WordPress Membership For WooCommerce plugin <= 2.8.1 - Broken Access Control Vulnerability

Broken Access Control Vulnerability discovered by timomangcut in WordPress Plugin Membership For WooCommerce versions = 2.8.1...

CVE-2023-33763

creationtimestamp| type| source ---|---|--- 2025-01-08 20:14:10+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/815...

CVE-2024-6159

creationtimestamp| type| source ---|---|--- 2024-09-09 14:03:54+00:00| published-proof-of-concept| https://t.me/codeb0ss/1597...

CVE-2022-38322

creationtimestamp| type| source ---|---|--- 2024-07-18 04:18:36+00:00| published-proof-of-concept| https://t.me/HackingInsights/6386...

CVE-2022-35587

A cross-site scripting XSS issue in the Fork version 5.9.3 allows remote attackers to inject JavaScript via the "publishondate" Parameter...

CVE-2019-15889

The download-manager plugin before 2.9.94 for WordPress has XSS via the category shortcode feature, as demonstrated by the orderby or searchpublishdate parameter...

WooCommerce CSV-Importer-Plugin 3.3.6 - Remote Code Execution Vulnerability

Exploit for php platform in category web applications Exploit Title: Plugin Woocommerce CSV importer 3.3.6 – RCE – Unlink Date: 08/04/2018 Exploit Author: Lenon Leite Vendor Homepage: https://wordpress.org/plugins/woocommerce-csvimport/ Software Link:...

WordPress Plugin JTRT Responsive Tables 4.1 - SQL Injection

WordPress Plugin JTRT Responsive Tables 4.1 - SQL Injection Exploit Title: JTRT Responsive Tables 4.1 – WordPress Plugin – Sql Injection Exploit Author: Lenon Leite Vendor Homepage: https://wordpress.org/plugins/jtrt-responsive-tables/ Software Link:...

Simple Blog PHP 2.0 - Multiple Vulnerabilities

Simple Blog PHP 2.0 - Multiple Vulnerabilities ===================================================== Simple Blog PHP 2.0 - CSRFAdd Post // Stored XSS ===================================================== Vendor Homepage: http://simpleblogphp.com/ Date: 13 Oct 2016 Demo Link :...

Joomla! Component BF Quiz 1.3.0 - SQL Injection (1)

Joomla! Component BF Quiz 1.3.0 - SQL Injection 1 Exploit Title: Joomla Component BF Quiz SQL Injection Vulnerability Date: 29th May 2010 Author: Valentin Category: webapps/0day Version: 1.3.0 Tested on: Debian, Apache2, MySQL 5 CVE : Code : :::::::::::::::::::::::::::::::::::::: 0x1...

Hosting Controller 6.1 Hotfix 3.1 - Privilege Escalation

Hosting Controller 6.1 Hotfix 3.1 - Privilege Escalation Title: An attacker can gain reseller privileges and after that can gain admin privileges Version: 6.1 Hotfix function siteaction nact= "/hosting/addreseller.asp?htype=3" window.document.all.frm1.action = window.document.all.siteact.value +...