Minh Giang

32 exploits Active since Aug 2014
CVE-2014-5182 GITHUB python WORKING POC
yawpp 1.2 - Authenticated SQL Injection via id Parameter
Multiple SQL injection vulnerabilities in the yawpp plugin 1.2 for WordPress allow remote authenticated users with Contributor privileges to execute arbitrary SQL commands via vectors related to (1) admin_functions.php or (2) admin_update.php, as demonstrated by the id parameter in the update action to wp-admin/admin.php.
3 stars
CVE-2014-5185 GITHUB python WORKING POC
quartz_plugin 1.01.1 - Authenticated SQL Injection via Quote Parameter
SQL injection vulnerability in the Quartz plugin 1.01.1 for WordPress allows remote authenticated users with Contributor privileges to execute arbitrary SQL commands via the quote parameter in an edit action in the quartz/quote_form.php page to wp-admin/edit.php.
3 stars
CVE-2020-29045 GITHUB CRITICAL python WORKING POC
Five Star Restaurant Menu < 2.2.0 - Remote Code Execution via Unserialize in fdm_cart Cookie
The food-and-drink-menu plugin through 2.2.0 for WordPress allows remote attackers to execute arbitrary code because of an unserialize operation on the fdm_cart cookie in load_cart_from_cookie in includes/class-cart-manager.php.
3 stars
CVSS 9.8
CVE-2023-1425 GITHUB HIGH python WORKING POC
WordPress CRM <2.7.9.4 - SQL Injection
The WordPress CRM, Email & Marketing Automation for WordPress | Award Winner — Groundhogg WordPress plugin before 2.7.9.4 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admins
3 stars
CVSS 7.2
CVE-2023-3460 GITHUB CRITICAL python WORKING POC
Ultimate Member <2.6.7 - Privilege Escalation
The Ultimate Member WordPress plugin before 2.6.7 does not prevent visitors from creating user accounts with arbitrary capabilities, effectively allowing attackers to create administrator accounts at will. This is actively being exploited in the wild.
3 stars
CVSS 9.8
CVE-2023-4490 GITHUB CRITICAL python WORKING POC
WP Job Portal < 2.0.6 - Unauthenticated SQL Injection
The WP Job Portal WordPress plugin before 2.0.6 does not sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by unauthenticated users
3 stars
CVSS 9.8
CVE-2023-47873 GITHUB CRITICAL python WORKING POC
WEN Solutions WP Child Theme Generator <= 1.0.9 - Unrestricted Upload of File with Dangerous Type
Unrestricted Upload of File with Dangerous Type vulnerability in WEN Solutions WP Child Theme Generator.This issue affects WP Child Theme Generator: from n/a through 1.0.9.
3 stars
CVSS 9.1
CVE-2024-11270 GITHUB HIGH python WORKING POC
WebinarPress < 1.33.24 - Authenticated Arbitrary File Creation via sync-import-imgs Function
The WordPress Webinar Plugin – WebinarPress plugin for WordPress is vulnerable to arbitrary file creation due to a missing capability check on the 'sync-import-imgs' function and missing file type validation in all versions up to, and including, 1.33.24. This makes it possible for authenticated attackers, with subscriber-level access and above, to create arbitrary files that can lead to remote code execution.
3 stars
CVSS 8.8
CVE-2024-12131 GITHUB MEDIUM python WORKING POC
WP Job Portal < 2.2.5 - Authenticated Insecure Direct Object Reference via User-Controlled Key
The WP Job Portal – A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.2.5 due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Subscriber-level access and above, to submit resumes for other applicants when applying for jobs.
3 stars
CVSS 4.3
CVE-2024-12132 GITHUB MEDIUM python WORKING POC
WP Job Portal < 2.2.4 - Authenticated Insecure Direct Object Reference via User-Controlled Key
The WP Job Portal – A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.2.4 due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Subscriber-level access and above, to create jobs for companies that are unaffiliated with the attacker.
3 stars
CVSS 4.3
CVE-2024-13372 GITHUB MEDIUM python WORKING POC
WP Job Portal <2.2.6 - Insecure Direct Object Reference
The WP Job Portal – A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.2.6 via the getresumefiledownloadbyid() and getallresumefiles() functions due to missing validation on a user controlled key. This makes it possible for unauthenticated attackers to download users resumes without the appropriate authorization to do so.
3 stars
CVSS 5.3
CVE-2024-13425 GITHUB MEDIUM python WORKING POC
WP Job Portal <2.2.6 - Insecure Direct Object Reference
The WP Job Portal – A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.2.6 via the enforcedelete() function due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Employer-level access and above, to delete other users companies.
3 stars
CVSS 4.3
CVE-2024-13428 GITHUB MEDIUM python WORKING POC
WP Job Portal <2.2.6 - Insecure Direct Object Reference
The WP Job Portal – A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.2.6 via the deleteCompanyLogo() due to missing validation on a user controlled key. This makes it possible for unauthenticated attackers to delete arbitrary company logos.
3 stars
CVSS 5.3
CVE-2024-13873 GITHUB MEDIUM python WORKING POC
WP Job Portal < 2.2.9 - Authenticated Insecure Direct Object Reference via deleteUserPhoto Function
The WP Job Portal – A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.2.8 via the deleteUserPhoto() function due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Subscriber-level access and above, to remove profile photos from users accounts. Please note that this does not officially delete the file.
3 stars
CVSS 4.3
CVE-2024-32139 GITHUB HIGH python WORKING POC
Podlove Podcast Publisher <4.0.12 - SQL Injection
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Podlove Podlove Podcast Publisher.This issue affects Podlove Podcast Publisher: from n/a through 4.0.12.
3 stars
CVSS 8.5
CVE-2024-34555 GITHUB CRITICAL python WORKING POC
URBAN BASE Z-Downloads <1.11.3 - Unrestricted Upload
Unrestricted Upload of File with Dangerous Type vulnerability in URBAN BASE Z-Downloads.This issue affects Z-Downloads: from n/a through 1.11.3.
3 stars
CVSS 10.0
CVE-2024-38692 GITHUB HIGH python WORKING POC
Spiffy Calendar <4.9.11 - SQL Injection
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Spiffy Plugins Spiffy Calendar allows SQL Injection.This issue affects Spiffy Calendar: from n/a through 4.9.11.
3 stars
CVSS 7.6
CVE-2024-38755 GITHUB HIGH python WORKING POC
Designinvento DirectoryPress <3.6.10 - SQL Injection
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Designinvento DirectoryPress allows SQL Injection.This issue affects DirectoryPress: from n/a through 3.6.10.
3 stars
CVSS 8.5
CVE-2024-38788 GITHUB HIGH python WORKING POC
UiPress lite < 3.4.06 - SQL Injection
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Bởi Admin 2020 UiPress lite allows SQL Injection.This issue affects UiPress lite: from n/a through 3.4.06.
3 stars
CVSS 7.6
CVE-2024-5637 GITHUB HIGH python WORKING POC
WordPress Market Exporter <2.0.19 - Info Disclosure
The Market Exporter plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'remove_files' function in all versions up to, and including, 2.0.19. This makes it possible for authenticated attackers, with Subscriber-level access and above, to use path traversal to delete arbitrary files on the server.
3 stars
CVSS 7.5
CVE-2024-8252 GITHUB HIGH python WORKING POC
Clean Login <1.14.5 - Code Injection
The Clean Login plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.14.5 via the 'template' attribute of the clean-login-register shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included.
3 stars
CVSS 8.8
CVE-2024-8699 GITHUB HIGH python WORKING POC
Z-Downloads WP <1.11.5 - Privilege Escalation
The Z-Downloads WordPress plugin before 1.11.5 does not properly validate files uploaded, allowing high privilege users such as admin to upload arbitrary files on the server even when they should not be allowed to (for example in multisite setup)
3 stars
CVSS 7.2
CVE-2024-9224 GITHUB MEDIUM python WORKING POC
Hello World < 2.1.1 - Authenticated Arbitrary File Read via hello_world_lyric()
The Hello World plugin for WordPress is vulnerable to Arbitrary File Reading in all versions up to, and including, 2.1.1 via the hello_world_lyric() function. This makes it possible for authenticated attackers, with subscriber-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information.
3 stars
CVSS 6.5
CVE-2025-0394 GITHUB HIGH python WORKING POC
WordPress Groundhogg <= 3.7.3.5 - Author File Upload Code Execution
The WordPress CRM, Email & Marketing Automation for WordPress | Award Winner — Groundhogg plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the gh_big_file_upload() function in all versions up to, and including, 3.7.3.5. This makes it possible for authenticated attackers, with Author-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.
3 stars
CVSS 8.8
CVE-2025-0821 GITHUB MEDIUM python WORKING POC
Bit Assist < 1.5.3 - Authenticated Time-Based SQL Injection via 'id' Parameter
Bit Assist plugin for WordPress is vulnerable to time-based SQL Injection via the ‘id’ parameter in all versions up to, and including, 1.5.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
3 stars
CVSS 6.5