Pricing
Solutions
WordPress security
Instantly fix and mitigate vulnerabilities
Plugin auditing
Paid auditing for WordPress vendors
Managed VDP
Start a security program for your plugins
Bug Bounty
Join the community and earn bounties
Enterprise API
At scale monitoring and vPatching for hosts
Vulnerability database
The latest WordPress security intelligence
Login
Start trial
Phat RiO - BlueRock
4158.56
XP
184
Reports
1
Reports, last 90 days
#1
18 Nov, 2025
Lvl 7
1
1
1
3
Website
X
GitHub
Sort by
Priority
Severity
Exploited
Search
Affected software | Vulnerability
CVE
AXP
Severity
Reported
Polylang
<= 3.7.3
Deserialization of untrusted data
212.52
8.8
No date
Advanced Coupons for WooCommerce Coupons
<= 4.6.8
SQL Injection
45.6
7.6
No date
TranslatePress
<= 2.10.2
Deserialization of untrusted data
194.4
8.1
Aug 25, 2025
TF Woo Product Grid Addon For Elementor
<= 1.0.1
Deserialization of untrusted data
39.2
9.8
Apr 23, 2025
Perfect Brands for WooCommerce
<= 3.6.2
SQL Injection
38.25
8.5
Aug 19, 2025
Dokan
<= 4.1.3
Privilege Escalation
16.2
7.2
Aug 21, 2025
Quiz And Survey Master
<= 10.2.5
PHP Object Injection
78.4
9.8
Jul 15, 2025
Drag and Drop File Upload for Elementor Forms
<= 1.5.3
Arbitrary File Upload
45
10
Jul 22, 2025
PDF for Gravity Forms + Drag And Drop Template Builder
<= 6.3.0
PHP Object Injection
7.5
7.5
Jul 24, 2025
PDF for Contact Form 7
<= 6.3.0
Deserialization of untrusted data
8.8
8.8
Jul 24, 2025
PDF for WPForms
<= 6.3.0
Deserialization of untrusted data
13.2
8.8
Jul 24, 2025
PDF Invoice Builder for WooCommerce
<= 6.3.2
Deserialization of untrusted data
8.8
8.8
Jul 24, 2025
PDF for Elementor Forms + Drag And Drop Template Builder
<= 6.3.1
PHP Object Injection
17.6
8.8
Jul 23, 2025
Ovatheme Events
<= 1.2.8
Local File Inclusion
16.2
8.1
May 2, 2025
Filr
<= 1.2.10
Arbitrary File Deletion
69.3
7.7
Jul 18, 2025
Quiz And Survey Master
<= 10.2.4
SQL Injection
25.5
8.5
Jul 16, 2025
WP Gravity Forms FreshDesk Plugin
<= 1.3.5
Deserialization of untrusted data
19.6
9.8
Jul 10, 2025
WP Gravity Forms Insightly
<= 1.1.6
Deserialization of untrusted data
19.6
9.8
Jul 10, 2025
WP Gravity Forms Keap/Infusionsoft
<= 1.2.3
Deserialization of untrusted data
19.6
9.8
Jul 9, 2025
WP Gravity Forms Zoho CRM and Bigin
<= 1.2.9
Deserialization of untrusted data
29.4
9.8
Jul 9, 2025
WP Gravity Forms Constant Contact Plugin
<= 1.1.2
Deserialization of untrusted data
29.4
9.8
Jul 9, 2025
WP Gravity Forms HubSpot
<= 1.2.6
Deserialization of untrusted data
29.4
9.8
Jul 9, 2025
Connector for Gravity Forms and Google Sheets
<= 1.2.6
PHP Object Injection
39.2
9.8
Jul 9, 2025
WP Gravity Forms Salesforce
<= 1.5.1
PHP Object Injection
39.2
9.8
Jul 9, 2025
Easy Form Builder
<= 3.8.15
SQL Injection
37.2
9.3
Jun 19, 2025
Form Block
<= 1.5.5
Arbitrary File Upload
108
9
Jul 8, 2025
Cube Portfolio
<= 1.16.8
SQL Injection
17
8.5
May 8, 2025
Simple File List
<= 6.1.14
Arbitrary File Download
45
7.5
Jun 18, 2025
Wholesale Suite
<= 2.2.4.2
Privilege Escalation
9.32
7.2
Jun 23, 2025
ReachShip WooCommerce Multi-Carrier & Conditional Shipping
<= 4.3.1
Arbitrary File Upload
N/A
9.9
Apr 18, 2025
Allmart
<= 1.0.0
Server Side Request Forgery (SSRF)
N/A
7.2
Apr 25, 2025
Everest Forms - Frontend Listing
<= 1.0.5
PHP Object Injection
39.2
9.8
Jun 2, 2025
Elessi
< 6.4.1
Local File Inclusion
15
7.5
May 2, 2025
SureForms
<= 1.7.3
Arbitrary File Deletion
N/A
8.1
No date
WooCommerce Product Multi-Action
<= 1.3
Deserialization of untrusted data
N/A
9.8
Apr 23, 2025
Kossy - Minimalist eCommerce WordPress Theme
<= 1.45
Local File Inclusion
16.2
8.1
May 12, 2025
Domnoo
<= 1.49
Local File Inclusion
16.2
8.1
May 13, 2025
PrintXtore
< 1.7.7
Local File Inclusion
48.6
8.1
Apr 27, 2025
Puca
<= 2.6.33
Local File Inclusion
48.6
8.1
Apr 30, 2025
Sofass
<= 1.3.4
Local File Inclusion
48.6
8.1
Apr 25, 2025
Zenny
<= 1.7.5
Local File Inclusion
48.6
8.1
Apr 25, 2025
WPKit For Elementor
<= 1.1.0
Privilege Escalation
58.8
9.8
Apr 20, 2025
Diza
<= 1.3.8
Local File Inclusion
48.6
8.1
Apr 30, 2025
Aora
<= 1.3.9
Local File Inclusion
48.6
8.1
Apr 30, 2025
Hara
<= 1.2.10
Local File Inclusion
48.6
8.1
Apr 30, 2025
Maia
<= 1.1.15
Local File Inclusion
48.6
8.1
Apr 30, 2025
Zota
<= 1.3.8
Local File Inclusion
48.6
8.1
Apr 30, 2025
Sapa
<= 1.1.14
Local File Inclusion
48.6
8.1
Apr 30, 2025
Ruza
<= 1.0.7
Local File Inclusion
48.6
8.1
Apr 30, 2025
Nika
<= 1.2.8
Local File Inclusion
48.6
8.1
Apr 30, 2025
Lasa
<= 1.1
Local File Inclusion
48.6
8.1
Apr 30, 2025
Besa
<= 2.3.8
Local File Inclusion
48.6
8.1
Apr 30, 2025
Fana
<= 1.1.28
Local File Inclusion
48.6
8.1
Apr 30, 2025
Reformer for Elementor
<= 1.0.5
Arbitrary File Upload
N/A
10
Apr 23, 2025
Flozen
< 1.5.1
Arbitrary File Upload
20
10
May 2, 2025
Themify Edmin
<= 2.0.0
PHP Object Injection
N/A
8.8
Apr 6, 2025
GiftXtore
<= 1.7.5
Local File Inclusion
48.6
8.1
Apr 28, 2025
Fitrush
<= 1.3.4
Local File Inclusion
48.6
8.1
Apr 28, 2025
CraftXtore
<= 1.7
Local File Inclusion
48.6
8.1
Apr 28, 2025
Petito
<= 1.6.4
Local File Inclusion
48.6
8.1
Apr 28, 2025
Civi Framework
<= 2.1.6
Cross Site Request Forgery (CSRF)
3.55
7.1
Jun 1, 2025
BRW
<= 1.8.6
Cross Site Scripting (XSS)
4.88
6.5
May 4, 2025
BRW
<= 1.8.6
Local File Inclusion
11.25
7.5
May 4, 2025
Nasa Core
< 6.4.1
Cross Site Scripting (XSS)
4.88
6.5
May 4, 2025
Simple Business Directory Pro
< 15.6.9
Privilege Escalation
58.8
9.8
Apr 11, 2025
DZS Video Gallery
<= 12.25
PHP Object Injection
17.6
8.8
Apr 13, 2025
ELEX WordPress HelpDesk & Customer Ticketing System
<= 3.2.9
Arbitrary File Upload
29.7
9.9
Mar 27, 2025
Message Filter for Contact Form 7
<= 1.6.3.2
SQL Injection
N/A
7.6
Jan 22, 2025
Team Members Plugin
<= 3.4.4
PHP Object Injection
13.2
8.8
Mar 7, 2025
uListing
<= 2.2.0
Deserialization of untrusted data
17.6
8.8
Feb 25, 2025
Split Test For Elementor
<= 1.8.3
SQL Injection
7.6
7.6
Jan 20, 2025
uListing
<= 2.2.0
SQL Injection
N/A
7.6
Jan 26, 2025
Easy Contact
<= 0.1.2
Cross Site Scripting (XSS)
14.2
7.1
Jan 23, 2025
BookingPress
<= 1.1.28
SQL Injection
N/A
7.6
Jan 26, 2025
Vitepos
<= 3.1.4
Broken Authentication
26.4
8.8
Feb 1, 2025
Timetics
<= 1.0.29
Broken Access Control
10.6
5.3
Feb 18, 2025
Vimeotheque
<= 2.3.4.2
SQL Injection
12.75
8.5
Feb 21, 2025
Auto Ad Inserter – Increase Google Adsense and Ad Manager Revenue
<= 1.5
Settings Change
N/A
7.2
Feb 10, 2025
ProfileGrid
<= 5.9.4.3
PHP Object Injection
17.6
8.8
Jan 19, 2025
WP Yelp Review Slider
<= 8.1
SQL Injection
N/A
7.6
Jan 26, 2025
Flexmls® IDX
<= 3.14.27
PHP Object Injection
39.2
9.8
Jan 25, 2025
WordPress Assistant
<= 1.5.1
PHP Object Injection
7.2
7.2
Jan 20, 2025
Doctor Appointment Booking
<= 1.0.0
Local File Inclusion
22.5
7.5
Feb 4, 2025
Doctor Appointment Booking
<= 1.0.0
SQL Injection
17
8.5
Feb 4, 2025
All In Menu
<= 1.1.5
SQL Injection
17
8.5
Feb 4, 2025
Vitepos
<= 3.1.3
Broken Access Control
6.5
6.5
Feb 1, 2025
WP Airbnb Review Slider
<= 3.9
SQL Injection
N/A
7.6
Jan 22, 2025
uListing
<= 2.1.6
SQL Injection
12.75
8.5
Jan 24, 2025
uListing
<= 2.1.6
SQL Injection
37.2
9.3
Jan 24, 2025
BookPress – For Book Authors
<= 1.2.7
Cross Site Request Forgery (CSRF)
3.55
7.1
Jan 27, 2025
BookPress – For Book Authors
<= 1.2.7
Broken Access Control
16.4
8.2
Jan 27, 2025
Report vulnerabilities to earn bounties and rewards!
Read more
Include pending
Back to top