Exploit for CVE-2026-1311

CVE-2026-1311 CVE-2026-1311 Sample PHP Payload Files...

EUVD-2022-42742

Malicious code in bioql PyPI...

WordPress User Registration & Membership Plugin 4.1.2 - Authentication Bypass

!/usr/bin/env python3 Exploit Title: WordPress User Registration & Membership Plugin 4.1.2 - Authentication Bypass Date: 2025-05-22 Exploit Author: Mohammed Idrees Banyamer Vendor Homepage: https://wordpress.org/plugins/user-registration/ Software Link:...

CVE-2021-24192

Low privileged users can use the AJAX action 'cppluginsdobuttonjoblatercallback' in the Tree Sitemap WordPress plugin before 2.9, to install any plugin including a specific version from the WordPress repository, as well as activate arbitrary plugin from then blog, which helps attackers install...

Exploit for CVE-2025-39436

🚨 WordPress Plugin Exploit: CVE-2025-39436 📝 Description A...

CVE-2024-12114 FooGallery – Responsive Photo Gallery, Image Viewer, Justified, Masonry & Carousel <= 2.4.29 - Insecure Direct Object Reference to Authenticated (Custom+) Arbitrary Post/Page Updates

The FooGallery – Responsive Photo Gallery, Image Viewer, Justified, Masonry & Carousel plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.4.29 via the foogalleryattachmentmodalsave AJAX action due to missing validation on a user controll...

CVE-2020-13126

An issue was discovered in the Elementor Pro plugin before 2.9.4 for WordPress, as exploited in the wild in May 2020 in conjunction with CVE-2020-13125. An attacker with the Subscriber role can upload arbitrary executable files to achieve remote code execution. NOTE: the free Elementor plugin is...

CVE-2024-12461 WP-Revive Adserver <= 2.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

The WP-Revive Adserver plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wpreviveasync' shortcode in all versions up to, and including, 2.2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2024-12270

The Beautiful taxonomy filters plugin for WordPress is vulnerable to SQL Injection via the 'selects0term' parameter in all versions up to, and including, 2.4.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...

Exploit for Incorrect Authorization in Miniorange Web3_-_Crypto_Wallet_Login_\&_Nft_Token_Gating

CVE-2023-6036 POC about Wordpress plugin Web3 – Crypto wallet...

CVE-2023-0219 FluentSMTP < 2.2.3 - Stored XSS via Email Logs

The FluentSMTP WordPress plugin before 2.2.3 does not sanitize or escape email content, making it vulnerable to stored cross-site scripting attacks XSS when an administrator views the email logs. This exploit requires other plugins to enable users to send emails with unfiltered HTML...