Khaled Alenazi

49 exploits Active since Mar 2024
CVE-2024-9756 NOMISEC MEDIUM WORKING POC
Order Attachments for WooCommerce 2.0-2.4.1 - Authenticated Arbitrary File Upload via wcoa_add_attachment AJAX Action
The Order Attachments for WooCommerce plugin for WordPress is vulnerable to unauthorized limited arbitrary file uploads due to a missing capability check on the wcoa_add_attachment AJAX action in versions 2.0 to 2.4.1. This makes it possible for authenticated attackers, with subscriber-level access and above, to upload limited file types.
1 stars
CVSS 4.3
CVE-2024-52402 NOMISEC CRITICAL WORKING POC
Cliconomics Exclusive Content Password Protect - CSRF
Cross-Site Request Forgery (CSRF) vulnerability in gunghoinc Exclusive Content Password Protect exclusive-content-password-protect allows Upload a Web Shell to a Web Server.This issue affects Exclusive Content Password Protect: from n/a through <= 1.1.0.
1 stars
CVSS 9.6
CVE-2024-30485 NOMISEC HIGH WORKING POC
XLPlugins Finale Lite < 2.18.0 - Unauthenticated Arbitrary Plugin Installation and Activation
Missing Authorization vulnerability in XLPlugins Finale Lite.This issue affects Finale Lite: from n/a through 2.18.0.
1 stars
CVSS 8.8
CVE-2024-10673 NOMISEC HIGH WORKING POC
Top Store theme <1.5.4 - Privilege Escalation
The Top Store theme for WordPress is vulnerable to unauthorized arbitrary plugin installation due to a missing capability check on the top_store_install_and_activate_callback() function in all versions up to, and including, 1.5.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to install arbitrary plugins which can contain other exploitable vulnerabilities to elevate privileges and gain remote code execution.
1 stars
CVSS 8.8
CVE-2024-12252 NOMISEC CRITICAL WORKING POC
SEO LAT Auto Post <= 2.2.1 - Unauthenticated File Overwrite and Remote Code Execution via remote_update AJAX Action
The SEO LAT Auto Post plugin for WordPress is vulnerable to file overwrite due to a missing capability check on the remote_update AJAX action in all versions up to, and including, 2.2.1. This makes it possible for unauthenticated attackers to overwrite the seo-beginner-auto-post.php file which can be leveraged to achieve remote code execution.
1 stars
CVSS 9.8
CVE-2025-15521 NOMISEC CRITICAL WORKING POC
Academy LMS - WordPress LMS Plugin <3.5.0 - Privilege Escalation
The Academy LMS – WordPress LMS Plugin for Complete eLearning Solution plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.5.0. This is due to the plugin not properly validating a user's identity prior to updating their password and relying solely on a publicly-exposed nonce for authorization. This makes it possible for unauthenticated attackers to change arbitrary user's password, including administrators, and gain access to their account.
CVSS 9.8
CVE-2025-53580 NOMISEC CRITICAL WORKING POC
Simple Business Directory Pro - Privilege Escalation
Incorrect Privilege Assignment vulnerability in quantumcloud Simple Business Directory Pro simple-business-directory-pro allows Privilege Escalation.This issue affects Simple Business Directory Pro: from n/a through < 15.6.9.
CVSS 9.8
CVE-2026-27542 NOMISEC CRITICAL WORKING POC
WordPress Woocommerce Wholesale Lead Capture plugin <= 2.0.3.1 - Privilege Escalation vulnerability
Incorrect Privilege Assignment vulnerability in Rymera Web Co Pty Ltd. Woocommerce Wholesale Lead Capture woocommerce-wholesale-lead-capture allows Privilege Escalation.This issue affects Woocommerce Wholesale Lead Capture: from n/a through <= 2.0.3.1.
CVSS 9.8
CVE-2026-1357 NOMISEC CRITICAL WORKING POC
WPvivid Backup & Migration <0.9.123 - Unauthenticated RCE
The Migration, Backup, Staging – WPvivid Backup & Migration plugin for WordPress is vulnerable to Unauthenticated Arbitrary File Upload in versions up to and including 0.9.123. This is due to improper error handling in the RSA decryption process combined with a lack of path sanitization when writing uploaded files. When the plugin fails to decrypt a session key using openssl_private_decrypt(), it does not terminate execution and instead passes the boolean false value to the phpseclib library's AES cipher initialization. The library treats this false value as a string of null bytes, allowing an attacker to encrypt a malicious payload using a predictable null-byte key. Additionally, the plugin accepts filenames from the decrypted payload without sanitization, enabling directory traversal to escape the protected backup directory. This makes it possible for unauthenticated attackers to upload arbitrary PHP files to publicly accessible directories and achieve Remote Code Execution via the wpvivid_action=send_to_site parameter.
CVSS 9.8
CVE-2025-6758 GITHUB CRITICAL python WORKING POC
Imithemes Real Spaces - WordPress Properties Directory Theme <= 3.6 - Privilege Escalation
The Real Spaces - WordPress Properties Directory Theme theme for WordPress is vulnerable to privilege escalation via the 'imic_agent_register' function in all versions up to, and including, 3.6. This is due to a lack of restriction in the registration role. This makes it possible for unauthenticated attackers to arbitrarily choose their role, including the Administrator role, during user registration.
CVSS 9.8
CVE-2025-13390 NOMISEC CRITICAL WORKING POC
WP Directory Kit <= 1.4.4 - Unauthenticated Authentication Bypass via Weak Auto-Login Token
The WP Directory Kit plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 1.4.4 due to incorrect implementation of the authentication algorithm in the "wdk_generate_auto_login_link" function. This is due to the feature using a cryptographically weak token generation mechanism. This makes it possible for unauthenticated attackers to gain administrative access and achieve full site takeover via the auto-login endpoint with a predictable token.
CVSS 10.0
CVE-2025-32641 NOMISEC CRITICAL WORKING POC
Anant Addons for Elementor <1.1.5 - CSRF
Cross-Site Request Forgery (CSRF) vulnerability in anantaddons Anant Addons for Elementor anant-addons-for-elementor allows Cross Site Request Forgery.This issue affects Anant Addons for Elementor: from n/a through <= 1.1.8.
CVSS 9.6
CVE-2025-32682 NOMISEC CRITICAL WORKING POC
RomanCode MapSVG Lite <8.5.34 - RCE
Unrestricted Upload of File with Dangerous Type vulnerability in RomanCode MapSVG mapsvg-lite-interactive-vector-maps allows Upload a Web Shell to a Web Server.This issue affects MapSVG: from n/a through <= 8.6.4.
CVSS 9.9
CVE-2025-2807 NOMISEC HIGH WORKING POC
Motors Plugin <= 1.4.64 - Authenticated Arbitrary Plugin Installation
The Motors – Car Dealership & Classified Listings Plugin plugin for WordPress is vulnerable to arbitrary plugin installations due to a missing capability check in the mvl_setup_wizard_install_plugin() function in all versions up to, and including, 1.4.64. This makes it possible for authenticated attackers, with Subscriber-level access and above, to install and activate arbitrary plugins on the affected site's server which may make remote code execution possible.
CVSS 8.8
CVE-2025-32140 NOMISEC CRITICAL WORKING POC
Nirmal Kumar Ram WP Remote Thumbnail <1.3.1 - RCE
Unrestricted Upload of File with Dangerous Type vulnerability in Nirmal Kumar Ram WP Remote Thumbnail wp-remote-thumbnail allows Upload a Web Shell to a Web Server.This issue affects WP Remote Thumbnail: from n/a through <= 1.3.2.
CVSS 9.9
CVE-2025-30911 NOMISEC CRITICAL WORKING POC
Rometheme RomethemeKit For Elementor <1.5.4 - Code Injection
Improper Control of Generation of Code ('Code Injection') vulnerability in Rometheme RTMKit rometheme-for-elementor allows Command Injection.This issue affects RTMKit: from n/a through <= 1.5.4.
CVSS 9.9
CVE-2025-2249 NOMISEC HIGH WORKING POC
SoJ SoundSlides <= 1.2.2 - Authenticated Arbitrary File Upload via soj_soundslides_options_subpanel()
The SoJ SoundSlides plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the soj_soundslides_options_subpanel() function in all versions up to, and including, 1.2.2. This makes it possible for authenticated attackers, with Contributor-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.
CVSS 8.8
CVE-2024-49653 NOMISEC CRITICAL WORKING POC
Portfolleo <= 1.2 - Unauthenticated Arbitrary File Upload
Unrestricted Upload of File with Dangerous Type vulnerability in james-eggers Portfolleo portfolleo allows Upload a Web Shell to a Web Server.This issue affects Portfolleo: from n/a through <= 1.2.
CVSS 9.9
CVE-2024-56071 NOMISEC CRITICAL WORKING POC
Mike Leembruggen Simple Dashboard <2.0 - Privilege Escalation
Incorrect Privilege Assignment vulnerability in mikeleembruggen Simple Dashboard simple-dashboard allows Privilege Escalation.This issue affects Simple Dashboard: from n/a through <= 2.0.
CVSS 9.8
CVE-2024-52375 NOMISEC CRITICAL WORKING POC
Arttia Creative Datasets Manager <1.5 - RCE
Unrestricted Upload of File with Dangerous Type vulnerability in Arttia Creative Datasets Manager by Arttia Creative datasets-manager-by-arttia-creative.This issue affects Datasets Manager by Arttia Creative: from n/a through <= 1.5.
CVSS 10.0
CVE-2024-31114 NOMISEC CRITICAL WORKING POC
biplob018 Shortcode Addons <3.2.5 - RCE
Unrestricted Upload of File with Dangerous Type vulnerability in biplob018 Shortcode Addons.This issue affects Shortcode Addons: from n/a through 3.2.5.
CVSS 9.1
CVE-2024-10629 NOMISEC HIGH WORKING POC
GPX Viewer <= 2.2.9 - Authenticated Arbitrary File Creation via gpxv_file_upload()
The GPX Viewer plugin for WordPress is vulnerable to arbitrary file creation due to a missing capability check and file type validation in the gpxv_file_upload() function in all versions up to, and including, 2.2.9. This makes it possible for authenticated attackers, with subscriber-level access and above, to create arbitrary files on the affected site's server which may make remote code execution possible.
CVSS 8.8
CVE-2024-10674 NOMISEC HIGH WORKING POC
Th Shop Mania <1.4.9 - Privilege Escalation
The Th Shop Mania theme for WordPress is vulnerable to unauthorized arbitrary plugin installation due to a missing capability check on the th_shop_mania_install_and_activate_callback() function in all versions up to, and including, 1.4.9. This makes it possible for authenticated attackers, with Subscriber-level access and above, to install arbitrary plugins which can be leveraged to exploit other vulnerabilities and achieve remote code execution and privilege escalation.
CVSS 8.8
CVE-2024-10578 NOMISEC HIGH WORKING POC
Pubnews theme <1.0.7 - Privilege Escalation
The Pubnews theme for WordPress is vulnerable to unauthorized arbitrary plugin installation due to a missing capability check on the pubnews_importer_plugin_action_for_notice() function in all versions up to, and including, 1.0.7. This makes it possible for authenticated attackers, with Subscriber-level access and above, to install arbitrary plugins that can be leveraged to exploit other vulnerabilities.
CVSS 8.8