Exploit for Cross-site Scripting in Codex-Themes Thegem

TheGem-Theme-Exploit-Chain-One-Click-Full-Compromise-Subscribe...

Exploit for CVE-2026-1729

CVE-2026-1729 - AdForest WordPress Authentication Bypass PoC...

EUVD-2016-1949

Malware in sbrugna...

EUVD-2022-38166

Malicious code in bioql PyPI...

Exploit for CVE-2024-8682

CVE-2024-8682 - JNews Unauthenticated Registration PoC JNew...

CVE-2023-3219

The EventON WordPress plugin before 2.1.2 does not validate that the eventid parameter in its eventonicsdownload ajax action is a valid Event, allowing unauthenticated visitors to access any Post including unpublished or protected posts content via the ics export functionality by providing the...

CVE-2019-10673

A CSRF vulnerability in a logged-in user's profile edit form in the Ultimate Member plugin before 2.0.40 for WordPress allows attackers to become admin and subsequently extract sensitive information and execute arbitrary code. This occurs because the attacker can change the e-mail address in the...

Exploit for CVE-2025-32583

🚨 CVE-2025-32583 — WordPress PDF 2 Post RCE Exploit CRITI...

PT-2025-16115 · WordPress · Everest Forms

Name of the Vulnerable Software and Affected Versions: The Everest Forms – Contact Form, Quiz, Survey, Newsletter & Payment Form Builder for WordPress versions up to 3.1.1 Description: The issue arises from the software's failure to properly validate a value before executing do shortcode, allowin...

Exploit for CVE-2024-56071

🚨 Simple Dashboard = 2.0 - Unauthenticated Privilege Escalati...

Exploit for Unrestricted Upload of File with Dangerous Type in Etoilewebdesign Front_End_Users

WordPress FEUP Arbitrary File Upload Exploit CVE-2025-2005 T...

CVE-2025-23583

CVE-2025-23583 is a reflected XSS in Explara Membership (WordPress). Affected: Explara Membership from n/a to 0.0.7. Root cause: Improper neutralization of input during web page generation. Impact: possible cross-site scripting exposure; no exploit details provided in the sources. Remediation det...

Exploit for Missing Authorization in Websiteinwp Blogpoet

CVE-2024-43998 Description CVE-2024-43998: Missing Au...

Exploit for CVE-2024-54369

Zita Site Builder Exploit Guide Overview Zita Site Buil...

Exploit for Cross-site Scripting in Melapress Wp_Activity_Log

CVE-2024-10793 PoC Set this lines to your hosts file:...

CVE-2023-4691 Bookly < 22.4 - Admin+ SQLi

The WordPress Online Booking and Scheduling Plugin WordPress plugin before 22.4 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin...

Popup Builder < 4.2.0 - Admin+ Stored Cross-Site Scripting

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. Note: The vendor was made aware of th...

Exploit for Cross-site Scripting in Warfareplugins Social_Warfare

CVE-2019-9978 - Social Warfare Wordpress plugin RCE 3.5.3 R...

ImageMagick-Engine < 1.7.6 - Command Injection via CSRF

The plugin is missing CSRF checks in multiple actions, which could allow attackers to make a logged in admin perform unwanted actions. In this case, it could lead to RCE via Command Injection https://example.com/wp-admin/admin-ajax.php?action=imetestimpath&clipath=payload...

WordPress Plugin Postie 1.9.40 - Persistent Cross-Site Scripting

Exploit Title: WordPress Plugin Postie 1.9.40 - Persistent Cross-Site Scripting Google Dork: inurl:/wp-content/plugins/postie/readme.txt Date: 2020-01-15 Exploit Author: V1n1v131r4 Vendor Homepage: https://postieplugin.com/ Software Link: https://wordpress.org/plugins/postie/developers Version:...