Pricing
Solutions
WordPress security
Instantly fix and mitigate vulnerabilities
Plugin auditing
Paid auditing for WordPress vendors
Managed VDP
Start a security program for your plugins
Bug Bounty
Join the community and earn bounties
Enterprise API
At scale monitoring and vPatching for hosts
Vulnerability database
The latest WordPress security intelligence
Login
Start trial
Trương Hữu Phúc (truonghuuphuc)
3244.44
XP
257
Reports
1
Reports, last 90 days
#62
17 Nov, 2025
Lvl 6
0
1
1
2
Website
X
GitHub
Sort by
Priority
Severity
Exploited
Search
Affected software | Vulnerability
CVE
AXP
Severity
Reported
Client Invoicing by Sprout Invoices
<= 20.8.7
Broken Access Control
7.42
4.3
No date
Simple Content Templates for Blog Posts & Pages
<= 2.2.61
Cross Site Request Forgery (CSRF)
0.54
4.3
No date
PGS Core
<= 5.9.0
SQL Injection
12.75
8.5
Jul 3, 2025
Vehica Core
<= 1.0.100
Cross Site Request Forgery (CSRF)
2.15
4.3
Jul 2, 2025
Javo Core
<= 3.0.0.266
Cross Site Request Forgery (CSRF)
13.2
8.8
Jul 3, 2025
Di Themes Demo Site Importer
<= 1.2
Cross Site Request Forgery (CSRF)
2.15
4.3
Sep 16, 2025
WP Compress
<= 6.50.54
Broken Access Control
10.6
5.3
Jul 8, 2025
Blog Designer
<= 3.1.8
Broken Access Control
5.4
5.4
Jul 25, 2025
Blog Designer PRO
<= 3.4.8
Broken Access Control
31.8
5.3
No date
Simplified
<= 1.0.11
Server Side Request Forgery (SSRF)
N/A
5.5
Mar 10, 2025
MapSVG
< 8.7.4
SQL Injection
37.2
9.3
Apr 23, 2025
Cost Calculator
<= 7.4
Cross Site Scripting (XSS)
6.5
6.5
Jul 9, 2025
Javo Core
<= 3.0.0.266
Arbitrary Code Execution
39
6.5
Jul 4, 2025
Support Board
<= 3.8.1
Cross Site Scripting (XSS)
42.6
7.1
Jul 1, 2025
ProfileGrid
<= 5.9.5.3
SQL Injection
17
8.5
Jun 13, 2025
Post and Page Builder by BoldGrid – Visual Drag and Drop Editor
<= 1.27.8
Path Traversal
10.87
4.2
May 29, 2025
Cost Calculator
<= 7.4
Broken Access Control
4.3
4.3
Jul 9, 2025
GymBase Theme Classes
<= 1.4
SQL Injection
12.75
8.5
Jul 9, 2025
ProfileGrid
<= 5.9.5.2
SQL Injection
17
8.5
May 28, 2025
WP Compress
<= 6.30.30
Broken Authentication
15.9
5.3
Apr 21, 2025
Alone
<= 7.8.2
Arbitrary Code Execution
43.2
7.2
Jun 4, 2025
Cyrlitera
<= 1.3.0
Cross Site Request Forgery (CSRF)
4.3
4.3
May 22, 2025
Burst Statistics
<= 2.0.6
Cross Site Request Forgery (CSRF)
10.75
4.3
May 21, 2025
WP Visitor Statistics (Real Time Traffic)
<= 8.3
Broken Access Control
21.2
5.3
May 21, 2025
Giveaways and Contests by RafflePress
<= 1.12.18
Broken Access Control
21.2
5.3
Apr 24, 2025
ProfileGrid
<= 5.9.5.2
Full Path Disclosure (FPD)
4.3
4.3
May 28, 2025
Post and Page Builder by BoldGrid – Visual Drag and Drop Editor
<= 1.27.8
Server Side Request Forgery (SSRF)
16.56
6.4
May 29, 2025
Post and Page Builder by BoldGrid – Visual Drag and Drop Editor
<= 1.27.8
Cross Site Request Forgery (CSRF)
7.42
4.3
May 29, 2025
ProfileGrid
<= 5.9.5.2
Server Side Request Forgery (SSRF)
4.9
4.9
May 28, 2025
Profile Builder
<= 3.13.8
Content Spoofing
25.8
4.3
May 28, 2025
Calculated Fields Form
<= 5.3.58
Cross Site Request Forgery (CSRF)
6.45
4.3
May 27, 2025
Backup and Staging by WP Time Capsule
<= 1.22.23
Cross Site Scripting (XSS)
14.2
7.1
Apr 5, 2025
WooBeWoo Product Filter Pro
< 2.9.6
SQL Injection
37.2
9.3
Dec 23, 2024
WP Guppy
<= 4.3.3
SQL Injection
17
8.5
Mar 12, 2025
WBW Product Table PRO
<= 2.1.3
SQL Injection
37.2
9.3
Mar 20, 2025
WhatsCart - Whatsapp Abandoned Cart Recovery, Order Notifications, Chat Box, OTP for
<= 1.1.0
SQL Injection
37.2
9.3
Dec 19, 2024
School Management
<= 92.0.0
Cross Site Scripting (XSS)
14.2
7.1
Dec 16, 2024
Dokan Pro
<= 3.14.5
Cross Site Scripting (XSS)
4.88
6.5
Jan 13, 2025
Ninja Tables Pro
<= 5.0.17
Cross Site Scripting (XSS)
4.88
6.5
Apr 8, 2025
Ads Pro Plugin
<= 4.88
Cross Site Scripting (XSS)
4.88
6.5
Dec 25, 2024
CURCY
<= 2.3.7
Broken Access Control
10.6
5.3
Mar 19, 2025
FAT Services Booking
<= 5.5
Local File Inclusion
N/A
7.5
Dec 24, 2024
MapSVG
<= 8.6.9
Content Injection
10.6
5.3
Apr 12, 2025
ProfileGrid
<= 5.9.5.1
Broken Access Control
4.3
4.3
Apr 17, 2025
ProfileGrid
<= 5.9.5.0
SQL Injection
17
8.5
Apr 16, 2025
WP Job Portal
<= 2.3.1
Local File Inclusion
55.89
8.1
Feb 5, 2025
Ultimate Member
<= 2.10.3
Arbitrary Code Execution
N/A
5.5
Mar 18, 2025
Advanced File Manager
<= 5.3.1
Broken Access Control
N/A
5.3
Mar 19, 2025
List category posts
<= 0.91.0
Local File Inclusion
50.63
7.5
Apr 1, 2025
WebinarPress
<= 1.33.28
Server Side Request Forgery (SSRF)
N/A
5.5
Apr 1, 2025
PowerPress Podcasting
<= 11.12.5
Arbitrary File Upload
44.55
9.9
Mar 11, 2025
Majestic Support
<= 1.1.1
Local File Inclusion
29.11
7.5
No date
Hospital Management System
<= 47.0(20-11-2023)
SQL Injection
37.2
9.3
Dec 13, 2024
Seriously Simple Podcasting
<= 3.9.0
Cross Site Scripting (XSS)
5.9
5.9
Mar 17, 2025
Sirv
<= 7.5.3
Cross Site Scripting (XSS)
5.61
6.5
Apr 1, 2025
Download Alt Text AI
<= 1.9.93
Broken Access Control
4.3
4.3
Apr 1, 2025
Appsero Helper
<= 1.3.4
SQL Injection
17
8.5
Feb 27, 2025
AnalyticsWP
<= 2.1.2
SQL Injection
37.2
9.3
Mar 14, 2025
AnalyticsWP
<= 2.0.0
Broken Access Control
10.6
5.3
Feb 14, 2025
AnalyticsWP
<= 2.1.2
Sensitive Data Exposure
10.6
5.3
Mar 14, 2025
WPAMS
<= 44.0 (17-08-2023)
Arbitrary File Upload
29.7
9.9
Dec 14, 2024
WPAMS
<= 44.0 (17-08-2023)
Arbitrary File Upload
60
10
Dec 14, 2024
Booster Plus for WooCommerce
<= 7.2.4
Cross Site Scripting (XSS)
14.2
7.1
Mar 10, 2025
Name Directory
<= 1.30.0
Broken Access Control
4.3
4.3
Jul 12, 2024
FluentCommunity
<= 1.2.15
PHP Object Injection
39.2
9.8
Apr 1, 2025
FluentBoards
<= 1.47
PHP Object Injection
39.2
9.8
Apr 1, 2025
ProfileGrid
<= 5.9.4.8
SQL Injection
17
8.5
Mar 22, 2025
WP Simple Booking Calendar
<= 2.0.13
Broken Access Control
6.5
6.5
Oct 3, 2024
Bring Fraktguiden for WooCommerce
<= 1.11.4
Broken Access Control
6.5
6.5
Feb 19, 2025
Cost Calculator Builder
<= 3.2.65
SQL Injection
74.4
9.3
Mar 7, 2025
ActiveDEMAND
<= 0.2.46
Broken Access Control
10.6
5.3
Mar 11, 2025
Dynamic Post
<= 5.02
Settings Change
N/A
5.4
Mar 11, 2025
Slazzer Background Changer
<= 3.14
Broken Access Control
N/A
5.3
Mar 11, 2025
Hive Support
<= 1.2.5
Cross Site Scripting (XSS)
14.2
7.1
Feb 27, 2025
Office Locator
<= 1.3.0
SQL Injection
37.2
9.3
Feb 26, 2025
JS Job Manager
<= 2.0.2
SQL Injection
37.2
9.3
Jan 29, 2025
Age Gate
<= 3.5.4
Broken Access Control
21.2
5.3
Mar 20, 2025
JS Job Manager
<= 2.0.2
Local File Inclusion
48.6
8.1
Jan 29, 2025
PowerPress Podcasting
<= 11.12.5
Cross Site Scripting (XSS)
9.75
6.5
Mar 10, 2025
PowerPress Podcasting
<= 11.12.6
Server Side Request Forgery (SSRF)
7.35
4.9
Mar 10, 2025
EazyDocs
<= 2.7.1
Broken Access Control
5.4
5.4
Nov 21, 2024
Flo Forms
<= 1.0.43
Broken Access Control
6.5
6.5
Nov 20, 2024
CM Registration and Invitation Codes
<= 2.5.6
Broken Access Control
6.5
6.5
Jan 17, 2025
Piotnet Forms
<= 1.0.30
Path Traversal
1.35
2.7
Jul 25, 2024
WP Genealogy – Your Family History Website
<= 0.1.9
Broken Access Control
N/A
5.3
Feb 27, 2025
MP3 Audio Player for Music, Radio & Podcast by Sonaar
<= 5.9.4
Broken Access Control
4.3
4.3
Dec 6, 2024
Variable Inspector
<= 2.6.3
Broken Access Control
N/A
4.3
Feb 12, 2025
WP Event Manager
<= 3.2.0
Broken Access Control
10.6
5.3
Aug 21, 2024
Privyr CRM Integration
<= 1.0.2
Broken Access Control
5.4
5.4
Jul 25, 2024
Showeblogin Social
<= 7.0
Cross Site Scripting (XSS)
4.88
6.5
Feb 18, 2025
Emma for WordPress
<= 1.3.3
Cross Site Scripting (XSS)
4.88
6.5
Feb 21, 2025
Doppler Forms
<= 2.5.1
Cross Site Scripting (XSS)
4.88
6.5
Feb 21, 2025
Catch Dark Mode
<= 2.0.1
Local File Inclusion
N/A
7.5
Dec 26, 2024
teachPress
<= 9.0.11
SQL Injection
12.75
8.5
Feb 14, 2025
Daisycon prijsvergelijkers
<= 4.8.4
SQL Injection
12.75
8.5
Feb 18, 2025
JS Job Manager
<= 2.0.2
Local File Inclusion
19.8
8.8
Feb 8, 2025
Publitio
<= 2.2.0
Arbitrary File Download
7.31
6.5
Feb 21, 2025
Docxpresso
<= 2.6
Arbitrary File Download
6.64
5.9
Feb 11, 2025
CF7 Spreadsheets
<= 2.3.2
Cross Site Scripting (XSS)
14.2
7.1
Feb 15, 2025
TuriTop Booking System
<= 1.0.10
Broken Access Control
6.5
6.5
Feb 18, 2025
1
2
3
Report vulnerabilities to earn bounties and rewards!
Read more
Include pending
Back to top