Nabil Irawan

Say thanks

2,715.44

XP

637

Reports

47

Reports, last 90 days

#26

3 Apr, 2026

🇮🇩

Lvl 6

Website

GitHub

Exploited

Affected software \| Vulnerability	AXP	Severity	Reported
ElementInvader Addons for Elementor<= 1.4.2 SQL Injection	17	8.5	19/12/2025
WPCargo Track & Trace<= 8.0.2 Broken Access Control	15	7.5	30/12/2025
Kargo Takip< 0.2.4 Broken Access Control	6.5	6.5	16/01/2026
WP Terms Popup<= 2.10.0 Broken Access Control	15	7.5	17/01/2026
Petitioner<= 0.7.3 Broken Access Control	3.25	6.5	21/01/2026
WP Insightly for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms<= 1.1.5 Broken Access Control	3.25	6.5	28/01/2026
WPVulnerability<= 4.2.1 Broken Access Control	6.5	6.5	28/12/2025
Nexa Blocks<= 1.1.1 PHP Object Injection	39.2	9.8	27/12/2025
Integration for Mailchimp and Contact Form 7, WPForms, Elementor, Ninja Forms<= 1.2.2 Broken Access Control	6.5	6.5	27/12/2025
avalex<= 3.1.3 Broken Access Control	13	6.5	19/12/2025
WP EasyPay<= 4.2.11 Broken Access Control	5.4	5.4	11/01/2026
Atarim<= 4.3.2 Broken Access Control	9.89	4.3	06/02/2026
WordPress CTA<= 2.1.2 Broken Access Control	13	6.5	04/12/2025
VW School Education<= 1.4.6 Broken Access Control	5.3	5.3	31/01/2026
VW Portfolio<= 1.3.3 Broken Access Control	5.3	5.3	31/01/2026
VW Photography<= 1.3.8 Broken Access Control	5.3	5.3	31/01/2026
VW Pet Shop<= 1.4.7 Broken Access Control	5.3	5.3	31/01/2026
VW Fitness<= 4.3.4 Broken Access Control	5.3	5.3	31/01/2026
Popup Like box<= 3.7.7 Broken Access Control	5.3	5.3	30/01/2026
VW Education Lite<= 2.2.0 Broken Access Control	5.3	5.3	30/01/2026
Payment Gateway Pix For GiveWP<= 2.2.3 Broken Access Control	5.3	5.3	29/01/2026
Sprout Clients<= 3.2.2 Cross Site Scripting (XSS)	11.21	6.5	28/01/2026
Pochipp< 1.18.9 Broken Access Control	5.4	5.4	26/01/2026
PDF Poster<= 2.4.0 Broken Access Control	9.32	5.4	26/01/2026
Squeeze<= 1.7.7 Directory Traversal	3.75	5	26/01/2026
Studio99 WP Monitor<= 1.0.3 Broken Access Control	5.3	5.3	22/01/2026
Image Slider by Ays<= 2.7.1 Broken Access Control	5.3	5.3	22/01/2026
Xpro Addons For Beaver Builder – Lite<= 1.5.6 Broken Access Control	7.95	5.3	21/01/2026
PublishPress Capabilities<= 2.31.0 Broken Access Control	39.56	4.3	21/01/2026
Checkout for PayPal<= 1.0.46 Broken Access Control	7.95	5.3	20/01/2026
Image Photo Gallery Final Tiles Grid<= 3.6.10 Broken Access Control	7.42	4.3	19/01/2026
Geo to Lat<= 1.0.19 SQL Injection	9.56	8.5	17/01/2026
Modal Dialog<= 3.5.16 Remote Code Execution (RCE)	N/A	9.1	17/01/2026
WP Sessions Time Monitoring Full Automatic<= 1.1.3 Broken Access Control	7.95	5.3	16/01/2026
Simple Blog Card<= 2.37 Server Side Request Forgery (SSRF)	4.8	6.4	15/01/2026
MAS Videos<= 1.3.2 Broken Access Control	10.6	5.3	12/01/2026
Real 3D FlipBook<= 4.19.1 Broken Access Control	1.9	3.8	28/12/2025
Cliengo – Chatbot<= 3.0.4 Broken Access Control	6.5	6.5	25/11/2025
Textmetrics<= 3.6.4 Broken Access Control	6.21	5.4	09/01/2026
Mizan Demo Importer<= 0.1.3 Broken Access Control	5.4	5.4	31/12/2025
WP Sync for Notion<= 1.7.0 Broken Access Control	3.23	4.3	31/12/2025
Atarim<= 4.3.1 Broken Access Control	24.38	5.3	31/12/2025
WP Wand<= 1.3.07 Broken Access Control	4.05	5.4	31/12/2025
OSM<= 6.1.12 Broken Access Control	3.23	4.3	30/12/2025
Knowledge Base for Documentation, FAQs with AI Assistance<= 16.011.0 Broken Access Control	4.3	4.3	30/12/2025
Broken Link Notifier<= 1.3.5 Broken Access Control	10.6	5.3	30/12/2025
SupportCandy<= 3.4.4 Broken Access Control	10.6	5.3	30/12/2025
JAMstack Deployments<= 1.1.1 Broken Access Control	4.3	4.3	29/12/2025
WP-CORS<= 0.2.2 Broken Access Control	4.3	4.3	29/12/2025
Zita Elementor Site Library<= 1.6.6 Cross Site Request Forgery (CSRF)	4.3	4.3	29/12/2025
Revision Manager TMC<= 2.8.22 Cross Site Request Forgery (CSRF)	4.3	4.3	29/12/2025
Enter Addons<= 2.3.2 Cross Site Request Forgery (CSRF)	4.3	4.3	29/12/2025
Kama Thumbnail<= 3.5.1 Cross Site Request Forgery (CSRF)	4.3	4.3	27/12/2025
WP Subscribe<= 1.2.16 Broken Access Control	4.3	4.3	27/12/2025
WP FullCalendar<= 1.6 Sensitive Data Exposure	10.6	5.3	27/12/2025
Nexter Blocks<= 4.6.3 Sensitive Data Exposure	9.89	4.3	27/12/2025
Tablesome<= 1.2.7 Broken Access Control	4.95	4.3	27/12/2025
CLP Varnish Cache<= 1.0.2 Broken Access Control	10.6	5.3	27/12/2025
SiteLock Security – WP Hardening, Login Security & Malware Scans<= 5.0.2 Broken Access Control	4.3	4.3	26/12/2025
Share This Image<= 2.09 Broken Access Control	24.38	5.3	26/12/2025
TOP Table Of Contents<= 1.3.31 Broken Access Control	4.3	4.3	26/12/2025
Booter<= 1.5.7 Broken Access Control	4.3	4.3	26/12/2025
Automatic Featured Images from Videos<= 1.2.7 Broken Access Control	3.23	4.3	26/12/2025
Protección de datos – RGPD<= 0.68 Broken Access Control	10.6	5.3	25/12/2025
Integrate Google Drive<= 1.5.6 Broken Access Control	6.21	5.4	25/12/2025
Download After Email<= 2.1.9 Broken Access Control	10.6	5.3	25/12/2025
WP Term Order<= 2.1.0 Cross Site Request Forgery (CSRF)	4.3	4.3	25/12/2025
WP Job Portal<= 2.4.3 Insecure Direct Object References (IDOR)	9.89	4.3	25/12/2025
Materialis Companion<= 1.3.52 Broken Access Control	4.3	4.3	25/12/2025
HD Quiz<= 2.0.9 Broken Access Control	4.3	4.3	25/12/2025
Sunshine Photo Cart<= 3.5.7.2 Broken Access Control	24.38	5.3	24/12/2025
Radio Player<= 2.0.91 Server Side Request Forgery (SSRF)	12.42	5.4	24/12/2025
Monetag Official Plugin<= 1.1.3 Broken Access Control	5.4	5.4	24/12/2025
Extensions For CF7<= 3.4.0 Insecure Direct Object References (IDOR)	3.98	5.3	24/12/2025
ElementCamp<= 2.3.2 Broken Access Control	10.6	5.3	23/12/2025
Contact Form 7 GetResponse Extension<= 1.0.8 Sensitive Data Exposure	10.6	5.3	23/12/2025
Integration for Contact Form 7 HubSpot<= 1.4.3 Sensitive Data Exposure	5.3	5.3	23/12/2025
Autoshare for Twitter<= 2.3.1 Broken Access Control	12.42	5.4	23/12/2025
Cloudinary<= 3.3.2 Broken Access Control	5.4	5.4	23/12/2025
FluentBoards<= 1.91.1 Broken Access Control	6.21	5.4	23/12/2025
Anything Order by Terms<= 1.4.0 Broken Access Control	3.23	4.3	22/12/2025
WP Travel<= 11.1.0 Broken Access Control	12.19	5.3	22/12/2025
Media Library File Size<= 1.6.7 Broken Access Control	4.3	4.3	22/12/2025
Edwiser Bridge<= 4.3.2 Broken Access Control	5.4	5.4	22/12/2025
BOX NOW Delivery<= 3.0.2 Broken Access Control	4.3	4.3	22/12/2025
Simple Membership WP user Import<= 1.9.1 Cross Site Request Forgery (CSRF)	5.4	5.4	21/12/2025
Ai Image Alt Text Generator for WP<= 1.1.9 Broken Access Control	4.3	4.3	21/12/2025
GDPR CCPA Compliance Support<= 2.7.4 Broken Access Control	6.5	6.5	30/10/2025
WP Forms Signature Contract Add-On<= 1.8.2 Broken Access Control	9.89	4.3	20/12/2025
Tutor LMS BunnyNet Integration<= 1.0.0 Cross Site Scripting (XSS)	5.9	5.9	20/12/2025
AJAX Hits Counter + Popular Posts Widget<= 0.10.210305 Broken Access Control	4.05	5.4	19/12/2025
Turn Yoast SEO FAQ Block to Accordion<= 1.0.6 Cross Site Scripting (XSS)	4.88	6.5	17/12/2025
Element Invader – Template Kits for Elementor<= 1.2.4 Broken Access Control	4.3	4.3	17/12/2025
Client Portal<= 1.2.1 Broken Access Control	4.3	4.3	17/12/2025
Zoho CRM Lead Magnet<= 1.8.1.9 Broken Access Control	6.21	5.4	16/12/2025
Wheel of Life<= 1.2.0 Broken Access Control	12.19	5.3	16/12/2025
Multilanguage by BestWebSoft<= 1.5.2 Broken Access Control	3.23	4.3	16/12/2025
WPMasterToolKit<= 2.14.0 Broken Access Control	9.89	4.3	16/12/2025
Tickera<= 3.5.6.4 Broken Access Control	4.3	4.3	10/12/2025
Better Business Reviews<= 0.1.1 Broken Access Control	4.3	4.3	10/12/2025

Report vulnerabilities to earn bounties and rewards!

Include pending