Securify

23 exploits Active since Apr 2015
CVE-2017-20065 EXPLOITDB MEDIUM html WORKING POC
Supsystic Popup Plugin <1.7.6 - CSRF
A vulnerability was found in Supsystic Popup Plugin 1.7.6 and classified as problematic. This issue affects some unknown processing. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
CVSS 4.3
CVE-2016-6896 EXPLOITDB HIGH text WORKING POC
WordPress Traversal Directory DoS
Directory traversal vulnerability in the wp_ajax_update_plugin function in wp-admin/includes/ajax-actions.php in WordPress 4.5.3 allows remote authenticated users to cause a denial of service or read certain text files via a .. (dot dot) in the plugin parameter to wp-admin/admin-ajax.php, as demonstrated by /dev/random read operations that deplete the entropy pool.
CVSS 7.1
EIP-2026-114154 EXPLOITDB text WORKING POC
WordPress Plugin User Login Log 2.2.1 - Cross-Site Scripting
EIP-2026-114220 EXPLOITDB text WORKING POC
WordPress Plugin WP Live Chat Support 6.2.03 - Persistent Cross-Site Scripting
EIP-2026-114183 EXPLOITDB text WORKING POC
WordPress Plugin WassUp Real Time Analytics 1.9 - Persistent Cross-Site Scripting
EIP-2026-114170 EXPLOITDB html WORKING POC
WordPress Plugin Video Player 1.5.16 - SQL Injection
EIP-2026-113649 EXPLOITDB html WORKING POC
WordPress Plugin Contact Form Manager - Cross-Site Request Forgery / Cross-Site Scripting
EIP-2026-113663 EXPLOITDB text WORKING POC
WordPress Plugin Count Per Day 3.5.4 - Persistent Cross-Site Scripting
EIP-2026-113745 EXPLOITDB html WORKING POC
WordPress Plugin File Manager 3.0.1 - Cross-Site Request Forgery
EIP-2026-113790 EXPLOITDB html WORKING POC
WordPress Plugin Global Content Blocks 2.1.5 - Cross-Site Request Forgery
EIP-2026-113923 EXPLOITDB text WORKING POC
WordPress Plugin NewStatPress 1.2.4 - Cross-Site Scripting
EIP-2026-113648 EXPLOITDB html WORKING POC
WordPress Plugin Contact Form Manager - Cross-Site Request Forgery / Cross-Site Scripting
CVE-2016-6897 EXPLOITDB MEDIUM text WORKING POC
Wordpress < 4.5.5 - CSRF
Cross-site request forgery (CSRF) vulnerability in the wp_ajax_update_plugin function in wp-admin/includes/ajax-actions.php in WordPress before 4.6 allows remote attackers to hijack the authentication of subscribers for /dev/random read operations by leveraging a late call to the check_ajax_referer function, a related issue to CVE-2016-6896.
CVSS 6.5
EIP-2026-113518 EXPLOITDB text WRITEUP
WordPress Plugin 404 to 301 2.2.8 - Persistent Cross-Site Scripting
EIP-2026-113531 EXPLOITDB text WORKING POC
WordPress Plugin Add From Server < 3.3.2 - Cross-Site Request Forgery (Arbitrary File Upload)
EIP-2026-113561 EXPLOITDB text WORKING POC
WordPress Plugin ALO EasyMail NewsLetter 2.9.2 - Cross-Site Request Forgery (Add/Import Arbitrary Subscribers)
EIP-2026-113598 EXPLOITDB text WORKING POC
WordPress Plugin Booking Calendar 6.2 - SQL Injection
EIP-2026-107439 EXPLOITDB text WRITEUP
Glype 1.4.9 - Local Address Filter Bypass
EIP-2026-107438 EXPLOITDB text WRITEUP
Glype 1.4.9 - Cookie Injection Directory Traversal Local File Inclusion
EIP-2026-104599 EXPLOITDB text WRITEUP
HideMyAss Pro VPN Client for OS X 2.2.7.0 - Local Privilege Escalation
CVE-2017-8665 EXPLOITDB HIGH text WORKING POC
Microsoft Xamarin.ios < 10.11 - Incorrect Permission Assignment
The Xamarin.iOS update component on systems running macOS allows an attacker to run arbitrary code as root, aka "Xamarin.iOS Elevation Of Privilege Vulnerability."
CVSS 7.8
EIP-2026-103379 EXPLOITDB text WORKING POC
Proxifier for Mac 2.18 - Multiple Vulnerabilities
CVE-2015-2838 EXPLOITDB text WORKING POC
Citrix Netscaler - CSRF
Cross-site request forgery (CSRF) vulnerability in Nitro API in Citrix NetScaler before 10.5 build 52.3nc allows remote attackers to hijack the authentication of administrators for requests that execute arbitrary commands as nsroot via shell metacharacters in the file_name JSON member in params/xen_hotfix/0 to nitro/v1/config/xen_hotfix.