Nabil Irawan

Say thanks

1424.97

XP

488

Reports

35

Reports, last 90 days

#9

28 Dec, 2025

Lvl 4

Website

GitHub

Exploited

Affected software \| Vulnerability	AXP	Severity	Reported
WP Document Revisions<= 3.7.2 Broken Access Control	1.35	2.7	No date
Vimeotheque<= 2.3.5.2 Cross Site Request Forgery (CSRF)	0.54	4.3	No date
Fast User Switching<= 1.4.10 Cross Site Request Forgery (CSRF)	0.54	4.3	No date
Category Icon<= 1.0.2 Cross Site Scripting (XSS)	2.95	5.9	No date
YITH Slider for page builders<= 1.0.11 Broken Access Control	5.4	5.4	No date
Advanced Classifieds & Directory Pro<= 3.2.9 Cross Site Request Forgery (CSRF)	0.54	4.3	No date
Virusdie<= 1.1.6 Broken Access Control	4.3	4.3	No date
Virusdie<= 1.1.6 Sensitive Data Exposure	4.3	4.3	No date
WPBakery Visual Composer WHMCS Elements<= 1.0.4.3 Cross Site Scripting (XSS)	4.43	5.9	No date
Simple Keyword to Link<= 1.5 Cross Site Request Forgery (CSRF)	0.68	5.4	No date
Yaad Sarig Payment Gateway For WC<= 2.2.10 Broken Access Control	10.6	5.3	No date
UseStrict's Calendly Embedder<= 1.1.7.2 Cross Site Scripting (XSS)	4.43	5.9	No date
VK Google Job Posting Manager<= 1.2.22 Cross Site Scripting (XSS)	4.88	6.5	No date
Semrush Content Toolkit<= 1.1.32 Cross Site Request Forgery (CSRF)	0.68	5.4	No date
Meks Quick Plugin Disabler<= 1.0 Cross Site Request Forgery (CSRF)	0.68	5.4	No date
Accessibility by AudioEye<= 1.0.49 Broken Access Control	4.3	4.3	No date
Import external attachments<= 1.5.12 Broken Access Control	4.3	4.3	No date
Trinity Audio<= 5.23.3 Broken Access Control	4.3	4.3	No date
Fix Media Library<= 2.0 Sensitive Data Exposure	10.6	5.3	No date
WP Coupons and Deals<= 3.2.4 Broken Access Control	4.3	4.3	No date
Freshchat<= 2.3.4 Cross Site Request Forgery (CSRF)	0.54	4.3	No date
RTL Tester<= 1.2 Cross Site Request Forgery (CSRF)	0.54	4.3	No date
WP Flashy Marketing Automation<= 2.0.8 Cross Site Request Forgery (CSRF)	0.54	4.3	No date
WP Email Capture<= 3.12.4 Broken Access Control	12.19	5.3	No date
Integration for Salesforce and Contact Form 7, WPForms, Elementor, Formidable, Ninja <= 1.4.6 Broken Access Control	4.95	4.3	No date
Table Block by Tableberg<= 0.6.9 Broken Access Control	4.3	4.3	No date
Social Photo Fetcher<= 3.0.4 Cross Site Request Forgery (CSRF)	0.54	4.3	No date
Just TinyMCE Custom Styles<= 1.2.1 Cross Site Request Forgery (CSRF)	0.54	4.3	No date
PDF Thumbnail Generator<= 1.4 Cross Site Request Forgery (CSRF)	0.62	4.3	No date
Gravitec.net – Web Push Notifications<= 2.9.17 Broken Access Control	4.3	4.3	No date
Ergonet Cache<= 1.0.13 Broken Access Control	4.3	4.3	No date
Auto Alt Text<= 2.5.2 Cross Site Request Forgery (CSRF)	0.54	4.3	No date
Advanced FAQ Manager<= 1.5.2 Cross Site Scripting (XSS)	2.95	5.9	No date
Post Cloner<= 1.0.0 Broken Access Control	10.6	5.3	No date
SendPulse Email Marketing Newsletter<= 2.2.1 Sensitive Data Exposure	4.3	4.3	No date
Portfolio and Projects<= 1.5.5 Sensitive Data Exposure	3.23	4.3	No date
Image Cleanup<= 1.9.2 Sensitive Data Exposure	10.6	5.3	No date
Image Cleanup<= 1.9.2 Broken Access Control	4.3	4.3	No date
User Spam Remover<= 1.1 Sensitive Data Exposure	10.6	5.3	No date
SMTP Mail<= 1.3.50 Cross Site Request Forgery (CSRF)	0.54	4.3	No date
Media Library Downloader<= 1.4.0 Cross Site Request Forgery (CSRF)	0.54	4.3	No date
Custom Sidebars by ProteusThemes<= 1.0.3 Cross Site Request Forgery (CSRF)	0.54	4.3	No date
TNC Toolbox: Web Performance<= 2.0.4 Broken Access Control	4.3	4.3	No date
Quick Interest Slider<= 3.1.5 Cross Site Request Forgery (CSRF)	0.54	4.3	No date
Quick Interest Slider<= 3.1.5 Broken Access Control	10.6	5.3	No date
Flexmls® IDX<= 3.15.7 Open Redirection	9.4	4.7	No date
ConveyThis<= 268.10 Broken Access Control	10.6	5.3	No date
Featured Post Creative<= 1.5.5 Broken Access Control	3.23	4.3	No date
Giveaways and Contests by RafflePress<= 1.12.20 Cross Site Request Forgery (CSRF)	1.24	4.3	No date
Offload, AI & Optimize with Cloudflare Images<= 1.9.5 Broken Access Control	6.5	6.5	Oct 21, 2025
CBX Bookmark & Favorite<= 2.0.1 Broken Access Control	4.3	4.3	No date
WP Google Review Slider<= 17.4 Broken Access Control	10.8	5.4	No date
WP YouTube Lyte<= 1.7.28 Open Redirection	13.6	3.4	No date
WP Social Ninja<= 3.20.1 Broken Access Control	29.9	6.5	Oct 15, 2025
Auto Prune Posts<= 3.0.0 Cross Site Request Forgery (CSRF)	0.81	6.5	No date
WP Content Pilot<= 2.1.7 Broken Access Control	5.4	5.4	No date
Geo Controller<= 8.9.4 Sensitive Data Exposure	12.19	5.3	No date
Login Page Customizer – Customizer Login Page, Admin Page, Custom Design<= 2.1.1 Broken Access Control	13	6.5	Oct 9, 2025
I Order Terms<= 1.5.0 Cross Site Request Forgery (CSRF)	0.54	4.3	No date
Media Library File Download<= 1.4 Cross Site Request Forgery (CSRF)	0.54	4.3	No date
DoFollow Case by Case<= 3.5.1 Cross Site Request Forgery (CSRF)	0.54	4.3	No date
Slider Templates<= 1.0.3 Server Side Request Forgery (SSRF)	4.9	4.9	No date
WPComplete<= 2.9.5.3 Broken Access Control	18.29	5.3	No date
ThemeRain Core<= 1.1.9 Broken Access Control	10.6	5.3	No date
Sendle Shipping<= 6.02 Broken Access Control	10.6	5.3	No date
Raychat<= 2.2.1 Cross Site Request Forgery (CSRF)	0.54	4.3	No date
Headline Analyzer<= 1.3.7 Cross Site Scripting (XSS)	4.88	6.5	No date
BuddyForms<= 2.9.0 Broken Access Control	10.6	5.3	No date
Social proof testimonials and reviews by Repuso<= 5.29 Broken Access Control	4.3	4.3	No date
Easy Post Submission<= 1.7.0 Sensitive Data Exposure	10.6	5.3	No date
Product Catalog Simple<= 1.8.4 Cross Site Request Forgery (CSRF)	0.54	4.3	No date
UPC/EAN/GTIN Code Generator<= 2.0.2 Cross Site Request Forgery (CSRF)	N/A	4.3	No date
Custom CSS<= 1.4.0 Broken Access Control	13	6.5	Sep 26, 2025
Export Categories<= 1.0 Broken Access Control	10.6	5.3	No date
Bulk Auto Image Title Attribute<= 2.0.1 Cross Site Scripting (XSS)	4.88	6.5	No date
USERCENTRICS CMP<= 1.0.9 Cross Site Scripting (XSS)	N/A	5.9	No date
Google+ Comments<= 1.0 Cross Site Scripting (XSS)	N/A	5.9	Jul 1, 2025
kontur Admin Style<= 1.0.4 Cross Site Scripting (XSS)	N/A	5.9	Jul 1, 2025
SEO Search Permalink<= 1.0.3 Cross Site Scripting (XSS)	N/A	5.9	Jul 1, 2025
Silencesoft RSS Reader<= 0.6 Cross Site Scripting (XSS)	N/A	5.9	Jul 1, 2025
Silencesoft RSS Reader<= 0.6 Server Side Request Forgery (SSRF)	N/A	5.4	Jul 1, 2025
Click & Tweet<= 0.8.9 Cross Site Scripting (XSS)	N/A	5.9	Jul 14, 2025
Recaptcha – wp<= 0.2.6 Cross Site Scripting (XSS)	N/A	5.9	Jul 14, 2025
WP Tesseract<= 1.0.2 Cross Site Scripting (XSS)	N/A	5.9	Jul 14, 2025
PopAd<= 1.0.4 Server Side Request Forgery (SSRF)	N/A	4.4	Jul 14, 2025
NewsmanApp<= 2.7.7 Cross Site Request Forgery (CSRF)	1.78	7.1	Jul 31, 2025
Smart Related Products<= 2.0.7 Cross Site Scripting (XSS)	N/A	5.9	Jul 13, 2025
Nota Fiscal Eletrônica WooCommerce<= 3.4.0.9 Broken Access Control	6.45	4.3	Jul 13, 2025
Nota Fiscal Eletrônica WooCommerce<= 3.4.0.9 Cross Site Scripting (XSS)	1.11	5.9	Jul 13, 2025
MWW Disclaimer Buttons<= 3.41 Cross Site Scripting (XSS)	N/A	5.9	Apr 28, 2025
Notely<= 1.8.0 Cross Site Scripting (XSS)	N/A	5.9	May 4, 2025
Map Categories to Pages<= 1.3.2 Cross Site Scripting (XSS)	N/A	5.9	Jul 2, 2025
Lenix scss compiler<= 1.2 Cross Site Request Forgery (CSRF)	1.61	4.3	Jul 3, 2025
Lenix scss compiler<= 1.2 Cross Site Scripting (XSS)	N/A	5.9	Jul 3, 2025
Netgsm<= 2.9.62 Broken Access Control	3.23	4.3	Jul 3, 2025
Simple Meta Tags<= 1.5 Cross Site Scripting (XSS)	3.66	6.5	Jul 3, 2025
The Tribal<= 1.3.3 Cross Site Scripting (XSS)	N/A	5.9	Jul 3, 2025
The Tribal<= 1.3.3 Sensitive Data Exposure	7.95	5.3	Jul 3, 2025
Post Featured Video<= 1.7 Cross Site Request Forgery (CSRF)	2.15	4.3	Jul 12, 2025
User Notes<= 1.0.2 Cross Site Scripting (XSS)	N/A	5.9	Jul 12, 2025

Report vulnerabilities to earn bounties and rewards!

Include pending