WordPress MetForm Pro plugin <= 3.9.7 - Unauthenticated Payment Amount Manipulation via 'mf-calculation' vulnerability

Unauthenticated Payment Amount Manipulation via 'mf-calculation' vulnerability discovered by andrea bocchetti in WordPress Plugin MetForm Pro versions = 3.9.7...

WordPress Elementor Website Builder plugin <= 3.35.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via REST API vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via REST API vulnerability discovered by andrea bocchetti in WordPress Plugin Elementor Website Builder versions = 3.35.5...

WordPress KiviCare plugin <= 3.6.16 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Andrea Bocchetti in WordPress Plugin KiviCare versions = 3.6.16...

WordPress Spam Protect for Contact Form 7 plugin <= 1.2.9 - Arbitrary File Deletion vulnerability

Arbitrary File Deletion vulnerability discovered by Andrea Bocchetti in WordPress Plugin Spam Protect for Contact Form 7 versions = 1.2.9...

WordPress Fluent Forms Pro Add On Pack plugin <= 6.1.12 - Authenticated (Subscriber+) Server-Side Request Forgery via 'saveDataSource' vulnerability

Authenticated Subscriber+ Server-Side Request Forgery via 'saveDataSource' vulnerability discovered by andrea bocchetti in WordPress Plugin Fluent Forms Pro Add On Pack versions = 6.1.12...

WordPress Simple Membership plugin <= 4.6.9 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Andrea Bocchetti in WordPress Plugin Simple Membership versions = 4.6.9...

WordPress Cost Calculator Builder Pro plugin <= 3.1.67 - Unauthenticated Cross-Site Scripting via SVG Upload vulnerability

Unauthenticated Cross-Site Scripting via SVG Upload vulnerability discovered by andrea bocchetti in WordPress Plugin Cost Calculator Builder Pro versions = 3.1.67...

WordPress Download Manager <= 3.2.46 - Authenticated Cross-Site Scripting (XSS) vulnerability

Authenticated Cross-Site Scripting XSS vulnerability discovered by Andrea Bocchetti in WordPress Download Manager versions = 3.2.46. Solution Update the WordPress Download Manager plugin to the latest available version at least 3.2.47...

WordPress Download Manager 3.2.43 Cross Site Scripting

Exploit Title: Download Manager Cross-Site Scripting Date: 2022-06-16 Exploit Author : Andrea Bocchetti Vendor Homepage : https://wordpress.org/plugins/download-manager/ Version : = 3.2.43 Tested on: windows CVE : CVE-2022-2101 Description 1- Login in the plugin page 2- add the xss payload in the...

WordPress AAWP premium plugin <= 3.16 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by Andrea Bocchetti in WordPress AAWP premium plugin versions = 3.16. Solution Update the WordPress AAWP premium plugin to the latest available version at least 3.17.1...

Huawei MBAMainService Unquoted Service Path

Exploit Title: Huawei "MBAMainService" Unquoted Service Path Date: 2020-12-14 Exploit Author: Andrea Bocchetti Vendor Homepage: https://consumer.huawei.com/en/support/laptops/matebook-d/ Software Link: https://consumer.huawei.com/en/support/laptops/matebook-d/ Category:Local Tested on: Microsoft...

Joomla Parcoauto SQL Injection

Exploit Title: Joomla comparcoauto SQL injection Vulnerability Date: 03-11-2012 Author: Andrea Bocchetti - www.andreabocchetti.com Twitter: @AndreaBocchetti Demo: http://www.xxx.com/index.php?option=comparcoauto&action=scheda&idVeicolo=2658810 Work Version: Joomla 1.5 Vulnerable Parameter Name:...

byTolinet Agencia Blind SQL Injection

Blind SQL Injection byTolinet Agencia + Author : Andrea Bocchetti E-Mail : [email protected] Sito web: http://www.tolinetagencia.com/ |Web App. : byTolinet Agencia |Price : N/A |Version : N/A | Vulnerability : Blind SQL Injection "id" Category: Web apps Date:9/6/11 Current DB:...

iBoutique v4.0

x Author: Andrea Bocchetti x Contact: [email protected] x Homepage : www.geekit.it // Software Info x Name : iBoutique v.4.0 x Vendor : http://www.wscreator.com/iboutique/ x Version : v.4.0 ------------------------------------------------------------------------------------------- x Exploi...