Lenon Leite

15 exploits Active since Apr 2026
CVE-2018-25308 EXPLOITDB HIGH text WRITEUP
BuddyPress Xprofile Custom Fields Type 2.6.3 Remote Code Execution
BuddyPress Xprofile Custom Fields Type 2.6.3 contains a remote code execution vulnerability that allows authenticated users to delete arbitrary files by manipulating unescaped POST parameters. Attackers can modify the field_hiddenfile and field_deleteimg parameters during profile editing to unlink files from the server.
CVSS 8.8
EIP-2026-114061 EXPLOITDB text WORKING POC
WordPress Plugin Sirv 1.3.1 - SQL Injection
EIP-2026-114143 EXPLOITDB text WORKING POC
WordPress Plugin Ultimate Product Catalogue 4.2.2 - SQL Injection
EIP-2026-114191 EXPLOITDB html WORKING POC
WordPress Plugin Woo Import Export 1.0 - Arbitrary File Deletion
EIP-2026-114228 EXPLOITDB text WORKING POC
WordPress Plugin WP Private Messages 1.0.1 - SQL Injection (1)
EIP-2026-114229 EXPLOITDB text WORKING POC
WordPress Plugin WP Private Messages 1.0.1 - SQL Injection (2)
EIP-2026-114239 EXPLOITDB text WORKING POC
WordPress Plugin WP Support Plus Responsive Ticket System 7.1.3 - SQL Injection
EIP-2026-114246 EXPLOITDB text WORKING POC
WordPress Plugin WP Vault 0.8.6.6 - Local File Inclusion
EIP-2026-114060 EXPLOITDB text WORKING POC
WordPress Plugin Single Personal Message 1.0.3 - SQL Injection
EIP-2026-113591 EXPLOITDB text WORKING POC
WordPress Plugin BBS e-Franchise 1.1.1 - SQL Injection
EIP-2026-113794 EXPLOITDB text WORKING POC
WordPress Plugin Google Drive 2.2 - Remote Code Execution
EIP-2026-113851 EXPLOITDB text WORKING POC
WordPress Plugin JTRT Responsive Tables 4.1 - SQL Injection
EIP-2026-113986 EXPLOITDB text WORKING POC
WordPress Plugin Product Catalog 8 1.2.0 - SQL Injection
EIP-2026-113564 EXPLOITDB text WORKING POC
WordPress Plugin Answer My Question 1.3 - SQL Injection
EIP-2026-113473 EXPLOITDB text WORKING POC
WooCommerce CSV-Importer-Plugin 3.3.6 - Remote Code Execution