Pricing
Case studies
Login
Start trial
daroo
12,432.57
XP
258
Reports
13
Reports, last 90 days
#1
28 Jun, 2026
🇮🇩
Lvl 10
3
0
0
6
Website
X
GitHub
Sort by
Priority
Severity
Exploited
Search
Clear
Affected software | Vulnerability
CVE
AXP
Severity
Reported
H5P
<= 1.17.7
Arbitrary File Deletion
73.49
7.1
10/05/2026
Blocksy Companion Pro
<= 2.1.45
Remote Code Execution (RCE)
143.44
8.5
28/04/2026
WoodMart
<= 8.5.3
Cross Site Scripting (XSS)
130.64
7.1
12/06/2026
Quform
<= 2.23.0
Arbitrary File Upload
59.4
9.9
18/06/2026
RealHomes
<= 4.5.3
PHP Object Injection
10.12
8.8
16/06/2026
JS Help Desk
<= 3.1.1
Arbitrary File Deletion
53.13
7.7
14/06/2026
Post Snippets
<= 4.0.19
Remote Code Execution (RCE)
19.13
8.5
27/04/2026
ListingPro
<= 2.9.11
Cross Site Scripting (XSS)
13
6.5
21/04/2026
Customer Reviews for WooCommerce
<= 5.110.1
Cross Site Scripting (XSS)
42.6
7.1
03/05/2026
Forminator
<= 1.53.1
Cross Site Scripting (XSS)
195.96
7.1
06/05/2026
WP Activity Log
<= 5.6.3.1
Cross Site Scripting (XSS)
81.65
7.1
25/05/2026
Fusion Builder
<= 3.15.4
Privilege Escalation
318.78
8.8
13/05/2026
Media LIbrary Assistant
<= 3.35
SQL Injection
87.98
8.5
04/05/2026
WP Photo Album Plus
<= 9.1.13.005
SQL Injection
30
7.5
07/05/2026
Widget Options
<= 4.2.3
Remote Code Execution (RCE)
102.47
9.9
27/04/2026
JetBooking
<= 4.0.4.1
SQL Injection
93
9.3
24/04/2026
WP Travel Gutenberg Blocks
<= 3.9.4
SQL Injection
37.2
9.3
28/02/2026
WP Activity Log
<= 5.6.3.1
PHP Object Injection
225.4
9.8
21/05/2026
Fusion Builder
<= 3.15.4
Arbitrary File Deletion
N/A
7.7
10/06/2026
JetFormBuilder
<= 3.6.0.1
Cross Site Scripting (XSS)
106.5
7.1
20/05/2026
Attendance Manager
<= 0.6.2
SQL Injection
11.4
7.6
08/01/2026
Avada
<= 3.15.3
PHP Object Injection
106.26
8.8
13/05/2026
Fusion Builder
<= 3.15.4
PHP Object Injection
N/A
9.8
10/06/2026
JetEngine
<= 3.8.9.1
Cross Site Scripting (XSS)
177.5
7.1
19/05/2026
JetEngine
<= 3.8.9.1
PHP Object Injection
91.88
9.8
19/05/2026
JetEngine
<= 3.8.9.1
SQL Injection
465
9.3
19/05/2026
Masteriyo - LMS
<= 2.2.0
Privilege Escalation
N/A
8.8
12/05/2026
wpForo Forum
<= 3.1.0
PHP Object Injection
19.6
9.8
11/05/2026
WP Travel Engine
<= 6.7.12
PHP Object Injection
39.2
9.8
15/01/2026
Unlimited Elements For Elementor (Free Widgets, Addons, Templates)
<= 2.0.8
SQL Injection
146.63
8.5
05/05/2026
OttoKit
<= 1.1.27
PHP Object Injection
180.32
9.8
12/05/2026
Photo Gallery by 10Web
<= 1.8.41
SQL Injection
65.55
7.6
06/05/2026
AutomatorWP
<= 5.7.2
Cross Site Scripting (XSS)
14.2
7.1
03/05/2026
Gravity Forms
<= 2.10.0.1
Arbitrary File Deletion
288
9.6
29/04/2026
AIWU
<= 1.4.17
Privilege Escalation
44.1
9.8
08/01/2026
WP Statistics
<= 14.16.6
Cross Site Scripting (XSS)
195.96
7.1
16/04/2026
RSVP and Event Management
<= 2.7.16
Broken Access Control
24.38
5.3
11/11/2025
Organization chart
<= 1.7.5
Cross Site Request Forgery (CSRF)
4.3
4.3
16/12/2025
HT Contact Form 7
<= 2.8.2
Cross Site Scripting (XSS)
14.2
7.1
20/04/2026
WP Activity Log
<= 5.6.3
Cross Site Scripting (XSS)
74.75
6.5
30/04/2026
Contest Gallery Pro
<= 29.0.1
Privilege Escalation
58.8
9.8
17/04/2026
WP Directory Kit
<= 1.5.1
SQL Injection
42.78
9.3
14/04/2026
JetEngine
<= 3.8.8.1
SQL Injection
372
9.3
23/04/2026
JoomSport
<= 5.7.7
SQL Injection
37.2
9.3
23/02/2026
Order Delivery Date for WooCommerce
<= 4.5.1
SQL Injection
37.2
9.3
14/01/2026
Funnel Builder by FunnelKit
<= 3.15.0.1
SQL Injection
74.4
9.3
22/04/2026
WPGraphQL
< 2.11.1
SQL Injection
69
7.5
27/02/2026
Advanced Product Fields (Product Addons) for WooCommerce
<= 1.6.19
PHP Object Injection
10.8
7.2
26/02/2026
YayMail
<= 4.3.3
PHP Object Injection
12.42
7.2
26/02/2026
Responsive Slider by MetaSlider
<= 3.106.0
PHP Object Injection
43.2
7.2
25/02/2026
WooCommerce PDF Invoices & Packing Slips
< 5.9.0
PHP Object Injection
18
7.2
25/02/2026
ShortPixel Image Optimizer
<= 6.4.3
PHP Object Injection
82.8
7.2
25/02/2026
Anti-Malware Security and Brute-Force Firewall
<= 4.23.87
PHP Object Injection
121.44
8.8
25/02/2026
Modula Image Gallery
<= 2.14.18
PHP Object Injection
66.24
7.2
25/02/2026
Download Monitor
<= 5.1.9
Arbitrary File Download
45.54
4.4
23/02/2026
Events Calendar for GeoDirectory
<= 2.3.25
PHP Object Injection
13.2
8.8
11/01/2026
Groundhogg
<= 4.4
Arbitrary File Deletion
53.13
7.7
06/01/2026
Product Filter by WBW
<= 3.1.2
SQL Injection
256.68
9.3
19/02/2026
CTX Feed
<= 6.6.26
PHP Object Injection
10.8
7.2
26/02/2026
WooCommerce Product Table Lite
<= 4.6.3
Cross Site Scripting (XSS)
16.33
7.1
22/02/2026
Xpro Elementor Addons
<= 1.5.1
SQL Injection
25.5
8.5
28/02/2026
BEAR
<= 1.1.7.1
SQL Injection
17.48
7.6
28/02/2026
Broken Link Checker
<= 2.4.7
SQL Injection
104.88
7.6
24/02/2026
Simply Schedule Appointments
<= 1.6.9.27
SQL Injection
38.25
8.5
24/02/2026
Amelia
<= 2.1.1
SQL Injection
104.88
7.6
23/02/2026
Download Monitor
<= 5.1.8
SQL Injection
87.98
8.5
23/02/2026
Helpdesk Support Ticket System for WooCommerce
<= 2.1.2
Broken Access Control
34.5
7.5
05/01/2026
Element Pack Elementor Addons
<= 8.4.2
SQL Injection
69.92
7.6
21/02/2026
ProfileGrid
<= 5.9.8.1
Cross Site Scripting (XSS)
7.48
6.5
29/12/2025
JetFormBuilder
<= 3.5.6.1
Remote Code Execution (RCE)
167.06
9.9
27/01/2026
weForms
<= 1.6.26
PHP Object Injection
35.2
8.8
05/01/2026
Contact Form & Lead Form Elementor Builder
<= 2.0.1
Cross Site Scripting (XSS)
14.2
7.1
30/01/2026
Nelio AB Testing
<= 8.2.7
Remote Code Execution (RCE)
31.4
9.1
04/02/2026
Contest Gallery
<= 28.1.2.2
Broken Authentication
135.24
9.8
13/01/2026
Beaver Builder
<= 2.10.1.2
SQL Injection
51
8.5
21/02/2026
LatePoint
<= 5.2.6
Insecure Direct Object References (IDOR)
26
6.5
30/01/2026
RewardsWP
<= 1.0.4
Privilege Escalation
29.4
9.8
23/01/2026
JS Archive List
<= 6.1.7
PHP Object Injection
13.2
8.8
21/01/2026
Creator LMS
<= 1.1.18
Privilege Escalation
45.54
8.8
29/01/2026
Dokan
<= 4.2.4
Broken Authentication
52.8
8.8
14/12/2025
Tutor LMS
<= 3.9.4
Insecure Direct Object References (IDOR)
26
6.5
14/12/2025
Xagio SEO
<= 7.1.0.30
Privilege Escalation
58.8
9.8
13/12/2025
WPCafe
<= 3.0.7
Broken Access Control
20.93
9.1
11/12/2025
WP User Frontend
<= 4.2.5
Broken Access Control
14.95
6.5
10/12/2025
Bus Ticket Booking with Seat Reservation
<= 5.7.2
PHP Object Injection
90.16
9.8
07/12/2025
Amelia
<= 1.2.38
Privilege Escalation
149.04
7.2
06/12/2025
Chaty
<= 3.5.1
Sensitive Data Exposure
90
7.5
23/11/2025
Tablesome
<= 1.2.3
SQL Injection
19.55
8.5
22/11/2025
Classified Listing
<= 5.3.4
Sensitive Data Exposure
14.95
6.5
14/11/2025
My Tickets
<= 2.1.0
Sensitive Data Exposure
11.25
7.5
06/11/2025
Client Invoicing by Sprout Invoices
<= 20.8.9
Local File Inclusion
16.56
7.2
22/01/2026
WpBookingly
<= 1.2.9
Local File Inclusion
25.88
7.5
19/01/2026
Paid Member Subscriptions
<= 2.16.8
Insecure Direct Object References (IDOR)
6.5
6.5
29/11/2025
Simple File List
<= 6.1.15
Arbitrary File Download
19.5
6.5
25/11/2025
WP ERP
<= 1.16.10
SQL Injection
19.55
8.5
06/01/2026
Easy Hotel Booking
<= 2.0.4
Broken Access Control
4.88
6.5
20/11/2025
Travelpayouts
<= 1.2.2
Broken Access Control
6.5
6.5
20/11/2025
MailerLite
<= 1.7.18
Broken Access Control
9.68
4.3
29/12/2025
WP Recipe Maker
<= 10.2.4
Broken Access Control
29.67
4.3
29/12/2025
aDirectory
<= 3.0.3
Broken Access Control
4.88
6.5
17/11/2025
1
2
Report vulnerabilities to earn bounties and rewards!
Read more
Include pending
Back to top