Doan Dinh Van

Say thanks

763.65

XP

48

Reports

6

Reports, last 90 days

#25

3 Apr, 2026

🇻🇳

Lvl 3

Website

GitHub

Exploited

Affected software \| Vulnerability	AXP	Severity	Reported
Team<= 5.0.11 Broken Access Control	17.25	7.5	04/01/2026
PPWP<= 1.9.15 Broken Access Control	8.1	5.4	01/01/2026
WP TripAdvisor Review Slider<= 14.1 Cross Site Scripting (XSS)	6.5	6.5	12/01/2026
WP Review Slider<= 13.9 Cross Site Scripting (XSS)	6.5	6.5	12/01/2026
Review Schema<= 2.2.6 Sensitive Data Exposure	7.48	6.5	14/01/2026
Remoji<= 2.2 Cross Site Scripting (XSS)	14.2	7.1	20/12/2025
Post Snippets<= 4.0.12 Remote Code Execution (RCE)	19.13	8.5	16/12/2025
Easy Post Submission<= 2.4.0 Broken Access Control	15	7.5	07/12/2025
Builderall Builder for WordPress<= 3.0.1 Remote Code Execution (RCE)	22.28	9.9	02/12/2025
Embed Calendly<= 4.4 Cross Site Scripting (XSS)	4.88	6.5	25/01/2026
Media LIbrary Assistant<= 3.32 SQL Injection	87.98	8.5	21/01/2026
Collapsing Categories<= 3.0.9 SQL Injection	12.75	8.5	17/01/2026
Collapsing Archives<= 3.0.7 SQL Injection	12.75	8.5	17/01/2026
WP FullCalendar<= 1.6 Broken Access Control	15	7.5	30/11/2025
Latest Post Shortcode<= 14.2.1 Broken Access Control	10.6	5.3	04/01/2026
rtMedia for WordPress, BuddyPress and bbPress<= 4.7.8 Sensitive Data Exposure	12.19	5.3	02/01/2026
Quiz And Survey Master<= 10.3.1 SQL Injection	39.1	8.5	21/11/2025
LifePress<= 2.2.1 Broken Access Control	4.3	4.3	23/12/2025
Nelio Content<= 4.2.0 SQL Injection	14.66	8.5	22/12/2025
Easy Modal<= 2.1.0 Cross Site Scripting (XSS)	4.88	6.5	12/12/2025
Ultimate Reviews<= 3.2.16 Insecure Direct Object References (IDOR)	7.95	5.3	07/12/2025
weForms<= 1.6.25 Broken Access Control	10.6	5.3	29/11/2025
Popup box<= 6.0.7 Cross Site Request Forgery (CSRF)	2.03	5.4	28/11/2025
Strong Testimonials<= 3.2.20 Broken Access Control	33.64	6.5	28/11/2025
Crowdsignal Forms<= 1.7.2 Broken Access Control	7.6	3.8	27/11/2025
Event Organiser<= 3.12.8 Broken Access Control	4.3	4.3	27/11/2025
wpDiscuz<= 7.6.43 Insecure Direct Object References (IDOR)	31.8	5.3	25/11/2025
PostX<= 5.0.3 Sensitive Data Exposure	21.2	5.3	21/11/2025
Editorial Calendar<= 3.8.8 Broken Access Control	4.66	5.4	20/11/2025
Google Calendar Events<= 3.5.9 Insecure Direct Object References (IDOR)	31.8	5.3	18/11/2025
Newsletter<= 9.0.9 SQL Injection	N/A	7.6	27/11/2025
My Calendar<= 3.6.16 Broken Access Control	4.3	4.3	18/11/2025
Post Grid and Gutenberg Blocks<= 2.3.23 Insecure Direct Object References (IDOR)	24.38	5.3	03/11/2025
Chartify<= 3.6.3 Cross Site Request Forgery (CSRF)	0.54	4.3	03/11/2025
Quiz Maker<= 6.7.0.82 Cross Site Request Forgery (CSRF)	0.54	4.3	02/11/2025
Easy Form<= 2.7.8 Broken Access Control	7.5	7.5	29/10/2025
Quick Contact Form<= 8.2.5 Cross Site Request Forgery (CSRF)	1.24	4.3	26/10/2025
Payment Form for PayPal Pro<= 1.1.72 Cross Site Scripting (XSS)	N/A	5.9	29/03/2025

Report vulnerabilities to earn bounties and rewards!

Include pending