daroo

2,533.19

XP

146

Reports

29

Reports, last 90 days

#10

7 Feb, 2026

🇮🇩

Lvl 5

Website

GitHub

Exploited

Affected software \| Vulnerability	AXP	Severity	Reported
Easy Hotel Booking<= 1.8.4 Broken Access Control	4.88	6.5	Nov 20, 2025
Travelpayouts<= 1.2.1 Broken Access Control	6.5	6.5	Nov 20, 2025
WP Recipe Maker<= 10.2.4 Broken Access Control	29.67	4.3	Dec 29, 2025
aDirectory<= 3.0.3 Broken Access Control	4.88	6.5	Nov 17, 2025
Directorist<= 8.5.9 Broken Access Control	7.1	7.1	Nov 15, 2025
Easy Property Listings<= 3.5.17 Broken Access Control	13	6.5	Nov 12, 2025
JobWP<= 2.4.5 Cross Site Scripting (XSS)	16.33	7.1	Nov 10, 2025
Hydra Booking<= 1.1.32 Privilege Escalation	43.8	7.3	Nov 8, 2025
Salon booking system<= 10.30.3 Sensitive Data Exposure	6.5	6.5	Nov 7, 2025
Booking Activities<= 1.16.44 Privilege Escalation	48.6	8.1	Nov 7, 2025
Nelio AB Testing<= 8.1.8 Arbitrary Code Execution	13.65	9.1	Nov 4, 2025
Tickera<= 3.5.6.2 Broken Access Control	6.5	6.5	Oct 24, 2025
Event Tickets with Ticket Scanner<= 2.8.5 Remote Code Execution (RCE)	54	9	Oct 23, 2025
Seriously Simple Podcasting<= 3.14.1 Server Side Request Forgery (SSRF)	10.12	4.4	Dec 14, 2025
Quiz And Survey Master<= 10.3.3 Broken Access Control	14.84	4.3	Dec 9, 2025
Stackable<= 3.19.5 Cross Site Scripting (XSS)	13.57	5.9	Dec 8, 2025
Ninja Tables<= 5.2.4 SQL Injection	43.99	8.5	Dec 8, 2025
Post and Page Builder by BoldGrid<= 1.27.9 Broken Access Control	22.25	4.3	Dec 6, 2025
Fluent Support<= 1.10.4 Broken Access Control	7.48	6.5	Oct 20, 2025
Spiffy Calendar<= 5.0.7 Broken Access Control	3.23	4.3	Dec 6, 2025
GetGenie<= 4.3.0 Broken Access Control	16.91	4.9	Dec 6, 2025
Sugar Calendar (Lite)<= 3.10.1 Broken Access Control	3.71	4.3	Dec 6, 2025
Timetics<= 1.0.46 Broken Authentication	26.4	8.8	Oct 14, 2025
Five Star Restaurant Reservations<= 2.7.4 Insecure Direct Object References (IDOR)	17.2	8.6	Oct 12, 2025
Tasty Recipes Lite<= 1.1.5 Broken Access Control	3.23	4.3	Oct 20, 2025
Tasty Recipes Lite<= 1.1.5 Broken Access Control	4.3	4.3	Oct 20, 2025
Gmedia Photo Gallery<= 1.25.0 Cross Site Request Forgery (CSRF)	0.54	4.3	Oct 24, 2025
RestroPress<= 3.2.4.2 Broken Access Control	10.6	5.3	Oct 18, 2025
PopupKit<= 2.2.3 Sensitive Data Exposure	8.6	4.3	Nov 29, 2025
Poptics<= 1.0.20 Sensitive Data Exposure	3.23	4.3	Nov 29, 2025
BizPrint<= 4.6.7 Broken Access Control	4.88	6.5	Nov 29, 2025
Simple File List<= 6.1.18 Broken Access Control	4.66	5.4	Nov 25, 2025
My Sticky Elements<= 2.3.3 Broken Access Control	8.6	4.3	Nov 25, 2025
BBP Core<= 1.4.1 Broken Access Control	10.6	5.3	Nov 24, 2025
Brave<= 0.8.3 Broken Access Control	10.6	5.3	Nov 23, 2025
Poll, Survey & Quiz Maker Plugin by Opinion Stage<= 19.12.0 Broken Access Control	10.6	5.3	Nov 22, 2025
Tablesome<= 1.1.35.1 Broken Access Control	6.21	5.4	Nov 22, 2025
Tablesome<= 1.1.35.1 Sensitive Data Exposure	5.75	5	Nov 22, 2025
User Feedback<= 1.10.0 SQL Injection	43.7	7.6	Nov 22, 2025
TS Poll<= 2.5.5 Broken Access Control	4.3	4.3	Nov 22, 2025
Wappointment<= 2.7.5 Broken Access Control	10.6	5.3	Nov 21, 2025
Gutenverse Form<= 2.3.1 Broken Access Control	4.88	6.5	Nov 20, 2025
WP Time Slots Booking Form<= 1.2.39 Broken Access Control	4.88	6.5	Nov 20, 2025
WP Adminify<= 4.0.6.1 Broken Access Control	6.21	5.4	Nov 18, 2025
WP Adminify<= 4.0.6.1 Broken Access Control	4.95	4.3	Nov 18, 2025
Watu Quiz<= 3.4.5 Broken Access Control	4.3	4.3	Nov 17, 2025
Listdom<= 5.0.1 Broken Access Control	4.05	5.4	Nov 16, 2025
Simple Link Directory<= 8.8.3 Broken Access Control	10.6	5.3	Nov 17, 2025
Easy Form Builder<= 3.8.20 Broken Access Control	10.6	5.3	Nov 17, 2025
TrueBooker<= 1.1.0 Broken Access Control	7.95	5.3	Nov 20, 2025
UsersWP<= 1.2.48 Cross Site Request Forgery (CSRF)	0.54	4.3	Nov 17, 2025
Webba Booking<= 6.2.1 Broken Access Control	9.89	4.3	Nov 20, 2025
Simple Link Directory<= 8.8.3 Cross Site Request Forgery (CSRF)	0.54	4.3	Nov 17, 2025
Admin and Site Enhancements (ASE)<= 8.0.8 Broken Access Control	6.75	2.7	Nov 25, 2025
Watu Quiz<= 3.4.5 Broken Access Control	4.88	6.5	Nov 17, 2025
Directorist<= 8.5.9 Open Redirection	9.4	4.7	Nov 15, 2025
Business Directory<= 6.4.19 Broken Access Control	2.45	4.9	Nov 15, 2025
Essential Real Estate<= 5.2.6 Broken Access Control	10.6	5.3	Nov 14, 2025
Essential Real Estate<= 5.2.6 Insecure Direct Object References (IDOR)	6.5	6.5	Nov 14, 2025
Easy Property Listings<= 3.5.17 Broken Access Control	4.3	4.3	Nov 12, 2025
Ultimate Auction <= 4.3.2 Sensitive Data Exposure	10.6	5.3	Nov 12, 2025
Ultimate Auction <= 4.3.2 Broken Access Control	5.4	5.4	Nov 12, 2025
Media Library Tools<= 1.6.15 SQL Injection	7.6	7.6	Nov 11, 2025
Nelio Popups<= 1.3.0 Cross Site Scripting (XSS)	4.88	6.5	Nov 10, 2025
Salon booking system<= 10.30.3 Cross Site Request Forgery (CSRF)	0.54	4.3	Nov 7, 2025
WpEvently<= 5.1.1 Cross Site Request Forgery (CSRF)	9.89	4.3	Nov 6, 2025
My Tickets<= 2.1.0 Broken Access Control	2.42	4.3	Nov 6, 2025
Custom Layouts – Post + Product grids made easy<= 1.4.12 Broken Access Control	3.23	4.3	Nov 5, 2025
Thank You Page Customizer for WooCommerce<= 1.1.8 Broken Access Control	4.95	4.3	Nov 5, 2025
WP AI CoPilot<= 1.2.7 Sensitive Data Exposure	3.23	4.3	Nov 4, 2025
Stylish Price List<= 7.2.2 Broken Access Control	10.6	5.3	Oct 31, 2025
Masteriyo - LMS<= 2.0.3 Sensitive Data Exposure	14.95	6.5	Oct 31, 2025
CatFolders<= 2.5.3 Broken Access Control	10.6	5.3	Oct 31, 2025
FluentCommunity<= 2.0.0 Broken Access Control	4.95	4.3	Oct 29, 2025
WP ERP<= 1.16.6 Sensitive Data Exposure	7.48	6.5	Oct 27, 2025
PropertyHive<= 2.1.12 Broken Access Control	17.25	7.5	Oct 25, 2025
PropertyHive<= 2.1.12 Broken Access Control	4.95	4.3	Oct 25, 2025
SupportCandy<= 3.4.1 Cross Site Request Forgery (CSRF)	0.54	4.3	Oct 22, 2025
ForumWP<= 2.1.4 Broken Access Control	3.23	4.3	Oct 22, 2025
wpForo Forum<= 2.4.10 Broken Access Control	15	7.5	Oct 19, 2025
RestroPress<= 3.2.3.5 Broken Access Control	6.5	6.5	Oct 18, 2025
Contact Form Email<= 1.3.58 Broken Access Control	4.88	6.5	Oct 16, 2025
Appointment Booking Calendar<= 1.3.95 Broken Access Control	5.4	5.4	Oct 16, 2025
CoSchedule<= 3.4.0 Broken Access Control	18.29	5.3	Oct 15, 2025
Survey Maker<= 5.1.9.4 Broken Access Control	4.88	6.5	Oct 15, 2025
Seriously Simple Podcasting<= 3.13.0 Cross Site Request Forgery (CSRF)	2.47	4.3	Oct 12, 2025
Seriously Simple Podcasting<= 3.13.0 Broken Access Control	48.76	5.3	Oct 10, 2025
Seriously Simple Podcasting<= 3.13.0 Sensitive Data Exposure	48.76	5.3	Oct 10, 2025
Restaurant Menu by MotoPress<= 2.4.7 Sensitive Data Exposure	6.5	6.5	Oct 10, 2025
Ultimate FAQ<= 2.4.3 Cross Site Request Forgery (CSRF)	1.08	4.3	Oct 9, 2025
PowerPress Podcasting<= 11.13.12 Cross Site Request Forgery (CSRF)	1.85	4.3	Oct 9, 2025
VikBooking Hotel Booking Engine & PMS<= 1.8.2 Sensitive Data Exposure	11.8	5.9	Oct 8, 2025
EventPrime<= 4.2.4.1 Sensitive Data Exposure	4.3	4.3	Oct 7, 2025
EventPrime<= 4.2.4.1 Broken Access Control	8.6	4.3	Oct 7, 2025
Feather Login Page<= 1.1.7 Cross Site Request Forgery (CSRF)	0.54	4.3	Oct 6, 2025
WP Hotel Booking<= 2.2.7 Sensitive Data Exposure	8.6	4.3	Oct 6, 2025
WP Hotel Booking<= 2.2.8 Cross Site Request Forgery (CSRF)	0.54	4.3	Oct 6, 2025
WP Hotel Booking<= 2.2.8 Cross Site Scripting (XSS)	2.95	5.9	Oct 6, 2025
VikBooking Hotel Booking Engine & PMS<= 1.8.2 Broken Access Control	10.6	5.3	Oct 8, 2025

Report vulnerabilities to earn bounties and rewards!

Include pending