WordPress Plugin ProfilePress 3.1.3 - Privilege Escalation (Unauthenticated)

Exploit Title: WordPress Plugin ProfilePress 3.1.3 - Privilege Escalation Unauthenticated Date: 23-08-2021 Exploit Author: Numan Rajkotiya Vendor Homepage: https://profilepress.net/ Software Link: https://downloads.wordpress.org/plugin/wp-user-avatar.3.0.zip Version: 1 ProfilePress Formerly WP Us...

WordPress Car Rental System 1.3 Cross Site Scripting

Exploit Title: WordPress Car Rental System 1.3 XSS Vunlerability Google Dork:N/A Date: 2020-04-04 Exploit Author: @ThelastVvV Vendor Homepage: https://codecanyon.net/item/car-rental-system-wordpress-plugin/4239755?srank=3 Version: 1.3 Tested on: 5.4.0-kali4-amd64...

CVE-2017-18571

The search-everything plugin before 8.1.7 for WordPress has SQL injection related to WordPress 4.7.x, a different vulnerability than CVE-2014-2316...

Sql injection

The search-everything plugin before 8.1.7 for WordPress has SQL injection related to WordPress 4.7.x, a different vulnerability than CVE-2014-2316...

WordPress 'json' User Enumeration Vulnerability

WordPress is prone to a user enumeration vulnerability. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2017-5487

wp-includes/rest-api/endpoints/class-wp-rest-users-controller.php in the REST API implementation in WordPress 4.7 before 4.7.1 does not properly restrict listings of post authors, which allows remote attackers to obtain sensitive information via a wp-json/wp/v2/users request...