Phat RiO

8,554.87

XP

348

Reports

25

Reports, last 90 days

#12

3 Apr, 2026

🇻🇳

Lvl 9

Website

GitHub

Exploited

Affected software \| Vulnerability	AXP	Severity	Reported
WPBookit Pro<= 1.6.18 Arbitrary File Upload	29.7	9.9	29/12/2025
WP Cost Estimation & Payment Forms Builder< 10.3.0 Broken Access Control	15	7.5	30/12/2025
Tutor LMS Pro<= 3.9.4 Broken Authentication	48.6	8.1	30/12/2025
The Grid< 2.8.0 Broken Access Control	7.1	7.1	30/12/2025
Ultimate Membership Pro<= 13.7 Broken Authentication	223.56	8.1	15/01/2026
The Grid< 2.8.0 Cross Site Scripting (XSS)	6.5	6.5	30/12/2025
WPBookit Pro<= 1.6.18 Privilege Escalation	26.4	8.8	29/12/2025
Ona< 1.24 Arbitrary File Upload	29.7	9.9	01/01/2026
JobSearch<= 3.2.0 Cross Site Scripting (XSS)	16.33	7.1	14/01/2026
Addon Jobsearch Chat<= 3.0 Cross Site Scripting (XSS)	10.65	7.1	20/01/2026
WP Configurator Pro<= 3.7.9 Broken Access Control	7.1	7.1	20/01/2026
Jobmonster< 4.8.4 SQL Injection	42.78	9.3	10/01/2026
Salon Booking System Pro< 10.30.12 Broken Authentication	48.6	8.1	08/01/2026
Addon Jobsearch Chat<= 3.0 SQL Injection	27.9	9.3	20/01/2026
WoodMart<= 8.3.8 PHP Object Injection	298.08	8.1	08/01/2026
MetaMax<= 1.1.4 Local File Inclusion	24.3	8.1	20/01/2026
VintWood<= 1.1.8 Local File Inclusion	24.3	8.1	20/01/2026
Trendustry<= 1.1.4 Local File Inclusion	16.2	8.1	20/01/2026
IdealAuto< 3.8.6 Local File Inclusion	16.2	8.1	20/01/2026
LoveDate< 3.8.6 Local File Inclusion	16.2	8.1	20/01/2026
Feedy< 2.1.5 Local File Inclusion	16.2	8.1	20/01/2026
StreamVid< 6.8.6 Local File Inclusion	24.3	8.1	20/01/2026
Kiddy<= 2.0.8 Local File Inclusion	32.4	8.1	20/01/2026
WooCommerce Support Ticket System< 18.5 Arbitrary File Deletion	51.6	8.6	24/01/2026
New User Approve<= 3.2.3 Broken Access Control	14.95	6.5	23/01/2026
Green Downloads<= 2.08 Arbitrary File Upload	14.85	9.9	31/01/2026
SUMO Affiliates Pro< 11.4.0 PHP Object Injection	29.4	9.8	22/12/2025
Traveler< 3.2.8.1 PHP Object Injection	45.08	9.8	21/12/2025
EventPrime<= 4.2.8.0 PHP Object Injection	90.16	9.8	19/12/2025
WZone<= 14.0.31 SQL Injection	39.1	8.5	16/12/2025
WZone<= 14.0.31 Arbitrary File Deletion	60.72	8.8	16/12/2025
Unlimited Elements for Elementor (Premium)<= 1.4.72 Arbitrary File Upload	44.55	9.9	16/12/2025
Photography<= 7.7.5 Arbitrary File Upload	24.84	7.2	16/12/2025
WooCommerce Infinite Scroll<= 1.6.2 PHP Object Injection	17.6	8.8	15/12/2025
Elated Listing<= 1.4 Broken Access Control	6.5	6.5	14/12/2025
Search & Go<= 2.8 Privilege Escalation	29.4	9.8	14/12/2025
Energox<= 1.2 Arbitrary File Deletion	23.1	7.7	13/12/2025
MetForm Pro<= 3.9.1 Broken Access Control	18.2	9.1	13/12/2025
Instant VA<= 1.0.1 Arbitrary File Deletion	23.1	7.7	13/12/2025
BuilderPress<= 2.0.1 Local File Inclusion	29.4	9.8	12/12/2025
BigHearts<= 3.1.14 Broken Access Control	10.6	5.3	31/01/2026
WeDesignTech Ultimate Booking Addon<= 1.0.3 Broken Access Control	15	7.5	02/12/2025
WooCommerce Coming Soon Product with Countdown<= 5.0 Cross Site Scripting (XSS)	6.5	6.5	26/11/2025
Responsive Posts Carousel Pro<= 15.1 Broken Access Control	11.25	7.5	25/11/2025
WP Bakery Autoresponder Addon<= 1.0.6 Broken Access Control	13	6.5	25/11/2025
WP Bakery Autoresponder Addon<= 1.0.6 Cross Site Scripting (XSS)	14.2	7.1	25/11/2025
WooCommerce Order Details<= 3.1 Broken Access Control	15	7.5	22/11/2025
DesignThemes Portfolio<= 1.3 Cross Site Scripting (XSS)	14.2	7.1	18/11/2025
DesignThemes Directory Addon<= 1.8 Broken Access Control	15	7.5	18/11/2025
DesignThemes Booking Manager<= 2.0 Broken Access Control	15	7.5	17/11/2025
WeDesignTech Ultimate Booking Addon<= 1.0.1 Broken Authentication	58.8	9.8	17/11/2025
WeDesignTech Ultimate Booking Addon<= 1.0.1 Broken Authentication	26.4	8.8	17/11/2025
Directory Pro<= 2.5.6 Broken Access Control	14.6	7.3	12/11/2025
WoodMart<= 8.3.9 Sensitive Data Exposure	97.52	5.3	23/01/2026
SmartFix< 1.2.4 Broken Access Control	5.4	5.4	20/01/2026
Nanosoft< 1.3.2 Broken Access Control	5.4	5.4	20/01/2026
GLB<= 1.2.2 Broken Access Control	4.05	5.4	20/01/2026
WpEvently<= 5.1.1 PHP Object Injection	90.16	9.8	25/11/2025
Open User Map<= 1.4.16 Arbitrary File Download	44.85	6.5	30/11/2025
JetEngine< 3.8.4.1 Deserialization of untrusted data	165	8.8	15/01/2026
Bravis Addons<= 1.3.0 Arbitrary File Upload	29.7	9.9	29/11/2025
Exzo<= 1.2.4 Broken Access Control	7.5	7.5	28/11/2025
Prestige< 1.4.1 Cross Site Scripting (XSS)	7.1	7.1	28/11/2025
Prestige< 1.4.1 PHP Object Injection	19.6	9.8	28/11/2025
WooCommerce Coming Soon Product with Countdown<= 5.0 Local File Inclusion	7.5	7.5	26/11/2025
Miraculous Elementor<= 2.0.7 Broken Authentication	13.2	8.8	26/11/2025
Booking and Rental Manager<= 2.5.9 PHP Object Injection	30.36	8.8	25/11/2025
Themesflat Elementor<= 1.0.1 PHP Object Injection	39.2	9.8	24/11/2025
WooCommerce Bulk Product Editor<= 3.0 Broken Access Control	N/A	7.1	24/11/2025
Upload Files Anywhere<= 2.8 Arbitrary File Download	N/A	7.5	24/11/2025
Upload Files Anywhere<= 2.8 Arbitrary File Deletion	N/A	8.6	24/11/2025
User Extra Fields<= 16.8 Cross Site Scripting (XSS)	14.2	7.1	23/11/2025
Product Filter for WooCommerce<= 9.1.2 Privilege Escalation	21.6	7.2	23/11/2025
User Extra Fields<= 17.0 Arbitrary File Deletion	23.1	7.7	23/11/2025
User Extra Fields<= 17.0 Arbitrary File Deletion	51.6	8.6	23/11/2025
Portfolio Builder<= 1.2.5 Local File Inclusion	16.2	8.1	22/11/2025
Eleblog – Elementor Blog And Magazine Addons<= 2.0.3 Local File Inclusion	16.2	8.1	22/11/2025
The Grid< 2.8.0 Broken Access Control	10.6	5.3	30/12/2025
Booked<= 3.0.0 Broken Authentication	40.2	6.7	20/11/2025
Konte<= 2.4.6 Broken Access Control	13	6.5	20/11/2025
WPBookit Pro<= 1.6.18 Broken Access Control	10.6	5.3	29/12/2025
Emerce Core<= 1.8 SQL Injection	N/A	9.3	19/11/2025
Uroan Core<= 1.4.4 SQL Injection	18.6	9.3	19/11/2025
Woodly Core<= 1.4 SQL Injection	18.6	9.3	19/11/2025
Saasplate Core<= 1.2.8 SQL Injection	18.6	9.3	19/11/2025
Nestbyte Core<= 1.2 SQL Injection	18.6	9.3	19/11/2025
ModelTheme Framework<= 1.9.2 Broken Access Control	15	7.5	19/11/2025
Medinik Core<= 1.3.6 SQL Injection	18.6	9.3	19/11/2025
Electio Core<= 1.4 SQL Injection	18.6	9.3	19/11/2025
Crete Core<= 1.4.3 SQL Injection	18.6	9.3	19/11/2025
HAPPY<= 1.0.8 Broken Access Control	37.72	8.2	18/11/2025
DesignThemes Core Features<= 2.3 Cross Site Scripting (XSS)	14.2	7.1	18/11/2025
Allmart<= 1.1 SQL Injection	N/A	9.3	19/11/2025
ModelTheme Addons for WPBakery and Elementor< 1.5.6 PHP Object Injection	13.2	8.8	17/11/2025
Coven Core<= 1.3 SQL Injection	18.6	9.3	14/11/2025
Final User<= 1.2.5 Privilege Escalation	13.2	8.8	13/11/2025
WP Membership<= 1.6.4 Privilege Escalation	26.4	8.8	13/11/2025
WP Membership<= 1.6.4 Broken Access Control	14.6	7.3	12/11/2025
Real Estate Pro<= 2.1.5 Broken Access Control	14.6	7.3	12/11/2025
ListingHub<= 1.2.7 Broken Access Control	7.3	7.3	12/11/2025

Report vulnerabilities to earn bounties and rewards!

Include pending