50738 matches found
📄 Tactical RMM Jinja2 SSTI Remote Code Execution
This Metasploit module exploits a Server-Side Template Injection SSTI vulnerability in Tactical RMM versions prior to 1.4.0 CVE-2025-69516. The reporting template preview endpoint passes user-controlled Jinja2 template content to Environment.fromstring without sandboxing, allowing arbitrary Pytho...
📄 Wireshark Dissector Crash Denial of Service
A vulnerability in the RF4CE Profile protocol dissector of Wireshark versions 4.6.0 through 4.6.3 and 4.4.0 through 4.4.13 allows an attacker to trigger a denial of service condition by supplying a specially crafted IEEE 802.15.4 packet capture file. The flaw exists in the handling of malformed...
📄 WordPress AI Engine 3.0.0 Shell Upload
This Metasploit module exploits an unauthenticated file upload vulnerability in the WordPress AI Engine plugin versions prior to 3.0.0. The plugin's REST API endpoint /wp-json/mwai-ui/v1/files/upload fails to properly validate authentication, allowing attackers to upload arbitrary files including...
📄 WordPress AI Bud 1.8.5 Shell Upload
WordPress AI Bud plugin version 1.8.5 suffers from an unauthenticated shell upload vulnerability. The vulnerability exists in the actualizadorgit.php file which provides unauthenticated access to download and execute files from arbitrary GitHub repositories without proper security controls...
📄 WordPress Real Estate 7 3.5.2 Privilege Escalation
This Metasploit auxiliary scanner module targets a privilege escalation vulnerability in WordPress Real Estate 7 plugin version 3.5.2. The flaw allows unauthenticated attackers to register a new user account with administrator privileges by abusing the ctaddnewmember AJAX action...
📄 WordPress Cibeles AI 1.10.8 Shell Upload
An unauthenticated arbitrary file upload vulnerability exists in the Cibeles AI plugin for WordPress versions 1.10.8 and earlier. The vulnerability allows unauthenticated attackers to upload arbitrary files, including PHP webshells, by exploiting the GitHub integration functionality, leading to...
📄 WordPress AMGT 44.0 Shell Upload
A vulnerability in the WordPress AMGT plugin version 44.0 membership registration form allows an attacker to upload arbitrary files via the "amgtuseravatar" parameter. The uploaded file is stored with a timestamp-based filename that can be guessed, allowing remote code execution...
📄 WordPress AI Feeds 1.0.11 Shell Upload
Proof of concept exploit for an unauthenticated arbitrary file upload vulnerability in the AI Feeds plugin for WordPress versions 1.0.11 and earlier. The vulnerability allows unauthenticated attackers to upload arbitrary files, including PHP webshells, by exploiting the GitHub integration...
📄 WonderCMS 3.4.2 Shell Upload
Proof of concept exploit for an authentication shell upload vulnerability in WonderCMS version 3.4.2. ============================================================================================================================================= | Title : WonderCMS 3.4.2 Authenticated file upload...
📄 WordPress AI Buddy 1.8.5 Shell Upload
Proof of concept exploit for a shell upload vulnerability in WordPress AI Buddy plugin versions 1.8.5 and below. This exploit is written in PHP. ============================================================================================================================================= | Title :...
📄 WordPress ACF 0.9.1.1 Remote Code Execution
WordPress ACF plugin version 0.9.1.1 unauthenticated remote code execution proof of concept exploit. ============================================================================================================================================= | Title : WordPress ACF 0.9.1.1 unauthenticated Remote...
📄 Splunk Enterprise 9.1.5 / 9.2.2 Vulnerability Scanner
This PHP script is a defensive vulnerability checker for CVE-2024-36985 affecting Splunk Enterprise. It authenticates to a Splunk instance using provided credentials, retrieves the installed Splunk version, and determines whether it falls within the vulnerable ranges. The script then enumerates...
📄 WordPress Bricks 1.9.6 Remote Code Execution
Proof of concept exploit for a critical vulnerability in WordPress Bricks Builder plugin version 1.9.6 that allows unauthenticated attackers to execute arbitrary PHP code through the Bricks REST API. The attack targets the renderelement endpoint, injecting malicious instructions in the Query Edit...
📄 WordPress AI Engine: ChatGPT Chatbot 1.9.98 Shell Upload
This is a proof of concept that demonstrates the CVE-2023-51409 vulnerability in the WordPress AI Engine plugin in a controlled, safe, and non-destructive manner. It detects the plugin, tests unauthenticated access to the vulnerable endpoint, performs safe file uploads with non-executable content...
📄 WordPress AI Engine 3.1.3 Mass Enumeration
This advisory documents a fully automated PHP-based exploitation framework designed to perform mass enumeration, plugin detection, token extraction, and automated account creation targeting vulnerable WordPress MCP-related REST API endpoints...
📄 WordPress AI Engine 3.1.3 Add Admin / Shell Upload
The AI Engine WordPress plugin version 3.1.3 exposes an MCP JSON RPC endpoint allowing unauthenticated calls to administrative functions. An attacker can remotely create an administrator account then upload a malicious plugin or payload to obtain full remote code execution on the WordPress Server...
📄 WeGIA 3.5.0 SQL Injection
Proof of concept remote SQL injection exploit for WeGIA versions 3.5.0 and below. Exploit Title: WeGIA 3.5.0 - SQL Injection Date: 2025-10-14 Exploit Author: Onur Demir OnurDemir-Dev Vendor Homepage: https://www.wegia.org Software Link: https://github.com/LabRedesCefetRJ/WeGIA/ Version: " echo...
📄 Google Cloud Vertex AI SDK Cross Site Scripting / Code Execution
A persistent cross site scripting vulnerability was identified in the genai/evalsvisualization component of Google Cloud Vertex AI SDK google-cloud-aiplatform, affecting versions 1.98.0 up to but not including 1.131.0. The vulnerability allows an unauthenticated remote attacker to inject maliciou...
📄 GVfs 1.58.1 FTP Backend CRLF Injection
A vulnerability was identified in the FTP backend of GVfs due to improper input validation. A remote attacker can exploit this flaw by supplying specially crafted file paths containing Carriage Return and Line Feed CRLF sequences. Because these CRLF sequences are not properly sanitized, they allo...
📄 libvips 8.19.0 VIPS Image Extraction Crash / Auditor
This Python script performs a comprehensive security and stability audit of the vips image processing binary. It tests the extractarea function using extreme int32 and uint32 values as well as normal ranges to detect crashes, memory corruption, or buffer overflows. The audit automates setup,...
📄 Easy File Sharing Web Server 7.2 Buffer Overflow
Easy File Sharing Web Server version 7.2 suffers from a buffer overflow vulnerability. Exploit title: Easy File Sharing Web Server v7.2 - Buffer Overflow Date: 16/10/2025 Exploit Author: Donwor X: @realDonwor Discord: Donwor Website: https://github.com/D0nw0r Software Link:...
📄 Wireshark 4.4.8 NULL Pointer Dereference
Proof of concept exploit that affects Wireshark versions 4.4.0 through 4.4.8. This report documents a NULL Pointer Dereference vulnerability pattern that can be triggered by opening a specially crafted PCAP file. The provided proof of concept is written in Python and demonstrates how malformed...
📄 libvips 8.19.0 vips_extract_area_build Local Integer Overflow
This Python script performs an advanced security audit on libvips version 8.19.0. It specifically targets the integer overflow vulnerability in the function vipsextractareabuild...
📄 GNU Inetutils telnetd NEW-ENVIRON Authentication Bypass
This Metasploit module exploits an authentication bypass vulnerability in GNU Inetutils telnetd. By sending a specially crafted NEW-ENVIRON subnegotiation with a USER variable containing -f root, an attacker can login as root without a password. This occurs because telnetd passes the environment...
📄 WordPress Eventin 4.0.34 Account Takeover
A critical vulnerability exists in the Speaker Management component of the target where an authenticated attacker can intercept the speaker update process and change any speaker's registered email address without proper authorization. This flaw allows the attacker to hijack arbitrary accounts by...
📄 WordPress Document Library Lite 1.1.6 Information Disclosure
Proof of concept exploit for WordPress Document Library Lite plugin version 1.1.6. The plugin fails to restrict access to an internal AJAX API endpoint allowing unauthenticated attackers to fetch document records exposing sensitive metadata...
📄 FreeRDP Integer Overflow
A vulnerability in FreeRDP prior to version 3.23.0 allows an attacker to trigger an endless blocking loop due to an integer overflow in the StreamEnsureCapacity function. The issue occurs when a requested buffer size approaches or exceeds half of SIZEMAX on 32-bit systems. During capacity...
📄 WordPress Query Console 1.0 Code Injection
This code represents an advanced, class-based proof-of-concept targeting a code injection vulnerability in WordPress Query Console plugin version 1.0. It is designed as a CLI-only tool that automates payload upload, verification, command execution testing, and optional interactive shell access,...
📄 WordPress Backup Migration 1.3.7 Database Disclosure
WordPress Backup Migration plugin version 1.3.7 allows unauthenticated users to access sensitive backup files, potentially exposing the full database and website content. An attacker can retrieve backup archives without authentication...
📄 WordPress Real Spaces Properties Directory Theme 3.6 Missing Authorization
Proof of concept exploit for a missing authorization vulnerability in WordPress Real Spaces Properties Directory Theme version 3.6. ============================================================================================================================================= | Title : WordPress Rea...
📄 WordPress File Away 3.9.9.0.1 Arbitrary File Read
Proof of concept exploit for a WordPress File Away plugin version 3.9.9.0.1 arbitrary file read vulnerability. ============================================================================================================================================= | Title : WordPress File Away Plugin =...
📄 WordPress King Addons for Elementor 51.1.14 Privilege Escalation
Proof of concept for a WordPress King Addons for Elementor plugin versions 24.12.92 through 51.1.14 unauthenticated privilege escalation vulnerability. ============================================================================================================================================= |...
📄 WordPress Premium Age Verification Restriction 3.0.2 Shell Upload
A critical security vulnerability exists in the WordPress Age Restriction plugin version 3.0.2 and earlier. The vulnerability allows unauthenticated attackers to upload arbitrary PHP files and execute remote code via the remotetunnel.php endpoint. This leads to complete compromise of the WordPres...
📄 WordPress Elementor 3.18.1 Shell Upload
Proof of concept exploit for WordPress Elementor plugin version 3.18.1 that demonstrates a remote shell upload vulnerability. ============================================================================================================================================= | Title : WordPress Elementor...
📄 WordPress Really Simple Security 9.1.1.1 Authentication Bypass
This Metasploit module exploits an authentication bypass vulnerability in the WordPress Really Simple SSL plugin versions 9.1.1.1 and below. The vulnerability exists in the skiponboarding REST API endpoint. When exploited, the module allows unauthenticated attackers to gain full administrator...
📄 MajorDoMo Supply Chain Remote Code Execution
This Metasploit module exploits an unauthenticated remote code execution vulnerability in MajorDoMo's saverestore module via supply chain poisoning. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require...
📄 Checkmk 2.4.0p21 Cross Site Scripting
Checkmk suffers from a persistent cross site scripting vulnerability. Versions affected include 2.4.0 before 2.4.0p22 and 2.3.0 before 2.3.0p43. ============================================================================================================================================= | Title :...
📄 WordPress MPMF Plugin 1.0.2 Shell Upload
This Metasploit module exploits an unauthenticated file upload vulnerability in WordPress Multi‑Purpose Multi‑Form MPMF plugin version 1.0.2. By abusing a vulnerable AJAX action exposed via admin-ajax.php, an attacker can upload a crafted PHP file and trigger its execution to obtain remote code...
📄 WordPress Project Notebooks 1.1.4 Remote Code Execution
Proof of concept exploit for the WordPress Project Notebooks plugin version 1.1.4 remote code execution vulnerability that allows for privilege escalation through improper validation of AJAX actions and nonce exposure...
📄 WordPress File Upload 4.24.11 Path Traversal / Remote Code Execution
A critical unauthenticated remote code execution vulnerability exists in the WordPress File Upload plugin versions 4.24.11 and earlier. The vulnerability allows attackers to execute arbitrary operating system commands through path traversal and improper input validation in the wfufiledownloader.p...
📄 WordPress External Post Editor 1.2.3 Scanner
This PHP forensic scanner is designed to assess WordPress sites for the External Post Editor plugin vulnerability in version 1.2.3 that allows unauthenticated file upload potentially leading to remote code execution...
📄 WordPress PDF Generator Addon for Elementor Page Builder 1.75 Traversal
Proof of concept exploit for a WordPress PDF Generator Addon for Elementor Page Builder plugin version 1.75 unauthenticated arbitrary file download vulnerability that leverages a path traversal...
📄 WordPress Flex QR Code Generator 1.2.5 Shell Upload
Proof of concept exploit for a remote shell upload vulnerability in WordPress Flex QR Code Generator plugin version 1.2.5. ============================================================================================================================================= | Title : WordPress Flex QR Code...
📄 MajorDoMo Console Eval Unauthenticated Remote Code Execution
This Metasploit module exploits an unauthenticated remote code execution vulnerability in MajorDoMo, an open-source home automation platform. The admin panels PHP console is accessible without authentication due to a missing exit after redirect in modules/panel.class.php. The redirect"/" call...
📄 MajorDoMo Remote Command Injection / Race Condition
This Metasploit module exploits an unauthenticated command injection vulnerability in MajorDoMos remote command handler rc/index.php. The param parameter is interpolated into double quotes without escapeshellarg, and the resulting string is passed to safeexec which inserts it into the safeexecs...
📄 WordPress Email Subscribers 5.7.14 SQL Injection
WordPress Email Subscribers plugin version 5.7.14 remote SQL injection proof of concept exploit. ============================================================================================================================================= | Title : wordpress Email Subscribers 5.7.14 Sql Injection...
📄 Honeywell Trend IQ4xx BMS Controller Unauthenticated Remote Web-HMI Control / Lockout
The Honeywell IQ4 Trend IQ4 exposes its full web-based HMI without authentication in its factory-default configuration. With no user module configured, security is disabled by design and the system operates under a System User level 100 context, granting read/write privileges to any party able to...
📄 WordPress RFC 6.0.8 Security Scanner
WordPress RFC plugin version 6.0.8 security scanner that detects and attempts remote shell upload. ============================================================================================================================================= | Title : WordPress RFC Plugin 6.0.8 Security Scanner | ...
📄 WordPress RomethemeKit for Elementor 1.5.4 Privilege Escalation
Proof of concept exploit for an unauthorized privilege escalation vulnerability in WordPress RomethemeKit for Elementor plugin version 1.5.4 ============================================================================================================================================= | Title :...
📄 WordPress RestroPress Online Food Ordering System 3.1.9.2 Disclosure Scanner
WordPress RestroPress Online Food Ordering System plugin version 3.1.9.2 user metadata exposure scanner. ============================================================================================================================================= | Title : WordPress RestroPress Online Food Orderi...