AkuCyberSec

9 exploits Active since May 2017
CVE-2022-1329 NOMISEC HIGH WORKING POC
Elementor Website Builder 3.6.0-3.6.2 - Authenticated Remote Code Execution via Onboarding Module AJAX Actions
The Elementor Website Builder plugin for WordPress is vulnerable to unauthorized execution of several AJAX actions due to a missing capability check in the ~/core/app/modules/onboarding/module.php file that make it possible for attackers to modify site data in addition to uploading malicious files that can be used to obtain remote code execution, in versions 3.6.0 to 3.6.2.
22 stars
CVSS 8.8
CVE-2022-1329 NOMISEC HIGH WORKING POC
Elementor Website Builder 3.6.0-3.6.2 - Authenticated Remote Code Execution via Onboarding Module AJAX Actions
The Elementor Website Builder plugin for WordPress is vulnerable to unauthorized execution of several AJAX actions due to a missing capability check in the ~/core/app/modules/onboarding/module.php file that make it possible for attackers to modify site data in addition to uploading malicious files that can be used to obtain remote code execution, in versions 3.6.0 to 3.6.2.
16 stars
CVSS 8.8
CVE-2023-48777 NOMISEC CRITICAL WORKING POC
Elementor Website Builder <3.18.1 - Unrestricted Upload
Unrestricted Upload of File with Dangerous Type vulnerability in Elementor.Com Elementor Website Builder.This issue affects Elementor Website Builder: from 3.3.0 through 3.18.1.
7 stars
CVSS 9.9
CVE-2022-1329 NOMISEC HIGH WORKING POC
Elementor Website Builder 3.6.0-3.6.2 - Authenticated Remote Code Execution via Onboarding Module AJAX Actions
The Elementor Website Builder plugin for WordPress is vulnerable to unauthorized execution of several AJAX actions due to a missing capability check in the ~/core/app/modules/onboarding/module.php file that make it possible for attackers to modify site data in addition to uploading malicious files that can be used to obtain remote code execution, in versions 3.6.0 to 3.6.2.
4 stars
CVSS 8.8
CVE-2017-8917 NOMISEC CRITICAL WORKING POC
Joomla! 3.7.x - SQL Injection
SQL injection vulnerability in Joomla! 3.7.x before 3.7.1 allows attackers to execute arbitrary SQL commands via unspecified vectors.
2 stars
CVSS 9.8
CVE-2022-1329 METASPLOIT HIGH ruby WORKING POC
Elementor Website Builder 3.6.0-3.6.2 - Authenticated Remote Code Execution via Onboarding Module AJAX Actions
The Elementor Website Builder plugin for WordPress is vulnerable to unauthorized execution of several AJAX actions due to a missing capability check in the ~/core/app/modules/onboarding/module.php file that make it possible for attackers to modify site data in addition to uploading malicious files that can be used to obtain remote code execution, in versions 3.6.0 to 3.6.2.
CVSS 8.8
EIP-2026-118151 EXPLOITDB text WORKING POC
Wondershare Dr.Fone 11.4.10 - Insecure File Permissions
CVE-2022-1565 EXPLOITDB HIGH python WORKING POC
WP All Import < 3.6.8 - Authenticated Arbitrary File Upload via wp_all_import_get_gz.php
The plugin WP All Import is vulnerable to arbitrary file uploads due to missing file type validation via the wp_all_import_get_gz.php file in versions up to, and including, 3.6.7. This makes it possible for authenticated attackers, with administrator level permissions and above, to upload arbitrary files on the affected sites server which may make remote code execution possible.
CVSS 7.2
EIP-2026-113717 EXPLOITDB python WORKING POC
WordPress Plugin Elementor 3.6.2 - Remote Code Execution (RCE) (Authenticated)