RandomRobbieBF

184 exploits Active since Jun 2017
CVE-2024-12270 NOMISEC HIGH WORKING POC
Beautiful taxonomy filters plugin <2.4.3 - SQL Injection
The Beautiful taxonomy filters plugin for WordPress is vulnerable to SQL Injection via the 'selects[0][term]' parameter in all versions up to, and including, 2.4.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
CVSS 7.5
CVE-2024-12252 NOMISEC CRITICAL WORKING POC
SEO LAT Auto Post <= 2.2.1 - Unauthenticated File Overwrite and Remote Code Execution via remote_update AJAX Action
The SEO LAT Auto Post plugin for WordPress is vulnerable to file overwrite due to a missing capability check on the remote_update AJAX action in all versions up to, and including, 2.2.1. This makes it possible for unauthenticated attackers to overwrite the seo-beginner-auto-post.php file which can be leveraged to achieve remote code execution.
CVSS 9.8
CVE-2024-12172 NOMISEC HIGH WORKING POC
WP Courses LMS <3.2.21 - Privilege Escalation
The WP Courses LMS – Online Courses Builder, eLearning Courses, Courses Solution, Education Courses plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the wpc_update_user_meta_option() function in all versions up to, and including, 3.2.21. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update arbitrary user's metadata which can be levereged to block an administrator from accessing their site when wp_capabilities is set to 0.
CVSS 7.5
CVE-2024-12157 NOMISEC HIGH WRITEUP
MailChimp, GetResponse & ActiveCampaign Integrations <= 3.2.6 - Unauthenticated SQL Injection
The Popup – MailChimp, GetResponse and ActiveCampaign Intergrations plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter of the 'upc_delete_db_record' AJAX action in all versions up to, and including, 3.2.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
CVSS 7.5
CVE-2024-11848 NOMISEC HIGH WORKING POC
NitroPack <1.17.0 - Info Disclosure
The NitroPack plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'nitropack_dismiss_notice_forever' AJAX action in all versions up to, and including, 1.17.0. This makes it possible for authenticated attackers, with subscriber-level access and above, to update arbitrary options to a fixed value of '1' which can activate certain options (e.g., enable user registration) or modify certain options in a way that leads to a denial of service condition.
CVSS 8.1
CVE-2024-11643 NOMISEC HIGH WORKING POC
WordPress AllAccessible <1.3.4 - Privilege Escalation
The Accessibility by AllAccessible plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the 'AllAccessible_save_settings' function in all versions up to, and including, 1.3.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site.
CVSS 8.8
CVE-2024-11396 NOMISEC MEDIUM WORKING POC
Event Monster < 1.4.3 - Unauthenticated Information Exposure via Visitors List Export
The Event Monster – Event Management, Tickets Booking, Upcoming Event plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.4.3 via the Visitors List Export file. During the export, a CSV file is created in the wp-content folder with a hardcoded filename that is publicly accessible. This makes it possible for unauthenticated attackers to extract data about event visitors, that includes first and last names, email, and phone number.
CVSS 5.3
CVE-2024-10728 NOMISEC HIGH WORKING POC
PostX < 4.1.16 - Authenticated Arbitrary Plugin Installation via Missing Capability Check
The Post Grid Gutenberg Blocks and WordPress Blog Plugin – PostX plugin for WordPress is vulnerable to unauthorized plugin installation/activation due to a missing capability check on the 'install_required_plugin_callback' function in all versions up to, and including, 4.1.16. This makes it possible for authenticated attackers, with Subscriber-level access and above, to install and activate arbitrary plugins which can be leveraged to achieve remote code execution if another vulnerable plugin is installed and activated.
CVSS 8.8
CVE-2024-10629 NOMISEC HIGH WORKING POC
GPX Viewer <= 2.2.9 - Authenticated Arbitrary File Creation via gpxv_file_upload()
The GPX Viewer plugin for WordPress is vulnerable to arbitrary file creation due to a missing capability check and file type validation in the gpxv_file_upload() function in all versions up to, and including, 2.2.9. This makes it possible for authenticated attackers, with subscriber-level access and above, to create arbitrary files on the affected site's server which may make remote code execution possible.
CVSS 8.8
CVE-2024-10571 NOMISEC CRITICAL WORKING POC
Chartify - WordPress Chart Plugin <= 2.9.5 - Unauthenticated Local File Inclusion via Source Parameter
The Chartify – WordPress Chart Plugin plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.9.5 via the 'source' parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included.
CVSS 9.8
CVE-2024-10516 NOMISEC HIGH WORKING POC
Swift Performance Lite <2.3.7.1 - Local PHP File Inclusion
The Swift Performance Lite plugin for WordPress is vulnerable to Local PHP File Inclusion in all versions up to, and including, 2.3.7.1 via the 'ajaxify' function. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included.
CVSS 8.1
CVE-2024-10470 NOMISEC CRITICAL WORKING POC
WPLMS Learning Management System for WordPress <= 4.962 - Arbitrary File Read/Deletion via Path Validation
The WPLMS Learning Management System for WordPress, WordPress LMS theme for WordPress is vulnerable to arbitrary file read and deletion due to insufficient file path validation and permissions checks in the readfile and unlink functions in all versions up to, and including, 4.962. This makes it possible for unauthenticated attackers to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php). The theme is vulnerable even when it is not activated.
CVSS 9.8
CVE-2024-10124 NOMISEC CRITICAL WORKING POC
Vayu Blocks - Unauthorized Plugin Installation
The Vayu Blocks – Gutenberg Blocks for WordPress & WooCommerce plugin for WordPress is vulnerable to unauthorized arbitrary plugin installation and activation due to a missing capability check on the tp_install() function in all versions up to, and including, 1.1.1. This makes it possible for unauthenticated attackers to install and activate arbitrary plugins which can be leveraged to achieve remote code execution if another vulnerable plugin is installed and activated. This vulnerability was partially patched in version 1.1.1.
CVSS 9.8
CVE-2023-6289 NOMISEC MEDIUM WORKING POC
Swift Performance Lite <2.3.6.15 - Info Disclosure
The Swift Performance Lite WordPress plugin before 2.3.6.15 does not prevent users from exporting the plugin's settings, which may include sensitive information such as Cloudflare API tokens.
CVSS 4.3
CVE-2023-45828 NOMISEC MEDIUM WORKING POC
RumbleTalk Live Group Chat <6.2.5 - Info Disclosure
Missing Authorization vulnerability in RumbleTalk RumbleTalk Live Group Chat rumbletalk-chat-a-chat-with-themes allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects RumbleTalk Live Group Chat: from n/a through <= 6.2.5.
CVSS 5.4
CVE-2023-41652 NOMISEC HIGH WORKING POC
RSVPMaker < 10.6.6 - SQL Injection
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in David F. Carr RSVPMaker rsvpmaker allows SQL Injection.This issue affects RSVPMaker: from n/a through 10.6.6.
CVSS 8.2
CVE-2023-45657 NOMISEC HIGH WORKING POC
POSIMYTH Nexter <= 2.0.3 - SQL Injection
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in POSIMYTH Nexter allows SQL Injection.This issue affects Nexter: from n/a through 2.0.3.
CVSS 8.5
CVE-2023-5070 NOMISEC MEDIUM WORKING POC
Ultimatelysocial Social Media Share Buttons & Social Sharing Icons < 2.8.6 - Information Disclosure
The Social Media Share Buttons & Social Sharing Icons plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 2.8.5 via the sfsi_save_export function. This can allow subscribers to export plugin settings that include social media authentication tokens and secrets as well as app passwords.
CVSS 6.5
CVE-2023-47179 NOMISEC HIGH WORKING POC
WooODT Lite <= 2.4.6 - Missing Authorization
Missing Authorization vulnerability in mdalabar WooODT Lite byconsole-woo-order-delivery-time allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WooODT Lite: from n/a through <= 2.4.6.
CVSS 8.8
CVE-2023-47668 NOMISEC MEDIUM WORKING POC
StellarWP Membership Plugin - Restrict Content <= 3.2.7 - Exposure of Sensitive Information via Log File
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in StellarWP Membership Plugin – Restrict Content plugin <= 3.2.7 versions.
CVSS 5.3
CVE-2023-46197 NOMISEC MEDIUM SCANNER
Supsystic Com Popup <1.10.19 - Path Traversal
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in supsystic.Com Popup by Supsystic allows Relative Path Traversal.This issue affects Popup by Supsystic: from n/a through 1.10.19.
CVSS 5.3
CVE-2023-40600 NOMISEC MEDIUM WORKING POC
EWWW Image Optimizer <7.2.0 - Info Disclosure
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Exactly WWW EWWW Image Optimizer. It works only when debug.log is turned on.This issue affects EWWW Image Optimizer: from n/a through 7.2.0.
CVSS 5.3
CVE-2023-36531 NOMISEC MEDIUM WORKING POC
LiquidPoll -<3.3.68 - Info Disclosure
Missing Authorization vulnerability in LiquidPoll LiquidPoll – Advanced Polls for Creators and Brands allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects LiquidPoll – Advanced Polls for Creators and Brands: from n/a through 3.3.68.
CVSS 4.3
CVE-2023-32590 NOMISEC CRITICAL WORKING POC
Subscribe to Category < 2.7.4 - SQL Injection
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Daniel Söderström / Sidney van de Stouwe Subscribe to Category.This issue affects Subscribe to Category: from n/a through 2.7.4.
CVSS 9.3
CVE-2022-45354 NOMISEC MEDIUM WORKING POC
WPChill Download Monitor < 4.7.60 - Exposure of Sensitive Information to an Unauthorized Actor
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in WPChill Download Monitor.This issue affects Download Monitor: from n/a through 4.7.60.
CVSS 5.3