RandomRobbieBF

184 exploits Active since Jun 2017
CVE-2024-43998 NOMISEC MEDIUM WORKING POC
WebsiteinWP Blogpoet <= 1.0.3 - Missing Authorization
Missing Authorization vulnerability in WebsiteinWP Blogpoet allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Blogpoet: from n/a through 1.0.3.
1 stars
CVSS 6.5
CVE-2024-43965 NOMISEC HIGH WORKING POC
Smackcoders SendGrid for WordPress <= 1.4 - SQL Injection
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Smackcoders SendGrid for WordPress allows SQL Injection.This issue affects SendGrid for WordPress: from n/a through 1.4.
1 stars
CVSS 8.2
CVE-2024-1380 NOMISEC MEDIUM WORKING POC
Relevanssi < 4.22.1 and Relevanssi Premium < 2.25.0 - Unauthenticated Query Log Data Export
The Relevanssi – A Better Search plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the relevanssi_export_log_check() function in all versions up to, and including, 4.22.0 (Free) and 2.25.0 (Premium). This makes it possible for unauthenticated attackers to export the query log data. The vendor has indicated that they may look into adding a capability check for proper authorization control, however, this vulnerability is theoretically patched as is.
1 stars
CVSS 5.3
CVE-2024-10586 NOMISEC CRITICAL WORKING POC
Debug Tool < 2.2 - Unauthenticated Arbitrary File Creation via dbt_pull_image()
The Debug Tool plugin for WordPress is vulnerable to arbitrary file creation due to a missing capability check on the dbt_pull_image() function and missing file type validation in all versions up to, and including, 2.2. This makes it possible for unauthenticated attackers to to create arbitrary files such as .php files that can be leveraged for remote code execution. CVE-2024-52416 may be a duplicate of this issue.
1 stars
CVSS 9.8
CVE-2024-10245 NOMISEC CRITICAL WORKING POC
Relais 2FA plugin <1.0 - Auth Bypass
The Relais 2FA plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.0. This is due to incorrect authentication and capability checking in the 'rl_do_ajax' function. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the email.
1 stars
CVSS 9.8
CVE-2024-0368 NOMISEC HIGH WRITEUP
Hustle - Email Marketing - Info Disclosure
The Hustle – Email Marketing, Lead Generation, Optins, Popups plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.8.3 via hardcoded API Keys. This makes it possible for unauthenticated attackers to extract sensitive data including PII.
1 stars
CVSS 8.6
CVE-2023-6985 NOMISEC MEDIUM WORKING POC
10Web AI Assistant < 1.0.18 - Authenticated Arbitrary Plugin Installation via Missing Capability Check
The 10Web AI Assistant – AI content writing assistant plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the install_plugin AJAX action in all versions up to, and including, 1.0.18. This makes it possible for authenticated attackers, with subscriber-level access and above, to install arbitrary plugins that can be used to gain further access to a compromised site.
1 stars
CVSS 6.5
CVE-2023-6421 NOMISEC HIGH WORKING POC
WordPress Download Mgr <3.2.83 - Info Disclosure
The Download Manager WordPress plugin before 3.2.83 does not protect file download's passwords, leaking it upon receiving an invalid one.
1 stars
CVSS 7.5
CVE-2024-25092 NOMISEC HIGH WORKING POC
XLPlugins NextMove Lite <2.17.0 - Info Disclosure
Missing Authorization vulnerability in XLPlugins NextMove Lite.This issue affects NextMove Lite: from n/a through 2.17.0.
1 stars
CVSS 8.8
CVE-2024-12209 NOMISEC CRITICAL WORKING POC
WP Umbrella: Update Backup Restore & Monitoring <= 2.17.0 - Local File Inclusion
The WP Umbrella: Update Backup Restore & Monitoring plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.17.0 via the 'filename' parameter of the 'umbrella-restore' action. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included.
1 stars
CVSS 9.8
CVE-2024-2387 NOMISEC MEDIUM WORKING POC
Advanced Form Integration - SQL Injection
The Advanced Form Integration – Connect WooCommerce and Contact Form 7 to Google Sheets and other platforms plugin for WordPress is vulnerable to SQL Injection via the ‘integration_id’ parameter in all versions up to, and including, 1.82.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries and subsequently inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
1 stars
CVSS 6.1
CVE-2024-13800 NOMISEC HIGH WORKING POC
ConvertPlus <= 3.5.30 - Authenticated Denial of Service via cp_dismiss_notice AJAX Endpoint
The ConvertPlus plugin for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of service due to a missing capability check on the 'cp_dismiss_notice' AJAX endpoint in all versions up to, and including, 3.5.30. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update option values to '1' on the WordPress site. This can be leveraged to update an option that would create an error on the site and deny service to legitimate users or be used to set some values to true such as registration.
1 stars
CVSS 8.1
CVE-2023-51409 NOMISEC CRITICAL WORKING POC
Jordy Meow AI Engine: ChatGPT Chatbot <= 1.9.98 - Unauthenticated Arbitrary File Upload
Unrestricted Upload of File with Dangerous Type vulnerability in Jordy Meow AI Engine: ChatGPT Chatbot.This issue affects AI Engine: ChatGPT Chatbot: from n/a through 1.9.98.
1 stars
CVSS 10.0
CVE-2023-47529 NOMISEC MEDIUM WORKING POC
ThemeIsle Cloud Templates & Patterns collection <= 1.2.2 - Exposure of Sensitive Information via Log File
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in ThemeIsle Cloud Templates & Patterns collection.This issue affects Cloud Templates & Patterns collection: from n/a through 1.2.2.
1 stars
CVSS 5.3
CVE-2023-46615 NOMISEC MEDIUM WORKING POC
KD Coming Soon < 1.7 - PHP Object Injection via Untrusted Data Deserialization
Deserialization of Untrusted Data vulnerability in Kalli Dan. KD Coming Soon.This issue affects KD Coming Soon: from n/a through 1.7.
1 stars
CVSS 5.4
CVE-2023-30486 NOMISEC MEDIUM WORKING POC
HashThemes Square <2.0.0 - Info Disclosure
Missing Authorization vulnerability in HashThemes Square allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Square: from n/a through 2.0.0.
1 stars
CVSS 4.3
CVE-2023-1405 NOMISEC HIGH WORKING POC
Formidable Forms <6.2 - Code Injection
The Formidable Forms WordPress plugin before 6.2 unserializes user input, which could allow anonymous users to perform PHP Object Injection when a suitable gadget is present.
1 stars
CVSS 7.5
CVE-2022-0439 NOMISEC HIGH WORKING POC
Email Subscribers & Newsletters <5.3.2 - SQL Injection
The Email Subscribers & Newsletters WordPress plugin before 5.3.2 does not correctly escape the `order` and `orderby` parameters to the `ajax_fetch_report_list` action, making it vulnerable to blind SQL injection attacks by users with roles as low as Subscriber. Further, it does not have any CSRF protection in place for the action, allowing an attacker to trick any logged in user to perform the action by clicking a link.
1 stars
CVSS 8.8
CVE-2021-24647 NOMISEC HIGH WORKING POC
Pie Register < 3.7.1.6 - Unauthenticated User Impersonation via Social Login
The Registration Forms – User profile, Content Restriction, Spam Protection, Payment Gateways, Invitation Codes WordPress plugin before 3.1.7.6 has a flaw in the social login implementation, allowing unauthenticated attacker to login as any user on the site by only knowing their user ID or username
1 stars
CVSS 8.1
CVE-2020-36730 NOMISEC HIGH WORKING POC
CMP by NiteoThemes <= 3.8.1 - Unauthenticated Authorization Bypass
The CMP for WordPress is vulnerable to authorization bypass due to a missing capability check on the cmp_get_post_detail(), niteo_export_csv(), and cmp_disable_comingsoon_ajax() functions in versions up to, and including, 3.8.1. This makes it possible for unauthenticated attackers to read posts, export subscriber lists, and/or deactivate the plugin.
1 stars
CVSS 8.3
CVE-2021-24959 NOMISEC HIGH WORKING POC
WP Email Users <1.7.6 - SQL Injection
The WP Email Users WordPress plugin through 1.7.6 does not escape the data_raw parameter in the weu_selected_users_1 AJAX action, available to any authenticated users, allowing them to perform SQL injection attacks.
1 stars
CVSS 8.8
CVE-2020-12077 NOMISEC HIGH WORKING POC
MapPress < 2.53.9 - Unauthenticated Remote Code Execution via AJAX Function
The mappress-google-maps-for-wordpress plugin before 2.53.9 for WordPress does not correctly implement AJAX functions with nonces (or capability checks), leading to remote code execution.
1 stars
CVSS 8.8
CVE-2017-9841 GITLAB CRITICAL SCANNER
PHPUnit < 4.8.28 and 5.x < 5.6.3 - Remote Code Execution via HTTP POST Data
Util/PHP/eval-stdin.php in PHPUnit before 4.8.28 and 5.x before 5.6.3 allows remote attackers to execute arbitrary PHP code via HTTP POST data beginning with a "<?php " substring, as demonstrated by an attack on a site with an exposed /vendor folder, i.e., external access to the /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php URI.
CVSS 9.8
CVE-2024-4041 GITHUB MEDIUM WORKING POC
Yoast SEO <= 22.5 - Unauthenticated Reflected Cross-Site Scripting via URL Parameter
The Yoast SEO plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via URLs in all versions up to, and including, 22.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
CVSS 6.1
CVE-2025-6970 NOMISEC HIGH WORKING POC
Events Manager <= 7.0.3 - Unauthenticated Time-Based SQL Injection via Orderby Parameter
The Events Manager – Calendar, Bookings, Tickets, and more! plugin for WordPress is vulnerable to time-based SQL Injection via the ‘orderby’ parameter in all versions up to, and including, 7.0.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
CVSS 7.5