Muhammad Daffa

Say thanks

633.89

XP

97

Reports

0

Reports, last 90 days

#9

17 Nov, 2025

Lvl 3

Website

GitHub

Exploited

Affected software \| Vulnerability	AXP	Severity	Reported
Pinpoint Booking System<= 2.9.9.5.7 Broken Access Control	6.3	6.3	Aug 1, 2024
Pinpoint Booking System<= 2.9.9.5.7 Cross Site Request Forgery (CSRF)	10.8	5.4	Aug 1, 2024
Edwiser Bridge<= 3.0.7 Server Side Request Forgery (SSRF)	4.9	4.9	Aug 2, 2024
Edwiser Bridge<= 3.0.7 Cross Site Scripting (XSS)	6.5	6.5	Aug 2, 2024
WordPress Portfolio Builder – Portfolio Gallery<= 1.1.7 Cross Site Scripting (XSS)	4.88	6.5	Aug 4, 2024
Like Button Rating<= 2.6.53 Cross Site Request Forgery (CSRF)	3.55	7.1	Aug 6, 2024
EasyJobs<= 2.4.14 Cross Site Request Forgery (CSRF)	3.55	7.1	Aug 6, 2024
Podlove Podcast Publisher<= 4.1.13 Cross Site Request Forgery (CSRF)	4.8	9.6	Aug 5, 2024
Podlove Podcast Publisher<= 4.1.13 Cross Site Scripting (XSS)	4.88	6.5	Aug 5, 2024
GetPaid<= 2.8.11 Broken Access Control	3.23	4.3	Aug 6, 2024
WPMobile.App<= 11.48 Cross Site Request Forgery (CSRF)	8.6	7.1	Aug 4, 2024
Print Barcode Labels for your WooCommerce products/orders<= 3.4.9 Broken Access Control	6.5	6.5	Aug 2, 2024
WP Telegram Widget and Join Link<= 2.1.27 Cross Site Scripting (XSS)	4.88	6.5	Aug 4, 2024
Event Management Tickets Booking<= 1.4.3 Sensitive Data Exposure	10.6	5.3	Oct 27, 2023
Contact Form Widget<= 1.3.9 Sensitive Data Exposure	10.6	5.3	Oct 27, 2023
Realtyna Organic IDX plugin<= 4.14.4 Cross Site Scripting (XSS)	14.2	7.1	Oct 25, 2023
Forms to Zapier, Integromat, IFTTT, Workato, Automate.io, elastic.io, Built.io, APIAN<= 1.1.12 SQL Injection	N/A	7.6	Oct 26, 2023
CBX Bookmark & Favorite<= 1.7.20 SQL Injection	N/A	7.6	Oct 25, 2023
User Activity Log<= 1.9 SQL Injection	N/A	7.6	Oct 19, 2023
Edwiser Bridge<= 3.0.2 SQL Injection	N/A	7.6	Oct 25, 2023
10Web Map Builder for Google Maps<= 1.0.74 SQL Injection	N/A	7.6	Oct 24, 2023
Paid Memberships Pro – Mailchimp Add On<= 2.3.4 Sensitive Data Exposure	10.6	5.3	Nov 9, 2023
WordPress Announcement & Notification Banner Plugin – Bulletin<= 3.8.5 SQL Injection	N/A	7.6	Oct 25, 2023
Albo Pretorio Online<= 4.6.6 Sensitive Data Exposure	10.6	5.3	Oct 27, 2023
Recipe Maker For Your Food Blog from Zip Recipes<= 8.1.0 SQL Injection	8.55	7.6	Oct 25, 2023
Product Feed Manager<= 7.3.15 Directory Traversal	N/A	5.5	Oct 23, 2023
Events Shortcodes & Templates For The Events Calendar<= 2.3.1 SQL Injection	8.55	7.6	Oct 20, 2023
WS Form LITE<= 1.9.170 SQL Injection	N/A	7.6	Oct 25, 2023
GEO my WordPress<= 4.0.2 SQL Injection	N/A	7.6	Oct 25, 2023
Most And Least Read Posts Widget<= 2.5.16 SQL Injection	9.56	8.5	Oct 25, 2023
WP Adminify<= 3.1.6 SQL Injection	N/A	7.6	Oct 25, 2023
Page Generator<= 1.7.1 SQL Injection	N/A	7.6	Oct 25, 2023
eCommerce Product Catalog<= 3.3.26 Sensitive Data Exposure	10.6	5.3	Nov 9, 2023
Product Catalog Simple<= 1.7.6 Sensitive Data Exposure	10.6	5.3	Nov 9, 2023
FunnelKit Automations<= 2.6.1 SQL Injection	N/A	7.6	Oct 19, 2023
Funnel Builder by FunnelKit<= 2.14.3 SQL Injection	N/A	7.6	Oct 23, 2023
Pre* Party Resource Hints<= 1.8.19 SQL Injection	N/A	7.6	Oct 26, 2023
Squirrly SEO - Advanced Pack< 2.4.02 SQL Injection	N/A	7.6	Nov 6, 2023
Advanced Form Integration<= 1.75.0 SQL Injection	N/A	7.6	Oct 23, 2023
BookIt<= 2.4.3 SQL Injection	N/A	7.6	Oct 18, 2023
Simply Schedule Appointments< 1.6.6.1 SQL Injection	N/A	7.6	Oct 18, 2023
e2pdf<= 1.20.23 SQL Injection	N/A	7.6	Oct 18, 2023
404 Solution<= 2.34.0 SQL Injection	N/A	7.6	Oct 18, 2023
Welcart e-Commerce<= 2.9.3 SQL Injection	5.7	7.6	Oct 17, 2023
RegistrationMagic<= 5.2.4.5 SQL Injection	N/A	7.6	Oct 18, 2023
GeoDirectory<= 2.3.28 SQL Injection	N/A	7.6	Oct 17, 2023
WP Mail Catcher<= 2.1.3 SQL Injection	N/A	7.6	Oct 17, 2023
Cookie Bar<= 2.0 Cross Site Scripting (XSS)	N/A	5.9	Oct 17, 2023
Link Whisper Free<= 0.6.5 SQL Injection	19.13	8.5	Oct 19, 2023
Quick Call Button<= 1.2.9 Cross Site Scripting (XSS)	N/A	5.9	Oct 17, 2023
iPages Flipbook<= 1.4.8 SQL Injection	N/A	7.6	Oct 25, 2023
ImageLinks Interactive Image Builder<= 1.5.4 SQL Injection	N/A	7.6	Oct 25, 2023
Store Exporter<= 2.7.2 Cross Site Scripting (XSS)	14.2	7.1	Oct 23, 2023
GD Security Headers<= 1.7 SQL Injection	N/A	7.6	Oct 25, 2023
ICS Calendar<= 10.12.0.3 Arbitrary File Download	9.23	8.2	Oct 18, 2023
Table of Contents Plus<= 2302 Cross Site Request Forgery (CSRF)	13.5	5.4	Aug 27, 2023
Meks Video Importer<= 1.0.10 Cross Site Request Forgery (CSRF)	2.15	4.3	Feb 20, 2023
Meks Time Ago<= 1.1.6 Cross Site Request Forgery (CSRF)	2.15	4.3	Feb 20, 2023
Meks ThemeForest Smart Widget<= 1.4 Cross Site Request Forgery (CSRF)	2.15	4.3	Feb 20, 2023
Meks Smart Author Widget<= 1.1.3 Cross Site Request Forgery (CSRF)	4.3	4.3	Feb 20, 2023
Meks Audio Player<= 1.2 Cross Site Request Forgery (CSRF)	2.15	4.3	Feb 20, 2023
Meks Easy Maps<= 2.1.3 Cross Site Request Forgery (CSRF)	2.15	4.3	Feb 20, 2023
Meks Easy Photo Feed Widget<= 1.2.7 Cross Site Request Forgery (CSRF)	4.3	4.3	Feb 20, 2023
Meks Simple Flickr Widget<= 1.2 Cross Site Request Forgery (CSRF)	4.3	4.3	Feb 19, 2023
Meks Easy Ads Widget<= 2.0.7 Cross Site Request Forgery (CSRF)	2.15	4.3	Feb 20, 2023
Royal Elementor Addons<= 1.3.75 Cross Site Request Forgery (CSRF)	17.2	4.3	Dec 9, 2022
Meks Smart Social Widget<= 1.6 Cross Site Request Forgery (CSRF)	4.3	4.3	Feb 19, 2023
ShopLentor<= 2.6.2 Cross Site Request Forgery (CSRF)	12.9	4.3	Dec 9, 2022
Visibility Logic for Elementor<= 2.3.4 Cross Site Request Forgery (CSRF)	8.6	4.3	Dec 9, 2022
Enhanced Text Widget<= 1.5.8 Broken Access Control	12.9	4.3	Jan 10, 2023
Product Gallery Slider for WooCommerce<= 2.2.8 Cross Site Request Forgery (CSRF)	4.3	4.3	Nov 11, 2022
Custom Twitter Feeds (Tweets Widget)<= 1.8.4 Cross Site Request Forgery (CSRF)	N/A	5.4	No date
Performance Lab<= 2.2.0 Cross Site Request Forgery (CSRF)	8.6	4.3	Dec 10, 2022
Simple Share Buttons Adder<= 8.5.2 Cross Site Request Forgery (CSRF)	12.9	4.3	Dec 10, 2022
Ninja Tables<= 4.3.4 Cross Site Scripting (XSS)	N/A	5.9	Dec 12, 2022
Ninja Tables<= 4.3.4 Cross Site Request Forgery (CSRF)	12.9	4.3	Dec 12, 2022
ShopEngine<= 4.1.1 Cross Site Request Forgery (CSRF)	5.4	5.4	Nov 11, 2022
YellowPencil Visual CSS Style Editor<= 7.5.8 Cross Site Scripting (XSS)	N/A	4	No date
Themify Portfolio Post<= 1.2.4 Cross Site Scripting (XSS)	6.5	4.1	Jan 28, 2022
Custom Order Numbers for WooCommerce<= 1.4.0 Cross Site Request Forgery (CSRF)	4.3	4.3	Nov 11, 2022
Shortlinks by Pretty Links<= 3.4.0 Cross Site Request Forgery (CSRF)	21.5	4.3	Dec 10, 2022
Health Check & Troubleshooting<= 1.5.1 Cross Site Request Forgery (CSRF)	21	4.3	Dec 14, 2022
Happy Addons for Elementor<= 3.8.2 Cross Site Request Forgery (CSRF)	21.5	4.3	Dec 13, 2022
Popup Anything<= 2.2.1 Cross Site Request Forgery (CSRF)	N/A	4.3	Apr 14, 2022
Product Feed PRO for WooCommerce<= 12.4.4 Cross Site Request Forgery (CSRF)	21.6	5.4	Sep 30, 2022
WordPress Ping Optimizer<= 2.35.1.2.3 Cross Site Request Forgery (CSRF)	N/A	5.4	No date
WooCommerce Weight Based Shipping<= 5.4.1 Cross Site Request Forgery (CSRF)	12.9	4.3	Oct 3, 2022
Print Invoice & Delivery Notes for WooCommerce<= 4.7.2 Cross Site Request Forgery (CSRF)	13	6.5	Sep 30, 2022
When Last Login<= 1.2.1 Cross Site Request Forgery (CSRF)	4.3	4.3	Feb 19, 2023
WP Meteor Page Speed Optimization Topping<= 3.1.4 Cross Site Request Forgery (CSRF)	4.3	4.3	Feb 19, 2023
The Post Grid<= 5.0.4 Cross Site Request Forgery (CSRF)	8.6	4.3	Dec 9, 2022
Starter Templates<= 3.1.20 Cross Site Request Forgery (CSRF)	30.1	4.3	Dec 9, 2022
WP Table Builder<= 1.4.6 Cross Site Scripting (XSS)	N/A	5.9	Dec 11, 2022
TeraWallet – For WooCommerce<= 1.3.24 Cross Site Request Forgery (CSRF)	N/A	5.4	No date
Void Contact Form 7 Widget For Elementor Page Builder<= 2.1.1 Cross Site Request Forgery (CSRF)	8.6	4.3	Dec 9, 2022
Responsive Pricing Table<= 5.1.6 Cross Site Scripting (XSS)	6.5	6.5	Dec 11, 2022
A2 Optimized WP<= 3.0.4 Cross Site Request Forgery (CSRF)	12.9	4.3	Jan 10, 2023
CURCY<= 2.1.25 Broken Access Control	6.5	6.5	Sep 30, 2022
ShopLentor<= 2.5.1 Cross Site Request Forgery (CSRF)	16.2	5.4	Oct 3, 2022
Conversios.io<= 5.2.3 Cross Site Request Forgery (CSRF)	16.2	5.4	Oct 3, 2022

Report vulnerabilities to earn bounties and rewards!

Include pending