thiennv

Say thanks

1,773.84

XP

189

Reports

0

Reports, last 90 days

#33

3 Apr, 2026

🇻🇳

Lvl 5

Website

GitHub

Exploited

Affected software \| Vulnerability	AXP	Severity	Reported
Make Email Customizer for WooCommerce<= 1.0.6 Cross Site Scripting (XSS)	14.2	7.1	23/10/2024
Revamp CRM for WooCommerce<= 1.1.2 Cross Site Scripting (XSS)	14.2	7.1	23/10/2024
Terminal Africa<= 1.13.24 Cross Site Scripting (XSS)	14.2	7.1	25/10/2024
MultiMailer<= 1.0.3 Cross Site Scripting (XSS)	14.2	7.1	28/10/2024
Easy Post Duplicator<= 1.0.1 SQL Injection	17	8.5	18/12/2024
Simple Post Meta Manager<= 1.0.9 Cross Site Request Forgery (CSRF)	3.55	7.1	14/12/2024
DirectoryPress<= 3.6.22 Cross Site Request Forgery (CSRF)	2.7	5.4	07/01/2025
6Storage Rentals<= 2.20.2 Broken Access Control	N/A	5.4	25/12/2024
Easy WP Optimizer<= 1.1.0 Broken Access Control	N/A	8.8	25/12/2024
Support Helpdesk Ticket System Lite<= 4.5.2 Cross Site Scripting (XSS)	14.2	7.1	22/10/2024
Rich Text Editor<= 1.0.1 Broken Access Control	13	6.5	25/12/2024
iNET Webkit<= 1.2.2 Broken Access Control	10.6	5.3	30/11/2024
Dynamic URL SEO<= 1.0 Cross Site Scripting (XSS)	14.2	7.1	30/10/2024
Dynamic URL SEO<= 1.0 Cross Site Request Forgery (CSRF)	N/A	5.4	30/10/2024
W3SPEEDSTER<= 7.33 Cross Site Request Forgery (CSRF)	2.15	4.3	21/11/2024
SC Simple Zazzle<= 1.1.6 Cross Site Scripting (XSS)	14.2	7.1	31/10/2024
Tax Report for WooCommerce<= 2.2 Cross Site Scripting (XSS)	14.2	7.1	31/10/2024
XTRA Settings<= 2.1.8 Cross Site Scripting (XSS)	14.2	7.1	31/10/2024
Podčlánková inzerce<= 2.4.0 Cross Site Scripting (XSS)	14.2	7.1	30/10/2024
Youtube Video Grid<= 1.9 Cross Site Scripting (XSS)	14.2	7.1	29/10/2024
eMarksheet<= 5.4.3 Cross Site Scripting (XSS)	14.2	7.1	28/10/2024
Group category creator<= 1.3.0.3 Cross Site Scripting (XSS)	14.2	7.1	28/10/2024
EELV Newsletter<= 4.8.2 Cross Site Scripting (XSS)	14.2	7.1	28/10/2024
Ui Slider Filter By Price<= 1.1 Cross Site Scripting (XSS)	14.2	7.1	25/10/2024
Sale with Razorpay<= 1.0 Cross Site Scripting (XSS)	14.2	7.1	21/10/2024
azurecurve Floating Featured Image<= 2.2.0 Cross Site Scripting (XSS)	14.2	7.1	18/10/2024
WpTravelly<= 1.8.5 Broken Access Control	10.6	5.3	30/11/2024
Multiple Carousel<= 2.0 SQL Injection	37.2	9.3	19/12/2024
TubePress.NET<= 4.0.1 Cross Site Request Forgery (CSRF)	3.55	7.1	17/12/2024
Pretty Url<= 1.5.5 Cross Site Request Forgery (CSRF)	N/A	4.3	17/12/2024
Pretty Url<= 1.5.4 Cross Site Scripting (XSS)	14.2	7.1	17/12/2024
Order Audit Log for WooCommerce<= 2.0 Cross Site Scripting (XSS)	14.2	7.1	21/10/2024
SyncFields<= 2.1 Cross Site Scripting (XSS)	14.2	7.1	30/10/2024
Contest Gallery<= 24.0.3 Cross Site Scripting (XSS)	3.39	5.9	18/10/2024
picu<= 2.4.0 Broken Access Control	10.6	5.3	22/11/2024
Gulri Slider<= 3.5.8 Cross Site Scripting (XSS)	14.2	7.1	30/10/2024
Shipment Tracker for Woocommerce<= 1.4.23 Cross Site Scripting (XSS)	14.2	7.1	19/11/2024
Tidy Up<= 1.3 Cross Site Request Forgery (CSRF)	3.55	7.1	14/12/2024
Posti Shipping<= 3.10.3 Cross Site Request Forgery (CSRF)	3.25	6.5	29/11/2024
EELV Newsletter<= 4.8.2 Cross Site Request Forgery (CSRF)	N/A	5.4	28/10/2024
Ui Slider Filter By Price<= 1.1 Cross Site Request Forgery (CSRF)	2.7	5.4	25/10/2024
DTC Documents<= 1.1.05 Cross Site Request Forgery (CSRF)	N/A	5.4	24/10/2024
Youtube Video Grid<= 1.9 Cross Site Request Forgery (CSRF)	3.25	6.5	29/10/2024
Bet sport Free<= 1.0.0 Cross Site Request Forgery (CSRF)	N/A	4.3	23/10/2024
PDF Generator Addon for Elementor Page Builder<= 1.7.5 Directory Traversal	15	7.5	12/11/2024
Feedpress Generator<= 1.2.1 Cross Site Scripting (XSS)	14.2	7.1	25/10/2024
FloristPress<= 7.2.0 Cross Site Scripting (XSS)	14.2	7.1	23/10/2024
WP Quick Shop<= 1.3.1 Cross Site Scripting (XSS)	14.2	7.1	24/10/2024
Connect Contact Form 7 to Constant Contact<= 1.4 Cross Site Scripting (XSS)	14.2	7.1	24/10/2024
LabelGrid Tools<= 1.3.58 Cross Site Scripting (XSS)	14.2	7.1	25/10/2024
Invoice Payment for WooCommerce<= 1.7.2 Cross Site Scripting (XSS)	14.2	7.1	30/10/2024
FormFacade<= 1.3.6 Cross Site Scripting (XSS)	14.2	7.1	17/10/2024
Role Includer<= 1.6 Cross Site Scripting (XSS)	14.2	7.1	31/10/2024
ImageRecycle pdf & image compression<= 3.1.16 Cross Site Scripting (XSS)	14.2	7.1	25/11/2024
Ni CRM Lead<= 1.3.0 SQL Injection	17	8.5	26/10/2024
Ni CRM Lead<= 1.3.0 Cross Site Scripting (XSS)	14.2	7.1	21/10/2024
Ni WooCommerce Bulk Product Editor<= 1.4.5 Cross Site Scripting (XSS)	14.2	7.1	22/10/2024
Ni WooCommerce Order Export<= 3.1.6 Cross Site Scripting (XSS)	14.2	7.1	28/10/2024
Intro Tour Tutorial DeepPresentation<= 6.5.2 Cross Site Scripting (XSS)	14.2	7.1	31/10/2024
DancePress (TRWA)<= 3.1.11 Cross Site Request Forgery (CSRF)	N/A	4.3	23/10/2024
Awesome Event Booking<= 2.7.1 Cross Site Scripting (XSS)	14.2	7.1	28/10/2024
Ahmeti Wp Güzel Sözler<= 4.0 Cross Site Request Forgery (CSRF)	N/A	4.3	21/10/2024
Shipping with Venipak for WooCommerce<= 1.22.3 Cross Site Scripting (XSS)	14.2	7.1	18/10/2024
Satisfaction Reports from Help Scout<= 2.0.3 Cross Site Scripting (XSS)	14.2	7.1	21/10/2024
Ajax Content Filter<= 1.0 Cross Site Scripting (XSS)	14.2	7.1	23/10/2024
Search order by product SKU for WooCommerce<= 0.2 Cross Site Scripting (XSS)	14.2	7.1	25/10/2024
Manage User Columns<= 1.0.5 Cross Site Request Forgery (CSRF)	2.15	4.3	17/10/2024
WP User Switch<= 1.1.2 Privilege Escalation	12	8	28/02/2024
Vimeography<= 2.4.1 Cross Site Request Forgery (CSRF)	2.15	4.3	27/02/2024
MJ Update History<= 1.0.4 Broken Access Control	3.23	4.3	10/01/2024
Democracy Poll<= 6.1.1 Broken Access Control	10.6	5.3	26/07/2023
contact-form-7-mailchimp-extension<= 0.5.73 Cross Site Request Forgery (CSRF)	8.6	4.3	30/10/2023
Total Poll Lite<= 4.9.9 Broken Access Control	4.3	4.3	26/01/2024
RomethemeForm For Elementor<= 1.1.2 Broken Access Control	10.6	5.3	30/01/2024
WP Helper Premium< 4.6.0 Cross Site Scripting (XSS)	14.2	7.1	29/01/2024
GEO my WordPress<= 4.1 Cross Site Request Forgery (CSRF)	2.7	5.4	11/01/2024
Tablesome<= 1.0.25 Cross Site Request Forgery (CSRF)	2.15	4.3	19/01/2024
ProfileGrid <= 5.7.8 Cross Site Request Forgery (CSRF)	2.15	4.3	27/02/2024
Smart Online Order for Clover<= 1.5.5 Cross Site Request Forgery (CSRF)	3.11	5.4	27/12/2023
Tax Rate Upload<= 2.4.5 Cross Site Scripting (XSS)	14.2	7.1	17/01/2024
Specific Content For Mobile<= 0.1.9.5 Cross Site Scripting (XSS)	14.2	7.1	16/01/2024
Biteship<= 2.2.24 Cross Site Scripting (XSS)	14.2	7.1	19/12/2023
WOLF<= 1.0.8 Cross Site Scripting (XSS)	16.33	7.1	19/12/2023
Word Replacer Pro<= 1.0 Broken Access Control	13	6.5	31/07/2023
Custom Twitter Feeds (Tweets Widget)<= 2.1.2 Cross Site Request Forgery (CSRF)	8.6	4.3	17/10/2023
Business Directory<= 6.3.9 Broken Access Control	4.05	5.4	28/09/2023
Customize My Account for WooCommerce<= 1.8.3 Cross Site Request Forgery (CSRF)	2.15	4.3	31/08/2023
MultiVendorX<= 4.0.23 Broken Access Control	16.4	8.2	26/07/2023
Legal Pages<= 1.3.7 Broken Access Control	3.23	4.3	14/09/2023
LA-Studio Element Kit for Elementor<= 1.1.5 Broken Access Control	13	6.5	14/09/2023
Awesome Support<= 6.1.7 Broken Access Control	13	6.5	30/06/2023
Product Catalog Feed by PixelYourSite<= 2.1.1 Cross Site Request Forgery (CSRF)	2.7	5.4	27/09/2023
Product Enquiry for WooCommerce<= 3.0 Cross Site Request Forgery (CSRF)	2.7	5.4	25/04/2023
Event post<= 5.9.0 Cross Site Scripting (XSS)	4.88	6.5	25/04/2023
RegistrationMagic<= 5.2.2.6 Cross Site Request Forgery (CSRF)	2.15	4.3	31/05/2023
HUSKY<= 1.3.4.2 Broken Access Control	12.9	4.3	16/08/2023
Awesome Support<= 6.1.4 Broken Access Control	5.4	5.4	17/08/2023
Awesome Support<= 6.1.4 Cross Site Request Forgery (CSRF)	2.15	4.3	17/08/2023
WebToffee eCommerce Marketing Automation<= 1.2.7 Cross Site Request Forgery (CSRF)	2.15	4.3	16/10/2023
Live Preview for Contact Form 7<= 1.2.0 Broken Access Control	10.8	5.4	17/10/2023

Report vulnerabilities to earn bounties and rewards!

Include pending