DoTTak

11 exploits Active since Jan 2025
CVE-2025-22783 NOMISEC HIGH WORKING POC
Seo Plugin BY Squirrly Seo < 12.4.03 - SQL Injection
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in SEO Squirrly SEO Plugin by Squirrly SEO squirrly-seo allows SQL Injection.This issue affects SEO Plugin by Squirrly SEO: from n/a through <= 12.4.03.
3 stars
CVSS 8.5
CVE-2025-22352 NOMISEC HIGH WORKING POC
ELEXtensions ELEX WooCommerce Advanced Bulk Edit Products, Prices & Attributes - SQL Injection
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ELEXtensions ELEX WooCommerce Advanced Bulk Edit Products, Prices & Attributes elex-bulk-edit-products-prices-attributes-for-woocommerce-basic allows Blind SQL Injection.This issue affects ELEX WooCommerce Advanced Bulk Edit Products, Prices & Attributes: from n/a through <= 1.4.9.
2 stars
CVSS 7.6
CVE-2025-22710 NOMISEC HIGH WORKING POC
StoreApps Smart Manager <8.52.0 - SQL Injection
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in storeapps Smart Manager smart-manager-for-wp-e-commerce allows Blind SQL Injection.This issue affects Smart Manager: from n/a through <= 8.52.0.
2 stars
CVSS 7.6
CVE-2025-22652 NOMISEC HIGH WORKING POC
kendysond Payment Forms <4.0.1 - SQL Injection
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in kendysond Payment Forms for Paystack payment-forms-for-paystack allows SQL Injection.This issue affects Payment Forms for Paystack: from n/a through <= 4.0.1.
1 stars
CVSS 7.6
CVE-2025-30921 NOMISEC HIGH WORKING POC
Tribulant Software Newsletters <4.9.9.7 - SQL Injection
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Tribulant Software Newsletters newsletters-lite allows SQL Injection.This issue affects Newsletters: from n/a through <= 4.9.9.7.
1 stars
CVSS 7.6
CVE-2025-24659 NOMISEC HIGH WORKING POC
WordPress Download Manager Premium <5.9.6 - SQL Injection
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Shahjada WPDM – Premium Packages wpdm-premium-packages allows Blind SQL Injection.This issue affects WPDM – Premium Packages: from n/a through <= 5.9.6.
1 stars
CVSS 7.6
CVE-2025-24587 NOMISEC HIGH WORKING POC
I Thirteen Web Solution Email Subscription Popup <1.2.23 - SQL Inje...
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Nks Email Subscription Popup email-subscribe allows Blind SQL Injection.This issue affects Email Subscription Popup: from n/a through <= 1.2.23.
1 stars
CVSS 7.6
CVE-2025-31864 NOMISEC MEDIUM WRITEUP
Beam me up Scotty - XSS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Out the Box Beam me up Scotty beam-me-up-scotty allows Stored XSS.This issue affects Beam me up Scotty: from n/a through <= 1.0.23.
CVSS 5.9
CVE-2025-22510 NOMISEC HIGH WORKING POC
WC Price History for Omnibus <2.1.4 - Code Injection
Deserialization of Untrusted Data vulnerability in kkarpieszuk WC Price History for Omnibus wc-price-history allows Object Injection.This issue affects WC Price History for Omnibus: from n/a through <= 2.1.4.
CVSS 7.2
CVE-2024-56289 NOMISEC HIGH WRITEUP
Groundhogg <3.7.3.3 - XSS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Adrian Tobey Groundhogg groundhogg allows Reflected XSS.This issue affects Groundhogg: from n/a through <= 3.7.3.3.
CVSS 7.1
CVE-2024-56278 NOMISEC CRITICAL WORKING POC
Smackcoders WP Ultimate Exporter <2.9.1 - Code Injection
Improper Control of Generation of Code ('Code Injection') vulnerability in Smackcoders Inc., WP Ultimate Exporter wp-ultimate-exporter allows PHP Remote File Inclusion.This issue affects WP Ultimate Exporter: from n/a through <= 2.9.1.
CVSS 9.1