timomangcut

1,638.01

XP

74

Reports

24

Reports, last 90 days

#10

3 Apr, 2026

🇻🇳

Lvl 4

Website

GitHub

Exploited

Affected software \| Vulnerability	AXP	Severity	Reported
Kubio AI Page Builder<= 2.7.0 Cross Site Scripting (XSS)	19.5	6.5	15/02/2026
Advanced Product Fields (Product Addons) for WooCommerce<= 1.6.18 Broken Access Control	31.8	5.3	09/02/2026
Admin Menu Editor<= 1.14.1 Cross Site Request Forgery (CSRF)	25.8	4.3	08/02/2026
Membership For WooCommerce<= 3.0.3 Insecure Direct Object References (IDOR)	17.25	7.5	30/04/2025
WP Abstracts<= 2.7.4 Local File Inclusion	45	7.5	26/04/2025
Content Egg<= 7.0.0 PHP Object Injection	7.2	7.2	29/04/2025
WP Links Page<= 4.9.6 SQL Injection	17	8.5	30/04/2025
Cloud SAML SSO - Single Sign On Login<= 1.0.18 Local File Inclusion	45	7.5	29/04/2025
WordPress-WPJobBoard<= 25.07010000-WP6.8.1-JB5.11.5 SQL Injection	37.2	9.3	24/04/2025
Printcart Web to Print Product Designer for WooCommerce<= 2.4.0 SQL Injection	17	8.5	24/04/2025
SERPed.net<= 4.6 Local File Inclusion	48.6	8.1	25/04/2025
WP Optimize By xTraffic<= 5.1.6 PHP Object Injection	39.2	9.8	25/04/2025
Woocommerce Partial Shipment<= 3.2 SQL Injection	17	8.5	12/04/2025
Membership For WooCommerce<= 2.8.1 Broken Access Control	15	7.5	30/04/2025
External Store for Shopify<= 1.5.9 Local File Inclusion	16.88	7.5	30/04/2025
WC Vendors Marketplace<= 2.5.6 SQL Injection	N/A	7.6	27/04/2025
WP Pipes<= 1.4.2 Arbitrary File Deletion	51.6	8.6	26/04/2025
Pix 4x sem juros - Pagaleve<= 1.6.9 PHP Object Injection	39.2	9.8	17/04/2025
Opal Woo Custom Product Variation<= 1.2.0 Arbitrary File Deletion	51.6	8.6	29/04/2025
WPFunnels<= 3.5.18 PHP Object Injection	45.08	9.8	18/04/2025
Bulk Featured Image<= 1.2.4 Broken Access Control	4.3	4.3	09/04/2025
Ebook Store<= 5.8009 Cross Site Scripting (XSS)	4.88	6.5	09/04/2025
Graphina<= 3.0.4 Cross Site Request Forgery (CSRF)	12.15	8.1	28/04/2025
XT Event Widget for Social Events<= 1.1.7 Local File Inclusion	16.88	7.5	26/04/2025
CoinPayments.net Payment Gateway for WooCommerce<= 1.0.17 PHP Object Injection	39.2	9.8	27/04/2025
Mailing Group Listserv<= 3.0.4 SQL Injection	17	8.5	16/04/2025
Fable Extra<= 1.0.6 SQL Injection	37.2	9.3	08/04/2025
Fable Extra<= 1.0.6 Cross Site Scripting (XSS)	4.88	6.5	09/04/2025
Appointment Booking Calendar<= 1.3.92 Broken Access Control	10.6	5.3	12/04/2025
AnyTrack Affiliate Link Manager<= 1.0.4 Broken Access Control	15	7.5	29/03/2025
Sandwich Adsense<= 4.0.2 Broken Access Control	N/A	5.3	29/03/2025
Posts Footer Manager<= 2.2.0 Cross Site Scripting (XSS)	N/A	5.9	01/03/2025
Welcome Bar<= 2.0.4 Cross Site Scripting (XSS)	N/A	5.9	03/03/2025
include-file<= 1 Arbitrary File Download	N/A	6.5	07/03/2025
Include URL<= 0.3.5 Arbitrary File Download	N/A	6.5	08/03/2025
Flickr set slideshows<= 0.9 SQL Injection	17	8.5	08/03/2025
Novelist<= 1.2.3 Cross Site Scripting (XSS)	N/A	5.9	03/03/2025
PostMash<= 1.0.3 SQL Injection	37.2	9.3	14/03/2025
Navigation Tree Elementor<= 1.0.1 SQL Injection	17	8.5	13/03/2025
WP01<= 2.6.2 Arbitrary File Download	22.5	7.5	12/03/2025
Flickr set slideshows<= 0.9 SQL Injection	N/A	8.5	08/03/2025
WP Featured Entries<= 1.0 SQL Injection	N/A	8.5	12/03/2025
Include URL<= 0.3.5 Cross Site Scripting (XSS)	N/A	6.5	08/03/2025
include-file<= 1 Cross Site Scripting (XSS)	N/A	6.5	08/03/2025
IG Shortcodes<= 3.1 Cross Site Scripting (XSS)	N/A	6.5	07/03/2025

Report vulnerabilities to earn bounties and rewards!

Include pending