Yucaerin

17 exploits Active since Jan 2025
CVE-2025-47577 NOMISEC CRITICAL WORKING POC
TemplateInvaders TI WooCommerce Wishlist <2.10.0 - Code Injection
Unrestricted Upload of File with Dangerous Type vulnerability in templateinvaders TI WooCommerce Wishlist ti-woocommerce-wishlist allows Upload a Web Shell to a Web Server.This issue affects TI WooCommerce Wishlist: from n/a through <= 2.9.2.
4 stars
CVSS 10.0
CVE-2025-4403 NOMISEC CRITICAL WORKING POC
WordPress Drag and Drop Multiple File Upload for WooCommerce <= 1.1.6 - File Upload Code Execution
The Drag and Drop Multiple File Upload for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads in all versions up to, and including, 1.1.6 due to accepting a user‐supplied supported_type string and the uploaded filename without enforcing real extension or MIME checks within the upload() function. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.
3 stars
CVSS 9.8
CVE-2024-55555 NOMISEC HIGH SCANNER
Invoice Ninja < 5.10.43 - Unauthenticated Remote Code Execution via Route Hash Deserialization
Invoice Ninja before 5.10.43 allows remote code execution from a pre-authenticated route when an attacker knows the APP_KEY. This is exacerbated by .env files, available from the product's repository, that have default APP_KEY values. The route/{hash} route defined in the invoiceninja/routes/client.php file can be accessed without authentication. The parameter {hash} is passed to the function decrypt that expects a Laravel ciphered value containing a serialized object. (Furthermore, Laravel contains several gadget chains usable to trigger remote command execution from arbitrary deserialization.) Therefore, an attacker in possession of the APP_KEY is able to fully control a string passed to an unserialize function.
2 stars
CVSS 8.8
CVE-2025-5394 NOMISEC CRITICAL WORKING POC
Alone - Charity Multipurpose Non-profit WordPress Theme <7.8.3 - RCE
The Alone – Charity Multipurpose Non-profit WordPress Theme theme for WordPress is vulnerable to arbitrary file uploads due to a missing capability check on the alone_import_pack_install_plugin() function in all versions up to, and including, 7.8.3. This makes it possible for unauthenticated attackers to upload zip files containing webshells disguised as plugins from remote locations to achieve remote code execution. CVE-2025-54019 is likely a duplicate of this.
1 stars
CVSS 9.8
CVE-2025-52078 NOMISEC MEDIUM WORKING POC
Writebot AI Content Generator <4.0.0 - Privilege Escalation
File upload vulnerability in Writebot AI Content Generator SaaS React Template thru 4.0.0, allowing remote attackers to gain escalated privileges via a crafted POST request to the /file-upload endpoint.
1 stars
CVSS 6.5
CVE-2025-4322 NOMISEC CRITICAL SCANNER
Motors WordPress <5.6.67 - Privilege Escalation
The Motors theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 5.6.67. This is due to the theme not properly validating a user's identity prior to updating their password. This makes it possible for unauthenticated attackers to change arbitrary user passwords, including those of administrators, and leverage that to gain access to their account.
1 stars
CVSS 9.8
CVE-2025-2294 NOMISEC CRITICAL WORKING POC
Kubio AI Page Builder <2.5.1 - Local File Inclusion
The Kubio AI Page Builder plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.5.1 via thekubio_hybrid_theme_load_template function. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included.
1 stars
CVSS 9.8
CVE-2025-6254 GITHUB CRITICAL python WORKING POC
Doctreat Core <= 1.6.8 - Unauthenticated Privilege Escalation
The Doctreat Core plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.6.8. This is due to the doctreat_process_registration() function not properly restricting the roles that a user can register with. This makes it possible for unauthenticated attackers to register as an administrator user.
CVSS 9.8
CVE-2026-8181 GITHUB CRITICAL python WORKING POC
Burst Statistics 3.4.0 - 3.4.1.1 - Authentication Bypass to Admin Account Takeover
The Burst Statistics – Privacy-Friendly WordPress Analytics (Google Analytics Alternative) plugin for WordPress is vulnerable to Authentication Bypass in versions 3.4.0 to 3.4.1.1. This is due to incorrect return-value handling in the `is_mainwp_authenticated()` function when validating application passwords from the Authorization header. This makes it possible for unauthenticated attackers, with knowledge of an administrator username, to impersonate that administrator for the duration of the request by supplying any random Basic Authentication password achieving privilege escalation.
CVSS 9.8
CVE-2026-5118 GITHUB CRITICAL python WORKING POC
Divi Form Builder <= 5.1.2 - Unauthenticated Privilege Escalation via 'role'
The Divi Form Builder plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 5.1.2. This is due to the plugin accepting a user-controlled 'role' parameter from POST data during user registration without validating it against the form's configured default_user_role setting. This makes it possible for unauthenticated attackers to create administrator accounts by tampering with the role parameter during registration.
CVSS 9.8
CVE-2026-3584 NOMISEC CRITICAL WORKING POC
Kali Forms <= 2.4.9 - Unauthenticated Remote Code Execution via form_process
The Kali Forms plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 2.4.9 via the 'form_process' function. This is due to the 'prepare_post_data' function mapping user-supplied keys directly into internal placeholder storage, combined with the use of 'call_user_func' on these placeholder values. This makes it possible for unauthenticated attackers to execute code on the server.
CVSS 9.8
CVE-2025-4601 NOMISEC HIGH WRITEUP
RH - Real Estate WordPress Theme <4.4.0 - Privilege Escalation
The "RH - Real Estate WordPress Theme" theme for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 4.4.0. This is due to the theme not properly restricting user roles that can be updated as part of the inspiry_update_profile() function. This makes it possible for authenticated attackers, with subscriber-level access and above, to set their role to that of an administrator. The vulnerability was partially patched in version 4.4.0, and fully patched in version 4.4.1.
CVSS 8.8
CVE-2025-4606 NOMISEC CRITICAL WORKING POC
Uxper Sala - Startup & SaaS WordPress Theme <=1.1.4 - Privilege Escalation via Account Takeover
The Sala - Startup & SaaS WordPress Theme theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.1.4. This is due to the theme not properly validating a user's identity prior to updating their details like password. This makes it possible for unauthenticated attackers to change arbitrary user's passwords, including administrators, and leverage that to gain access to their account.
CVSS 9.8
CVE-2025-2539 NOMISEC HIGH WORKING POC
File Away <= 3.9.9.0.1 - Missing Authorization to Unauthenticated Arbitrary File Read
The File Away plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the ajax() function in all versions up to, and including, 3.9.9.0.1. This makes it possible for unauthenticated attackers, leveraging the use of a reversible weak algorithm, to read the contents of arbitrary files on the server, which can contain sensitive information.
CVSS 7.5
CVE-2025-4389 NOMISEC CRITICAL WORKING POC
Crawlomatic Multipage Scraper Post Generator <2.6.8.1 - File Upload
The Crawlomatic Multipage Scraper Post Generator plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the crawlomatic_generate_featured_image() function in all versions up to, and including, 2.6.8.1. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.
CVSS 9.8
CVE-2025-3419 NOMISEC HIGH WORKING POC
Eventin plugin <4.0.26 - Info Disclosure
The Event Manager, Events Calendar, Tickets, Registrations – Eventin plugin for WordPress is vulnerable to arbitrary file read in all versions up to, and including, 4.0.26 via the proxy_image() function. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive information. CVE-2025-47445 is a duplicate of this vulnerability.
CVSS 7.5
CVE-2025-2907 NOMISEC CRITICAL WORKING POC
Order Delivery Date Pro for WooCommerce < 12.3.1 - Arbitrary Option Update
The Order Delivery Date WordPress plugin before 12.3.1 does not have authorization and CSRF checks when importing settings. Furthermore it also lacks proper checks to only update options relevant to the Order Delivery Date WordPress plugin before 12.3.1. This leads to attackers being able to modify the default_user_role to administrator and users_can_register, allowing them to register as an administrator of the site for complete site takeover.
CVSS 9.8