daroo

1518

XP

112

Reports

25

Reports, last 90 days

#2

13 Dec, 2025

Lvl 4

Website

GitHub

Exploited

Affected software \| Vulnerability	AXP	Severity	Reported
Nelio Popups<= 1.3.0 Cross Site Scripting (XSS)	4.88	6.5	No date
Salon booking system<= 10.30.3 Cross Site Request Forgery (CSRF)	0.54	4.3	No date
My Tickets<= 2.1.0 Broken Access Control	2.42	4.3	No date
Custom Layouts – Post + Product grids made easy<= 1.4.12 Broken Access Control	3.23	4.3	No date
Thank You Page Customizer for WooCommerce<= 1.1.8 Broken Access Control	4.95	4.3	No date
WP AI CoPilot<= 1.2.7 Sensitive Data Exposure	3.23	4.3	No date
Masteriyo - LMS<= 2.0.3 Sensitive Data Exposure	14.95	6.5	Oct 31, 2025
FluentCommunity<= 2.0.0 Broken Access Control	4.95	4.3	No date
WP ERP<= 1.16.6 Sensitive Data Exposure	7.48	6.5	Oct 27, 2025
PropertyHive<= 2.1.12 Broken Access Control	17.25	7.5	Oct 25, 2025
PropertyHive<= 2.1.12 Broken Access Control	4.95	4.3	No date
SupportCandy<= 3.4.1 Cross Site Request Forgery (CSRF)	0.54	4.3	No date
ForumWP<= 2.1.4 Broken Access Control	3.23	4.3	No date
wpForo Forum<= 2.4.10 Broken Access Control	15	7.5	Oct 19, 2025
RestroPress<= 3.2.3.5 Broken Access Control	6.5	6.5	Oct 18, 2025
Contact Form Email<= 1.3.58 Broken Access Control	4.88	6.5	No date
Appointment Booking Calendar<= 1.3.95 Broken Access Control	5.4	5.4	No date
CoSchedule<= 3.4.0 Broken Access Control	18.29	5.3	No date
Survey Maker<= 5.1.9.4 Broken Access Control	4.88	6.5	No date
Seriously Simple Podcasting<= 3.13.0 Cross Site Request Forgery (CSRF)	2.47	4.3	No date
Seriously Simple Podcasting<= 3.13.0 Broken Access Control	48.76	5.3	No date
Seriously Simple Podcasting<= 3.13.0 Sensitive Data Exposure	48.76	5.3	No date
Restaurant Menu by MotoPress<= 2.4.7 Sensitive Data Exposure	6.5	6.5	Oct 10, 2025
Ultimate FAQ<= 2.4.3 Cross Site Request Forgery (CSRF)	1.08	4.3	No date
PowerPress Podcasting<= 11.13.12 Cross Site Request Forgery (CSRF)	1.85	4.3	No date
VikBooking Hotel Booking Engine & PMS<= 1.8.2 Sensitive Data Exposure	11.8	5.9	Oct 8, 2025
EventPrime<= 4.2.4.1 Sensitive Data Exposure	4.3	4.3	No date
EventPrime<= 4.2.4.1 Broken Access Control	8.6	4.3	No date
Feather Login Page<= 1.1.7 Cross Site Request Forgery (CSRF)	0.54	4.3	No date
WP Hotel Booking<= 2.2.7 Sensitive Data Exposure	8.6	4.3	No date
WP Hotel Booking<= 2.2.7 Cross Site Request Forgery (CSRF)	0.54	4.3	No date
WP Hotel Booking<= 2.2.7 Cross Site Scripting (XSS)	2.95	5.9	No date
VikBooking Hotel Booking Engine & PMS<= 1.8.2 Broken Access Control	10.6	5.3	No date

Report vulnerabilities to earn bounties and rewards!

Include pending