Jay Jani

3 exploits Active since Oct 2020
CVE-2020-27615 GITHUB CRITICAL python WORKING POC
WordPress <1.6.4 - SQL Injection/XSS
The Loginizer plugin before 1.6.4 for WordPress allows SQL injection (with resultant XSS), related to loginizer_login_failed and lz_valid_ip.
CVSS 9.8
CVE-2023-50839 GITHUB CRITICAL python WORKING POC
Wiselyhub JS Help Desk < 2.8.1 - SQL Injection
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in JS Help Desk JS Help Desk – Best Help Desk & Support Plugin.This issue affects JS Help Desk – Best Help Desk & Support Plugin: from n/a through 2.8.1.
CVSS 9.3
CVE-2026-1056 GITHUB CRITICAL python WORKING POC
Snow Monkey Forms <12.0.3 - Path Traversal
The Snow Monkey Forms plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'generate_user_dirpath' function in all versions up to, and including, 12.0.3. This makes it possible for unauthenticated attackers to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php).
CVSS 9.8