mcdruid

1,516.74

XP

42

Reports

0

Reports, last 90 days

#28

3 Apr, 2026

🇬🇧

Lvl 4

Website

GitHub

Exploited

Affected software \| Vulnerability	AXP	Severity	Reported
SimpLy Gallery<= 3.3.2 Arbitrary Code Execution	51.23	9.9	14/01/2026
Widget Options<= 4.1.3 Remote Code Execution (RCE)	93.15	9	04/10/2025
Royal Elementor Addons<= 1.7.1052 Other Vulnerability Type	226.32	8.2	14/06/2025
Booking Calendar<= 10.14.15 SQL Injection	22.8	7.6	15/01/2026
Slimstat Analytics<= 5.3.2 Cross Site Scripting (XSS)	97.98	7.1	15/11/2025
Beaver Builder<= 2.9.4.1 Arbitrary Code Execution	67.5	7.5	10/11/2025
Synergy Project Manager<= 1.5 Cross Site Scripting (XSS)	N/A	5.8	17/10/2025
Infility Global<= 2.15.09 Cross Site Scripting (XSS)	7.1	7.1	14/10/2025
Infility Global<= 2.15.09 SQL Injection	18.6	9.3	10/10/2025
IF AS Shortcode<= 1.2 Remote Code Execution (RCE)	N/A	9.9	04/09/2025
GiveWP<= 4.13.1 Cross Site Request Forgery (CSRF)	29.16	5.4	23/11/2025
Broken Link Checker<= 1.2.6 SQL Injection	43.7	7.6	09/11/2025
All In One SEO Pack<= 4.9.1 SQL Injection	117.3	8.5	06/11/2025
External Media<= 1.0.36 Server Side Request Forgery (SSRF)	N/A	4.9	24/10/2025
HAPPY<= 1.0.7 Remote Code Execution (RCE)	103.5	10	25/09/2025
s2Member<= 250905 Remote Code Execution (RCE)	54	9	01/09/2025
GSheets Connector<= 1.1.1 PHP Object Injection	N/A	7.2	06/07/2025
ConveyThis<= 269.1 PHP Object Injection	N/A	7.2	10/07/2025
Awesome Support<= 6.3.5 Deserialization of untrusted data	N/A	7.2	14/08/2025
eDS Responsive Menu<= 1.2 PHP Object Injection	N/A	7.2	20/06/2025
Aitasi Coming Soon<= 2.0.2 Deserialization of untrusted data	N/A	7.2	19/06/2025
LTL Freight Quotes - TQL Edition<= 1.2.6 PHP Object Injection	N/A	7.2	12/07/2025
LTL Freight Quotes – Daylight Edition<= 2.2.7 PHP Object Injection	N/A	7.2	12/07/2025
LTL Freight Quotes – Day & Ross Edition<= 2.1.11 PHP Object Injection	N/A	7.2	12/07/2025
Client Invoicing by Sprout Invoices<= 20.8.7 PHP Object Injection	67.62	9.8	27/05/2025
Small Package Quotes – USPS Edition<= 1.3.9 PHP Object Injection	N/A	7.2	08/07/2025
bidorbuy Store Integrator<= 2.12.0 Remote Code Execution (RCE)	N/A	9.1	22/08/2025
WP Funnel Manager<= 1.4.0 PHP Object Injection	N/A	9.8	26/05/2025
Simple Login Log<= 1.1.3 PHP Object Injection	N/A	7.2	06/07/2025
YITH WooCommerce Compare<= 3.6.0 Deserialization of untrusted data	N/A	7.2	08/07/2025
Boldermail<= 2.4.0 PHP Object Injection	N/A	8.8	06/07/2025
Preserve Code Formatting<= 4.0.1 PHP Object Injection	9.9	8.8	02/07/2025
Site Chat on Telegram<= 1.0.4 PHP Object Injection	N/A	9.8	05/06/2025
CoSchool LMS<= 1.4.3 PHP Object Injection	N/A	9.8	03/06/2025
UNIVERSAM<= 9.03 PHP Object Injection	N/A	9.8	06/06/2025
eCommerce Product Catalog<= 3.4.3 PHP Object Injection	14.4	7.2	23/05/2025
Category Icon<= 1.0.3 XML External Entity (XXE)	4.55	9.1	04/05/2025

Report vulnerabilities to earn bounties and rewards!

Include pending