RandomRobbieBF

184 exploits Active since Jun 2017
CVE-2024-54239 NOMISEC CRITICAL WORKING POC
dugudlabs Eyewear <4.0.18 - Privilege Escalation
Missing Authorization vulnerability in dugudlabs Eyewear prescription form eyewear-prescription-form allows Privilege Escalation.This issue affects Eyewear prescription form: from n/a through <= 4.0.18.
CVSS 9.8
CVE-2024-54262 NOMISEC CRITICAL WORKING POC
Siddharth Nagar Import Export For WooCommerce <1.5 - RCE
Unrestricted Upload of File with Dangerous Type vulnerability in sidngr Import Export For WooCommerce import-export-for-woocommerce allows Upload a Web Shell to a Web Server.This issue affects Import Export For WooCommerce: from n/a through <= 1.6.2.
CVSS 9.9
CVE-2024-54292 NOMISEC CRITICAL WORKING POC
Appsplate <= 2.1.3 - SQL Injection
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in appsplate Appsplate appsplate allows SQL Injection.This issue affects Appsplate: from n/a through <= 2.1.3.
CVSS 9.3
CVE-2024-54330 NOMISEC HIGH WORKING POC
Hurrakify <= 2.4 - Server-Side Request Forgery
Server-Side Request Forgery (SSRF) vulnerability in hurraki Hurrakify hurrakify allows Server Side Request Forgery.This issue affects Hurrakify: from n/a through <= 2.4.
CVSS 7.2
CVE-2024-9290 NOMISEC CRITICAL WORKING POC
Super Backup & Clone - Migrate <2.3.3 - RCE
The Super Backup & Clone - Migrate for WordPress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation and a missing capability check on the ibk_restore_migrate_check() function in all versions up to, and including, 2.3.3. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.
CVSS 9.8
CVE-2024-9933 NOMISEC CRITICAL WORKING POC
WatchTowerHQ <= 3.10.1 - Unauthenticated Authentication Bypass via Empty OTA Token
The WatchTowerHQ plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.10.1. This is due to the 'watchtower_ota_token' default value is empty, and the not empty check is missing in the 'Password_Less_Access::login' function. This makes it possible for unauthenticated attackers to log in to the WatchTowerHQ client administrator user.
CVSS 9.8
CVE-2024-9890 NOMISEC HIGH WORKING POC
WordPress User Toolkit <1.2.3 - Auth Bypass
The User Toolkit plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.2.3. This is due to an improper capability check in the 'switchUser' function. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to log in as any existing user on the site, such as an administrator. CVE-2024-50503 may be a duplicate.
CVSS 8.8
CVE-2024-50473 NOMISEC CRITICAL WORKING POC
Ajar in5 Embed <= 3.1.3 - Unauthenticated Arbitrary File Upload
Unrestricted Upload of File with Dangerous Type vulnerability in Ajar Productions Ajar in5 Embed ajar-productions-in5-embed allows Upload a Web Shell to a Web Server.This issue affects Ajar in5 Embed: from n/a through <= 3.1.3.
CVSS 10.0
CVE-2024-50475 NOMISEC CRITICAL WORKING POC
Scott Gamon Signup Page <1.0 - Privilege Escalation
Missing Authorization vulnerability in Scott Gamon Signup Page signup-page allows Privilege Escalation.This issue affects Signup Page: from n/a through <= 1.0.
CVSS 9.8
CVE-2024-50476 NOMISEC CRITICAL WORKING POC
GRÜN spendino Spendenformular <1.0.1 - Privilege Escalation
Missing Authorization vulnerability in GRÜN Software Group GmbH GRÜN spendino Spendenformular spendino allows Privilege Escalation.This issue affects GRÜN spendino Spendenformular: from n/a through <= 1.0.1.
CVSS 9.8
CVE-2024-50477 NOMISEC CRITICAL WORKING POC
Stacks Mobile App Builder <= 5.2.3 - Authentication Bypass
Authentication Bypass Using an Alternate Path or Channel vulnerability in Stacks Stacks Mobile App Builder stacks-mobile-app-builder allows Authentication Bypass.This issue affects Stacks Mobile App Builder: from n/a through <= 5.2.3.
CVSS 9.8
CVE-2024-50478 NOMISEC CRITICAL WORKING POC
Swoop 1-Click Login: Passwordless Authentication 1.4.5 - Authentication Bypass
Authentication Bypass by Primary Weakness vulnerability in Swoop 1-Click Login: Passwordless Authentication allows Authentication Bypass.This issue affects 1-Click Login: Passwordless Authentication: 1.4.5.
CVSS 9.8
CVE-2024-50482 NOMISEC CRITICAL WORKING POC
Chetan Khandla Woocommerce Product Design <1.0.0 - Code Injection
Unrestricted Upload of File with Dangerous Type vulnerability in Chetan Khandla Woocommerce Product Design woo-product-design allows Upload a Web Shell to a Web Server.This issue affects Woocommerce Product Design: from n/a through <= 1.0.0.
CVSS 10.0
CVE-2024-50485 NOMISEC CRITICAL WORKING POC
Udit Rawat Exam Matrix <1.5 - Privilege Escalation
Incorrect Privilege Assignment vulnerability in Udit Rawat Exam Matrix exam-matrix allows Privilege Escalation.This issue affects Exam Matrix: from n/a through <= 1.5.
CVSS 9.8
CVE-2024-50488 NOMISEC HIGH WORKING POC
Token Login <= 1.0.3 - Authentication Bypass
Authentication Bypass Using an Alternate Path or Channel vulnerability in yespbs Token Login token-login allows Authentication Bypass.This issue affects Token Login: from n/a through <= 1.0.3.
CVSS 8.8
CVE-2024-50490 NOMISEC CRITICAL WORKING POC
PegaPoll <= 1.0.2 - Missing Authorization
Missing Authorization vulnerability in lowcage PegaPoll pegapoll allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects PegaPoll: from n/a through <= 1.0.2.
CVSS 9.8
CVE-2024-50491 NOMISEC CRITICAL WORKING POC
MicahBlu RSVP ME < 1.9.9 - SQL Injection
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in MicahBlu RSVP ME rsvp-me allows SQL Injection.This issue affects RSVP ME: from n/a through <= 1.9.9.
CVSS 9.3
CVE-2024-50493 NOMISEC CRITICAL WORKING POC
Automatic Translation <= 1.0.4 - Arbitrary File Upload
Unrestricted Upload of File with Dangerous Type vulnerability in masterhomepage Automatic Translation automatic-translation allows Upload a Web Shell to a Web Server.This issue affects Automatic Translation: from n/a through <= 1.0.4.
CVSS 10.0
CVE-2024-50507 NOMISEC CRITICAL WORKING POC
DS.DownloadList <1.3 - Code Injection
Deserialization of Untrusted Data vulnerability in Daschmi DS.DownloadList dsdownloadlist allows Object Injection.This issue affects DS.DownloadList: from n/a through <= 1.3.
CVSS 9.8
CVE-2024-54363 NOMISEC CRITICAL WORKING POC
nssTheme Wp NssUser Register <1.0.0 - Privilege Escalation
Incorrect Privilege Assignment vulnerability in saiful.total Wp NssUser Register wp-nssuser-register allows Privilege Escalation.This issue affects Wp NssUser Register: from n/a through <= 1.0.0.
CVSS 9.8
CVE-2024-50509 NOMISEC HIGH WORKING POC
Chetan Khandla Woocommerce Product Design <1.0.0 - Path Traversal
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Chetan Khandla Woocommerce Product Design woo-product-design allows Path Traversal.This issue affects Woocommerce Product Design: from n/a through <= 1.0.0.
CVSS 8.6
CVE-2024-50510 NOMISEC CRITICAL WORKING POC
Web and Print Design AR For Woocommerce <6.2 - RCE
Unrestricted Upload of File with Dangerous Type vulnerability in webandprint AR For Woocommerce ar-for-woocommerce allows Upload a Web Shell to a Web Server.This issue affects AR For Woocommerce: from n/a through <= 6.3.
CVSS 10.0
CVE-2024-49607 NOMISEC CRITICAL WORKING POC
Redwan Hilali WP Dropbox Dropins - Unrestricted Upload
Unrestricted Upload of File with Dangerous Type vulnerability in redhopit WP Dropbox Dropins wp-dropbox-dropins allows Upload a Web Shell to a Web Server.This issue affects WP Dropbox Dropins: from n/a through <= 1.0.
CVSS 10.0
CVE-2024-51818 NOMISEC CRITICAL WORKING POC
Fancy Product Designer <6.4.3 - SQL Injection
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in radykal Fancy Product Designer fancy-product-designer.This issue affects Fancy Product Designer: from n/a through <= 6.4.3.
CVSS 9.3
CVE-2024-52380 NOMISEC CRITICAL WORKING POC
Picsmize <= 1.0.0 - Unauthenticated Arbitrary File Upload
Unrestricted Upload of File with Dangerous Type vulnerability in softpulseinfotech Picsmize picsmize allows Upload a Web Shell to a Web Server.This issue affects Picsmize: from n/a through <= 1.0.0.
CVSS 10.0