Ryan Roth

2 exploits Active since Apr 2025
CVE-2025-10874 GITHUB MEDIUM python WORKING POC
WordPress Orbit Fox < 3.0.2 - Stock Photo Import Server-Side Request Forgery
The Orbit Fox: Duplicate Page, Menu Icons, SVG Support, Cookie Notice, Custom Fonts & More WordPress plugin before 3.0.2 does not limit URLs which may be used for the stock photo import feature, allowing the user to specify arbitrary URLs. This leads to a server-side request forgery as the user may force the server to access any URL of their choosing.
CVSS 5.5
CVE-2024-50960 WRITEUP HIGH WORKING POC
Extron SMP 111 <=3.01, SMP 351/352 <=2.16, SME 211 <=3.02 - Authenticated Command Injection
A command injection vulnerability in the Nmap diagnostic tool in the admin web console of Extron SMP 111 <=3.01, SMP 351 <=2.16, SMP 352 <= 2.16, and SME 211 <= 3.02, allows a remote authenticated attacker to execute arbitrary commands as root on the underlying operating system.
CVSS 7.2