Jinson Varghese Behanan

8 exploits Active since Jan 2020
CVE-2020-10385 EXPLOITDB MEDIUM text WORKING POC
WPForms Contact Form < 1.5.9 - Stored Cross-Site Scripting
A stored cross-site scripting (XSS) vulnerability exists in the WPForms Contact Form (aka wpforms-lite) plugin before 1.5.9 for WordPress.
CVSS 5.4
EIP-2026-114089 EXPLOITDB text WORKING POC
WordPress Plugin Strong Testimonials 2.40.1 - Persistent Cross-Site Scripting
CVE-2020-8615 EXPLOITDB MEDIUM text WORKING POC
Tutor LMS < 1.5.3 - Cross-Site Request Forgery
A CSRF vulnerability in the Tutor LMS plugin before 1.5.3 for WordPress can result in an attacker approving themselves as an instructor and performing other malicious actions (such as blocking legitimate instructors).
CVSS 6.5
CVE-2020-15038 EXPLOITDB MEDIUM text WORKING POC
SeedProd Coming Soon Page < 5.1.1 - Stored Cross-Site Scripting
The SeedProd coming-soon plugin before 5.1.1 for WordPress allows XSS.
CVSS 5.4
CVE-2020-7108 EXPLOITDB MEDIUM text WORKING POC
LearnDash 3.0-3.1.2 - Cross-Site Scripting via ld-profile Search Field
The LearnDash LMS plugin before 3.1.2 for WordPress allows XSS via the ld-profile search field.
CVSS 5.4
CVE-2020-15478 EXPLOITDB HIGH text WRITEUP
Journal theme < 3.1.0 - Sensitive Data Exposure via SQL Error Messages
The Journal theme before 3.1.0 for OpenCart allows exposure of sensitive data via SQL errors.
CVSS 7.5
EIP-2026-104347 EXPLOITDB text WRITEUP
Nagios Log Server 2.1.6 - Persistent Cross-Site Scripting
CVE-2020-25015 EXPLOITDB MEDIUM text WORKING POC
Genexis Platinum 4410 V2-1.28 - Cross-Site Request Forgery
A specific router allows changing the Wi-Fi password remotely. Genexis Platinum 4410 V2-1.28, a compact router generally used at homes and offices was found to be vulnerable to Broken Access Control and CSRF which could be combined to remotely change the WIFI access point’s password.
CVSS 6.5