theviper17

1251.28

XP

158

Reports

5

Reports, last 90 days

#72

18 Nov, 2025

Lvl 4

Website

GitHub

Exploited

Affected software \| Vulnerability	AXP	Severity	Reported
Icegram Express Pro<= 5.9.5 Server Side Request Forgery (SSRF)	N/A	4.4	No date
HT Mega – Absolute Addons for WPBakery Page Builder<= 1.0.9 Cross Site Scripting (XSS)	4.88	6.5	Jul 6, 2025
WP-Members<= 3.5.4.2 Cross Site Scripting (XSS)	12.38	5.5	Jul 22, 2025
Flexible PDF Invoices for WooCommerce & WordPress<= 6.0.13 Cross Site Request Forgery (CSRF)	3.55	7.1	Jul 23, 2025
WP Social Widget<= 2.3.1 Cross Site Scripting (XSS)	4.88	6.5	Jul 23, 2025
WP Subtitle<= 3.4.1 Cross Site Scripting (XSS)	4.88	6.5	Jul 24, 2025
Compact Archives<= 4.1.0 Cross Site Scripting (XSS)	4.88	6.5	Jul 26, 2025
GD bbPress Tools<= 3.5.3 Cross Site Scripting (XSS)	4.88	6.5	Jul 26, 2025
Nextend Facebook Connect <= 3.1.19 Cross Site Scripting (XSS)	24.38	6.5	Jul 30, 2025
Card Elements for WPBakery<= 1.0.8 Cross Site Scripting (XSS)	3.66	6.5	Jul 30, 2025
Front End Users<= 3.2.35 Cross Site Scripting (XSS)	3.66	6.5	Jul 31, 2025
Highlight and Share – Social Text and Image Sharing<= 5.1.1 Cross Site Scripting (XSS)	3.66	6.5	Aug 7, 2025
Events Manager – OpenStreetMaps<= 4.2.1 Cross Site Scripting (XSS)	3.66	6.5	Aug 8, 2025
Simple JWT Login<= 3.6.4 Cross Site Scripting (XSS)	4.88	6.5	Aug 10, 2025
코드엠샵 소셜톡<= 1.2.1 Cross Site Scripting (XSS)	3.66	6.5	Jun 28, 2025
WP Publication Archive <= 3.0.1 Cross Site Scripting (XSS)	3.66	6.5	Jun 28, 2025
Get Cash<= 3.2.2 Cross Site Scripting (XSS)	3.66	6.5	Jun 28, 2025
Stagtools<= 2.3.8 Cross Site Scripting (XSS)	4.88	6.5	Jun 9, 2025
Kiwi<= 2.1.8 Cross Site Scripting (XSS)	4.88	6.5	Jun 24, 2025
Gallery PhotoBlocks<= 1.3.1 Cross Site Scripting (XSS)	4.88	6.5	Aug 10, 2025
Chatbox Manager<= 1.2.6 Cross Site Scripting (XSS)	3.66	6.5	Jun 28, 2025
Page Manager for Elementor<= 2.0.5 Broken Access Control	3.8	7.6	May 22, 2025
WPAvatar<= 1.9.4 Cross Site Scripting (XSS)	3.66	6.5	Aug 7, 2025
Statify Widget<= 1.4.6 Cross Site Scripting (XSS)	4.88	6.5	Aug 11, 2025
WP Voting Contest<= 5.8 Broken Access Control	11.25	7.5	Jul 22, 2025
Essential Doo Components for Visual Composer<= 1.9 Cross Site Scripting (XSS)	3.66	6.5	Jul 6, 2025
CodeablePress<= 1.0.0 Broken Access Control	N/A	4.3	May 30, 2025
Build App Online<= 1.0.23 Cross Site Request Forgery (CSRF)	2.44	6.5	May 30, 2025
WP Table Builder<= 2.0.12 Cross Site Scripting (XSS)	14.63	6.5	Jun 25, 2025
Neon Channel Product Customizer Free<= 2.0 Arbitrary Content Deletion	7.5	7.5	Jun 19, 2025
Hide Text Shortcode<= 1.1 Cross Site Scripting (XSS)	3.66	6.5	Jun 28, 2025
Project Cost Calculator<= 1.0.0 Broken Access Control	3.55	7.1	May 20, 2025
SMM API<= 6.0.30 Broken Access Control	3.55	7.1	May 20, 2025
Code Engine<= 0.3.3 Remote Code Execution (RCE)	16.71	9.9	Jun 29, 2025
Product XML Feed Manager for WooCommerce<= 2.9.3 Remote Code Execution (RCE)	14.85	9.9	May 15, 2025
StoreKeeper for WooCommerce<= 14.4.4 Arbitrary File Upload	30	10	Jun 20, 2025
AI Tools<= 4.0.7 Arbitrary Content Deletion	3.25	6.5	May 19, 2025
Bold Page Builder<= 5.4.1 Cross Site Scripting (XSS)	14.63	6.5	Jun 25, 2025
PW WooCommerce On Sale!<= 1.39 Broken Access Control	3.55	7.1	May 20, 2025
WP DB Booster<= 1.0.1 Broken Access Control	N/A	5.4	May 23, 2025
HT Mega – Absolute Addons for WPBakery Page Builder<= 1.0.8 Cross Site Scripting (XSS)	4.88	6.5	Jun 9, 2025
HT Slider For Elementor<= 1.6.5 Cross Site Scripting (XSS)	4.88	6.5	Jun 11, 2025
Abandoned Contact Form 7<= 2.1 Broken Access Control	8.2	8.2	May 20, 2025
Enhanced Blocks – Page Builder Blocks for Gutenberg<= 1.4.1 Broken Access Control	3.25	6.5	May 21, 2025
WPComplete<= 2.9.5 Cross Site Scripting (XSS)	4.88	6.5	May 17, 2025
AIO WP Builder<= 2.0.2 Broken Access Control	3.8	7.6	May 19, 2025
Audio Editor & Recorder<= 2.2.1 Broken Access Control	N/A	5.3	May 21, 2025
SocialMark<= 2.0.7 Server Side Request Forgery (SSRF)	4.9	4.9	Apr 28, 2025
Contact Form<= 2.0.12 Cross Site Scripting (XSS)	4.88	6.5	Apr 28, 2025
Nexa Blocks<= 1.1.1 Server Side Request Forgery (SSRF)	3.68	4.9	May 2, 2025
Mega Menu Block<= 1.0.6 Cross Site Scripting (XSS)	4.88	6.5	Apr 30, 2025
RS WP Book Showcase<= 6.7.54 Content Injection	10.6	5.3	Apr 12, 2025
Display Remote Posts Block<= 1.1.0 Server Side Request Forgery (SSRF)	4.8	6.4	Apr 30, 2025
Easy Replace Image<= 3.5.0 Server Side Request Forgery (SSRF)	3.68	4.9	Apr 30, 2025
SKT Skill Bar<= 2.4 Cross Site Scripting (XSS)	4.88	6.5	Apr 19, 2025
GS Testimonial Slider<= 3.2.9 Content Injection	10.6	5.3	Apr 12, 2025
Posts for Page<= 2.1 Cross Site Scripting (XSS)	4.88	6.5	Apr 20, 2025
WPCafe<= 2.2.32 Local File Inclusion	16.88	7.5	Mar 23, 2025
BERTHA AI<= 1.12.10.2 Arbitrary Content Deletion	7.1	7.1	Mar 30, 2025
WP Flipclock<= 1.9.1 Cross Site Scripting (XSS)	4.88	6.5	Oct 18, 2024
Eventin<= 4.0.25 Local File Inclusion	16.88	7.5	Mar 20, 2025
Real Estate Manager<= 7.3 Arbitrary Code Execution	14.6	7.3	Dec 31, 2024
Solace Extra<= 1.3.1 Arbitrary File Upload	29.7	9.9	Feb 16, 2025
WP Food ordering and Restaurant Menu<= 1.1 Local File Inclusion	48.6	8.1	Mar 29, 2025
Woo Product Feed For Marketing Channels<= 1.9.0 Broken Access Control	5.63	7.5	Mar 29, 2025
Waymark<= 1.5.2 Server Side Request Forgery (SSRF)	3.68	4.9	Mar 31, 2025
Waymark<= 1.5.3 Cross Site Scripting (XSS)	4.88	6.5	Mar 31, 2025
WP shop<= 2.6.1 Cross Site Request Forgery (CSRF)	14.4	9.6	Dec 24, 2024
Bulk Product Sync<= 8.6 SQL Injection	37.2	9.3	Dec 28, 2024
Accessibility Suite<= 4.18 Arbitrary File Upload	19.5	6.5	Sep 20, 2024
Revive.so<= 2.0.3 Broken Access Control	4.3	4.3	Dec 30, 2024
Contact Form Builder by vcita<= 4.10.2 Cross Site Scripting (XSS)	4.88	6.5	Sep 20, 2024
Video Playlist For YouTube<= 6.7.1 Cross Site Scripting (XSS)	4.88	6.5	Nov 20, 2024
Table Block by Tableberg<= 0.6.10 Cross Site Scripting (XSS)	4.88	6.5	Feb 12, 2025
SurveyJS<= 1.12.20 Cross Site Scripting (XSS)	4.88	6.5	Feb 20, 2025
Chamber Dashboard Business Directory<= 3.3.11 Cross Site Scripting (XSS)	N/A	6.5	Feb 27, 2025
WP Crowdfunding<= 2.1.15 Cross Site Scripting (XSS)	4.88	6.5	Nov 22, 2024
Gosign – Posts Slider Block<= 1.1.0 Cross Site Scripting (XSS)	4.88	6.5	Nov 22, 2024
Simple Map No Api<= 1.9 Cross Site Scripting (XSS)	4.88	6.5	Nov 21, 2024
WP AdCenter<= 2.5.8 Cross Site Scripting (XSS)	4.88	6.5	Sep 27, 2024
Simple Sticky Add To Cart For WooCommerce<= 1.4.8 Broken Access Control	4.3	4.3	Jan 31, 2025
Theater for WordPress<= 0.18.7 Broken Access Control	4.3	4.3	Feb 16, 2025
Eventbee RSVP Widget<= 1.0 Cross Site Scripting (XSS)	4.88	6.5	Oct 7, 2024
ContentBot AI Writer<= 1.2.4 Cross Site Scripting (XSS)	4.88	6.5	Dec 2, 2024
BuddyPress Members Only<= 3.5.3 Cross Site Scripting (XSS)	4.88	6.5	Sep 30, 2024
SnapWidget Social Photo Feed Widget<= 1.1.0 Cross Site Scripting (XSS)	4.88	6.5	Feb 14, 2025
WPC Smart Linked Products - Upsells & Cross-sells for WooCommerce<= 1.3.5 Privilege Escalation	19.8	8.8	Feb 18, 2025
YayExtra<= 1.5.2 Broken Access Control	7.6	7.6	Mar 19, 2025
SP Blog Designer<= 1.0.0 Broken Access Control	N/A	4.8	Dec 24, 2024
Checklist<= 1.1.9 Cross Site Scripting (XSS)	4.88	6.5	Feb 15, 2025
Simple Owl Carousel<= 1.1.1 Cross Site Scripting (XSS)	4.88	6.5	Feb 14, 2025
WP Link Preview<= 1.4.1 Server Side Request Forgery (SSRF)	4.8	6.4	Feb 20, 2025
WP Compress for MainWP<= 6.30.03 Server Side Request Forgery (SSRF)	4.9	4.9	Dec 30, 2024
WP ERP<= 1.13.4 Broken Access Control	5.4	5.4	Feb 10, 2025
Listamester<= 2.3.5 Cross Site Scripting (XSS)	4.88	6.5	Feb 20, 2025
PDF for WPForms<= 5.3.0 Broken Access Control	5.4	5.4	Mar 13, 2025
GMO Font Agent<= 1.6 Cross Site Scripting (XSS)	N/A	6.5	Feb 28, 2025
Pretty file links<= 0.9 Cross Site Scripting (XSS)	N/A	6.5	Feb 28, 2025
Visual Text Editor<= 1.2.1 Remote Code Execution (RCE)	22.28	9.9	Feb 24, 2025
Tabbed Login Widget<= 1.1.2 Cross Site Scripting (XSS)	4.88	6.5	Feb 20, 2025

Report vulnerabilities to earn bounties and rewards!

Include pending