TAD GROUP

6 exploits Active since Jun 2026
CVE-2017-20246 EXPLOITDB HIGH text WORKING POC
KittyCatfish 2.2 Plugin for WordPress SQL Injection
KittyCatfish 2.2 plugin for WordPress contains an SQL injection vulnerability that allows unauthenticated attackers to read database contents by exploiting an unescaped GET parameter. Attackers can inject SQL code through the 'kc_ad' parameter in base.css.php or kittycatfish.php to extract sensitive database information using boolean-based blind or time-based blind techniques.
CVSS 8.2
CVE-2017-20245 EXPLOITDB HIGH text WORKING POC
Wow Viral Signups 2.1 WordPress Plugin SQL Injection
Wow Viral Signups 2.1 WordPress plugin contains an SQL injection vulnerability that allows unauthenticated attackers to extract database information by exploiting the unescaped 'idsignup' POST parameter. Attackers can send crafted requests to the admin-ajax.php endpoint with malicious SQL payloads in the 'idsignup' parameter to read arbitrary data from the database.
CVSS 8.2
CVE-2017-20244 EXPLOITDB HIGH text WORKING POC
Wow Forms WordPress Plugin 2.1 SQL Injection
Wow Forms WordPress Plugin version 2.1 contains an SQL injection vulnerability that allows unauthenticated attackers to read arbitrary database information by exploiting an unescaped POST parameter. Attackers can inject SQL code through the 'mwpformid' parameter in requests to the admin-ajax.php endpoint with the 'send_mwp_form' action to extract sensitive database contents.
CVSS 8.2
CVE-2016-20062 EXPLOITDB HIGH text WRITEUP
Simply Poll 1.4.1 Plugin for WordPress SQL Injection
Simply Poll 1.4.1 plugin for WordPress contains an SQL injection vulnerability that allows unauthenticated attackers to extract database information by injecting SQL code through the 'pollid' POST parameter. Attackers can send requests to the admin-ajax.php endpoint with the 'spAjaxResults' action and malicious 'pollid' values to execute arbitrary SQL queries and read sensitive data from the WordPress database.
CVSS 8.2
EIP-2026-113621 EXPLOITDB text WRITEUP
WordPress Plugin Car Rental System 2.5 - SQL Injection
EIP-2026-113936 EXPLOITDB text WRITEUP
WordPress Plugin Olimometer 2.56 - SQL Injection