lorenzocamilli

3 exploits Active since Oct 2025
CVE-2025-10720 GITHUB MEDIUM html WORKING POC
WP Private Content Plus <3.6.2 - Auth Bypass
The WP Private Content Plus through 3.6.2 provides a global content protection feature that requires a password. However, the access control check is based only on the presence of an unprotected client-side cookie. As a result, an unauthenticated attacker can completely bypass the password protection by manually setting the cookie value in their browser.
CVSS 6.5
CVE-2025-62950 NOMISEC MEDIUM WRITEUP
Contest Gallery <28.0.0 - CSRF
Cross-Site Request Forgery (CSRF) vulnerability in Wasiliy Strecker / ContestGallery developer Contest Gallery contest-gallery allows Cross Site Request Forgery.This issue affects Contest Gallery: from n/a through <= 28.0.0.
CVSS 4.3
CVE-2025-10720 NOMISEC MEDIUM WRITEUP
WP Private Content Plus <3.6.2 - Auth Bypass
The WP Private Content Plus through 3.6.2 provides a global content protection feature that requires a password. However, the access control check is based only on the presence of an unprotected client-side cookie. As a result, an unauthenticated attacker can completely bypass the password protection by manually setting the cookie value in their browser.
CVSS 6.5