WordPress MM-Forms-Community 2.2.7 Shell Upload / SQL Injection

Exploit Title : WordPress MM-Forms-Community Plugins 2.2.7 Shell Upload and SQL Injection Author Discovered By : KingSkrupellos Team : Cyberizm Digital Security Army Date : 26/01/2019 Vendor Homepage : wordpress.org Software Download Link : downloads.wordpress.org/plugin/mm-forms-community.zip...

WordPress Category Page Icons 3.6.1 CSRF / Shell Upload

Exploit Title : WordPress category-page-icons Plugins 3.6.1 CSRF Shell Upload Author Discovered By : KingSkrupellos Team : Cyberizm Digital Security Army Date : 17/01/2019 Vendor Homepage : wordpress.org wp-premiumplugins.com/category-page-icons/ wordpress.org/plugins/category-page-icons/ Softwar...

WordPress Plugin UserPro < 4.9.21 - User Registration Privilege Escalation

Exploit Title: Wordpress Plugin UserPro 4.9.21 User Registration With Administrator Role Google Dork: inurl:/wp-content/plugins/userpro/ Date: 3rd January, 2019 Exploit Author: Noman Riffat Vendor Homepage: https://userproplugin.com/ Software Link:...

WordPress UserPro Privilege Escalation

Exploit Title: Wordpress Plugin UserPro 4.9.21 User Registration With Administrator Role Google Dork: inurl:/wp-content/plugins/userpro/ Date: 3rd January, 2019 Exploit Author: Noman Riffat Vendor Homepage: https://userproplugin.com/ Software Link:...

Joomla Codextrous B2jcontact 2.1.17 Shell Upload

Exploit Title : Joomla Codextrous ComB2jcontact Components 2.1.17 Shell Upload Author Discovered By : KingSkrupellos from Cyberizm Digital Security Army Date : 04/01/2019 Vendor Homepage : codextrous.com/joomla-components/b2j-contact.html + extensions.joomla.org/extension/b2j-contact/ Software...

Voyager 1.1 Shell Upload

Exploit Title: Voyager 1.1 - Arbitrary File Upload Google Dork: N/A Date: 1 Jan 2019 Exploit Author: Deyaa Muhammad Author EMail: contact at deyaa.me Author Blog: http://deyaa.me Poc Video: https://youtu.be/5GnHbFqRP9M Vendor Homepage: https://laravelvoyager.com/ Software Link:...

WordPress Audio Record 1.0 Shell Upload

Exploit Title: WordPress Plugin Audio Record 1.0 - Arbitrary File Upload Date: 2018-12-24 Software Link: https://wordpress.org/plugins/audio-record/ Exploit Author: Kaimi Website: https://kaimi.io Version: 1.0 Category: webapps Unrestricted file upload in record upload process allowing arbitrary...

WordPress cvp-irontec 4.8.3 Shell Upload

Exploit Title : WordPress cvp-irontec Themes 4.8.3 Remote Shell Upload Vulnerability Author Discovered By : KingSkrupellos from Cyberizm Digital Security Army Date : 22/12/2018 Vendor Homepage : wordpress.org Software Download Link : N/A Tested On : Windows and Linux Category : WebApps Version...

WordPress Firma Rehberi 4.9.9 Shell Upload / SQL Injection

Exploit Title : WordPress Firma Rehberi Themes 4.9.9 SQL Injection and Remote Shell Upload Vulnerability Author Discovered By : KingSkrupellos from Cyberizm Digital Security Army Date : 22/12/2018 Vendor Homepage : wordpress.org temafabrika.com/demo/rehber3/ Software Download Link :...

WordPress Share-Buttons 4.9.9 Shell Upload

Exploit Title : WordPress Share-Buttons Plugins 4.9.9 Remote Shell Upload Vulnerability Author Discovered By : KingSkrupellos from Cyberizm Digital Security Army Date : 22/12/2018 Vendor Homepage : wordpress.org sbuttons.ru Software Download Link : atwebresults.com/phpajaximageupload/ +...

WordPress Cvp-Adegrontec 4.8.3 Shell Upload

Exploit Title : WordPress Cvp-Adegrontec Themes 4.8.3 Remote Shell Upload Vulnerability Author Discovered By : KingSkrupellos from Cyberizm Digital Security Army Date : 22/12/2018 Vendor Homepage : wordpress.org Software Download Link : N/A Tested On : Windows and Linux Category : WebApps Version...

WordPress Saphali-Customer-Reviews 5.0.2 Shell Upload

Exploit Title : WordPress Saphali-Customer-Reviews Plugins 5.0.2 Remote Shell Upload Vulnerability Author Discovered By : KingSkrupellos from Cyberizm Digital Security Army Date : 22/12/2018 Vendor Homepage : wordpress.org saphali.com Software Download Link : saphali.com/wordpress-plugin-reviews...

WordPress FCKEditor-For-Wordpress-Plugin 3.3.1 Shell Upload

Exploit Title : WordPress FCKEditor-For-Wordpress-Plugin 3.3.1 Remote Shell Upload Vulnerability Author Discovered By : KingSkrupellos from Cyberizm Digital Security Army Date : 20/12/2018 Vendor Homepage : wordpress.org/support/plugin/fckeditor-for-wordpress-plugin Software Download Link :...

WordPress St_Newsletter Swift Mailer 2.7 Shell Upload

Exploit Title : WordPress StNewsletter Swift Mailer Plugins 2.7 Remote Shell Upload Vulnerability Author Discovered By : KingSkrupellos from Cyberizm Digital Security Army Date : 20/12/2018 Vendor Homepage : wordpress.org forums.devnetwork.net swiftmailer.symfony.com swiftmailer.org Software...

WordPress Monsters-Editor-10-For-WP-Super-Edit 2.3.1 Shell Upload

Exploit Title : WordPress Monsters-Editor-10-For-WP-Super-Edit Plugins 2.3.1 Remote Shell Upload Vulnerability Author Discovered By : KingSkrupellos from Cyberizm Digital Security Army Date : 20/12/2018 Vendor Homepage : thedevcouple.com wordpress.org/plugins/monsters-editor-10-for-wp-super-edit/...

WordPress ChenPress 3.1.1 Shell Upload

Exploit Title : WordPress ChenPress Plugins 3.1.1 Remote Shell Upload Vulnerability Author Discovered By : KingSkrupellos from Cyberizm Digital Security Army Date : 20/12/2018 Vendor Homepage : wordpress.org groups-beta.google.com/group/ChenPress Software Download Link :...

WordPress Sem-Wysiwyg 1.0 Shell Upload

Exploit Title : WordPress Sem-Wysiwyg Plugins 1.0 Remote Shell Upload Vulnerability Author Discovered By : KingSkrupellos from Cyberizm Digital Security Army Date : 20/12/2018 Vendor Homepage : wordpress.org Software Download Link : N/A Tested On : Windows and Linux Category : WebApps Version...

WordPress Dev-Custom-Management VerzDesign 1.0 Database Disclosure / Shell Upload

Exploit Title : WordPress Dev-Custom-Management Plugins VerzDesign 1.0 Database Backup Disclosure and Arbitrary File Upload Author Discovered By : KingSkrupellos from Cyberizm Digital Security Army Date : 17/12/2018 Vendor Homepage : wordpress.org verzdesign.com Software Download Link : N/A Teste...

Joomla Fabrik 3.9 CSRF / LFI / Shell Upload

Exploit Title : Joomla ComFabrik 3.9 pluginAjax importcsv advancedsearch getprodimg controller LFI with htaccess CSRF Shell Access Vulnerability Author Discovered By : KingSkrupellos from Cyberizm Digital Security Army Date : 29/11/2018 Vendor Homepage : extensions.joomla.org/extension/fabrik/...

OCS Inventory NG <= 2.5.0 Remote Shell Upload Vulnerability

OCS Inventory NG is prone to a remote shell upload vulnerability. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...