Ananda Dhakal (Patchstack)

Say thanks

0.00

XP

0

Reports

0

Reports, last 90 days

-

3 Apr, 2026

🇳🇵

Lvl 0

Website

GitHub

Exploited

Affected software \| Vulnerability	AXP	Severity	Reported
UpSolution Core<= 8.41 Cross Site Scripting (XSS)	56.8	7.1	18/12/2025
Jannah<= 7.6.3 Local File Inclusion	64.8	8.1	18/12/2025
Listify<= 3.2.5 Cross Site Scripting (XSS)	14.2	7.1	22/09/2025
Wpresidence Core<= 5.4.0 Cross Site Scripting (XSS)	9.75	6.5	18/12/2025
Userpro<= 5.1.9 Broken Access Control	8.6	7.5	13/05/2024
JNews Paywall< 12.0.1 Cross Site Request Forgery (CSRF)	1.08	4.3	06/11/2025
JNews Gallery< 12.0.1 Cross Site Scripting (XSS)	9.75	6.5	06/11/2025
REHub Framework< 19.9.9.4 Sensitive Data Exposure	8.6	4.3	06/11/2025
Rehub<= 19.9.9.1 Sensitive Data Exposure	21.2	5.3	06/11/2025
Email Subscribers & Newsletters<= 5.9.10 PHP Object Injection	N/A	7.2	09/10/2025
Listify<= 3.2.5 Cross Site Request Forgery (CSRF)	0.54	4.3	22/09/2025
RTMKit<= 1.6.5 Arbitrary File Upload	76.85	9.9	18/09/2025
Link Whisper Free<= 0.9.2 Broken Access Control	21.2	5.3	18/09/2025
Download Manager<= 3.3.24 Cross Site Request Forgery (CSRF)	8.6	4.3	22/08/2025
Download Manager<= 3.3.25 Sensitive Data Exposure	42.4	5.3	22/08/2025
WPeMatico RSS Feed Fetcher<= 2.8.10 Sensitive Data Exposure	4.3	4.3	17/07/2025
Klarna Order Management for WooCommerce<= 1.9.8 Sensitive Data Exposure	1.65	6.6	22/08/2025
Jobmonster<= 4.7.8 Cross Site Scripting (XSS)	14.2	7.1	01/08/2025
MultiSite Clone Duplicator<= 1.5.3 Cross Site Scripting (XSS)	7.1	7.1	30/07/2025
WpEvently<= 4.4.8 PHP Object Injection	26.4	8.8	30/07/2025
Poll, Survey & Quiz Maker Plugin by Opinion Stage<= 19.11.0 Local File Inclusion	45	7.5	24/04/2025
Jannah< 7.5.1 Local File Inclusion	48.6	8.1	06/03/2025
miniOrange's Google Authenticator<= 6.1.1 Broken Access Control	6.5	6.5	24/07/2025
Jobmonster<= 4.8.0 Sensitive Data Exposure	10.6	5.3	01/08/2025
Jobmonster<= 4.8.0 Cross Site Scripting (XSS)	4.88	6.5	01/08/2025
Kalium<= 3.18.3 Broken Access Control	21.2	5.3	05/12/2024
NEX-Forms<= 9.1.3 Cross Site Request Forgery (CSRF)	4.4	8.8	30/07/2025
WP Rentals<= 3.16.1 Cross Site Scripting (XSS)	4.88	6.5	21/02/2025
Awesome Support<= 6.3.6 Sensitive Data Exposure	10.6	5.3	02/10/2024
App, SaaS & Software Startup Tech Theme - Stratus<= 4.2.5 Broken Access Control	4.3	4.3	05/12/2024
Modernize<= 3.4.0 Cross Site Scripting (XSS)	4.88	6.5	02/12/2024
Modernize<= 3.4.0 Broken Access Control	4.3	4.3	02/12/2024
Thim Core<= 2.3.3 Cross Site Request Forgery (CSRF)	4.3	4.3	13/11/2024
Thim Core<= 2.3.3 Broken Access Control	8.6	4.3	13/11/2024
Kalium<= 3.18.3 Cross Site Request Forgery (CSRF)	4.3	4.3	05/12/2024
Savoy<= 3.0.8 Sensitive Data Exposure	10.6	5.3	01/08/2025
Post Grid and Gutenberg Blocks<= 2.3.11 PHP Object Injection	26.4	8.8	07/05/2025
Integrate Google Drive<= 1.5.2 Cross Site Request Forgery (CSRF)	2.15	4.3	17/07/2025
HT Contact Form 7<= 2.0.0 Local File Inclusion	N/A	6.6	07/05/2025
SMTP2GO<= 1.12.1 Broken Access Control	4.3	4.3	15/05/2025
FluentSnippets<= 10.50 Cross Site Request Forgery (CSRF)	4.8	9.6	06/05/2025
QuickCab<= 1.3.3 Broken Access Control	10.6	5.3	03/07/2024
Bimber - Viral Magazine WordPress Theme<= 9.2.5 Local File Inclusion	19.8	8.8	17/09/2024
Kleo< 5.4.4 Broken Access Control	10.6	5.3	17/09/2024
JNews<= 11.6.16 Broken Access Control	21.2	5.3	17/09/2024
Car Park Booking System for WordPress<= 2.6 Broken Access Control	N/A	4.3	13/05/2024
Bellevue<= 4.2.2 Broken Access Control	4.3	4.3	17/09/2024
Grand Restaurant<= 7.0 PHP Object Injection	39.2	9.8	12/11/2024
Grand Restaurant<= 7.0 Arbitrary Content Deletion	16.4	8.2	12/11/2024
Grand Restaurant<= 7.0 Path Traversal	19.6	9.8	12/11/2024
Grand Restaurant<= 7.0 Cross Site Request Forgery (CSRF)	2.15	4.3	12/11/2024
Grand Restaurant<= 7.0 Broken Access Control	10.6	5.3	12/11/2024
Master Slider<= 3.11.0 Broken Access Control	12.9	4.3	02/10/2024
Simple Sitemap – Create a Responsive HTML Sitemap<= 3.6.0 Broken Access Control	12.9	4.3	02/10/2024
Real Estate 7<= 3.5.2 Privilege Escalation	21.9	7.3	21/02/2025
Eduma<= 5.6.4 Broken Access Control	21.2	5.3	21/02/2025
WooCommerce Social Login< 2.8.3 Cross Site Request Forgery (CSRF)	2.15	4.3	10/05/2024
WPJobBoard< 5.11.1 Path Traversal	5.4	5.4	27/03/2024
WPJobBoard< 5.11.1 Cross Site Request Forgery (CSRF)	57.6	9.6	28/03/2024
WPJobBoard< 5.11.1 Cross Site Request Forgery (CSRF)	2.15	4.3	27/03/2024
News & Blog Designer Pack<= 4.0 Local File Inclusion	97.2	8.1	07/03/2025
Bridge Core< 3.3.1 Cross Site Scripting (XSS)	24.38	6.5	24/09/2024
Conversios.io<= 7.2.3 Broken Access Control	4.3	4.3	17/01/2025
TranslatePress<= 2.9.6 PHP Object Injection	N/A	7.2	12/03/2025
WP Rentals<= 3.13.1 Cross Site Request Forgery (CSRF)	0.67	4.3	21/02/2025
Pie Register Premium<= 3.8.3.2 Path Traversal	N/A	6.3	06/06/2024
Pie Register Premium<= 3.8.3.2 Broken Access Control	N/A	4.3	06/06/2024
Booknetic<= 4.0.9 Cross Site Request Forgery (CSRF)	2.15	4.3	04/06/2024
MediCenter - Health Medical Clinic< 14.7 Sensitive Data Exposure	10.6	5.3	13/08/2024
WPJobBoard<= 5.10.1 Cross Site Scripting (XSS)	14.2	7.1	27/03/2024
Better Find and Replace<= 1.6.7 Privilege Escalation	89.1	8.8	27/01/2025
Product Size Charts Plugin for WooCommerce<= 2.4.5 Broken Access Control	4.3	4.3	02/10/2024
Houzez<= 3.4.0 Broken Access Control	21.2	5.3	02/10/2024
Houzez<= 3.4.0 Broken Access Control	8.6	4.3	02/10/2024
uDesign<= 4.11.2 Broken Access Control	31.8	5.3	02/10/2024
Avada<= 7.11.10 Broken Access Control	74.2	5.3	02/10/2024
Bridge Core<= 3.3 Broken Access Control	21.5	4.3	24/09/2024
Really Simple SSL<= 9.1.4 Cross Site Request Forgery (CSRF)	19.35	4.3	02/12/2024
SendGrid for WordPress<= 1.4 Broken Access Control	4.3	4.3	25/07/2024
Link Whisper Free<= 0.7.7 Sensitive Data Exposure	21.2	5.3	08/08/2024
Kalium<= 3.18.3 Cross Site Scripting (XSS)	28.4	7.1	05/12/2024
Thim Core<= 2.3.3 Arbitrary Code Execution	13	6.5	13/11/2024
Avada<= 7.11.10 Cross Site Request Forgery (CSRF)	15.05	4.3	02/10/2024
Pie Register Premium< 3.8.3.3 Arbitrary File Upload	N/A	10	06/06/2024
Pie Register Premium< 3.8.3.3 Cross Site Scripting (XSS)	N/A	7.1	05/06/2024
Tutor LMS Elementor Addons<= 2.1.5 Broken Access Control	8.6	4.3	02/10/2024
Jobify< 4.3.0 Arbitrary File Download	22.5	7.5	13/08/2024
Jobify< 4.3.0 Broken Access Control	10.6	5.3	13/08/2024
Jobify< 4.3.0 Cross Site Request Forgery (CSRF)	2.15	4.3	13/08/2024
Jobify< 4.3.0 Cross Site Scripting (XSS)	4.88	6.5	13/08/2024
Disable Admin Notices individually<= 1.4.0 Cross Site Request Forgery (CSRF)	8.6	4.3	23/07/2024
Pie Register Premium< 3.8.3.3 Broken Access Control	N/A	5.3	05/06/2024
Dynamic Widgets<= 1.6.4 Cross Site Request Forgery (CSRF)	2.15	4.3	02/10/2024
KALLYAS< 4.25.0 Cross Site Request Forgery (CSRF)	1.61	4.3	02/10/2024
Flatsome<= 3.19.6 Broken Access Control	121.9	5.3	24/09/2024
Smart Manager<= 8.45.0 Broken Access Control	4.3	4.3	07/08/2024
Social Auto Poster<= 5.3.15 Cross Site Request Forgery (CSRF)	2.15	4.3	07/08/2024
LatePoint<= 4.9.91 Cross Site Scripting (XSS)	6.5	6.5	27/03/2024
Login As Users<= 1.4.3 Broken Access Control	N/A	8.8	05/08/2024
SendGrid for WordPress<= 1.4 SQL Injection	24.6	8.2	25/07/2024

Report vulnerabilities to earn bounties and rewards!

Include pending