ch4r0nn

3 exploits Active since Dec 2025
CVE-2026-1056 NOMISEC CRITICAL WORKING POC
Snow Monkey Forms <12.0.3 - Path Traversal
The Snow Monkey Forms plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'generate_user_dirpath' function in all versions up to, and including, 12.0.3. This makes it possible for unauthenticated attackers to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php).
6 stars
CVSS 9.8
CVE-2025-14855 NOMISEC HIGH WORKING POC
SureForms <= 2.2.0 - Unauthenticated Stored XSS via Form Field Parameters
The SureForms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the form field parameters in all versions up to, and including, 2.2.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
1 stars
CVSS 7.2
CVE-2026-1056 GITHUB CRITICAL python WORKING POC
Snow Monkey Forms <12.0.3 - Path Traversal
The Snow Monkey Forms plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'generate_user_dirpath' function in all versions up to, and including, 12.0.3. This makes it possible for unauthenticated attackers to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php).
CVSS 9.8