Nabil Irawan

Say thanks

1449.05

XP

492

Reports

9

Reports, last 90 days

#10

2 Jan, 2026

Lvl 4

Website

GitHub

Exploited

Affected software \| Vulnerability	AXP	Severity	Reported
Signature Add-On for Gravity Forms<= 1.8.6 Broken Access Control	4.3	4.3	Sep 24, 2025
Pardakht Delkhah<= 3.0.0 Cross Site Request Forgery (CSRF)	0.54	4.3	Sep 26, 2025
Co-marquage service-public.fr<= 0.5.77 Cross Site Request Forgery (CSRF)	0.54	4.3	Oct 11, 2025
WP Gmail SMTP<= 1.0.7 Cross Site Request Forgery (CSRF)	0.54	4.3	Oct 13, 2025
Hide Plugins<= 1.0.4 Broken Access Control	4.3	4.3	Oct 11, 2025
Post Snippets<= 4.0.11 Cross Site Request Forgery (CSRF)	1.08	4.3	Oct 15, 2025
Accordion Slider Gallery<= 2.7 Broken Access Control	3.23	4.3	Oct 19, 2025
FormFacade<= 1.4.1 Cross Site Request Forgery (CSRF)	0.54	4.3	Oct 21, 2025
Post Video Players<= 1.163 Sensitive Data Exposure	3.23	4.3	Oct 27, 2025
Robots.txt rewrite<= 1.6.1 Cross Site Request Forgery (CSRF)	0.54	4.3	Oct 27, 2025
Download Media Library<= 0.2.1 Sensitive Data Exposure	10.6	5.3	Oct 11, 2025
Trash Duplicate and 301 Redirect<= 1.9.1 Broken Access Control	10.6	5.3	Oct 13, 2025
AI Copilot<= 1.4.7 Broken Access Control	10.6	5.3	Oct 11, 2025
Realbig<= 1.1.3 Broken Access Control	10.6	5.3	Oct 27, 2025
DMCA Protection Badge<= 2.2.0 Broken Access Control	10.6	5.3	Oct 27, 2025
Portfolio Gallery<= 1.4.8 Broken Access Control	5.4	5.4	Sep 24, 2025
Reuters Direct<= 3.0.0 Broken Access Control	N/A	5.3	Nov 4, 2025
Add Custom Codes<= 4.80 Broken Access Control	5.4	5.4	Oct 9, 2025
EasyIndex<= 1.1.1704 Cross Site Request Forgery (CSRF)	0.68	5.4	Oct 11, 2025
OpenHook<= 4.3.1 Cross Site Request Forgery (CSRF)	0.68	5.4	Oct 13, 2025
Contact Form Widget<= 1.5.1 Cross Site Request Forgery (CSRF)	0.68	5.4	Oct 21, 2025
Core Web Vitals & PageSpeed Booster<= 1.0.27 Broken Access Control	5.4	5.4	Oct 27, 2025
Add Featured Image Custom Link<= 2.0.0 Cross Site Scripting (XSS)	2.95	5.9	Oct 13, 2025
Logo Slider , Logo Carousel , Logo showcase , Client Logo<= 1.8.1 Cross Site Scripting (XSS)	2.95	5.9	Oct 13, 2025
WP Post Signature<= 0.4.1 Cross Site Scripting (XSS)	2.95	5.9	Oct 13, 2025
Post Video Players<= 1.163 Cross Site Scripting (XSS)	2.95	5.9	Oct 27, 2025
MX Time Zone Clocks<= 5.1.1 Cross Site Scripting (XSS)	4.88	6.5	Oct 27, 2025
Import into Easy Property Listings<= 2.2.1 Cross Site Request Forgery (CSRF)	0.54	4.3	Oct 9, 2025
CodeColorer<= 0.10.1 Cross Site Scripting (XSS)	14.2	7.1	Sep 30, 2025
Slider Templates<= 1.0.3 Broken Access Control	13	6.5	Sep 24, 2025
Discussion Board<= 2.5.7 Broken Access Control	3.71	4.3	Nov 28, 2025
WP Document Revisions<= 3.7.2 Broken Access Control	1.35	2.7	Nov 25, 2025
Vimeotheque<= 2.3.5.2 Cross Site Request Forgery (CSRF)	0.54	4.3	Nov 25, 2025
Fast User Switching<= 1.4.10 Cross Site Request Forgery (CSRF)	0.54	4.3	Nov 25, 2025
Category Icon<= 1.0.2 Cross Site Scripting (XSS)	2.95	5.9	Nov 25, 2025
YITH Slider for page builders<= 1.0.11 Broken Access Control	5.4	5.4	Nov 24, 2025
Advanced Classifieds & Directory Pro<= 3.2.9 Cross Site Request Forgery (CSRF)	0.54	4.3	Nov 24, 2025
Virusdie<= 1.1.6 Broken Access Control	4.3	4.3	Nov 21, 2025
Virusdie<= 1.1.6 Sensitive Data Exposure	4.3	4.3	Nov 21, 2025
WPBakery Visual Composer WHMCS Elements<= 1.0.4.3 Cross Site Scripting (XSS)	4.43	5.9	Nov 17, 2025
Simple Keyword to Link<= 1.5 Cross Site Request Forgery (CSRF)	0.68	5.4	Nov 17, 2025
Yaad Sarig Payment Gateway For WC<= 2.2.10 Broken Access Control	10.6	5.3	Nov 15, 2025
UseStrict's Calendly Embedder<= 1.1.7.2 Cross Site Scripting (XSS)	4.43	5.9	Nov 17, 2025
VK Google Job Posting Manager<= 1.2.22 Cross Site Scripting (XSS)	4.88	6.5	Nov 16, 2025
Semrush Content Toolkit<= 1.1.32 Cross Site Request Forgery (CSRF)	0.68	5.4	Nov 16, 2025
Meks Quick Plugin Disabler<= 1.0 Cross Site Request Forgery (CSRF)	0.68	5.4	Nov 16, 2025
Accessibility by AudioEye<= 1.0.49 Broken Access Control	4.3	4.3	Nov 14, 2025
Import external attachments<= 1.5.12 Broken Access Control	4.3	4.3	Nov 14, 2025
Trinity Audio<= 5.23.3 Broken Access Control	4.3	4.3	Nov 12, 2025
Fix Media Library<= 2.0 Sensitive Data Exposure	10.6	5.3	Nov 12, 2025
WP Coupons and Deals<= 3.2.4 Broken Access Control	4.3	4.3	Nov 11, 2025
Freshchat<= 2.3.4 Cross Site Request Forgery (CSRF)	0.54	4.3	Nov 11, 2025
RTL Tester<= 1.2 Cross Site Request Forgery (CSRF)	0.54	4.3	Nov 11, 2025
WP Flashy Marketing Automation<= 2.0.8 Cross Site Request Forgery (CSRF)	0.54	4.3	Nov 8, 2025
WP Email Capture<= 3.12.4 Broken Access Control	12.19	5.3	Nov 8, 2025
Integration for Salesforce and Contact Form 7, WPForms, Elementor, Formidable, Ninja <= 1.4.6 Broken Access Control	4.95	4.3	Nov 8, 2025
Table Block by Tableberg<= 0.6.9 Broken Access Control	4.3	4.3	Nov 8, 2025
Social Photo Fetcher<= 3.0.4 Cross Site Request Forgery (CSRF)	0.54	4.3	Nov 8, 2025
Just TinyMCE Custom Styles<= 1.2.1 Cross Site Request Forgery (CSRF)	0.54	4.3	Nov 8, 2025
PDF Thumbnail Generator<= 1.4 Cross Site Request Forgery (CSRF)	0.62	4.3	Nov 6, 2025
Gravitec.net – Web Push Notifications<= 2.9.17 Broken Access Control	4.3	4.3	Nov 6, 2025
Ergonet Cache<= 1.0.13 Broken Access Control	4.3	4.3	Nov 6, 2025
Auto Alt Text<= 2.5.2 Cross Site Request Forgery (CSRF)	0.54	4.3	Nov 6, 2025
Advanced FAQ Manager<= 1.5.2 Cross Site Scripting (XSS)	2.95	5.9	Nov 6, 2025
Post Cloner<= 1.0.0 Broken Access Control	10.6	5.3	Nov 5, 2025
SendPulse Email Marketing Newsletter<= 2.2.1 Sensitive Data Exposure	4.3	4.3	Nov 5, 2025
Portfolio and Projects<= 1.5.5 Sensitive Data Exposure	3.23	4.3	Nov 5, 2025
Image Cleanup<= 1.9.2 Sensitive Data Exposure	10.6	5.3	Nov 4, 2025
Image Cleanup<= 1.9.2 Broken Access Control	4.3	4.3	Nov 4, 2025
User Spam Remover<= 1.1 Sensitive Data Exposure	10.6	5.3	Nov 4, 2025
SMTP Mail<= 1.3.51 Cross Site Request Forgery (CSRF)	0.54	4.3	Nov 4, 2025
Media Library Downloader<= 1.4.0 Cross Site Request Forgery (CSRF)	0.54	4.3	Nov 4, 2025
Custom Sidebars by ProteusThemes<= 1.0.3 Cross Site Request Forgery (CSRF)	0.54	4.3	Nov 4, 2025
TNC Toolbox: Web Performance<= 2.0.4 Broken Access Control	4.3	4.3	Oct 30, 2025
Quick Interest Slider<= 3.1.5 Cross Site Request Forgery (CSRF)	0.54	4.3	Oct 30, 2025
Quick Interest Slider<= 3.1.5 Broken Access Control	10.6	5.3	Oct 30, 2025
Flexmls® IDX<= 3.15.7 Open Redirection	9.4	4.7	Oct 30, 2025
ConveyThis<= 268.10 Broken Access Control	10.6	5.3	Oct 30, 2025
Featured Post Creative<= 1.5.5 Broken Access Control	3.23	4.3	Oct 27, 2025
Giveaways and Contests by RafflePress<= 1.12.20 Cross Site Request Forgery (CSRF)	1.24	4.3	Oct 22, 2025
Offload, AI & Optimize with Cloudflare Images<= 1.9.5 Broken Access Control	6.5	6.5	Oct 21, 2025
CBX Bookmark & Favorite<= 2.0.1 Broken Access Control	4.3	4.3	Oct 19, 2025
WP Google Review Slider<= 17.4 Broken Access Control	10.8	5.4	Oct 15, 2025
WP YouTube Lyte<= 1.7.28 Open Redirection	13.6	3.4	Oct 15, 2025
WP Social Ninja<= 3.20.1 Broken Access Control	29.9	6.5	Oct 15, 2025
Auto Prune Posts<= 3.0.0 Cross Site Request Forgery (CSRF)	0.81	6.5	Oct 9, 2025
WP Content Pilot<= 2.1.7 Broken Access Control	5.4	5.4	Oct 9, 2025
Geo Controller<= 8.9.4 Sensitive Data Exposure	12.19	5.3	Oct 9, 2025
Login Page Customizer – Customizer Login Page, Admin Page, Custom Design<= 2.1.1 Broken Access Control	13	6.5	Oct 9, 2025
WP Snow Effect<= 1.1.19 Broken Access Control	N/A	5.3	Sep 24, 2025
I Order Terms<= 1.5.0 Cross Site Request Forgery (CSRF)	0.54	4.3	Sep 30, 2025
Media Library File Download<= 1.4 Cross Site Request Forgery (CSRF)	0.54	4.3	Sep 27, 2025
DoFollow Case by Case<= 3.5.1 Cross Site Request Forgery (CSRF)	0.54	4.3	Sep 26, 2025
Slider Templates<= 1.0.3 Server Side Request Forgery (SSRF)	4.9	4.9	Sep 24, 2025
WPComplete<= 2.9.5.3 Broken Access Control	18.29	5.3	Sep 24, 2025
ThemeRain Core<= 1.1.9 Broken Access Control	10.6	5.3	Sep 24, 2025
Sendle Shipping<= 6.02 Broken Access Control	10.6	5.3	Sep 19, 2025
Raychat<= 2.2.1 Cross Site Request Forgery (CSRF)	0.54	4.3	Sep 19, 2025
Headline Analyzer<= 1.3.7 Cross Site Scripting (XSS)	4.88	6.5	Sep 19, 2025
BuddyForms<= 2.9.0 Broken Access Control	10.6	5.3	Sep 19, 2025

Report vulnerabilities to earn bounties and rewards!

Include pending