hhhai

2,274.80

XP

61

Reports

20

Reports, last 90 days

#20

14 Jun, 2026

🇻🇳

Lvl 5

Website

GitHub

Exploited

Affected software \| Vulnerability	AXP	Severity	Reported
WP Google Review Slider<= 18.0 Cross Site Scripting (XSS)	N/A	6.3	06/04/2026
Active Products Tables for WooCommerce<= 1.0.9 SQL Injection	85.56	9.3	02/05/2026
WP Full Stripe Free<= 8.4.1 Broken Authentication	22.43	6.5	09/04/2026
WebinarIgnition< 4.08.253 Privilege Escalation	135.24	9.8	30/04/2026
WebinarIgnition< 4.08.253 Arbitrary File Deletion	68.31	9.9	30/04/2026
TableOn<= 1.0.5.1 SQL Injection	85.56	9.3	30/04/2026
WPComplete<= 2.9.5.4 Cross Site Scripting (XSS)	14.95	6.5	29/04/2026
Tainacan<= 1.0.3 SQL Injection	85.56	9.3	28/04/2026
WPCS<= 1.3.1 Cross Site Scripting (XSS)	32.66	7.1	25/04/2026
EventPrime<= 4.3.2.1 PHP Object Injection	37.26	8.1	25/04/2026
EventPrime<= 4.3.2.1 Cross Site Scripting (XSS)	16.33	7.1	24/04/2026
WP Job Portal<= 2.5.1 Cross Site Scripting (XSS)	32.66	7.1	23/04/2026
WP Job Portal<= 2.5.1 SQL Injection	85.56	9.3	23/04/2026
e2pdf<= 1.32.14 Cross Site Scripting (XSS)	32.66	7.1	18/04/2026
Smart Coupons for WooCommerce< 2.3.0 Broken Access Control	30	7.5	22/04/2026
Simple Membership<= 4.7.2 Cross Site Scripting (XSS)	26	6.5	03/04/2026
WP Custom Admin Interface<= 7.42 Cross Site Scripting (XSS)	13	6.5	23/01/2026
Total Poll Lite<= 4.12.0 Remote Code Execution (RCE)	22.28	9.9	15/12/2025
TotalContest Lite<= 2.9.1 PHP Object Injection	N/A	7.2	09/12/2025
Simply Schedule Appointments<= 1.6.11.0 Broken Access Control	31.8	5.3	27/01/2026
WP Delicious<= 1.9.5 Broken Access Control	10.6	5.3	26/01/2026
weDocs<= 2.1.18 Broken Access Control	12.19	5.3	26/01/2026
Permalink Manager Lite< 2.5.3 Broken Access Control	42.4	5.3	26/01/2026
WPC Product Bundles for WooCommerce<= 8.4.5 Broken Access Control	7.42	4.3	23/01/2026
Wp Ultimate Review<= 2.3.9 Broken Access Control	31.8	5.3	15/01/2026
Theme Editor<= 3.2 Cross Site Request Forgery (CSRF)	28.8	9.6	15/01/2026
Download Manager<= 3.3.53 Cross Site Scripting (XSS)	11.8	5.9	11/01/2026
Educare<= 1.6.1 Cross Site Scripting (XSS)	14.2	7.1	18/11/2025
Wired Impact Volunteer Management<= 2.8 Broken Access Control	12.19	5.3	25/12/2025
WP Docs<= 2.2.8 Broken Access Control	5.4	5.4	22/12/2025
RealPress<= 1.1.0 Cross Site Request Forgery (CSRF)	4.05	5.4	14/12/2025
Delay Redirects<= 1.0.0 Cross Site Scripting (XSS)	2.95	5.9	10/12/2025
WP SEO Search<= 1.1 Cross Site Request Forgery (CSRF)	N/A	4.3	20/11/2025

Report vulnerabilities to earn bounties and rewards!

Include pending