Trương Hữu Phúc (truonghuuphuc)

4,496.44

XP

334

Reports

26

Reports, last 90 days

#7

3 Apr, 2026

🇻🇳

Lvl 7

Website

GitHub

Exploited

Affected software \| Vulnerability	AXP	Severity	Reported
Miraculous< 2.1.2 Broken Access Control	11.25	7.5	22/01/2026
Miraculous Core Plugin< 2.1.2 SQL Injection	12.75	8.5	22/01/2026
uListing<= 2.2.0 Arbitrary File Download	16.91	4.9	10/09/2025
Advanced Woo Labels<= 2.36 Remote Code Execution (RCE)	N/A	7.2	26/01/2026
Ads Pro<= 5.0 Broken Access Control	5.4	5.4	21/01/2026
Ridhi<= 1.1.2 Broken Access Control	5.3	5.3	19/01/2026
Digital Download<= 1.1.4 Broken Access Control	7.95	5.3	19/01/2026
App Landing Page<= 1.2.2 Broken Access Control	5.3	5.3	19/01/2026
Numinous<= 1.3.0 Broken Access Control	7.95	5.3	19/01/2026
Rara Academic<= 1.2.2 Broken Access Control	7.95	5.3	19/01/2026
Book Landing Page<= 1.2.7 Broken Access Control	7.95	5.3	19/01/2026
Pranayama Yoga<= 1.2.2 Broken Access Control	5.3	5.3	19/01/2026
Spa and Salon<= 1.3.2 Broken Access Control	7.95	5.3	19/01/2026
Kalon<= 1.2.9 Broken Access Control	5.3	5.3	19/01/2026
Travel Diaries<= 1.2.4 Broken Access Control	5.3	5.3	19/01/2026
The Minimal<= 1.2.9 Broken Access Control	7.95	5.3	19/01/2026
Elegant Pink<= 1.3.3 Broken Access Control	7.95	5.3	19/01/2026
Influencer<= 1.1.7 Broken Access Control	5.3	5.3	19/01/2026
Download Alt Text AI<= 1.10.15 Broken Access Control	10.6	5.3	15/01/2026
Restaurant and Cafe<= 1.2.5 Broken Access Control	10.6	5.3	12/01/2026
Travel Agency<= 1.5.5 Broken Access Control	10.6	5.3	12/01/2026
Perfect Portfolio<= 1.2.4 Broken Access Control	10.6	5.3	12/01/2026
Corpiva<= 1.0.96 Cross Site Request Forgery (CSRF)	4.3	4.3	12/01/2026
Benevolent<= 1.3.9 Broken Access Control	10.6	5.3	10/01/2026
Lawyer Landing Page<= 1.2.7 Broken Access Control	10.6	5.3	10/01/2026
Business One Page<= 1.3.2 Broken Access Control	10.6	5.3	10/01/2026
Bakes And Cakes<= 1.2.9 Broken Access Control	10.6	5.3	10/01/2026
Timeline Event History<= 3.2 Cross Site Scripting (XSS)	14.2	7.1	25/11/2025
Construction Landing Page<= 1.4.1 Broken Access Control	10.6	5.3	10/01/2026
Preschool and Kindergarten<= 1.2.5 Broken Access Control	10.6	5.3	10/01/2026
Rara Business<= 1.3.0 Broken Access Control	10.6	5.3	10/01/2026
Travel Booking<= 1.3.9 Broken Access Control	10.6	5.3	10/01/2026
The Conference<= 1.2.5 Broken Access Control	10.6	5.3	10/01/2026
JobScout<= 1.1.7 Broken Access Control	10.6	5.3	10/01/2026
Lemmony< 1.7.1 Cross Site Request Forgery (CSRF)	5.4	5.4	09/01/2026
Coachify<= 1.1.5 Cross Site Request Forgery (CSRF)	5.4	5.4	09/01/2026
Coachify<= 1.1.5 Broken Access Control	10.6	5.3	09/01/2026
Shopwell<= 1.0.11 Broken Access Control	10.6	5.3	08/01/2026
ThirstyAffiliates<= 3.11.9 Cross Site Request Forgery (CSRF)	10.8	5.4	03/01/2026
Bit Form<= 2.21.10 SQL Injection	N/A	7.6	29/12/2025
Popularis Extra<= 1.2.10 Cross Site Request Forgery (CSRF)	5.4	5.4	29/12/2025
Webpushr<= 4.38.0 Sensitive Data Exposure	10.6	5.3	26/12/2025
GeoDirectory<= 2.8.149 Cross Site Request Forgery (CSRF)	4.3	4.3	24/12/2025
Heateor Social Login<= 1.1.39 Cross Site Request Forgery (CSRF)	0.68	5.4	26/11/2025
CWW Companion<= 1.3.2 Cross Site Request Forgery (CSRF)	0.54	4.3	24/11/2025
Client Invoicing by Sprout Invoices<= 20.8.7 Broken Access Control	7.42	4.3	10/10/2025
Simple Content Templates for Blog Posts & Pages<= 2.2.61 Cross Site Request Forgery (CSRF)	0.54	4.3	16/09/2025
PGS Core<= 5.9.0 SQL Injection	12.75	8.5	03/07/2025
Vehica Core<= 1.0.100 Cross Site Request Forgery (CSRF)	2.15	4.3	02/07/2025
Javo Core<= 3.0.0.266 Cross Site Request Forgery (CSRF)	13.2	8.8	03/07/2025
Di Themes Demo Site Importer<= 1.2 Cross Site Request Forgery (CSRF)	2.15	4.3	16/09/2025
WP Compress<= 6.50.54 Broken Access Control	10.6	5.3	08/07/2025
Blog Designer<= 3.1.8 Broken Access Control	5.4	5.4	25/07/2025
Blog Designer PRO<= 3.4.8 Broken Access Control	31.8	5.3	30/07/2025
Simplified<= 1.0.11 Server Side Request Forgery (SSRF)	N/A	5.5	10/03/2025
MapSVG< 8.7.4 SQL Injection	37.2	9.3	23/04/2025
Cost Calculator<= 7.4 Cross Site Scripting (XSS)	6.5	6.5	09/07/2025
Javo Core<= 3.0.0.266 Arbitrary Code Execution	39	6.5	04/07/2025
Support Board< 3.8.7 Cross Site Scripting (XSS)	42.6	7.1	01/07/2025
ProfileGrid <= 5.9.5.3 SQL Injection	17	8.5	13/06/2025
Post and Page Builder by BoldGrid<= 1.27.8 Path Traversal	10.87	4.2	29/05/2025
Cost Calculator<= 7.4 Broken Access Control	4.3	4.3	09/07/2025
GymBase Theme Classes<= 1.4 SQL Injection	12.75	8.5	09/07/2025
ProfileGrid <= 5.9.5.2 SQL Injection	17	8.5	28/05/2025
WP Compress<= 6.30.30 Broken Authentication	15.9	5.3	21/04/2025
Alone<= 7.8.2 Arbitrary Code Execution	43.2	7.2	04/06/2025
Cyrlitera<= 1.3.0 Cross Site Request Forgery (CSRF)	4.3	4.3	22/05/2025
Burst Statistics<= 2.0.6 Cross Site Request Forgery (CSRF)	10.75	4.3	21/05/2025
WP Visitor Statistics (Real Time Traffic)<= 8.4 Broken Access Control	21.2	5.3	21/05/2025
Giveaways and Contests by RafflePress<= 1.12.18 Broken Access Control	21.2	5.3	24/04/2025
ProfileGrid <= 5.9.5.2 Full Path Disclosure (FPD)	4.3	4.3	28/05/2025
Post and Page Builder by BoldGrid<= 1.27.8 Server Side Request Forgery (SSRF)	16.56	6.4	29/05/2025
Post and Page Builder by BoldGrid<= 1.27.8 Cross Site Request Forgery (CSRF)	7.42	4.3	29/05/2025
ProfileGrid <= 5.9.5.2 Server Side Request Forgery (SSRF)	4.9	4.9	28/05/2025
Profile Builder<= 3.13.8 Content Spoofing	25.8	4.3	28/05/2025
Calculated Fields Form<= 5.3.58 Cross Site Request Forgery (CSRF)	6.45	4.3	27/05/2025
Backup and Staging by WP Time Capsule<= 1.22.23 Cross Site Scripting (XSS)	14.2	7.1	05/04/2025
WooBeWoo Product Filter Pro< 2.9.6 SQL Injection	37.2	9.3	23/12/2024
WP Guppy<= 4.3.3 SQL Injection	17	8.5	12/03/2025
WBW Product Table PRO<= 2.2.6 SQL Injection	37.2	9.3	20/03/2025
WhatsCart - Whatsapp Abandoned Cart Recovery, Order Notifications, Chat Box, OTP for <= 1.1.0 SQL Injection	37.2	9.3	19/12/2024
School Management<= 92.0.0 Cross Site Scripting (XSS)	14.2	7.1	16/12/2024
Dokan Pro<= 3.14.5 Cross Site Scripting (XSS)	4.88	6.5	13/01/2025
Ninja Tables Pro<= 5.0.17 Cross Site Scripting (XSS)	4.88	6.5	08/04/2025
Ads Pro<= 5.0 Cross Site Scripting (XSS)	4.88	6.5	25/12/2024
CURCY<= 2.3.7 Broken Access Control	10.6	5.3	19/03/2025
FAT Services Booking<= 5.5 Local File Inclusion	N/A	7.5	24/12/2024
MapSVG<= 8.6.9 Content Injection	10.6	5.3	12/04/2025
ProfileGrid <= 5.9.5.1 Broken Access Control	4.3	4.3	17/04/2025
ProfileGrid <= 5.9.5.0 SQL Injection	17	8.5	16/04/2025
WP Job Portal<= 2.3.1 Local File Inclusion	55.89	8.1	05/02/2025
Ultimate Member<= 2.10.3 Arbitrary Code Execution	N/A	5.5	18/03/2025
Advanced File Manager<= 5.3.1 Broken Access Control	N/A	5.3	19/03/2025
List category posts<= 0.91.0 Local File Inclusion	50.63	7.5	01/04/2025
WebinarPress<= 1.33.28 Server Side Request Forgery (SSRF)	N/A	5.5	01/04/2025
PowerPress Podcasting<= 11.12.5 Arbitrary File Upload	44.55	9.9	11/03/2025
Majestic Support<= 1.0.7 Local File Inclusion	29.11	7.5	08/02/2025
Hospital Management System<= 47.0(20-11-2023) SQL Injection	37.2	9.3	13/12/2024
Seriously Simple Podcasting<= 3.9.0 Cross Site Scripting (XSS)	5.9	5.9	17/03/2025
Sirv<= 7.5.3 Cross Site Scripting (XSS)	5.61	6.5	01/04/2025

Report vulnerabilities to earn bounties and rewards!

Include pending