certuscyber

33 exploits Active since Aug 2014
CVE-2025-0821 GITHUB MEDIUM python WORKING POC
Bit Assist < 1.5.3 - Authenticated Time-Based SQL Injection via 'id' Parameter
Bit Assist plugin for WordPress is vulnerable to time-based SQL Injection via the ‘id’ parameter in all versions up to, and including, 1.5.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
3 stars
CVSS 6.5
CVE-2025-0822 GITHUB MEDIUM python WORKING POC
Bit Assist < 1.5.3 - Authenticated Path Traversal via fileID Parameter
Bit Assist plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.5.2 via the fileID Parameter. This makes it possible for authenticated attackers, with Subscriber-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information.
3 stars
CVSS 6.5
CVE-2025-10380 GITHUB HIGH python WORKING POC
Advanced Views - Server-Side Template Injection
The Advanced Views – Display Posts, Custom Fields, and More plugin for WordPress is vulnerable to Server-Side Template Injection in all versions up to, and including, 3.7.19. This is due to insufficient input sanitization and lack of access control when processing custom Twig templates in the Model panel. This makes it possible for authenticated attackers, with author-level access or higher, to execute arbitrary PHP code and commands on the server.
3 stars
CVSS 8.8
CVE-2025-26935 GITHUB HIGH python WORKING POC
WP Job Portal <= 2.2.8 - Path Traversal and Local File Inclusion via Dot-Slash Sequence
Path Traversal: '.../...//' vulnerability in wpjobportal WP Job Portal wp-job-portal allows PHP Local File Inclusion.This issue affects WP Job Portal: from n/a through <= 2.2.8.
3 stars
CVSS 7.5
CVE-2025-30975 GITHUB HIGH python WORKING POC
SaifuMak Add Custom Codes <4.80 - Code Injection
Improper Control of Generation of Code ('Code Injection') vulnerability in SaifuMak Add Custom Codes add-custom-codes allows Code Injection.This issue affects Add Custom Codes: from n/a through <= 4.80.
3 stars
CVSS 7.5
CVE-2025-48272 GITHUB MEDIUM python WORKING POC
WP Job Portal <2.3.2 - Info Disclosure
Missing Authorization vulnerability in wpjobportal WP Job Portal wp-job-portal allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Job Portal: from n/a through <= 2.3.2.
3 stars
CVSS 5.3
CVE-2025-58976 GITHUB MEDIUM python WORKING POC
Equalize Digital Accessibility Checker <1.31.0 - Info Disclosure
Missing Authorization vulnerability in Equalize Digital Accessibility Checker by Equalize Digital accessibility-checker allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Accessibility Checker by Equalize Digital: from n/a through <= 1.31.0.
3 stars
CVSS 4.3
CVE-2025-58981 GITHUB MEDIUM python WORKING POC
Equalize Digital Accessibility Checker <1.31.0 - Info Disclosure
Missing Authorization vulnerability in Equalize Digital Accessibility Checker by Equalize Digital accessibility-checker allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Accessibility Checker by Equalize Digital: from n/a through <= 1.31.0.
3 stars
CVSS 5.4