Meet Khaled Mohamed: the bug hunter who found a Microsoft flaw

It’s only on rare occasions that anyone pays attention to the acknowledgment section of a vulnerability disclosure. But for the person who found the bug, it's often the conclusion of hours of work, trial and error, searching for recognition, and finally seeing the vulnerability get patched. Bug...

WordPress Prime Listing Manager plugin <= 1.1 - Unauthenticated Privilege Escalation vulnerability

Unauthenticated Privilege Escalation vulnerability discovered by Khaled Alenazi Nxploited in WordPress Plugin Prime Listing Manager versions = 1.1...

WordPress Post Slides plugin <= 1.0.1 - Contributor+ Local File Inclusion vulnerability

Contributor+ Local File Inclusion vulnerability discovered by Khaled Alenazi Nxploited in WordPress Plugin Post Slides versions = 1.0.1...

WordPress e-xact-hosted-payment plugin <= 2.0 - Unauthenticated Arbitrary File Deletion vulnerability

Unauthenticated Arbitrary File Deletion vulnerability discovered by Khaled Alenazi Nxploited in WordPress Plugin E-xact Hosted Payment versions = 2.0...

WordPress Dreamer Blog theme <= 1.2 - Subscriber+ Arbitrary Plugin Installation vulnerability

Subscriber+ Arbitrary Plugin Installation vulnerability discovered by Khaled Alenazi Nxploited in WordPress Theme Dreamer Blog versions = 1.2...

WordPress Downloable by American Osteopathic Association plugin <= 0.1.0 - Unauthenticated Arbitrary File Download vulnerability

Unauthenticated Arbitrary File Download vulnerability discovered by Aly Khaled in WordPress Plugin Aoa Downloadable versions = 0.1.0...

WordPress Age Restriction plugin <= 3.0.2 - Subscriber+ Privilege Escalation vulnerability

Subscriber+ Privilege Escalation vulnerability discovered by Khaled Alenazi Nxploited in WordPress Plugin Premium Age Verification / Restriction for WordPress versions = 3.0.2...

WordPress Bookit plugin < 2.5.1 - Unauthenticated Settings Update vulnerability

Unauthenticated Settings Update vulnerability discovered by Khaled Alenazi Nxploited in WordPress Plugin BookIt versions 2.5.1...

WordPress The Wound theme <= 0.0.1 - Unauthenticated LFI vulnerability

Unauthenticated LFI vulnerability discovered by Aly Khaled in WordPress Theme The Wound versions = 0.0.1...

EUVD-2025-28101

Malicious code in bioql PyPI...

WordPress CSV Mass Importer plugin <= 1.2 - Admin+ Arbitrary File Upload vulnerability

Admin+ Arbitrary File Upload vulnerability discovered by Khaled Alenazi Nxploited in WordPress Plugin CSV Mass Importer versions = 1.2...

CVE-2025-47611

CVE-2025-47611 reflects a Reflected Cross-Site Scripting (XSS) flaw in the WordPress plugin User Meta (versions n/a through 3.1.2). Root cause: improper input neutralization during web page generation. Impact (per metrics): confidentiality, integrity, and availability are Low to Low, with user in...

PT-2025-22761 · Unknown · Khaled User Meta

Name of the Vulnerable Software and Affected Versions: Khaled User Meta versions n/a through 3.1.2 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, allowing Reflected XSS. Recommendations: For versions n/a throug...

WordPress ThemeEgg ToolKit 1.2.9 Shell Upload Exploit

import argparse import re import time import requests from bs4 import BeautifulSoup by Nxploit | Khaled Alenazi requests.packages.urllib3.disablewarnings session = requests.Session session.verify = False def displaybanner: banner = """...

aculliber.northeurope.cloudapp.azure.com Cross Site Scripting vulnerability OBB-3918505

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

crossfire-server 1.9.0 - &#039;SetUp()&#039; Remote Buffer Overflow

Exploit Title: crossfire-server 1.9.0 - 'SetUp' Remote Buffer Overflow Exploit Author: Khaled Salem @Khaled0x07 Software Link: https://www.exploit-db.com/apps/43240af83a4414d2dcc19fff3af31a63-crossfire-1.9.0.tar.gz Version: 1.9.0 Tested on: Kali Linux 2020.4 CVE : CVE-2006-1236 !/bin/python impor...

WordPress Xenon premium theme <= 1.3 - Unauthenticated Cross-Site Scripting (XSS) vulnerability

Unauthenticated Cross-Site Scripting XSS vulnerability discovered by Khaled Nassar in WordPress Xenon premium theme versions = 1.3. Solution No patched version is available...

GeekLog 1.7.0 (fckeditor) Arbitrary File Upload Vulnerability

No description provided by source. db 88 88 ,ad8888ba, d88b 88 88 d8' 8b d8'8b 88 88 d8' d8' 8b 88aaaaaaaa88 88 d8YaaaaY8b 8888 88 88888 d88b 88 88 Y8, 88 d8' 8b 88 88 Y8a. .a88 d8' 8b 88 88 Y88888P Exploit Title: Geeklog Date: 18-10-2010 Author: Kubanezi AHG Software Link: http://www.geeklog.net...

GeekLog 1.7.0 (fckeditor) Arbitrary File Upload Vulnerability

Exploit for php platform in category web applications ============================================================= GeekLog 1.7.0 fckeditor Arbitrary File Upload Vulnerability ============================================================= db 88 88 ,ad8888ba, d88b 88 88 d8"' "8b d8'8b 88 88 d8' d8'...

GeekLog 1.7.0 Shell Upload

db 88 88 ,ad8888ba, d88b 88 88 d8"' "8b d8'8b 88 88 d8' d8' 8b 88aaaaaaaa88 88 d8YaaaaY8b 88""""""""88 88 88888 d8""""""""8b 88 88 Y8, 88 d8' 8b 88 88 Y8a. .a88 d8' 8b 88 88 "Y88888P" Exploit Title: Geeklog Date: 18-10-2010 Author: Kubanezi AHG Software Link: http://www.geeklog.net/ Version: 1.7....