Lenon Leite

15 exploits Active since Apr 2026
CVE-2016-20073 EXPLOITDB HIGH text WORKING POC
Answer My Question 1.3 Plugin WordPress SQL Injection via modal.php
Answer My Question 1.3 plugin for WordPress contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' POST parameter. Attackers can submit crafted SQL statements to the modal.php endpoint to extract sensitive database information including WordPress terms and configuration data.
CVSS 8.2
CVE-2016-20072 EXPLOITDB HIGH text WORKING POC
BBS e-Franchise 1.1.1 WordPress Plugin SQL Injection via uid
BBS e-Franchise 1.1.1 plugin for WordPress contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the uid parameter. Attackers can craft requests to pages using the plugin's shortcode with UNION-based SQL injection in the uid parameter to extract sensitive data from the WordPress database including user information and taxonomy terms.
CVSS 8.2
CVE-2016-20065 EXPLOITDB HIGH text WORKING POC
Product Catalog 8 1.2 Plugin WordPress SQL Injection
Product Catalog 8 1.2 plugin for WordPress contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the selectedCategory parameter. Attackers can submit POST requests to the admin-ajax.php endpoint with the UpdateCategoryList action to extract sensitive database information from WordPress tables.
CVSS 8.2
CVE-2016-20064 EXPLOITDB MEDIUM text WORKING POC
WP Vault 0.8.6.6 Local File Inclusion via wpv-image Parameter
WP Vault 0.8.6.6 contains a local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by exploiting an unescaped parameter in the include functionality. Attackers can supply directory traversal sequences through the wpv-image GET parameter to access sensitive files like system configuration and credentials.
CVSS 6.2
CVE-2016-20063 EXPLOITDB HIGH text WORKING POC
Single Personal Message 1.0.3 WordPress Plugin SQL Injection
Single Personal Message 1.0.3 contains an SQL injection vulnerability that allows authenticated users to execute arbitrary SQL queries by injecting malicious code through the message parameter. Attackers can access the admin interface and supply crafted SQL statements in the message parameter to extract sensitive database information including user credentials and site configuration data.
CVSS 7.1
CVE-2018-25326 EXPLOITDB HIGH text WORKING POC
Google Drive for WordPress 2.2 Path Traversal RCE via gdrive-ajaxs.php
Google Drive for WordPress 2.2 contains a path traversal vulnerability that allows unauthenticated attackers to read arbitrary files by injecting directory traversal sequences in the file_name parameter. Attackers can send POST requests to gdrive-ajaxs.php with the ajaxstype parameter set to del_fl_bkp and file_name containing traversal sequences ../../wp-config.php to access sensitive configuration files.
CVSS 7.5
CVE-2018-25325 EXPLOITDB HIGH text WORKING POC
Woocommerce CSV Importer 3.3.6 Path Traversal File Deletion
Woocommerce CSV Importer 3.3.6 contains a path traversal vulnerability that allows any registered user to delete arbitrary files by submitting unescaped filenames through the delete_export_file AJAX action. Attackers can craft POST requests with directory traversal sequences in the filename parameter to delete sensitive files like wp-config.php outside the intended export directory.
CVSS 7.5
CVE-2018-25308 EXPLOITDB HIGH text WRITEUP
BuddyPress Xprofile Custom Fields Type 2.6.3 Remote Code Execution
BuddyPress Xprofile Custom Fields Type 2.6.3 contains a remote code execution vulnerability that allows authenticated users to delete arbitrary files by manipulating unescaped POST parameters. Attackers can modify the field_hiddenfile and field_deleteimg parameters during profile editing to unlink files from the server.
CVSS 8.8
EIP-2026-114228 EXPLOITDB text WORKING POC
WordPress Plugin WP Private Messages 1.0.1 - SQL Injection (1)
EIP-2026-114239 EXPLOITDB text WORKING POC
WordPress Plugin WP Support Plus Responsive Ticket System 7.1.3 - SQL Injection
EIP-2026-114229 EXPLOITDB text WORKING POC
WordPress Plugin WP Private Messages 1.0.1 - SQL Injection (2)
EIP-2026-114061 EXPLOITDB text WORKING POC
WordPress Plugin Sirv 1.3.1 - SQL Injection
EIP-2026-114191 EXPLOITDB html WORKING POC
WordPress Plugin Woo Import Export 1.0 - Arbitrary File Deletion
EIP-2026-114143 EXPLOITDB text WORKING POC
WordPress Plugin Ultimate Product Catalogue 4.2.2 - SQL Injection
EIP-2026-113851 EXPLOITDB text WORKING POC
WordPress Plugin JTRT Responsive Tables 4.1 - SQL Injection