WordPress Post Grid Gutenberg Blocks for News, Magazines, Blog Websites - PostX plugin <= 5.0.5 - Missing Authorization to Limited Post Meta Modification vulnerability

WordPress Post Grid Gutenberg Blocks for News, Magazines, Blog Websites - PostX plugin = 5.0.5 - Missing Authorization to Limited Post Meta Modification vulnerability discovered by Mohammad Amin Hajian mamadrce in WordPress Plugin PostX versions = 5.0.5...

WordPress Export All URLs plugin < 5.1 - Unauthenticated Sensitive Data Exposure vulnerability

Unauthenticated Sensitive Data Exposure vulnerability discovered by Mohammad Aghdasi in WordPress Plugin Export All URLs versions 5.1...

EUVD-2025-205596

Improper Control of Generation of Code 'Code Injection' vulnerability in Mohammad I. Okfie IF AS Shortcode allows Code Injection.This issue affects IF AS Shortcode: from n/a through 1.2...

CVE-2025-68897

Improper Control of Generation of Code 'Code Injection' vulnerability in Mohammad I. Okfie IF AS Shortcode if-as-shortcode allows Code Injection.This issue affects IF AS Shortcode: from n/a through = 1.2...

PT-2025-53752

Name of the Vulnerable Software and Affected Versions Mohammad I. Okfie IF AS Shortcode versions through 1.2 Description A code injection issue exists in Mohammad I. Okfie IF AS Shortcode. The flaw allows for code injection, potentially enabling attackers to execute malicious code. The affected...

EUVD-2025-3329

Malicious code in bioql PyPI...

CVE-2025-52780 WordPress Logo Manager For Samandehi plugin <= 0.5 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery CSRF vulnerability in Mohammad Parsa Logo Manager For Samandehi samandehi-logo-manager allows Stored XSS.This issue affects Logo Manager For Samandehi: from n/a through = 0.5...

CVE-2025-32560

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Mohammad I. Okfie WP-Hijri wp-hijri allows Reflected XSS.This issue affects WP-Hijri: from n/a through = 1.5.3...

CVE-2024-44053

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Mohammad Arif Opor Ayam allows Reflected XSS.This issue affects Opor Ayam: from n/a through 1.8...

WordPress Smart Forms Plugin < 2.6.87 is vulnerable to Broken Access Control

Software Smart Forms Type Plugin Vulnerable versions 2.6.87 Fixed in 2.6.87 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-7203 Patch priority Medium CVSS severity Medium 5.4 Developer Claim ownership PSID 959e4abbd849 Credits Mohammad Reza Omrani Require...

Patchwork Using Romance Scam Lures to Infect Android Devices with VajraSpy Malware

The threat actor known as Patchwork likely used romance scam lures to trap victims in Pakistan and India, and infect their Android devices with a remote access trojan called VajraSpy. Slovak cybersecurity firm ESET said it uncovered 12 espionage apps, six of which were available for download from...

CVE-2023-33320 WordPress WP-Hijri Plugin <= 1.5.1 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting XSS vulnerability in Mohammad I. Okfie WP-Hijri plugin = 1.5.1 versions...

Online Hotel Reservation System 1.0 - &#039;Multiple&#039; Cross-site scripting (XSS)

Exploit Title: Online Hotel Reservation System 1.0 - 'Multiple' Cross-site scripting XSS Date: 2021-08-02 Exploit Author: Mohammad Koochaki Vendor Homepage: https://www.sourcecodester.com/php/13492/online-hotel-reservation-system-phpmysqli.html Software Link:...

Online Hotel Reservation System 1.0 - (Multiple) Cross-site scripting Vulnerability

Exploit Title: Online Hotel Reservation System 1.0 - 'Multiple' Cross-site scripting XSS Exploit Author: Mohammad Koochaki Vendor Homepage: https://www.sourcecodester.com/php/13492/online-hotel-reservation-system-phpmysqli.html Software Link:...

Inventory Webapp - (itemquery) SQL injection Vulnerability

Exploit for php platform in category web applications Exploit Title: Inventory Webapp SQL injection Data: 05.09.2019 Exploit Author: mohammad zaheri Vendor HomagePage: https://github.com/edlangley/inventory-webapp Tested on: Windows Google Dork: N/A ========= Vulnerable Page: =========...

VBScan 0.1.7 - Black Box vBulletin Vulnerability Scanner

OWASP VBScan short for VBulletin Vulnerability Scanner is an opensource project in perl programming language to detect VBulletin CMS vulnerabilities and analyses them . Why OWASP VBScan ? If you want to do a penetration test on a vBulletin Forum, OWASP VBScan is Your best shot ever! This Project ...

MediaInfo 0.7.61 - Crash (PoC)

!/usr/bin/perl -w Title : Windows Media Player MediaInfo v0.7.61 - Buffer Overflow Exploit Tested on Windows 7 / Server 2008 Download Link : https://sourceforge.net/projects/mediainfo/files/binary/mediainfo-gui/0.7.61/ Author : Mohammad Reza Espargham Linkedin : https://ir.linkedin.com/in/rezasp...

OWASP VBScan 0.1.6 - Black Box vBulletin Vulnerability Scanner Tool

OWASP VBScan short for VBulletin Vulnerability Scanner is an opensource project in perl programming language to detect VBulletin CMS vulnerabilities and analyses them . Why OWASP VBScan ? If you want to do a penetration test on a vBulletin Forum, OWASP VBScan is Your best shot ever! This Project ...

vBulletin 5.x - Remote Code Execution Exploit

Exploit for php platform in category web applications + Title: Vbulletin 5.x - Remote Code Execution Exploit + Product: vbulletin + Vendor: http://vbulletin.com + Vulnerable Versions: Vbulletin 5.x Author : Mohammad Reza Espargham Linkedin : https://ir.linkedin.com/in/rezasp E-Mail : meatrezadote...

WinRaR SFX - Remote Code Execution Exploit

Exploit for windows platform in category local exploits !/usr/bin/perl Title : WinRaR SFX - Remote Code Execution Affected Versions: All Version Tested on Windows 7 / Server 2008 Author : Mohammad Reza Espargham Linkedin : https://ir.linkedin.com/in/rezasp E-Mail : meatrezadotes ,...