Muhammad Yudha - DJ

Say thanks

1950.13

XP

355

Reports

30

Reports, last 90 days

#21

18 Nov, 2025

Lvl 5

Website

GitHub

Exploited

Affected software \| Vulnerability	AXP	Severity	Reported
Builderall Builder for WordPress<= 3.0.1 Cross Site Scripting (XSS)	4.88	6.5	No date
Simple Pull Quote<= 1.6.3 Cross Site Scripting (XSS)	4.88	6.5	No date
Posts By Tag<= 3.2.1 Cross Site Scripting (XSS)	4.88	6.5	No date
WPC Countdown Timer for WooCommerce<= 3.1.4 Cross Site Scripting (XSS)	5.61	6.5	No date
Attesa Extra<= 1.4.5 Cross Site Scripting (XSS)	4.88	6.5	No date
NextMove Lite<= 2.22.0 Cross Site Scripting (XSS)	5.61	6.5	No date
Booster for WooCommerce<= 7.3.2 Cross Site Scripting (XSS)	9.75	6.5	No date
WP Last Modified Info<= 1.9.2 Cross Site Scripting (XSS)	9.75	6.5	No date
DirectoryPress<= 3.6.25 Cross Site Scripting (XSS)	5.61	6.5	No date
MDTF<= 1.3.3.8 Cross Site Scripting (XSS)	8.41	6.5	No date
e2pdf<= 1.28.09 Cross Site Scripting (XSS)	8.41	6.5	No date
Tab Ultimate<= 1.8 Cross Site Scripting (XSS)	4.88	6.5	No date
WPCasa<= 1.4.1 Cross Site Scripting (XSS)	4.88	6.5	No date
Event post<= 5.10.3 Cross Site Scripting (XSS)	8.41	6.5	No date
Pie Calendar<= 1.2.9 Cross Site Scripting (XSS)	4.88	6.5	No date
Product Table For WooCommerce<= 1.2.4 PHP Object Injection	9.9	8.8	Jul 28, 2025
H5P<= 1.16.0 Cross Site Scripting (XSS)	9.75	6.5	No date
Activity Plus Reloaded for BuddyPress<= 1.1.2 Cross Site Scripting (XSS)	4.88	6.5	No date
Date counter<= 2.0.3 Cross Site Scripting (XSS)	4.88	6.5	No date
Next Page, Not Next Post<= 0.3.0 Cross Site Scripting (XSS)	4.88	6.5	No date
WP Mapbox GL JS Maps<= 3.0.1 Cross Site Scripting (XSS)	4.88	6.5	No date
Events Maker by dFactory<= 1.6.14 Cross Site Scripting (XSS)	4.88	6.5	No date
Blox Lite<= 1.2.8 Cross Site Scripting (XSS)	4.88	6.5	No date
Open Currency Converter<= 1.5.0 Cross Site Scripting (XSS)	4.88	6.5	No date
Post List Featured Image<= 0.5.9 Cross Site Scripting (XSS)	4.88	6.5	No date
Tooltipy<= 5.5.9 Cross Site Scripting (XSS)	4.88	6.5	No date
Opal Service<= 1.9.1 Cross Site Scripting (XSS)	4.88	6.5	No date
SiteGround Email Marketing<= 1.7.1 Cross Site Scripting (XSS)	4.88	6.5	No date
Rock Convert<= 3.0.1 Cross Site Scripting (XSS)	4.88	6.5	No date
Video Gallery by Huzzaz<= 10.5 Cross Site Scripting (XSS)	4.88	6.5	No date
Custom Post Type Attachment<= 3.4.6 Cross Site Scripting (XSS)	4.88	6.5	No date
Query Posts<= 0.3.2 Cross Site Scripting (XSS)	4.88	6.5	No date
WP Geo<= 3.5.1 Cross Site Scripting (XSS)	4.88	6.5	No date
WPC Smart Messages for WooCommerce<= 4.2.6 Cross Site Scripting (XSS)	5.61	6.5	No date
Popular Posts by Webline<= 1.1.1 Cross Site Scripting (XSS)	4.88	6.5	No date
Photospace Responsive<= 2.2.0 Cross Site Scripting (XSS)	2.95	5.9	No date
Links shortcode<= 1.8.3 Cross Site Scripting (XSS)	4.88	6.5	No date
bbp topic count<= 3.2 Cross Site Scripting (XSS)	3.66	6.5	Jul 1, 2025
Job Board Manager<= 2.1.61 Cross Site Scripting (XSS)	3.66	6.5	Jul 1, 2025
ZoloBlocks<= 2.3.11 Server Side Request Forgery (SSRF)	8.1	5.4	Jul 2, 2025
WP Ticket Customer Service Software & Support Ticket System<= 6.0.2 Cross Site Scripting (XSS)	3.66	6.5	Jul 16, 2025
HT Feed<= 1.3.0 Cross Site Scripting (XSS)	3.66	6.5	Aug 11, 2025
Testimonial Slider<= 3.5.8.6 Local File Inclusion	13.2	8.8	Aug 26, 2025
wp-mpdf<= 3.9.1 Cross Site Scripting (XSS)	4.88	6.5	Aug 29, 2025
Request a Quote<= 2.5.0 Cross Site Scripting (XSS)	4.88	6.5	Apr 28, 2025
WP Ticket Customer Service Software & Support Ticket System<= 6.0.0 Cross Site Scripting (XSS)	4.88	6.5	Apr 28, 2025
Employee Spotlight<= 5.1.0 Cross Site Scripting (XSS)	4.88	6.5	Apr 28, 2025
YouTube Showcase<= 3.5.0 Cross Site Scripting (XSS)	4.88	6.5	Apr 28, 2025
Event Rocket<= 3.3 Broken Access Control	2.42	4.3	Jul 4, 2025
DELUCKS SEO<= 2.7.0 Cross Site Scripting (XSS)	3.66	6.5	Jul 8, 2025
WP Frontend Admin<= 1.22.7 Cross Site Scripting (XSS)	3.66	6.5	Jul 8, 2025
Behance Portfolio Manager<= 1.7.4 Cross Site Scripting (XSS)	3.66	6.5	Jul 10, 2025
Category Featured Images Extended<= 1.52 Cross Site Scripting (XSS)	2.21	5.9	Jul 11, 2025
Zoho Billing<= 4.1 Cross Site Scripting (XSS)	3.66	6.5	Jul 21, 2025
Library Bookshelves<= 5.11 Cross Site Scripting (XSS)	3.66	6.5	Jul 21, 2025
WP Proposals<= 2.3 Cross Site Scripting (XSS)	3.66	6.5	Jul 21, 2025
WordPress Widgets Shortcode<= 1.0.3 Cross Site Scripting (XSS)	3.66	6.5	Jul 25, 2025
Buckets<= 0.3.9 Cross Site Scripting (XSS)	3.66	6.5	Jul 26, 2025
Theater for WordPress<= 0.18.8 Cross Site Scripting (XSS)	3.66	6.5	Jul 29, 2025
List Child Pages Shortcode<= 1.3.1 Cross Site Scripting (XSS)	3.66	6.5	Jul 29, 2025
ShortCode<= 0.8.1 Cross Site Scripting (XSS)	3.66	6.5	Jul 29, 2025
Genealogical Tree<= 2.2.5 Cross Site Scripting (XSS)	3.66	6.5	Jul 29, 2025
Master Slider<= 3.11.0 Cross Site Scripting (XSS)	14.63	6.5	Jul 29, 2025
Image Editor by Pixo<= 2.3.8 Cross Site Scripting (XSS)	3.66	6.5	Jul 31, 2025
SQL Chart Builder<= 2.3.7.2 Cross Site Scripting (XSS)	3.66	6.5	Jul 31, 2025
JS Job Manager<= 2.0.2 Cross Site Scripting (XSS)	3.66	6.5	Jul 31, 2025
Portfolio <= 2.58 Cross Site Scripting (XSS)	2.21	5.9	Aug 4, 2025
Pinterest Pinboard Widget<= 1.0.7 Cross Site Scripting (XSS)	3.66	6.5	Aug 5, 2025
Real Estate Manager<= 7.3 Cross Site Scripting (XSS)	3.66	6.5	Aug 6, 2025
StylePress for Elementor<= 1.2.1 Cross Site Scripting (XSS)	3.66	6.5	Aug 6, 2025
BuddyPress Notification Widget<= 1.3.3 Cross Site Scripting (XSS)	3.66	6.5	Aug 8, 2025
Gianism<= 5.3.0 Cross Site Scripting (XSS)	2.21	5.9	Aug 9, 2025
PlayerJS<= 2.24 Cross Site Scripting (XSS)	3.66	6.5	Aug 12, 2025
Carousel Ultimate<= 1.8 Cross Site Scripting (XSS)	3.66	6.5	Aug 12, 2025
xili-language<= 2.21.3 Cross Site Scripting (XSS)	3.66	6.5	Aug 12, 2025
Category Featured Images<= 1.1.8 Cross Site Scripting (XSS)	2.21	5.9	Aug 12, 2025
Kama Click Counter<= 4.0.4 Cross Site Scripting (XSS)	4.88	6.5	Aug 19, 2025
Last Updated Shortcode<= 1.0.1 Cross Site Scripting (XSS)	4.88	6.5	Aug 19, 2025
Logo Showcase<= 4.0.0 Cross Site Scripting (XSS)	4.88	6.5	Aug 19, 2025
Publitio<= 2.2.1 Server Side Request Forgery (SSRF)	3.6	6.4	Jul 16, 2025
Genesis Club Lite<= 1.17 Cross Site Scripting (XSS)	4.88	6.5	Aug 21, 2025
MarketKing<= 2.0.92 Cross Site Scripting (XSS)	4.88	6.5	Aug 21, 2025
Skyword API Plugin<= 2.5.3 Cross Site Scripting (XSS)	4.88	6.5	Aug 21, 2025
Fusion Page Builder : Extension – Gallery<= 1.7.6 Cross Site Scripting (XSS)	3.66	6.5	Jul 31, 2025
WP Delete User Accounts<= 1.2.4 Cross Site Scripting (XSS)	4.88	6.5	Aug 21, 2025
WPComplete<= 2.9.5.2 Cross Site Scripting (XSS)	4.88	6.5	Sep 13, 2025
Product Catalog Simple<= 1.8.2 Cross Site Scripting (XSS)	4.88	6.5	Sep 11, 2025
GetResponse Forms<= 2.6.0 Cross Site Scripting (XSS)	4.88	6.5	Sep 10, 2025
Save as PDF<= 4.5.2 Cross Site Scripting (XSS)	4.88	6.5	Aug 31, 2025
Upsell Order Bump Offer for WooCommerce<= 3.0.7 Cross Site Scripting (XSS)	4.88	6.5	Aug 29, 2025
Media Library Assistant<= 3.28 Cross Site Scripting (XSS)	8.85	5.9	Jul 29, 2025
Quantities and Units for WooCommerce<= 1.0.13 Cross Site Scripting (XSS)	4.88	6.5	Sep 17, 2025
Additional Custom Product Tabs for WooCommerce<= 1.7.3 Cross Site Scripting (XSS)	3.66	6.5	Jul 15, 2025
Football Pool<= 2.12.6 Cross Site Scripting (XSS)	3.66	6.5	Aug 11, 2025
My Tickets<= 2.0.22 Cross Site Scripting (XSS)	3.66	6.5	Aug 9, 2025
Dynamic Text Field For Contact Form 7<= 1.0 Cross Site Scripting (XSS)	4.88	6.5	Aug 31, 2025
Booking Ultra Pro<= 1.1.21 Cross Site Scripting (XSS)	3.66	6.5	Jul 28, 2025
Dadevarzan WordPress Common<= 2.2.2 Cross Site Scripting (XSS)	3.66	6.5	Jul 31, 2025
IssueM<= 2.9.0 Cross Site Scripting (XSS)	2.21	5.9	Jul 31, 2025
RumbleTalk Live Group Chat<= 6.3.5 Cross Site Scripting (XSS)	3.66	6.5	Aug 15, 2025

Report vulnerabilities to earn bounties and rewards!

Include pending