Kacper Szurek

EIP-2026-117361 EXPLOITDB python WORKING POC

IVPN Client 2.6.1 - Local Privilege Escalation

View Code

EIP-2026-114045 EXPLOITDB php WORKING POC

WordPress Plugin Simple Ads Manager 2.9.4.116 - SQL Injection

View Code

CVE-2014-9308 EXPLOITDB html WORKING POC

WP EasyCart < 3.0.8 - Authenticated Arbitrary File Upload via Banner Upload Script

Unrestricted file upload vulnerability in inc/amfphp/administration/banneruploaderscript.php in the WP EasyCart (aka WordPress Shopping Cart) plugin before 3.0.9 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in products/banners/.

View Code

CVE-2014-9311 EXPLOITDB text WORKING POC

Shareaholic < 7.6.0.9 - Authenticated Cross-Site Scripting via location[id] Parameter

Cross-site scripting (XSS) vulnerability in admin.php in the Shareaholic plugin before 7.6.1.0 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via the location[id] parameter in a shareaholic_add_location action to wp-admin/admin-ajax.php.

View Code

CVE-2015-2218 EXPLOITDB text WORKING POC

WonderPlugin Audio Player < 2.0 - Cross-Site Scripting via item[name] or item[customcss] Parameter

Multiple cross-site scripting (XSS) vulnerabilities in the wp_ajax_save_item function in wonderpluginaudio.php in the WonderPlugin Audio Player plugin before 2.1 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) item[name] or (2) item[customcss] parameter in a wonderplugin_audio_save_item action to wp-admin/admin-ajax.php or the itemid parameter in the (3) wonderplugin_audio_show_item or (4) wonderplugin_audio_edit_item page to wp-admin/admin.php.

View Code

EIP-2026-114238 EXPLOITDB text WORKING POC

WordPress Plugin WP Support Plus Responsive Ticket System 7.1.3 - Privilege Escalation

View Code

CVE-2014-9308 EXPLOITDB ruby WORKING POC

WP EasyCart < 3.0.8 - Authenticated Arbitrary File Upload via Banner Upload Script

Unrestricted file upload vulnerability in inc/amfphp/administration/banneruploaderscript.php in the WP EasyCart (aka WordPress Shopping Cart) plugin before 3.0.9 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in products/banners/.

View Code

EIP-2026-114166 EXPLOITDB text WORKING POC

WordPress Plugin Video Gallery 2.7 - SQL Injection

View Code

CVE-2014-8810 EXPLOITDB text WORKING POC

WP Symposium <14.11 - SQL Injection

SQL injection vulnerability in ajax/mail_functions.php in the WP Symposium plugin before 14.11 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the tray parameter in a getMailMessage action.

View Code

CVE-2014-9312 EXPLOITDB HIGH text WORKING POC

Photo Gallery 1.2.5 - Info Disclosure

Unrestricted File Upload vulnerability in Photo Gallery 1.2.5.

CVSS 8.8

View Code

EIP-2026-113536 EXPLOITDB text WORKING POC

WordPress Plugin Admin Management Xtended 2.4.0 - Privilege escalation

View Code

CVE-2014-9305 EXPLOITDB text WORKING POC

Cart66 Lite < 1.5.1.17 - Authenticated SQL Injection via id Parameter

SQL injection vulnerability in the shortcodeProductsTable function in models/Cart66Ajax.php in the Cart66 Lite plugin before 1.5.2 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the id parameter in a shortcode_products_table action to wp-admin/admin-ajax.php.

View Code

EIP-2026-113686 EXPLOITDB text WORKING POC

WordPress Plugin Double Opt-In for Download 2.0.9 - SQL Injection

View Code

CVE-2014-9260 EXPLOITDB HIGH text WORKING POC

WordPress <2.7.3 - Authenticated RCE

The basic_settings function in the download manager plugin for WordPress before 2.7.3 allows remote authenticated users to update every WordPress option.

CVSS 8.8

View Code

CVE-2014-8799 EXPLOITDB text WORKING POC

dukapress < 2.5.3 - Path Traversal via src Parameter in dp_image.php

Directory traversal vulnerability in the dp_img_resize function in php/dp-functions.php in the DukaPress plugin before 2.5.4 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the src parameter to lib/dp_image.php.

View Code

CVE-2014-9262 EXPLOITDB HIGH text WORKING POC

Wordpress <0.5.10 - Authenticated RCE

The Duplicator plugin in Wordpress before 0.5.10 allows remote authenticated users to create and download backup files.

CVSS 8.2

View Code

CVE-2014-9173 EXPLOITDB text WORKING POC

Google Doc Embedder <2.5.15 - SQL Injection

SQL injection vulnerability in view.php in the Google Doc Embedder plugin before 2.5.15 for WordPress allows remote attackers to execute arbitrary SQL commands via the gpid parameter.

View Code

CVE-2014-9014 EXPLOITDB MEDIUM text WORKING POC

WP Marketplace <2.4.1 - Path Traversal

Directory traversal vulnerability in the ajaxinit function in wpmarketplace/libs/cart.php in the WP Marketplace plugin before 2.4.1 for WordPress allows remote authenticated users to download arbitrary files via a .. (dot dot) in the file parameter.

CVSS 4.3

View Code

CVE-2014-8800 EXPLOITDB text WORKING POC

Nextend Facebook Connect <1.5.1 - XSS

Cross-site scripting (XSS) vulnerability in nextend-facebook-settings.php in the Nextend Facebook Connect plugin before 1.5.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the fb_login_button parameter in a newfb_update_options action.

View Code

CVE-2014-8801 EXPLOITDB text WORKING POC

Paid Memberships Pro <1.7.15 - Path Traversal

Directory traversal vulnerability in services/getfile.php in the Paid Memberships Pro plugin before 1.7.15 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the QUERY_STRING in a getfile action to wp-admin/admin-ajax.php.

View Code

CVE-2014-8802 EXPLOITDB text WORKING POC

WordPress Pie Register <2.0.14 - RCE

The Pie Register plugin before 2.0.14 for WordPress does not properly restrict access to certain functions in pie-register.php, which allows remote attackers to (1) add a user by uploading a crafted CSV file or (2) activate a user account via a verifyit action.

View Code

EIP-2026-112700 EXPLOITDB text WORKING POC

Tiny Tiny RSS - Blind SQL Injection

View Code

EIP-2026-112678 EXPLOITDB text WORKING POC

Tiki Wiki CMS 15.0 - Arbitrary File Download

View Code

EIP-2026-111620 EXPLOITDB text WORKING POC

QNAP PhotoStation 5.2.4 / MusicStation 4.8.4 - Authentication Bypass

View Code

CVE-2017-13068 EXPLOITDB HIGH WORKING POC

QNAP QTS Helpdesk < 1.1.12 - Unauthenticated SQL Injection

QNAP has already patched this vulnerability. This security concern allows a remote attacker to perform an SQL injection on the application and obtain Helpdesk application information. A remote attacker does not require any privileges to successfully execute this attack.

CVSS 7.5

View Code