Legion Hunter

Say thanks

1975.16

XP

189

Reports

52

Reports, last 90 days

#10

28 Dec, 2025

Lvl 5

Website

GitHub

Exploited

Affected software \| Vulnerability	AXP	Severity	Reported
Funnelforms Free<= 3.8 Broken Access Control	10.6	5.3	No date
Plugin Optimizer<= 1.3.7 Broken Access Control	3.55	7.1	Sep 8, 2025
Accept Donations with PayPal<= 1.5.1 Open Redirection	9.4	4.7	No date
SALESmanago<= 3.9.0 Broken Access Control	10.6	5.3	No date
Cooked<= 1.11.2 Broken Access Control	12.19	5.3	No date
WP Telegram Widget and Join Link<= 2.2.11 Broken Access Control	10.6	5.3	No date
FV Simpler SEO<= 1.9.6 Broken Access Control	10.6	5.3	No date
Addonify<= 2.0.4 Broken Access Control	10.6	5.3	No date
Twitch Player<= 2.1.3 Broken Access Control	N/A	5.3	No date
Claspo – Popups, Spin the Wheel & Email Capture<= 1.0.7 Broken Access Control	10.6	5.3	No date
Read More & Accordion<= 3.5.5.1 Broken Access Control	4.3	4.3	No date
Booking calendar, Appointment Booking System<= 3.2.30 Broken Access Control	10.6	5.3	No date
Sitewide Notice WP<= 2.4.1 Broken Access Control	10.6	5.3	No date
WP Cookie Notice for GDPR, CCPA & ePrivacy Consent<= 4.0.7 Broken Access Control	10.6	5.3	No date
Protect WP Admin<= 4.1 Broken Access Control	8.6	4.3	No date
Request a Quote<= 2.5.3 Broken Access Control	4.3	4.3	No date
WP Views Counter<= 2.1.2 Broken Access Control	10.6	5.3	No date
InstaWP Connect<= 0.1.1.9 Broken Access Control	59.8	6.5	Nov 9, 2025
Leaky Paywall<= 4.22.5 Broken Access Control	7.95	5.3	No date
WP-CRM System<= 3.4.5 Broken Access Control	10.6	5.3	No date
Post SMTP<= 3.6.1 Broken Access Control	146.28	5.3	No date
Formstack Online Forms<= 2.0.2 Broken Access Control	10.6	5.3	No date
Constant Contact + WooCommerce<= 2.4.1 Broken Access Control	10.6	5.3	No date
MultiParcels Shipping For WooCommerce<= 1.30.12 Broken Access Control	4.95	4.3	No date
WP Google Analytics Events<= 2.8.2 Sensitive Data Exposure	10.6	5.3	No date
WP ERP<= 1.16.7 Broken Access Control	12.19	5.3	No date
WpEvently<= 5.0.4 Broken Access Control	24.38	5.3	No date
WPForms Google Sheet Connector<= 4.0.0 Broken Access Control	10.6	5.3	No date
WooCommerce Payment Gateway – Paysera<= 3.10.0 Broken Access Control	4.3	4.3	No date
Xagio SEO<= 7.1.0.32 Broken Access Control	4.3	4.3	No date
Order Delivery Date for WooCommerce<= 4.3.1 Broken Access Control	10.8	5.4	No date
Business Directory<= 6.4.19 Cross Site Request Forgery (CSRF)	0.54	4.3	No date
Tiktok Feed<= 1.0.23 Broken Access Control	12.19	5.3	No date
WPS Bidouille<= 1.33.1 Broken Access Control	4.3	4.3	No date
Payment Gateway for PayPal on WooCommerce<= 9.0.53 Broken Access Control	10.6	5.3	No date
SiteGround Security<= 1.5.8 Broken Access Control	74.2	5.3	No date
Cart Weight for WooCommerce<= 1.9.11 Broken Access Control	10.6	5.3	No date
Quiz And Survey Master<= 10.3.2 Broken Access Control	24.38	5.3	No date
WP Compress for MainWP<= 6.50.07 Broken Access Control	7.95	5.3	No date
OnPay.io for WooCommerce<= 1.0.47 Broken Access Control	12.19	5.3	No date
BERTHA AI<= 1.13 Broken Access Control	12.19	5.3	No date
Sermon Manager<= 2.30.0 Broken Access Control	10.6	5.3	No date
Virtuaria PagBank / PagSeguro para Woocommerce<= 3.6.3 Broken Access Control	10.6	5.3	No date
UsersWP<= 1.2.47 Broken Access Control	10.6	5.3	No date
Show Variations as Single Products Woocommerce<= 2.0 Broken Access Control	7.95	5.3	No date
Custom Order Numbers for WooCommerce<= 1.11.0 Broken Access Control	10.6	5.3	No date
Legal Pages<= 1.4.6 Broken Access Control	10.6	5.3	No date
Better Chat Support for Messenger<= 1.2.18 Broken Access Control	7.95	5.3	No date
PPOM for WooCommerce<= 33.0.16 Broken Access Control	4.3	4.3	No date
Theater for WordPress<= 0.18.8 Broken Access Control	24.38	5.3	No date
WP Cookie Notice for GDPR, CCPA & ePrivacy Consent<= 4.0.3 Broken Access Control	4.3	4.3	No date
Uncanny Automator< 6.10.0 Sensitive Data Exposure	12.9	4.3	No date
Frontend File Manager<= 23.2 Broken Access Control	4.3	4.3	No date
Smart Coupons for WooCommerce<= 2.2.3 Broken Access Control	8.6	4.3	No date
WebToffee eCommerce Marketing Automation<= 2.1.1 Broken Access Control	4.3	4.3	No date
Product Feed for WooCommerce<= 2.3.1 Broken Access Control	4.3	4.3	No date
Order Export & Order Import for WooCommerce<= 2.6.7 Broken Access Control	12.9	4.3	No date
Booster for WooCommerce<= 7.4.0 Broken Access Control	8.6	4.3	No date
Accessibility Toolkit by WebYes<= 2.0.4 Broken Access Control	3.23	4.3	No date
Arconix Shortcodes<= 2.1.18 Broken Access Control	4.3	4.3	No date
Debug Log Viewer<= 2.0.3 Broken Access Control	4.05	5.4	No date
Яндекс Доставка (Boxberry)<= 2.33 Broken Access Control	4.05	5.4	No date
Elastic Email Sender<= 1.2.20 Broken Access Control	4.3	4.3	No date
Web Accessibility By accessiBe<= 2.10 Broken Access Control	6.21	5.4	No date
MDTF<= 1.3.3.9 Broken Access Control	7.42	4.3	No date
Persian Admnin Fonts<= 4.1.03 Broken Access Control	4.05	5.4	No date
KiotViet Sync<= 1.8.5 Broken Access Control	3.23	4.3	No date
Whydonate<= 4.0.15 Broken Access Control	7.95	5.3	No date
WebinarPress<= 1.33.28 Broken Access Control	4.3	4.3	No date
GoCache<= 1.3.6 Broken Access Control	5.4	5.4	No date
Admin Management Xtended <= 2.5.1 Broken Access Control	4.95	4.3	No date
MeetingHub<= 1.23.9 Broken Access Control	3.23	4.3	No date
Front End Users<= 3.2.33 Broken Access Control	3.23	4.3	No date
WowRevenue<= 1.2.13 Broken Access Control	4.3	4.3	No date
One Page Express Companion<= 1.6.43 Broken Access Control	4.3	4.3	No date
ShopMagic<= 4.5.6 Sensitive Data Exposure	23.2	5.8	Aug 20, 2025
Revive Old Posts<= 9.3.3 Broken Access Control	4.3	4.3	No date
Simple Job Board<= 2.13.7 Sensitive Data Exposure	15	7.5	Aug 12, 2025
Welcart e-Commerce<= 2.11.24 Broken Access Control	4.3	4.3	No date
ChatBot<= 7.6.3 Broken Access Control	4.3	4.3	No date
Everest Backup<= 2.3.8 Broken Access Control	10.6	5.3	No date
WP Gmail SMTP<= 1.0.7 Sensitive Data Exposure	11.6	5.8	Aug 7, 2025
AppExperts<= 1.4.5 Sensitive Data Exposure	N/A	5.8	Aug 1, 2025
Smash Balloon Social Post Feed<= 4.3.2 Broken Access Control	24.73	4.3	No date
Reoon Email Verifier<= 2.0.1 Broken Access Control	3.23	4.3	No date
Open Close WooCommerce Store<= 4.9.8 Broken Access Control	3.23	4.3	No date
Conversios.io<= 7.2.13 Broken Access Control	6.21	5.4	No date
TS Demo Importer<= 0.1.2 Broken Access Control	N/A	5.4	No date
IgnitionDeck<= 2.0.12 Broken Access Control	N/A	5.4	No date
Jock On Air Now (JOAN)<= 6.0.4 Broken Access Control	4.88	6.5	Sep 2, 2025
Flights & Hotels Booking WP Plugin<= 3.1 Broken Access Control	8.1	5.4	No date
SMS Contact Form 7 Notifications by ClickSend<= 1.4.0 Broken Access Control	N/A	4.3	No date
Effect Maker<= 1.2.1 Broken Access Control	3.25	6.5	Aug 31, 2025
Smart WeTransfer<= 1.3 Broken Access Control	N/A	4.3	No date
Referral Link Tracker<= 1.1.4 Broken Access Control	N/A	4.3	No date
WP Project Manager<= 2.6.25 Sensitive Data Exposure	10.6	5.3	Aug 10, 2025
Estonian Shipping Methods for WooCommerce<= 1.7.2 Sensitive Data Exposure	10.6	5.3	Aug 12, 2025
Helpie FAQ<= 1.45 Sensitive Data Exposure	10.6	5.3	Aug 13, 2025
VPSUForm<= 3.2.20 Broken Access Control	N/A	4.3	Sep 9, 2025
Payrexx Payment Gateway for WooCommerce<= 3.1.5 Broken Access Control	4.3	4.3	Sep 7, 2025

Report vulnerabilities to earn bounties and rewards!

Include pending