Nxploited

156 exploits Active since Nov 2023
CVE-2024-9707 NOMISEC CRITICAL WORKING POC
Hunk Companion <= 1.8.4 - Unauthenticated Arbitrary Plugin Installation and Activation via REST API
The Hunk Companion plugin for WordPress is vulnerable to unauthorized plugin installation/activation due to a missing capability check on the /wp-json/hc/v1/themehunk-import REST API endpoint in all versions up to, and including, 1.8.4. This makes it possible for unauthenticated attackers to install and activate arbitrary plugins which can be leveraged to achieve remote code execution if another vulnerable plugin is installed and activated.
CVSS 9.8
CVE-2024-9698 NOMISEC HIGH WORKING POC
Crafthemes Demo Import <3.3 - File Upload
The Crafthemes Demo Import plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'process_uploaded_files' function in all versions up to, and including, 3.3. This makes it possible for authenticated attackers, with Administrator-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.
CVSS 7.2
CVE-2024-7985 NOMISEC HIGH WORKING POC
FileOrganizer - WordPress File Manager <= 1.0.9 - Authenticated Arbitrary File Upload via fileorganizer_ajax_handler
The FileOrganizer – Manage WordPress and Website Files plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the "fileorganizer_ajax_handler" function in all versions up to, and including, 1.0.9. This makes it possible for authenticated attackers, with Subscriber-level access and above, and permissions granted by an administrator, to upload arbitrary files on the affected site's server which may make remote code execution possible. NOTE: The FileOrganizer Pro plugin must be installed and active to allow Subscriber+ users to upload files.
CVSS 7.5
CVE-2024-7135 NOMISEC MEDIUM WORKING POC
Tainacan <= 0.21.7 - Authenticated Arbitrary File Read via Missing Authorization in get_file Function
The Tainacan plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'get_file' function in all versions up to, and including, 0.21.7. The function is also vulnerable to directory traversal. This makes it possible for authenticated attackers, with Subscriber-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information.
CVSS 6.5
CVE-2024-6460 NOMISEC CRITICAL WORKING POC
Grow by Tradedoubler <2.0.21 - Code Injection
The Grow by Tradedoubler WordPress plugin through 2.0.21 is vulnerable to Local File Inclusion via the component parameter. This makes it possible for attackers to include and execute PHP files on the server, allowing the execution of any PHP code in those files.
CVSS 9.8
CVE-2024-6366 NOMISEC CRITICAL WORKING POC
User Profile Builder <3.11.8 - Info Disclosure
The User Profile Builder WordPress plugin before 3.11.8 does not have proper authorisation, allowing unauthenticated users to upload media files via the async upload functionality of WP.
CVSS 9.1
CVE-2024-56264 NOMISEC MEDIUM WORKING POC
Beee ACF City Selector <1.14.0 - RCE
Unrestricted Upload of File with Dangerous Type vulnerability in Beee ACF City Selector acf-city-selector allows Upload a Web Shell to a Web Server.This issue affects ACF City Selector: from n/a through <= 1.14.0.
CVSS 6.6
CVE-2024-56071 NOMISEC CRITICAL WORKING POC
Mike Leembruggen Simple Dashboard <2.0 - Privilege Escalation
Incorrect Privilege Assignment vulnerability in mikeleembruggen Simple Dashboard simple-dashboard allows Privilege Escalation.This issue affects Simple Dashboard: from n/a through <= 2.0.
CVSS 9.8
CVE-2024-54369 NOMISEC CRITICAL WORKING POC
ThemeHunk Zita Site Builder <1.0.2 - Info Disclosure
Missing Authorization vulnerability in ThemeHunk Zita Site Builder ai-site-builder allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Zita Site Builder: from n/a through <= 1.0.2.
CVSS 9.1
CVE-2024-54262 NOMISEC CRITICAL WORKING POC
Siddharth Nagar Import Export For WooCommerce <1.5 - RCE
Unrestricted Upload of File with Dangerous Type vulnerability in sidngr Import Export For WooCommerce import-export-for-woocommerce allows Upload a Web Shell to a Web Server.This issue affects Import Export For WooCommerce: from n/a through <= 1.6.2.
CVSS 9.9
CVE-2024-52375 NOMISEC CRITICAL WORKING POC
Arttia Creative Datasets Manager <1.5 - RCE
Unrestricted Upload of File with Dangerous Type vulnerability in Arttia Creative Datasets Manager by Arttia Creative datasets-manager-by-arttia-creative.This issue affects Datasets Manager by Arttia Creative: from n/a through <= 1.5.
CVSS 10.0
CVE-2024-50498 NOMISEC CRITICAL WORKING POC
WP Query Console <= 1.0 - Remote Code Execution
Improper Control of Generation of Code ('Code Injection') vulnerability in Ajit Bohra WP Query Console wp-query-console allows Code Injection.This issue affects WP Query Console: from n/a through <= 1.0.
CVSS 10.0
CVE-2024-49653 NOMISEC CRITICAL WORKING POC
Portfolleo <= 1.2 - Unauthenticated Arbitrary File Upload
Unrestricted Upload of File with Dangerous Type vulnerability in james-eggers Portfolleo portfolleo allows Upload a Web Shell to a Web Server.This issue affects Portfolleo: from n/a through <= 1.2.
CVSS 9.9
CVE-2024-49328 NOMISEC CRITICAL WORKING POC
WP REST API FNS <= 1.0.0 - Authentication Bypass
Authentication Bypass Using an Alternate Path or Channel vulnerability in vivek2tamrakar WP REST API FNS rest-api-fns allows Authentication Bypass.This issue affects WP REST API FNS: from n/a through <= 1.0.0.
CVSS 9.8
CVE-2024-31114 NOMISEC CRITICAL WORKING POC
biplob018 Shortcode Addons <3.2.5 - RCE
Unrestricted Upload of File with Dangerous Type vulnerability in biplob018 Shortcode Addons.This issue affects Shortcode Addons: from n/a through 3.2.5.
CVSS 9.1
CVE-2024-43998 NOMISEC MEDIUM WORKING POC
WebsiteinWP Blogpoet <= 1.0.3 - Missing Authorization
Missing Authorization vulnerability in WebsiteinWP Blogpoet allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Blogpoet: from n/a through 1.0.3.
CVSS 6.5
CVE-2024-0235 NOMISEC MEDIUM WORKING POC
EventON WordPress Plugin < 2.2.7 - Unauthenticated Email Address Disclosure via AJAX Action
The EventON WordPress plugin before 4.5.5, EventON WordPress plugin before 2.2.7 do not have authorisation in an AJAX action, allowing unauthenticated users to retrieve email addresses of any users on the blog
CVSS 5.3
CVE-2024-10578 NOMISEC HIGH WORKING POC
Pubnews theme <1.0.7 - Privilege Escalation
The Pubnews theme for WordPress is vulnerable to unauthorized arbitrary plugin installation due to a missing capability check on the pubnews_importer_plugin_action_for_notice() function in all versions up to, and including, 1.0.7. This makes it possible for authenticated attackers, with Subscriber-level access and above, to install arbitrary plugins that can be leveraged to exploit other vulnerabilities.
CVSS 8.8
CVE-2024-10586 NOMISEC CRITICAL WORKING POC
Debug Tool < 2.2 - Unauthenticated Arbitrary File Creation via dbt_pull_image()
The Debug Tool plugin for WordPress is vulnerable to arbitrary file creation due to a missing capability check on the dbt_pull_image() function and missing file type validation in all versions up to, and including, 2.2. This makes it possible for unauthenticated attackers to to create arbitrary files such as .php files that can be leveraged for remote code execution. CVE-2024-52416 may be a duplicate of this issue.
CVSS 9.8
CVE-2024-10629 NOMISEC HIGH WORKING POC
GPX Viewer <= 2.2.9 - Authenticated Arbitrary File Creation via gpxv_file_upload()
The GPX Viewer plugin for WordPress is vulnerable to arbitrary file creation due to a missing capability check and file type validation in the gpxv_file_upload() function in all versions up to, and including, 2.2.9. This makes it possible for authenticated attackers, with subscriber-level access and above, to create arbitrary files on the affected site's server which may make remote code execution possible.
CVSS 8.8
CVE-2024-10674 NOMISEC HIGH WORKING POC
Th Shop Mania <1.4.9 - Privilege Escalation
The Th Shop Mania theme for WordPress is vulnerable to unauthorized arbitrary plugin installation due to a missing capability check on the th_shop_mania_install_and_activate_callback() function in all versions up to, and including, 1.4.9. This makes it possible for authenticated attackers, with Subscriber-level access and above, to install arbitrary plugins which can be leveraged to exploit other vulnerabilities and achieve remote code execution and privilege escalation.
CVSS 8.8
CVE-2024-11972 NOMISEC CRITICAL WORKING POC
Hunk Companion WP <1.9.0 - Auth Bypass
The Hunk Companion WordPress plugin before 1.9.0 does not correctly authorize some REST API endpoints, allowing unauthenticated requests to install and activate arbitrary Hunk Companion WordPress plugin before 1.9.0 from the WordPress.org repo, including vulnerable Hunk Companion WordPress plugin before 1.9.0 that have been closed.
CVSS 9.8
CVE-2024-1247 NOMISEC LOW WORKING POC
Concrete CMS 9.0.0-9.2.4 - Stored Cross-Site Scripting via Role Name Field
Concrete CMS version 9 before 9.2.5 is vulnerable to  stored XSS via the Role Name field since there is insufficient validation of administrator provided data for that field. A rogue administrator could inject malicious code into the Role Name field which might be executed when users visit the affected page. The Concrete CMS Security team scored this 2 with CVSS v3 vector AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:N https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator . Concrete versions below 9 do not include group types so they are not affected by this vulnerability.
CVSS 2.0
CVE-2024-12542 NOMISEC HIGH WORKING POC
linkID WordPress <0.1.2 - Info Disclosure
The linkID plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check when including the 'phpinfo' function in all versions up to, and including, 0.1.2. This makes it possible for unauthenticated attackers to read configuration settings and predefined variables on the site's server. The plugin does not need to be activated for the vulnerability to be exploited.
CVSS 8.6
CVE-2024-12558 NOMISEC MEDIUM WORKING POC
WP BASE Booking <4.9.2 - Info Disclosure
The WP BASE Booking of Appointments, Services and Events plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the export_db function in all versions up to, and including, 4.9.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to expose sensitive information from the database, such as the hashed administrator password.
CVSS 6.5