Pricing
Case studies
Login
Start trial
Nguyen Ba Khanh
4,414.43
XP
141
Reports
10
Reports, last 90 days
#3
12 Jul, 2026
Lvl 7
0
0
3
2
Website
X
GitHub
Sort by
Priority
Severity
Exploited
Search
Clear
Affected software | Vulnerability
CVE
AXP
Severity
Reported
NEX-Forms
<= 9.2.2
Cross Site Scripting (XSS)
14.2
7.1
28/01/2026
ICS Calendar
<= 12.1.1
Cross Site Scripting (XSS)
14.2
7.1
27/06/2026
Free Gifts for WooCommerce
<= 13.1.0
Cross Site Scripting (XSS)
14.2
7.1
20/04/2026
Simple File List
<= 6.3.8
Cross Site Scripting (XSS)
7.1
7.1
20/06/2026
JobSearch
<= 3.2.9
Cross Site Scripting (XSS)
16.33
7.1
23/04/2026
EduMall
<= 4.5.1
Broken Access Control
N/A
4.3
09/03/2026
Advanced Shipment Tracking for WooCommerce
<= 4.0
SQL Injection
11.4
7.6
01/02/2026
Sendcloud Shipping
<= 1.0.31
Broken Access Control
N/A
5.3
10/02/2026
Kit (formerly ConvertKit) for WooCommerce
<= 2.1.6
Sensitive Data Exposure
N/A
5.3
09/02/2026
Survey Maker
<= 5.2.2.5
Cross Site Scripting (XSS)
14.2
7.1
29/04/2026
Modula - PRO
<= 2.10.8
Cross Site Scripting (XSS)
10.65
7.1
20/04/2026
WP Photo Album Plus
<= 9.2.02.004
Cross Site Scripting (XSS)
14.2
7.1
17/06/2026
WowAddons
<= 1.6.14
Cross Site Scripting (XSS)
14.2
7.1
09/03/2026
wpDataTables
<= 6.5.1.1
Cross Site Scripting (XSS)
48.99
7.1
22/06/2026
Admin and Site Enhancements (ASE) Pro
<= 8.8.5
Cross Site Scripting (XSS)
9.6
9.6
18/06/2026
Blocksy Companion Pro
<= 2.1.46
Remote Code Execution (RCE)
207
10
19/06/2026
WooCommerce Designer Pro
<= 1.9.34
Cross Site Scripting (XSS)
6.5
6.5
14/04/2026
Exclusive Addons Elementor
<= 2.7.9.8
Cross Site Scripting (XSS)
14.63
6.5
01/02/2026
weMail
<= 2.1.2
Cross Site Scripting (XSS)
32.66
7.1
20/01/2026
FOX
<= 1.4.8
Cross Site Scripting (XSS)
48.99
7.1
08/06/2026
JetSmartFilters
<= 3.8.3
SQL Injection
42.78
9.3
17/06/2026
Automatic
< 3.135.1
Cross Site Scripting (XSS)
28.4
7.1
23/04/2026
Responsive Lightbox
<= 2.7.6
Cross Site Scripting (XSS)
56.8
7.1
10/03/2026
Filter & Grids
<= 3.11.5
SQL Injection
27.9
9.3
07/06/2026
Advanced Ads
<= 2.0.21
Remote Code Execution (RCE)
67.5
7.5
10/04/2026
JobSearch
<= 3.2.9
SQL Injection
42.78
9.3
23/04/2026
Cornerstone
< 7.8.8
SQL Injection
17
8.5
23/04/2026
SEO Plugin by Squirrly SEO
<= 12.4.16
Broken Access Control
30
7.5
12/03/2026
WooCommerce POS
<= 1.8.14
Broken Access Control
15
7.5
14/02/2026
WorkScout-Core
<= 1.7.11
Arbitrary File Deletion
39
6.5
13/04/2026
SigmaForms Pro – AI Generated Forms
<= 1.4.5
Arbitrary File Upload
N/A
9
07/06/2026
WP Migrate Lite
<= 2.7.8
Cross Site Request Forgery (CSRF)
11.75
4.7
11/02/2026
WooCommerce Dropshipping
<= 5.2.4
Broken Authentication
39
6.5
20/04/2026
Cornerstone
< 7.8.8
Arbitrary Code Execution
25.5
8.5
23/04/2026
Dokan
<= 5.0.2
Privilege Escalation
52.8
8.8
29/04/2026
Affiliate Super Assistent
<= 1.10.1
Cross Site Scripting (XSS)
14.2
7.1
30/04/2026
Modula Image Gallery
<= 2.14.23
Cross Site Scripting (XSS)
59.8
6.5
26/04/2026
YITH WooCommerce Product Add-Ons
<= 4.29.0
SQL Injection
8.74
7.6
26/01/2026
Smart Manager
<= 8.85.0
Privilege Escalation
45.54
8.8
09/03/2026
MyCryptoCheckout
<= 2.161
Broken Access Control
15
7.5
19/01/2026
wpForo Forum
<= 3.0.4
SQL Injection
37.2
9.3
07/04/2026
SliceWP
<= 1.2.6
Cross Site Scripting (XSS)
14.2
7.1
12/03/2026
AutomatorWP
<= 5.6.7
Cross Site Scripting (XSS)
14.4
7.2
06/03/2026
PowerPack Pro for Elementor
< v2.13.0
Broken Authentication
121.44
8.8
03/04/2026
SureForms Pro
<= 2.8.0
Broken Access Control
33.58
7.3
20/04/2026
Blocksy Companion Pro
<= 2.1.37
Remote Code Execution (RCE)
66.83
9.9
13/03/2026
GeekyBot
<= 1.2.2
Arbitrary File Upload
138
10
09/03/2026
Coupon Affiliates
<= 7.5.3
Cross Site Scripting (XSS)
32.66
7.1
07/03/2026
Notification for Telegram
<= 3.5
Cross Site Scripting (XSS)
14.2
7.1
11/02/2026
WPZOOM Addons for Elementor
<= 1.3.4
Cross Site Scripting (XSS)
16.33
7.1
11/02/2026
Redsys for WooCommerce Light
<= 7.0.0
Broken Access Control
15
7.5
14/02/2026
Social Slider Feed
<= 2.3.2
Cross Site Scripting (XSS)
16.33
7.1
06/02/2026
Shipment Tracker for Woocommerce
<= 1.5.3.2
Cross Site Scripting (XSS)
7.48
6.5
26/01/2026
Post Duplicator
<= 3.0.10
PHP Object Injection
66
8.8
28/01/2026
Booking Activities
<= 1.16.48.1
Broken Access Control
13
6.5
27/01/2026
Meta Box – WordPress Custom Fields Framework
<= 5.11.1
Arbitrary File Deletion
105.57
6.8
27/01/2026
JupiterX Core
<= 4.14.1
Cross Site Scripting (XSS)
19.5
6.5
18/01/2026
SpeakOut! Email Petitions
<= 4.6.5
SQL Injection
42.78
9.3
11/02/2026
Blocksy Companion Pro
< 2.1.29
SQL Injection
111.6
9.3
03/02/2026
GeekyBot
<= 1.2.0
SQL Injection
85.56
9.3
28/01/2026
WooCommerce Cart Abandonment Recovery
< 2.1.0
Privilege Escalation
62.1
7.2
26/01/2026
WP Maps
<= 4.9.1
SQL Injection
111.6
9.3
17/01/2026
Form Maker by 10Web
<= 1.15.38
SQL Injection
85.56
9.3
16/01/2026
Event Tickets Manager for WooCommerce
<= 1.5.3
Broken Access Control
17.25
7.5
31/01/2026
Ocean Extra
<= 2.5.3
Broken Access Control
37.26
5.4
27/01/2026
Woody ad snippets
<= 2.7.1
Remote Code Execution (RCE)
66.83
9.9
17/01/2026
WP REST Cache
<= 2026.1.0
Cross Site Scripting (XSS)
32.66
7.1
15/01/2026
User Verification
<= 2.0.45
Broken Authentication
36.57
5.3
19/01/2026
WP User Frontend
<= 4.2.8
Broken Access Control
34.5
7.5
09/01/2026
YML for Yandex Market
< 5.3.0
Arbitrary File Deletion
5.1
6.8
28/01/2026
OOPSpam Anti-Spam
<= 1.2.62
Cross Site Scripting (XSS)
32.66
7.1
11/02/2026
PublishPress Revisions
<= 3.7.23
SQL Injection
85.56
9.3
04/02/2026
Photo Engine
<= 6.4.9
Arbitrary File Upload
15.7
9.1
27/01/2026
ChatBot
<= 7.7.9
SQL Injection
37.2
9.3
20/01/2026
Abandoned Cart Recovery for WooCommerce
<= 1.1.10
Cross Site Scripting (XSS)
32.66
7.1
28/01/2026
Visual Portfolio, Photo Gallery & Post Grid
<= 3.5.1
Local File Inclusion
45
7.5
01/02/2026
SMTP Mailer
<= 1.1.24
Sensitive Data Exposure
45
7.5
02/02/2026
Restrict Content
<= 3.2.22
Broken Access Control
15
7.5
13/02/2026
Contextual Related Posts
< 4.2.2
Broken Access Control
73.14
5.3
01/02/2026
Booster for WooCommerce
< 7.11.3
Broken Access Control
21.2
5.3
15/01/2026
APIExperts Square for WooCommerce
<= 4.7.1
SQL Injection
12.75
8.5
27/01/2026
YayMail
<= 4.3.3
SQL Injection
13.11
7.6
13/02/2026
UpsellWP
<= 2.2.4
SQL Injection
3.8
7.6
12/02/2026
WOLF
<= 1.0.8.7
SQL Injection
17.48
7.6
10/02/2026
EventPrime
<= 4.2.6.0
Broken Access Control
34.5
7.5
11/12/2025
Product Feed PRO for WooCommerce
<= 13.5.2
Cross Site Request Forgery (CSRF)
44.85
6.5
03/02/2026
CP Contact Form with Paypal
<= 1.3.61
SQL Injection
12.75
8.5
31/01/2026
WP Time Slots Booking Form
<= 1.2.42
Broken Access Control
10.6
5.3
31/01/2026
Astra Bulk Edit
<= 1.2.10
Cross Site Scripting (XSS)
9.75
6.5
30/01/2026
WP EasyCart
<= 5.8.13
SQL Injection
12.75
8.5
28/01/2026
Meow Gallery
<= 5.4.4
SQL Injection
8.74
7.6
27/01/2026
Gift Up Gift Cards for WordPress and WooCommerce
<= 3.1.7
Server Side Request Forgery (SSRF)
10.8
5.4
26/01/2026
The Moneytizer
<= 10.0.10
Broken Access Control
10.6
5.3
23/01/2026
Toocheke Companion
<= 1.194
Cross Site Scripting (XSS)
4.88
6.5
22/01/2026
User Feedback
<= 1.10.1
SQL Injection
43.7
7.6
21/01/2026
Team
<= 5.0.13
Broken Access Control
12.19
5.3
21/01/2026
Ally
<= 4.0.2
Broken Access Control
146.28
5.3
20/01/2026
iZooto
<= 3.7.20
Broken Access Control
10.6
5.3
20/01/2026
Extra Fees Plugin for WooCommerce
<= 4.3.3
Cross Site Request Forgery (CSRF)
7.1
7.1
20/01/2026
Nelio AB Testing
<= 8.2.4
SQL Injection
17.48
7.6
20/01/2026
1
2
Report vulnerabilities to earn bounties and rewards!
Read more
Include pending
Back to top