Majed Refaea

835.86

XP

107

Reports

0

Reports, last 90 days

#1

3 Apr, 2026

🇦🇪

Lvl 3

Website

GitHub

Exploited

Affected software \| Vulnerability	AXP	Severity	Reported
Sunshine Photo Cart<= 3.2.9 Broken Access Control	12.19	5.3	08/02/2024
Photo Engine<= 6.4.0 Broken Access Control	4.3	4.3	29/02/2024
MyBookTable Bookstore<= 3.3.9 Cross Site Request Forgery (CSRF)	3.55	7.1	16/02/2024
WpTravelly<= 1.7.7 Broken Access Control	15	7.5	24/02/2024
Photo Engine<= 6.3.1 Cross Site Scripting (XSS)	2.95	5.9	29/02/2024
Telegram Bot & Channel<= 3.8.2 Cross Site Request Forgery (CSRF)	2.65	5.3	26/02/2024
WP Fast Total Search<= 1.69.234 Cross Site Request Forgery (CSRF)	2.15	4.3	24/02/2024
WP GoToWebinar<= 15.7 Cross Site Scripting (XSS)	3.55	7.1	21/02/2024
WappPress<= 6.0.4 Server Side Request Forgery (SSRF)	4.9	4.9	29/02/2024
Taggbox<= 3.3 Cross Site Request Forgery (CSRF)	2.15	4.3	21/02/2024
Zoho Campaigns<= 2.0.8 Cross Site Scripting (XSS)	6.5	6.5	22/02/2024
Google Adsense & Banner Ads by AdsforWP<= 1.9.28 Cross Site Request Forgery (CSRF)	2.15	4.3	23/02/2024
Animated Rotating Words<= 5.6 Cross Site Request Forgery (CSRF)	2.15	4.3	28/02/2024
MakeStories (for Google Web Stories)<= 3.0.3 Arbitrary File Download	10.65	7.1	28/02/2024
Meks Video Importer<= 1.0.12 Broken Access Control	5.4	5.4	14/02/2024
Magical Addons For Elementor<= 1.1.41 Server Side Request Forgery (SSRF)	4.9	4.9	16/02/2024
WP Fast Total Search<= 1.68.232 Broken Access Control	4.3	4.3	25/02/2024
WP GoToWebinar<= 15.6 Broken Access Control	4.3	4.3	21/02/2024
Metorik – Reports & Email Automation for WooCommerce<= 1.7.1 Cross Site Request Forgery (CSRF)	2.15	4.3	20/02/2024
WP GoToWebinar<= 15.7 Cross Site Scripting (XSS)	6.5	6.5	21/02/2024
codoc<= 0.9.51.12 Cross Site Scripting (XSS)	14.2	7.1	12/02/2024
Cliengo – Chatbot<= 3.0.4 Cross Site Request Forgery (CSRF)	2.7	5.4	29/02/2024
Ultimate Auction <= 4.2.5 Cross Site Request Forgery (CSRF)	2.15	4.3	13/02/2024
Zita Elementor Site Library<= 1.6.1 Arbitrary Code Execution	29	9.9	15/02/2024
WPAdverts<= 2.1.2 Cross Site Request Forgery (CSRF)	2.15	4.3	25/02/2024
AliNext<= 3.3.5 Cross Site Scripting (XSS)	6.5	6.5	16/02/2024
AliNext<= 3.4.6 Cross Site Request Forgery (CSRF)	3.55	7.1	16/02/2024
AliNext<= 3.4.3 Cross Site Request Forgery (CSRF)	4.15	8.3	16/02/2024
AliNext<= 3.3.5 Cross Site Scripting (XSS)	24.85	7.1	17/02/2024
AliNext<= 3.3.5 Broken Access Control	6.5	6.5	17/02/2024
User Rights Access Manager<= 1.1.2 Broken Access Control	6.5	6.5	17/02/2024
WP Scraper<= 5.7 Server Side Request Forgery (SSRF)	4.9	4.9	07/02/2024
MasterStudy LMS<= 3.2.12 Broken Access Control	10.8	8.2	25/01/2024
MasterStudy LMS<= 3.2.1 Cross Site Request Forgery (CSRF)	2.15	4.3	26/01/2024
Ovic Importer<= 1.6.3 Arbitrary File Download	11.25	7.5	29/01/2024
Copymatic<= 1.9 Broken Access Control	6.5	6.5	20/02/2024
Analytify<= 5.2.3 Cross Site Request Forgery (CSRF)	5.4	5.4	21/02/2024
Pure Chat<= 2.22 Cross Site Request Forgery (CSRF)	3.55	4.3	14/02/2024
Netgsm<= 2.9.19 Broken Access Control	15	7.5	08/01/2024
Debug Log Manager<= 2.3.1 Broken Access Control	4.3	4.3	14/01/2024
WP Translate<= 5.3.0 Broken Access Control	5.4	5.4	15/01/2024
Upload Fields for WPForms<= 1.0.2 Broken Access Control	10.6	5.3	15/01/2024
Fastly<= 1.2.25 Broken Access Control	4.3	4.3	17/02/2024
WPCal.io<= 0.9.5.8 Cross Site Request Forgery (CSRF)	2.7	5.4	25/02/2024
WebinarPress<= 1.33.20 Cross Site Request Forgery (CSRF)	3.55	7.1	27/01/2024
Social Warfare<= 4.4.5.1 Cross Site Request Forgery (CSRF)	4.3	4.3	08/02/2024
LeadConnector<= 1.7 Broken Access Control	17.2	8.6	02/02/2024
EAN for WooCommerce<= 4.8.9 Privilege Escalation	2.7	7.2	21/01/2024
Save as PDF<= 3.2.0 Broken Access Control	6.5	6.5	26/02/2024
WPPizza<= 3.18.10 Broken Access Control	6.5	6.5	26/02/2024
Login with phone number<= 1.6.93 Broken Access Control	19.6	9.8	07/01/2024
Culqi<= 3.0.14 Server Side Request Forgery (SSRF)	4.9	4.9	07/02/2024
Podlove Podcast Publisher<= 4.0.11 Server Side Request Forgery (SSRF)	4.05	5.4	25/01/2024
Headline Analyzer<= 1.3.3 Broken Access Control	8.6	4.3	02/02/2024
Social Snap<= 1.3.5 Broken Access Control	13	6.5	08/02/2024
SuperFaktura WooCommerce<= 1.40.3 Server Side Request Forgery (SSRF)	6.4	6.4	07/02/2024
WP Fusion Lite<= 3.42.10 Sensitive Data Exposure	4.3	4.3	23/02/2024
WPCal.io<= 0.9.5.8 Cross Site Request Forgery (CSRF)	2.15	4.3	25/02/2024
Paid Memberships Pro<= 2.12.10 Cross Site Request Forgery (CSRF)	8.1	5.4	09/02/2024
The Pack Elementor addons<= 2.0.8.2 Server Side Request Forgery (SSRF)	4.9	4.9	16/02/2024
SchedulePress<= 5.0.8 Broken Access Control	6.5	6.5	16/02/2024
StreamWeasels Twitch Integration<= 1.7.8 Sensitive Data Exposure	10.6	5.3	05/02/2024
Language Switcher for Transposh<= 1.5.9 Cross Site Scripting (XSS)	N/A	7.1	03/01/2024
WP Smart Import<= 1.0.7 Cross Site Scripting (XSS)	2.95	5.9	04/02/2024
Debug Log Manager<= 2.3.1 Cross Site Scripting (XSS)	14.2	7.1	15/01/2024
VikBooking Hotel Booking Engine & PMS<= 1.6.7 Cross Site Scripting (XSS)	24.85	7.1	24/02/2024
Netgsm<= 2.8 Cross Site Scripting (XSS)	14.2	7.1	08/01/2024
WP TradingView<= 1.7 Cross Site Scripting (XSS)	4.88	6.5	12/01/2024
LH Add Media From Url<= 1.22 Cross Site Scripting (XSS)	14.2	7.1	13/01/2024
Download IP2Location Country Blocker<= 2.34.2 Cross Site Request Forgery (CSRF)	2.15	4.3	20/02/2024
Zoho Campaigns<= 2.0.7 Cross Site Request Forgery (CSRF)	2.15	4.3	22/02/2024
Zoho Campaigns<= 2.0.7 Cross Site Request Forgery (CSRF)	2.15	4.3	22/02/2024
Libsyn Publisher Hub<= 1.4.4 Cross Site Request Forgery (CSRF)	2.47	4.3	11/02/2024
Crony Cronjob Manager<= 0.5.0 Cross Site Request Forgery (CSRF)	2.15	4.3	15/01/2024
Login with phone number<= 1.6.93 Cross Site Request Forgery (CSRF)	4.4	8.8	06/01/2024
MihanPanel< 12.7 Cross Site Request Forgery (CSRF)	2.7	5.4	09/01/2024
Spotlight Social Media Feeds<= 1.6.10 Cross Site Request Forgery (CSRF)	6.45	4.3	08/02/2024
Smash Balloon Social Post Feed<= 4.2.1 Cross Site Request Forgery (CSRF)	10.75	4.3	08/02/2024
MailChimp Forms by MailMunch<= 3.2.1 Cross Site Request Forgery (CSRF)	5.4	5.4	09/02/2024
No-Bot Registration<= 1.9.1 Cross Site Request Forgery (CSRF)	2.15	4.3	13/02/2024
WP Event Aggregator<= 1.7.6 Cross Site Request Forgery (CSRF)	2.15	4.3	22/02/2024
Transcoder<= 1.3.5 Cross Site Request Forgery (CSRF)	2.15	4.3	20/02/2024
MPG<= 3.4.0 Cross Site Request Forgery (CSRF)	2.7	5.4	25/02/2024
ReDi Restaurant Reservation<= 24.0128 Cross Site Request Forgery (CSRF)	3.55	7.1	26/02/2024
RapidLoad<= 2.2.11 Server Side Request Forgery (SSRF)	14.4	7.2	18/01/2024
Media Library Folders<= 8.1.8 Directory Traversal	3.25	6.5	22/01/2024
WordPress Tooltips<= 9.5.3 Cross Site Request Forgery (CSRF)	3.55	7.1	28/01/2024
EmbedPress<= 3.9.8 Broken Access Control	39	6.5	08/02/2024
Advanced Local Pickup for WooCommerce<= 1.6.2 Broken Access Control	15	7.5	02/02/2024
Builderall Builder for WordPress<= 2.0.1 Server Side Request Forgery (SSRF)	9.8	4.9	07/02/2024
Nelio Content<= 3.2.0 Server Side Request Forgery (SSRF)	3.68	4.9	07/02/2024
OSS Aliyun<= 1.4.10 SQL Injection	N/A	7.6	04/02/2024
Tumult Hype Animations<= 1.9.11 Cross Site Scripting (XSS)	14.2	7.1	28/02/2024
Tumult Hype Animations<= 1.9.11 Cross Site Request Forgery (CSRF)	2.15	4.3	28/02/2024
AI WP Writer<= 3.6.5 Broken Access Control	10.6	5.3	28/02/2024
Brave<= 0.6.5 Server Side Request Forgery (SSRF)	14.4	5.4	10/02/2024
MPG<= 3.4.0 Broken Access Control	4.3	4.3	25/02/2024
Photo Gallery by Ays<= 5.5.2 Cross Site Scripting (XSS)	24.85	7.1	29/02/2024
Super Page Cache for Cloudflare<= 4.7.5 Cross Site Request Forgery (CSRF)	7.1	7.1	12/02/2024
MPG<= 3.4.0 Remote Code Execution (RCE)	13.65	9.1	25/02/2024

Report vulnerabilities to earn bounties and rewards!

Include pending