CVE-2024-7493

The WPCOM Member plugin for WordPress (versions ≤ 1.5.2.1) is vulnerable to unauthenticated privilege escalation via User Meta. The issue arises because arbitrary data can be passed to wp_insert_user() during registration, enabling an unauthenticated attacker to set their role to Administrator du...

CVE-2014-9013

The ajaxinit function in wpmarketplace/libs/cart.php in the WP Marketplace plugin 2.4.0 for WordPress allows remote authenticated users to create arbitrary users and gain admin privileges via a request to wpmpppajaxcall with an execution target of wpinsertuser...

CVE-2014-9013

The ajaxinit function in wpmarketplace/libs/cart.php in the WP Marketplace plugin 2.4.0 for WordPress allows remote authenticated users to create arbitrary users and gain admin privileges via a request to wpmpppajaxcall with an execution target of wpinsertuser...

WordPress Plugin Marketplace 2.4.0 - Remote Code Execution (Add Admin)

WordPress Plugin Marketplace 2.4.0 - Remote Code Execution Add Admin !/usr/bin/python Exploit Name: WP Marketplace 2.4.0 Remote Command Execution Vulnerability discovered by Kacper Szurek http://security.szurek.pl Exploit written by Claudio Viviani...

Wordpress Download Manager 2.7.4 - Remote Code Execution Vulnerability

Exploit for php platform in category web applications !/usr/bin/python Exploit Name: Wordpress Download Manager 2.7.0-2.7.4 Remote Command Execution Vulnerability discovered by SUCURI TEAM http://blog.sucuri.net/2014/12/security-advisory-high-severity-wordpress-download-manager.html Exploit writt...

WordPress Download Manager 2.7.4 Remote Command Execution

!/usr/bin/python Exploit Name: Wordpress Download Manager 2.7.0-2.7.4 Remote Command Execution Vulnerability discovered by SUCURI TEAM http://blog.sucuri.net/2014/12/security-advisory-high-severity-wordpress-download-manager.html Exploit written by Claudio Viviani 2014-12-03: Discovered...