RandomRobbieBF

184 exploits Active since Jun 2017
CVE-2023-2982 NOMISEC CRITICAL WORKING POC
WordPress Social Login and Register <= 7.6.4 - Authentication Bypass via Insufficient Encryption
The WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 7.6.4. This is due to insufficient encryption on the user being supplied during a login validated through the plugin. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they know the email address associated with that user. This was partially patched in version 7.6.4 and fully patched in version 7.6.5.
82 stars
CVSS 9.8
CVE-2023-32243 NOMISEC CRITICAL WORKING POC
Essential Addons for Elementor 5.4.0-5.7.1 - Unauthenticated Privilege Escalation via Arbitrary Password Reset
Improper Authentication vulnerability in WPDeveloper Essential Addons for Elementor allows Privilege Escalation. This issue affects Essential Addons for Elementor: from 5.4.0 through 5.7.1.
81 stars
CVSS 9.8
CVE-2023-7028 NOMISEC CRITICAL WORKING POC
GitLab Password Reset Account Takeover
An issue has been discovered in GitLab CE/EE affecting all versions from 16.1 prior to 16.1.6, 16.2 prior to 16.2.9, 16.3 prior to 16.3.7, 16.4 prior to 16.4.5, 16.5 prior to 16.5.6, 16.6 prior to 16.6.4, and 16.7 prior to 16.7.2 in which user account password reset emails could be delivered to an unverified email address.
58 stars
CVSS 10.0
CVE-2017-9841 NOMISEC CRITICAL SCANNER
PHPUnit < 4.8.28 and 5.x < 5.6.3 - Remote Code Execution via HTTP POST Data
Util/PHP/eval-stdin.php in PHPUnit before 4.8.28 and 5.x before 5.6.3 allows remote attackers to execute arbitrary PHP code via HTTP POST data beginning with a "<?php " substring, as demonstrated by an attack on a site with an exposed /vendor folder, i.e., external access to the /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php URI.
29 stars
CVSS 9.8
CVE-2024-9593 NOMISEC HIGH WORKING POC
Time Clock and Time Clock Pro <= 1.2.2 - Unauthenticated Remote Code Execution via etimeclockwp_load_function_callback
The Time Clock plugin and Time Clock Pro plugin for WordPress are vulnerable to Remote Code Execution in versions up to, and including, 1.2.2 (for Time Clock) and 1.1.4 (for Time Clock Pro) via the 'etimeclockwp_load_function_callback' function. This allows unauthenticated attackers to execute code on the server. The invoked function's parameters cannot be specified.
7 stars
CVSS 8.3
CVE-2023-5204 NOMISEC CRITICAL WORKING POC
WPBot AI ChatBot <= 4.8.9 - Unauthenticated SQL Injection via $strid
The ChatBot plugin for WordPress is vulnerable to SQL Injection via the $strid parameter in versions up to, and including, 4.8.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
7 stars
CVSS 9.8
CVE-2023-2732 NOMISEC CRITICAL WORKING POC
MStore API < 3.9.2 - Unauthenticated Authentication Bypass via Listing REST API
The MStore API plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.9.2. This is due to insufficient verification on the user being supplied during the add listing REST API request through the plugin. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the user id.
6 stars
CVSS 9.8
CVE-2023-32117 NOMISEC CRITICAL WORKING POC
SoftLab Integrate Google Drive - Info Disclosure
Missing Authorization vulnerability in SoftLab Integrate Google Drive allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Integrate Google Drive: from n/a through 1.1.99.
6 stars
CVSS 9.8
CVE-2024-49328 NOMISEC CRITICAL WORKING POC
WP REST API FNS <= 1.0.0 - Authentication Bypass
Authentication Bypass Using an Alternate Path or Channel vulnerability in vivek2tamrakar WP REST API FNS rest-api-fns allows Authentication Bypass.This issue affects WP REST API FNS: from n/a through <= 1.0.0.
5 stars
CVSS 9.8
CVE-2023-5412 NOMISEC HIGH WORKING POC
Image horizontal reel scroll slideshow < 13.3 - Authenticated SQL Injection via Shortcode Parameter
The Image horizontal reel scroll slideshow plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 13.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with subscriber-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
5 stars
CVSS 8.8
CVE-2024-9932 NOMISEC CRITICAL WORKING POC
Wux Blog Editor <3.0.0 - File Upload
The Wux Blog Editor plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'wuxbt_insertImageNew' function in versions up to, and including, 3.0.0. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.
4 stars
CVSS 9.8
CVE-2024-22145 NOMISEC HIGH WORKING POC
InstaWP Connect <0.1.0.8 - Privilege Escalation
Incorrect Privilege Assignment vulnerability in InstaWP InstaWP Connect instawp-connect.This issue affects InstaWP Connect: from n/a through <= 0.1.0.8.
4 stars
CVSS 8.8
CVE-2024-10924 NOMISEC CRITICAL WORKING POC
WordPress Really Simple SSL Plugin Authentication Bypass to RCE
The Really Simple Security (Free, Pro, and Pro Multisite) plugins for WordPress are vulnerable to authentication bypass in versions 9.0.0 to 9.1.1.1. This is due to improper user check error handling in the two-factor REST API actions with the 'check_login_and_get_user' function. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, when the "Two-Factor Authentication" setting is enabled (disabled by default).
4 stars
CVSS 9.8
CVE-2022-0952 NOMISEC HIGH WORKING POC
Sitemap by click5 < 1.0.36 - Unauthenticated Arbitrary Option Update via REST Endpoint
The Sitemap by click5 WordPress plugin before 1.0.36 does not have authorisation and CSRF checks when updating options via a REST endpoint, and does not ensure that the option to be updated belongs to the plugin. As a result, unauthenticated attackers could change arbitrary blog options, such as the users_can_register and default_role, allowing them to create a new admin account and take over the blog.
4 stars
CVSS 8.8
CVE-2024-50498 NOMISEC CRITICAL WORKING POC
WP Query Console <= 1.0 - Remote Code Execution
Improper Control of Generation of Code ('Code Injection') vulnerability in Ajit Bohra WP Query Console wp-query-console allows Code Injection.This issue affects WP Query Console: from n/a through <= 1.0.
3 stars
CVSS 10.0
CVE-2024-6624 NOMISEC CRITICAL WORKING POC
JSON API User <3.9.3 - Privilege Escalation
The JSON API User plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 3.9.3. This is due to improper controls on custom user meta fields. This makes it possible for unauthenticated attackers to register as administrators on the site. The plugin requires the JSON API plugin to also be installed.
3 stars
CVSS 9.8
CVE-2024-9061 NOMISEC HIGH WORKING POC
WP Popup Builder <= 1.3.5 - Unauthenticated Arbitrary Shortcode Execution
The The WP Popup Builder – Popup Forms and Marketing Lead Generation plugin for WordPress is vulnerable to arbitrary shortcode execution via the wp_ajax_nopriv_shortcode_Api_Add AJAX action in all versions up to, and including, 1.3.5. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes. NOTE: This vulnerability was partially fixed in version 1.3.5 with a nonce check, which effectively prevented access to the affected function. However, version 1.3.6 incorporates the correct authorization check to prevent unauthorized access.
3 stars
CVSS 7.3
CVE-2024-49681 NOMISEC CRITICAL WORKING POC
SWIT WP Sessions Time Monitoring Full Automatic <1.0.9 - SQL Injection
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in activity-log.com WP Sessions Time Monitoring Full Automatic activitytime allows SQL Injection.This issue affects WP Sessions Time Monitoring Full Automatic: from n/a through <= 1.0.9.
3 stars
CVSS 9.3
CVE-2023-47840 NOMISEC CRITICAL WORKING POC
Qode Essential Addons < 1.5.2 - Arbitrary Plugin Installation and Activation
Improper Control of Generation of Code ('Code Injection') vulnerability in Qode Interactive Qode Essential Addons.This issue affects Qode Essential Addons: from n/a through 1.5.2.
3 stars
CVSS 9.9
CVE-2022-3904 NOMISEC MEDIUM WORKING POC
MonsterInsights < 8.9.1 - Unauthenticated Stored Cross-Site Scripting via Page Title Spoofing
The MonsterInsights WordPress plugin before 8.9.1 does not sanitize or escape page titles in the top posts/pages section, allowing an unauthenticated attacker to inject arbitrary web scripts into the titles by spoofing requests to google analytics.
3 stars
CVSS 6.1
CVE-2024-50483 NOMISEC CRITICAL WORKING POC
Tareq Hasan Meetup <= 0.1 - Privilege Escalation via Authorization Bypass
Authorization Bypass Through User-Controlled Key vulnerability in Tareq Hasan Meetup meetup allows Privilege Escalation.This issue affects Meetup: from n/a through <= 0.1.
2 stars
CVSS 9.8
CVE-2024-8529 NOMISEC CRITICAL WORKING POC
WordPress LearnPress Unauthenticated SQLi (CVE-2024-8522, CVE-2024-8529)
The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to SQL Injection via the 'c_fields' parameter of the /wp-json/lp/v1/courses/archive-course REST API endpoint in all versions up to, and including, 4.2.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
2 stars
CVSS 10.0
CVE-2024-9234 NOMISEC CRITICAL WORKING POC
GutenKit < 2.1.0 - Unauthenticated Arbitrary File Upload via install-active-plugin Endpoint
The GutenKit – Page Builder Blocks, Patterns, and Templates for Gutenberg Block Editor plugin for WordPress is vulnerable to arbitrary file uploads due to a missing capability check on the install_and_activate_plugin_from_external() function (install-active-plugin REST API endpoint) in all versions up to, and including, 2.1.0. This makes it possible for unauthenticated attackers to install and activate arbitrary plugins, or utilize the functionality to upload arbitrary files spoofed like plugins.
2 stars
CVSS 9.8
CVE-2024-9796 NOMISEC CRITICAL WORKING POC
WP-Advanced-Search < 3.3.9.2 - Unauthenticated SQL Injection via t Parameter
The WP-Advanced-Search WordPress plugin before 3.3.9.2 does not sanitize and escape the t parameter before using it in a SQL statement, allowing unauthenticated users to perform SQL injection attacks
2 stars
CVSS 9.8
CVE-2024-9935 NOMISEC HIGH WORKING POC
PDF Generator Addon - Path Traversal
The PDF Generator Addon for Elementor Page Builder plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 2.0.0 via the rtw_pgaepb_dwnld_pdf() function. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive information. CVE-2025-24569 may be a duplicate of this issue.
2 stars
CVSS 7.5