CVE-2026-7465

The Spectra Gutenberg Blocks – Website Builder for the Block Editor plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 2.19.25. This makes it possible for authenticated attackers, with Contributor-level access and above, to execute code on the server...

CVE-2026-9009

The Crawlomatic Multipage Scraper Post Generator plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 2.7.2 via the filtercontent function. This is due to passing the attacker-supplied 'callbackraw' shortcode attribute directly into calluserfunc with n...

WordPress plugin Avada (Fusion) Builder 注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

CVE-2025-5392 GB Forms DB <= 1.0.2 - Unauthenticated Remote Code Execution

The GB Forms DB plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.0.2 via the gbfdbtalktofront function. This is due to the function accepting user input and then passing that through calluserfunc. This makes it possible for unauthenticated...

WordPress Marketplace 2.4.0 Arbitrary File Download

Exploit Title: WP Marketplace 2.4.0 Arbitrary File Download Date: 26-10-2014 Software Link: https://wordpress.org/plugins/wpmarketplace/ Exploit Author: Kacper Szurek Contact: http://twitter.com/KacperSzurek Website: http://security.szurek.pl/ Category: webapps CVE: CVE-2014-9013 and CVE-2014-901...

WordPress Plugin Marketplace 2.4.0 - Arbitrary File Download

Exploit Title: WP Marketplace 2.4.0 Arbitrary File Download Date: 26-10-2014 Software Link: https://wordpress.org/plugins/wpmarketplace/ Exploit Author: Kacper Szurek Contact: http://twitter.com/KacperSzurek Website: http://security.szurek.pl/ Category: webapps CVE: CVE-2014-9013 and CVE-2014-901...

WordPress Download Manager 2.7.4 Remote Command Execution

!/usr/bin/python Exploit Name: Wordpress Download Manager 2.7.0-2.7.4 Remote Command Execution Vulnerability discovered by SUCURI TEAM http://blog.sucuri.net/2014/12/security-advisory-high-severity-wordpress-download-manager.html Exploit written by Claudio Viviani 2014-12-03: Discovered...

CVE-2014-2988

EGroupware Enterprise Line EPL before 1.1.20140505, EGroupware Community Edition before 1.8.007.20140506, and EGroupware before 14.1 beta allows remote authenticated administrators to execute arbitrary PHP code via crafted callback values to the calluserfunc PHP function, as demonstrated using th...

Horde Framework Unserialize PHP Code Execution

This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'Horde Framework Unserialize PHP Code Execution', 'Description' = %q This module exploits a php unserialize vulnerability in Horde...