RandomRobbieBF

184 exploits Active since Jun 2017
CVE-2024-11423 NOMISEC HIGH WORKING POC
The Ultimate Gift Cards for WooCommerce <3.0.6 - Info Disclosure
The Ultimate Gift Cards for WooCommerce – Create WooCommerce Gift Cards, Gift Vouchers, Redeem & Manage Digital Gift Coupons. Offer Gift Certificates, Schedule Gift Cards, and Use Advance Coupons With Personalized Templates plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several REST API endpoints such as /wp-json/gifting/recharge-giftcard in all versions up to, and including, 3.0.6. This makes it possible for unauthenticated attackers to recharge a gift card balance, without making a payment along with reducing gift card balances without purchasing anything.
2 stars
CVSS 7.5
CVE-2024-0679 NOMISEC MEDIUM WORKING POC
ColorMag <3.1.2 - Privilege Escalation
The ColorMag theme for WordPress is vulnerable to unauthorized access due to a missing capability check on the plugin_action_callback() function in all versions up to, and including, 3.1.2. This makes it possible for authenticated attackers, with subscriber-level access and above, to install and activate arbitrary plugins.
2 stars
CVSS 6.5
CVE-2023-6700 NOMISEC HIGH WORKING POC
Free GDPR Consent Solution <= 2.0.22 - Authenticated Arbitrary Option Update
The Cookie Information | Free GDPR Consent Solution plugin for WordPress is vulnerable to arbitrary option updates due to a missing capability check on its AJAX request handler in versions up to, and including, 2.0.22. This makes it possible for authenticated attackers, with subscriber-level access or higher, to edit arbitrary site options which can be used to create administrator accounts.
2 stars
CVSS 8.8
CVE-2024-12025 NOMISEC HIGH WRITEUP
Collapsing Categories <3.0.8 - SQL Injection
The Collapsing Categories plugin for WordPress is vulnerable to SQL Injection via the 'taxonomy' parameter of the /wp-json/collapsing-categories/v1/get REST API in all versions up to, and including, 3.0.8 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
2 stars
CVSS 7.5
CVE-2023-32243 NOMISEC CRITICAL WORKING POC
Essential Addons for Elementor 5.4.0-5.7.1 - Unauthenticated Privilege Escalation via Arbitrary Password Reset
Improper Authentication vulnerability in WPDeveloper Essential Addons for Elementor allows Privilege Escalation. This issue affects Essential Addons for Elementor: from 5.4.0 through 5.7.1.
2 stars
CVSS 9.8
CVE-2023-2877 NOMISEC HIGH WORKING POC
Formidable Forms < 6.3.1 - Unauthenticated Arbitrary Plugin Installation and Remote Code Execution
The Formidable Forms WordPress plugin before 6.3.1 does not adequately authorize the user or validate the plugin URL in its functionality for installing add-ons. This allows a user with a role as low as Subscriber to install and activate arbitrary plugins of arbitrary versions from the WordPress.org plugin repository onto the site, leading to Remote Code Execution.
2 stars
CVSS 8.8
CVE-2023-0630 NOMISEC HIGH WORKING POC
Slimstat Analytics < 4.9.3.3 - Authenticated SQL Injection via Shortcode Attribute Concatenation
The Slimstat Analytics WordPress plugin before 4.9.3.3 does not prevent subscribers from rendering shortcodes that concatenates attributes directly into an SQL query.
2 stars
CVSS 8.8
CVE-2025-5701 NOMISEC HIGH WORKING POC
HyperComments <1.2.2 - Privilege Escalation
The HyperComments plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the hc_request_handler function in all versions up to, and including, 1.2.2. This makes it possible for unauthenticated attackers to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site.
1 stars
CVSS 8.8
CVE-2025-22954 NOMISEC CRITICAL WORKING POC
Koha < 24.11.02 - SQL Injection via lateissues-export.pl supplierid or serialid Parameter
GetLateOrMissingIssues in C4/Serials.pm in Koha before 24.11.02 allows SQL Injection in /serials/lateissues-export.pl via the supplierid or serialid parameter.
1 stars
CVSS 10.0
CVE-2024-4875 NOMISEC MEDIUM WORKING POC
HT Mega < 2.5.3 - Authenticated Data Modification via Missing Capability Check
The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to unauthorized modification of data|loss of data due to a missing capability check on the 'ajax_dismiss' function in versions up to, and including, 2.5.2. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to update options such as users_can_register, which can lead to unauthorized user registration.
1 stars
CVSS 4.3
CVE-2024-52429 NOMISEC CRITICAL WORKING POC
WP Quick Setup <= 2.0 - Unauthenticated Arbitrary File Upload via Plugin/Theme Installation
Unrestricted Upload of File with Dangerous Type vulnerability in AntonHoelstad WP Quick Setup wp-quick-setup allows Upload a Web Shell to a Web Server.This issue affects WP Quick Setup: from n/a through <= 2.0.
1 stars
CVSS 9.9
CVE-2024-9822 NOMISEC CRITICAL WORKING POC
Pedalo Connector <= 2.0.5 - Unauthenticated Authentication Bypass via login_admin_user Function
The Pedalo Connector plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.0.5. This is due to insufficient restriction on the 'login_admin_user' function. This makes it possible for unauthenticated attackers to log to the first user, who is usually the administrator, or if it does not exist, then to the first administrator.
1 stars
CVSS 9.8
CVE-2024-7514 NOMISEC MEDIUM WORKING POC
WordPress Comments Import & Export <2.3.7 - Info Disclosure
The WordPress Comments Import & Export plugin for WordPress is vulnerable to to arbitrary file read due to insufficient file path validation during the comments import process, in versions up to, and including, 2.3.7. This makes it possible for authenticated attackers, with Author-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information. The issue was partially fixed in version 2.3.8 and fully fixed in 2.3.9
1 stars
CVSS 6.5
CVE-2024-51665 NOMISEC MEDIUM WORKING POC
Noor alam Magical Addons For Elementor <1.2.1 - SSRF
Server-Side Request Forgery (SSRF) vulnerability in Noor Alam Magical Addons For Elementor magical-addons-for-elementor allows Server Side Request Forgery.This issue affects Magical Addons For Elementor: from n/a through <= 1.2.1.
1 stars
CVSS 4.9
CVE-2024-56064 NOMISEC CRITICAL WORKING POC
Azzaroco WP SuperBackup <2.3.3 - Code Injection
Unrestricted Upload of File with Dangerous Type vulnerability in azzaroco WP SuperBackup indeed-wp-superbackup allows Upload a Web Shell to a Web Server.This issue affects WP SuperBackup: from n/a through <= 2.3.3.
1 stars
CVSS 10.0
CVE-2024-50450 NOMISEC HIGH WORKING POC
Pluginus Wordpress Meta Data And Taxonomies Filter - Code Injection
Improper Control of Generation of Code ('Code Injection') vulnerability in RealMag777 MDTF wp-meta-data-filter-and-taxonomy-filter allows Code Injection.This issue affects MDTF: from n/a through <= 1.3.3.4.
1 stars
CVSS 7.3
CVE-2024-5324 NOMISEC HIGH WORKING POC
WordPress Login/Signup Popup <2.7.2 - Info Disclosure
Multiple plugins for WordPress utilizing the XootiX Framework are vulnerable to unauthorized modification of data due to a missing capability check on the 'import_settings' function in various versions. This makes it possible for authenticated attackers, with Subscriber-level access and above, to change arbitrary options on affected sites. This can be used to enable new user registration and set the default role for new users to Administrator.
1 stars
CVSS 8.8
CVE-2024-9707 NOMISEC CRITICAL WORKING POC
Hunk Companion <= 1.8.4 - Unauthenticated Arbitrary Plugin Installation and Activation via REST API
The Hunk Companion plugin for WordPress is vulnerable to unauthorized plugin installation/activation due to a missing capability check on the /wp-json/hc/v1/themehunk-import REST API endpoint in all versions up to, and including, 1.8.4. This makes it possible for unauthenticated attackers to install and activate arbitrary plugins which can be leveraged to achieve remote code execution if another vulnerable plugin is installed and activated.
1 stars
CVSS 9.8
CVE-2024-55988 NOMISEC CRITICAL WORKING POC
Amol Nirmala Waman Navayan CSV Export <1.0.9 - SQL Injection
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Amol Nirmala Waman Navayan CSV Export navayan-csv-export allows Blind SQL Injection.This issue affects Navayan CSV Export: from n/a through <= 1.0.9.
1 stars
CVSS 9.3
CVE-2024-8484 NOMISEC HIGH WORKING POC
REST API TO MiniProgram < 4.7.1 - Unauthenticated SQL Injection via Order Parameter
The REST API TO MiniProgram plugin for WordPress is vulnerable to SQL Injection via the 'order' parameter of the /wp-json/watch-life-net/v1/comment/getcomments REST API endpoint in all versions up to, and including, 4.7.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
1 stars
CVSS 7.5
CVE-2024-9106 NOMISEC CRITICAL WORKING POC
Wechat Social login plugin <1.3.0 - Auth Bypass
The Wechat Social login plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.3.0. This is due to insufficient verification on the user being supplied during the social login. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the user id. This is only exploitable if the app secret is not set, so it has a default empty value.
1 stars
CVSS 9.8
CVE-2024-7135 NOMISEC MEDIUM WORKING POC
Tainacan <= 0.21.7 - Authenticated Arbitrary File Read via Missing Authorization in get_file Function
The Tainacan plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'get_file' function in all versions up to, and including, 0.21.7. The function is also vulnerable to directory traversal. This makes it possible for authenticated attackers, with Subscriber-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information.
1 stars
CVSS 6.5
CVE-2024-9224 NOMISEC MEDIUM WORKING POC
Hello World < 2.1.1 - Authenticated Arbitrary File Read via hello_world_lyric()
The Hello World plugin for WordPress is vulnerable to Arbitrary File Reading in all versions up to, and including, 2.1.1 via the hello_world_lyric() function. This makes it possible for authenticated attackers, with subscriber-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information.
1 stars
CVSS 6.5
CVE-2024-7854 NOMISEC CRITICAL WORKING POC
Woo Inquiry <= 0.1 - Unauthenticated SQL Injection via dbid Parameter
The Woo Inquiry plugin for WordPress is vulnerable to SQL Injection in all versions up to, and including, 0.1 due to insufficient escaping on the user supplied parameter 'dbid' and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
1 stars
CVSS 10.0
CVE-2024-9821 NOMISEC HIGH WORKING POC
WooCommerce plugin <1.2.4 - Info Disclosure
The Bot for Telegram on WooCommerce plugin for WordPress is vulnerable to sensitive information disclosure due to missing authorization checks on the 'stm_wpcfto_get_settings' AJAX action in all versions up to, and including, 1.2.7. This makes it possible for authenticated attackers, with subscriber-level access and above, to view the Telegram Bot Token, a secret token used to control the bot, which can then be used to log in as any existing user on the site, such as an administrator, if they know the username, due to the Login with Telegram feature.
1 stars
CVSS 8.8