Muhamad Agil Fachrian

662.94

XP

52

Reports

0

Reports, last 90 days

#9

3 Apr, 2026

🇮🇩

Lvl 3

Website

GitHub

Exploited

Affected software \| Vulnerability	AXP	Severity	Reported
Child Themes Helper<= 2.2.7 Cross Site Request Forgery (CSRF)	4.58	6.1	26/10/2024
KB Support<= 1.6.7 Open Redirection	9.4	4.7	19/09/2024
LearnPress<= 4.2.7.1 Open Redirection	14.1	4.7	17/09/2024
Event Countdown Timer Plugin by TechMix<= 1.4 Cross Site Request Forgery (CSRF)	3.55	7.1	30/10/2024
Book a Place<= 0.7.1 Cross Site Request Forgery (CSRF)	3.55	7.1	30/10/2024
Blogger Image Import2.1 Cross Site Request Forgery (CSRF)	3.55	7.1	30/10/2024
Shipdeo<= 1.2.8 Cross Site Scripting (XSS)	14.2	7.1	14/10/2024
Stars SMTP Mailer<= 1.7 Cross Site Scripting (XSS)	14.2	7.1	16/10/2024
User Management<= 1.2 Privilege Escalation	26.4	8.8	27/10/2024
Background Control<= 1.0.5 Cross Site Request Forgery (CSRF)	6.45	8.6	30/10/2024
Hide Login+<= 3.5.1 Cross Site Scripting (XSS)	14.2	7.1	14/10/2024
Course Migration for LearnDash1.0.2 Server Side Request Forgery (SSRF)	6.4	6.4	25/10/2024
JobBoard Job listing<= 1.2.6 Arbitrary File Upload	60	10	09/10/2024
ACF City Selector<= 1.14.0 Arbitrary File Upload	N/A	6.6	07/10/2024
gap-hub-user-role<= 3.4.1 Cross Site Request Forgery (CSRF)	13.2	8.8	23/10/2024
FAQs<= 1.0.2 Cross Site Scripting (XSS)	14.2	7.1	31/10/2024
FV Descriptions<= 1.4 Cross Site Scripting (XSS)	14.2	7.1	31/10/2024
Preloader by WordPress Monsters<= 1.2.3 Cross Site Scripting (XSS)	14.2	7.1	31/10/2024
Wovax IDX<= 1.2.2 Broken Authentication	26.4	8.8	20/10/2024
Bootstrap Buttons<= 1.2 Cross Site Scripting (XSS)	14.2	7.1	30/10/2024
Evernote Sync<= 3.0.0 Cross Site Scripting (XSS)	14.2	7.1	31/10/2024
WordPress Filter<= 1.4.1 Cross Site Request Forgery (CSRF)	3.55	7.1	31/10/2024
TagGator<= 1.54 Cross Site Scripting (XSS)	14.2	7.1	31/10/2024
addWeather<= 2.5.1 Cross Site Request Forgery (CSRF)	3.55	7.1	31/10/2024
Multiple Admin Emails<= 1.0 Cross Site Request Forgery (CSRF)	3.55	7.1	31/10/2024
Posts Date Ranges<= 2.2 Cross Site Scripting (XSS)	14.2	7.1	31/10/2024
Push Monkey Pro – Web Push Notifications and WooCommerce Abandoned Cart<= 3.9 Cross Site Request Forgery (CSRF)	3.55	7.1	31/10/2024
Projectopia<= 5.1.7 Broken Authentication	26.4	8.8	29/10/2024
Hurrakify<= 2.4 Server Side Request Forgery (SSRF)	14.4	7.2	30/10/2024
VPSUForm<= 3.0.0 Cross Site Scripting (XSS)	14.2	7.1	16/10/2024
Login Widget With Shortcode<= 6.1.2 Open Redirection	9.4	4.7	15/09/2024
Paloma Widget<= 1.14 Cross Site Request Forgery (CSRF)	3.55	7.1	31/10/2024
WP GeoNames<= 1.8 Cross Site Scripting (XSS)	14.2	7.1	16/10/2024
Build App Online<= 1.0.23 Cross Site Request Forgery (CSRF)	N/A	5.4	24/10/2024
Wc Recently viewed products<= 1.0.1 Cross Site Scripting (XSS)	14.2	7.1	16/10/2024
DeBounce Email Validator<= 5.6.5 Cross Site Scripting (XSS)	14.2	7.1	18/10/2024
SKT Donation<= 1.9 Cross Site Scripting (XSS)	14.2	7.1	16/10/2024
Radio Buttons and Swatches for WooCommerce<= 1.1.20 Cross Site Scripting (XSS)	14.2	7.1	16/10/2024
ThriveDesk<= 2.0.6 Cross Site Scripting (XSS)	14.2	7.1	12/10/2024
WeChat Subscribers Lite <= 1.6.6 Cross Site Scripting (XSS)	14.2	7.1	21/10/2024
Bulk Change Role<= 1.1 Privilege Escalation	26.4	8.8	20/10/2024
Sunshine Photo Cart<= 3.2.9 Open Redirection	10.81	4.7	08/09/2024
Multi Step Form<= 1.7.21 Broken Access Control	8.6	4.3	30/09/2024
Simple Membership<= 4.5.3 Open Redirection	28.2	4.7	15/09/2024
LaTeX2HTML<= 2.5.4 Cross Site Scripting (XSS)	14.2	7.1	14/10/2024
Duplicate Title Validate<= 1.0 SQL Injection	17	8.5	11/10/2024
EventPrime<= 4.0.4.5 Open Redirection	9.4	4.7	13/09/2024
Payflex Payment Gateway<= 2.6.1 Open Redirection	N/A	4.7	12/09/2024
WPCOM Member<= 1.5.4 Cross Site Scripting (XSS)	14.2	7.1	13/09/2024
Simple Membership After Login Redirection<= 1.6 Open Redirection	9.4	4.7	24/09/2024
ElementsReady Addons for Elementor6.4.2 Open Redirection	9.4	4.7	24/09/2024
CP Polls<= 1.0.74 Cross Site Scripting (XSS)	14.2	7.1	08/09/2024

Report vulnerabilities to earn bounties and rewards!

Include pending