defensecode

9 exploits Active since Jun 2017
CVE-2018-25352 EXPLOITDB HIGH text WRITEUP
WordPress Ultimate Form Builder Lite 1.3.7 SQL Injection via entry_id
WordPress Ultimate Form Builder Lite plugin version 1.3.7 and below contains an SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the entry_id POST parameter. Attackers can send POST requests to the admin-ajax.php endpoint with the ufbl_get_entry_detail_action action to extract, modify, or escalate privileges within the WordPress database.
CVSS 7.1
CVE-2018-25347 EXPLOITDB HIGH text WORKING POC
WordPress Contact Form Maker Plugin 1.12.20 SQL Injection
WordPress Contact Form Maker Plugin 1.12.20 contains SQL injection vulnerabilities that allow authenticated attackers to manipulate database queries through the FormMakerSQLMapping and generete_csv_fmc AJAX actions. Attackers can inject malicious SQL code via the 'name' and 'search_labels' parameters to extract sensitive database information or escalate privileges.
CVSS 7.1
CVE-2018-25346 EXPLOITDB HIGH text WORKING POC
WordPress Form Maker Plugin 1.12.24 SQL Injection via admin-ajax.php
WordPress Form Maker Plugin 1.12.24 and below contains SQL injection vulnerabilities that allow authenticated attackers to manipulate database queries by injecting SQL code through the FormMakerSQLMapping and generete_csv actions. Attackers can submit POST requests with malicious SQL payloads in the name and search_labels parameters to extract, modify, or escalate privileges within the WordPress database.
CVSS 7.1
EIP-2026-114125 EXPLOITDB text WRITEUP
WordPress Plugin Tribulant Newsletters 4.6.4.2 - File Disclosure / Cross-Site Scripting
EIP-2026-114184 EXPLOITDB text WRITEUP
WordPress Plugin WebDorado Gallery 1.3.29 - SQL Injection
EIP-2026-113710 EXPLOITDB text WRITEUP
WordPress Plugin Easy Modal 2.0.17 - SQL Injection
EIP-2026-113815 EXPLOITDB text WRITEUP
WordPress Plugin Huge-IT Video Gallery 2.0.4 - SQL Injection
EIP-2026-113795 EXPLOITDB text WORKING POC
WordPress Plugin Google Map < 4.0.4 - SQL Injection
CVE-2017-1297 EXPLOITDB HIGH python WORKING POC
IBM DB2 for Linux, UNIX and Windows 9.2, 10.1, 10.5, 11.1 - Stack-based Buffer Overflow
IBM DB2 for Linux, UNIX and Windows 9.2, 10.1, 10.5, and 11.1 (includes DB2 Connect Server) is vulnerable to a stack-based buffer overflow, caused by improper bounds checking which could allow a local attacker to execute arbitrary code. IBM X-Force ID: 125159.
CVSS 7.3