Unk9vvN - Security Researcher - Exploit Intelligence Platform

CVE-2019-25743 EXPLOITDB MEDIUM text WORKING POC

WordPress Soliloquy Lite 2.5.6 Persistent Cross-Site Scripting

WordPress Soliloquy Lite 2.5.6 contains a persistent cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by inserting script tags in the post title field. Attackers can submit POST requests to the post editing endpoint with script payloads in the post_title parameter, which are stored and executed when users preview the post.

CVSS 5.4

View Code

CVE-2019-25744 EXPLOITDB MEDIUM text WORKING POC

WordPress Popup Builder 3.49 Persistent Cross-Site Scripting

WordPress Popup Builder 3.49 contains a persistent cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by breaking out of option tags in the post_title parameter. Attackers can submit crafted POST requests to the post.php endpoint with script payloads in the post_title field that execute when pages or posts display popup selections.

CVSS 5.4

View Code

CVE-2019-25314 EXPLOITDB MEDIUM text WORKING POC

Yoast Duplicate-Post WP <3.2.3 - XSS

Yoast Duplicate-Post WordPress Plugin 3.2.3 contains a persistent cross-site scripting vulnerability in plugin settings parameters. Attackers can inject malicious scripts into title prefix, suffix, menu order, and blacklist fields to execute arbitrary JavaScript in admin interfaces.

CVSS 5.5

View Code

EIP-2026-113761 EXPLOITDB text WORKING POC

WordPress Plugin FooGallery 1.8.12 - Persistent Cross-Site Scripting

View Code

CVE-2019-11398 EXPLOITDB MEDIUM text WORKING POC

UliCMS 2019.1-2019.2 - Cross-Site Scripting via Admin Index Parameters

Multiple cross-site scripting (XSS) vulnerabilities in UliCMS 2019.2 and 2019.1 allow remote attackers to inject arbitrary web script or HTML via the go parameter to admin/index.php, the go parameter to /admin/index.php?register=register, or the error parameter to admin/index.php?action=favicon.

CVSS 6.1

View Code

EIP-2026-105101 EXPLOITDB text WORKING POC

all-in-one-seo-pack 3.2.7 - Persistent Cross-Site Scripting

View Code