KTN1990

13 exploits Active since Mar 2019
CVE-2019-10869 NOMISEC HIGH WORKING POC
Ninja Forms File Uploads < 3.0.23 - Path Traversal and Unrestricted File Upload via Upload Field Parameters
Path Traversal and Unrestricted File Upload exists in the Ninja Forms plugin before 3.0.23 for WordPress (when the Uploads add-on is activated). This allows an attacker to traverse the file system to access files and execute code via the includes/fields/upload.php (aka upload/submit page) name and tmp_name parameters.
17 stars
CVSS 8.1
CVE-2022-0316 NOMISEC CRITICAL WORKING POC
WeStand <2.1 - Unauthenticated RCE
The WeStand WordPress theme before 2.1, footysquare WordPress theme, aidreform WordPress theme, statfort WordPress theme, club-theme WordPress theme, kingclub-theme WordPress theme, spikes WordPress theme, spikes-black WordPress theme, soundblast WordPress theme, bolster WordPress theme from ChimpStudio and PixFill does not have any authorisation and upload validation in the lang_upload.php file, allowing any unauthenticated attacker to upload arbitrary files to the web server.
10 stars
CVSS 9.8
CVE-2019-9978 NOMISEC MEDIUM WORKING POC
Social Warfare and Social Warfare Pro < 3.5.3 - Stored Cross-Site Scripting via swp_debug Parameter
The social-warfare plugin before 3.5.3 for WordPress has stored XSS via the wp-admin/admin-post.php?swp_debug=load_options swp_url parameter, as exploited in the wild in March 2019. This affects Social Warfare and Social Warfare Pro.
6 stars
CVSS 6.1
CVE-2019-12815 NOMISEC CRITICAL SCANNER
ProFTPD <= 1.3.5b - Unauthenticated Arbitrary File Copy and Remote Code Execution
An arbitrary file copy vulnerability in mod_copy in ProFTPD up to 1.3.5b allows for remote code execution and information disclosure without authentication, a related issue to CVE-2015-3306.
4 stars
CVSS 9.8
CVE-2024-42640 NOMISEC CRITICAL WORKING POC
angular-base64-upload <v0.1.21 - RCE
angular-base64-upload prior to v0.1.21 is vulnerable to unauthenticated remote code execution via demo/server.php. Exploiting this vulnerability allows an attacker to upload arbitrary content to the server, which can subsequently be accessed through demo/uploads. This leads to the execution of previously uploaded content and enables the attacker to achieve code execution on the server. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
3 stars
CVSS 9.8
CVE-2024-43918 NOMISEC CRITICAL WORKING POC
WBW Product Table PRO < 1.9.4 - Unauthenticated SQL Injection
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WBW WBW Product Table PRO allows SQL Injection.This issue affects WBW Product Table PRO: from n/a through 1.9.4.
3 stars
CVSS 10.0
CVE-2024-8425 NOMISEC CRITICAL WORKING POC
WooCommerce Ultimate Gift Card <2.6.0 - RCE
The WooCommerce Ultimate Gift Card plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'mwb_wgm_preview_mail' and 'mwb_wgm_woocommerce_add_cart_item_data' functions in all versions up to, and including, 2.9.2. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. Please note that this may have been patched on an older version than 2.9.2, however, we do not have access to older versions of the software to confirm when the patch was added. The only patched version we have confirmed is 2.9.3.
2 stars
CVSS 9.8
CVE-2025-14998 NOMISEC CRITICAL WORKING POC
Branda WordPress <3.4.24 - Privilege Escalation
The Branda plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.4.24. This is due to the plugin not properly validating a user's identity prior to updating their password. This makes it possible for unauthenticated attackers to change arbitrary user's passwords, including administrators, and leverage that to gain access to their account.
1 stars
CVSS 9.8
CVE-2024-51793 NOMISEC CRITICAL WORKING POC
Webful Creations Computer Repair Shop <3.8115 - RCE
Unrestricted Upload of File with Dangerous Type vulnerability in Ateeq Rafeeq RepairBuddy computer-repair-shop allows Upload a Web Shell to a Web Server.This issue affects RepairBuddy: from n/a through <= 3.8115.
1 stars
CVSS 10.0
CVE-2024-43160 NOMISEC CRITICAL WORKING POC
BerqWP < 1.7.6 - Unauthenticated Arbitrary File Upload
Unrestricted Upload of File with Dangerous Type vulnerability in BerqWP allows Code Injection.This issue affects BerqWP: from n/a through 1.7.6.
1 stars
CVSS 10.0
CVE-2024-5084 NOMISEC CRITICAL WORKING POC
Hash Form - Drag & Drop Form Builder <= 1.1.0 - Unauthenticated Arbitrary File Upload via file_upload_action Function
The Hash Form – Drag & Drop Form Builder plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'file_upload_action' function in all versions up to, and including, 1.1.0. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.
CVSS 9.8
CVE-2024-31351 NOMISEC CRITICAL SUSPICIOUS
Copymatic - AI Content Writer & Generator <= 1.6 - Unauthenticated Arbitrary File Upload
Unrestricted Upload of File with Dangerous Type vulnerability in Copymatic Copymatic – AI Content Writer & Generator.This issue affects Copymatic – AI Content Writer & Generator: from n/a through 1.6.
CVSS 10.0
CVE-2024-13513 NOMISEC CRITICAL WORKING POC
Oliver POS <= 2.4.2.3 - Unauthenticated Sensitive Information Exposure via Logging
The Oliver POS – A WooCommerce Point of Sale (POS) plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.4.2.3 via the logging functionality. This makes it possible for unauthenticated attackers to extract sensitive data including the plugin's clientToken, which in turn can be used to change user account information including emails and account type. This allows attackers to then change account passwords resulting in a complete site takeover. Version 2.4.2.3 disabled logging but left sites with existing log files vulnerable.
CVSS 9.8