Hakiduck

450.25

XP

28

Reports

0

Reports, last 90 days

#17

3 Apr, 2026

🇬🇧

Lvl 2

Website

GitHub

Exploited

Affected software \| Vulnerability	AXP	Severity	Reported
s2Member<= 250419 Local File Inclusion	N/A	4.9	24/09/2024
SMS Alert Order Notifications<= 3.7.8 SQL Injection	37.2	9.3	31/01/2025
SMS Alert Order Notifications<= 3.7.8 Cross Site Scripting (XSS)	14.2	7.1	31/01/2025
RapidLoad<= 2.4.4 Broken Access Control	4.3	4.3	28/01/2025
WordPress Auction Plugin<= 3.7 SQL Injection	N/A	7.6	11/09/2024
WordPress Auction Plugin<= 3.7 Cross Site Scripting (XSS)	N/A	5.9	11/09/2024
WordPress Auction Plugin<= 3.7 SQL Injection	N/A	9.3	11/09/2024
s2Member<= 241114 Remote Code Execution (RCE)	54	9	23/09/2024
WordPress Portfolio Builder – Portfolio Gallery<= 1.1.7 Cross Site Scripting (XSS)	2.95	5.9	24/09/2024
Ni WooCommerce Cost Of Goods<= 3.2.8 SQL Injection	N/A	7.6	28/08/2024
Post SMTP<= 2.9.9 SQL Injection	N/A	7.6	24/09/2024
Popup by Supsystic<= 1.10.29 Remote Code Execution (RCE)	N/A	9.1	18/09/2024
Event Tickets with Ticket Scanner<= 2.3.11 Remote Code Execution (RCE)	14.85	9.9	12/09/2024
Podlove Podcast Publisher<= 4.1.15 Remote Code Execution (RCE)	N/A	9.1	13/09/2024
Premium SEO Pack<= 1.6.001 SQL Injection	12.75	8.5	20/09/2024
Namaste! LMS<= 2.6.2 Cross Site Scripting (XSS)	6.5	6.5	02/10/2024
Namaste! LMS<= 2.6.2 Cross Site Scripting (XSS)	14.2	7.1	02/10/2024
Product Filter by WBW<= 2.7.0 SQL Injection	N/A	7.6	30/09/2024
Backup and Staging by WP Time Capsule<= 1.22.21 PHP Object Injection	N/A	7.2	03/09/2024
Unlimited Elements For Elementor (Free Widgets, Addons, Templates)<= 1.5.121 Remote Code Execution (RCE)	78.49	9.1	16/09/2024
CSV Product Import Export for WooCommerce<= 1.0.0 SQL Injection	17	8.5	03/10/2024
Contact Form by Supsystic<= 1.7.28 Remote Code Execution (RCE)	N/A	9.1	18/09/2024
Backup and Staging by WP Time Capsule<= 1.22.21 SQL Injection	12.75	8.5	03/09/2024
Slideshow Gallery<= 1.8.3 Cross Site Scripting (XSS)	N/A	5.9	18/09/2024
YITH WooCommerce Ajax Search<= 2.8.0 SQL Injection	85.56	9.3	25/09/2024
Multi Step for Contact Form<= 2.7.7 SQL Injection	55.8	9.3	30/08/2024
Classic Editor and Classic Widgets<= 1.4.1 SQL Injection	25.5	8.5	30/08/2024
Secure Copy Content Protection and Content Locking<= 4.2.3 Cross Site Scripting (XSS)	14.2	7.1	04/09/2024

Report vulnerabilities to earn bounties and rewards!

Include pending