Bao - BlueRock

Say thanks

482.63

XP

47

Reports

4

Reports, last 90 days

#29

18 Nov, 2025

Lvl 2

Website

GitHub

Exploited

Affected software \| Vulnerability	AXP	Severity	Reported
Advanced Database Cleaner<= 3.1.6 Cross Site Request Forgery (CSRF)	2.15	4.3	No date
Insert PHP Code Snippet<= 1.4.3 Broken Access Control	17.2	4.3	No date
Podlove Web Player<= 5.9.1 Broken Access Control	24.38	5.3	No date
WP Popup Builder<= 1.3.6 Sensitive Data Exposure	10.6	5.3	No date
HivePress Claim Listings<= 1.1.3 Broken Access Control	4.3	4.3	Aug 22, 2025
HivePress Claim Listings<= 1.1.3 Broken Access Control	4.3	4.3	Aug 22, 2025
WP Directory Kit<= 1.4.0 Broken Access Control	10.6	5.3	Aug 25, 2025
CoSchedule<= 3.3.11 Sensitive Data Exposure	10.6	5.3	Aug 26, 2025
Mihdan: No External Links<= 5.1.6.2 Cross Site Request Forgery (CSRF)	2.7	5.4	Jul 3, 2025
WP Mailto Links<= 3.1.4 Cross Site Scripting (XSS)	N/A	5.9	Jul 6, 2025
Piotnet Forms<= 1.0.30 Cross Site Request Forgery (CSRF)	2.15	4.3	Jul 16, 2025
Ongkoskirim.id<= 1.0.6 Broken Access Control	5.4	5.4	Jul 19, 2025
CardCom Payment Gateway<= 3.5.0.5 Broken Access Control	10.6	5.3	Jul 23, 2025
E-namad & Shamed Logo Manager<= 2.2 Cross Site Scripting (XSS)	N/A	5.9	Jul 26, 2025
Interact: Embed A Quiz On Your Site<= 3.1 Cross Site Request Forgery (CSRF)	N/A	4.3	Aug 17, 2025
Cecabank WooCommerce Plugin<= 0.3.4 Broken Access Control	10.6	5.3	Aug 19, 2025
Zoho Flow<= 2.14.1 Cross Site Request Forgery (CSRF)	2.15	4.3	Aug 28, 2025
BerqWP<= 2.2.53 Broken Access Control	10.6	5.3	Aug 20, 2025
Export WP Page to Static HTML/CSS<= 4.1.0 Broken Access Control	N/A	5.3	Aug 29, 2025
Site Info<= 1.1 Sensitive Data Exposure	N/A	2.7	Jun 21, 2025
Compact Admin<= 1.3.0 Cross Site Request Forgery (CSRF)	N/A	4.3	Jun 19, 2025
Media Author<= 1.0.4 Broken Access Control	N/A	5.5	Jun 22, 2025
Custom Team Manager<= 2.4.2 Cross Site Scripting (XSS)	N/A	6.5	Jun 22, 2025
Comment Form WP – Customize Default Comment Form<= 2.0.0 Cross Site Scripting (XSS)	N/A	5.9	Jun 24, 2025
Support Genix<= 1.4.23 Broken Access Control	7.95	5.3	Jul 19, 2025
Posts Table with Search & Sort<= 1.4.10 Broken Access Control	21.2	5.3	Aug 14, 2025
Order Delivery Date for WooCommerce<= 4.1.0 Broken Access Control	4.3	4.3	Jul 9, 2025
JS Archive List< 6.1.6 SQL Injection	37.2	9.3	Jul 31, 2025
Add Code To Head<= 1.17 Cross Site Scripting (XSS)	N/A	5.9	Aug 6, 2025
Ai Image Alt Text Generator for WP<= 1.1.5 Broken Access Control	16.4	8.2	Jul 24, 2025
Fluent Support<= 1.9.1 Cross Site Request Forgery (CSRF)	2.15	4.3	Jul 15, 2025
Premmerce Brands for WooCommerce<= 1.2.13 Cross Site Request Forgery (CSRF)	1.61	4.3	No date
ProveSource Social Proof<= 3.1.2 Sensitive Data Exposure	10.6	5.3	Jul 17, 2025
Popup for CF7 with Sweet Alert<= 1.6.5 Cross Site Request Forgery (CSRF)	2.15	4.3	Jul 16, 2025
WP Discord Post Plus – Supports Unlimited Channels<= 1.0.2 Cross Site Request Forgery (CSRF)	2.15	4.3	Jun 28, 2025
CM On Demand Search And Replace<= 1.5.2 Cross Site Scripting (XSS)	N/A	5.9	Jul 31, 2025
CM On Demand Search And Replace<= 1.5.2 Cross Site Request Forgery (CSRF)	2.15	4.3	Jul 31, 2025
Embedder for Google Reviews<= 1.7.3 Broken Access Control	10.6	5.3	Jul 16, 2025
Motors<= 1.4.80 Insecure Direct Object References (IDOR)	21.2	5.3	Jul 6, 2025
AntiSpam for Contact Form 7<= 0.6.3 Cross Site Request Forgery (CSRF)	2.7	5.4	Jul 4, 2025
CM Pop-Up banners<= 1.8.4 Broken Access Control	4.3	4.3	Jul 10, 2025
Custom Login And Signup Widget<= 1.0 Arbitrary Code Execution	N/A	9.1	Jun 19, 2025

Report vulnerabilities to earn bounties and rewards!

Include pending