Que Thanh Tuan

Say thanks

1,288.78

XP

64

Reports

9

Reports, last 90 days

#13

4 Apr, 2026

🇻🇳

Lvl 4

Website

GitHub

Exploited

Affected software \| Vulnerability	AXP	Severity	Reported
Premmerce Redirect Manager<= 1.0.12 Broken Access Control	14.95	6.5	05/02/2026
Advanced WooCommerce Product Sales Reporting<= 4.1.3 SQL Injection	85.56	9.3	24/12/2025
Filr<= 1.2.14 Arbitrary File Upload	76.5	8.5	18/07/2025
Advanced WooCommerce Product Sales Reporting<= 4.1.2 Sensitive Data Exposure	24.38	5.3	24/12/2025
Broadstreet Ads<= 1.52.1 Broken Access Control	17.48	7.6	30/10/2025
Sunshine Photo Cart<= 3.5.7.1 Broken Access Control	9.89	4.3	30/11/2025
WpStream<= 4.9.5 Broken Access Control	9.89	4.3	30/11/2025
WpStream<= 4.9.5 Broken Access Control	24.38	5.3	29/11/2025
WpEvently<= 5.0.4 Broken Access Control	24.38	5.3	31/10/2025
Travelfic Toolkit<= 1.3.3 Broken Access Control	9.89	4.3	27/10/2025
Modula Image Gallery<= 2.13.6 Broken Access Control	39.56	4.3	23/10/2025
Passster<= 4.2.19 Sensitive Data Exposure	60	7.5	12/07/2025
ZoloBlocks<= 2.3.11 Broken Access Control	24.38	5.3	08/10/2025
YOP Poll<= 6.5.38 Broken Access Control	24.38	5.3	03/10/2025
Download Manager<= 3.3.32 Sensitive Data Exposure	17.2	4.3	31/08/2025
Ivory Search<= 5.5.12 Broken Access Control	42.4	5.3	29/08/2025
Login-Logout<= 3.8 Cross Site Scripting (XSS)	N/A	5.9	07/07/2025
Passster<= 4.2.18 Cross Site Scripting (XSS)	9.75	6.5	12/07/2025
Dashboard Notepad<= 1.42 Cross Site Request Forgery (CSRF)	2.15	4.3	12/07/2025
Team<= 5.0.6 Broken Access Control	4.3	4.3	23/07/2025
WP Events Manager<= 2.2.1 Broken Access Control	N/A	5.3	24/07/2025
DethemeKit For Elementor<= 2.1.10 Broken Access Control	N/A	4.3	25/07/2025
Trustpilot Reviews<= 2.5.925 Broken Access Control	8.6	4.3	26/07/2025
Hubbub Lite<= 1.35.2 Sensitive Data Exposure	8.6	4.3	27/07/2025
3D FlipBook – PDF Flipbook Viewer, Flipbook Image Gallery<= 1.16.16 Sensitive Data Exposure	31.8	5.3	31/07/2025
Permalink Manager Lite<= 2.5.1.3 Sensitive Data Exposure	60	7.5	24/08/2025
Pushe Web Push Notification<= 0.5.0 Cross Site Scripting (XSS)	N/A	5.9	07/06/2025
Search by Google<= 1.9 Cross Site Scripting (XSS)	N/A	5.9	08/06/2025
Ultimate Client Dash<= 4.7 Cross Site Scripting (XSS)	N/A	5.9	27/06/2025
Simple Link List Widget<= 0.3.2 Cross Site Scripting (XSS)	N/A	5.9	19/06/2025
Widgetize Pages Light<= 3.0 Cross Site Scripting (XSS)	N/A	5.9	27/06/2025
Elementor Element Condition<= 1.0.5 Cross Site Scripting (XSS)	3.25	6.5	22/06/2025
Authors List<= 2.0.6.2 Cross Site Request Forgery (CSRF)	2.15	4.3	26/06/2025
SEO Auto Linker<= 1.5.3 Cross Site Scripting (XSS)	N/A	5.9	23/06/2025
WP Full Stripe Free<= 8.2.5 SQL Injection	N/A	7.6	24/06/2025
License Manager for WooCommerce<= 3.0.12 SQL Injection	N/A	7.6	13/06/2025
Simple Matomo Tracking Code<= 1.1.0 Cross Site Scripting (XSS)	N/A	5.9	13/08/2025
Solace Extra<= 1.3.2 Server Side Request Forgery (SSRF)	N/A	4.4	25/06/2025
Uncanny Automator<= 6.7.0.1 Broken Access Control	12.9	4.3	28/07/2025
WP Bulk Delete<= 1.3.6 Broken Access Control	12.9	4.3	13/08/2025
Site Offline<= 1.5.7 Broken Access Control	8.6	4.3	24/07/2025
MDTF<= 1.3.3.7 SQL Injection	74.4	9.3	19/07/2025
Contact Info Widget<= 2.6.2 Cross Site Scripting (XSS)	N/A	5.9	27/06/2025
WP Emmet<= 0.3.4 Cross Site Scripting (XSS)	N/A	5.9	26/06/2025
TaxoPress<= 3.37.2 Sensitive Data Exposure	12.9	4.3	29/07/2025
Online Booking & Scheduling Calendar for WordPress by vcita<= 4.5.3 Arbitrary File Upload	13.65	9.1	18/06/2025
WP Modal Popup with Cookie Integration<= 2.4 Cross Site Scripting (XSS)	N/A	5.9	22/06/2025
Online Booking & Scheduling Calendar for WordPress by vcita<= 4.5.3 Cross Site Scripting (XSS)	4.88	6.5	18/06/2025
JetFormBuilder<= 3.5.1.2 PHP Object Injection	N/A	7.2	23/06/2025

Report vulnerabilities to earn bounties and rewards!

Include pending