Khaled_alenazi

30 exploits Active since Jan 2024
CVE-2024-12849 NOMISEC HIGH WORKING POC
Error Log Viewer By WP Guru <1.0.1.3 - Info Disclosure
The Error Log Viewer By WP Guru plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 1.0.1.3 via the wp_ajax_nopriv_elvwp_log_download AJAX action. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive information.
CVSS 7.5
CVE-2024-12542 NOMISEC HIGH WORKING POC
linkID WordPress <0.1.2 - Info Disclosure
The linkID plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check when including the 'phpinfo' function in all versions up to, and including, 0.1.2. This makes it possible for unauthenticated attackers to read configuration settings and predefined variables on the site's server. The plugin does not need to be activated for the vulnerability to be exploited.
CVSS 8.6
CVE-2024-0235 NOMISEC MEDIUM WORKING POC
EventON WordPress Plugin < 2.2.7 - Unauthenticated Email Address Disclosure via AJAX Action
The EventON WordPress plugin before 4.5.5, EventON WordPress plugin before 2.2.7 do not have authorisation in an AJAX action, allowing unauthenticated users to retrieve email addresses of any users on the blog
CVSS 5.3
CVE-2024-1247 NOMISEC LOW WORKING POC
Concrete CMS 9.0.0-9.2.4 - Stored Cross-Site Scripting via Role Name Field
Concrete CMS version 9 before 9.2.5 is vulnerable to  stored XSS via the Role Name field since there is insufficient validation of administrator provided data for that field. A rogue administrator could inject malicious code into the Role Name field which might be executed when users visit the affected page. The Concrete CMS Security team scored this 2 with CVSS v3 vector AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:N https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator . Concrete versions below 9 do not include group types so they are not affected by this vulnerability.
CVSS 2.0
CVE-2023-51409 NOMISEC CRITICAL WORKING POC
Jordy Meow AI Engine: ChatGPT Chatbot <= 1.9.98 - Unauthenticated Arbitrary File Upload
Unrestricted Upload of File with Dangerous Type vulnerability in Jordy Meow AI Engine: ChatGPT Chatbot.This issue affects AI Engine: ChatGPT Chatbot: from n/a through 1.9.98.
CVSS 10.0