Ceylan BOZOĞULLARINDAN

6 exploits Active since Feb 2022
EIP-2026-114103 EXPLOITDB text WORKING POC
WordPress Plugin Survey & Poll 1.5.7.3 - 'sss_params' SQL Injection
CVE-2021-24926 EXPLOITDB MEDIUM text WRITEUP
Domain Check WP <1.0.17 - XSS
The Domain Check WordPress plugin before 1.0.17 does not sanitise and escape the domain parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting issue
CVSS 6.1
CVE-2021-24966 EXPLOITDB MEDIUM text WORKING POC
Error Log Viewer <1.1.1 - Privilege Escalation
The Error Log Viewer WordPress plugin through 1.1.1 does not validate the path of the log file to clear, allowing high privilege users to clear arbitrary files on the web server, including those outside of the blog folder
CVSS 4.9
EIP-2026-113841 EXPLOITDB text WRITEUP
Wordpress Plugin iQ Block Country 1.2.13 - Arbitrary File Deletion via Zip Slip (Authenticated)
CVE-2022-0377 EXPLOITDB MEDIUM text WORKING POC
LearnPress <4.1.5 - Info Disclosure
Users of the LearnPress WordPress plugin before 4.1.5 can upload an image as a profile avatar after the registration. After this process the user crops and saves the image. Then a "POST" request that contains user supplied name of the image is sent to the server for renaming and cropping of the image. As a result of this request, the name of the user-supplied image is changed with a MD5 value. This process can be conducted only when type of the image is JPG or PNG. An attacker can use this vulnerability in order to rename an arbitrary image file. By doing this, they could destroy the design of the web site.
CVSS 4.3
CVE-2021-24904 EXPLOITDB MEDIUM text WRITEUP
Mortgage Calculators WP <1.56 - XSS
The Mortgage Calculators WP WordPress plugin before 1.56 does not implement any sanitisation on the color setting of the background of a calculator, which could allow high privilege users to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
CVSS 4.8