Muhammad Yudha - DJ

Say thanks

2253.15

XP

385

Reports

31

Reports, last 90 days

#12

28 Dec, 2025

Lvl 5

Website

GitHub

Exploited

Affected software \| Vulnerability	AXP	Severity	Reported
Custom Field Template<= 2.7.5 Cross Site Scripting (XSS)	9.75	6.5	No date
YouTube Embed<= 5.4 Cross Site Scripting (XSS)	4.88	6.5	No date
Real 3D FlipBook<= 4.11.4 Cross Site Scripting (XSS)	4.88	6.5	No date
Page Builder: Live Composer<= 2.0.5 Cross Site Scripting (XSS)	5.61	6.5	No date
Jobs for WordPress<= 2.7.17 Cross Site Scripting (XSS)	5.61	6.5	No date
Post Grid and Gutenberg Blocks<= 2.3.21 Cross Site Scripting (XSS)	11.21	6.5	No date
Themify Portfolio Post<= 1.3.0 Cross Site Scripting (XSS)	8.17	7.1	No date
ThirstyAffiliates<= 3.11.8 Cross Site Scripting (XSS)	9.75	6.5	No date
WP-ShowHide<= 1.05 Cross Site Scripting (XSS)	4.88	6.5	No date
WP Visitor Statistics (Real Time Traffic)<= 8.3 Cross Site Scripting (XSS)	9.75	6.5	No date
oik<= 4.15.3 Cross Site Scripting (XSS)	4.88	6.5	No date
Donation Thermometer<= 2.2.6 Cross Site Scripting (XSS)	4.88	6.5	No date
Accordion Slider<= 1.9.13 Cross Site Scripting (XSS)	4.88	6.5	No date
Wappointment<= 2.6.9 Cross Site Scripting (XSS)	4.88	6.5	No date
Stylish Cost Calculator<= 8.1.5 Cross Site Scripting (XSS)	4.88	6.5	No date
SKT Skill Bar<= 2.5 Cross Site Scripting (XSS)	4.88	6.5	No date
Stars Testimonials<= 3.3.4 Cross Site Scripting (XSS)	4.88	6.5	No date
Travelers' Map<= 2.3.2 Cross Site Scripting (XSS)	4.88	6.5	No date
Advanced FAQ Manager<= 1.5.2 Cross Site Scripting (XSS)	4.88	6.5	No date
Builderall Builder for WordPress<= 3.0.1 Cross Site Scripting (XSS)	4.88	6.5	No date
Simple Pull Quote<= 1.6.3 Cross Site Scripting (XSS)	4.88	6.5	No date
Posts By Tag<= 3.2.1 Cross Site Scripting (XSS)	4.88	6.5	No date
WPC Countdown Timer for WooCommerce<= 3.1.4 Cross Site Scripting (XSS)	5.61	6.5	No date
Attesa Extra<= 1.4.5 Cross Site Scripting (XSS)	4.88	6.5	No date
NextMove Lite<= 2.22.0 Cross Site Scripting (XSS)	5.61	6.5	No date
Booster for WooCommerce<= 7.3.2 Cross Site Scripting (XSS)	9.75	6.5	No date
WP Last Modified Info<= 1.9.2 Cross Site Scripting (XSS)	9.75	6.5	No date
DirectoryPress<= 3.6.25 Cross Site Scripting (XSS)	5.61	6.5	No date
MDTF<= 1.3.3.8 Cross Site Scripting (XSS)	8.41	6.5	No date
e2pdf<= 1.28.09 Cross Site Scripting (XSS)	8.41	6.5	No date
Tab Ultimate<= 1.8 Cross Site Scripting (XSS)	4.88	6.5	No date
WPCasa<= 1.4.1 Cross Site Scripting (XSS)	4.88	6.5	No date
Event post<= 5.10.3 Cross Site Scripting (XSS)	8.41	6.5	No date
Pie Calendar<= 1.2.9 Cross Site Scripting (XSS)	4.88	6.5	No date
Product Table For WooCommerce<= 1.2.4 PHP Object Injection	9.9	8.8	Jul 28, 2025
H5P<= 1.16.0 Cross Site Scripting (XSS)	9.75	6.5	No date
Activity Plus Reloaded for BuddyPress<= 1.1.2 Cross Site Scripting (XSS)	4.88	6.5	No date
Date counter<= 2.0.3 Cross Site Scripting (XSS)	4.88	6.5	No date
Next Page, Not Next Post<= 0.3.0 Cross Site Scripting (XSS)	4.88	6.5	No date
WP Mapbox GL JS Maps<= 3.0.1 Cross Site Scripting (XSS)	4.88	6.5	No date
Events Maker by dFactory<= 1.6.14 Cross Site Scripting (XSS)	4.88	6.5	No date
Blox Lite<= 1.2.8 Cross Site Scripting (XSS)	4.88	6.5	No date
Open Currency Converter<= 1.5.0 Cross Site Scripting (XSS)	4.88	6.5	No date
Post List Featured Image<= 0.5.9 Cross Site Scripting (XSS)	4.88	6.5	No date
Tooltipy<= 5.5.9 Cross Site Scripting (XSS)	4.88	6.5	No date
Opal Service<= 1.9.1 Cross Site Scripting (XSS)	4.88	6.5	No date
SiteGround Email Marketing<= 1.7.1 Cross Site Scripting (XSS)	4.88	6.5	No date
Rock Convert<= 3.0.1 Cross Site Scripting (XSS)	4.88	6.5	No date
Video Gallery by Huzzaz<= 10.5 Cross Site Scripting (XSS)	4.88	6.5	No date
Custom Post Type Attachment<= 3.4.6 Cross Site Scripting (XSS)	4.88	6.5	No date
Query Posts<= 0.3.2 Cross Site Scripting (XSS)	4.88	6.5	No date
User Avatar - Reloaded<= 1.2.2 Cross Site Scripting (XSS)	4.88	6.5	No date
WP Geo<= 3.5.1 Cross Site Scripting (XSS)	4.88	6.5	No date
WPC Smart Messages for WooCommerce<= 4.2.7 Cross Site Scripting (XSS)	5.61	6.5	No date
Popular Posts by Webline<= 1.1.1 Cross Site Scripting (XSS)	4.88	6.5	No date
Photospace Responsive<= 2.2.0 Cross Site Scripting (XSS)	2.95	5.9	No date
Links shortcode<= 1.8.3 Cross Site Scripting (XSS)	4.88	6.5	No date
bbp topic count<= 3.2 Cross Site Scripting (XSS)	3.66	6.5	Jul 1, 2025
Job Board Manager<= 2.1.61 Cross Site Scripting (XSS)	3.66	6.5	Jul 1, 2025
ZoloBlocks<= 2.3.11 Server Side Request Forgery (SSRF)	8.1	5.4	Jul 2, 2025
WP Ticket Customer Service Software & Support Ticket System<= 6.0.2 Cross Site Scripting (XSS)	3.66	6.5	Jul 16, 2025
HT Feed<= 1.3.0 Cross Site Scripting (XSS)	3.66	6.5	Aug 11, 2025
Testimonial Slider<= 3.5.8.6 Local File Inclusion	13.2	8.8	Aug 26, 2025
wp-mpdf<= 3.9.1 Cross Site Scripting (XSS)	4.88	6.5	Aug 29, 2025
Request a Quote<= 2.5.0 Cross Site Scripting (XSS)	4.88	6.5	Apr 28, 2025
WP Ticket Customer Service Software & Support Ticket System<= 6.0.0 Cross Site Scripting (XSS)	4.88	6.5	Apr 28, 2025
Employee Spotlight<= 5.1.0 Cross Site Scripting (XSS)	4.88	6.5	Apr 28, 2025
YouTube Showcase<= 3.5.0 Cross Site Scripting (XSS)	4.88	6.5	Apr 28, 2025
Event Rocket<= 3.3 Broken Access Control	2.42	4.3	Jul 4, 2025
DELUCKS SEO<= 2.7.0 Cross Site Scripting (XSS)	3.66	6.5	Jul 8, 2025
WP Frontend Admin<= 1.22.7 Cross Site Scripting (XSS)	3.66	6.5	Jul 8, 2025
Behance Portfolio Manager<= 1.7.5 Cross Site Scripting (XSS)	3.66	6.5	Jul 10, 2025
Category Featured Images Extended<= 1.52 Cross Site Scripting (XSS)	2.21	5.9	Jul 11, 2025
Zoho Billing<= 4.1 Cross Site Scripting (XSS)	3.66	6.5	Jul 21, 2025
Library Bookshelves<= 5.11 Cross Site Scripting (XSS)	3.66	6.5	Jul 21, 2025
WP Proposals<= 2.3 Cross Site Scripting (XSS)	3.66	6.5	Jul 21, 2025
WordPress Widgets Shortcode<= 1.0.3 Cross Site Scripting (XSS)	3.66	6.5	Jul 25, 2025
Buckets<= 0.3.9 Cross Site Scripting (XSS)	3.66	6.5	Jul 26, 2025
Theater for WordPress<= 0.18.8 Cross Site Scripting (XSS)	3.66	6.5	Jul 29, 2025
List Child Pages Shortcode<= 1.3.1 Cross Site Scripting (XSS)	3.66	6.5	Jul 29, 2025
ShortCode<= 0.8.1 Cross Site Scripting (XSS)	3.66	6.5	Jul 29, 2025
Genealogical Tree<= 2.2.6 Cross Site Scripting (XSS)	3.66	6.5	Jul 29, 2025
Master Slider<= 3.11.0 Cross Site Scripting (XSS)	14.63	6.5	Jul 29, 2025
Image Editor by Pixo<= 2.3.8 Cross Site Scripting (XSS)	3.66	6.5	Jul 31, 2025
SQL Chart Builder<= 2.3.7.2 Cross Site Scripting (XSS)	3.66	6.5	Jul 31, 2025
JS Job Manager<= 2.0.2 Cross Site Scripting (XSS)	3.66	6.5	Jul 31, 2025
Portfolio <= 2.58 Cross Site Scripting (XSS)	2.21	5.9	Aug 4, 2025
Pinterest Pinboard Widget<= 1.0.7 Cross Site Scripting (XSS)	3.66	6.5	Aug 5, 2025
Real Estate Manager<= 7.3 Cross Site Scripting (XSS)	3.66	6.5	Aug 6, 2025
StylePress for Elementor<= 1.2.1 Cross Site Scripting (XSS)	3.66	6.5	Aug 6, 2025
BuddyPress Notification Widget<= 1.3.3 Cross Site Scripting (XSS)	3.66	6.5	Aug 8, 2025
Gianism<= 5.3.0 Cross Site Scripting (XSS)	2.21	5.9	Aug 9, 2025
PlayerJS<= 2.24 Cross Site Scripting (XSS)	3.66	6.5	Aug 12, 2025
Carousel Ultimate<= 1.8 Cross Site Scripting (XSS)	3.66	6.5	Aug 12, 2025
xili-language<= 2.21.3 Cross Site Scripting (XSS)	3.66	6.5	Aug 12, 2025
Category Featured Images<= 1.1.8 Cross Site Scripting (XSS)	2.21	5.9	Aug 12, 2025
Kama Click Counter<= 4.0.4 Cross Site Scripting (XSS)	4.88	6.5	Aug 19, 2025
Last Updated Shortcode<= 1.0.1 Cross Site Scripting (XSS)	4.88	6.5	Aug 19, 2025
Logo Showcase<= 4.0.1 Cross Site Scripting (XSS)	4.88	6.5	Aug 19, 2025
Publitio<= 2.2.1 Server Side Request Forgery (SSRF)	3.6	6.4	Jul 16, 2025

Report vulnerabilities to earn bounties and rewards!

Include pending