Ron Jost - Security Researcher - Exploit Intelligence Platform

CVE-2021-24155 NOMISEC HIGH WORKING POC

Backup-guard Backup Guard < 1.6.0 - Unrestricted File Upload

The WordPress Backup and Migrate Plugin – Backup Guard WordPress plugin before 1.6.0 did not ensure that the imported files are of the SGBP format and extension, allowing high privilege users (admin+) to upload arbitrary files, including PHP ones, leading to RCE.

10 stars

CVSS 7.2

View Code

CVE-2021-24145 NOMISEC HIGH WORKING POC

Webnus Modern Events Calendar Lite < 5.16.5 - Unrestricted File Upload

Arbitrary file upload in the Modern Events Calendar Lite WordPress plugin, versions before 5.16.5, did not properly check the imported file, allowing PHP ones to be uploaded by administrator by using the 'text/csv' content-type in the request.

3 stars

CVSS 7.2

View Code

CVE-2021-39352 EXPLOITDB HIGH python WORKING POC

Wordpress Plugin Catch Themes Demo Import RCE

The Catch Themes Demo Import WordPress plugin is vulnerable to arbitrary file uploads via the import functionality found in the ~/inc/CatchThemesDemoImport.php file, in versions up to and including 1.7, due to insufficient file type validation. This makes it possible for an attacker with administrative privileges to upload malicious files that can be used to achieve remote code execution.

CVSS 7.2

View Code

CVE-2021-24762 METASPLOIT CRITICAL ruby WORKING POC

The Perfect Survey WP <1.5.2 - SQL Injection

The Perfect Survey WordPress plugin before 1.5.2 does not validate and escape the question_id GET parameter before using it in a SQL statement in the get_question AJAX action, allowing unauthenticated users to perform SQL injection.

CVSS 9.8

View Code

CVE-2021-39352 METASPLOIT HIGH ruby WORKING POC

Wordpress Plugin Catch Themes Demo Import RCE

The Catch Themes Demo Import WordPress plugin is vulnerable to arbitrary file uploads via the import functionality found in the ~/inc/CatchThemesDemoImport.php file, in versions up to and including 1.7, due to insufficient file type validation. This makes it possible for an attacker with administrative privileges to upload malicious files that can be used to achieve remote code execution.

CVSS 7.2

View Code

CVE-2021-24155 METASPLOIT HIGH ruby WORKING POC

Backup-guard Backup Guard < 1.6.0 - Unrestricted File Upload

The WordPress Backup and Migrate Plugin – Backup Guard WordPress plugin before 1.6.0 did not ensure that the imported files are of the SGBP format and extension, allowing high privilege users (admin+) to upload arbitrary files, including PHP ones, leading to RCE.

CVSS 7.2

View Code

CVE-2021-24145 METASPLOIT HIGH ruby WORKING POC

Webnus Modern Events Calendar Lite < 5.16.5 - Unrestricted File Upload

Arbitrary file upload in the Modern Events Calendar Lite WordPress plugin, versions before 5.16.5, did not properly check the imported file, allowing PHP ones to be uploaded by administrator by using the 'text/csv' content-type in the request.

CVSS 7.2

View Code

CVE-2021-24347 METASPLOIT HIGH ruby WORKING POC

SP Project & Document Manager <4.22 - Path Traversal

The SP Project & Document Manager WordPress plugin before 4.22 allows users to upload files, however, the plugin attempts to prevent php and other similar files that could be executed on the server from being uploaded by checking the file extension. It was discovered that php files could still be uploaded by changing the file extension's case, for example, from "php" to "pHP".

CVSS 8.8

View Code

EIP-2026-114078 EXPLOITDB python WORKING POC

Wordpress Plugin SP Project & Document Manager 4.21 - Remote Code Execution (RCE) (Authenticated)

View Code

CVE-2020-35948 EXPLOITDB CRITICAL python WORKING POC

Xcloner < 4.2.13 - Incorrect Authorization

An issue was discovered in the XCloner Backup and Restore plugin before 4.2.13 for WordPress. It gave authenticated attackers the ability to modify arbitrary files, including PHP files. Doing so would allow an attacker to achieve remote code execution. The xcloner_restore.php write_file_action could overwrite wp-config.php, for example. Alternatively, an attacker could create an exploit chain to obtain a database dump.

CVSS 9.9

View Code

CVE-2021-25076 EXPLOITDB HIGH python WORKING POC

WP User Frontend <3.5.26 - SQL Injection

The WP User Frontend WordPress plugin before 3.5.26 does not validate and escape the status parameter before using it in a SQL statement in the Subscribers dashboard, leading to an SQL injection. Due to the lack of sanitisation and escaping, this could also lead to Reflected Cross-Site Scripting

CVSS 8.8

View Code

CVE-2021-24750 EXPLOITDB HIGH python WORKING POC

WP Visitor Statistics <4.8 - SQL Injection

The WP Visitor Statistics (Real Time Traffic) WordPress plugin before 4.8 does not properly sanitise and escape the refUrl in the refDetails AJAX action, available to any authenticated user, which could allow users with a role as low as subscriber to perform SQL injection attacks

CVSS 8.8

View Code

CVE-2021-24931 EXPLOITDB CRITICAL python WORKING POC

Wordpress Secure Copy Content Protection and Content Locking sccp_id Unauthenticated SQLi

The Secure Copy Content Protection and Content Locking WordPress plugin before 2.8.2 does not escape the sccp_id parameter of the ays_sccp_results_export_file AJAX action (available to both unauthenticated and authenticated users) before using it in a SQL statement, leading to an SQL injection.

CVSS 9.8

View Code

CVE-2021-24145 EXPLOITDB HIGH python WORKING POC

Webnus Modern Events Calendar Lite < 5.16.5 - Unrestricted File Upload

Arbitrary file upload in the Modern Events Calendar Lite WordPress plugin, versions before 5.16.5, did not properly check the imported file, allowing PHP ones to be uploaded by administrator by using the 'text/csv' content-type in the request.

CVSS 7.2

View Code

CVE-2015-9323 EXPLOITDB CRITICAL python WORKING POC

Duckdev 404 TO 301 < 2.0.3 - SQL Injection

The 404-to-301 plugin before 2.0.3 for WordPress has SQL injection.

CVSS 9.8

View Code

CVE-2021-24155 EXPLOITDB HIGH python WORKING POC

Backup-guard Backup Guard < 1.6.0 - Unrestricted File Upload

The WordPress Backup and Migrate Plugin – Backup Guard WordPress plugin before 1.6.0 did not ensure that the imported files are of the SGBP format and extension, allowing high privilege users (admin+) to upload arbitrary files, including PHP ones, leading to RCE.

CVSS 7.2

View Code

CVE-2021-39327 EXPLOITDB MEDIUM python WORKING POC

Wordpress BulletProof Security Backup Disclosure

The BulletProof Security WordPress plugin is vulnerable to sensitive information disclosure due to a file path disclosure in the publicly accessible ~/db_backup_log.txt file which grants attackers the full path of the site, in addition to the path of database backup files. This affects versions up to, and including, 5.1.

CVSS 5.3

View Code

CVE-2021-24786 EXPLOITDB HIGH python WORKING POC

WordPress Download Monitor <4.4.5 - SQL Injection

The Download Monitor WordPress plugin before 4.4.5 does not properly validate and escape the "orderby" GET parameter before using it in a SQL statement when viewing the logs, leading to an SQL Injection issue

CVSS 7.2

View Code

CVE-2021-24146 EXPLOITDB HIGH python WORKING POC

Webnus Modern Events Calendar Lite < 5.16.5 - Improper Access Control

Lack of authorisation checks in the Modern Events Calendar Lite WordPress plugin, versions before 5.16.5, did not properly restrict access to the export files, allowing unauthenticated users to exports all events data in CSV or XML format for example.

CVSS 7.5

View Code

CVE-2021-24946 EXPLOITDB CRITICAL python SCANNER

WordPress Modern Events Calendar SQLi Scanner

The Modern Events Calendar Lite WordPress plugin before 6.1.5 does not sanitise and escape the time parameter before using it in a SQL statement in the mec_load_single_page AJAX action, available to unauthenticated users, leading to an unauthenticated SQL injection issue

CVSS 9.8

View Code

CVE-2021-24762 EXPLOITDB CRITICAL python WORKING POC

The Perfect Survey WP <1.5.2 - SQL Injection

The Perfect Survey WordPress plugin before 1.5.2 does not validate and escape the question_id GET parameter before using it in a SQL statement in the get_question AJAX action, allowing unauthenticated users to perform SQL injection.

CVSS 9.8

View Code

CVE-2021-24862 EXPLOITDB HIGH python WORKING POC

Wordpress RegistrationMagic task_ids Authenticated SQLi

The RegistrationMagic WordPress plugin before 5.0.1.6 does not escape user input in its rm_chronos_ajax AJAX action before using it in a SQL statement when duplicating tasks in batches, which could lead to a SQL injection issue

CVSS 7.2

View Code

CVE-2017-14537 EXPLOITDB MEDIUM python WORKING POC

Trixbox 2.8.0 - Path Traversal

trixbox 2.8.0.4 has path traversal via the xajaxargs array parameter to /maint/index.php?packages or the lang parameter to /maint/modules/home/index.php.

CVSS 6.5

View Code

CVE-2017-14535 EXPLOITDB HIGH python WORKING POC

Trixbox - 2.8.0.4 OS Command Injection

trixbox 2.8.0.4 has OS command injection via shell metacharacters in the lang parameter to /maint/modules/home/index.php.

CVSS 8.8

View Code

CVE-2020-29607 EXPLOITDB HIGH python WORKING POC

Pluck CMS <4.7.13 - RCE

A file upload restriction bypass vulnerability in Pluck CMS before 4.7.13 allows an admin privileged user to gain access in the host through the "manage files" functionality, which may result in remote code execution.

CVSS 7.2

View Code