RandomRobbieBF

184 exploits Active since Jun 2017
CVE-2024-54239 NOMISEC CRITICAL WORKING POC
dugudlabs Eyewear <4.0.18 - Privilege Escalation
Missing Authorization vulnerability in dugudlabs Eyewear prescription form allows Privilege Escalation.This issue affects Eyewear prescription form: from n/a through 4.0.18.
CVSS 9.8
CVE-2024-54262 NOMISEC CRITICAL WORKING POC
Siddharth Nagar Import Export For WooCommerce <1.5 - RCE
Unrestricted Upload of File with Dangerous Type vulnerability in Siddharth Nagar Import Export For WooCommerce allows Upload a Web Shell to a Web Server.This issue affects Import Export For WooCommerce: from n/a through 1.5.
CVSS 9.9
CVE-2024-54292 NOMISEC CRITICAL WORKING POC
Appsplate <2.1.3 - SQL Injection
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Appsplate Appsplate allows SQL Injection.This issue affects Appsplate: from n/a through 2.1.3.
CVSS 9.3
CVE-2024-54330 NOMISEC HIGH WORKING POC
Hep Hep Hurra <2.4 - SSRF
Server-Side Request Forgery (SSRF) vulnerability in Hep Hep Hurra (HHH) Hurrakify allows Server Side Request Forgery.This issue affects Hurrakify: from n/a through 2.4.
CVSS 7.2
CVE-2024-9290 NOMISEC CRITICAL WORKING POC
Super Backup & Clone - Migrate <2.3.3 - RCE
The Super Backup & Clone - Migrate for WordPress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation and a missing capability check on the ibk_restore_migrate_check() function in all versions up to, and including, 2.3.3. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.
CVSS 9.8
CVE-2024-9933 NOMISEC CRITICAL WORKING POC
WatchTowerHQ <3.9.6 - Auth Bypass
The WatchTowerHQ plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.9.6. This is due to the 'watchtower_ota_token' default value is empty, and the not empty check is missing in the 'Password_Less_Access::login' function. This makes it possible for unauthenticated attackers to log in to the WatchTowerHQ client administrator user.
CVSS 9.8
CVE-2024-9890 NOMISEC HIGH WORKING POC
WordPress User Toolkit <1.2.3 - Auth Bypass
The User Toolkit plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.2.3. This is due to an improper capability check in the 'switchUser' function. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to log in as any existing user on the site, such as an administrator.
CVSS 8.8
CVE-2024-50473 NOMISEC CRITICAL WORKING POC
Ajar in5 Embed <3.1.3 - RCE
Unrestricted Upload of File with Dangerous Type vulnerability in Ajar Productions Ajar in5 Embed allows Upload a Web Shell to a Web Server.This issue affects Ajar in5 Embed: from n/a through 3.1.3.
CVSS 10.0
CVE-2024-50475 NOMISEC CRITICAL WORKING POC
Scott Gamon Signup Page <1.0 - Privilege Escalation
Missing Authorization vulnerability in Scott Gamon Signup Page allows Privilege Escalation.This issue affects Signup Page: from n/a through 1.0.
CVSS 9.8
CVE-2024-50476 NOMISEC CRITICAL WORKING POC
GRÜN spendino Spendenformular <1.0.1 - Privilege Escalation
Missing Authorization vulnerability in GRÜN Software Group GmbH GRÜN spendino Spendenformular allows Privilege Escalation.This issue affects GRÜN spendino Spendenformular: from n/a through 1.0.1.
CVSS 9.8
CVE-2024-50477 NOMISEC CRITICAL WORKING POC
Stacksmarket Stacks Mobile App Builder - Missing Authentication
Authentication Bypass Using an Alternate Path or Channel vulnerability in Stacks Stacks Mobile App Builder stacks-mobile-app-builder allows Authentication Bypass.This issue affects Stacks Mobile App Builder: from n/a through 5.2.3.
CVSS 9.8
CVE-2024-50478 NOMISEC CRITICAL WORKING POC
Swoopnow 1-click Login - Authentication Bypass
Authentication Bypass by Primary Weakness vulnerability in Swoop 1-Click Login: Passwordless Authentication allows Authentication Bypass.This issue affects 1-Click Login: Passwordless Authentication: 1.4.5.
CVSS 9.8
CVE-2024-50482 NOMISEC CRITICAL WORKING POC
Chetan Khandla Woocommerce Product Design <1.0.0 - Code Injection
Unrestricted Upload of File with Dangerous Type vulnerability in Chetan Khandla Woocommerce Product Design allows Upload a Web Shell to a Web Server.This issue affects Woocommerce Product Design: from n/a through 1.0.0.
CVSS 10.0
CVE-2024-50485 NOMISEC CRITICAL WORKING POC
Udit Rawat Exam Matrix <1.5 - Privilege Escalation
: Incorrect Privilege Assignment vulnerability in Udit Rawat Exam Matrix allows Privilege Escalation.This issue affects Exam Matrix: from n/a through 1.5.
CVSS 9.8
CVE-2024-50488 NOMISEC HIGH WORKING POC
Priyabratasarkar Token Login < 1.0.3 - Missing Authentication
Authentication Bypass Using an Alternate Path or Channel vulnerability in Priyabrata Sarkar Token Login allows Authentication Bypass.This issue affects Token Login: from n/a through 1.0.3.
CVSS 8.8
CVE-2024-50490 NOMISEC CRITICAL WORKING POC
PegaPoll <1.0.2 - Info Disclosure
Missing Authorization vulnerability in Szabolcs Szecsenyi PegaPoll allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects PegaPoll: from n/a through 1.0.2.
CVSS 9.8
CVE-2024-50491 NOMISEC CRITICAL WORKING POC
Micahblu Rsvp ME < 1.9.9 - SQL Injection
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Micah Blu RSVP ME allows SQL Injection.This issue affects RSVP ME: from n/a through 1.9.9.
CVSS 9.3
CVE-2024-50493 NOMISEC CRITICAL WORKING POC
masterhomepage <1.0.4 - RCE
Unrestricted Upload of File with Dangerous Type vulnerability in masterhomepage Automatic Translation allows Upload a Web Shell to a Web Server.This issue affects Automatic Translation: from n/a through 1.0.4.
CVSS 10.0
CVE-2024-50507 NOMISEC CRITICAL WORKING POC
DS.DownloadList <1.3 - Code Injection
Deserialization of Untrusted Data vulnerability in Daniel Schmitzer DS.DownloadList allows Object Injection.This issue affects DS.DownloadList: from n/a through 1.3.
CVSS 9.8
CVE-2024-54363 NOMISEC CRITICAL WORKING POC
nssTheme Wp NssUser Register <1.0.0 - Privilege Escalation
Incorrect Privilege Assignment vulnerability in nssTheme Wp NssUser Register allows Privilege Escalation.This issue affects Wp NssUser Register: from n/a through 1.0.0.
CVSS 9.8
CVE-2024-50509 NOMISEC HIGH WORKING POC
Chetan Khandla Woocommerce Product Design <1.0.0 - Path Traversal
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Chetan Khandla Woocommerce Product Design allows Path Traversal.This issue affects Woocommerce Product Design: from n/a through 1.0.0.
CVSS 8.6
CVE-2024-50510 NOMISEC CRITICAL WORKING POC
Web and Print Design AR For Woocommerce <6.2 - RCE
Unrestricted Upload of File with Dangerous Type vulnerability in Web and Print Design AR For Woocommerce allows Upload a Web Shell to a Web Server.This issue affects AR For Woocommerce: from n/a through 6.2.
CVSS 10.0
CVE-2024-49607 NOMISEC CRITICAL WORKING POC
Redwan Hilali WP Dropbox Dropins - Unrestricted Upload
Unrestricted Upload of File with Dangerous Type vulnerability in Redwan Hilali WP Dropbox Dropins allows Upload a Web Shell to a Web Server.This issue affects WP Dropbox Dropins: from n/a through 1.0.
CVSS 10.0
CVE-2024-51818 NOMISEC CRITICAL WORKING POC
Fancy Product Designer <6.4.3 - SQL Injection
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in NotFound Fancy Product Designer. This issue affects Fancy Product Designer: from n/a through 6.4.3.
CVSS 9.3
CVE-2024-52380 NOMISEC CRITICAL WORKING POC
Picsmize <1.0.0 - Code Injection
Unrestricted Upload of File with Dangerous Type vulnerability in Softpulse Infotech Picsmize allows Upload a Web Shell to a Web Server.This issue affects Picsmize: from n/a through 1.0.0.
CVSS 10.0