ubaydev

6 exploits Active since Nov 2024
CVE-2024-8856 NOMISEC CRITICAL WORKING POC
WordPress WP Time Capsule Arbitrary File Upload to RCE
The Backup and Staging by WP Time Capsule plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the the UploadHandler.php file and no direct file access prevention in all versions up to, and including, 1.22.21. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.
2 stars
CVSS 9.8
CVE-2024-10542 NOMISEC CRITICAL WORKING POC
Cleantalk Anti-spam < 6.44 - Missing Authorization
The Spam protection, Anti-Spam, FireWall by CleanTalk plugin for WordPress is vulnerable to unauthorized Arbitrary Plugin Installation due to an authorization bypass via reverse DNS spoofing on the checkWithoutToken function in all versions up to, and including, 6.43.2. This makes it possible for unauthenticated attackers to install and activate arbitrary plugins which can be leveraged to achieve remote code execution if another vulnerable plugin is installed and activated.
2 stars
CVSS 9.8
CVE-2025-2563 NOMISEC HIGH WRITEUP
User Registration & Membership <= 4.1.1 - Unauthenticated Privilege Escalation
The User Registration & Membership WordPress plugin before 4.1.2 does not prevent users to set their account role when the Membership Addon is enabled, leading to a privilege escalation issue and allowing unauthenticated users to gain admin privileges
CVSS 8.1
CVE-2025-2594 NOMISEC HIGH WRITEUP
WordPress Plugin <4.1.3 - Auth Bypass
The User Registration & Membership WordPress plugin before 4.1.3 does not properly validate data in an AJAX action when the Membership Addon is enabled, allowing attackers to authenticate as any user, including administrators, by simply using the target account's user ID.
CVSS 8.1
CVE-2024-52475 NOMISEC CRITICAL WRITEUP
Wawp <3.0.18 - Auth Bypass
Authentication Bypass Using an Alternate Path or Channel vulnerability in Information Technology Wawp automation-web-platform allows Authentication Bypass.This issue affects Wawp: from n/a through < 3.0.18.
CVSS 9.8
CVE-2024-10508 NOMISEC CRITICAL WRITEUP
Metagauss Registrationmagic < 6.0.2.7 - Privilege Escalation
The RegistrationMagic – User Registration Plugin with Custom Registration Forms plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 6.0.2.6. This is due to the plugin not properly validating the password reset token prior to updating a user's password. This makes it possible for unauthenticated attackers to reset the password of arbitrary users, including administrators, and gain access to these accounts.
CVSS 9.8