Trương Hữu Phúc (truonghuuphuc)

4,510.64

XP

335

Reports

6

Reports, last 90 days

#8

28 Apr, 2026

🇻🇳

Lvl 7

Website

GitHub

Exploited

Affected software \| Vulnerability	AXP	Severity	Reported
Metro Magazine<= 1.4.1 Broken Access Control	13	6.5	12/01/2026
Link Library<= 7.8.8 Arbitrary File Deletion	17.33	7.7	11/03/2026
Contest Gallery<= 28.1.6 SQL Injection	85.56	9.3	09/03/2026
RepairBuddy<= 4.1132 Broken Access Control	14.95	6.5	17/02/2026
AI Engine (Pro)< 3.4.2 Broken Access Control	6.45	4.3	26/02/2026
CartFlows<= 2.2.3 Broken Access Control	37.09	4.3	25/02/2026
SureCart<= 4.0.2 Broken Access Control	33.64	6.5	24/02/2026
Bus Ticket Booking with Seat Reservation< 5.6.5 Sensitive Data Exposure	19.78	4.3	20/02/2026
Miraculous< 2.1.2 Broken Access Control	11.25	7.5	22/01/2026
Miraculous Core Plugin< 2.1.2 SQL Injection	12.75	8.5	22/01/2026
User Feedback<= 1.10.1 Broken Access Control	24.73	4.3	09/02/2026
PageLayer<= 2.0.8 Sensitive Data Exposure	19.35	4.3	10/02/2026
Youtube Embed Plus<= 14.2.4 Broken Access Control	17.2	4.3	04/02/2026
uListing<= 2.2.0 Arbitrary File Download	16.91	4.9	10/09/2025
RepairBuddy<= 4.1132 Sensitive Data Exposure	24.38	5.3	27/01/2026
Advanced Woo Labels<= 2.36 Remote Code Execution (RCE)	N/A	7.2	26/01/2026
Ads Pro<= 5.0 Broken Access Control	5.4	5.4	21/01/2026
Ridhi<= 1.1.2 Broken Access Control	5.3	5.3	19/01/2026
Digital Download<= 1.1.4 Broken Access Control	7.95	5.3	19/01/2026
App Landing Page<= 1.2.2 Broken Access Control	5.3	5.3	19/01/2026
Numinous<= 1.3.0 Broken Access Control	7.95	5.3	19/01/2026
Rara Academic<= 1.2.2 Broken Access Control	7.95	5.3	19/01/2026
Book Landing Page<= 1.2.7 Broken Access Control	7.95	5.3	19/01/2026
Pranayama Yoga<= 1.2.2 Broken Access Control	5.3	5.3	19/01/2026
Spa and Salon<= 1.3.2 Broken Access Control	7.95	5.3	19/01/2026
Kalon<= 1.2.9 Broken Access Control	5.3	5.3	19/01/2026
Travel Diaries<= 1.2.4 Broken Access Control	5.3	5.3	19/01/2026
The Minimal<= 1.2.9 Broken Access Control	7.95	5.3	19/01/2026
Elegant Pink<= 1.3.3 Broken Access Control	7.95	5.3	19/01/2026
Influencer<= 1.1.7 Broken Access Control	5.3	5.3	19/01/2026
Download Alt Text AI<= 1.10.15 Broken Access Control	10.6	5.3	15/01/2026
Ashe<= 2.267 Broken Access Control	8.6	4.3	13/01/2026
Education Base<= 3.0.8 Broken Access Control	10.6	5.3	12/01/2026
SpicePress<= 2.3.2.5 Cross Site Request Forgery (CSRF)	8.8	8.8	12/01/2026
Appointment<= 3.5.5 Cross Site Request Forgery (CSRF)	9.6	9.6	12/01/2026
Busiprof<= 2.5.2 Cross Site Request Forgery (CSRF)	9.6	9.6	12/01/2026
Restaurant and Cafe<= 1.2.5 Broken Access Control	10.6	5.3	12/01/2026
Travel Agency<= 1.5.5 Broken Access Control	10.6	5.3	12/01/2026
Perfect Portfolio<= 1.2.4 Broken Access Control	10.6	5.3	12/01/2026
Corpiva<= 1.0.96 Cross Site Request Forgery (CSRF)	4.3	4.3	12/01/2026
NewsExo<= 7.1 Cross Site Request Forgery (CSRF)	4.3	4.3	12/01/2026
Bluestreet<= 1.7.3 Cross Site Request Forgery (CSRF)	9.6	9.6	12/01/2026
Benevolent<= 1.3.9 Broken Access Control	10.6	5.3	10/01/2026
Lawyer Landing Page<= 1.2.7 Broken Access Control	10.6	5.3	10/01/2026
Business One Page<= 1.3.2 Broken Access Control	10.6	5.3	10/01/2026
Bakes And Cakes<= 1.2.9 Broken Access Control	10.6	5.3	10/01/2026
Timeline Event History<= 3.2 Cross Site Scripting (XSS)	14.2	7.1	25/11/2025
Construction Landing Page<= 1.4.1 Broken Access Control	10.6	5.3	10/01/2026
Preschool and Kindergarten<= 1.2.5 Broken Access Control	10.6	5.3	10/01/2026
Rara Business<= 1.3.0 Broken Access Control	10.6	5.3	10/01/2026
Travel Booking<= 1.3.9 Broken Access Control	10.6	5.3	10/01/2026
The Conference<= 1.2.5 Broken Access Control	10.6	5.3	10/01/2026
JobScout<= 1.1.7 Broken Access Control	10.6	5.3	10/01/2026
Lemmony< 1.7.1 Cross Site Request Forgery (CSRF)	5.4	5.4	09/01/2026
Coachify<= 1.1.5 Cross Site Request Forgery (CSRF)	5.4	5.4	09/01/2026
Coachify<= 1.1.5 Broken Access Control	10.6	5.3	09/01/2026
Shopwell<= 1.0.11 Broken Access Control	10.6	5.3	08/01/2026
ThirstyAffiliates<= 3.11.9 Cross Site Request Forgery (CSRF)	10.8	5.4	03/01/2026
Bit Form<= 2.21.10 SQL Injection	N/A	7.6	29/12/2025
Popularis Extra<= 1.2.10 Cross Site Request Forgery (CSRF)	5.4	5.4	29/12/2025
Webpushr<= 4.38.0 Sensitive Data Exposure	10.6	5.3	26/12/2025
GeoDirectory<= 2.8.149 Cross Site Request Forgery (CSRF)	4.3	4.3	24/12/2025
Heateor Social Login<= 1.1.39 Cross Site Request Forgery (CSRF)	0.68	5.4	26/11/2025
CWW Companion<= 1.3.2 Cross Site Request Forgery (CSRF)	0.54	4.3	24/11/2025
Client Invoicing by Sprout Invoices<= 20.8.7 Broken Access Control	7.42	4.3	10/10/2025
Simple Content Templates for Blog Posts & Pages<= 2.2.61 Cross Site Request Forgery (CSRF)	0.54	4.3	16/09/2025
PGS Core<= 5.9.0 SQL Injection	12.75	8.5	03/07/2025
Vehica Core<= 1.0.100 Cross Site Request Forgery (CSRF)	2.15	4.3	02/07/2025
Javo Core<= 3.0.0.266 Cross Site Request Forgery (CSRF)	13.2	8.8	03/07/2025
Di Themes Demo Site Importer<= 1.2 Cross Site Request Forgery (CSRF)	2.15	4.3	16/09/2025
WP Compress<= 6.50.54 Broken Access Control	10.6	5.3	08/07/2025
Blog Designer<= 3.1.8 Broken Access Control	5.4	5.4	25/07/2025
Blog Designer PRO<= 3.4.8 Broken Access Control	31.8	5.3	30/07/2025
Simplified<= 1.0.11 Server Side Request Forgery (SSRF)	N/A	5.5	10/03/2025
MapSVG< 8.7.4 SQL Injection	37.2	9.3	23/04/2025
Cost Calculator<= 7.4 Cross Site Scripting (XSS)	6.5	6.5	09/07/2025
Javo Core<= 3.0.0.266 Arbitrary Code Execution	39	6.5	04/07/2025
Support Board< 3.8.7 Cross Site Scripting (XSS)	42.6	7.1	01/07/2025
ProfileGrid <= 5.9.5.3 SQL Injection	17	8.5	13/06/2025
Post and Page Builder by BoldGrid<= 1.27.8 Path Traversal	10.87	4.2	29/05/2025
Cost Calculator<= 7.4 Broken Access Control	4.3	4.3	09/07/2025
GymBase Theme Classes<= 1.4 SQL Injection	12.75	8.5	09/07/2025
ProfileGrid <= 5.9.5.2 SQL Injection	17	8.5	28/05/2025
WP Compress<= 6.30.30 Broken Authentication	15.9	5.3	21/04/2025
Alone<= 7.8.2 Arbitrary Code Execution	43.2	7.2	04/06/2025
Cyrlitera<= 1.3.0 Cross Site Request Forgery (CSRF)	4.3	4.3	22/05/2025
Burst Statistics<= 2.0.6 Cross Site Request Forgery (CSRF)	10.75	4.3	21/05/2025
WP Visitor Statistics (Real Time Traffic)<= 8.4 Broken Access Control	21.2	5.3	21/05/2025
Giveaways and Contests by RafflePress<= 1.12.18 Broken Access Control	21.2	5.3	24/04/2025
ProfileGrid <= 5.9.5.2 Full Path Disclosure (FPD)	4.3	4.3	28/05/2025
Post and Page Builder by BoldGrid<= 1.27.8 Server Side Request Forgery (SSRF)	16.56	6.4	29/05/2025
Post and Page Builder by BoldGrid<= 1.27.8 Cross Site Request Forgery (CSRF)	7.42	4.3	29/05/2025
ProfileGrid <= 5.9.5.2 Server Side Request Forgery (SSRF)	4.9	4.9	28/05/2025
Profile Builder<= 3.13.8 Content Spoofing	25.8	4.3	28/05/2025
Calculated Fields Form<= 5.3.58 Cross Site Request Forgery (CSRF)	6.45	4.3	27/05/2025
Backup and Staging by WP Time Capsule<= 1.22.23 Cross Site Scripting (XSS)	14.2	7.1	05/04/2025
WooBeWoo Product Filter Pro< 2.9.6 SQL Injection	37.2	9.3	23/12/2024
WP Guppy<= 4.3.3 SQL Injection	17	8.5	12/03/2025
WBW Product Table PRO<= 2.2.6 SQL Injection	37.2	9.3	20/03/2025
WhatsCart - Whatsapp Abandoned Cart Recovery, Order Notifications, Chat Box, OTP for <= 1.1.0 SQL Injection	37.2	9.3	19/12/2024

Report vulnerabilities to earn bounties and rewards!

Include pending