Steven Julian

Say thanks

1,250.50

XP

86

Reports

15

Reports, last 90 days

#22

3 Apr, 2026

🇮🇩

Lvl 4

Website

GitHub

Exploited

Affected software \| Vulnerability	AXP	Severity	Reported
e2pdf<= 1.28.15 Broken Access Control	8.63	5	02/02/2026
FooGallery<= 3.1.11 Broken Access Control	12.9	4.3	16/01/2026
FooGallery<= 3.1.11 Cross Site Scripting (XSS)	11.8	5.9	16/01/2026
WP Activity Log<= 5.5.4 Cross Site Scripting (XSS)	56.06	6.5	08/01/2026
MailChimp Subscribe Forms <= 4.0.9.7 Cross Site Scripting (XSS)	2.95	5.9	29/02/2024
StreamCast<= 2.2.3 Cross Site Scripting (XSS)	2.95	5.9	23/02/2024
Slider by Soliloquy<= 2.7.6 Cross Site Scripting (XSS)	8.85	5.9	26/01/2024
iPanorama 360 WordPress Virtual Tour Builder<= 1.8.3 Broken Access Control	10.6	5.3	24/01/2024
e2pdf<= 1.20.27 Broken Access Control	5.4	5.4	13/02/2024
Depicter Slider<= 3.0.2 Cross Site Scripting (XSS)	8.85	5.9	25/01/2024
Transition Slider – Responsive Image Slider and Gallery<= 2.20.3 Cross Site Scripting (XSS)	3.25	5.9	01/02/2024
Slideshow SE<= 2.5.20 Cross Site Scripting (XSS)	2.95	5.9	26/01/2024
Serious Slider<= 1.2.4 Cross Site Scripting (XSS)	6.5	6.5	21/03/2024
Awesome Support<= 6.1.7 Broken Access Control	4.3	4.3	30/01/2024
Slider Responsive Slideshow – Image slider, Gallery slideshow<= 1.4.0 Broken Access Control	4.3	4.3	07/02/2024
Image Gallery – Lightbox Gallery, Responsive Photo Gallery, Masonry Gallery<= 1.4.5 Broken Access Control	4.3	4.3	07/02/2024
Album Gallery – WordPress Gallery<= 1.5.7 Broken Access Control	4.3	4.3	07/02/2024
Media Slider – Photo Sleder, Video Slider, Link Slider, Carousal Slideshow<= 1.3.9 Broken Access Control	4.3	4.3	07/02/2024
Integrate Google Drive<= 1.3.93 Broken Authentication	10.6	5.3	14/01/2024
WP-Recall<= 16.26.6 Cross Site Request Forgery (CSRF)	2.7	5.4	17/01/2024
Radio Player<= 2.0.73 Broken Access Control	10.6	5.3	29/01/2024
Video Gallery – Api Gallery, YouTube and Vimeo, Link Gallery<= 1.5.3 Broken Access Control	4.3	4.3	06/02/2024
Mooberry Book Manager<= 4.15.12 Sensitive Data Exposure	10.6	5.3	25/01/2024
Popup box<= 4.1.2 Cross Site Request Forgery (CSRF)	7.1	7.1	25/01/2024
Masteriyo - LMS<= 1.7.3 Broken Authentication	10.6	5.3	17/01/2024
Academy LMS<= 1.9.16 Broken Access Control	7.1	7.1	12/01/2024
Digital Publications by Supsystic<= 1.7.7 Broken Access Control	10.6	5.3	08/01/2024
iPages Flipbook<= 1.5.1 Broken Access Control	10.6	5.3	22/01/2024
Print My Blog<= 3.26.2 Broken Access Control	10.6	5.3	23/01/2024
Filterable Portfolio<= 1.6.5 Cross Site Scripting (XSS)	N/A	5.9	06/03/2024
Serious Slider<= 1.2.4 Cross Site Request Forgery (CSRF)	4.3	4.3	21/03/2024
Five Star Restaurant Reservations<= 2.6.16 Broken Access Control	10.6	5.3	18/01/2024
Radio Player<= 2.0.73 Server Side Request Forgery (SSRF)	10.8	5.4	29/01/2024
Photo Gallery by 10Web<= 1.8.20 Broken Access Control	53	5.3	23/01/2024
Crelly Slider<= 1.4.5 Insecure Direct Object References (IDOR)	4.3	4.3	21/03/2024
FV Flowplayer Video Player<= 7.5.43.7212 Server Side Request Forgery (SSRF)	9.8	4.9	29/02/2024
Integrate Google Drive<= 1.3.8 Broken Access Control	16.6	8.3	05/03/2024
Data Tables Generator by Supsystic<= 1.10.31 Broken Access Control	4.3	4.3	09/01/2024
Integrate Google Drive<= 1.3.9 Broken Access Control	10.6	5.3	14/01/2024
Pricing Table by Supsystic<= 1.9.12 Content Injection	4.3	4.3	05/01/2024
VikRentCar<= 1.3.2 Sensitive Data Exposure	11.8	5.9	20/01/2024
Vision Interactive<= 1.7.1 Broken Access Control	10.6	5.3	29/01/2024
Real 3D FlipBook<= 3.62 Cross Site Scripting (XSS)	14.2	7.1	25/01/2024
Popup Anything<= 2.8 Broken Access Control	31.8	5.3	30/01/2024
Gutenberg Block Editor Toolkit<= 1.40.4 Cross Site Scripting (XSS)	9.75	6.5	18/01/2024
Photo Gallery by 10Web<= 1.8.21 Cross Site Scripting (XSS)	71	7.1	23/01/2024
Radio Player<= 2.0.73 Sensitive Data Exposure	5.4	5.4	04/03/2024
RestroPress<= 3.1.2 Cross Site Request Forgery (CSRF)	2.7	5.4	08/02/2024
CP Media Player<= 1.1.3 Cross Site Request Forgery (CSRF)	2.7	5.4	26/01/2024
Feather Login Page<= 1.1.5 Cross Site Request Forgery (CSRF)	2.15	4.3	29/02/2024
Popup by Supsystic<= 1.10.27 Broken Access Control	4.3	4.3	08/01/2024
e2pdf<= 1.20.27 Cross Site Request Forgery (CSRF)	2.7	5.4	13/02/2024
BookingPress<= 1.0.81 Insecure Direct Object References (IDOR)	4.3	4.3	02/01/2024
Masteriyo - LMS<= 1.7.2 Privilege Escalation	29.4	9.8	15/01/2024
Ultimate Maps by Supsystic<= 1.2.16 Cross Site Request Forgery (CSRF)	0.54	4.3	09/01/2024
Easy Google Maps<= 1.11.11 Cross Site Request Forgery (CSRF)	1.08	4.3	09/01/2024
Whizzy<= 1.1.18 Broken Access Control	10.6	5.3	29/01/2024
Whizzy<= 1.1.18 Insecure Direct Object References (IDOR)	6.5	6.5	29/01/2024
MP3 Audio Player for Music, Radio & Podcast by Sonaar<= 5.1 Cross Site Scripting (XSS)	4.88	6.5	04/03/2024
Spiffy Calendar<= 4.9.10 Broken Access Control	4.05	5.4	11/03/2024
MP3 Audio Player for Music, Radio & Podcast by Sonaar<= 5.1 Broken Access Control	7.6	7.6	04/03/2024
Landing Page Builder<= 1.5.1.7 Cross Site Scripting (XSS)	2.95	5.9	05/02/2024
Web Icons<= 1.0.0.10 Cross Site Scripting (XSS)	4.88	6.5	18/01/2024
WCFM – Frontend Manager for WooCommerce<= 6.7.8 Cross Site Scripting (XSS)	2.95	5.9	12/01/2024
Aparat for WordPress<= 2.2.0 Cross Site Scripting (XSS)	4.88	6.5	30/01/2024
PDF Embedder<= 4.6.4 Cross Site Scripting (XSS)	20.63	5.5	24/01/2024
Five Star Restaurant Menu<= 2.4.14 Cross Site Scripting (XSS)	4.88	6.5	24/01/2024
Download Media<= 1.4.2 Broken Access Control	4.3	4.3	10/02/2024
My Calendar<= 3.4.23 Cross Site Scripting (XSS)	4.88	6.5	18/01/2024
Five Star Restaurant Reviews<= 2.3.5 Cross Site Scripting (XSS)	4.88	6.5	24/01/2024

Report vulnerabilities to earn bounties and rewards!

Include pending