Majed Refaea

835.86

XP

107

Reports

0

Reports, last 90 days

#1

17 Nov, 2025

Lvl 3

Website

GitHub

Exploited

Affected software \| Vulnerability	AXP	Severity	Reported
Sunshine Photo Cart<= 3.2.9 Broken Access Control	12.19	5.3	Feb 8, 2024
Photo Engine<= 6.4.0 Broken Access Control	4.3	4.3	Feb 29, 2024
MyBookTable Bookstore<= 3.3.9 Cross Site Request Forgery (CSRF)	3.55	7.1	Feb 16, 2024
WpTravelly<= 1.7.7 Broken Access Control	15	7.5	Feb 24, 2024
Photo Engine<= 6.3.1 Cross Site Scripting (XSS)	2.95	5.9	Feb 29, 2024
Telegram Bot & Channel<= 3.8.2 Cross Site Request Forgery (CSRF)	2.65	5.3	Feb 26, 2024
WP Fast Total Search<= 1.69.234 Cross Site Request Forgery (CSRF)	2.15	4.3	Feb 24, 2024
WP GoToWebinar<= 15.7 Cross Site Scripting (XSS)	3.55	7.1	Feb 21, 2024
WappPress<= 6.0.4 Server Side Request Forgery (SSRF)	4.9	4.9	Feb 29, 2024
Taggbox<= 3.3 Cross Site Request Forgery (CSRF)	2.15	4.3	Feb 21, 2024
Zoho Campaigns<= 2.0.8 Cross Site Scripting (XSS)	6.5	6.5	Feb 22, 2024
Google Adsense & Banner Ads by AdsforWP<= 1.9.28 Cross Site Request Forgery (CSRF)	2.15	4.3	Feb 23, 2024
Animated Rotating Words<= 5.6 Cross Site Request Forgery (CSRF)	2.15	4.3	Feb 28, 2024
MakeStories (for Google Web Stories)<= 3.0.3 Arbitrary File Download	10.65	7.1	Feb 28, 2024
Meks Video Importer<= 1.0.12 Broken Access Control	5.4	5.4	Feb 14, 2024
Magical Addons For Elementor<= 1.1.41 Server Side Request Forgery (SSRF)	4.9	4.9	Feb 16, 2024
WP Fast Total Search<= 1.68.232 Broken Access Control	4.3	4.3	Feb 25, 2024
WP GoToWebinar<= 15.6 Broken Access Control	4.3	4.3	Feb 21, 2024
Metorik – Reports & Email Automation for WooCommerce<= 1.7.1 Cross Site Request Forgery (CSRF)	2.15	4.3	Feb 20, 2024
WP GoToWebinar<= 15.7 Cross Site Scripting (XSS)	6.5	6.5	Feb 21, 2024
codoc<= 0.9.51.12 Cross Site Scripting (XSS)	14.2	7.1	Feb 12, 2024
Cliengo – Chatbot<= 3.0.4 Cross Site Request Forgery (CSRF)	2.7	5.4	Feb 29, 2024
Ultimate Auction <= 4.2.5 Cross Site Request Forgery (CSRF)	2.15	4.3	Feb 13, 2024
Zita Elementor Site Library<= 1.6.1 Arbitrary Code Execution	29	9.9	Feb 15, 2024
WPAdverts<= 2.1.2 Cross Site Request Forgery (CSRF)	2.15	4.3	Feb 25, 2024
AliNext<= 3.3.5 Cross Site Scripting (XSS)	6.5	6.5	Feb 16, 2024
AliNext<= 3.4.6 Cross Site Request Forgery (CSRF)	3.55	7.1	Feb 16, 2024
AliNext<= 3.4.3 Cross Site Request Forgery (CSRF)	4.15	8.3	Feb 16, 2024
AliNext<= 3.3.5 Cross Site Scripting (XSS)	24.85	7.1	Feb 17, 2024
AliNext<= 3.3.5 Broken Access Control	6.5	6.5	Feb 17, 2024
User Rights Access Manager<= 1.1.2 Broken Access Control	6.5	6.5	Feb 17, 2024
WP Scraper<= 5.7 Server Side Request Forgery (SSRF)	4.9	4.9	Feb 7, 2024
MasterStudy LMS<= 3.2.12 Broken Access Control	10.8	8.2	Jan 25, 2024
MasterStudy LMS<= 3.2.1 Cross Site Request Forgery (CSRF)	2.15	4.3	Jan 26, 2024
Ovic Importer<= 1.6.3 Arbitrary File Download	11.25	7.5	Jan 29, 2024
Copymatic<= 1.9 Broken Access Control	6.5	6.5	Feb 20, 2024
Analytify<= 5.2.3 Cross Site Request Forgery (CSRF)	5.4	5.4	Feb 21, 2024
Pure Chat<= 2.22 Cross Site Request Forgery (CSRF)	3.55	4.3	Feb 14, 2024
Netgsm<= 2.9.19 Broken Access Control	15	7.5	Jan 8, 2024
Debug Log Manager<= 2.3.1 Broken Access Control	4.3	4.3	Jan 14, 2024
WP Translate<= 5.3.0 Broken Access Control	5.4	5.4	Jan 15, 2024
Upload Fields for WPForms<= 1.0.2 Broken Access Control	10.6	5.3	Jan 15, 2024
Fastly<= 1.2.25 Broken Access Control	4.3	4.3	Feb 17, 2024
WPCal.io<= 0.9.5.8 Cross Site Request Forgery (CSRF)	2.7	5.4	Feb 25, 2024
WebinarPress<= 1.33.20 Cross Site Request Forgery (CSRF)	3.55	7.1	Jan 27, 2024
Social Warfare<= 4.4.5.1 Cross Site Request Forgery (CSRF)	4.3	4.3	Feb 8, 2024
LeadConnector<= 1.7 Broken Access Control	17.2	8.6	Feb 2, 2024
EAN for WooCommerce<= 4.8.9 Privilege Escalation	2.7	7.2	Jan 21, 2024
Save as PDF<= 3.2.0 Broken Access Control	6.5	6.5	Feb 26, 2024
WPPizza<= 3.18.10 Broken Access Control	6.5	6.5	Feb 26, 2024
Login with phone number<= 1.6.93 Broken Access Control	19.6	9.8	Jan 7, 2024
Culqi<= 3.0.14 Server Side Request Forgery (SSRF)	4.9	4.9	Feb 7, 2024
Podlove Podcast Publisher<= 4.0.11 Server Side Request Forgery (SSRF)	4.05	5.4	Jan 25, 2024
Headline Analyzer<= 1.3.3 Broken Access Control	8.6	4.3	Feb 2, 2024
Social Snap<= 1.3.5 Broken Access Control	13	6.5	Feb 8, 2024
SuperFaktura WooCommerce<= 1.40.3 Server Side Request Forgery (SSRF)	6.4	6.4	Feb 7, 2024
WP Fusion Lite<= 3.42.10 Sensitive Data Exposure	4.3	4.3	Feb 23, 2024
WPCal.io<= 0.9.5.8 Cross Site Request Forgery (CSRF)	2.15	4.3	Feb 25, 2024
Paid Memberships Pro<= 2.12.10 Cross Site Request Forgery (CSRF)	8.1	5.4	Feb 9, 2024
The Pack Elementor addons<= 2.0.8.2 Server Side Request Forgery (SSRF)	4.9	4.9	Feb 16, 2024
SchedulePress<= 5.0.8 Broken Access Control	6.5	6.5	Feb 16, 2024
StreamWeasels Twitch Integration<= 1.7.8 Sensitive Data Exposure	10.6	5.3	Feb 5, 2024
Language Switcher for Transposh<= 1.5.9 Cross Site Scripting (XSS)	N/A	7.1	Jan 3, 2024
WP Smart Import<= 1.0.7 Cross Site Scripting (XSS)	2.95	5.9	Feb 4, 2024
Debug Log Manager<= 2.3.1 Cross Site Scripting (XSS)	14.2	7.1	Jan 15, 2024
VikBooking Hotel Booking Engine & PMS<= 1.6.7 Cross Site Scripting (XSS)	24.85	7.1	Feb 24, 2024
Netgsm<= 2.8 Cross Site Scripting (XSS)	14.2	7.1	Jan 8, 2024
WP TradingView<= 1.7 Cross Site Scripting (XSS)	4.88	6.5	Jan 12, 2024
LH Add Media From Url<= 1.22 Cross Site Scripting (XSS)	14.2	7.1	Jan 13, 2024
Download IP2Location Country Blocker<= 2.34.2 Cross Site Request Forgery (CSRF)	2.15	4.3	Feb 20, 2024
Zoho Campaigns<= 2.0.7 Cross Site Request Forgery (CSRF)	2.15	4.3	Feb 22, 2024
Zoho Campaigns<= 2.0.7 Cross Site Request Forgery (CSRF)	2.15	4.3	Feb 22, 2024
Libsyn Publisher Hub<= 1.4.4 Cross Site Request Forgery (CSRF)	2.47	4.3	Feb 11, 2024
Crony Cronjob Manager<= 0.5.0 Cross Site Request Forgery (CSRF)	2.15	4.3	Jan 15, 2024
Login with phone number<= 1.6.93 Cross Site Request Forgery (CSRF)	4.4	8.8	Jan 6, 2024
MihanPanel< 12.7 Cross Site Request Forgery (CSRF)	2.7	5.4	Jan 9, 2024
Spotlight Social Media Feeds<= 1.6.10 Cross Site Request Forgery (CSRF)	6.45	4.3	Feb 8, 2024
Smash Balloon Social Post Feed<= 4.2.1 Cross Site Request Forgery (CSRF)	10.75	4.3	Feb 8, 2024
MailChimp Forms by MailMunch<= 3.2.1 Cross Site Request Forgery (CSRF)	5.4	5.4	Feb 9, 2024
No-Bot Registration<= 1.9.1 Cross Site Request Forgery (CSRF)	2.15	4.3	Feb 13, 2024
WP Event Aggregator<= 1.7.6 Cross Site Request Forgery (CSRF)	2.15	4.3	Feb 22, 2024
Transcoder<= 1.3.5 Cross Site Request Forgery (CSRF)	2.15	4.3	Feb 20, 2024
MPG<= 3.4.0 Cross Site Request Forgery (CSRF)	2.7	5.4	Feb 25, 2024
ReDi Restaurant Reservation<= 24.0128 Cross Site Request Forgery (CSRF)	3.55	7.1	Feb 26, 2024
RapidLoad<= 2.2.11 Server Side Request Forgery (SSRF)	14.4	7.2	Jan 18, 2024
Media Library Folders<= 8.1.8 Directory Traversal	3.25	6.5	Jan 22, 2024
WordPress Tooltips<= 9.5.3 Cross Site Request Forgery (CSRF)	3.55	7.1	Jan 28, 2024
EmbedPress<= 3.9.8 Broken Access Control	39	6.5	Feb 8, 2024
Advanced Local Pickup for WooCommerce<= 1.6.2 Broken Access Control	15	7.5	Feb 2, 2024
Builderall Builder for WordPress<= 2.0.1 Server Side Request Forgery (SSRF)	9.8	4.9	Feb 7, 2024
Nelio Content<= 3.2.0 Server Side Request Forgery (SSRF)	3.68	4.9	Feb 7, 2024
OSS Aliyun<= 1.4.10 SQL Injection	N/A	7.6	Feb 4, 2024
Tumult Hype Animations<= 1.9.11 Cross Site Scripting (XSS)	14.2	7.1	Feb 28, 2024
Tumult Hype Animations<= 1.9.11 Cross Site Request Forgery (CSRF)	2.15	4.3	Feb 28, 2024
AI WP Writer<= 3.6.5 Broken Access Control	10.6	5.3	Feb 28, 2024
Brave Popup Builder<= 0.6.5 Server Side Request Forgery (SSRF)	14.4	5.4	Feb 10, 2024
MPG<= 3.4.0 Broken Access Control	4.3	4.3	Feb 25, 2024
Photo Gallery by Ays<= 5.5.2 Cross Site Scripting (XSS)	24.85	7.1	Feb 29, 2024
Super Page Cache for Cloudflare<= 4.7.5 Cross Site Request Forgery (CSRF)	7.1	7.1	Feb 12, 2024
MPG<= 3.4.0 Remote Code Execution (RCE)	13.65	9.1	Feb 25, 2024

Report vulnerabilities to earn bounties and rewards!

Include pending