Martino Spagnuolo (r3verii)

1,582.38

XP

100

Reports

1

Reports, last 90 days

#44

3 Apr, 2026

🇮🇹

Lvl 4

Website

GitHub

Exploited

Affected software \| Vulnerability	AXP	Severity	Reported
MailerPress<= 1.4.2 Server Side Request Forgery (SSRF)	3.6	6.4	14/01/2026
Bonus for Woo<= 7.6.6 Other Vulnerability Type	N/A	5.3	17/06/2025
Invelity MyGLS connect<= 1.1.1 Cross Site Request Forgery (CSRF)	4.4	8.8	10/06/2025
Ai Auto Tool Content Writing Assistant (Gemini Writer, ChatGPT ) All in One<= 2.3.3 Server Side Request Forgery (SSRF)	N/A	4.9	06/06/2025
Shk Corporate<= 2.4.1.1 Broken Access Control	N/A	4.3	10/06/2025
SoftMe<= 1.1.27 Broken Access Control	N/A	4.3	10/06/2025
Booking System Trafft<= 1.0.14 Cross Site Scripting (XSS)	3.25	6.5	06/06/2025
WP Easy Contact<= 4.0.1 PHP Object Injection	16.2	8.1	27/05/2025
WP Ticket Customer Service Software & Support Ticket System<= 6.0.2 PHP Object Injection	24.3	8.1	27/05/2025
Employee Spotlight<= 5.1.1 PHP Object Injection	24.3	8.1	27/05/2025
YouTube Showcase<= 3.5.1 PHP Object Injection	32.4	8.1	26/05/2025
Employee Directory – Staff Listing & Team Directory Plugin for WordPress<= 4.5.5 PHP Object Injection	16.2	8.1	27/05/2025
CubeWP<= 1.1.24 Privilege Escalation	26.4	8.8	10/06/2025
StoryMap<= 2.1 Cross Site Request Forgery (CSRF)	4.1	8.2	30/05/2025
Infility Global<= 2.15.09 Arbitrary File Download	9.75	6.5	28/03/2025
Forms<= 2.9.0 Arbitrary File Upload	N/A	9.9	22/04/2025
Prevent files / folders access<= 2.6.0 Path Traversal	6.5	6.5	05/06/2025
BuddyPress XProfile Custom Image Field<= 3.0.1 Arbitrary File Deletion	25.8	8.6	10/06/2025
DELUCKS SEO<= 2.6.0 Privilege Escalation	19.8	8.8	17/06/2025
Breeze Checkout<= 1.4.0 Broken Access Control	6.5	6.5	19/06/2025
Residential Address Detection<= 2.5.9 Broken Access Control	N/A	5.3	15/06/2025
Stop and Block bots plugin Anti bots<= 1.48 Broken Access Control	7.95	5.3	15/06/2025
Hestia<= 3.2.10 Broken Access Control	N/A	5.3	10/06/2025
Formality<= 1.5.9 Local File Inclusion	16.2	8.1	30/05/2025
ELEX WooCommerce Advanced Bulk Edit Products, Prices & Attributes<= 1.4.9 SQL Injection	17	8.5	29/03/2025
Email Attachment by Order Status & Products<= 1.0.1 Cross Site Scripting (XSS)	7.1	7.1	14/06/2025
CoSchool LMS<= 1.4.3 SQL Injection	8.5	8.5	14/06/2025
WP-BusinessDirectory<= 3.1.4 SQL Injection	37.2	9.3	30/04/2025
Official Integration for Billingo<= 4.3.0 Privilege Escalation	5.4	7.2	10/06/2025
Templazee<= 1.0.2 Broken Access Control	N/A	5.4	09/06/2025
Internal Linking of Related Contents<= 1.1.8 Broken Access Control	13	6.5	29/05/2025
Ultimate Push Notifications<= 1.2.0 Broken Access Control	6.5	6.5	20/05/2025
Infility Global<= 2.13.4 Cross Site Scripting (XSS)	14.2	7.1	28/03/2025
Torod<= 2.1 SQL Injection	18.6	9.3	04/06/2025
fluXtore<= 1.6.0 Broken Access Control	N/A	5.3	04/06/2025
LMSACE Connect<= 3.4 Broken Access Control	N/A	4.3	05/06/2025
Click & Pledge Connect<= 25.04010101-WP6.8 Privilege Escalation	58.8	9.8	29/04/2025
Accept Authorize.NET Payments Using Contact Form 7<= 2.5 Sensitive Data Exposure	N/A	5.3	29/05/2025
Accept Stripe Payments Using Contact Form 7<= 3.0 Sensitive Data Exposure	N/A	5.3	29/05/2025
Audio Editor & Recorder<= 2.2.3 Sensitive Data Exposure	N/A	5.3	10/06/2025
TicketBAI Facturas para WooCommerce<= 3.19 SQL Injection	37.2	9.3	30/04/2025
Persian Woocommerce SMS<= 7.0.10 SQL Injection	7.6	7.6	16/05/2025
Spice Blocks<= 2.0.7.4 Arbitrary File Download	22.5	7.5	15/04/2025
Welcart e-Commerce<= 2.11.13 Arbitrary File Deletion	10.2	6.8	12/04/2025
MyStyle Custom Product Designer<= 3.21.1 SQL Injection	37.2	9.3	23/04/2025
WP Posts Carousel<= 1.3.12 PHP Object Injection	13.2	8.8	09/04/2025
Infility Global<= 2.15.09 SQL Injection	17	8.5	28/03/2025
Infocob CRM Forms<= 2.4.0 Arbitrary File Download	N/A	4.9	22/04/2025
Binary MLM Plan<= 3.0 SQL Injection	30.4	7.6	24/03/2025
RSVPMarker <= 11.5.6 SQL Injection	N/A	8.5	23/04/2025
BERTHA AI<= 1.13 Broken Access Control	3.23	4.3	16/04/2025
EventON<= 2.4.4 Broken Access Control	10.6	5.3	11/04/2025
Tainacan<= 0.21.14 Arbitrary File Deletion	59.34	8.6	16/04/2025
WC Affiliate<= 2.16 PHP Object Injection	19.6	8.8	26/03/2025
6Storage Rentals<= 2.20.2 Broken Access Control	9.75	6.5	03/04/2025
STAGGS<= 2.11.0 Arbitrary File Upload	60	10	31/03/2025
Facturante<= 1.11 SQL Injection	37.2	9.3	07/04/2025
WPC Product Options for WooCommerce<= 3.1.3 Local File Inclusion	25.88	7.5	16/04/2025
SMS Alert Order Notifications<= 3.8.1 SQL Injection	37.2	9.3	20/03/2025
Eventin<= 4.0.26 Arbitrary File Download	22.5	7.5	20/03/2025
Credova_Financial<= 2.5.0 Cross Site Request Forgery (CSRF)	N/A	4.3	23/03/2025
Nomupay Payment Processing Gateway<= 7.1.7 Arbitrary File Download	N/A	4.9	13/04/2025
Visual Builder<= 1.2.2 Broken Access Control	14.2	7.1	14/04/2025
Crossword Compiler Puzzles<= 5.2 Arbitrary File Upload	29.7	9.9	17/04/2025
Watu Quiz<= 3.4.3 SQL Injection	N/A	7.6	11/04/2025
Appointment Booking Calendar<= 1.3.92 Cross Site Request Forgery (CSRF)	8.2	8.2	10/04/2025
Event post<= 5.9.11 Cross Site Scripting (XSS)	9.75	6.5	20/03/2025
Web Directory Free<= 1.7.8 Cross Site Scripting (XSS)	14.2	7.1	26/03/2025
StoreContrl Woocommerce<= 4.1.3 Arbitrary File Download	22.5	7.5	26/03/2025
Taskbuilder<= 4.0.1 SQL Injection	17	8.5	24/03/2025
Debug Log Manager<= 2.3.4 Cross Site Scripting (XSS)	14.2	7.1	21/01/2025
Vitepos<= 3.1.7 Broken Authentication	21.6	7.2	16/03/2025
Hostel<= 1.1.5.6 SQL Injection	N/A	7.6	29/03/2025
WPCOM Member<= 1.7.7 Local File Inclusion	19.8	8.8	18/03/2025
WowStore<= 4.2.4 Broken Access Control	4.3	4.3	14/03/2025
Material Dashboard<= 1.4.6 Privilege Escalation	58.8	9.8	31/03/2025
Projectopia<= 5.1.24 Privilege Escalation	58.8	9.8	15/02/2025
Ray Enterprise Translation<= 1.7.0 Local File Inclusion	45	7.5	28/03/2025
Squeeze<= 1.6 Arbitrary File Upload	N/A	9.1	10/02/2025
Squeeze<= 1.6 Full Path Disclosure (FPD)	N/A	2.7	10/02/2025
WP User Profiles<= 2.6.2 Privilege Escalation	26.4	8.8	16/02/2025
Survey Maker<= 5.1.6.3 Bypass Vulnerability	8.6	4.3	27/01/2025
Falling things<= 1.08 SQL Injection	N/A	7.6	04/02/2025
Secure Copy Content Protection and Content Locking<= 4.5.5 Cross Site Scripting (XSS)	N/A	5.9	27/01/2025
VPSUForm<= 3.1.9 Cross Site Scripting (XSS)	14.2	7.1	11/03/2025
Countdown & Clock<= 2.8.8 Remote Code Execution (RCE)	22.28	9.9	06/03/2025
Labinator Content Types Duplicator<= 1.1.3 Cross Site Request Forgery (CSRF)	N/A	4.3	05/02/2025
Secure Copy Content Protection and Content Locking<= 4.4.3 Cross Site Scripting (XSS)	14.2	7.1	27/01/2025
Quiz Maker<= 6.6.8.7 SQL Injection	32.8	8.2	12/03/2025
WP Posts Carousel<= 1.3.8 Cross Site Scripting (XSS)	4.88	6.5	20/03/2025
Ads by WPQuads<= 2.0.87.1 Broken Access Control	30	7.5	28/02/2025
Rapyd Payment Extension for WooCommerce<= 1.2.0 PHP Object Injection	39.2	9.8	15/03/2025
Ads by WPQuads<= 2.0.87.1 SQL Injection	74.4	9.3	24/02/2025
Chartify<= 3.1.7 Cross Site Scripting (XSS)	N/A	5.9	30/01/2025
WP Google Review Slider<= 16.0 Cross Site Request Forgery (CSRF)	16.4	8.2	10/03/2025
Support Genix<= 1.4.11 Insecure Direct Object References (IDOR)	N/A	4.3	11/03/2025
FlexStock<= 3.13.1 SQL Injection	N/A	7.6	13/03/2025
Search with Typesense<= 2.0.8 Path Traversal	N/A	6.8	14/02/2025
Survey Maker<= 5.1.3.5 Cross Site Scripting (XSS)	N/A	5.9	27/01/2025

Report vulnerabilities to earn bounties and rewards!

Include pending