📄 WordPress Real Estate 7 3.5.2 Privilege Escalation

This Metasploit auxiliary scanner module targets a privilege escalation vulnerability in WordPress Real Estate 7 plugin version 3.5.2. The flaw allows unauthenticated attackers to register a new user account with administrator privileges by abusing the ctaddnewmember AJAX action...

Exploit for CVE-2025-39459

📄 Nuclei Template for CVE-2025-39459 🚀 Overview This repo...

CVE-2023-39714

Multiple cross-site scripting XSS vulnerabilities in Free and Open Source Inventory Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Name, Address, and Company parameters under the Add New Member section...

PT-2025-4086 · Unknown · Code-Projects Chat System

Name of the Vulnerable Software and Affected Versions: code-projects Chat System versions 1.0 and earlier Description: A critical issue has been found in the code-projects Chat System, affecting an unknown functionality of the file /user/addnewmember.php. The manipulation of the user argument lea...

CVE-2023-39714

Multiple cross-site scripting XSS vulnerabilities in Free and Open Source Inventory Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Name, Address, and Company parameters under the Add New Member section...

CVE-2023-39714

Multiple cross-site scripting XSS vulnerabilities in Free and Open Source Inventory Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Name, Address, and Company parameters under the Add New Member section...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Free and Open Source Inventory Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Name, Address, and Company parameters under the Add New Member section...

CVE-2023-39714

Multiple cross-site scripting XSS vulnerabilities in Free and Open Source Inventory Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Name, Address, and Company parameters under the Add New Member section...

CVE-2023-39714

Multiple cross-site scripting XSS vulnerabilities in Free and Open Source Inventory Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Name, Address, and Company parameters under the Add New Member section...

CVE-2023-38970

Cross Site Scripting vulnerabiltiy in Badaso v.0.0.1 thru v.2.9.7 allows a remote attacker to execute arbitrary code via a crafted payload to the Name of member parameter in the add new member function...

PT-2023-26710 · Badaso · Badaso

Name of the Vulnerable Software and Affected Versions: Badaso versions 0.0.1 through 2.9.7 Description: The issue allows a remote attacker to execute arbitrary code via a crafted payload to the Name of member parameter in the add new member function. This enables the execution of arbitrary code,...