red0xff

3 exploits Active since Jan 2020
CVE-2021-24946 METASPLOIT CRITICAL ruby WORKING POC
WordPress Modern Events Calendar SQLi Scanner
The Modern Events Calendar Lite WordPress plugin before 6.1.5 does not sanitise and escape the time parameter before using it in a SQL statement in the mec_load_single_page AJAX action, available to unauthenticated users, leading to an unauthenticated SQL injection issue
CVSS 9.8
CVE-2019-20361 METASPLOIT CRITICAL ruby WORKING POC
Icegram Email Subscribers & Newsletters < 4.3.1 - SQL Injection
There was a flaw in the WordPress plugin, Email Subscribers & Newsletters before 4.3.1, that allowed SQL statements to be passed to the database in the hash parameter (a blind SQL injection vulnerability).
CVSS 9.8
CVE-2020-27615 METASPLOIT CRITICAL ruby WORKING POC
WordPress <1.6.4 - SQL Injection/XSS
The Loginizer plugin before 1.6.4 for WordPress allows SQL injection (with resultant XSS), related to loginizer_login_failed and lz_valid_ip.
CVSS 9.8