100261 matches found
Exploit for CVE-2026-60137
wp2shell — WordPress Core Pre-Auth RCE CVE-2026-63030 Ba...
Exploit for CVE-2026-63030
wp2shell Pre-Authentication Remote Code Execution in WordPres...
Exploit for CVE-2026-63030
CVE-2026-63030 The WordPress REST API batch routing confusi...
Exploit for CVE-2026-60137
wp2shell-detect Blackbox, non-intrusive detector for wp...
Exploit for CVE-2026-63030
wp2shell-scan A scanner and proof-of-concept toolkit for CVE-202...
wp2shell_stock_chain
wp2shell stock-core chain Authorized-testing proof of concept...
Exploit for CVE-2026-63030
wp2shellscanner !smokehttps://github.com/zi3lak/wp2shell...
wp2shell
wp2shell WordPress REST batch route-confusion blind SQL injec...
Imperva Customers Protected Against “wp2shell” Pre-Authentication RCE in WordPress Core
TL;DR : A critical pre-authentication Remote Code Execution RCE vulnerability, dubbed "wp2shell" CVE-2026-63030, has been identified in WordPress Core. This vulnerability allows an unauthenticated attacker to execute arbitrary code on a vulnerable WordPress installation without any preconditions,...
Exploit for CVE-2026-63030
wp2r00t - WordPress REST Batch Route-Confusion SQLi PoC A sel...
Exploit for CVE-2026-60137
CVE-2026-63030 + CVE-2026-60137 - “wp2shell”: unauthenticated...
Exploit for CVE-2026-63030
wp2shell CVE-2026-63030 / CVE-2026-60137 PoC for an unaut...
wp2shell-go
wp2shell-go A Go port of the wp2shell PoC. It targets the una...
wp2shell
wp2shell-check Non-intrusive checker for CVE-2026-63030 /...
wp2shell-PoC
wp2shell — CVE-2026-63030 + CVE-2026-60137 WordPress Pre-Auth...
Controlled Admin Access WordPress Plugin <= 1.4.0 - Improper Access Control & Privilege Escalation
An Improper Access Control vulnerability was discovered in the plugin. Uncontrolled access to the website customization functionality and global CMS settings, like /wp-admin/customization.php and /wp-admin/options.php, can lead to a complete compromise of the target resource. id: CVE-2021-24215...
WordPress Supsystic Ultimate Maps <1.2.5 - Cross-Site Scripting
WordPress Supsystic Ultimate Maps plugin before 1.2.5 contains an unauthenticated reflected cross-site scripting vulnerability due to improper sanitization of the tab parameter on the options page before outputting it in an attribute. id: CVE-2021-24274 info: name: WordPress Supsystic Ultimate Ma...
Chaty < 2.8.2 - Cross-Site Scripting
The Chaty WordPress plugin before 2.8.3 and Chaty Pro WordPress plugin before 2.8.2 do not sanitise and escape the search parameter before outputting it back in the admin dashboard, leading to a Reflected Cross-Site Scripting. id: CVE-2021-25016 info: name: Chaty 2.8.2 - Cross-Site Scripting...
Plus Addons for Elementor Page Builder < 4.1.10 - Open Redirect
WordPress Plus Addons for Elementor Page Builder before 4.1.10 did not validate a redirect parameter on a specifically crafted URL before redirecting the user to it, leading to an open redirect issue. id: CVE-2021-24358 info: name: Plus Addons for Elementor Page Builder 4.1.10 - Open Redirect...
Pie Register < 3.7.1.6 - Unauthenticated Arbitrary Login
The Registration Forms User profile, Content Restriction, Spam Protection, Payment Gateways, Invitation Codes WordPress plugin before 3.1.7.6 has a flaw in the social login implementation, allowing unauthenticated attacker to login as any user on the site by only knowing their user ID or username...