Boshe99

121 exploits Active since Nov 2023
CVE-2023-47668 GITHUB MEDIUM python WORKING POC
StellarWP Membership Plugin - Restrict Content <= 3.2.7 - Exposure of Sensitive Information via Log File
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in StellarWP Membership Plugin – Restrict Content plugin <= 3.2.7 versions.
CVSS 5.3
CVE-2023-51409 GITHUB CRITICAL python WORKING POC
Jordy Meow AI Engine: ChatGPT Chatbot <= 1.9.98 - Unauthenticated Arbitrary File Upload
Unrestricted Upload of File with Dangerous Type vulnerability in Jordy Meow AI Engine: ChatGPT Chatbot.This issue affects AI Engine: ChatGPT Chatbot: from n/a through 1.9.98.
CVSS 10.0
CVE-2024-0235 GITHUB MEDIUM python WORKING POC
EventON WordPress Plugin < 2.2.7 - Unauthenticated Email Address Disclosure via AJAX Action
The EventON WordPress plugin before 4.5.5, EventON WordPress plugin before 2.2.7 do not have authorisation in an AJAX action, allowing unauthenticated users to retrieve email addresses of any users on the blog
CVSS 5.3
CVE-2024-10124 GITHUB CRITICAL python WORKING POC
Vayu Blocks - Unauthorized Plugin Installation
The Vayu Blocks – Gutenberg Blocks for WordPress & WooCommerce plugin for WordPress is vulnerable to unauthorized arbitrary plugin installation and activation due to a missing capability check on the tp_install() function in all versions up to, and including, 1.1.1. This makes it possible for unauthenticated attackers to install and activate arbitrary plugins which can be leveraged to achieve remote code execution if another vulnerable plugin is installed and activated. This vulnerability was partially patched in version 1.1.1.
CVSS 9.8
CVE-2024-10578 GITHUB HIGH python WORKING POC
Pubnews theme <1.0.7 - Privilege Escalation
The Pubnews theme for WordPress is vulnerable to unauthorized arbitrary plugin installation due to a missing capability check on the pubnews_importer_plugin_action_for_notice() function in all versions up to, and including, 1.0.7. This makes it possible for authenticated attackers, with Subscriber-level access and above, to install arbitrary plugins that can be leveraged to exploit other vulnerabilities.
CVSS 8.8
CVE-2024-10586 GITHUB CRITICAL python WORKING POC
Debug Tool < 2.2 - Unauthenticated Arbitrary File Creation via dbt_pull_image()
The Debug Tool plugin for WordPress is vulnerable to arbitrary file creation due to a missing capability check on the dbt_pull_image() function and missing file type validation in all versions up to, and including, 2.2. This makes it possible for unauthenticated attackers to to create arbitrary files such as .php files that can be leveraged for remote code execution. CVE-2024-52416 may be a duplicate of this issue.
CVSS 9.8
CVE-2024-10629 GITHUB HIGH python WORKING POC
GPX Viewer <= 2.2.9 - Authenticated Arbitrary File Creation via gpxv_file_upload()
The GPX Viewer plugin for WordPress is vulnerable to arbitrary file creation due to a missing capability check and file type validation in the gpxv_file_upload() function in all versions up to, and including, 2.2.9. This makes it possible for authenticated attackers, with subscriber-level access and above, to create arbitrary files on the affected site's server which may make remote code execution possible.
CVSS 8.8
CVE-2024-10673 GITHUB HIGH python WORKING POC
Top Store theme <1.5.4 - Privilege Escalation
The Top Store theme for WordPress is vulnerable to unauthorized arbitrary plugin installation due to a missing capability check on the top_store_install_and_activate_callback() function in all versions up to, and including, 1.5.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to install arbitrary plugins which can contain other exploitable vulnerabilities to elevate privileges and gain remote code execution.
CVSS 8.8
CVE-2024-10674 GITHUB HIGH python WORKING POC
Th Shop Mania <1.4.9 - Privilege Escalation
The Th Shop Mania theme for WordPress is vulnerable to unauthorized arbitrary plugin installation due to a missing capability check on the th_shop_mania_install_and_activate_callback() function in all versions up to, and including, 1.4.9. This makes it possible for authenticated attackers, with Subscriber-level access and above, to install arbitrary plugins which can be leveraged to exploit other vulnerabilities and achieve remote code execution and privilege escalation.
CVSS 8.8
CVE-2024-10924 GITHUB CRITICAL python WORKING POC
WordPress Really Simple SSL Plugin Authentication Bypass to RCE
The Really Simple Security (Free, Pro, and Pro Multisite) plugins for WordPress are vulnerable to authentication bypass in versions 9.0.0 to 9.1.1.1. This is due to improper user check error handling in the two-factor REST API actions with the 'check_login_and_get_user' function. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, when the "Two-Factor Authentication" setting is enabled (disabled by default).
CVSS 9.8
CVE-2024-11972 GITHUB CRITICAL python WORKING POC
Hunk Companion WP <1.9.0 - Auth Bypass
The Hunk Companion WordPress plugin before 1.9.0 does not correctly authorize some REST API endpoints, allowing unauthenticated requests to install and activate arbitrary Hunk Companion WordPress plugin before 1.9.0 from the WordPress.org repo, including vulnerable Hunk Companion WordPress plugin before 1.9.0 that have been closed.
CVSS 9.8
CVE-2024-12209 GITHUB CRITICAL python WORKING POC
WP Umbrella: Update Backup Restore & Monitoring <= 2.17.0 - Local File Inclusion
The WP Umbrella: Update Backup Restore & Monitoring plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.17.0 via the 'filename' parameter of the 'umbrella-restore' action. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included.
CVSS 9.8
CVE-2024-12252 GITHUB CRITICAL python WORKING POC
SEO LAT Auto Post <= 2.2.1 - Unauthenticated File Overwrite and Remote Code Execution via remote_update AJAX Action
The SEO LAT Auto Post plugin for WordPress is vulnerable to file overwrite due to a missing capability check on the remote_update AJAX action in all versions up to, and including, 2.2.1. This makes it possible for unauthenticated attackers to overwrite the seo-beginner-auto-post.php file which can be leveraged to achieve remote code execution.
CVSS 9.8
CVE-2024-1247 GITHUB LOW python WORKING POC
Concrete CMS 9.0.0-9.2.4 - Stored Cross-Site Scripting via Role Name Field
Concrete CMS version 9 before 9.2.5 is vulnerable to  stored XSS via the Role Name field since there is insufficient validation of administrator provided data for that field. A rogue administrator could inject malicious code into the Role Name field which might be executed when users visit the affected page. The Concrete CMS Security team scored this 2 with CVSS v3 vector AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:N https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator . Concrete versions below 9 do not include group types so they are not affected by this vulnerability.
CVSS 2.0
CVE-2024-12542 GITHUB HIGH python WORKING POC
linkID WordPress <0.1.2 - Info Disclosure
The linkID plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check when including the 'phpinfo' function in all versions up to, and including, 0.1.2. This makes it possible for unauthenticated attackers to read configuration settings and predefined variables on the site's server. The plugin does not need to be activated for the vulnerability to be exploited.
CVSS 8.6
CVE-2024-12558 GITHUB MEDIUM python WORKING POC
WP BASE Booking <4.9.2 - Info Disclosure
The WP BASE Booking of Appointments, Services and Events plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the export_db function in all versions up to, and including, 4.9.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to expose sensitive information from the database, such as the hashed administrator password.
CVSS 6.5
CVE-2024-12849 GITHUB HIGH python WORKING POC
Error Log Viewer By WP Guru <1.0.1.3 - Info Disclosure
The Error Log Viewer By WP Guru plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 1.0.1.3 via the wp_ajax_nopriv_elvwp_log_download AJAX action. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive information.
CVSS 7.5
CVE-2024-25092 GITHUB HIGH python WORKING POC
XLPlugins NextMove Lite <2.17.0 - Info Disclosure
Missing Authorization vulnerability in XLPlugins NextMove Lite.This issue affects NextMove Lite: from n/a through 2.17.0.
CVSS 8.8
CVE-2024-2667 GITHUB CRITICAL python WORKING POC
InstaWP Connect <= 0.1.0.22 - Unauthenticated Arbitrary File Upload
The InstaWP Connect – 1-click WP Staging & Migration plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file validation in the /wp-json/instawp-connect/v1/config REST API endpoint in all versions up to, and including, 0.1.0.22. This makes it possible for unauthenticated attackers to upload arbitrary files.
CVSS 9.8
CVE-2024-30485 GITHUB HIGH python WORKING POC
XLPlugins Finale Lite < 2.18.0 - Unauthenticated Arbitrary Plugin Installation and Activation
Missing Authorization vulnerability in XLPlugins Finale Lite.This issue affects Finale Lite: from n/a through 2.18.0.
CVSS 8.8
CVE-2024-31114 GITHUB CRITICAL python WORKING POC
biplob018 Shortcode Addons <3.2.5 - RCE
Unrestricted Upload of File with Dangerous Type vulnerability in biplob018 Shortcode Addons.This issue affects Shortcode Addons: from n/a through 3.2.5.
CVSS 9.1
CVE-2024-3673 GITHUB CRITICAL python WORKING POC
Web Directory Free <1.7.3 - Code Injection
The Web Directory Free WordPress plugin before 1.7.3 does not validate a parameter before using it in an include(), which could lead to Local File Inclusion issues.
CVSS 9.1
CVE-2024-43998 GITHUB MEDIUM python WORKING POC
WebsiteinWP Blogpoet <= 1.0.3 - Missing Authorization
Missing Authorization vulnerability in WebsiteinWP Blogpoet allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Blogpoet: from n/a through 1.0.3.
CVSS 6.5
CVE-2024-49328 GITHUB CRITICAL python WORKING POC
WP REST API FNS <= 1.0.0 - Authentication Bypass
Authentication Bypass Using an Alternate Path or Channel vulnerability in vivek2tamrakar WP REST API FNS rest-api-fns allows Authentication Bypass.This issue affects WP REST API FNS: from n/a through <= 1.0.0.
CVSS 9.8
CVE-2020-36842 GITHUB HIGH python WORKING POC
WPvivid Migration, Backup, Staging < 0.9.35 - Authenticated Arbitrary File Upload via AJAX Actions
The Migration, Backup, Staging – WPvivid plugin for WordPress is vulnerable to arbitrary file uploads due to a missing capability check on the wpvivid_upload_import_files and wpvivid_upload_files AJAX actions that allows low-level authenticated attackers to upload zip files that can be subsequently extracted. This affects versions up to, and including 0.9.35.
CVSS 8.8