Md Amanat Ullah (xSwads)

2 exploits Active since Jul 2025
CVE-2025-34077 EXPLOITDB CRITICAL python WORKING POC
WordPress Pie Register <3.7.1.4 - Auth Bypass
An authentication bypass vulnerability exists in the WordPress Pie Register plugin ≤ 3.7.1.4 that allows unauthenticated attackers to impersonate arbitrary users by submitting a crafted POST request to the login endpoint. By setting social_site=true and manipulating the user_id_social_site parameter, an attacker can generate a valid WordPress session cookie for any user ID, including administrators. Once authenticated, the attacker may exploit plugin upload functionality to install a malicious plugin containing arbitrary PHP code, resulting in remote code execution on the underlying server.
CVE-2020-36847 EXPLOITDB CRITICAL python WORKING POC
Simple-File-List Plugin <4.2.2 - RCE
The Simple-File-List Plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 4.2.2 via the rename function which can be used to rename uploaded PHP code with a png extension to use a php extension. This allows unauthenticated attackers to execute code on the server.
CVSS 9.8