Bao - BlueRock

Say thanks

2,582.96

XP

84

Reports

18

Reports, last 90 days

#8

3 Apr, 2026

🇻🇳

Lvl 5

Website

GitHub

Exploited

Affected software \| Vulnerability	AXP	Severity	Reported
EventPrime<= 4.2.8.3 Sensitive Data Exposure	24.38	5.3	21/01/2026
WP-Lister Lite for eBay<= 3.8.5 Broken Access Control	24.38	5.3	20/01/2026
ShopBuilder – Elementor WooCommerce Builder Addons<= 3.2.4 Sensitive Data Exposure	24.38	5.3	19/01/2026
Client Invoicing by Sprout Invoices<= 20.8.8 Broken Access Control	24.38	5.3	16/01/2026
WpEvently< 5.1.9 Sensitive Data Exposure	24.38	5.3	15/01/2026
EventPrime<= 4.2.8.0 Broken Access Control	24.38	5.3	29/12/2025
Hustle<= 7.8.9.2 Sensitive Data Exposure	97.52	5.3	26/12/2025
Spectra<= 2.19.17 Broken Access Control	170.66	5.3	18/12/2025
Breeze<= 2.2.21 Broken Access Control	146.28	5.3	14/12/2025
Post Expirator<= 4.9.3 Broken Access Control	29.67	4.3	12/12/2025
Amelia<= 1.2.38 Broken Access Control	73.14	5.3	12/12/2025
H5P<= 1.16.1 Broken Access Control	48.76	5.3	28/11/2025
contact-form-7-mailchimp-extension<= 0.9.68 Sensitive Data Exposure	9.68	4.3	21/11/2025
Pixel Manager for WooCommerce<= 1.51.1 Sensitive Data Exposure	127.2	5.3	25/11/2025
TI WooCommerce Wishlist<= 2.10.0 Broken Access Control	97.52	5.3	22/10/2025
Feeds for YouTube<= 2.4.0 Broken Access Control	48.76	5.3	30/09/2025
Advanced Database Cleaner<= 3.1.6 Cross Site Request Forgery (CSRF)	2.15	4.3	30/09/2025
Insert PHP Code Snippet<= 1.4.3 Broken Access Control	17.2	4.3	27/09/2025
Shortcodes and extra features for Phlox theme<= 2.17.15 Sensitive Data Exposure	48.76	5.3	26/09/2025
WP Popup Builder<= 1.3.8 Sensitive Data Exposure	10.6	5.3	28/08/2025
HivePress Claim Listings<= 1.1.3 Broken Access Control	4.3	4.3	22/08/2025
HivePress Claim Listings<= 1.1.4 Broken Access Control	4.3	4.3	22/08/2025
WP Directory Kit<= 1.4.0 Broken Access Control	10.6	5.3	25/08/2025
CoSchedule<= 3.3.11 Sensitive Data Exposure	10.6	5.3	26/08/2025
Email marketing for WordPress by GetResponse Official<= 1.5.3 Sensitive Data Exposure	6.5	6.5	26/08/2025
Email marketing for WordPress by GetResponse Official<= 1.5.3 Broken Access Control	6.5	6.5	26/08/2025
Mihdan: No External Links<= 5.1.6.2 Cross Site Request Forgery (CSRF)	2.7	5.4	03/07/2025
WP Mailto Links<= 3.1.4 Cross Site Scripting (XSS)	N/A	5.9	06/07/2025
Piotnet Forms<= 1.0.30 Cross Site Request Forgery (CSRF)	2.15	4.3	16/07/2025
Ongkoskirim.id<= 1.0.6 Broken Access Control	5.4	5.4	19/07/2025
CardCom Payment Gateway<= 3.5.0.7 Broken Access Control	10.6	5.3	23/07/2025
E-namad & Shamed Logo Manager<= 2.2 Cross Site Scripting (XSS)	N/A	5.9	26/07/2025
Interact: Embed A Quiz On Your Site<= 3.1 Cross Site Request Forgery (CSRF)	N/A	4.3	17/08/2025
Cecabank WooCommerce Plugin<= 0.3.4 Broken Access Control	10.6	5.3	19/08/2025
Zoho Flow<= 2.14.1 Cross Site Request Forgery (CSRF)	2.15	4.3	28/08/2025
BerqWP<= 2.2.53 Broken Access Control	10.6	5.3	20/08/2025
Export WP Page to Static HTML/CSS<= 4.1.0 Broken Access Control	N/A	5.3	29/08/2025
Site Info<= 1.1 Sensitive Data Exposure	N/A	2.7	21/06/2025
Compact Admin<= 1.3.3 Cross Site Request Forgery (CSRF)	N/A	4.3	19/06/2025
Media Author<= 1.0.4 Broken Access Control	N/A	5.5	22/06/2025
Custom Team Manager<= 2.4.2 Cross Site Scripting (XSS)	N/A	6.5	22/06/2025
Comment Form WP – Customize Default Comment Form<= 2.0.1 Cross Site Scripting (XSS)	N/A	5.9	24/06/2025
Support Genix<= 1.4.23 Broken Access Control	7.95	5.3	19/07/2025
Posts Table with Search & Sort<= 1.4.10 Broken Access Control	21.2	5.3	14/08/2025
Order Delivery Date for WooCommerce<= 4.1.0 Broken Access Control	4.3	4.3	09/07/2025
JS Archive List< 6.1.6 SQL Injection	37.2	9.3	31/07/2025
Add Code To Head<= 1.17 Cross Site Scripting (XSS)	N/A	5.9	06/08/2025
Ai Image Alt Text Generator for WP<= 1.1.5 Broken Access Control	16.4	8.2	24/07/2025
Fluent Support<= 1.9.1 Cross Site Request Forgery (CSRF)	2.15	4.3	15/07/2025
Premmerce Brands for WooCommerce<= 1.2.13 Cross Site Request Forgery (CSRF)	1.61	4.3	23/07/2025
ProveSource Social Proof<= 3.1.2 Sensitive Data Exposure	10.6	5.3	17/07/2025
Popup for CF7 with Sweet Alert<= 1.6.5 Cross Site Request Forgery (CSRF)	2.15	4.3	16/07/2025
WP Discord Post Plus – Supports Unlimited Channels<= 1.0.2 Cross Site Request Forgery (CSRF)	2.15	4.3	28/06/2025
CM On Demand Search And Replace<= 1.5.2 Cross Site Scripting (XSS)	N/A	5.9	31/07/2025
CM On Demand Search And Replace<= 1.5.2 Cross Site Request Forgery (CSRF)	2.15	4.3	31/07/2025
Embedder for Google Reviews<= 1.7.3 Broken Access Control	10.6	5.3	16/07/2025
Motors<= 1.4.80 Insecure Direct Object References (IDOR)	21.2	5.3	06/07/2025
AntiSpam for Contact Form 7<= 0.6.3 Cross Site Request Forgery (CSRF)	2.7	5.4	04/07/2025
CM Pop-Up banners<= 1.8.4 Broken Access Control	4.3	4.3	10/07/2025
Custom Login And Signup Widget<= 1.0 Arbitrary Code Execution	N/A	9.1	19/06/2025

Report vulnerabilities to earn bounties and rewards!

Include pending