Pricing
Solutions
WordPress security
Instantly fix and mitigate vulnerabilities
Plugin auditing
Paid auditing for WordPress vendors
Managed VDP
Start a security program for your plugins
Bug Bounty
Join the community and earn bounties
Enterprise API
At scale monitoring and vPatching for hosts
Vulnerability database
The latest WordPress security intelligence
Login
Start trial
Nguyen Tran Tuan Dung (domiee13)
496.87
XP
71
Reports
1
Reports, last 90 days
#63
18 Nov, 2025
Lvl 2
0
0
0
0
Website
X
GitHub
Sort by
Priority
Severity
Exploited
Search
Affected software | Vulnerability
CVE
AXP
Severity
Reported
WooCommerce PDF Invoice Builder
<= 1.2.150
Broken Access Control
9.89
4.3
No date
Malcure Malware Scanner
<= 16.8
Broken Access Control
4.3
4.3
May 2, 2025
Barcode Scanner with Inventory & Order Manager
<= 1.9.0
Arbitrary File Download
N/A
4.9
May 26, 2025
Product XML Feed Manager for WooCommerce
<= 2.9.2
Broken Access Control
13
6.5
Apr 27, 2025
Contest Gallery
<= 26.0.6
Cross Site Scripting (XSS)
16.33
7.1
Mar 29, 2025
IS-theme-companion
<= 1.58
Cross Site Request Forgery (CSRF)
8.8
8.8
May 28, 2025
Cookiebot
<= 4.5.8
Cross Site Request Forgery (CSRF)
8.6
4.3
May 15, 2025
Sertifier Certificate & Badge Maker
<= 1.21
Broken Access Control
3.25
6.5
May 28, 2025
Off-Canvas Sidebars & Menus (Slidebars)
<= 0.5.8.4
Cross Site Scripting (XSS)
14.2
7.1
May 21, 2025
UpStream: a Project Management Plugin for WordPress
<= 2.1.1
Broken Access Control
3.23
4.3
May 9, 2025
JobWP
<= 2.4.0
Cross Site Request Forgery (CSRF)
2.15
4.3
May 21, 2025
WANotifier
<= 2.7.12
Broken Access Control
4.3
4.3
May 14, 2025
Media Hygiene
<= 4.0.1
Broken Access Control
4.3
4.3
May 14, 2025
User Roles and Capabilities
<= 1.2.6
Broken Access Control
4.3
4.3
May 9, 2025
WP Customer Area
<= 8.2.7
Broken Access Control
4.3
4.3
May 2, 2025
WPThumb
<= 0.10
Server Side Request Forgery (SSRF)
3.68
4.9
May 18, 2025
Contentstudio
<= 1.3.7
Broken Access Control
10.6
5.3
May 20, 2025
Cookie-Script.com
<= 1.2.1
Broken Access Control
10.6
5.3
May 15, 2025
Kata Plus
<= 1.5.3
Broken Access Control
4.05
5.4
May 14, 2025
Breeze
<= 2.2.13
Broken Access Control
29.67
4.3
May 5, 2025
Premmerce User Roles
<= 1.0.13
Broken Access Control
7.42
4.3
No date
myCred
<= 2.9.4.2
Broken Access Control
4.95
4.3
Apr 24, 2025
Seriously Simple Podcasting
<= 3.13.0
Broken Access Control
7.42
4.3
No date
Behance Portfolio Manager
<= 1.7.4
Broken Access Control
4.3
4.3
Apr 29, 2025
Custom Category/Post Type Post order
<= 1.6.0
Broken Access Control
5.4
5.4
Apr 28, 2025
WordLift
<= 3.54.4
Broken Access Control
4.3
4.3
Apr 29, 2025
Post Custom Templates Lite
<= 1.14
Cross Site Scripting (XSS)
N/A
5.9
Apr 21, 2025
Custom Bulk/Quick Edit
<= 1.6.10
Cross Site Request Forgery (CSRF)
2.15
4.3
Apr 21, 2025
Layouts for Elementor
<= 1.11
Cross Site Request Forgery (CSRF)
2.15
4.3
Apr 22, 2025
Activity Plus Reloaded for BuddyPress
<= 1.1.2
Broken Access Control
5.4
5.4
Apr 27, 2025
ThemeHunk
<= 1.1.2
Broken Access Control
4.3
4.3
Apr 27, 2025
CubeWP
<= 1.1.27
Cross Site Request Forgery (CSRF)
2.15
4.3
Apr 23, 2025
Widgetize Pages Light
<= 3.0
Cross Site Request Forgery (CSRF)
3.55
7.1
Apr 23, 2025
PDF for WPForms
<= 5.5.0
Broken Access Control
3.75
5
May 14, 2025
Ultimate WP Mail
<= 1.3.5
Broken Authentication
26.4
8.8
May 12, 2025
Product Feed for WooCommerce
<= 2.2.8
Broken Access Control
4.3
4.3
May 9, 2025
WP Table Builder
<= 2.0.6
Cross Site Request Forgery (CSRF)
6.45
4.3
May 7, 2025
WP Cookie Notice for GDPR, CCPA & ePrivacy Consent
<= 3.8.0
Cross Site Request Forgery (CSRF)
2.15
4.3
May 2, 2025
DocsPress
<= 2.5.2
Broken Access Control
4.3
4.3
Apr 29, 2025
Print Invoice & Delivery Notes for WooCommerce
<= 5.5.0
Cross Site Request Forgery (CSRF)
5.4
5.4
Apr 26, 2025
Everest Backup
<= 2.3.3
Cross Site Request Forgery (CSRF)
2.15
4.3
Apr 23, 2025
Responsive Plus
<= 3.2.0
Broken Access Control
5.4
5.4
Apr 29, 2025
WPeMatico RSS Feed Fetcher
<= 2.8.3
Broken Access Control
4.3
4.3
No date
WP-Lister Lite for eBay
<= 3.8.3
Broken Access Control
7.42
4.3
No date
Rootspersona
<= 3.7.5
Cross Site Request Forgery (CSRF)
2.7
5.4
Apr 20, 2025
Falang multilanguage
<= 1.3.61
Cross Site Request Forgery (CSRF)
2.15
4.3
Apr 21, 2025
Rootspersona
<= 3.7.5
Broken Access Control
5.3
5.3
Apr 20, 2025
Product Code for WooCommerce
<= 1.5.0
Cross Site Request Forgery (CSRF)
2.15
4.3
Apr 27, 2025
Url Rewrite Analyzer
<= 1.3.3
Broken Access Control
4.3
4.3
Apr 29, 2025
Shortlinks by Pretty Links
<= 3.6.15
Broken Access Control
21.5
4.3
May 6, 2025
The Events Calendar
<= 6.11.2.1
Broken Access Control
37.26
5.4
May 6, 2025
FunnelCockpit
<= 1.4.3
Cross Site Scripting (XSS)
14.2
7.1
Mar 22, 2025
WP Pipes
<= 1.4.3
Server Side Request Forgery (SSRF)
N/A
4.4
Mar 25, 2025
PW WooCommerce Bulk Edit
<= 2.134
Cross Site Request Forgery (CSRF)
2.7
5.4
Apr 28, 2025
Music Player for WooCommerce
<= 1.5.1
Broken Access Control
5.4
5.4
Apr 27, 2025
Envo Extra
<= 1.9.9
Broken Access Control
8.6
4.3
Apr 26, 2025
GPT3 AI Content Writer
<= 1.9.14
Cross Site Request Forgery (CSRF)
2.15
4.3
Apr 24, 2025
Media Hygiene
<= 4.0.0
Broken Access Control
5.4
5.4
Apr 23, 2025
Hash Form
<= 1.2.8
Cross Site Request Forgery (CSRF)
2.15
4.3
Apr 23, 2025
GS Testimonial Slider
<= 3.3.0
Broken Access Control
4.3
4.3
Apr 22, 2025
Ultimate WP Mail
<= 1.3.4
Cross Site Request Forgery (CSRF)
2.7
5.4
Apr 21, 2025
Smart Hashtags [#hashtagger]
<= 7.2.3
Broken Access Control
4.3
4.3
Apr 15, 2025
Ultimate Store Kit Elementor Addons
<= 2.4.0
Deserialization of untrusted data
39.2
9.8
Mar 28, 2025
WP Editor.md – The Perfect WordPress Markdown Editor
<= 10.2.1
Cross Site Scripting (XSS)
N/A
5.9
Mar 28, 2025
Duplicate Page and Post
<= 1.0
SQL Injection
12.75
8.5
Mar 25, 2025
Slider by BestWebSoft
<= 1.1.0
SQL Injection
N/A
7.6
Mar 24, 2025
Filr
<= 1.2.4
Cross Site Scripting (XSS)
3.74
6.5
Apr 4, 2024
Shared Files
<= 1.7.19
Broken Access Control
12.19
5.3
Apr 5, 2024
Report vulnerabilities to earn bounties and rewards!
Read more
Include pending
Back to top