Phat RiO - BlueRock

5972.18

XP

280

Reports

91

Reports, last 90 days

#3

2 Jan, 2026

Lvl 8

Website

GitHub

Exploited

Affected software \| Vulnerability	AXP	Severity	Reported
Worker for Elementor<= 1.0.10 Broken Access Control	N/A	5.4	Nov 10, 2025
Logger for Elementor<= 1.0.9 Broken Access Control	N/A	5.4	Nov 10, 2025
Worker for WPBakery<= 1.1.1 Broken Access Control	N/A	5.4	Nov 10, 2025
Appender<= 1.1.1 Broken Access Control	N/A	5.4	Nov 10, 2025
UnGrabber<= 3.1.3 Broken Access Control	N/A	5.4	Nov 10, 2025
Conformer for Elementor<= 1.0.7 Broken Access Control	N/A	5.4	Nov 10, 2025
Criptopayer for Elementor<= 1.0.1 Broken Access Control	N/A	5.4	Nov 10, 2025
Countdowner for Elementor<= 1.0.4 Broken Access Control	N/A	5.4	Nov 10, 2025
Headinger for Elementor<= 1.1.4 Broken Access Control	N/A	5.4	Nov 10, 2025
Couponer for Elementor<= 1.1.7 Broken Access Control	N/A	5.4	Nov 10, 2025
Watcher for Elementor<= 1.0.9 Broken Access Control	N/A	5.4	Nov 10, 2025
Questionar for Elementor<= 1.1.7 Broken Access Control	N/A	5.4	Nov 10, 2025
Gmaper for Elementor<= 1.0.9 Broken Access Control	N/A	5.4	Nov 10, 2025
Sliper for Elementor<= 1.0.10 Broken Access Control	N/A	5.4	Nov 10, 2025
Select Graphist for Elementor Graphist for Elementor<= 1.2.10 Broken Access Control	N/A	5.4	Nov 11, 2025
Walker for Elementor<= 1.1.6 Broken Access Control	N/A	5.4	Nov 10, 2025
Vango<= 1.3.3 Local File Inclusion	48.6	8.1	Apr 29, 2025
Rashy<= 1.1.3 Local File Inclusion	48.6	8.1	Apr 29, 2025
Lindo<= 1.2.5 Local File Inclusion	48.6	8.1	Apr 29, 2025
Dekoro<= 1.0.7 Local File Inclusion	48.6	8.1	Apr 29, 2025
Bfres<= 1.2.1 Local File Inclusion	48.6	8.1	Apr 29, 2025
Bailly<= 1.3.4 Local File Inclusion	48.6	8.1	Apr 29, 2025
Hyori<= 1.3.6 Local File Inclusion	48.6	8.1	Apr 29, 2025
Pippo<= 1.2.3 Local File Inclusion	48.6	8.1	Apr 29, 2025
Tech Life CPT<= 16.4 PHP Object Injection	13.2	8.8	Apr 26, 2025
Dental Care CPT<= 20.2 PHP Object Injection	13.2	8.8	Apr 26, 2025
Medicalequipment<= 1.0.9 Broken Access Control	N/A	5.3	Nov 26, 2025
Contentstudio<= 1.3.7 Arbitrary File Upload	31.4	9.1	Aug 30, 2025
Responsive Posts Carousel Pro<= 15.1 Local File Inclusion	8.44	7.5	Nov 25, 2025
Product Loops for WooCommerce<= 2.1.2 Broken Access Control	N/A	5.3	Nov 23, 2025
Share, Print and PDF Products for WooCommerce<= 3.1.2 Broken Access Control	N/A	5.3	Nov 23, 2025
Responsive Posts Carousel Pro<= 15.2 Cross Site Scripting (XSS)	3.66	6.5	Nov 25, 2025
BWL Knowledge Base Manager<= 1.6.3 Cross Site Scripting (XSS)	3.66	6.5	Nov 22, 2025
BWL Pro Voting Manager<= 1.4.9 Cross Site Scripting (XSS)	3.66	6.5	Nov 22, 2025
BWL Pro Voting Manager<= 1.4.9 SQL Injection	9.56	8.5	Nov 22, 2025
DesignThemes LMS Addon<= 2.6 Broken Access Control	N/A	5.3	Nov 18, 2025
HomeFix Elementor Portfolio<= 1.0.1 Broken Access Control	N/A	5.3	Nov 18, 2025
WeDesignTech Portfolio<= 1.0.2 Broken Access Control	10.6	5.3	Nov 18, 2025
DesignThemes Core<= 1.6 Cross Site Scripting (XSS)	4.88	6.5	Nov 17, 2025
DesignThemes Portfolio Addon<= 1.5 Cross Site Scripting (XSS)	4.88	6.5	Nov 17, 2025
ModelTheme Addons for WPBakery and Elementor< 1.5.6 Cross Site Scripting (XSS)	4.88	6.5	Nov 17, 2025
Image Caption Hover Pro< 20.0 Broken Access Control	N/A	5.4	Nov 25, 2025
Sober<= 3.5.11 Sensitive Data Exposure	10.6	5.3	Nov 20, 2025
User Extra Fields<= 16.8 Broken Access Control	10.6	5.3	Nov 23, 2025
xPromoter<= 1.3.4 SQL Injection	N/A	8.5	Nov 14, 2025
CountDown With Image or Video Background<= 1.5 SQL Injection	N/A	8.5	Nov 14, 2025
Accordion Slider PRO<= 1.2 SQL Injection	N/A	8.5	Nov 14, 2025
Directory Pro<= 2.5.6 Broken Access Control	4.3	4.3	Nov 12, 2025
WP Webhooks<= 3.3.8 Arbitrary File Upload	54	9	Nov 8, 2025
Buttoner for Elementor<= 1.0.6 Settings Change	N/A	5.4	Nov 11, 2025
Reformer for Elementor<= 1.0.6 Broken Access Control	N/A	5.4	Nov 11, 2025
Modalier for Elementor<= 1.0.6 Broken Access Control	N/A	5.4	Nov 11, 2025
Huger for Elementor<= 1.1.5 Broken Access Control	N/A	5.4	Nov 11, 2025
Lottier<= 1.1.1 Broken Access Control	N/A	5.4	Nov 11, 2025
Lottier for Elementor<= 1.0.9 Broken Access Control	N/A	5.4	Nov 11, 2025
Lottier for WPBakery<= 1.1.7 Broken Access Control	N/A	5.4	Nov 11, 2025
Laser<= 1.1.1 Broken Access Control	N/A	5.4	Nov 11, 2025
Masker for Elementor<= 1.1.4 Broken Access Control	N/A	5.4	Nov 11, 2025
Spoter for Elementor<= 1.04 Broken Access Control	N/A	5.4	Nov 11, 2025
Grider for Elementor<= 1.0.8 Broken Access Control	N/A	5.4	Nov 11, 2025
Coder for Elementor<= 1.0.13 Broken Access Control	N/A	5.4	Nov 10, 2025
Page View Count<= 2.8.7 Settings Change	5.4	5.4	Nov 8, 2025
Custom Field Template<= 2.7.5 Sensitive Data Exposure	8.6	4.3	Nov 8, 2025
Contact Form by BestWebSoft<= 4.3.6 Broken Access Control	8.6	4.3	Nov 7, 2025
WooCommerce PDF Invoices & Packing Slips<= 4.9.1 Broken Access Control	16.13	4.3	Nov 7, 2025
WP Webhooks<= 3.3.8 PHP Object Injection	N/A	7.2	Oct 27, 2025
Polylang<= 3.7.3 Deserialization of untrusted data	212.52	8.8	Sep 26, 2025
Advanced Coupons for WooCommerce Coupons<= 4.6.8 SQL Injection	45.6	7.6	Aug 6, 2025
TranslatePress<= 2.10.2 Deserialization of untrusted data	194.4	8.1	Aug 25, 2025
TF Woo Product Grid Addon For Elementor<= 1.0.1 Deserialization of untrusted data	39.2	9.8	Apr 23, 2025
Perfect Brands for WooCommerce<= 3.6.2 SQL Injection	38.25	8.5	Aug 19, 2025
Dokan<= 4.1.3 Privilege Escalation	16.2	7.2	Aug 21, 2025
Quiz And Survey Master<= 10.2.5 PHP Object Injection	78.4	9.8	Jul 15, 2025
Drag and Drop File Upload for Elementor Forms<= 1.5.3 Arbitrary File Upload	45	10	Jul 22, 2025
PDF for Gravity Forms + Drag And Drop Template Builder<= 6.5.0 PHP Object Injection	7.5	7.5	Jul 24, 2025
PDF for Contact Form 7<= 6.5.0 Deserialization of untrusted data	8.8	8.8	Jul 24, 2025
PDF for WPForms<= 6.5.0 Deserialization of untrusted data	13.2	8.8	Jul 24, 2025
PDF Invoice Builder for WooCommerce<= 6.5.0 Deserialization of untrusted data	8.8	8.8	Jul 24, 2025
PDF for Elementor Forms + Drag And Drop Template Builder<= 6.5.0 PHP Object Injection	17.6	8.8	Jul 23, 2025
Ovatheme Events<= 1.2.8 Local File Inclusion	16.2	8.1	May 2, 2025
Filr<= 1.2.10 Arbitrary File Deletion	69.3	7.7	Jul 18, 2025
Quiz And Survey Master<= 10.2.4 SQL Injection	25.5	8.5	Jul 16, 2025
WP Gravity Forms FreshDesk Plugin<= 1.3.5 Deserialization of untrusted data	19.6	9.8	Jul 10, 2025
WP Gravity Forms Insightly<= 1.1.6 Deserialization of untrusted data	19.6	9.8	Jul 10, 2025
WP Gravity Forms Keap/Infusionsoft<= 1.2.3 Deserialization of untrusted data	19.6	9.8	Jul 9, 2025
WP Gravity Forms Zoho CRM and Bigin<= 1.2.9 Deserialization of untrusted data	29.4	9.8	Jul 9, 2025
WP Gravity Forms Constant Contact Plugin<= 1.1.2 Deserialization of untrusted data	29.4	9.8	Jul 9, 2025
WP Gravity Forms HubSpot<= 1.2.6 Deserialization of untrusted data	29.4	9.8	Jul 9, 2025
Connector for Gravity Forms and Google Sheets<= 1.2.6 PHP Object Injection	39.2	9.8	Jul 9, 2025
WP Gravity Forms Salesforce<= 1.5.1 PHP Object Injection	39.2	9.8	Jul 9, 2025
Easy Form Builder<= 3.8.15 SQL Injection	37.2	9.3	Jun 19, 2025
Form Block<= 1.5.5 Arbitrary File Upload	108	9	Jul 8, 2025
Cube Portfolio<= 1.16.8 SQL Injection	17	8.5	May 8, 2025
Simple File List<= 6.1.14 Arbitrary File Download	45	7.5	Jun 18, 2025
Wholesale Suite<= 2.2.4.2 Privilege Escalation	9.32	7.2	Jun 23, 2025
ReachShip WooCommerce Multi-Carrier & Conditional Shipping<= 4.3.1 Arbitrary File Upload	N/A	9.9	Apr 18, 2025
Allmart<= 1.0.0 Server Side Request Forgery (SSRF)	N/A	7.2	Apr 25, 2025
Everest Forms - Frontend Listing<= 1.0.5 PHP Object Injection	39.2	9.8	Jun 2, 2025
Elessi< 6.4.1 Local File Inclusion	15	7.5	May 2, 2025
SureForms<= 1.7.3 Arbitrary File Deletion	N/A	8.1	No date

Report vulnerabilities to earn bounties and rewards!

Include pending