Nabil Irawan

Say thanks

2,680.71

XP

635

Reports

32

Reports, last 90 days

#11

17 Feb, 2026

🇮🇩

Lvl 5

Website

GitHub

Exploited

Affected software \| Vulnerability	AXP	Severity	Reported
Real 3D FlipBook<= 4.16.4 Broken Access Control	1.9	3.8	Dec 28, 2025
Cliengo – Chatbot<= 3.0.4 Broken Access Control	6.5	6.5	Nov 25, 2025
Mizan Demo Importer<= 0.1.3 Broken Access Control	5.4	5.4	Dec 31, 2025
WP Sync for Notion<= 1.7.0 Broken Access Control	3.23	4.3	Dec 31, 2025
Atarim<= 4.3.1 Broken Access Control	24.38	5.3	Dec 31, 2025
WP Wand<= 1.3.07 Broken Access Control	4.05	5.4	Dec 31, 2025
OSM<= 6.1.12 Broken Access Control	3.23	4.3	Dec 30, 2025
Knowledge Base for Documentation, FAQs with AI Assistance<= 16.011.0 Broken Access Control	4.3	4.3	Dec 30, 2025
Broken Link Notifier<= 1.3.4 Broken Access Control	10.6	5.3	Dec 30, 2025
SupportCandy<= 3.4.4 Broken Access Control	10.6	5.3	Dec 30, 2025
JAMstack Deployments<= 1.1.1 Broken Access Control	4.3	4.3	Dec 29, 2025
WP-CORS<= 0.2.2 Broken Access Control	4.3	4.3	Dec 29, 2025
Zita Elementor Site Library<= 1.6.6 Cross Site Request Forgery (CSRF)	4.3	4.3	Dec 29, 2025
Revision Manager TMC<= 2.8.22 Cross Site Request Forgery (CSRF)	4.3	4.3	Dec 29, 2025
Enter Addons<= 2.3.2 Cross Site Request Forgery (CSRF)	4.3	4.3	Dec 29, 2025
Kama Thumbnail<= 3.5.1 Cross Site Request Forgery (CSRF)	4.3	4.3	Dec 27, 2025
WP Subscribe<= 1.2.16 Broken Access Control	4.3	4.3	Dec 27, 2025
WP FullCalendar<= 1.6 Sensitive Data Exposure	10.6	5.3	Dec 27, 2025
Nexter Blocks<= 4.6.3 Sensitive Data Exposure	9.89	4.3	Dec 27, 2025
Tablesome<= 1.2.3 Broken Access Control	4.95	4.3	Dec 27, 2025
CLP Varnish Cache<= 1.0.2 Broken Access Control	10.6	5.3	Dec 27, 2025
SiteLock Security – WP Hardening, Login Security & Malware Scans<= 5.0.2 Broken Access Control	4.3	4.3	Dec 26, 2025
Share This Image<= 2.09 Broken Access Control	24.38	5.3	Dec 26, 2025
TOP Table Of Contents<= 1.3.31 Broken Access Control	4.3	4.3	Dec 26, 2025
Booter<= 1.5.7 Broken Access Control	4.3	4.3	Dec 26, 2025
Automatic Featured Images from Videos<= 1.2.7 Broken Access Control	3.23	4.3	Dec 26, 2025
Protección de datos – RGPD<= 0.68 Broken Access Control	10.6	5.3	Dec 25, 2025
Integrate Google Drive<= 1.5.6 Broken Access Control	6.21	5.4	Dec 25, 2025
Download After Email<= 2.1.9 Broken Access Control	10.6	5.3	Dec 25, 2025
WP Term Order<= 2.1.0 Cross Site Request Forgery (CSRF)	4.3	4.3	Dec 25, 2025
WP Job Portal<= 2.4.3 Insecure Direct Object References (IDOR)	9.89	4.3	Dec 25, 2025
Materialis Companion<= 1.3.52 Broken Access Control	4.3	4.3	Dec 25, 2025
HD Quiz<= 2.0.9 Broken Access Control	4.3	4.3	Dec 25, 2025
Sunshine Photo Cart<= 3.5.7.2 Broken Access Control	24.38	5.3	Dec 24, 2025
Radio Player<= 2.0.91 Server Side Request Forgery (SSRF)	12.42	5.4	Dec 24, 2025
Monetag Official Plugin<= 1.1.3 Broken Access Control	5.4	5.4	Dec 24, 2025
Extensions For CF7<= 3.4.0 Insecure Direct Object References (IDOR)	3.98	5.3	Dec 24, 2025
ElementCamp<= 2.3.2 Broken Access Control	10.6	5.3	Dec 23, 2025
Contact Form 7 GetResponse Extension<= 1.0.8 Sensitive Data Exposure	10.6	5.3	Dec 23, 2025
Integration for Contact Form 7 HubSpot<= 1.4.3 Sensitive Data Exposure	5.3	5.3	Dec 23, 2025
Autoshare for Twitter<= 2.3.1 Broken Access Control	12.42	5.4	Dec 23, 2025
Cloudinary<= 3.3.1 Broken Access Control	5.4	5.4	Dec 23, 2025
FluentBoards<= 1.91.1 Broken Access Control	6.21	5.4	Dec 23, 2025
Anything Order by Terms<= 1.4.0 Broken Access Control	3.23	4.3	Dec 22, 2025
WP Travel<= 11.1.0 Broken Access Control	12.19	5.3	Dec 22, 2025
Media Library File Size<= 1.6.7 Broken Access Control	4.3	4.3	Dec 22, 2025
Edwiser Bridge<= 4.3.2 Broken Access Control	5.4	5.4	Dec 22, 2025
BOX NOW Delivery<= 3.0.2 Broken Access Control	4.3	4.3	Dec 22, 2025
Simple Membership WP user Import<= 1.9.1 Cross Site Request Forgery (CSRF)	5.4	5.4	Dec 21, 2025
Ai Image Alt Text Generator for WP<= 1.1.9 Broken Access Control	4.3	4.3	Dec 21, 2025
GDPR CCPA Compliance Support<= 2.7.4 Broken Access Control	6.5	6.5	Oct 30, 2025
WP Forms Signature Contract Add-On<= 1.8.2 Broken Access Control	9.89	4.3	Dec 20, 2025
Tutor LMS BunnyNet Integration<= 1.0.0 Cross Site Scripting (XSS)	5.9	5.9	Dec 20, 2025
AJAX Hits Counter + Popular Posts Widget<= 0.10.210305 Broken Access Control	4.05	5.4	Dec 19, 2025
Turn Yoast SEO FAQ Block to Accordion<= 1.0.6 Cross Site Scripting (XSS)	4.88	6.5	Dec 17, 2025
Element Invader – Template Kits for Elementor<= 1.2.4 Broken Access Control	4.3	4.3	Dec 17, 2025
Client Portal<= 1.2.1 Broken Access Control	4.3	4.3	Dec 17, 2025
Zoho CRM Lead Magnet<= 1.8.1.9 Broken Access Control	6.21	5.4	Dec 16, 2025
Wheel of Life<= 1.2.0 Broken Access Control	12.19	5.3	Dec 16, 2025
Multilanguage by BestWebSoft<= 1.5.2 Broken Access Control	3.23	4.3	Dec 16, 2025
WPMasterToolKit<= 2.14.0 Broken Access Control	9.89	4.3	Dec 16, 2025
Tickera<= 3.5.6.4 Broken Access Control	4.3	4.3	Dec 10, 2025
Better Business Reviews<= 0.1.1 Broken Access Control	4.3	4.3	Dec 10, 2025
Add Expires Headers & Optimized Minify<= 3.1.0 Broken Access Control	10.6	5.3	Dec 10, 2025
WP Quick Post Duplicator<= 2.1 Broken Access Control	3.71	4.3	Dec 9, 2025
NextGEN Download Gallery<= 1.6.2 Sensitive Data Exposure	10.6	5.3	Dec 9, 2025
Kenta Companion<= 1.3.3 Cross Site Request Forgery (CSRF)	4.3	4.3	Dec 9, 2025
Campaign Monitor for WordPress<= 2.9.0 Broken Access Control	4.3	4.3	Dec 9, 2025
Media Search Enhanced<= 0.9.1 SQL Injection	7.6	7.6	Dec 8, 2025
RSS Feed Widget<= 3.0.2 Broken Access Control	5.4	5.4	Dec 8, 2025
Bulk Landing Page Creator for WordPress LPagery<= 2.4.9 Broken Access Control	4.05	5.4	Dec 8, 2025
Image Slider Slideshow<= 1.8 Insecure Direct Object References (IDOR)	3.23	4.3	Dec 8, 2025
Dashboard Welcome for Beaver Builder<= 1.0.8 Broken Access Control	10.6	5.3	Dec 8, 2025
Speed Kit<= 2.0.2 Broken Access Control	4.3	4.3	Dec 8, 2025
teachPress<= 9.0.12 Cross Site Request Forgery (CSRF)	0.68	5.4	Dec 7, 2025
IMGspider<= 2.3.12 Server Side Request Forgery (SSRF)	3.68	4.9	Dec 7, 2025
BD Courier Order Ratio Checker<= 2.0.1 Broken Access Control	4.3	4.3	Dec 7, 2025
BulletProof Security<= 6.9 Sensitive Data Exposure	30	7.5	Oct 22, 2025
WP MapIt<= 3.0.3 Broken Access Control	3.23	4.3	Dec 5, 2025
Form to Chat App<= 1.2.5 Cross Site Scripting (XSS)	4.88	6.5	Dec 5, 2025
Add Polylang support for Customizer<= 1.4.5 Cross Site Request Forgery (CSRF)	0.54	4.3	Dec 5, 2025
Signature Add-On for Gravity Forms<= 1.8.6 Broken Access Control	4.3	4.3	Sep 24, 2025
Pardakht Delkhah<= 3.0.0 Cross Site Request Forgery (CSRF)	0.54	4.3	Sep 26, 2025
Co-marquage service-public.fr<= 0.5.77 Cross Site Request Forgery (CSRF)	0.54	4.3	Oct 11, 2025
Hide Plugins<= 1.0.4 Broken Access Control	4.3	4.3	Oct 11, 2025
WP Gmail SMTP<= 1.0.7 Cross Site Request Forgery (CSRF)	0.54	4.3	Oct 13, 2025
Post Snippets<= 4.0.11 Cross Site Request Forgery (CSRF)	1.08	4.3	Oct 15, 2025
Accordion Slider Gallery<= 2.7 Broken Access Control	3.23	4.3	Oct 19, 2025
FormFacade<= 1.4.1 Cross Site Request Forgery (CSRF)	0.54	4.3	Oct 21, 2025
Post Video Players<= 1.163 Sensitive Data Exposure	3.23	4.3	Oct 27, 2025
Robots.txt rewrite<= 1.6.1 Cross Site Request Forgery (CSRF)	0.54	4.3	Oct 27, 2025
Download Media Library<= 0.2.1 Sensitive Data Exposure	10.6	5.3	Oct 11, 2025
AI Copilot<= 1.4.9 Broken Access Control	10.6	5.3	Oct 11, 2025
Trash Duplicate and 301 Redirect<= 1.9.1 Broken Access Control	10.6	5.3	Oct 13, 2025
DMCA Protection Badge<= 2.2.0 Broken Access Control	10.6	5.3	Oct 27, 2025
Realbig<= 1.1.3 Broken Access Control	10.6	5.3	Oct 27, 2025
Portfolio Gallery<= 1.4.8 Broken Access Control	5.4	5.4	Sep 24, 2025
Reuters Direct<= 3.0.0 Broken Access Control	N/A	5.3	Nov 4, 2025
Add Custom Codes<= 4.80 Broken Access Control	5.4	5.4	Oct 9, 2025
EasyIndex<= 1.1.1704 Cross Site Request Forgery (CSRF)	0.68	5.4	Oct 11, 2025

Report vulnerabilities to earn bounties and rewards!

Include pending