CVE-2025-14533

The Advanced Custom Fields: Extended plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 0.9.2.1. This is due to the 'insertuser' function not restricting the roles with which a user can register. This makes it possible for unauthenticated attackers to...

CVE-2025-14533

The Wordfence disclosure confirms CVE-2025-14533 affects the Advanced Custom Fields: Extended plugin for WordPress (

CVE-2025-14533 Advanced Custom Fields: Extended <= 0.9.2.1 - Unauthenticated Privilege Escalation via Insert User Form Action

The Advanced Custom Fields: Extended plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 0.9.2.1. This is due to the 'insertuser' function not restricting the roles with which a user can register. This makes it possible for unauthenticated attackers to...

WordPress Advanced Custom Fields: Extended plugin <= 0.9.2.1 - Unauthenticated Privilege Escalation via Insert User Form Action vulnerability

Unauthenticated Privilege Escalation via Insert User Form Action vulnerability discovered by andrea bocchetti in WordPress Plugin Advanced Custom Fields: Extended versions = 0.9.2.1...

WordPress plugin Advanced Custom Fields: Extended security vulnerabilities

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

CVE-2025-9693

The User Meta – User Profile Builder and User management plugin plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the postInsertUserProcess function in all versions up to, and including, 3.1.2. This makes it possible for authenticated...

CVE-2024-6808

A vulnerability was found in itsourcecode Simple Task List 1.0. It has been classified as critical. This affects the function insertUserRecord of the file signUp.php. The manipulation of the argument username leads to sql injection. It is possible to initiate the attack remotely. The exploit has...

Savsoft Quiz 5 - Persistent Cross-Site Scripting

Exploit Title: Savsoft Quiz 5 - Persistent Cross-Site Scripting Date: 2020-07-09 Exploit Author: Ogulcan Unverenth3d1gger Vendor Homepage: https://savsoftquiz.com/ Software Link: https://github.com/savsofts/savsoftquizv5.git Version: 5.0 Tested on: Kali Linux ---Vulnerable Source Code---- functio...

Simple Invoice 2011.1 Cross Site Request Forgery

Affected software: simple invoice Type of vulnerability:adding admin user via csrf URL:simpleinvoices.org Discovered by: provensec Website: provensec.com version:2011.1 Proof of concept...

VP-ASP-SQL.txt

!!! WARNING !!! FOR EDUCATIONAL PURPOSES ONLY! Neither myself nor any of my Affiliates shall be liable for any direct, incidental, consequential, indirect or punitive damages arising out of access to, inability to access, or any use of the content of this advisory, including without limitation an...

CVE-2006-7100

PHP remote file inclusion vulnerability in includes/functionsmoduser.php in phpBB Insert User 0.1.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbbrootpath parameter...

CVE-2006-7100

CVE-2006-7100 is a PHP remote file inclusion vulnerability in the phpBB Insert User extension (version 0.1.2 and earlier). The flaw resides in includes/functions_mod_user.php and allows remote attackers to execute arbitrary PHP code by supplying a URL in the phpbb_root_path parameter. Affected pr...

CVE-2006-7100

PHP remote file inclusion vulnerability in includes/functionsmoduser.php in phpBB Insert User 0.1.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbbrootpath parameter...

phpBB Insert User Mod 0.1.2 - Remote File Inclusion

phpBB Insert User Mod 0.1.2 - Remote File Inclusion !/usr/bin/perl PHPBB insert user 0.1.2 Class: Remote File Include Vulnerability Patch: unavailable Date: 2006/10/12 Remote: Yes Type: high Site: http://www.grahameames.co.uk/phpbb/downloads/insertuser0.1.2.zip use IO::Socket; use LWP::Simple;...