Exploit Database

147,725 exploits tracked across all sources.

Sort: Activity Stars
CVE-2025-6783 NOMISEC HIGH
GoZen Forms <= 1.1.5 - Unauthenticated SQL Injection via forms-id Parameter
The GoZen Forms plugin for WordPress is vulnerable to SQL Injection via the 'forms-id' parameter of the emdedSc() function in all versions up to, and including, 1.1.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
by jFriedli
CVSS 7.5
CVE-2025-6782 NOMISEC HIGH
GoZen Forms < 1.1.5 - Unauthenticated SQL Injection via forms-id Parameter
The GoZen Forms plugin for WordPress is vulnerable to SQL Injection via the 'forms-id' parameter of the dirGZActiveForm() function in all versions up to, and including, 1.1.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
by jFriedli
CVSS 7.5
CVE-2025-9172 NOMISEC HIGH
Vibes plugin <2.2.0 - SQL Injection
The Vibes plugin for WordPress is vulnerable to time-based SQL Injection via the ‘resource’ parameter in all versions up to, and including, 2.2.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
by jFriedli
CVSS 7.5
CVE-2025-10307 NOMISEC MEDIUM
Backuply WordPress <1.4.8 - Privilege Escalation
The Backuply – Backup, Restore, Migrate and Clone plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the delete backup functionality in all versions up to, and including, 1.4.8. This makes it possible for authenticated attackers, with Administrator-level access and above, to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php).
by jFriedli
CVSS 6.5
CVE-2025-9485 NOMISEC CRITICAL
WordPress OAuth Client <6.26.12 - RCE
The OAuth Single Sign On – SSO (OAuth Client) plugin for WordPress is vulnerable to Improper Verification of Cryptographic Signature in versions up to, and including, 6.26.12. This is due to the plugin performing unsafe JWT token processing without verification or validation in the `get_resource_owner_from_id_token` function. This makes it possible for unauthenticated attackers to bypass authentication and gain access to any existing user account - including administrators in certain configurations - or to create arbitrary subscriber-level accounts.
by jFriedli
CVSS 9.8
CVE-2025-10658 NOMISEC MEDIUM
SupportCandy <= 3.3.7 - Unauthenticated Authentication Bypass via OTP Brute Force
The SupportCandy – Helpdesk & Customer Support Ticket System plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 3.3.7. This is due to missing rate limiting on the OTP verification for guest login. This makes it possible for unauthenticated attackers to bypass authentication and gain unauthorized access to customer support tickets by brute forcing the 6-digit OTP code.
by jFriedli
CVSS 6.5
CVE-2025-9967 NOMISEC CRITICAL
Orion SMS OTP Verification <1.1.7 - Privilege Escalation
The Orion SMS OTP Verification plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.1.7. This is due to the plugin not properly validating a user's identity prior to updating their password. This makes it possible for unauthenticated attackers to change arbitrary user's password to a one-time password if the attacker knows the user's phone number
by jFriedli
CVSS 9.8
CVE-2025-11627 NOMISEC MEDIUM
Site Checkup Debug AI Troubleshooting with Wizard and Tips for Each...
The Site Checkup Debug AI Troubleshooting with Wizard and Tips for Each Issue plugin for WordPress is vulnerable to log file poisoning in all versions up to, and including, 1.47. This makes it possible for unauthenticated attackers to insert arbitrary content into log files, and potentially cause denial of service via disk space exhaustion.
by jFriedli
CVSS 6.5
CVE-2025-11771 NOMISEC MEDIUM
TokenICO plugin <2.4.6 - Info Disclosure
The Cryptocurrency (Token), Launchpad (Presale), ICO & IDO, Airdrop by TokenICO plugin for WordPress is vulnerable to unauthenticated and unauthorized modification of data due to missing authentication and capability checks on the 'createSaleRecord' function in all versions up to, and including, 2.4.7. This makes it possible for unauthenticated attackers to manipulate presales counters.
by jFriedli
CVSS 5.3
CVE-2025-10294 NOMISEC CRITICAL
OwnID Passwordless Login <1.3.4 - Auth Bypass
The OwnID Passwordless Login plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 1.3.4. This is due to the plugin not properly checking if the ownid_shared_secret value is empty prior to authenticating a user via JWT. This makes it possible for unauthenticated attackers to log in as other users, including administrators, on instances where the plugin has not been fully configured yet.
by jFriedli
CVSS 9.8
CVE-2025-11973 NOMISEC MEDIUM
简数采集器 WordPress Plugin <=2.6.3 - Info Disclosure
The 简数采集器 plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 2.6.3 via the __kds_flag functionality that imports featured images. This makes it possible for authenticated attackers, with Adminstrator-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information.
by jFriedli
CVSS 4.9
CVE-2025-11988 NOMISEC MEDIUM
WordPress Crypto <2.22 - Info Disclosure
The Crypto plugin for WordPress is vulnerable to unauthorized manipulation of data in all versions up to, and including, 2.22. This is due to the plugin registering an unauthenticated AJAX action (wp_ajax_nopriv_crypto_connect_ajax_process) that allows calling the crypto_delete_json method with only a publicly-available nonce check. This makes it possible for unauthenticated attackers to delete specific JSON files matching the pattern *_pending.json within the wp-content/uploads/yak/ directory, causing data loss and denial of service for plugin workflows that rely on these artifacts.
by jFriedli
CVSS 5.3
CVE-2025-11986 NOMISEC MEDIUM
WordPress Crypto <2.22 - Info Disclosure
The Crypto plugin for WordPress is vulnerable to Information exposure in all versions up to, and including, 2.22. This is due to the plugin registering an unauthenticated AJAX action (wp_ajax_nopriv_crypto_connect_ajax_process) that allows calling the register and savenft methods with only a publicly-available nonce check and no wallet signature verification. This makes it possible for unauthenticated attackers to set a site-wide global authentication state via a single transient, bypassing all access controls for ALL visitors to the site. The impact is complete bypass of [crypto-block] shortcode restrictions and page-level access controls, affecting all site visitors for one hour, plus the ability to inject arbitrary data into the plugin's custom_users table.
by jFriedli
CVSS 5.3
CVE-2025-12028 NOMISEC HIGH
IndieAuth plugin for WordPress <4.5.4 - CSRF
The IndieAuth plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.5.4. This is due to missing nonce verification on the `login_form_indieauth()` function and the authorization endpoint at wp-login.php?action=indieauth. This makes it possible for unauthenticated attackers to force authenticated users to approve OAuth authorization requests for attacker-controlled applications via a forged request granted they can trick a user into performing an action such as clicking on a link or visiting a malicious page while logged in. The attacker can then exchange the stolen authorization code for an access token, effectively taking over the victim's account with the granted scopes (create, update, delete).
by jFriedli
CVSS 8.8
CVE-2025-11177 NOMISEC HIGH
WordPress External Login <1.11.2 - SQL Injection
The External Login plugin for WordPress is vulnerable to SQL Injection via the 'log' parameter in all versions up to, and including, 1.11.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database when a PostgreSQL or MSSQL database is configured as the external authentication database.
by jFriedli
CVSS 7.5
CVE-2025-12137 NOMISEC MEDIUM
Import WP <= 2.14.16 - Authenticated Arbitrary File Read via attach_file()
The Import WP – Export and Import CSV and XML files to WordPress plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 2.14.16. This is due to the plugin's REST API endpoint accepting arbitrary absolute file paths without proper validation in the 'attach_file()' function when handling 'file_local' actions. This makes it possible for authenticated attackers, with administrator-level access and above, to read arbitrary files on the server's filesystem, including sensitive configuration files and system files via the 'local_url' parameter.
by jFriedli
CVSS 4.9
CVE-2025-9074 NOMISEC CRITICAL
Docker Desktop - Privilege Escalation
A vulnerability was identified in Docker Desktop that allows local running Linux containers to access the Docker Engine API via the configured Docker subnet, at 192.168.65.7:2375 by default. This vulnerability occurs with or without Enhanced Container Isolation (ECI) enabled, and with or without the "Expose daemon on tcp://localhost:2375 without TLS" option enabled. This can lead to execution of a wide range of privileged commands to the engine API, including controlling other containers, creating new ones, managing images etc. In some circumstances (e.g. Docker Desktop for Windows with WSL backend) it also allows mounting the host drive with the same privileges as the user running Docker Desktop.
by rocket-panda
CVE-2026-4582 WRITEUP MEDIUM
Shenzhen HCC Technology MPOS M6 PLUS Bluetooth missing authentication
A security vulnerability has been detected in Shenzhen HCC Technology MPOS M6 PLUS 1V.31-N. Affected by this vulnerability is an unknown functionality of the component Bluetooth. Such manipulation leads to missing authentication. The attack must be carried out from within the local network. Attacks of this nature are highly complex. The exploitation appears to be difficult. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS 5.0
CVE-2026-4583 WRITEUP MEDIUM
Shenzhen HCC Technology MPOS M6 PLUS Bluetooth authentication replay
A vulnerability was detected in Shenzhen HCC Technology MPOS M6 PLUS 1V.31-N. Affected by this issue is some unknown functionality of the component Bluetooth Handler. Performing a manipulation results in authentication bypass by capture-replay. The attack must originate from the local network. The attack is considered to have high complexity. The exploitation is known to be difficult. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS 5.0
CVE-2026-4584 WRITEUP LOW
Shenzhen HCC Technology MPOS M6 PLUS Cardholder Data cleartext transmission
A flaw has been found in Shenzhen HCC Technology MPOS M6 PLUS 1V.31-N. This affects an unknown part of the component Cardholder Data Handler. Executing a manipulation can lead to cleartext transmission of sensitive information. The attack requires access to the local network. The attack requires a high level of complexity. It is indicated that the exploitability is difficult. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS 3.1
CVE-2025-66398 NOMISEC CRITICAL
Signal K Server < 2.19.0 - Unauthenticated Remote Code Execution via Backup Validation Endpoint
Signal K Server is a server application that runs on a central hub in a boat. Prior to version 2.19.0, an unauthenticated attacker can pollute the internal state (`restoreFilePath`) of the server via the `/skServer/validateBackup` endpoint. This allows the attacker to hijack the administrator's "Restore" functionality to overwrite critical server configuration files (e.g., `security.json`, `package.json`), leading to account takeover and Remote Code Execution (RCE). Version 2.19.0 patches this vulnerability.
by showy-headteacher114
CVSS 9.6
CVE-2025-70330 NOMISEC LOW
Easy Grade Pro 4.1.0.2 - Denial of Service via Crafted .EGP File Parsing
Easy Grade Pro 4.1.0.2 contains a file parsing logic flaw in the handling of proprietary .EGP gradebook files. By modifying specific fields at precise offsets within an otherwise valid .EGP file, an attacker can trigger an out-of-bounds memory read during parsing. This results in an unhandled access violation and application crash, leading to a local denial-of-service condition when the crafted file is opened by a user.
by TheMalwareGuardian
2 stars
CVSS 3.3
CVE-2025-34096 NOMISEC CRITICAL
Easy File Sharing HTTP Server 7.2 - Buffer Overflow
A stack-based buffer overflow vulnerability exists in Easy File Sharing HTTP Server version 7.2. The flaw is triggered when a crafted POST request is sent to the /sendemail.ghp endpoint containing an overly long Email parameter. The application fails to properly validate the length of this field, resulting in a memory corruption condition. An unauthenticated remote attacker can exploit this to execute arbitrary code with the privileges of the server process.
by TheMalwareGuardian
CVE-2020-13768 NOMISEC CRITICAL
MiniShare < 1.4.2 - Stack-Based Buffer Overflow via HTTP PUT Request
In MiniShare before 1.4.2, there is a stack-based buffer overflow via an HTTP PUT request, which allows an attacker to achieve arbitrary code execution, a similar issue to CVE-2018-19861, CVE-2018-19862, and CVE-2019-17601. NOTE: this product is discontinued.
by TheMalwareGuardian
CVSS 9.8
CVE-2019-25485 NOMISEC MEDIUM
R 3.4.4 Windows x64 - Buffer Overflow
R 3.4.4 on Windows x64 contains a buffer overflow vulnerability in the GUI Preferences language menu field that allows local attackers to bypass DEP and ASLR protections. Attackers can inject a crafted payload through the Language for menus preference to trigger a structured exception handler chain pivot and execute arbitrary shellcode with application privileges.
by TheMalwareGuardian
CVSS 6.2