premium_1337 - Security Researcher - Exploit Intelligence Platform

CVE-2022-41082 NOMISEC HIGH SCANNER

Microsoft Exchange Server - RCE

Microsoft Exchange Server Remote Code Execution Vulnerability

2 stars

CVSS 8.0

View Code

CVE-2021-34523 NOMISEC CRITICAL SCANNER

Microsoft Exchange Server - Privilege Escalation

Microsoft Exchange Server Elevation of Privilege Vulnerability

2 stars

CVSS 9.0

View Code

CVE-2021-20021 NOMISEC CRITICAL SCANNER

Sonicwall Email Security < 10.0.9.6103 - Improper Privilege Management

A vulnerability in the SonicWall Email Security version 10.0.9.x allows an attacker to create an administrative account by sending a crafted HTTP request to the remote host.

2 stars

CVSS 9.8

View Code

CVE-2025-3102 NOMISEC HIGH WORKING POC

SureTriggers - All-in-One Automation Platform < 1.0.78 - Authentication Bypass

The SureTriggers: All-in-One Automation Platform plugin for WordPress is vulnerable to an authentication bypass leading to administrative account creation due to a missing empty value check on the 'secret_key' value in the 'autheticate_user' function in all versions up to, and including, 1.0.78. This makes it possible for unauthenticated attackers to create administrator accounts on the target website when the plugin is installed and activated but not configured with an API key.

1 stars

CVSS 8.1

View Code

CVE-2025-3102 NOMISEC HIGH SCANNER

SureTriggers - All-in-One Automation Platform < 1.0.78 - Authentication Bypass

The SureTriggers: All-in-One Automation Platform plugin for WordPress is vulnerable to an authentication bypass leading to administrative account creation due to a missing empty value check on the 'secret_key' value in the 'autheticate_user' function in all versions up to, and including, 1.0.78. This makes it possible for unauthenticated attackers to create administrator accounts on the target website when the plugin is installed and activated but not configured with an API key.

CVSS 8.1

View Code

CVE-2025-3102 NOMISEC HIGH SCANNER

SureTriggers - All-in-One Automation Platform < 1.0.78 - Authentication Bypass

The SureTriggers: All-in-One Automation Platform plugin for WordPress is vulnerable to an authentication bypass leading to administrative account creation due to a missing empty value check on the 'secret_key' value in the 'autheticate_user' function in all versions up to, and including, 1.0.78. This makes it possible for unauthenticated attackers to create administrator accounts on the target website when the plugin is installed and activated but not configured with an API key.

CVSS 8.1

View Code