Ron Jost (Hacker5preme)

39 exploits Active since Mar 2017
CVE-2020-29607 NOMISEC HIGH WORKING POC
Pluck CMS <4.7.13 - RCE
A file upload restriction bypass vulnerability in Pluck CMS before 4.7.13 allows an admin privileged user to gain access in the host through the "manage files" functionality, which may result in remote code execution.
6 stars
CVSS 7.2
CVE-2020-29607 NOMISEC HIGH WORKING POC
Pluck CMS <4.7.13 - RCE
A file upload restriction bypass vulnerability in Pluck CMS before 4.7.13 allows an admin privileged user to gain access in the host through the "manage files" functionality, which may result in remote code execution.
6 stars
CVSS 7.2
CVE-2021-25076 NOMISEC HIGH WORKING POC
WP User Frontend <3.5.26 - SQL Injection
The WP User Frontend WordPress plugin before 3.5.26 does not validate and escape the status parameter before using it in a SQL statement in the Subscribers dashboard, leading to an SQL injection. Due to the lack of sanitisation and escaping, this could also lead to Reflected Cross-Site Scripting
3 stars
CVSS 8.8
CVE-2021-25076 NOMISEC HIGH WORKING POC
WP User Frontend <3.5.26 - SQL Injection
The WP User Frontend WordPress plugin before 3.5.26 does not validate and escape the status parameter before using it in a SQL statement in the Subscribers dashboard, leading to an SQL injection. Due to the lack of sanitisation and escaping, this could also lead to Reflected Cross-Site Scripting
3 stars
CVSS 8.8
CVE-2020-29607 NOMISEC HIGH WORKING POC
Pluck CMS <4.7.13 - RCE
A file upload restriction bypass vulnerability in Pluck CMS before 4.7.13 allows an admin privileged user to gain access in the host through the "manage files" functionality, which may result in remote code execution.
CVSS 7.2
CVE-2020-29607 NOMISEC HIGH WORKING POC
Pluck CMS <4.7.13 - RCE
A file upload restriction bypass vulnerability in Pluck CMS before 4.7.13 allows an admin privileged user to gain access in the host through the "manage files" functionality, which may result in remote code execution.
CVSS 7.2
CVE-2021-24545 NOMISEC MEDIUM WORKING POC
WP Html Author Bio < 1.2.0 - XSS
The WP HTML Author Bio WordPress plugin through 1.2.0 does not sanitise the HTML allowed in the Bio of users, allowing them to use malicious JavaScript code, which will be executed when anyone visit a post in the frontend made by such user. As a result, user with a role as low as author could perform Cross-Site Scripting attacks against users, which could potentially lead to privilege escalation when an admin view the related post/s.
CVSS 5.4
CVE-2021-24750 VULNCHECK_XDB HIGH WORKING POC
WP Visitor Statistics <4.8 - SQL Injection
The WP Visitor Statistics (Real Time Traffic) WordPress plugin before 4.8 does not properly sanitise and escape the refUrl in the refDetails AJAX action, available to any authenticated user, which could allow users with a role as low as subscriber to perform SQL injection attacks
CVSS 8.8
CVE-2021-25076 VULNCHECK_XDB HIGH WORKING POC
WP User Frontend <3.5.26 - SQL Injection
The WP User Frontend WordPress plugin before 3.5.26 does not validate and escape the status parameter before using it in a SQL statement in the Subscribers dashboard, leading to an SQL injection. Due to the lack of sanitisation and escaping, this could also lead to Reflected Cross-Site Scripting
CVSS 8.8
CVE-2020-29607 INTHEWILD HIGH WORKING POC
Pluck CMS <4.7.13 - RCE
A file upload restriction bypass vulnerability in Pluck CMS before 4.7.13 allows an admin privileged user to gain access in the host through the "manage files" functionality, which may result in remote code execution.
CVSS 7.2
CVE-2021-25076 INTHEWILD HIGH WORKING POC
WP User Frontend <3.5.26 - SQL Injection
The WP User Frontend WordPress plugin before 3.5.26 does not validate and escape the status parameter before using it in a SQL statement in the Subscribers dashboard, leading to an SQL injection. Due to the lack of sanitisation and escaping, this could also lead to Reflected Cross-Site Scripting
CVSS 8.8
CVE-2020-29607 INTHEWILD HIGH WORKING POC
Pluck CMS <4.7.13 - RCE
A file upload restriction bypass vulnerability in Pluck CMS before 4.7.13 allows an admin privileged user to gain access in the host through the "manage files" functionality, which may result in remote code execution.
CVSS 7.2
CVE-2021-39352 EXPLOITDB HIGH python WORKING POC
Wordpress Plugin Catch Themes Demo Import RCE
The Catch Themes Demo Import WordPress plugin is vulnerable to arbitrary file uploads via the import functionality found in the ~/inc/CatchThemesDemoImport.php file, in versions up to and including 1.7, due to insufficient file type validation. This makes it possible for an attacker with administrative privileges to upload malicious files that can be used to achieve remote code execution.
CVSS 7.2
CVE-2021-39327 METASPLOIT MEDIUM ruby WORKING POC
Wordpress BulletProof Security Backup Disclosure
The BulletProof Security WordPress plugin is vulnerable to sensitive information disclosure due to a file path disclosure in the publicly accessible ~/db_backup_log.txt file which grants attackers the full path of the site, in addition to the path of database backup files. This affects versions up to, and including, 5.1.
CVSS 5.3
CVE-2021-25076 EXPLOITDB HIGH python WORKING POC
WP User Frontend <3.5.26 - SQL Injection
The WP User Frontend WordPress plugin before 3.5.26 does not validate and escape the status parameter before using it in a SQL statement in the Subscribers dashboard, leading to an SQL injection. Due to the lack of sanitisation and escaping, this could also lead to Reflected Cross-Site Scripting
CVSS 8.8
CVE-2020-35948 EXPLOITDB CRITICAL python WORKING POC
Xcloner < 4.2.13 - Incorrect Authorization
An issue was discovered in the XCloner Backup and Restore plugin before 4.2.13 for WordPress. It gave authenticated attackers the ability to modify arbitrary files, including PHP files. Doing so would allow an attacker to achieve remote code execution. The xcloner_restore.php write_file_action could overwrite wp-config.php, for example. Alternatively, an attacker could create an exploit chain to obtain a database dump.
CVSS 9.9
CVE-2021-24931 EXPLOITDB CRITICAL python WORKING POC
Wordpress Secure Copy Content Protection and Content Locking sccp_id Unauthenticated SQLi
The Secure Copy Content Protection and Content Locking WordPress plugin before 2.8.2 does not escape the sccp_id parameter of the ays_sccp_results_export_file AJAX action (available to both unauthenticated and authenticated users) before using it in a SQL statement, leading to an SQL injection.
CVSS 9.8
EIP-2026-114078 EXPLOITDB python WORKING POC
Wordpress Plugin SP Project & Document Manager 4.21 - Remote Code Execution (RCE) (Authenticated)
CVE-2021-24750 EXPLOITDB HIGH python WORKING POC
WP Visitor Statistics <4.8 - SQL Injection
The WP Visitor Statistics (Real Time Traffic) WordPress plugin before 4.8 does not properly sanitise and escape the refUrl in the refDetails AJAX action, available to any authenticated user, which could allow users with a role as low as subscriber to perform SQL injection attacks
CVSS 8.8
CVE-2021-24862 EXPLOITDB HIGH python WORKING POC
Wordpress RegistrationMagic task_ids Authenticated SQLi
The RegistrationMagic WordPress plugin before 5.0.1.6 does not escape user input in its rm_chronos_ajax AJAX action before using it in a SQL statement when duplicating tasks in batches, which could lead to a SQL injection issue
CVSS 7.2
CVE-2015-9323 EXPLOITDB CRITICAL python WORKING POC
Duckdev 404 TO 301 < 2.0.3 - SQL Injection
The 404-to-301 plugin before 2.0.3 for WordPress has SQL injection.
CVSS 9.8
CVE-2021-24155 EXPLOITDB HIGH python WORKING POC
Backup-guard Backup Guard < 1.6.0 - Unrestricted File Upload
The WordPress Backup and Migrate Plugin – Backup Guard WordPress plugin before 1.6.0 did not ensure that the imported files are of the SGBP format and extension, allowing high privilege users (admin+) to upload arbitrary files, including PHP ones, leading to RCE.
CVSS 7.2
CVE-2021-39327 EXPLOITDB MEDIUM python WORKING POC
Wordpress BulletProof Security Backup Disclosure
The BulletProof Security WordPress plugin is vulnerable to sensitive information disclosure due to a file path disclosure in the publicly accessible ~/db_backup_log.txt file which grants attackers the full path of the site, in addition to the path of database backup files. This affects versions up to, and including, 5.1.
CVSS 5.3
CVE-2021-24786 EXPLOITDB HIGH python WORKING POC
WordPress Download Monitor <4.4.5 - SQL Injection
The Download Monitor WordPress plugin before 4.4.5 does not properly validate and escape the "orderby" GET parameter before using it in a SQL statement when viewing the logs, leading to an SQL Injection issue
CVSS 7.2
CVE-2021-24146 EXPLOITDB HIGH python WORKING POC
Webnus Modern Events Calendar Lite < 5.16.5 - Improper Access Control
Lack of authorisation checks in the Modern Events Calendar Lite WordPress plugin, versions before 5.16.5, did not properly restrict access to the export files, allowing unauthenticated users to exports all events data in CSV or XML format for example.
CVSS 7.5