RandomRobbieBF

184 exploits Active since Jun 2017
CVE-2023-2982 NOMISEC CRITICAL WORKING POC
Miniorange Wordpress Social Login And... - Authentication Bypass
The WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 7.6.4. This is due to insufficient encryption on the user being supplied during a login validated through the plugin. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they know the email address associated with that user. This was partially patched in version 7.6.4 and fully patched in version 7.6.5.
82 stars
CVSS 9.8
CVE-2023-32243 NOMISEC CRITICAL WORKING POC
Wpdeveloper Essential Addons For Elementor - Authentication Bypass
Improper Authentication vulnerability in WPDeveloper Essential Addons for Elementor allows Privilege Escalation. This issue affects Essential Addons for Elementor: from 5.4.0 through 5.7.1.
81 stars
CVSS 9.8
CVE-2023-7028 NOMISEC CRITICAL WORKING POC
GitLab Password Reset Account Takeover
An issue has been discovered in GitLab CE/EE affecting all versions from 16.1 prior to 16.1.6, 16.2 prior to 16.2.9, 16.3 prior to 16.3.7, 16.4 prior to 16.4.5, 16.5 prior to 16.5.6, 16.6 prior to 16.6.4, and 16.7 prior to 16.7.2 in which user account password reset emails could be delivered to an unverified email address.
58 stars
CVSS 10.0
CVE-2017-9841 NOMISEC CRITICAL SCANNER
PHPUnit <4.8.28, <5.6.3 - RCE
Util/PHP/eval-stdin.php in PHPUnit before 4.8.28 and 5.x before 5.6.3 allows remote attackers to execute arbitrary PHP code via HTTP POST data beginning with a "<?php " substring, as demonstrated by an attack on a site with an exposed /vendor folder, i.e., external access to the /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php URI.
29 stars
CVSS 9.8
CVE-2024-9593 NOMISEC HIGH WORKING POC
Wpplugin Time Clock < 1.1.4 - Code Injection
The Time Clock plugin and Time Clock Pro plugin for WordPress are vulnerable to Remote Code Execution in versions up to, and including, 1.2.2 (for Time Clock) and 1.1.4 (for Time Clock Pro) via the 'etimeclockwp_load_function_callback' function. This allows unauthenticated attackers to execute code on the server. The invoked function's parameters cannot be specified.
7 stars
CVSS 8.3
CVE-2023-5204 NOMISEC CRITICAL WORKING POC
Quantumcloud Wpbot < 4.9.1 - SQL Injection
The ChatBot plugin for WordPress is vulnerable to SQL Injection via the $strid parameter in versions up to, and including, 4.8.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
7 stars
CVSS 9.8
CVE-2023-2732 NOMISEC CRITICAL WORKING POC
Inspireui Mstore API < 3.9.2 - Authentication Bypass
The MStore API plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.9.2. This is due to insufficient verification on the user being supplied during the add listing REST API request through the plugin. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the user id.
6 stars
CVSS 9.8
CVE-2023-32117 NOMISEC CRITICAL WORKING POC
SoftLab Integrate Google Drive - Info Disclosure
Missing Authorization vulnerability in SoftLab Integrate Google Drive allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Integrate Google Drive: from n/a through 1.1.99.
6 stars
CVSS 9.8
CVE-2024-49328 NOMISEC CRITICAL WORKING POC
Vivektamrakar WP Rest API Fns < 1.0.0 - Missing Authentication
Authentication Bypass Using an Alternate Path or Channel vulnerability in Vivek Tamrakar WP REST API FNS allows Authentication Bypass.This issue affects WP REST API FNS: from n/a through 1.0.0.
5 stars
CVSS 9.8
CVE-2023-5412 NOMISEC HIGH WORKING POC
Gopiplus Image Horizontal Reel Scroll Slideshow < 13.3 - SQL Injection
The Image horizontal reel scroll slideshow plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 13.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with subscriber-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
5 stars
CVSS 8.8
CVE-2024-9932 NOMISEC CRITICAL WORKING POC
Wux Blog Editor <3.0.0 - File Upload
The Wux Blog Editor plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'wuxbt_insertImageNew' function in versions up to, and including, 3.0.0. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.
4 stars
CVSS 9.8
CVE-2024-22145 NOMISEC HIGH WORKING POC
InstaWP Connect <0.1.0.8 - Privilege Escalation
Improper Privilege Management vulnerability in InstaWP Team InstaWP Connect allows Privilege Escalation.This issue affects InstaWP Connect: from n/a through 0.1.0.8.
4 stars
CVSS 8.8
CVE-2024-10924 NOMISEC CRITICAL WORKING POC
WordPress Really Simple SSL Plugin Authentication Bypass to RCE
The Really Simple Security (Free, Pro, and Pro Multisite) plugins for WordPress are vulnerable to authentication bypass in versions 9.0.0 to 9.1.1.1. This is due to improper user check error handling in the two-factor REST API actions with the 'check_login_and_get_user' function. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, when the "Two-Factor Authentication" setting is enabled (disabled by default).
4 stars
CVSS 9.8
CVE-2022-0952 NOMISEC HIGH WORKING POC
Sitemap < 1.0.36 - Missing Authorization
The Sitemap by click5 WordPress plugin before 1.0.36 does not have authorisation and CSRF checks when updating options via a REST endpoint, and does not ensure that the option to be updated belongs to the plugin. As a result, unauthenticated attackers could change arbitrary blog options, such as the users_can_register and default_role, allowing them to create a new admin account and take over the blog.
4 stars
CVSS 8.8
CVE-2024-50498 NOMISEC CRITICAL WORKING POC
Lubus WP Query Console < 1.0 - Code Injection
Improper Control of Generation of Code ('Code Injection') vulnerability in LUBUS WP Query Console allows Code Injection.This issue affects WP Query Console: from n/a through 1.0.
3 stars
CVSS 10.0
CVE-2024-6624 NOMISEC CRITICAL WORKING POC
JSON API User <3.9.3 - Privilege Escalation
The JSON API User plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 3.9.3. This is due to improper controls on custom user meta fields. This makes it possible for unauthenticated attackers to register as administrators on the site. The plugin requires the JSON API plugin to also be installed.
3 stars
CVSS 9.8
CVE-2024-9061 NOMISEC HIGH WORKING POC
Themehunk WP Popup Builder < 1.3.6 - Code Injection
The The WP Popup Builder – Popup Forms and Marketing Lead Generation plugin for WordPress is vulnerable to arbitrary shortcode execution via the wp_ajax_nopriv_shortcode_Api_Add AJAX action in all versions up to, and including, 1.3.5. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes. NOTE: This vulnerability was partially fixed in version 1.3.5 with a nonce check, which effectively prevented access to the affected function. However, version 1.3.6 incorporates the correct authorization check to prevent unauthorized access.
3 stars
CVSS 7.3
CVE-2024-49681 NOMISEC CRITICAL WORKING POC
SWIT WP Sessions Time Monitoring Full Automatic <1.0.9 - SQL Injection
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in SWIT WP Sessions Time Monitoring Full Automatic allows SQL Injection.This issue affects WP Sessions Time Monitoring Full Automatic: from n/a through 1.0.9.
3 stars
CVSS 9.3
CVE-2023-47840 NOMISEC CRITICAL WORKING POC
Qodeinteractive Qode Essential Addons < 1.5.2 - Code Injection
Improper Control of Generation of Code ('Code Injection') vulnerability in Qode Interactive Qode Essential Addons.This issue affects Qode Essential Addons: from n/a through 1.5.2.
3 stars
CVSS 9.9
CVE-2022-3904 NOMISEC MEDIUM WORKING POC
Monsterinsights < 8.9.1 - XSS
The MonsterInsights WordPress plugin before 8.9.1 does not sanitize or escape page titles in the top posts/pages section, allowing an unauthenticated attacker to inject arbitrary web scripts into the titles by spoofing requests to google analytics.
3 stars
CVSS 6.1
CVE-2024-50483 NOMISEC CRITICAL WORKING POC
Tareqhasan Meetup < 0.1 - IDOR
Authorization Bypass Through User-Controlled Key vulnerability in Meetup allows Privilege Escalation.This issue affects Meetup: from n/a through 0.1.
2 stars
CVSS 9.8
CVE-2024-8529 NOMISEC CRITICAL WORKING POC
WordPress LearnPress Unauthenticated SQLi (CVE-2024-8522, CVE-2024-8529)
The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to SQL Injection via the 'c_fields' parameter of the /wp-json/lp/v1/courses/archive-course REST API endpoint in all versions up to, and including, 4.2.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
2 stars
CVSS 10.0
CVE-2024-9234 NOMISEC CRITICAL WORKING POC
GutenKit - Unauthenticated RCE
The GutenKit – Page Builder Blocks, Patterns, and Templates for Gutenberg Block Editor plugin for WordPress is vulnerable to arbitrary file uploads due to a missing capability check on the install_and_activate_plugin_from_external() function (install-active-plugin REST API endpoint) in all versions up to, and including, 2.1.0. This makes it possible for unauthenticated attackers to install and activate arbitrary plugins, or utilize the functionality to upload arbitrary files spoofed like plugins.
2 stars
CVSS 9.8
CVE-2024-9796 NOMISEC CRITICAL WORKING POC
Internet-formation Wp-advanced-search < 3.3.9.2 - SQL Injection
The WP-Advanced-Search WordPress plugin before 3.3.9.2 does not sanitize and escape the t parameter before using it in a SQL statement, allowing unauthenticated users to perform SQL injection attacks
2 stars
CVSS 9.8
CVE-2024-9935 NOMISEC HIGH WORKING POC
PDF Generator Addon - Path Traversal
The PDF Generator Addon for Elementor Page Builder plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.7.5 via the rtw_pgaepb_dwnld_pdf() function. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive information.
2 stars
CVSS 7.5