RandomRobbieBF

184 exploits Active since Jun 2017
CVE-2024-11423 NOMISEC HIGH WORKING POC
The Ultimate Gift Cards for WooCommerce <3.0.6 - Info Disclosure
The Ultimate Gift Cards for WooCommerce – Create WooCommerce Gift Cards, Gift Vouchers, Redeem & Manage Digital Gift Coupons. Offer Gift Certificates, Schedule Gift Cards, and Use Advance Coupons With Personalized Templates plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several REST API endpoints such as /wp-json/gifting/recharge-giftcard in all versions up to, and including, 3.0.6. This makes it possible for unauthenticated attackers to recharge a gift card balance, without making a payment along with reducing gift card balances without purchasing anything.
2 stars
CVSS 7.5
CVE-2024-0679 NOMISEC MEDIUM WORKING POC
ColorMag <3.1.2 - Privilege Escalation
The ColorMag theme for WordPress is vulnerable to unauthorized access due to a missing capability check on the plugin_action_callback() function in all versions up to, and including, 3.1.2. This makes it possible for authenticated attackers, with subscriber-level access and above, to install and activate arbitrary plugins.
2 stars
CVSS 6.5
CVE-2023-6700 NOMISEC HIGH WORKING POC
Cookieinformation Wp-gdpr-compliance < 2.0.22 - Missing Authorization
The Cookie Information | Free GDPR Consent Solution plugin for WordPress is vulnerable to arbitrary option updates due to a missing capability check on its AJAX request handler in versions up to, and including, 2.0.22. This makes it possible for authenticated attackers, with subscriber-level access or higher, to edit arbitrary site options which can be used to create administrator accounts.
2 stars
CVSS 8.8
CVE-2024-12025 NOMISEC HIGH WRITEUP
Collapsing Categories <3.0.8 - SQL Injection
The Collapsing Categories plugin for WordPress is vulnerable to SQL Injection via the 'taxonomy' parameter of the /wp-json/collapsing-categories/v1/get REST API in all versions up to, and including, 3.0.8 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
2 stars
CVSS 7.5
CVE-2023-32243 NOMISEC CRITICAL WORKING POC
Wpdeveloper Essential Addons For Elementor - Authentication Bypass
Improper Authentication vulnerability in WPDeveloper Essential Addons for Elementor allows Privilege Escalation. This issue affects Essential Addons for Elementor: from 5.4.0 through 5.7.1.
2 stars
CVSS 9.8
CVE-2023-2877 NOMISEC HIGH WORKING POC
Formidable Forms <6.3.1 - RCE
The Formidable Forms WordPress plugin before 6.3.1 does not adequately authorize the user or validate the plugin URL in its functionality for installing add-ons. This allows a user with a role as low as Subscriber to install and activate arbitrary plugins of arbitrary versions from the WordPress.org plugin repository onto the site, leading to Remote Code Execution.
2 stars
CVSS 8.8
CVE-2023-0630 NOMISEC HIGH WORKING POC
Wp-slimstat Slimstat Analytics < 4.9.3.3 - SQL Injection
The Slimstat Analytics WordPress plugin before 4.9.3.3 does not prevent subscribers from rendering shortcodes that concatenates attributes directly into an SQL query.
2 stars
CVSS 8.8
CVE-2025-5701 NOMISEC CRITICAL WORKING POC
HyperComments <1.2.2 - Privilege Escalation
The HyperComments plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the hc_request_handler function in all versions up to, and including, 1.2.2. This makes it possible for unauthenticated attackers to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site.
1 stars
CVSS 9.8
CVE-2025-22954 NOMISEC CRITICAL WORKING POC
Koha <24.11.02 - SQL Injection
GetLateOrMissingIssues in C4/Serials.pm in Koha before 24.11.02 allows SQL Injection in /serials/lateissues-export.pl via the supplierid or serialid parameter.
1 stars
CVSS 10.0
CVE-2024-4875 NOMISEC MEDIUM WORKING POC
Hasthemes HT Mega < 2.5.3 - Missing Authorization
The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to unauthorized modification of data|loss of data due to a missing capability check on the 'ajax_dismiss' function in versions up to, and including, 2.5.2. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to update options such as users_can_register, which can lead to unauthorized user registration.
1 stars
CVSS 4.3
CVE-2024-52429 NOMISEC CRITICAL WORKING POC
Antonhoelstad WP Quick Setup < 2.0 - Unrestricted File Upload
Unrestricted Upload of File with Dangerous Type vulnerability in Anton Hoelstad WP Quick Setup allows Upload a Web Shell to a Web Server.This issue affects WP Quick Setup: from n/a through 2.0.
1 stars
CVSS 9.9
CVE-2024-9822 NOMISEC CRITICAL WORKING POC
Pedalo Connector < 2.0.5 - Authentication Bypass
The Pedalo Connector plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.0.5. This is due to insufficient restriction on the 'login_admin_user' function. This makes it possible for unauthenticated attackers to log to the first user, who is usually the administrator, or if it does not exist, then to the first administrator.
1 stars
CVSS 9.8
CVE-2024-7514 NOMISEC MEDIUM WORKING POC
WordPress Comments Import & Export <2.3.7 - Info Disclosure
The WordPress Comments Import & Export plugin for WordPress is vulnerable to to arbitrary file read due to insufficient file path validation during the comments import process, in versions up to, and including, 2.3.7. This makes it possible for authenticated attackers, with Author-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information. The issue was partially fixed in version 2.3.8 and fully fixed in 2.3.9
1 stars
CVSS 6.5
CVE-2024-51665 NOMISEC MEDIUM WORKING POC
Noor alam Magical Addons For Elementor <1.2.1 - SSRF
Server-Side Request Forgery (SSRF) vulnerability in Noor alam Magical Addons For Elementor allows Server Side Request Forgery.This issue affects Magical Addons For Elementor: from n/a through 1.2.1.
1 stars
CVSS 4.9
CVE-2024-56064 NOMISEC CRITICAL WORKING POC
Azzaroco WP SuperBackup <2.3.3 - Code Injection
Unrestricted Upload of File with Dangerous Type vulnerability in Azzaroco WP SuperBackup allows Upload a Web Shell to a Web Server.This issue affects WP SuperBackup: from n/a through 2.3.3.
1 stars
CVSS 10.0
CVE-2024-50450 NOMISEC HIGH WORKING POC
Pluginus Wordpress Meta Data And Taxonomies Filter - Code Injection
Improper Control of Generation of Code ('Code Injection') vulnerability in realmag777 WordPress Meta Data and Taxonomies Filter (MDTF) allows Code Injection.This issue affects WordPress Meta Data and Taxonomies Filter (MDTF): from n/a through 1.3.3.4.
1 stars
CVSS 7.3
CVE-2024-5324 NOMISEC HIGH WORKING POC
WordPress Login/Signup Popup <2.7.2 - Info Disclosure
The Login/Signup Popup ( Inline Form + Woocommerce ) plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'import_settings' function in versions 2.7.1 to 2.7.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to change arbitrary options on affected sites. This can be used to enable new user registration and set the default role for new users to Administrator.
1 stars
CVSS 8.8
CVE-2024-9707 NOMISEC CRITICAL WORKING POC
Themehunk Hunk Companion < 1.8.5 - Missing Authorization
The Hunk Companion plugin for WordPress is vulnerable to unauthorized plugin installation/activation due to a missing capability check on the /wp-json/hc/v1/themehunk-import REST API endpoint in all versions up to, and including, 1.8.4. This makes it possible for unauthenticated attackers to install and activate arbitrary plugins which can be leveraged to achieve remote code execution if another vulnerable plugin is installed and activated.
1 stars
CVSS 9.8
CVE-2024-55988 NOMISEC CRITICAL WORKING POC
Amol Nirmala Waman Navayan CSV Export <1.0.9 - SQL Injection
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Amol Nirmala Waman Navayan CSV Export allows Blind SQL Injection.This issue affects Navayan CSV Export: from n/a through 1.0.9.
1 stars
CVSS 9.3
CVE-2024-8484 NOMISEC HIGH WORKING POC
WordPress <4.7.1 - SQL Injection
The REST API TO MiniProgram plugin for WordPress is vulnerable to SQL Injection via the 'order' parameter of the /wp-json/watch-life-net/v1/comment/getcomments REST API endpoint in all versions up to, and including, 4.7.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
1 stars
CVSS 7.5
CVE-2024-9106 NOMISEC CRITICAL WORKING POC
Wechat Social login plugin <1.3.0 - Auth Bypass
The Wechat Social login plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.3.0. This is due to insufficient verification on the user being supplied during the social login. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the user id. This is only exploitable if the app secret is not set, so it has a default empty value.
1 stars
CVSS 9.8
CVE-2024-7135 NOMISEC MEDIUM WORKING POC
Tainacan < 0.21.8 - Missing Authorization
The Tainacan plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'get_file' function in all versions up to, and including, 0.21.7. The function is also vulnerable to directory traversal. This makes it possible for authenticated attackers, with Subscriber-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information.
1 stars
CVSS 6.5
CVE-2024-9224 NOMISEC MEDIUM WORKING POC
Kau-boys Hello World < 2.2.0 - Path Traversal
The Hello World plugin for WordPress is vulnerable to Arbitrary File Reading in all versions up to, and including, 2.1.1 via the hello_world_lyric() function. This makes it possible for authenticated attackers, with subscriber-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information.
1 stars
CVSS 6.5
CVE-2024-7854 NOMISEC CRITICAL WORKING POC
Sjhoo Woo Inquiry - SQL Injection
The Woo Inquiry plugin for WordPress is vulnerable to SQL Injection in all versions up to, and including, 0.1 due to insufficient escaping on the user supplied parameter 'dbid' and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
1 stars
CVSS 10.0
CVE-2024-9821 NOMISEC HIGH WORKING POC
WooCommerce plugin <1.2.4 - Info Disclosure
The Bot for Telegram on WooCommerce plugin for WordPress is vulnerable to sensitive information disclosure due to missing authorization checks on the 'stm_wpcfto_get_settings' AJAX action in all versions up to, and including, 1.2.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to view the Telegram Bot Token, a secret token used to control the bot, which can then be used to log in as any existing user on the site, such as an administrator, if they know the username, due to the Login with Telegram feature.
1 stars
CVSS 8.8