WordPress Video Gallery plugin <= 2.4.1 - Authenticated (Administrator+) Stored Cross-Site Scripting vulnerability

Authenticated Administrator+ Stored Cross-Site Scripting vulnerability discovered by tmrswrr in WordPress Plugin Video Gallery – YouTube Gallery versions = 2.4.1...

Jcow Social Network Cross Site Scripting Vulnerability

Exploit Title: Jcow Social Networking 14.2 3 After Send invitations you will be see alert button...

LeptonCMS 7.0.0 - Remote Code Execution (RCE) (Authenticated)

Exploit Title: LeptonCMS 7.0.0 - Remote Code Execution RCE Authenticated Date: 2024-1-19 Exploit Author: tmrswrr Category: Webapps Vendor Homepage: https://www.lepton-cms.com/ Version : 7.0.0 1 Login with admin cred https://127.0.0.1/LEPTON/backend/login/index.php 2 Go to Languages place...

WhatACart 2.0.7 Cross Site Scripting Vulnerability

Exploit Title: WhatACart Version: 2.0.7 - Reflected XSS Date: 2023-12-27 Exploit Author: tmrswrr Category : Webapps Vendor Homepage: https://whatacart.com Version: 2.0.7 Tested on: https://whatacart.com/demo 1 Go to this page : https://demo.whatacart.com/ 2 Write search field this payload :...

CE Phoenix 1.0.8.20 Remote Code Execution Exploit

Exploit Title: CE Phoenix v1.0.8.20 - Remote Code Execution RCE Authenticated Date: 2023-11-25 Exploit Author: tmrswrr Category: Webapps Vendor Homepage: CE Phoenix Version: v1.0.8.20 Tested on: Softaculous Demo - CE Phoenix EXPLOIT : import requests from bs4 import BeautifulSoup import sys impor...