Nitin Venkatesh

5 exploits Active since Aug 2014
CVE-2015-20067 WRITEUP HIGH WORKING POC
WP Attachment Export < 0.2.4 - Unauthenticated Sensitive Data Exposure via XML Export
The WP Attachment Export WordPress plugin before 0.2.4 does not have proper access controls, allowing unauthenticated users to download the XML data that holds all the details of attachments/posts on a Wordpress
CVSS 7.5
CVE-2014-5337 METASPLOIT ruby WORKING POC
WordPress Mobile Pack < 2.0.2 - Unauthenticated Information Disclosure via Export Articles Action
The WordPress Mobile Pack plugin before 2.0.2 for WordPress does not properly restrict access to password protected posts, which allows remote attackers to obtain sensitive information via an exportarticles action to export/content.php.
EIP-2026-114148 EXPLOITDB text WORKING POC
WordPress Plugin Unite Gallery Lite 1.4.6 - Multiple Vulnerabilities
EIP-2026-113665 EXPLOITDB text WORKING POC
WordPress Plugin CP Contact Form with Paypal 1.1.5 - Multiple Vulnerabilities
CVE-2015-4010 EXPLOITDB text WORKING POC
Encrypted Contact Form < 1.1 - Cross-Site Request Forgery via iframe_url Parameter
Cross-site request forgery (CSRF) vulnerability in the Encrypted Contact Form plugin before 1.1 for WordPress allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the iframe_url parameter in an Update Page action in the conformconf page to wp-admin/options-general.php.