Keyvan Hardani

4 exploits Active since Dec 2021
CVE-2021-24997 WRITEUP MEDIUM WORKING POC
WP Guppy WordPress <1.3 - Info Disclosure
The WP Guppy WordPress plugin before 1.3 does not have any authorisation in some of the REST API endpoints, allowing any user to call them and could lead to sensitive information disclosure, such as usernames and chats between users, as well as be able to send messages as an arbitrary user
CVSS 6.5
CVE-2022-35493 WRITEUP MEDIUM WRITEUP
eShop - Multipurpose Ecommerce Store Website < 3.0.4 - Cross-Site Scripting via Search Parameter
A Cross-site scripting (XSS) vulnerability in json search parse and the json response in wrteam.in, eShop - Multipurpose Ecommerce Store Website version 3.0.4 allows remote attackers to inject arbitrary web script or HTML via the get_products?search parameter.
CVSS 6.1
CVE-2021-4455 EXPLOITDB CRITICAL python WORKING POC
Wordpress Plugin Smart Product Review <= 1.0.4 - Unauthenticated Arbitrary File Upload
The Wordpress Plugin Smart Product Review plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 1.0.4. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.
CVSS 9.8
EIP-2026-114218 EXPLOITDB bash WORKING POC
Wordpress Plugin WP Guppy 1.1 - WP-JSON API Sensitive Information Disclosure