Nguyen Ba Khanh

2,477.27

XP

81

Reports

44

Reports, last 90 days

#6

31 Mar, 2026

Lvl 5

Website

GitHub

Exploited

Affected software \| Vulnerability	AXP	Severity	Reported
Woody ad snippets<= 2.7.1 Remote Code Execution (RCE)	66.83	9.9	17/01/2026
WP REST Cache<= 2026.1.0 Cross Site Scripting (XSS)	32.66	7.1	15/01/2026
User Verification<= 2.0.45 Broken Authentication	36.57	5.3	19/01/2026
WP User Frontend<= 4.2.8 Broken Access Control	34.5	7.5	09/01/2026
YML for Yandex Market< 5.3.0 Arbitrary File Deletion	5.1	6.8	28/01/2026
OOPSpam Anti-Spam<= 1.2.62 Cross Site Scripting (XSS)	32.66	7.1	11/02/2026
PublishPress Revisions<= 3.7.23 SQL Injection	85.56	9.3	04/02/2026
Photo Engine<= 6.4.9 Arbitrary File Upload	15.7	9.1	27/01/2026
ChatBot<= 7.7.9 SQL Injection	37.2	9.3	20/01/2026
Abandoned Cart Recovery for WooCommerce<= 1.1.10 Cross Site Scripting (XSS)	32.66	7.1	28/01/2026
Visual Portfolio, Photo Gallery & Post Grid<= 3.5.1 Local File Inclusion	45	7.5	01/02/2026
SMTP Mailer<= 1.1.24 Sensitive Data Exposure	45	7.5	02/02/2026
Restrict Content<= 3.2.22 Broken Access Control	15	7.5	13/02/2026
Contextual Related Posts< 4.2.2 Broken Access Control	73.14	5.3	01/02/2026
Booster for WooCommerce< 7.11.3 Broken Access Control	21.2	5.3	15/01/2026
UpsellWP<= 2.2.4 SQL Injection	3.8	7.6	12/02/2026
WOLF<= 1.0.8.7 SQL Injection	17.48	7.6	10/02/2026
EventPrime<= 4.2.6.0 Broken Access Control	34.5	7.5	11/12/2025
Product Feed PRO for WooCommerce<= 13.5.2 Cross Site Request Forgery (CSRF)	44.85	6.5	03/02/2026
CP Contact Form with Paypal<= 1.3.61 SQL Injection	12.75	8.5	31/01/2026
WP Time Slots Booking Form<= 1.2.42 Broken Access Control	10.6	5.3	31/01/2026
Astra Bulk Edit<= 1.2.10 Cross Site Scripting (XSS)	9.75	6.5	30/01/2026
WP EasyCart<= 5.8.13 SQL Injection	12.75	8.5	28/01/2026
Meow Gallery<= 5.4.4 SQL Injection	8.74	7.6	27/01/2026
Gift Up Gift Cards for WordPress and WooCommerce<= 3.1.7 Server Side Request Forgery (SSRF)	10.8	5.4	26/01/2026
Toocheke Companion<= 1.194 Cross Site Scripting (XSS)	4.88	6.5	22/01/2026
Team<= 5.0.13 Broken Access Control	12.19	5.3	21/01/2026
Ally<= 4.0.2 Broken Access Control	146.28	5.3	20/01/2026
Nelio AB Testing<= 8.2.4 SQL Injection	17.48	7.6	20/01/2026
PixelYourSite – Your smart PIXEL (TAG) Manager<= 11.2.0.1 Cross Site Scripting (XSS)	85.2	7.1	07/02/2026
WP Compress<= 6.60.28 Broken Access Control	10.6	5.3	18/01/2026
Rich Showcase for Google Reviews<= 6.9.4.3 Cross Site Scripting (XSS)	11.8	5.9	16/01/2026
Robo Gallery<= 5.1.2 Cross Site Scripting (XSS)	9.75	6.5	15/01/2026
Sigmize<= 0.0.9 Cross Site Request Forgery (CSRF)	9.89	4.3	04/12/2025

Report vulnerabilities to earn bounties and rewards!

Include pending