KILL THE NET

2 exploits Active since Mar 2019

CVE-2019-10869 NOMISEC HIGH WORKING POC

Ninjaforms Ninja Forms File Uploads < 3.0.23 - Path Traversal

Path Traversal and Unrestricted File Upload exists in the Ninja Forms plugin before 3.0.23 for WordPress (when the Uploads add-on is activated). This allows an attacker to traverse the file system to access files and execute code via the includes/fields/upload.php (aka upload/submit page) name and tmp_name parameters.

17 stars

CVSS 8.1

View Code

CVE-2019-9978 NOMISEC MEDIUM WORKING POC

Social Warfare <3.5.3 - Stored XSS

The social-warfare plugin before 3.5.3 for WordPress has stored XSS via the wp-admin/admin-post.php?swp_debug=load_options swp_url parameter, as exploited in the wild in March 2019. This affects Social Warfare and Social Warfare Pro.

6 stars

CVSS 6.1

View Code