broken Access Control	6.5	6.5	25/11/2025
Textmetrics<= 3.6.4 Broken Access Control	6.21	5.4	09/01/2026
Mizan Demo Importer<= 0.1.3 Broken Access Control	5.4	5.4	31/12/2025
WP Sync for Notion<= 1.7.0 Broken Access Control	3.23	4.3	31/12/2025
Atarim<= 4.3.1 Broken Access Control	24.38	5.3	31/12/2025
WP Wand<= 1.3.07 Broken Access Control	4.05	5.4	31/12/2025
OSM<= 6.1.12 Broken Access Control	3.23	4.3	30/12/2025
Knowledge Base for Documentation, FAQs with AI Assistance<= 16.011.0 Broken Access Control	4.3	4.3	30/12/2025
Broken Link Notifier<= 1.3.5 Broken Access Control	10.6	5.3	30/12/2025
SupportCandy<= 3.4.4 Broken Access Control	10.6	5.3	30/12/2025
JAMstack Deployments<= 1.1.1 Broken Access Control	4.3	4.3	29/12/2025
WP-CORS<= 0.2.2 Broken Access Control	4.3	4.3	29/12/2025
Zita Elementor Site Library<= 1.6.6 Cross Site Request Forgery (CSRF)	4.3	4.3	29/12/2025
Revision Manager TMC<= 2.8.22 Cross Site Request Forgery (CSRF)	4.3	4.3	29/12/2025
Enter Addons<= 2.3.2 Cross Site Request Forgery (CSRF)	4.3	4.3	29/12/2025
Kama Thumbnail<= 3.5.1 Cross Site Request Forgery (CSRF)	4.3	4.3	27/12/2025
WP Subscribe<= 1.2.16 Broken Access Control	4.3	4.3	27/12/2025
WP FullCalendar<= 1.6 Sensitive Data Exposure	10.6	5.3	27/12/2025
Nexter Blocks<= 4.6.3 Sensitive Data Exposure	9.89	4.3	27/12/2025
Tablesome<= 1.2.8 Broken Access Control	4.95	4.3	27/12/2025
CLP Varnish Cache<= 1.0.2 Broken Access Control	10.6	5.3	27/12/2025
SiteLock Security – WP Hardening, Login Security & Malware Scans<= 5.0.2 Broken Access Control	4.3	4.3	26/12/2025
Share This Image<= 2.09 Broken Access Control	24.38	5.3	26/12/2025
TOP Table Of Contents<= 1.3.31 Broken Access Control	4.3	4.3	26/12/2025
Booter<= 1.5.7 Broken Access Control	4.3	4.3	26/12/2025
Automatic Featured Images from Videos<= 1.2.7 Broken Access Control	3.23	4.3	26/12/2025
Protección de datos – RGPD<= 0.68 Broken Access Control	10.6	5.3	25/12/2025
Integrate Google Drive<= 1.5.6 Broken Access Control	6.21	5.4	25/12/2025
Download After Email<= 2.1.9 Broken Access Control	10.6	5.3	25/12/2025
WP Term Order<= 2.1.0 Cross Site Request Forgery (CSRF)	4.3	4.3	25/12/2025
WP Job Portal<= 2.4.3 Insecure Direct Object References (IDOR)	9.89	4.3	25/12/2025

Report vulnerabilities to earn bounties and rewards!

Include pending