daroo

4,483.29

XP

188

Reports

49

Reports, last 90 days

#11

3 Apr, 2026

🇮🇩

Lvl 7

Website

GitHub

Exploited

Affected software \| Vulnerability	AXP	Severity	Reported
Helpdesk Support Ticket System for WooCommerce<= 2.1.2 Broken Access Control	34.5	7.5	05/01/2026
ProfileGrid <= 5.9.8.1 Cross Site Scripting (XSS)	7.48	6.5	29/12/2025
JetFormBuilder<= 3.5.6.1 Remote Code Execution (RCE)	167.06	9.9	27/01/2026
weForms<= 1.6.26 PHP Object Injection	35.2	8.8	05/01/2026
Contact Form & Lead Form Elementor Builder<= 2.0.1 Cross Site Scripting (XSS)	14.2	7.1	30/01/2026
Nelio AB Testing<= 8.2.7 Remote Code Execution (RCE)	31.4	9.1	04/02/2026
Contest Gallery<= 28.1.2.2 Broken Authentication	135.24	9.8	13/01/2026
LatePoint<= 5.2.6 Insecure Direct Object References (IDOR)	26	6.5	30/01/2026
RewardsWP<= 1.0.4 Privilege Escalation	29.4	9.8	23/01/2026
JS Archive List<= 6.1.7 PHP Object Injection	13.2	8.8	21/01/2026
Creator LMS<= 1.1.18 Privilege Escalation	45.54	8.8	29/01/2026
Dokan<= 4.2.4 Broken Authentication	52.8	8.8	14/12/2025
Tutor LMS<= 3.9.4 Insecure Direct Object References (IDOR)	26	6.5	14/12/2025
Xagio SEO<= 7.1.0.30 Privilege Escalation	58.8	9.8	13/12/2025
WPCafe<= 3.0.7 Broken Access Control	20.93	9.1	11/12/2025
WP User Frontend<= 4.2.5 Broken Access Control	14.95	6.5	10/12/2025
Bus Ticket Booking with Seat Reservation<= 5.6.0 PHP Object Injection	90.16	9.8	07/12/2025
Amelia<= 1.2.38 Privilege Escalation	149.04	7.2	06/12/2025
Chaty<= 3.5.1 Sensitive Data Exposure	90	7.5	23/11/2025
Tablesome<= 1.2.3 SQL Injection	19.55	8.5	22/11/2025
Classified Listing<= 5.3.4 Sensitive Data Exposure	14.95	6.5	14/11/2025
My Tickets<= 2.1.0 Sensitive Data Exposure	11.25	7.5	06/11/2025
Client Invoicing by Sprout Invoices<= 20.8.9 Local File Inclusion	16.56	7.2	22/01/2026
WpBookingly<= 1.2.9 Local File Inclusion	25.88	7.5	19/01/2026
Paid Member Subscriptions<= 2.16.8 Insecure Direct Object References (IDOR)	6.5	6.5	29/11/2025
Simple File List<= 6.1.15 Arbitrary File Download	19.5	6.5	25/11/2025
WP ERP<= 1.16.10 SQL Injection	19.55	8.5	06/01/2026
Easy Hotel Booking<= 1.9.0 Broken Access Control	4.88	6.5	20/11/2025
Travelpayouts<= 1.2.2 Broken Access Control	6.5	6.5	20/11/2025
MailerLite<= 1.7.18 Broken Access Control	9.68	4.3	29/12/2025
WP Recipe Maker<= 10.2.4 Broken Access Control	29.67	4.3	29/12/2025
aDirectory<= 3.0.3 Broken Access Control	4.88	6.5	17/11/2025
Directorist<= 8.6.6 Broken Access Control	7.1	7.1	15/11/2025
CartFlows<= 2.1.19 PHP Object Injection	N/A	7.2	27/12/2025
Easy Property Listings<= 3.5.20 Broken Access Control	13	6.5	12/11/2025
JobWP<= 2.4.5 Cross Site Scripting (XSS)	16.33	7.1	10/11/2025
Hydra Booking<= 1.1.32 Privilege Escalation	43.8	7.3	08/11/2025
Salon booking system<= 10.30.3 Sensitive Data Exposure	6.5	6.5	07/11/2025
Booking Activities<= 1.16.44 Privilege Escalation	48.6	8.1	07/11/2025
Nelio AB Testing<= 8.1.8 Arbitrary Code Execution	13.65	9.1	04/11/2025
Tickera<= 3.5.6.2 Broken Access Control	6.5	6.5	24/10/2025
Event Tickets with Ticket Scanner<= 2.8.5 Remote Code Execution (RCE)	54	9	23/10/2025
Seriously Simple Podcasting<= 3.14.1 Server Side Request Forgery (SSRF)	10.12	4.4	14/12/2025
Quiz And Survey Master<= 10.3.3 Broken Access Control	14.84	4.3	09/12/2025
Stackable<= 3.19.5 Cross Site Scripting (XSS)	13.57	5.9	08/12/2025
CoBlocks<= 3.1.16 Cross Site Scripting (XSS)	24.38	6.5	08/12/2025
Ninja Tables<= 5.2.4 SQL Injection	43.99	8.5	08/12/2025
YayMail<= 4.3.2 Broken Access Control	11.13	4.3	07/12/2025
Post and Page Builder by BoldGrid<= 1.27.9 Broken Access Control	22.25	4.3	06/12/2025
Fluent Support<= 1.10.4 Broken Access Control	7.48	6.5	20/10/2025
Spiffy Calendar<= 5.0.7 Broken Access Control	3.23	4.3	06/12/2025
GetGenie<= 4.3.0 Broken Access Control	16.91	4.9	06/12/2025
Sugar Calendar (Lite)<= 3.9.1 Broken Access Control	3.71	4.3	06/12/2025
Timetics<= 1.0.46 Broken Authentication	26.4	8.8	14/10/2025
Five Star Restaurant Reservations<= 2.7.4 Insecure Direct Object References (IDOR)	17.2	8.6	12/10/2025
Tasty Recipes Lite<= 1.1.5 Broken Access Control	4.3	4.3	20/10/2025
Tasty Recipes Lite<= 1.1.5 Broken Access Control	3.23	4.3	20/10/2025
Gmedia Photo Gallery<= 1.25.0 Cross Site Request Forgery (CSRF)	0.54	4.3	24/10/2025
RestroPress<= 3.2.7 Broken Access Control	10.6	5.3	18/10/2025
PopupKit<= 2.2.4 Sensitive Data Exposure	8.6	4.3	29/11/2025
Poptics<= 1.0.20 Sensitive Data Exposure	3.23	4.3	29/11/2025
BizPrint<= 4.6.7 Broken Access Control	4.88	6.5	29/11/2025
Simple File List<= 6.1.18 Broken Access Control	4.66	5.4	25/11/2025
My Sticky Elements<= 2.3.3 Broken Access Control	8.6	4.3	25/11/2025
BBP Core<= 1.4.1 Broken Access Control	10.6	5.3	24/11/2025
Brave<= 0.8.3 Broken Access Control	10.6	5.3	23/11/2025
Poll, Survey & Quiz Maker Plugin by Opinion Stage<= 19.12.0 Broken Access Control	10.6	5.3	22/11/2025
Tablesome<= 1.1.35.1 Broken Access Control	6.21	5.4	22/11/2025
Tablesome<= 1.1.35.1 Sensitive Data Exposure	5.75	5	22/11/2025
User Feedback<= 1.10.0 SQL Injection	43.7	7.6	22/11/2025
TS Poll<= 2.5.5 Broken Access Control	4.3	4.3	22/11/2025
Wappointment<= 2.7.6 Broken Access Control	10.6	5.3	21/11/2025
Gutenverse Form<= 2.3.1 Broken Access Control	4.88	6.5	20/11/2025
WP Time Slots Booking Form<= 1.2.39 Broken Access Control	4.88	6.5	20/11/2025
WP Adminify<= 4.0.6.1 Broken Access Control	6.21	5.4	18/11/2025
WP Adminify<= 4.0.6.1 Broken Access Control	4.95	4.3	18/11/2025
DirectoryPress<= 3.6.26 Broken Access Control	12.42	5.4	18/11/2025
DirectoryPress<= 3.6.25 Broken Access Control	24.38	5.3	18/11/2025
Watu Quiz<= 3.4.5 Broken Access Control	4.3	4.3	17/11/2025
Watu Quiz<= 3.4.5 Broken Access Control	4.88	6.5	17/11/2025
Admin and Site Enhancements (ASE)<= 8.0.8 Broken Access Control	6.75	2.7	25/11/2025
Simple Link Directory<= 8.8.3 Cross Site Request Forgery (CSRF)	0.54	4.3	17/11/2025
Webba Booking<= 6.2.1 Broken Access Control	9.89	4.3	20/11/2025
UsersWP<= 1.2.48 Cross Site Request Forgery (CSRF)	0.54	4.3	17/11/2025
TrueBooker<= 1.1.0 Broken Access Control	7.95	5.3	20/11/2025
Easy Form Builder<= 3.8.20 Broken Access Control	10.6	5.3	17/11/2025
Simple Link Directory<= 8.8.3 Broken Access Control	10.6	5.3	17/11/2025
Listdom<= 5.0.1 Broken Access Control	4.05	5.4	16/11/2025
Directorist<= 8.6.6 Open Redirection	9.4	4.7	15/11/2025
Business Directory<= 6.4.19 Broken Access Control	2.45	4.9	15/11/2025
Essential Real Estate<= 5.2.9 Broken Access Control	10.6	5.3	14/11/2025
Essential Real Estate<= 5.2.9 Insecure Direct Object References (IDOR)	6.5	6.5	14/11/2025
Easy Property Listings<= 3.5.21 Broken Access Control	4.3	4.3	12/11/2025
Ultimate Auction <= 4.3.2 Sensitive Data Exposure	10.6	5.3	12/11/2025
Ultimate Auction <= 4.3.2 Broken Access Control	5.4	5.4	12/11/2025
Media Library Tools<= 1.6.15 SQL Injection	7.6	7.6	11/11/2025
Nelio Popups<= 1.3.0 Cross Site Scripting (XSS)	4.88	6.5	10/11/2025
Salon booking system<= 10.30.3 Cross Site Request Forgery (CSRF)	0.54	4.3	07/11/2025
WpEvently<= 5.1.1 Cross Site Request Forgery (CSRF)	9.89	4.3	06/11/2025
My Tickets<= 2.1.0 Broken Access Control	2.42	4.3	06/11/2025

Report vulnerabilities to earn bounties and rewards!

Include pending