RandomRobbieBF

184 exploits Active since Jun 2017
CVE-2022-45808 NOMISEC CRITICAL WORKING POC
LearnPress - WordPress LMS Plugin <= 4.1.7.3.2 - SQL Injection
SQL Injection vulnerability in LearnPress – WordPress LMS Plugin <= 4.1.7.3.2 versions.
CVSS 9.9
CVE-2022-47615 NOMISEC CRITICAL WORKING POC
LearnPress - WordPress LMS Plugin <= 4.1.7.3.2 - Local File Inclusion
Local File Inclusion vulnerability in LearnPress – WordPress LMS Plugin <= 4.1.7.3.2 versions.
CVSS 9.3
CVE-2022-1203 NOMISEC MEDIUM WORKING POC
Content Mask < 1.8.4.1 - Authenticated Arbitrary Option Update via Missing Authorization
The Content Mask WordPress plugin before 1.8.4.1 does not have authorisation and CSRF checks in various AJAX actions, as well as does not validate the option to be updated to ensure it belongs to the plugin. As a result, any authenticated user, such as subscriber could modify arbitrary blog options
CVSS 4.3
CVE-2022-1442 NOMISEC HIGH WORKING POC
MetForm < 2.1.3 - Unauthenticated Sensitive Information Disclosure in action.php
The Metform WordPress plugin is vulnerable to sensitive information disclosure due to improper access control in the ~/core/forms/action.php file which can be exploited by an unauthenticated attacker to view all API keys and secrets of integrated third-party APIs like that of PayPal, Stripe, Mailchimp, Hubspot, HelpScout, reCAPTCHA and many more, in versions up to and including 2.1.3.
CVSS 7.5
CVE-2021-34621 NOMISEC CRITICAL WORKING POC
ProfilePress 3.0.0-3.1.3 - Unauthenticated Privilege Escalation via Registration
A vulnerability in the user registration component found in the ~/src/Classes/RegistrationAuth.php file of the ProfilePress WordPress plugin made it possible for users to register on sites as an administrator. This issue affects versions 3.0.0 - 3.1.3. .
CVSS 9.8
CVE-2021-24507 NOMISEC CRITICAL WORKING POC
Astra Pro Addon < 3.5.2 - SQL Injection via astra_pagination_infinite and astra_shop_pagination_infinite AJAX Actions
The Astra Pro Addon WordPress plugin before 3.5.2 did not properly sanitise or escape some of the POST parameters from the astra_pagination_infinite and astra_shop_pagination_infinite AJAX action (available to both unauthenticated and authenticated user) before using them in SQL statement, leading to an SQL Injection issues
CVSS 9.8
CVE-2021-24356 NOMISEC HIGH WORKING POC
Simple 301 Redirects by BetterLinks 2.0.0-2.0.4 - Authenticated Arbitrary Plugin Activation via AJAX Action
In the Simple 301 Redirects by BetterLinks WordPress plugin before 2.0.4, a lack of capability checks and insufficient nonce check on the AJAX action, simple301redirects/admin/activate_plugin, made it possible for authenticated users to activate arbitrary plugins installed on vulnerable sites.
CVSS 8.8
CVE-2021-25032 NOMISEC CRITICAL WORKING POC
PublishPress Capabilities <2.3.1 - CSRF
The PublishPress Capabilities WordPress plugin before 2.3.1, PublishPress Capabilities Pro WordPress plugin before 2.3.1 does not have authorisation and CSRF checks when updating the plugin's settings via the init hook, and does not ensure that the options to be updated belong to the plugin. As a result, unauthenticated attackers could update arbitrary blog options, such as the default role and make any new registered user with an administrator role.
CVSS 9.8
CVE-2019-15896 NOMISEC CRITICAL WORKING POC
LifterLMS <3.34.5 - Privilege Escalation
An issue was discovered in the LifterLMS plugin through 3.34.5 for WordPress. The upload_import function in the class.llms.admin.import.php script is prone to an unauthenticated options import vulnerability that could lead to privilege escalation (administrator account creation), website redirection, and stored XSS.
CVSS 9.8