📄 WordPress Madera 2.2.2 Local File Inclusion

This Python script exploits a local file inclusion vulnerability in the WordPress Madara theme. It interacts with the admin-ajax.php endpoint to load sensitive files from the server, potentially leading to the exposure of system or application data. It affects version 2.2.2...

PT-2026-36591

The Booking for Appointments and Events Calendar – Amelia plugin for WordPress is vulnerable to Improper Authorization in all versions up to, and including, 2.1.2. This is due to a logical short-circuit flaw in authorization logic that causes token validation to be entirely skipped when a booking...

Directorist < 7.4.4 - Subscriber+ Sensitive Information Disclosure

The plugin does not prevent users with low privileges like subscribers from accessing sensitive system information. fetch'http://wpscan.local/wp-admin/admin-ajax.php', method: 'POST', headers: new Headers 'Content-Type': 'application/x-www-form-urlencoded', , body: 'action=sendsysteminfo',...

PT-2019-13833 · Tribulant · Tribulant Newsletters

Name of the Vulnerable Software and Affected Versions: Tribulant Newsletters plugin versions prior to 4.6.19 Description: The issue allows directory traversal with resultant remote PHP code execution. This is achieved via the subscribers11 parameter in conjunction with an exportfile=../ value in...