reinh3rz

2 exploits Active since Nov 2024
CVE-2024-10958 NOMISEC HIGH WORKING POC
WP Photo Album Plus <= 8.8.08.007 - Unauthenticated Shortcode Execution via getshortcoderenderedfenodelay
The The WP Photo Album Plus plugin for WordPress is vulnerable to arbitrary shortcode execution via getshortcodedrenderedfenodelay AJAX action in all versions up to, and including, 8.8.08.007 . This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes.
1 stars
CVSS 7.3
CVE-2024-11252 NOMISEC MEDIUM WORKING POC
Sassy Social Share <= 3.3.69 - Unauthenticated Reflected XSS via heateor_mastodon_share
The Social Sharing Plugin – Sassy Social Share plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the heateor_mastodon_share parameter in all versions up to, and including, 3.3.69 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
CVSS 6.1