Kacper Szurek

72 exploits Active since Nov 2014
CVE-2014-9308 EXPLOITDB html WORKING POC
WP EasyCart <3.0.9 - RCE
Unrestricted file upload vulnerability in inc/amfphp/administration/banneruploaderscript.php in the WP EasyCart (aka WordPress Shopping Cart) plugin before 3.0.9 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in products/banners/.
CVE-2015-2218 EXPLOITDB text WORKING POC
Magic Hills Wonderplugin Audio Player < 2.0 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in the wp_ajax_save_item function in wonderpluginaudio.php in the WonderPlugin Audio Player plugin before 2.1 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) item[name] or (2) item[customcss] parameter in a wonderplugin_audio_save_item action to wp-admin/admin-ajax.php or the itemid parameter in the (3) wonderplugin_audio_show_item or (4) wonderplugin_audio_edit_item page to wp-admin/admin.php.
CVE-2014-9308 EXPLOITDB ruby WORKING POC
WP EasyCart <3.0.9 - RCE
Unrestricted file upload vulnerability in inc/amfphp/administration/banneruploaderscript.php in the WP EasyCart (aka WordPress Shopping Cart) plugin before 3.0.9 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in products/banners/.
EIP-2026-114045 EXPLOITDB php WORKING POC
WordPress Plugin Simple Ads Manager 2.9.4.116 - SQL Injection
CVE-2014-8810 EXPLOITDB text WORKING POC
WP Symposium <14.11 - SQL Injection
SQL injection vulnerability in ajax/mail_functions.php in the WP Symposium plugin before 14.11 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the tray parameter in a getMailMessage action.
EIP-2026-114166 EXPLOITDB text WORKING POC
WordPress Plugin Video Gallery 2.7 - SQL Injection
EIP-2026-114238 EXPLOITDB text WORKING POC
WordPress Plugin WP Support Plus Responsive Ticket System 7.1.3 - Privilege Escalation
CVE-2014-9311 EXPLOITDB text WORKING POC
Shareaholic <7.6.1.0 - XSS
Cross-site scripting (XSS) vulnerability in admin.php in the Shareaholic plugin before 7.6.1.0 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via the location[id] parameter in a shareaholic_add_location action to wp-admin/admin-ajax.php.
CVE-2014-8801 EXPLOITDB text WORKING POC
Paid Memberships Pro <1.7.15 - Path Traversal
Directory traversal vulnerability in services/getfile.php in the Paid Memberships Pro plugin before 1.7.15 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the QUERY_STRING in a getfile action to wp-admin/admin-ajax.php.
EIP-2026-113536 EXPLOITDB text WORKING POC
WordPress Plugin Admin Management Xtended 2.4.0 - Privilege escalation
CVE-2014-9305 EXPLOITDB text WORKING POC
Cart66 Lite <1.5.2 - SQL Injection
SQL injection vulnerability in the shortcodeProductsTable function in models/Cart66Ajax.php in the Cart66 Lite plugin before 1.5.2 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the id parameter in a shortcode_products_table action to wp-admin/admin-ajax.php.
EIP-2026-113686 EXPLOITDB text WORKING POC
WordPress Plugin Double Opt-In for Download 2.0.9 - SQL Injection
CVE-2014-9260 EXPLOITDB HIGH text WORKING POC
WordPress <2.7.3 - Authenticated RCE
The basic_settings function in the download manager plugin for WordPress before 2.7.3 allows remote authenticated users to update every WordPress option.
CVSS 8.8
CVE-2014-8799 EXPLOITDB text WORKING POC
DukaPress <2.5.4 - Path Traversal
Directory traversal vulnerability in the dp_img_resize function in php/dp-functions.php in the DukaPress plugin before 2.5.4 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the src parameter to lib/dp_image.php.
CVE-2014-9262 EXPLOITDB HIGH text WORKING POC
Wordpress <0.5.10 - Authenticated RCE
The Duplicator plugin in Wordpress before 0.5.10 allows remote authenticated users to create and download backup files.
CVSS 8.2
CVE-2014-9173 EXPLOITDB text WORKING POC
Google Doc Embedder <2.5.15 - SQL Injection
SQL injection vulnerability in view.php in the Google Doc Embedder plugin before 2.5.15 for WordPress allows remote attackers to execute arbitrary SQL commands via the gpid parameter.
CVE-2014-9014 EXPLOITDB MEDIUM text WORKING POC
WP Marketplace <2.4.1 - Path Traversal
Directory traversal vulnerability in the ajaxinit function in wpmarketplace/libs/cart.php in the WP Marketplace plugin before 2.4.1 for WordPress allows remote authenticated users to download arbitrary files via a .. (dot dot) in the file parameter.
CVSS 4.3
CVE-2014-8800 EXPLOITDB text WORKING POC
Nextend Facebook Connect <1.5.1 - XSS
Cross-site scripting (XSS) vulnerability in nextend-facebook-settings.php in the Nextend Facebook Connect plugin before 1.5.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the fb_login_button parameter in a newfb_update_options action.
CVE-2014-9312 EXPLOITDB HIGH text WORKING POC
Photo Gallery 1.2.5 - Info Disclosure
Unrestricted File Upload vulnerability in Photo Gallery 1.2.5.
CVSS 8.8
CVE-2014-8802 EXPLOITDB text WORKING POC
WordPress Pie Register <2.0.14 - RCE
The Pie Register plugin before 2.0.14 for WordPress does not properly restrict access to certain functions in pie-register.php, which allows remote attackers to (1) add a user by uploading a crafted CSV file or (2) activate a user account via a verifyit action.
EIP-2026-112700 EXPLOITDB text WORKING POC
Tiny Tiny RSS - Blind SQL Injection
EIP-2026-112678 EXPLOITDB text WORKING POC
Tiki Wiki CMS 15.0 - Arbitrary File Download
EIP-2026-111620 EXPLOITDB text WORKING POC
QNAP PhotoStation 5.2.4 / MusicStation 4.8.4 - Authentication Bypass
CVE-2017-13068 EXPLOITDB HIGH WORKING POC
Qnap Qts Helpdesk < 1.1.12 - SQL Injection
QNAP has already patched this vulnerability. This security concern allows a remote attacker to perform an SQL injection on the application and obtain Helpdesk application information. A remote attacker does not require any privileges to successfully execute this attack.
CVSS 7.5
EIP-2026-111163 EXPLOITDB text WRITEUP
phpMyFAQ 2.9.0 - Persistent Cross-Site Scripting