RandomRobbieBF

184 exploits Active since Jun 2017
CVE-2022-45808 NOMISEC CRITICAL WORKING POC
Thimpress Learnpress < 4.1.7.3.2 - SQL Injection
SQL Injection vulnerability in LearnPress – WordPress LMS Plugin <= 4.1.7.3.2 versions.
CVSS 9.9
CVE-2022-47615 NOMISEC CRITICAL WORKING POC
Thimpress Learnpress < 4.2.0 - Unrestricted File Upload
Local File Inclusion vulnerability in LearnPress – WordPress LMS Plugin <= 4.1.7.3.2 versions.
CVSS 9.3
CVE-2022-1203 NOMISEC MEDIUM WORKING POC
Content Mask < 1.8.4.1 - Missing Authorization
The Content Mask WordPress plugin before 1.8.4.1 does not have authorisation and CSRF checks in various AJAX actions, as well as does not validate the option to be updated to ensure it belongs to the plugin. As a result, any authenticated user, such as subscriber could modify arbitrary blog options
CVSS 4.3
CVE-2022-1442 NOMISEC HIGH WORKING POC
Wpmet Metform Elementor Contact Form Builder - Missing Authorization
The Metform WordPress plugin is vulnerable to sensitive information disclosure due to improper access control in the ~/core/forms/action.php file which can be exploited by an unauthenticated attacker to view all API keys and secrets of integrated third-party APIs like that of PayPal, Stripe, Mailchimp, Hubspot, HelpScout, reCAPTCHA and many more, in versions up to and including 2.1.3.
CVSS 7.5
CVE-2021-34621 NOMISEC CRITICAL WORKING POC
Properfraction Profilepress < 3.1.3 - Missing Authentication
A vulnerability in the user registration component found in the ~/src/Classes/RegistrationAuth.php file of the ProfilePress WordPress plugin made it possible for users to register on sites as an administrator. This issue affects versions 3.0.0 - 3.1.3. .
CVSS 9.8
CVE-2021-24507 NOMISEC CRITICAL WORKING POC
Brainstormforce Astra < 3.5.2 - SQL Injection
The Astra Pro Addon WordPress plugin before 3.5.2 did not properly sanitise or escape some of the POST parameters from the astra_pagination_infinite and astra_shop_pagination_infinite AJAX action (available to both unauthenticated and authenticated user) before using them in SQL statement, leading to an SQL Injection issues
CVSS 9.8
CVE-2021-24356 NOMISEC HIGH WORKING POC
Wpdeveloper Simple 301 Redirects < 2.0.4 - Missing Authorization
In the Simple 301 Redirects by BetterLinks WordPress plugin before 2.0.4, a lack of capability checks and insufficient nonce check on the AJAX action, simple301redirects/admin/activate_plugin, made it possible for authenticated users to activate arbitrary plugins installed on vulnerable sites.
CVSS 8.8
CVE-2021-25032 NOMISEC CRITICAL WORKING POC
PublishPress Capabilities <2.3.1 - CSRF
The PublishPress Capabilities WordPress plugin before 2.3.1, PublishPress Capabilities Pro WordPress plugin before 2.3.1 does not have authorisation and CSRF checks when updating the plugin's settings via the init hook, and does not ensure that the options to be updated belong to the plugin. As a result, unauthenticated attackers could update arbitrary blog options, such as the default role and make any new registered user with an administrator role.
CVSS 9.8
CVE-2019-15896 NOMISEC CRITICAL WORKING POC
LifterLMS <3.34.5 - Privilege Escalation
An issue was discovered in the LifterLMS plugin through 3.34.5 for WordPress. The upload_import function in the class.llms.admin.import.php script is prone to an unauthenticated options import vulnerability that could lead to privilege escalation (administrator account creation), website redirection, and stored XSS.
CVSS 9.8