LVT-tholv2k

8700.3

XP

469

Reports

2

Reports, last 90 days

#23

17 Nov, 2025

Lvl 9

Website

GitHub

Exploited

Affected software \| Vulnerability	AXP	Severity	Reported
WPMobile.App<= 11.71 Cross Site Scripting (XSS)	24.5	7.1	Sep 26, 2025
Gutenify<= 1.5.7 Cross Site Scripting (XSS)	14.2	7.1	May 29, 2025
Easy Elementor Addons<= 2.2.8 Local File Inclusion	12.94	7.5	Sep 13, 2025
Ray Enterprise Translation<= 1.7.1 Broken Access Control	5.4	5.4	Jun 13, 2025
InPost Gallery<= 2.1.4.5 Local File Inclusion	15	7.5	Jun 3, 2025
Gutenify<= 1.5.4 Local File Inclusion	30	7.5	May 29, 2025
Funnel Builder by FunnelKit<= 3.11.1 Local File Inclusion	60	7.5	Jun 27, 2025
WP Pipes<= 1.4.3 Cross Site Scripting (XSS)	10.65	7.1	Jun 5, 2025
CF7 WOW Styler<= 1.7.2 Local File Inclusion	34.5	7.5	Jun 21, 2025
Google Map Targeting<= 1.1.6 Local File Inclusion	8.8	8.8	Jun 3, 2025
Realtyna Organic IDX plugin<= 5.0.0 Local File Inclusion	30	7.5	Jun 22, 2025
Anchor smooth scroll<= 1.0.2 Local File Inclusion	16.2	8.1	Jun 29, 2025
Paid Member Subscriptions<= 2.15.4 Local File Inclusion	30	7.5	Jun 21, 2025
PoloPag – Pix Automático para Woocommerce<= 2.0.9 Local File Inclusion	15	7.5	Jun 28, 2025
News Magazine X<= 1.2.37 Local File Inclusion	30	7.5	Jun 2, 2025
Graphina<= 3.1.1 Local File Inclusion	30	7.5	Jun 4, 2025
WP REST Cache<= 2025.1.0 Local File Inclusion	30	7.5	Jun 4, 2025
Gutenberg Blocks<= 3.3.1 Local File Inclusion	60	7.5	Jun 15, 2025
Premmerce Wishlist for WooCommerce<= 1.1.10 Local File Inclusion	51.75	7.5	Jun 28, 2025
Premmerce Wholesale Pricing for WooCommerce<= 1.1.10 Local File Inclusion	51.75	7.5	Jun 28, 2025
Premmerce User Roles<= 1.0.13 Local File Inclusion	51.75	7.5	Jun 28, 2025
Responsive Sidebar<= 1.2.2 Local File Inclusion	22.5	7.5	Jun 28, 2025
Premmerce Product Search for WooCommerce<= 2.2.4 Local File Inclusion	51.75	7.5	Jun 28, 2025
Lazy Load Optimizer<= 1.4.7 Local File Inclusion	30	7.5	Jun 28, 2025
Finale Lite<= 2.20.0 Cross Site Scripting (XSS)	14.2	7.1	Jun 28, 2025
NextMove Lite<= 2.22.0 Cross Site Scripting (XSS)	14.2	7.1	Jun 28, 2025
SEOPress for MainWP<= 1.4 Local File Inclusion	30	7.5	Jun 21, 2025
WP Pipes<= 1.4.3 Local File Inclusion	24.3	8.1	Jun 5, 2025
Simple Contact Forms<= 1.6.4 Local File Inclusion	16.2	8.1	Jun 22, 2025
LearnPress Export Import<= 4.1.0 Cross Site Scripting (XSS)	14.2	7.1	Jun 22, 2025
LearnPress Export Import<= 4.1.0 Local File Inclusion	30	7.5	Jun 21, 2025
WP Customer Area<= 8.2.7 Local File Inclusion	30	7.5	Jun 21, 2025
Favorites<= 2.3.6 Local File Inclusion	30	7.5	Jun 21, 2025
Widget for Google Reviews<= 1.0.15 Local File Inclusion	32.4	8.1	Jun 1, 2025
Ghost Kit<= 3.4.1 Local File Inclusion	32.4	8.1	May 29, 2025
Store Exporter<= 2.7.6 Local File Inclusion	51.75	7.5	Jun 15, 2025
WooCommerce Store Toolkit<= 2.4.3 Local File Inclusion	51.75	7.5	Jun 15, 2025
WP Pipes<= 1.4.3 SQL Injection	27.9	9.3	Jun 5, 2025
WP Pipes<= 1.4.3 Arbitrary File Deletion	38.7	8.6	Jun 6, 2025
WP Travel Gutenberg Blocks<= 3.9.0 Local File Inclusion	32.4	8.1	May 29, 2025
FW Gallery<= 8.0.0 Arbitrary File Upload	N/A	10	Apr 25, 2025
Gmedia Photo Gallery<= 1.23.0 Local File Inclusion	11.25	7.5	May 28, 2025
FW Gallery<= 8.0.0 Local File Inclusion	N/A	8.1	Apr 25, 2025
FW Food Menu <= 6.0.0 Arbitrary File Deletion	N/A	8.6	Apr 25, 2025
Classified Listing<= 4.2.0 Local File Inclusion	12.94	7.5	Jun 1, 2025
HUSKY<= 1.3.7 Local File Inclusion	51.75	7.5	Jun 3, 2025
Woocommerce Line Notify<= 1.1.7 Cross Site Scripting (XSS)	14.2	7.1	Apr 29, 2025
FunnelKit Automations<= 3.6.0 Open Redirection	9.4	4.7	Apr 28, 2025
FW Food Menu <= 6.0.0 Arbitrary File Upload	N/A	10	Apr 25, 2025
WP Job Portal<= 2.3.2 SQL Injection	42.78	9.3	Apr 24, 2025
FW Gallery<= 8.0.0 Arbitrary File Deletion	N/A	8.6	Apr 25, 2025
Stock Locations for WooCommerce<= 2.8.6 Broken Access Control	7.1	7.1	Apr 21, 2025
MultiVendorX<= 4.2.22 Sensitive Data Exposure	15	7.5	Apr 30, 2025
Wishlist<= 1.0.43 Cross Site Scripting (XSS)	4.88	6.5	Feb 17, 2025
WP Job Portal<= 2.3.2 Arbitrary File Download	25.88	7.5	Apr 24, 2025
Majestic Support<= 1.1.0 SQL Injection	42.78	9.3	Apr 22, 2025
WordPress Social Login and Register<= 7.6.10 Local File Inclusion	48.6	8.1	Mar 24, 2025
miniOrange Discord Integration<= 2.2.2 Local File Inclusion	48.6	8.1	Mar 24, 2025
Essential Real Estate<= 5.2.2 Local File Inclusion	48.6	8.1	Apr 14, 2025
WP Event Manager<= 3.1.51 Local File Inclusion	97.2	8.1	Apr 14, 2025
Majestic Support<= 1.1.0 Broken Access Control	12.19	5.3	Apr 22, 2025
WP Job Portal<= 2.3.2 Insecure Direct Object References (IDOR)	12.19	5.3	Apr 25, 2025
Printcart Web to Print Product Designer for WooCommerce<= 2.3.9 Arbitrary File Upload	60	10	Mar 30, 2025
Printcart Web to Print Product Designer for WooCommerce<= 2.4.0 SQL Injection	37.2	9.3	Mar 30, 2025
Ajar in5 Embed<= 3.1.5 Arbitrary File Upload	60	10	Mar 30, 2025
Lead Form Data Collection to CRM<= 3.1 Privilege Escalation	26.4	8.8	Mar 18, 2025
PSW Front-end Login & Registration<= 1.13 Broken Authentication	58.8	9.8	Mar 29, 2025
Challan<= 3.7.58 Cross Site Request Forgery (CSRF)	13.2	8.8	Apr 15, 2025
Evergreen Content Poster<= 1.4.5 Broken Access Control	7.42	4.3	No date
Popup Builder<= 1.1.35 Local File Inclusion	22.5	7.5	Apr 16, 2025
Booking and Rental Manager<= 2.3.6 Broken Access Control	10.6	5.3	Feb 15, 2025
Booking and Rental Manager<= 2.2.8 Broken Access Control	10.6	5.3	Feb 15, 2025
Hotel Booking<= 3.6 Local File Inclusion	48.6	8.1	Dec 27, 2024
Xelion Webchat<= 9.1.0 Privilege Escalation	26.4	8.8	Mar 12, 2025
Starfish Review Generation & Marketing<= 3.1.17 Privilege Escalation	26.4	8.8	Mar 13, 2025
WP Subscription Forms<= 1.2.3 Broken Access Control	5.4	5.4	Mar 10, 2025
Subscribe to Unlock Lite<= 1.3.0 Local File Inclusion	16.88	7.5	Mar 10, 2025
HelpGent<= 2.2.5 PHP Object Injection	39.2	9.8	Feb 21, 2025
Testimonial Slider And Showcase Pro<= 2.1.7 Local File Inclusion	45	7.5	Feb 20, 2025
Course Booking System<= 6.1.2 Cross Site Scripting (XSS)	14.2	7.1	Oct 18, 2024
Local Magic<= 2.8.0 SQL Injection	37.2	9.3	Feb 4, 2025
JS Job Manager<= 2.0.2 Arbitrary File Upload	60	10	Feb 23, 2025
Administrator Z<= 2025.03.24 Privilege Escalation	26.4	8.8	Mar 18, 2025
TuriTop Booking System<= 1.0.10 PHP Object Injection	17.6	8.8	Dec 22, 2024
Email Notifications for Updates<= 1.1.6 Privilege Escalation	26.4	8.8	Mar 11, 2025
Question Answer<= 1.2.70 PHP Object Injection	17.6	8.8	Feb 14, 2025
Booking and Rental Manager<= 2.2.8 Local File Inclusion	16.88	7.5	Feb 12, 2025
Paid Videochat Turnkey Site<= 7.3.11 Broken Authentication	58.8	9.8	Mar 30, 2025
Rankology SEO – On-site SEO<= 2.2.4 Privilege Escalation	29.4	9.8	Mar 31, 2025
Stop Registration Spam<= 1.24 Cross Site Scripting (XSS)	14.2	7.1	Dec 16, 2024
Question Answer<= 1.2.70 Cross Site Scripting (XSS)	14.2	7.1	Feb 14, 2025
WP-BusinessDirectory<= 3.1.2 Cross Site Scripting (XSS)	14.2	7.1	Jan 30, 2025
TableOn<= 1.0.4.2 PHP Object Injection	39.2	9.8	Dec 21, 2024
EmpikPlace for Woocommerce<= 1.4.3 PHP Object Injection	19.6	9.8	Dec 19, 2024
Checkout Mestres WP<= 8.7.5 Privilege Escalation	58.8	9.8	Mar 10, 2025
Material Dashboard<= 1.4.5 Local File Inclusion	22.5	7.5	Mar 22, 2025
Seo Meta Tags<= 1.4 Cross Site Request Forgery (CSRF)	13.2	8.8	Mar 27, 2025
Buddypress Humanity<= 1.2 Cross Site Request Forgery (CSRF)	14.7	9.8	Mar 28, 2025
WPSolr<= 24.0 Cross Site Request Forgery (CSRF)	13.2	8.8	Mar 29, 2025
Essential Breadcrumbs<= 1.1.1 Cross Site Request Forgery (CSRF)	13.2	8.8	Mar 29, 2025

Report vulnerabilities to earn bounties and rewards!

Include pending