Wadeek

27 exploits Active since Jul 2025
CVE-2018-25329 EXPLOITDB HIGH php WORKING POC
WordPress Plugin WP with Spritz 1.0 Remote File Inclusion
WordPress Plugin WP with Spritz 1.0 contains a remote file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by injecting file paths into the url parameter. Attackers can send GET requests to wp.spritz.content.filter.php with malicious url values to access sensitive files like system configuration and credentials.
CVSS 7.5
CVE-2023-54346 EXPLOITDB HIGH text WORKING POC
WordPress Plugin Backup Migration 1.2.8 Unauthenticated Database Backup Download
WordPress Plugin Backup Migration 1.2.8 contains an information disclosure vulnerability that allows unauthenticated attackers to download complete database backups by accessing predictable file paths. Attackers can enumerate backup directories through configuration files and complete logs, then construct direct download URLs to retrieve sensitive backup archives containing full database dumps.
CVSS 7.5
CVE-2020-37150 EXPLOITDB HIGH text WORKING POC
Edimax EW-7438RPn-v3 Mini 1.27 - Info Disclosure
Edimax EW-7438RPn-v3 Mini 1.27 allows unauthenticated attackers to access the /wizard_reboot.asp page in unsetup mode, which discloses the Wi-Fi SSID and security key. Attackers can retrieve the wireless password by sending a GET request to this endpoint, exposing sensitive information without authentication.
CVSS 7.5
CVE-2020-37149 EXPLOITDB HIGH text WORKING POC
Edimax EW-7438RPn-v3 Mini 1.27 - CSRF
Edimax EW-7438RPn-v3 Mini 1.27 is vulnerable to cross-site request forgery (CSRF) that can lead to command execution. An attacker can trick an authenticated user into submitting a crafted form to the /goform/mp endpoint, resulting in arbitrary command execution on the device with the user's privileges.
CVSS 8.1
CVE-2020-37125 EXPLOITDB CRITICAL text WORKING POC
Edimax EW-7438RPn-v3 Mini 1.27 - RCE
Edimax EW-7438RPn-v3 Mini 1.27 contains a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary commands through the /goform/mp endpoint. Attackers can exploit the vulnerability by sending crafted POST requests with command injection payloads to download and execute malicious scripts on the device.
CVSS 9.8
CVE-2020-36848 METASPLOIT HIGH ruby WORKING POC
Total Upkeep - WordPress Backup Plugin <1.14.9 - Info Disclosure
The Total Upkeep – WordPress Backup Plugin plus Restore & Migrate by BoldGrid plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.14.9 via the env-info.php and restore-info.json files. This makes it possible for unauthenticated attackers to find the location of back-up files and subsequently download them.
CVSS 7.5
EIP-2026-114062 EXPLOITDB text WORKING POC
WordPress Plugin Site Import 1.0.1 - Local/Remote File Inclusion
EIP-2026-113827 EXPLOITDB text WORKING POC
WordPress Plugin Import CSV 1.0 - Directory Traversal
EIP-2026-113713 EXPLOITDB text WORKING POC
WordPress Plugin eBook Download 1.1 - Directory Traversal
EIP-2026-111354 EXPLOITDB text WORKING POC
Pluck CMS 4.7 - Directory Traversal
EIP-2026-111017 EXPLOITDB text WORKING POC
PHPCollab 2.5 - 'deletetopics.php' SQL Injection
EIP-2026-110278 EXPLOITDB text WORKING POC
OpenCimetiere 3.0.0-a5 - Blind SQL Injection
EIP-2026-109877 EXPLOITDB text WRITEUP
NetBilletterie 2.8 - Multiple Vulnerabilities
EIP-2026-106747 EXPLOITDB perl WORKING POC
EC-CUBE 2.12.6 - Server-Side Request Forgery
EIP-2026-105760 EXPLOITDB text WORKING POC
Categorizator 0.3.1 - SQL Injection
EIP-2026-105838 EXPLOITDB text WORKING POC
Chronosite 5.12 - SQL Injection
EIP-2026-104498 EXPLOITDB text WRITEUP
WordPress Plugin Total Upkeep 1.14.9 - Database and Files Backup Download
EIP-2026-102056 EXPLOITDB ruby WORKING POC
TP-Link C50 Wireless Router 3 - Cross-Site Request Forgery (Information Disclosure)
EIP-2026-102054 EXPLOITDB ruby WORKING POC
TP-Link Archer C50 Wireless Router 171227 - Cross-Site Request Forgery (Configuration File Disclosure)
EIP-2026-101874 EXPLOITDB text WORKING POC
Netgear WiFi Router R6120 - Credential Disclosure
EIP-2026-101873 EXPLOITDB text WORKING POC
Netgear WiFi Router JWNR2010v5 / R6080 - Authentication Bypass
EIP-2026-101533 EXPLOITDB text WORKING POC
AsusWRT RT-AC750GF - Cross-Site Request Forgery (Change Admin Password)
EIP-2026-101558 EXPLOITDB text WORKING POC
Belkin N600DB Wireless Router - Multiple Vulnerabilities
EIP-2026-102064 EXPLOITDB text WORKING POC
TP-Link Technologies TL-WA850RE Wi-Fi Range Extender - Remote Reboot
EIP-2026-102057 EXPLOITDB ruby WORKING POC
TP-Link C50 Wireless Router 3 - Cross-Site Request Forgery (Remote Reboot)