Hacked.be

About Me

Hello world! I'm Rein Daelman, a passionate cybersecurity researcher and bug bounty hunter. I specialize in web application security and love white/graybox security testing. My hacker alias is "trein", you can find me on most bug bounty platforms.

My CVEs (10)

A list of my published CVEs.
CVE IDDescriptionSeverity
CVE-2024-13887Business Directory Plugin - Easy Listing Directories for WordPress <= 6.4.14 - Insecure Direct Object Reference to Listing Arbitrary Image AdditionMedium
CVE-2024-13736Pure Chat – Live Chat & More! <= 2.4 - Reflected Cross-Site Scripting via purechatWidgetName ParameterMedium
CVE-2024-9504Booking calendar, Appointment Booking System <= 3.2.15 - Unauthenticated Stored Cross-Site Scripting via SVG File UploadHigh
CVE-2024-8856Backup and Staging by WP Time Capsule <= 1.22.21 - Unauthenticated Arbitrary File UploadCritical
CVE-2024-9417Hash Form - Drag & Drop Form Builder <= 1.1.9 - Unauthenticated Limited File UploadMedium
CVE-2024-8657Garden Gnome Package <= 2.2.9 - Authenticated (Contributor+) Stored Cross-Site ScriptingMedium
CVE-2024-45793XSS on Confidant API endpointsMedium
CVE-2023-6987String Locator <= 2.6.5 - Reflected Cross-Site ScriptingMedium
CVE-2023-6882Simple Membership <= 4.3.8 - Reflected Cross-Site Scripting Vulnerability via environment_modeMedium
CVE-2023-46154E2Pdf <= 1.20.18 - Authenticated (Administrator+) PHP Object InjectionHigh
“trein has submitted a number of very well written and valuable reports which helped us better secure Mozilla VPN. The communication is also clear and professional, thank you for all your contributions.”
Mozilla

Mozilla via HackerOne

Write-ups