halilkirazkaya

45 exploits Active since Sep 2019
CVE-2025-11371 GITHUB HIGH WORKING POC
Gladinet CentreStack/Triofox Path Traversal
In the default installation and configuration of Gladinet CentreStack and TrioFox, there is an unauthenticated Local File Inclusion Flaw that allows unintended disclosure of system files. Exploitation of this vulnerability has been observed in the wild.  This issue impacts Gladinet CentreStack and Triofox: All versions prior to and including 16.7.10368.56560
4 stars
CVSS 7.5
CVE-2025-11833 GITHUB CRITICAL WRITEUP
Post SMTP < 3.6.0 - Unauthenticated Arbitrary Email Log Access via Missing Capability Check
The Post SMTP – Complete SMTP Solution with Logs, Alerts, Backup SMTP & Mobile App plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the __construct function in all versions up to, and including, 3.6.0. This makes it possible for unauthenticated attackers to read arbitrary logged emails sent through the Post SMTP plugin, including password reset emails containing password reset links, which can lead to account takeover.
4 stars
CVSS 9.8
CVE-2025-4302 GITHUB MEDIUM WORKING POC
Stop User Enumeration <1.7.3 - Auth Bypass
The Stop User Enumeration WordPress plugin before version 1.7.3 blocks REST API /wp-json/wp/v2/users/ requests for non-authorized users. However, this can be bypassed by URL-encoding the API path.
4 stars
CVSS 5.3
CVE-2025-61884 GITHUB HIGH WORKING POC
Oracle Configurator 12.2.3-12.2.14 - Unauthenticated CRLF Injection via Runtime UI
Vulnerability in the Oracle Configurator product of Oracle E-Business Suite (component: Runtime UI). Supported versions that are affected are 12.2.3-12.2.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Configurator. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Configurator accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).
4 stars
CVSS 7.5
CVE-2025-8085 GITHUB HIGH WORKING POC
Ditty < 3.1.58 - Unauthenticated Server-Side Request Forgery via displayItems Endpoint
The Ditty WordPress plugin before 3.1.58 lacks authorization and authentication for requests to its displayItems endpoint, allowing unauthenticated visitors to make requests to arbitrary URLs.
4 stars
CVSS 8.6
CVE-2025-9196 GITHUB MEDIUM WORKING POC
Trinity Audio - Text to Speech AI <5.21.0 - Info Disclosure
The Trinity Audio – Text to Speech AI audio player to convert content into audio plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.21.0 via the ~/admin/inc/phpinfo.php file that gets created on install. This makes it possible for unauthenticated attackers to extract sensitive data including configuration data.
4 stars
CVSS 5.3
CVE-2015-9415 GITHUB HIGH WORKING POC
bj_lazy_load < 1.0 - Remote File Inclusion
The bj-lazy-load plugin before 1.0 for WordPress has Remote File Inclusion.
4 stars
CVSS 7.5
CVE-2019-7195 GITHUB CRITICAL WORKING POC
QNAP Photo Station - Path Traversal
This external control of file name or path vulnerability allows remote attackers to access or modify system files. To fix the vulnerability, QNAP recommend updating Photo Station to their latest versions.
4 stars
CVSS 9.8
CVE-2020-11514 GITHUB CRITICAL WORKING POC
Rank Math SEO < 1.0.40.2 - Unauthenticated Arbitrary Metadata Update via rankmath/v1/updateMeta Endpoint
The Rank Math plugin through 1.0.40.2 for WordPress allows unauthenticated remote attackers to update arbitrary WordPress metadata, including the ability to escalate or revoke administrative privileges for existing users via the unsecured rankmath/v1/updateMeta REST API endpoint.
4 stars
CVSS 9.8
CVE-2020-11515 GITHUB MEDIUM WORKING POC
Rank Math SEO < 1.0.40.2 - Unauthenticated Arbitrary URI Creation via rankmath/v1/updateRedirection Endpoint
The Rank Math plugin through 1.0.40.2 for WordPress allows unauthenticated remote attackers to create new URIs (that redirect to an external web site) via the unsecured rankmath/v1/updateRedirection REST API endpoint. In other words, this is not an "Open Redirect" issue; instead, it allows the attacker to create a new URI with an arbitrary name (e.g., the /exampleredirect URI).
4 stars
CVSS 6.1
CVE-2020-36836 GITHUB HIGH WORKING POC
WP Fastest Cache <0.9.0.2 - Privilege Escalation
The WP Fastest Cache plugin for WordPress is vulnerable to unauthorized arbitrary file deletion in versions up to, and including, 0.9.0.2 due to a lack of capability checking and insufficient path validation. This makes it possible for authenticated users with minimal permissions to delete arbitrary files from the server.
4 stars
CVSS 8.0
CVE-2020-4429 GITHUB CRITICAL WORKING POC
IBM Data Risk Manager 2.0.1-2.0.6 - Use of Hard-coded Credentials
IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, and 2.0.6 contains a default password for an IDRM administrative account. A remote attacker could exploit this vulnerability to login and execute arbitrary code on the system with root privileges. IBM X-Force ID: 180534.
4 stars
CVSS 9.8
CVE-2021-38146 GITHUB HIGH WORKING POC
Wipro Holmes Orchestrator <20.4.1 - Path Traversal
The File Download API in Wipro Holmes Orchestrator 20.4.1 (20.4.1_02_11_2020) allows remote attackers to read arbitrary files via absolute path traversal in the SearchString JSON field in /home/download POST data.
4 stars
CVSS 7.5
CVE-2021-38147 GITHUB HIGH WRITEUP
Wipro Holmes Orchestrator 20.4.1 - Info Disclosure
Wipro Holmes Orchestrator 20.4.1 (20.4.1_02_11_2020) allows remote attackers to download arbitrary files, such as reports containing sensitive information, because authentication is not required for API access to processexecution/DownloadExcelFile/Domain_Credential_Report_Excel, processexecution/DownloadExcelFile/User_Report_Excel, processexecution/DownloadExcelFile/Process_Report_Excel, processexecution/DownloadExcelFile/Infrastructure_Report_Excel, or processexecution/DownloadExcelFile/Resolver_Report_Excel.
4 stars
CVSS 7.5
CVE-2021-4380 GITHUB CRITICAL WORKING POC
Pinterest Automatic <1.14.3 - Auth Bypass
The Pinterest Automatic plugin for WordPress is vulnerable to authorization bypass due to missing capability checks on the 'wp_pinterest_automatic_parse_request' function and the 'process_form.php' script in versions up to, and including, 1.14.3. This makes it possible for unauthenticated attackers to update arbitrary options on a site that can be used to create new administrative user accounts or redirect unsuspecting site visitors.
4 stars
CVSS 9.8
CVE-2022-0424 GITHUB MEDIUM WORKING POC
The Popup by Supsystic WordPress <1.10.9 - Info Disclosure
The Popup by Supsystic WordPress plugin before 1.10.9 does not have any authentication and authorisation in an AJAX action, allowing unauthenticated attackers to call it and get the email addresses of subscribed users
4 stars
CVSS 5.3
CVE-2022-1580 GITHUB MEDIUM WRITEUP
Site Offline WordPress plugin < 1.5.3 - Authorization Bypass via URL Query
The Site Offline Or Coming Soon Or Maintenance Mode WordPress plugin before 1.5.3 prevents users from accessing a website but does not do so if the URL contained certain keywords. Adding those keywords to the URL's query string would bypass the plugin's main feature.
4 stars
CVSS 4.3
CVE-2023-39560 GITHUB CRITICAL WORKING POC
ECTouch v2 - SQL Injection via $arr['id'] Parameter
ECTouch v2 was discovered to contain a SQL injection vulnerability via the $arr['id'] parameter at \default\helpers\insert.php.
4 stars
CVSS 9.8
CVE-2023-5003 GITHUB HIGH WORKING POC
WordPress <4.1.10 - Info Disclosure
The Active Directory Integration / LDAP Integration WordPress plugin before 4.1.10 stores sensitive LDAP logs in a buffer file when an administrator wants to export said logs. Unfortunately, this log file is never removed, and remains accessible to any users knowing the URL to do so.
4 stars
CVSS 7.5
CVE-2023-5991 GITHUB CRITICAL WORKING POC
Hotel Booking Lite < 4.8.5 - Unauthenticated Path Traversal and Arbitrary File Deletion
The Hotel Booking Lite WordPress plugin before 4.8.5 does not validate file paths provided via user input, as well as does not have proper CSRF and authorisation checks, allowing unauthenticated users to download and delete arbitrary files on the server
4 stars
CVSS 9.8
CVE-2023-6065 GITHUB MEDIUM WORKING POC
Quttera Web Malware Scanner WP <3.4.2.1 - Info Disclosure
The Quttera Web Malware Scanner WordPress plugin before 3.4.2.1 doesn't restrict access to detailed scan logs, which allows a malicious actor to discover local paths and portions of the site's code
4 stars
CVSS 5.3
CVE-2023-6389 GITHUB MEDIUM WORKING POC
WordPress Toolbar <2.2.6 - Open Redirect
The WordPress Toolbar WordPress plugin through 2.2.6 redirects to any URL via the "wptbto" parameter. This makes it possible for unauthenticated attackers to redirect users to potentially malicious sites if they can successfully trick them into performing an action.
4 stars
CVSS 6.1
CVE-2023-6505 GITHUB HIGH WORKING POC
Prime Mover < 1.9.3 - Directory Listing in Export File Directories
The Migrate WordPress Website & Backups WordPress plugin before 1.9.3 does not prevent directory listing in sensitive directories containing export files.
4 stars
CVSS 7.5
CVE-2023-6786 GITHUB MEDIUM WORKING POC
Payment Gateway for Telcell < 2.0.4 - Open Redirect via api_url Parameter
The Payment Gateway for Telcell WordPress plugin through 2.0.1 does not validate the api_url parameter before redirecting the user to its value, leading to an Open Redirect issue
4 stars
CVSS 6.1
CVE-2023-6989 GITHUB CRITICAL WORKING POC
Shield Security < 18.5.10 - Unauthenticated Local File Inclusion via render_action_template Parameter
The Shield Security – Smart Bot Blocking & Intrusion Prevention Security plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 18.5.9 via the render_action_template parameter. This makes it possible for unauthenticated attacker to include and execute PHP files on the server, allowing the execution of any PHP code in those files.
4 stars
CVSS 9.8