RandomRobbieBF

184 exploits Active since Jun 2017
CVE-2025-6970 NOMISEC HIGH WORKING POC
Pixelite Events Manager < 6.6.5 - SQL Injection
The Events Manager – Calendar, Bookings, Tickets, and more! plugin for WordPress is vulnerable to time-based SQL Injection via the ‘orderby’ parameter in all versions up to, and including, 7.0.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
CVSS 7.5
CVE-2025-4578 NOMISEC CRITICAL WORKING POC
Dimdavid File Provider < 1.2.3 - SQL Injection
The File Provider WordPress plugin through 1.2.3 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection
CVSS 9.8
CVE-2025-54726 NOMISEC CRITICAL WORKING POC
Miguel Useche JS Archive List - SQL Injection
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Miguel Useche JS Archive List allows SQL Injection. This issue affects JS Archive List: from n/a through n/a.
CVSS 9.3
CVE-2025-5287 NOMISEC HIGH WORKING POC
Likes and Dislikes Plugin <1.0.0 - SQL Injection
The Likes and Dislikes Plugin plugin for WordPress is vulnerable to SQL Injection via the 'post' parameter in all versions up to, and including, 1.0.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
CVSS 7.5
CVE-2025-4840 NOMISEC HIGH WORKING POC
Erumfaham Likes And Dislikes < 1.0.0 - SQL Injection
The inprosysmedia-likes-dislikes-post WordPress plugin through 1.0.0 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection
CVSS 7.5
CVE-2025-22785 NOMISEC CRITICAL WORKING POC
ComMotion Course Booking System <6.0.5 - SQL Injection
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ComMotion Course Booking System allows SQL Injection.This issue affects Course Booking System: from n/a through 6.0.5.
CVSS 9.3
CVE-2025-25163 NOMISEC HIGH WORKING POC
Zach Swetz Plugin A/B Image Optimizer <3.3 - Path Traversal
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Zach Swetz Plugin A/B Image Optimizer allows Path Traversal. This issue affects Plugin A/B Image Optimizer: from n/a through 3.3.
CVSS 7.5
CVE-2025-22777 NOMISEC CRITICAL WORKING POC
Givewp < 3.19.4 - Insecure Deserialization
Deserialization of Untrusted Data vulnerability in GiveWP GiveWP allows Object Injection.This issue affects GiveWP: from n/a through 3.19.3.
CVSS 9.8
CVE-2024-55981 NOMISEC CRITICAL WORKING POC
Nabz Image Gallery <v1.00 - SQL Injection
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Nabajit Roy Nabz Image Gallery allows SQL Injection.This issue affects Nabz Image Gallery: from n/a through v1.00.
CVSS 9.3
CVE-2024-55982 NOMISEC CRITICAL WORKING POC
Richteam Share Buttons - SQL Injection
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in richteam Share Buttons – Social Media allows Blind SQL Injection.This issue affects Share Buttons – Social Media: from n/a through 1.0.2.
CVSS 9.3
CVE-2024-50427 NOMISEC CRITICAL WORKING POC
SurveyJS: Drag & Drop WordPress Form Builder <1.9.136 - Unrestricte...
Unrestricted Upload of File with Dangerous Type vulnerability in Devsoft Baltic OÜ SurveyJS: Drag & Drop WordPress Form Builder.This issue affects SurveyJS: Drag & Drop WordPress Form Builder: from n/a through 1.9.136.
CVSS 9.9
CVE-2024-56058 NOMISEC CRITICAL WORKING POC
Gueststream VRPConnector <2.0.1 - Code Injection
Deserialization of Untrusted Data vulnerability in Gueststream VRPConnector allows Object Injection.This issue affects VRPConnector: from n/a through 2.0.1.
CVSS 9.8
CVE-2024-56059 NOMISEC CRITICAL WORKING POC
Mighty Digital Partners <0.2.0 - Code Injection
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') vulnerability in Mighty Digital Partners allows Object Injection.This issue affects Partners: from n/a through 0.2.0.
CVSS 9.8
CVE-2024-56067 NOMISEC HIGH WORKING POC
Azzaroco WP SuperBackup <2.3.3 - Info Disclosure
Missing Authorization vulnerability in Azzaroco WP SuperBackup allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP SuperBackup: from n/a through 2.3.3.
CVSS 7.5
CVE-2024-6330 NOMISEC CRITICAL WORKING POC
GEO my WP <4.5.0.2 - RCE
The GEO my WP WordPress plugin before 4.5.0.2 does not prevent unauthenticated attackers from including arbitrary files in PHP's execution context, which leads to Remote Code Execution.
CVSS 9.8
CVE-2024-50508 NOMISEC HIGH WORKING POC
Chetan Khandla Woocommerce Product Design <1.0.0 - Path Traversal
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Chetan Khandla Woocommerce Product Design allows Path Traversal.This issue affects Woocommerce Product Design: from n/a through 1.0.0.
CVSS 7.5
CVE-2024-54369 NOMISEC CRITICAL WORKING POC
ThemeHunk Zita Site Builder <1.0.2 - Info Disclosure
Missing Authorization vulnerability in ThemeHunk Zita Site Builder allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Zita Site Builder: from n/a through 1.0.2.
CVSS 9.1
CVE-2024-54374 NOMISEC HIGH WRITEUP
Sogrid <1.5.6 - Path Traversal
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Sabri Taieb Sogrid allows PHP Local File Inclusion.This issue affects Sogrid: from n/a through 1.5.6.
CVSS 7.5
CVE-2024-54378 NOMISEC HIGH WORKING POC
Quietly Quietly Insights <1.2.2 - Privilege Escalation
Missing Authorization vulnerability in Quietly Quietly Insights allows Privilege Escalation.This issue affects Quietly Insights: from n/a through 1.2.2.
CVSS 8.8
CVE-2024-54379 NOMISEC HIGH WORKING POC
Blokhaus Minterpress <1.0.5 - Privilege Escalation
Missing Authorization vulnerability in Blokhaus Minterpress allows Privilege Escalation.This issue affects Minterpress: from n/a through 1.0.5.
CVSS 8.8
CVE-2024-54385 NOMISEC HIGH WORKING POC
SoftLab Radio Player <2.0.82 - SSRF
Server-Side Request Forgery (SSRF) vulnerability in SoftLab Radio Player allows Server Side Request Forgery.This issue affects Radio Player: from n/a through 2.0.82.
CVSS 7.2
CVE-2024-55972 NOMISEC CRITICAL WORKING POC
eTemplates <0.2.1 - SQL Injection
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Chris Carvache eTemplates allows SQL Injection.This issue affects eTemplates: from n/a through 0.2.1.
CVSS 9.3
CVE-2024-55976 NOMISEC CRITICAL WORKING POC
Mike Leembruggen Critical Site Intel <1.0 - SQL Injection
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Mike Leembruggen Critical Site Intel allows SQL Injection.This issue affects Critical Site Intel: from n/a through 1.0.
CVSS 9.3
CVE-2024-55978 NOMISEC CRITICAL WORKING POC
WalletStation.com Code Generator Pro - SQL Injection
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WalletStation.com Code Generator Pro allows SQL Injection.This issue affects Code Generator Pro: from n/a through 1.2.
CVSS 9.3
CVE-2024-55980 NOMISEC CRITICAL WORKING POC
Webriderz Wr Age Verification <2.0.0 - SQL Injection
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Webriderz Wr Age Verification allows SQL Injection.This issue affects Wr Age Verification: from n/a through 2.0.0.
CVSS 9.3