High-Tech Bridge SA

441 exploits Active since Apr 2010
EIP-2026-113546 EXPLOITDB text WORKING POC
WordPress Plugin Ajax Category Dropdown 0.1.5 - Multiple Vulnerabilities
CVE-2015-8351 EXPLOITDB CRITICAL text WRITEUP
Gwolle Guestbook <1.5.4 - RCE
PHP remote file inclusion vulnerability in the Gwolle Guestbook plugin before 1.5.4 for WordPress, when allow_url_include is enabled, allows remote authenticated users to execute arbitrary PHP code via a URL in the abspath parameter to frontend/captcha/ajaxresponse.php. NOTE: this can also be leveraged to include and execute arbitrary local files via directory traversal sequences regardless of whether allow_url_include is enabled.
CVSS 9.0
CVE-2014-6242 EXPLOITDB text WORKING POC
All In One WP Security & Firewall <3.8.3 - SQL Injection
Multiple SQL injection vulnerabilities in the All In One WP Security & Firewall plugin before 3.8.3 for WordPress allow remote authenticated users to execute arbitrary SQL commands via the (1) orderby or (2) order parameter in the aiowpsec page to wp-admin/admin.php. NOTE: this can be leveraged using CSRF to allow remote attackers to execute arbitrary SQL commands.
EIP-2026-113801 EXPLOITDB text WORKING POC
WordPress Plugin GRAND Flash Album Gallery 0.55 - Multiple Vulnerabilities
EIP-2026-113833 EXPLOITDB text WRITEUP
WordPress Plugin Inline Gallery 0.3.9 - 'do' Cross-Site Scripting
EIP-2026-113451 EXPLOITDB html WORKING POC
Wolf CMS 0.6.0b - Multiple Vulnerabilities
EIP-2026-113469 EXPLOITDB text WORKING POC
WonderCMS 0.3.3 - 'editText.php' Cross-Site Scripting
EIP-2026-113512 EXPLOITDB text WORKING POC
WordPress Plugin 1 Flash Gallery 0.2.5 - Cross-Site Scripting / SQL Injection
EIP-2026-113431 EXPLOITDB text WORKING POC
Wikipad 1.6.0 - Cross-Site Scripting / HTML Injection / Information Disclosure
CVE-2014-1854 EXPLOITDB text WORKING POC
WordPress AdRotate Pro/FREE <3.9.5/3.9.4 - SQL Injection
SQL injection vulnerability in library/clicktracker.php in the AdRotate Pro plugin 3.9 through 3.9.5 and AdRotate Free plugin 3.9 through 3.9.4 for WordPress allows remote attackers to execute arbitrary SQL commands via the track parameter.
EIP-2026-113843 EXPLOITDB text WORKING POC
WordPress Plugin IWantOneButton 3.0.1 - Multiple Vulnerabilities
CVE-2012-1835 EXPLOITDB text WORKING POC
Timely All-in-one Event Calendar - XSS
Multiple cross-site scripting (XSS) vulnerabilities in the All-in-One Event Calendar plugin 1.4 and 1.5 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) title parameter to app/view/agenda-widget-form.php; (2) args, (3) title, (4) before_title, or (5) after_title parameter to app/view/agenda-widget.php; (6) button_value parameter to app/view/box_publish_button.php; or (7) msg parameter to /app/view/save_successful.php.
CVE-2015-5533 EXPLOITDB HIGH text WORKING POC
WordPress Count Per Day <3.4.1 - SQL Injection
SQL injection vulnerability in counter-options.php in the Count Per Day plugin before 3.4.1 for WordPress allows remote authenticated administrators to execute arbitrary SQL commands via the cpd_keep_month parameter to wp-admin/options-general.php. NOTE: this can be leveraged using CSRF to allow remote attackers to execute arbitrary SQL commands.
CVSS 7.2
EIP-2026-113679 EXPLOITDB text WORKING POC
WordPress Plugin Daily Maui Photo Widget 0.2 - Multiple Cross-Site Scripting Vulnerabilities
EIP-2026-113721 EXPLOITDB text WORKING POC
WordPress Plugin eShop 6.2.8 - Multiple Cross-Site Scripting Vulnerabilities
EIP-2026-113638 EXPLOITDB text WRITEUP
WordPress Plugin Comment Rating 2.9.23 - Multiple Vulnerabilities
CVE-2012-1835 EXPLOITDB text WORKING POC
Timely All-in-one Event Calendar - XSS
Multiple cross-site scripting (XSS) vulnerabilities in the All-in-One Event Calendar plugin 1.4 and 1.5 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) title parameter to app/view/agenda-widget-form.php; (2) args, (3) title, (4) before_title, or (5) after_title parameter to app/view/agenda-widget.php; (6) button_value parameter to app/view/box_publish_button.php; or (7) msg parameter to /app/view/save_successful.php.
EIP-2026-113738 EXPLOITDB text WRITEUP
WordPress Plugin Fast Secure Contact Form 3.0.3.1 - 'index.php' Cross-Site Scripting
EIP-2026-113983 EXPLOITDB text WRITEUP
WordPress Plugin Pretty Link 1.4.56 - Multiple Cross-Site Scripting Vulnerabilities
CVE-2012-1835 EXPLOITDB text WORKING POC
Timely All-in-one Event Calendar - XSS
Multiple cross-site scripting (XSS) vulnerabilities in the All-in-One Event Calendar plugin 1.4 and 1.5 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) title parameter to app/view/agenda-widget-form.php; (2) args, (3) title, (4) before_title, or (5) after_title parameter to app/view/agenda-widget.php; (6) button_value parameter to app/view/box_publish_button.php; or (7) msg parameter to /app/view/save_successful.php.
EIP-2026-113783 EXPLOITDB text WORKING POC
WordPress Plugin GD Star Rating 1.9.7 - 'wpfn' Cross-Site Scripting
EIP-2026-113859 EXPLOITDB text WORKING POC
WordPress Plugin Lazyest Gallery 1.0.26 - 'image' Cross-Site Scripting
EIP-2026-113956 EXPLOITDB text WORKING POC
WordPress Plugin PhotoSmash Galleries 1.0.x - 'action' Cross-Site Scripting
CVE-2012-1835 EXPLOITDB text WORKING POC
Timely All-in-one Event Calendar - XSS
Multiple cross-site scripting (XSS) vulnerabilities in the All-in-One Event Calendar plugin 1.4 and 1.5 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) title parameter to app/view/agenda-widget-form.php; (2) args, (3) title, (4) before_title, or (5) after_title parameter to app/view/agenda-widget.php; (6) button_value parameter to app/view/box_publish_button.php; or (7) msg parameter to /app/view/save_successful.php.
CVE-2011-1047 EXPLOITDB text WORKING POC
Vasthtml Forum Server - SQL Injection
Multiple SQL injection vulnerabilities in VastHTML Forum Server (aka ForumPress) plugin 1.6.1 and 1.6.5 for WordPress allow remote attackers to execute arbitrary SQL commands via the (1) search_max parameter in a search action to index.php, which is not properly handled by wpf.class.php, (2) id parameter in an editpost action to index.php, which is not properly handled by wpf-post.php, or (3) topic parameter to feed.php.