halilkirazkaya

43 exploits Active since Sep 2019
CVE-2024-54385 GITHUB HIGH WORKING POC
SoftLab Radio Player <2.0.82 - SSRF
Server-Side Request Forgery (SSRF) vulnerability in princeahmed Radio Player radio-player allows Server Side Request Forgery.This issue affects Radio Player: from n/a through <= 2.0.83.
4 stars
CVSS 7.2
CVE-2025-61884 GITHUB HIGH WORKING POC
Oracle Configurator < 12.2.14 - SSRF
Vulnerability in the Oracle Configurator product of Oracle E-Business Suite (component: Runtime UI). Supported versions that are affected are 12.2.3-12.2.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Configurator. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Configurator accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).
4 stars
CVSS 7.5
CVE-2025-8085 GITHUB HIGH WORKING POC
Metaphorcreations Ditty < 3.1.58 - SSRF
The Ditty WordPress plugin before 3.1.58 lacks authorization and authentication for requests to its displayItems endpoint, allowing unauthenticated visitors to make requests to arbitrary URLs.
4 stars
CVSS 8.6
CVE-2025-9196 GITHUB MEDIUM WORKING POC
Trinity Audio - Text to Speech AI <5.21.0 - Info Disclosure
The Trinity Audio – Text to Speech AI audio player to convert content into audio plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.21.0 via the ~/admin/inc/phpinfo.php file that gets created on install. This makes it possible for unauthenticated attackers to extract sensitive data including configuration data.
4 stars
CVSS 5.3
CVE-2015-9415 GITHUB HIGH WORKING POC
Angrycreative BJ Lazy Load < 1.0 - Improper Input Validation
The bj-lazy-load plugin before 1.0 for WordPress has Remote File Inclusion.
4 stars
CVSS 7.5
CVE-2019-7195 GITHUB CRITICAL WORKING POC
QNAP Photo Station - Path Traversal
This external control of file name or path vulnerability allows remote attackers to access or modify system files. To fix the vulnerability, QNAP recommend updating Photo Station to their latest versions.
4 stars
CVSS 9.8
CVE-2020-11514 GITHUB CRITICAL WORKING POC
Rankmath Seo < 1.0.40.2 - Missing Authorization
The Rank Math plugin through 1.0.40.2 for WordPress allows unauthenticated remote attackers to update arbitrary WordPress metadata, including the ability to escalate or revoke administrative privileges for existing users via the unsecured rankmath/v1/updateMeta REST API endpoint.
4 stars
CVSS 9.8
CVE-2020-11515 GITHUB MEDIUM WORKING POC
Rankmath Seo < 1.0.40.2 - Open Redirect
The Rank Math plugin through 1.0.40.2 for WordPress allows unauthenticated remote attackers to create new URIs (that redirect to an external web site) via the unsecured rankmath/v1/updateRedirection REST API endpoint. In other words, this is not an "Open Redirect" issue; instead, it allows the attacker to create a new URI with an arbitrary name (e.g., the /exampleredirect URI).
4 stars
CVSS 6.1
CVE-2020-36836 GITHUB HIGH WORKING POC
WP Fastest Cache <0.9.0.2 - Privilege Escalation
The WP Fastest Cache plugin for WordPress is vulnerable to unauthorized arbitrary file deletion in versions up to, and including, 0.9.0.2 due to a lack of capability checking and insufficient path validation. This makes it possible for authenticated users with minimal permissions to delete arbitrary files from the server.
4 stars
CVSS 8.0
CVE-2020-4429 GITHUB CRITICAL WORKING POC
IBM Data Risk Manager - Hard-coded Credentials
IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, and 2.0.6 contains a default password for an IDRM administrative account. A remote attacker could exploit this vulnerability to login and execute arbitrary code on the system with root privileges. IBM X-Force ID: 180534.
4 stars
CVSS 9.8
CVE-2021-38146 GITHUB HIGH WORKING POC
Wipro Holmes Orchestrator <20.4.1 - Path Traversal
The File Download API in Wipro Holmes Orchestrator 20.4.1 (20.4.1_02_11_2020) allows remote attackers to read arbitrary files via absolute path traversal in the SearchString JSON field in /home/download POST data.
4 stars
CVSS 7.5
CVE-2021-38147 GITHUB HIGH WRITEUP
Wipro Holmes Orchestrator 20.4.1 - Info Disclosure
Wipro Holmes Orchestrator 20.4.1 (20.4.1_02_11_2020) allows remote attackers to download arbitrary files, such as reports containing sensitive information, because authentication is not required for API access to processexecution/DownloadExcelFile/Domain_Credential_Report_Excel, processexecution/DownloadExcelFile/User_Report_Excel, processexecution/DownloadExcelFile/Process_Report_Excel, processexecution/DownloadExcelFile/Infrastructure_Report_Excel, or processexecution/DownloadExcelFile/Resolver_Report_Excel.
4 stars
CVSS 7.5
CVE-2021-4380 GITHUB CRITICAL WORKING POC
Pinterest Automatic <1.14.3 - Auth Bypass
The Pinterest Automatic plugin for WordPress is vulnerable to authorization bypass due to missing capability checks on the 'wp_pinterest_automatic_parse_request' function and the 'process_form.php' script in versions up to, and including, 1.14.3. This makes it possible for unauthenticated attackers to update arbitrary options on a site that can be used to create new administrative user accounts or redirect unsuspecting site visitors.
4 stars
CVSS 9.8
CVE-2022-0424 GITHUB MEDIUM WORKING POC
The Popup by Supsystic WordPress <1.10.9 - Info Disclosure
The Popup by Supsystic WordPress plugin before 1.10.9 does not have any authentication and authorisation in an AJAX action, allowing unauthenticated attackers to call it and get the email addresses of subscribed users
4 stars
CVSS 5.3
CVE-2022-1580 GITHUB MEDIUM WRITEUP
Freehtmldesigns Site Offline < 1.5.3 - IDOR
The Site Offline Or Coming Soon Or Maintenance Mode WordPress plugin before 1.5.3 prevents users from accessing a website but does not do so if the URL contained certain keywords. Adding those keywords to the URL's query string would bypass the plugin's main feature.
4 stars
CVSS 4.3
CVE-2023-39560 GITHUB CRITICAL WORKING POC
Ectouch - SQL Injection
ECTouch v2 was discovered to contain a SQL injection vulnerability via the $arr['id'] parameter at \default\helpers\insert.php.
4 stars
CVSS 9.8
CVE-2023-5003 GITHUB HIGH WORKING POC
WordPress <4.1.10 - Info Disclosure
The Active Directory Integration / LDAP Integration WordPress plugin before 4.1.10 stores sensitive LDAP logs in a buffer file when an administrator wants to export said logs. Unfortunately, this log file is never removed, and remains accessible to any users knowing the URL to do so.
4 stars
CVSS 7.5
CVE-2023-5991 GITHUB CRITICAL WORKING POC
Motopress Hotel Booking Lite < 4.8.5 - Path Traversal
The Hotel Booking Lite WordPress plugin before 4.8.5 does not validate file paths provided via user input, as well as does not have proper CSRF and authorisation checks, allowing unauthenticated users to download and delete arbitrary files on the server
4 stars
CVSS 9.8
CVE-2023-6065 GITHUB MEDIUM WORKING POC
Quttera Web Malware Scanner WP <3.4.2.1 - Info Disclosure
The Quttera Web Malware Scanner WordPress plugin before 3.4.2.1 doesn't restrict access to detailed scan logs, which allows a malicious actor to discover local paths and portions of the site's code
4 stars
CVSS 5.3
CVE-2023-6389 GITHUB MEDIUM WORKING POC
WordPress Toolbar <2.2.6 - Open Redirect
The WordPress Toolbar WordPress plugin through 2.2.6 redirects to any URL via the "wptbto" parameter. This makes it possible for unauthenticated attackers to redirect users to potentially malicious sites if they can successfully trick them into performing an action.
4 stars
CVSS 6.1
CVE-2023-6505 GITHUB HIGH WORKING POC
Migrate WP <1.9.3 - Path Traversal
The Migrate WordPress Website & Backups WordPress plugin before 1.9.3 does not prevent directory listing in sensitive directories containing export files.
4 stars
CVSS 7.5
CVE-2023-6786 GITHUB MEDIUM WORKING POC
Hkdigit Payment Gateway For Telcell < 2.0.4 - Open Redirect
The Payment Gateway for Telcell WordPress plugin through 2.0.1 does not validate the api_url parameter before redirecting the user to its value, leading to an Open Redirect issue
4 stars
CVSS 6.1
CVE-2023-6989 GITHUB CRITICAL WORKING POC
Getshieldsecurity Shield Security < 18.5.10 - Path Traversal
The Shield Security – Smart Bot Blocking & Intrusion Prevention Security plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 18.5.9 via the render_action_template parameter. This makes it possible for unauthenticated attacker to include and execute PHP files on the server, allowing the execution of any PHP code in those files.
4 stars
CVSS 9.8
CVE-2024-0250 GITHUB MEDIUM WORKING POC
Deconf Analytics Insights < 6.3 - Open Redirect
The Analytics Insights for Google Analytics 4 (AIWP) WordPress plugin before 6.3 is vulnerable to Open Redirect due to insufficient validation on the redirect oauth2callback.php file. This makes it possible for unauthenticated attackers to redirect users to potentially malicious sites if they can successfully trick them into performing an action.
4 stars
CVSS 6.1
CVE-2024-0337 GITHUB MEDIUM WORKING POC
Travelpayouts < 1.1.17 - Open Redirect
The Travelpayouts: All Travel Brands in One Place WordPress plugin through 1.1.15 is vulnerable to Open Redirect due to insufficient validation on the travelpayouts_redirect variable. This makes it possible for unauthenticated attackers to redirect users to potentially malicious sites if they can successfully trick them into performing an action.
4 stars
CVSS 6.1