274379 matches found
📄 WordPress Query Console 1.0 Code Injection
This code represents an advanced, class-based proof-of-concept targeting a code injection vulnerability in WordPress Query Console plugin version 1.0. It is designed as a CLI-only tool that automates payload upload, verification, command execution testing, and optional interactive shell access,...
📄 WordPress Document Library Lite 1.1.6 Information Disclosure
Proof of concept exploit for WordPress Document Library Lite plugin version 1.1.6. The plugin fails to restrict access to an internal AJAX API endpoint allowing unauthenticated attackers to fetch document records exposing sensitive metadata...
📄 WordPress External Post Editor 1.2.3 Scanner
This PHP forensic scanner is designed to assess WordPress sites for the External Post Editor plugin vulnerability in version 1.2.3 that allows unauthenticated file upload potentially leading to remote code execution...
📄 Honeywell Trend IQ4xx BMS Controller Unauthenticated Remote Web-HMI Control / Lockout
The Honeywell IQ4 Trend IQ4 exposes its full web-based HMI without authentication in its factory-default configuration. With no user module configured, security is disabled by design and the system operates under a System User level 100 context, granting read/write privileges to any party able to...
📄 MajorDoMo Remote Command Injection / Race Condition
This Metasploit module exploits an unauthenticated command injection vulnerability in MajorDoMos remote command handler rc/index.php. The param parameter is interpolated into double quotes without escapeshellarg, and the resulting string is passed to safeexec which inserts it into the safeexecs...
📄 WordPress Flex QR Code Generator 1.2.5 Shell Upload
Proof of concept exploit for a remote shell upload vulnerability in WordPress Flex QR Code Generator plugin version 1.2.5. ============================================================================================================================================= | Title : WordPress Flex QR Code...
📄 WordPress Eventin 4.0.34 Account Takeover
A critical vulnerability exists in the Speaker Management component of the target where an authenticated attacker can intercept the speaker update process and change any speaker's registered email address without proper authorization. This flaw allows the attacker to hijack arbitrary accounts by...
📄 WordPress Real Spaces Properties Directory Theme 3.6 Missing Authorization
Proof of concept exploit for a missing authorization vulnerability in WordPress Real Spaces Properties Directory Theme version 3.6. ============================================================================================================================================= | Title : WordPress Rea...
📄 WordPress File Upload 4.24.11 Path Traversal / Remote Code Execution
A critical unauthenticated remote code execution vulnerability exists in the WordPress File Upload plugin versions 4.24.11 and earlier. The vulnerability allows attackers to execute arbitrary operating system commands through path traversal and improper input validation in the wfufiledownloader.p...
Honeywell Trend IQ4xx BMS Controller Unauthenticated Remote Web-HMI Control And Lockout
Summary The Honeywell IQ4 Trend IQ4 is a line of intelligent building-management controllers designed to provide advanced unitary control, HVAC integration, and scalable I/O expansion for commercial environments. These controllers use Ethernet and TCP/IP networking with embedded XML, support BACn...
📄 Checkmk 2.4.0p21 Cross Site Scripting
Checkmk suffers from a persistent cross site scripting vulnerability. Versions affected include 2.4.0 before 2.4.0p22 and 2.3.0 before 2.3.0p43. ============================================================================================================================================= | Title :...
📄 WordPress Email Subscribers 5.7.14 SQL Injection
WordPress Email Subscribers plugin version 5.7.14 remote SQL injection proof of concept exploit. ============================================================================================================================================= | Title : wordpress Email Subscribers 5.7.14 Sql Injection...
📄 MajorDoMo Console Eval Unauthenticated Remote Code Execution
This Metasploit module exploits an unauthenticated remote code execution vulnerability in MajorDoMo, an open-source home automation platform. The admin panels PHP console is accessible without authentication due to a missing exit after redirect in modules/panel.class.php. The redirect"/" call...
Exploit for Command Injection in Coollabs Coolify
No d...
Exploit for CVE-2026-3395
CVE‑2026‑3395 — MaxSite CMS Unauthenticated Remote Code Execut...
Exploit for Code Injection in Vmware Spring_Framework
🚨 CVE-2022-22965 - "Spring4Shell" !CVEhttps://img.shield...
Exploit for Improper Initialization in Linux Linux_Kernel
megaquagga-pentest-re...
Exploit for SQL Injection in Fortinet Fortiweb
CVE-2025-25257 Detection Engineering Repository !CVEhttps:...
Exploit for Path Traversal in Apache Http_Server
🕵️ HACKNET v2.4.1 —...
devops-security-pipeline-poc
DevOps Security Pipeline POC A security-integrated CI/CD pipe...