m0ze

6 exploits Active since Jun 2026
CVE-2019-25742 EXPLOITDB MEDIUM text WORKING POC
WordPress Theme Zoner Real Estate 4.1.1 Persistent XSS
WordPress Theme Zoner Real Estate 4.1.1 contains a persistent cross-site scripting vulnerability that allows authenticated agents to inject malicious scripts through the Address input field when creating properties. Attackers can inject JavaScript payloads in the property creation form that execute when administrators view the property for approval, enabling cookie theft and session hijacking.
CVSS 5.4
CVE-2019-25739 EXPLOITDB MEDIUM text WORKING POC
GigToDo Freelance Marketplace Script 1.3 Persistent XSS
GigToDo 1.3 contains a persistent cross-site scripting vulnerability that allows authenticated attackers to inject malicious JavaScript and HTML code through the proposal description field. Attackers can craft XSS payloads in the create_proposal endpoint that execute when administrators or other users view the stored proposal, enabling cookie theft and malicious redirects.
CVSS 5.4
CVE-2019-25737 EXPLOITDB MEDIUM text WORKING POC
Live Chat Unlimited 2.8.3 Stored Cross-Site Scripting
Live Chat Unlimited 2.8.3 contains a stored cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts through the chat input field. Attackers can submit payloads containing script tags and event handlers that execute in the admin area, enabling cookie theft or forced redirects to malicious websites.
CVSS 6.1
EIP-2026-114235 EXPLOITDB text WORKING POC
WordPress Plugin WP Super Cache 1.7.1 - Remote Code Execution (Authenticated)
EIP-2026-114347 EXPLOITDB text WORKING POC
WordPress Theme Real Estate 2.8.9 - Cross-Site Scripting
EIP-2026-113821 EXPLOITDB text WORKING POC
WordPress Plugin iLive 1.0.4 - Cross-Site Scripting