Nxploited

156 exploits Active since Nov 2023
CVE-2025-7441 GITHUB CRITICAL python WORKING POC
StoryChief <= 1.0.42 - Unauthenticated Arbitrary File Upload via Webhook REST-API Endpoint
The StoryChief plugin for WordPress is vulnerable to arbitrary file uploads in all versions up to, and including, 1.0.42. This vulnerability occurs through the /wp-json/storychief/webhook REST-API endpoint that does not have sufficient filetype validation. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.
CVSS 9.8
CVE-2025-9286 GITHUB CRITICAL python WORKING POC
Appy Pie Connect <1.1.2 - Privilege Escalation
The Appy Pie Connect for WooCommerce plugin for WordPress is vulnerable to Privilege Escalation due to missing authorization within the reset_user_password() REST handler in all versions up to, and including, 1.1.2. This makes it possible for unauthenticated attackers to to reset the password of arbitrary users, including administrators, thereby gaining administrative access.
CVSS 9.8
CVE-2025-8359 GITHUB CRITICAL python WORKING POC
AdForest theme <6.0.9 - Auth Bypass
The AdForest theme for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 6.0.9. This is due to the plugin not properly verifying a user's identity prior to authenticating them. This makes it possible for unauthenticated attackers to log in as other users, including administrators, without access to a password.
CVSS 9.8
CVE-2025-9209 GITHUB CRITICAL python WORKING POC
RestroPress 3.0.0-3.1.9.2 - Unauthenticated Authentication Bypass via REST API
The RestroPress – Online Food Ordering System plugin for WordPress is vulnerable to Authentication Bypass in versions 3.0.0 to 3.1.9.2. This is due to the plugin exposing user private tokens and API data via the /wp-json/wp/v2/users REST API endpoint. This makes it possible for unauthenticated attackers to forge JWT tokens for other users, including administrators, and authenticate as them.
CVSS 9.8
CVE-2025-48148 GITHUB CRITICAL python WORKING POC
StoreKeeper <14.4.4 - Unrestricted Upload
Unrestricted Upload of File with Dangerous Type vulnerability in StoreKeeper B.V. StoreKeeper for WooCommerce storekeeper-for-woocommerce allows Using Malicious Files.This issue affects StoreKeeper for WooCommerce: from n/a through <= 14.4.4.
CVSS 10.0
CVE-2025-8570 NOMISEC CRITICAL WORKING POC
BeyondCart Connector <2.1.0 - Privilege Escalation
The BeyondCart Connector plugin for WordPress is vulnerable to Privilege Escalation due to improper JWT secret management and authorization within the determine_current_user filter in versions 1.4.2 through 3.0.1. This makes it possible for unauthenticated attackers to craft valid tokens and assume any user’s identity.
CVSS 9.8
CVE-2025-5961 NOMISEC HIGH WORKING POC
WPvivid Backup & Migration < 0.9.116 - Authenticated Arbitrary File Upload via wpvivid_upload_import_files
The Migration, Backup, Staging – WPvivid Backup & Migration plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'wpvivid_upload_import_files' function in all versions up to, and including, 0.9.116. This makes it possible for authenticated attackers, with Administrator-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. NOTE: Uploaded files are only accessible on WordPress instances running on the NGINX web server as the existing .htaccess within the target file upload folder prevents access on Apache servers.
CVSS 7.2
CVE-2025-5394 NOMISEC CRITICAL WORKING POC
Alone - Charity Multipurpose Non-profit WordPress Theme <7.8.3 - RCE
The Alone – Charity Multipurpose Non-profit WordPress Theme theme for WordPress is vulnerable to arbitrary file uploads due to a missing capability check on the alone_import_pack_install_plugin() function in all versions up to, and including, 7.8.3. This makes it possible for unauthenticated attackers to upload zip files containing webshells disguised as plugins from remote locations to achieve remote code execution. CVE-2025-54019 is likely a duplicate of this.
CVSS 9.8
CVE-2025-49388 NOMISEC CRITICAL WORKING POC
Miraculous Core Plugin <2.0.7 - Privilege Escalation
Incorrect Privilege Assignment vulnerability in kamleshyadav Miraculous Core Plugin miraculouscore allows Privilege Escalation.This issue affects Miraculous Core Plugin: from n/a through <= 2.0.7.
CVSS 9.8
CVE-2025-5304 NOMISEC CRITICAL WORKING POC
PT Project Notebooks 1.0.0-1.1.3 - Unauthenticated Privilege Escalation via wpnb_pto_new_users_add()
The PT Project Notebooks plugin for WordPress is vulnerable to Privilege Escalation due to missing authorization in the wpnb_pto_new_users_add() function in versions 1.0.0 through 1.1.3. This makes it possible for unauthenticated attackers to elevate their privileges to that of an administrator.
CVSS 9.8
CVE-2025-30911 NOMISEC CRITICAL WORKING POC
Rometheme RomethemeKit For Elementor <1.5.4 - Code Injection
Improper Control of Generation of Code ('Code Injection') vulnerability in Rometheme RTMKit rometheme-for-elementor allows Command Injection.This issue affects RTMKit: from n/a through <= 1.5.4.
CVSS 9.9
CVE-2025-2249 NOMISEC HIGH WORKING POC
SoJ SoundSlides <= 1.2.2 - Authenticated Arbitrary File Upload via soj_soundslides_options_subpanel()
The SoJ SoundSlides plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the soj_soundslides_options_subpanel() function in all versions up to, and including, 1.2.2. This makes it possible for authenticated attackers, with Contributor-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.
CVSS 8.8
CVE-2025-2807 NOMISEC HIGH WORKING POC
Motors Plugin <= 1.4.64 - Authenticated Arbitrary Plugin Installation
The Motors – Car Dealership & Classified Listings Plugin plugin for WordPress is vulnerable to arbitrary plugin installations due to a missing capability check in the mvl_setup_wizard_install_plugin() function in all versions up to, and including, 1.4.64. This makes it possible for authenticated attackers, with Subscriber-level access and above, to install and activate arbitrary plugins on the affected site's server which may make remote code execution possible.
CVSS 8.8
CVE-2025-26892 NOMISEC CRITICAL WORKING POC
Celestial Aura < 2.2 - Unrestricted Upload of File with Dangerous Type
Unrestricted Upload of File with Dangerous Type vulnerability in dkszone Celestial Aura allows Using Malicious Files.This issue affects Celestial Aura: from n/a through 2.2.
CVSS 9.9
CVE-2025-32140 NOMISEC CRITICAL WORKING POC
Nirmal Kumar Ram WP Remote Thumbnail <1.3.1 - RCE
Unrestricted Upload of File with Dangerous Type vulnerability in Nirmal Kumar Ram WP Remote Thumbnail wp-remote-thumbnail allows Upload a Web Shell to a Web Server.This issue affects WP Remote Thumbnail: from n/a through <= 1.3.2.
CVSS 9.9
CVE-2025-31033 NOMISEC CRITICAL WORKING POC
Buddypress Humanity <= 1.2 - Cross-Site Request Forgery
Cross-Site Request Forgery (CSRF) vulnerability in Adam Nowak Buddypress Humanity buddypress-humanity allows Cross Site Request Forgery.This issue affects Buddypress Humanity: from n/a through <= 1.2.
CVSS 9.8
CVE-2025-12674 NOMISEC CRITICAL WORKING POC
KiotViet Sync <= 1.8.5 - Unauthenticated Arbitrary File Upload via create_media() Function
The KiotViet Sync plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the create_media() function in all versions up to, and including, 1.8.5. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.
CVSS 9.8
CVE-2025-13390 NOMISEC CRITICAL WORKING POC
WP Directory Kit <= 1.4.4 - Unauthenticated Authentication Bypass via Weak Auto-Login Token
The WP Directory Kit plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 1.4.4 due to incorrect implementation of the authentication algorithm in the "wdk_generate_auto_login_link" function. This is due to the feature using a cryptographically weak token generation mechanism. This makes it possible for unauthenticated attackers to gain administrative access and achieve full site takeover via the auto-login endpoint with a predictable token.
CVSS 10.0
CVE-2025-1639 NOMISEC HIGH WORKING POC
Crowdytheme Arolax < 1.7 - Missing Authorization
The Animation Addons for Elementor Pro plugin for WordPress is vulnerable to unauthorized arbitrary plugin installation due to a missing capability check on the install_elementor_plugin_handler() function in all versions up to, and including, 1.6. This makes it possible for authenticated attackers, with Subscriber-level access and above, to install and activate arbitrary plugins which can be leveraged to further infect a victim when Elementor is not activated on a vulnerable site.
CVSS 8.8
CVE-2025-32682 NOMISEC CRITICAL WORKING POC
RomanCode MapSVG Lite <8.5.34 - RCE
Unrestricted Upload of File with Dangerous Type vulnerability in RomanCode MapSVG mapsvg-lite-interactive-vector-maps allows Upload a Web Shell to a Web Server.This issue affects MapSVG: from n/a through <= 8.6.4.
CVSS 9.9
CVE-2025-32641 NOMISEC CRITICAL WORKING POC
Anant Addons for Elementor <1.1.5 - CSRF
Cross-Site Request Forgery (CSRF) vulnerability in anantaddons Anant Addons for Elementor anant-addons-for-elementor allows Cross Site Request Forgery.This issue affects Anant Addons for Elementor: from n/a through <= 1.1.8.
CVSS 9.6
CVE-2024-6244 NOMISEC HIGH WORKING POC
PZ Frontend Manager < 1.0.6 - Cross-Site Request Forgery
The PZ Frontend Manager WordPress plugin before 1.0.6 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks
CVSS 8.8
CVE-2024-9935 NOMISEC HIGH WORKING POC
PDF Generator Addon - Path Traversal
The PDF Generator Addon for Elementor Page Builder plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 2.0.0 via the rtw_pgaepb_dwnld_pdf() function. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive information. CVE-2025-24569 may be a duplicate of this issue.
CVSS 7.5
CVE-2024-9933 NOMISEC CRITICAL WORKING POC
WatchTowerHQ <= 3.10.1 - Unauthenticated Authentication Bypass via Empty OTA Token
The WatchTowerHQ plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.10.1. This is due to the 'watchtower_ota_token' default value is empty, and the not empty check is missing in the 'Password_Less_Access::login' function. This makes it possible for unauthenticated attackers to log in to the WatchTowerHQ client administrator user.
CVSS 9.8
CVE-2024-9932 NOMISEC CRITICAL WORKING POC
Wux Blog Editor <3.0.0 - File Upload
The Wux Blog Editor plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'wuxbt_insertImageNew' function in versions up to, and including, 3.0.0. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.
CVSS 9.8