Python Exploits
6,602 exploits tracked across all sources.
PZ Frontend Manager < 1.0.6 - Cross-Site Request Forgery
The PZ Frontend Manager WordPress plugin before 1.0.6 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks
by Boshe99
CVSS 8.8
Pexels: Free Stock Photos <1.2.2 - File Upload
The Pexels: Free Stock Photos plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'pexels_fsp_images_options_validate' function in all versions up to, and including, 1.2.2. This makes it possible for authenticated attackers, with contributor-level and above permissions, to upload arbitrary files on the affected site's server which may make remote code execution possible.
by Boshe99
CVSS 8.8
Beee ACF City Selector <1.14.0 - RCE
Unrestricted Upload of File with Dangerous Type vulnerability in Beee ACF City Selector acf-city-selector allows Upload a Web Shell to a Web Server.This issue affects ACF City Selector: from n/a through <= 1.14.0.
by Boshe99
CVSS 6.6
Webdeclic WPMasterToolKit <1.13.1 - Code Injection
Unrestricted Upload of File with Dangerous Type vulnerability in Ludwig You WPMasterToolKit wpmastertoolkit allows Upload a Web Shell to a Web Server.This issue affects WPMasterToolKit: from n/a through <= 1.13.1.
by Boshe99
CVSS 9.1
Mike Leembruggen Simple Dashboard <2.0 - Privilege Escalation
Incorrect Privilege Assignment vulnerability in mikeleembruggen Simple Dashboard simple-dashboard allows Privilege Escalation.This issue affects Simple Dashboard: from n/a through <= 2.0.
by Boshe99
CVSS 9.8
ThemeHunk Zita Site Builder <1.0.2 - Info Disclosure
Missing Authorization vulnerability in ThemeHunk Zita Site Builder ai-site-builder allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Zita Site Builder: from n/a through <= 1.0.2.
by Boshe99
CVSS 9.1
nssTheme Wp NssUser Register <1.0.0 - Privilege Escalation
Incorrect Privilege Assignment vulnerability in saiful.total Wp NssUser Register wp-nssuser-register allows Privilege Escalation.This issue affects Wp NssUser Register: from n/a through <= 1.0.0.
by Boshe99
CVSS 9.8
Siddharth Nagar Import Export For WooCommerce <1.5 - RCE
Unrestricted Upload of File with Dangerous Type vulnerability in sidngr Import Export For WooCommerce import-export-for-woocommerce allows Upload a Web Shell to a Web Server.This issue affects Import Export For WooCommerce: from n/a through <= 1.6.2.
by Boshe99
CVSS 9.9
Cliconomics Exclusive Content Password Protect - CSRF
Cross-Site Request Forgery (CSRF) vulnerability in gunghoinc Exclusive Content Password Protect exclusive-content-password-protect allows Upload a Web Shell to a Web Server.This issue affects Exclusive Content Password Protect: from n/a through <= 1.1.0.
by Boshe99
CVSS 9.6
Picsmize <= 1.0.0 - Unauthenticated Arbitrary File Upload
Unrestricted Upload of File with Dangerous Type vulnerability in softpulseinfotech Picsmize picsmize allows Upload a Web Shell to a Web Server.This issue affects Picsmize: from n/a through <= 1.0.0.
by Boshe99
CVSS 10.0
Arttia Creative Datasets Manager <1.5 - RCE
Unrestricted Upload of File with Dangerous Type vulnerability in Arttia Creative Datasets Manager by Arttia Creative datasets-manager-by-arttia-creative.This issue affects Datasets Manager by Arttia Creative: from n/a through <= 1.5.
by Boshe99
CVSS 10.0
Webful Creations Computer Repair Shop <3.8115 - RCE
Unrestricted Upload of File with Dangerous Type vulnerability in Ateeq Rafeeq RepairBuddy computer-repair-shop allows Upload a Web Shell to a Web Server.This issue affects RepairBuddy: from n/a through <= 3.8115.
by Boshe99
CVSS 10.0
The Novel Design Store Directory <4.3.0 - Unrestricted Upload of Fi...
Unrestricted Upload of File with Dangerous Type vulnerability in Joshua Wolfe The Novel Design Store Directory noveldesign-store-directory allows Upload a Web Shell to a Web Server.This issue affects The Novel Design Store Directory: from n/a through <= 4.3.0.
by Boshe99
CVSS 10.0
WP Query Console <= 1.0 - Remote Code Execution
Improper Control of Generation of Code ('Code Injection') vulnerability in Ajit Bohra WP Query Console wp-query-console allows Code Injection.This issue affects WP Query Console: from n/a through <= 1.0.
by Boshe99
CVSS 10.0
Scott Paterson ScottCart <= 1.1 - Remote Code Execution
Improper Control of Generation of Code ('Code Injection') vulnerability in Scott Paterson ScottCart scottcart allows Code Injection.This issue affects ScottCart: from n/a through <= 1.1.
by Boshe99
CVSS 8.3
Verbalize WP <= 1.0 - Unauthenticated Arbitrary File Upload
Unrestricted Upload of File with Dangerous Type vulnerability in christopherdewese1099 Verbalize WP verbalize-wp allows Upload a Web Shell to a Web Server.This issue affects Verbalize WP: from n/a through <= 1.0.
by Boshe99
CVSS 10.0
Portfolleo <= 1.2 - Unauthenticated Arbitrary File Upload
Unrestricted Upload of File with Dangerous Type vulnerability in james-eggers Portfolleo portfolleo allows Upload a Web Shell to a Web Server.This issue affects Portfolleo: from n/a through <= 1.2.
by Boshe99
CVSS 9.9
WP REST API FNS <= 1.0.0 - Authentication Bypass
Authentication Bypass Using an Alternate Path or Channel vulnerability in vivek2tamrakar WP REST API FNS rest-api-fns allows Authentication Bypass.This issue affects WP REST API FNS: from n/a through <= 1.0.0.
by Boshe99
CVSS 9.8
WebsiteinWP Blogpoet <= 1.0.3 - Missing Authorization
Missing Authorization vulnerability in WebsiteinWP Blogpoet allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Blogpoet: from n/a through 1.0.3.
by Boshe99
CVSS 6.5
Web Directory Free <1.7.3 - Code Injection
The Web Directory Free WordPress plugin before 1.7.3 does not validate a parameter before using it in an include(), which could lead to Local File Inclusion issues.
by Boshe99
CVSS 9.1
biplob018 Shortcode Addons <3.2.5 - RCE
Unrestricted Upload of File with Dangerous Type vulnerability in biplob018 Shortcode Addons.This issue affects Shortcode Addons: from n/a through 3.2.5.
by Boshe99
CVSS 9.1
XLPlugins Finale Lite < 2.18.0 - Unauthenticated Arbitrary Plugin Installation and Activation
Missing Authorization vulnerability in XLPlugins Finale Lite.This issue affects Finale Lite: from n/a through 2.18.0.
by Boshe99
CVSS 8.8
InstaWP Connect <= 0.1.0.22 - Unauthenticated Arbitrary File Upload
The InstaWP Connect – 1-click WP Staging & Migration plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file validation in the /wp-json/instawp-connect/v1/config REST API endpoint in all versions up to, and including, 0.1.0.22. This makes it possible for unauthenticated attackers to upload arbitrary files.
by Boshe99
CVSS 9.8
XLPlugins NextMove Lite <2.17.0 - Info Disclosure
Missing Authorization vulnerability in XLPlugins NextMove Lite.This issue affects NextMove Lite: from n/a through 2.17.0.
by Boshe99
CVSS 8.8
Error Log Viewer By WP Guru <1.0.1.3 - Info Disclosure
The Error Log Viewer By WP Guru plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 1.0.1.3 via the wp_ajax_nopriv_elvwp_log_download AJAX action. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive information.
by Boshe99
CVSS 7.5
By Source