Nguyen Tran Tuan Dung (domiee13)

496.87

XP

71

Reports

0

Reports, last 90 days

#1

3 Apr, 2026

🇻🇳

Lvl 2

Website

GitHub

Exploited

Affected software \| Vulnerability	AXP	Severity	Reported
Behance Portfolio Manager<= 1.7.5 Cross Site Scripting (XSS)	N/A	5.9	03/10/2025
WING WordPress Migrator<= 1.2.0 Cross Site Request Forgery (CSRF)	14.4	9.6	08/05/2025
WooCommerce PDF Invoice Builder<= 1.2.150 Broken Access Control	9.89	4.3	15/10/2025
Malcure Malware Scanner<= 16.8 Broken Access Control	4.3	4.3	02/05/2025
Barcode Scanner with Inventory & Order Manager<= 1.9.0 Arbitrary File Download	N/A	4.9	26/05/2025
Product XML Feed Manager for WooCommerce<= 2.9.2 Broken Access Control	13	6.5	27/04/2025
Contest Gallery<= 26.0.6 Cross Site Scripting (XSS)	16.33	7.1	29/03/2025
IS-theme-companion<= 1.59 Cross Site Request Forgery (CSRF)	8.8	8.8	28/05/2025
Cookiebot<= 4.5.8 Cross Site Request Forgery (CSRF)	8.6	4.3	15/05/2025
Sertifier Certificate & Badge Maker<= 1.21 Broken Access Control	3.25	6.5	28/05/2025
Off-Canvas Sidebars & Menus (Slidebars)<= 0.5.8.4 Cross Site Scripting (XSS)	14.2	7.1	21/05/2025
UpStream: a Project Management Plugin for WordPress<= 2.1.1 Broken Access Control	3.23	4.3	09/05/2025
JobWP<= 2.4.0 Cross Site Request Forgery (CSRF)	2.15	4.3	21/05/2025
Notifier<= 2.7.12 Broken Access Control	4.3	4.3	14/05/2025
Media Hygiene<= 4.0.1 Broken Access Control	4.3	4.3	14/05/2025
User Roles and Capabilities<= 1.2.6 Broken Access Control	4.3	4.3	09/05/2025
WP Customer Area<= 8.3.4 Broken Access Control	4.3	4.3	02/05/2025
WPThumb<= 0.10 Server Side Request Forgery (SSRF)	3.68	4.9	18/05/2025
Contentstudio<= 1.3.7 Broken Access Control	10.6	5.3	20/05/2025
Cookie-Script.com<= 1.2.1 Broken Access Control	10.6	5.3	15/05/2025
Kata Plus<= 1.5.3 Broken Access Control	4.05	5.4	14/05/2025
Breeze<= 2.2.13 Broken Access Control	29.67	4.3	05/05/2025
Premmerce User Roles<= 1.0.13 Broken Access Control	7.42	4.3	14/05/2025
myCred<= 2.9.4.2 Broken Access Control	4.95	4.3	24/04/2025
Seriously Simple Podcasting<= 3.13.0 Broken Access Control	7.42	4.3	13/05/2025
Behance Portfolio Manager<= 1.7.5 Broken Access Control	4.3	4.3	29/04/2025
Custom Category/Post Type Post order<= 1.6.0 Broken Access Control	5.4	5.4	28/04/2025
WordLift<= 3.54.4 Broken Access Control	4.3	4.3	29/04/2025
Post Custom Templates Lite<= 1.14 Cross Site Scripting (XSS)	N/A	5.9	21/04/2025
Custom Bulk/Quick Edit<= 1.6.10 Cross Site Request Forgery (CSRF)	2.15	4.3	21/04/2025
Layouts for Elementor<= 1.11 Cross Site Request Forgery (CSRF)	2.15	4.3	22/04/2025
Activity Plus Reloaded for BuddyPress<= 1.1.2 Broken Access Control	5.4	5.4	27/04/2025
ThemeHunk<= 1.2.0 Broken Access Control	4.3	4.3	27/04/2025
CubeWP<= 1.1.29 Cross Site Request Forgery (CSRF)	2.15	4.3	23/04/2025
Widgetize Pages Light<= 3.0 Cross Site Request Forgery (CSRF)	3.55	7.1	23/04/2025
PDF for WPForms<= 5.5.0 Broken Access Control	3.75	5	14/05/2025
Ultimate WP Mail<= 1.3.5 Broken Authentication	26.4	8.8	12/05/2025
Product Feed for WooCommerce<= 2.2.8 Broken Access Control	4.3	4.3	09/05/2025
WP Table Builder<= 2.0.6 Cross Site Request Forgery (CSRF)	6.45	4.3	07/05/2025
WP Cookie Notice for GDPR, CCPA & ePrivacy Consent<= 3.8.0 Cross Site Request Forgery (CSRF)	2.15	4.3	02/05/2025
DocsPress<= 2.5.2 Broken Access Control	4.3	4.3	29/04/2025
Print Invoice & Delivery Notes for WooCommerce<= 5.5.0 Cross Site Request Forgery (CSRF)	5.4	5.4	26/04/2025
Everest Backup<= 2.3.3 Cross Site Request Forgery (CSRF)	2.15	4.3	23/04/2025
Responsive Plus<= 3.2.0 Broken Access Control	5.4	5.4	29/04/2025
WPeMatico RSS Feed Fetcher<= 2.8.3 Broken Access Control	4.3	4.3	29/04/2025
WP-Lister Lite for eBay<= 3.8.3 Broken Access Control	7.42	4.3	27/04/2025
Rootspersona<= 3.7.5 Cross Site Request Forgery (CSRF)	2.7	5.4	20/04/2025
Falang multilanguage<= 1.3.61 Cross Site Request Forgery (CSRF)	2.15	4.3	21/04/2025
Rootspersona<= 3.7.5 Broken Access Control	5.3	5.3	20/04/2025
Product Code for WooCommerce<= 1.5.0 Cross Site Request Forgery (CSRF)	2.15	4.3	27/04/2025
Url Rewrite Analyzer<= 1.3.3 Broken Access Control	4.3	4.3	29/04/2025
Shortlinks by Pretty Links<= 3.6.15 Broken Access Control	21.5	4.3	06/05/2025
The Events Calendar<= 6.11.2.1 Broken Access Control	37.26	5.4	06/05/2025
FunnelCockpit<= 1.4.3 Cross Site Scripting (XSS)	14.2	7.1	22/03/2025
WP Pipes<= 1.4.3 Server Side Request Forgery (SSRF)	N/A	4.4	25/03/2025
PW WooCommerce Bulk Edit<= 2.134 Cross Site Request Forgery (CSRF)	2.7	5.4	28/04/2025
Music Player for WooCommerce<= 1.5.1 Broken Access Control	5.4	5.4	27/04/2025
Envo Extra<= 1.9.9 Broken Access Control	8.6	4.3	26/04/2025
GPT3 AI Content Writer<= 1.9.14 Cross Site Request Forgery (CSRF)	2.15	4.3	24/04/2025
Media Hygiene<= 4.0.0 Broken Access Control	5.4	5.4	23/04/2025
Hash Form<= 1.2.8 Cross Site Request Forgery (CSRF)	2.15	4.3	23/04/2025
GS Testimonial Slider<= 3.3.0 Broken Access Control	4.3	4.3	22/04/2025
Ultimate WP Mail<= 1.3.4 Cross Site Request Forgery (CSRF)	2.7	5.4	21/04/2025
Smart Hashtags [#hashtagger]<= 7.2.3 Broken Access Control	4.3	4.3	15/04/2025
Ultimate Store Kit Elementor Addons<= 2.4.0 Deserialization of untrusted data	39.2	9.8	28/03/2025
WP Editor.md – The Perfect WordPress Markdown Editor<= 10.2.1 Cross Site Scripting (XSS)	N/A	5.9	28/03/2025
Duplicate Page and Post<= 1.0 SQL Injection	12.75	8.5	25/03/2025
Slider by BestWebSoft<= 1.1.0 SQL Injection	N/A	7.6	24/03/2025
Filr<= 1.2.4 Cross Site Scripting (XSS)	3.74	6.5	04/04/2024
Shared Files<= 1.7.19 Broken Access Control	12.19	5.3	05/04/2024

Report vulnerabilities to earn bounties and rewards!

Include pending