Lucene search
K
PacketstormRecent

50738 matches found

Packet Storm
Packet Storm
added 2026/03/05 12:0 a.m.229 views

📄 Tactical RMM Jinja2 SSTI Remote Code Execution

This Metasploit module exploits a Server-Side Template Injection SSTI vulnerability in Tactical RMM versions prior to 1.4.0 CVE-2025-69516. The reporting template preview endpoint passes user-controlled Jinja2 template content to Environment.fromstring without sandboxing, allowing arbitrary Pytho...

8.8CVSS6.5AI score0.021EPSS
Exploits4
Packet Storm
Packet Storm
added 2026/03/05 12:0 a.m.144 views

📄 Wireshark Dissector Crash Denial of Service

A vulnerability in the RF4CE Profile protocol dissector of Wireshark versions 4.6.0 through 4.6.3 and 4.4.0 through 4.4.13 allows an attacker to trigger a denial of service condition by supplying a specially crafted IEEE 802.15.4 packet capture file. The flaw exists in the handling of malformed...

7.5CVSS6AI score0.00157EPSS
Exploits1
Packet Storm
Packet Storm
added 2026/03/04 12:0 a.m.208 views

📄 WordPress AI Engine 3.0.0 Shell Upload

This Metasploit module exploits an unauthenticated file upload vulnerability in the WordPress AI Engine plugin versions prior to 3.0.0. The plugin's REST API endpoint /wp-json/mwai-ui/v1/files/upload fails to properly validate authentication, allowing attackers to upload arbitrary files including...

10CVSS6.6AI score0.65046EPSS
Exploits4
Packet Storm
Packet Storm
added 2026/03/04 12:0 a.m.134 views

📄 WordPress AI Bud 1.8.5 Shell Upload

WordPress AI Bud plugin version 1.8.5 suffers from an unauthenticated shell upload vulnerability. The vulnerability exists in the actualizadorgit.php file which provides unauthenticated access to download and execute files from arbitrary GitHub repositories without proper security controls...

9.1CVSS6AI score0.00413EPSS
Exploits5
Packet Storm
Packet Storm
added 2026/03/04 12:0 a.m.143 views

📄 WordPress Real Estate 7 3.5.2 Privilege Escalation

This Metasploit auxiliary scanner module targets a privilege escalation vulnerability in WordPress Real Estate 7 plugin version 3.5.2. The flaw allows unauthenticated attackers to register a new user account with administrator privileges by abusing the ctaddnewmember AJAX action...

5.9AI score
Exploits0
Packet Storm
Packet Storm
added 2026/03/04 12:0 a.m.139 views

📄 WordPress Cibeles AI 1.10.8 Shell Upload

An unauthenticated arbitrary file upload vulnerability exists in the Cibeles AI plugin for WordPress versions 1.10.8 and earlier. The vulnerability allows unauthenticated attackers to upload arbitrary files, including PHP webshells, by exploiting the GitHub integration functionality, leading to...

9.8CVSS6.7AI score0.00856EPSS
Exploits3
Packet Storm
Packet Storm
added 2026/03/04 12:0 a.m.173 views

📄 WordPress AMGT 44.0 Shell Upload

A vulnerability in the WordPress AMGT plugin version 44.0 membership registration form allows an attacker to upload arbitrary files via the "amgtuseravatar" parameter. The uploaded file is stored with a timestamp-based filename that can be guessed, allowing remote code execution...

10CVSS7.6AI score0.00463EPSS
Exploits2
Packet Storm
Packet Storm
added 2026/03/04 12:0 a.m.222 views

📄 WordPress AI Feeds 1.0.11 Shell Upload

Proof of concept exploit for an unauthenticated arbitrary file upload vulnerability in the AI Feeds plugin for WordPress versions 1.0.11 and earlier. The vulnerability allows unauthenticated attackers to upload arbitrary files, including PHP webshells, by exploiting the GitHub integration...

9.8CVSS6.6AI score0.00856EPSS
Exploits3
Packet Storm
Packet Storm
added 2026/03/04 12:0 a.m.168 views

📄 WonderCMS 3.4.2 Shell Upload

Proof of concept exploit for an authentication shell upload vulnerability in WonderCMS version 3.4.2. ============================================================================================================================================= | Title : WonderCMS 3.4.2 Authenticated file upload...

6.1CVSS5.9AI score0.54305EPSS
Exploits16
Packet Storm
Packet Storm
added 2026/03/04 12:0 a.m.142 views

📄 WordPress AI Buddy 1.8.5 Shell Upload

Proof of concept exploit for a shell upload vulnerability in WordPress AI Buddy plugin versions 1.8.5 and below. This exploit is written in PHP. ============================================================================================================================================= | Title :...

9.1CVSS5.9AI score0.00413EPSS
Exploits5
Packet Storm
Packet Storm
added 2026/03/04 12:0 a.m.170 views

📄 WordPress ACF 0.9.1.1 Remote Code Execution

WordPress ACF plugin version 0.9.1.1 unauthenticated remote code execution proof of concept exploit. ============================================================================================================================================= | Title : WordPress ACF 0.9.1.1 unauthenticated Remote...

9.8CVSS6.5AI score0.73557EPSS
Exploits10
Packet Storm
Packet Storm
added 2026/03/04 12:0 a.m.169 views

📄 Splunk Enterprise 9.1.5 / 9.2.2 Vulnerability Scanner

This PHP script is a defensive vulnerability checker for CVE-2024-36985 affecting Splunk Enterprise. It authenticates to a Splunk instance using provided credentials, retrieves the installed Splunk version, and determines whether it falls within the vulnerable ranges. The script then enumerates...

8.8CVSS6AI score0.06517EPSS
Exploits6
Packet Storm
Packet Storm
added 2026/03/04 12:0 a.m.183 views

📄 WordPress Bricks 1.9.6 Remote Code Execution

Proof of concept exploit for a critical vulnerability in WordPress Bricks Builder plugin version 1.9.6 that allows unauthenticated attackers to execute arbitrary PHP code through the Bricks REST API. The attack targets the renderelement endpoint, injecting malicious instructions in the Query Edit...

10CVSS7.9AI score0.87452EPSS
Exploits16
Packet Storm
Packet Storm
added 2026/03/04 12:0 a.m.161 views

📄 WordPress AI Engine: ChatGPT Chatbot 1.9.98 Shell Upload

This is a proof of concept that demonstrates the CVE-2023-51409 vulnerability in the WordPress AI Engine plugin in a controlled, safe, and non-destructive manner. It detects the plugin, tests unauthenticated access to the vulnerable endpoint, performs safe file uploads with non-executable content...

10CVSS5.9AI score0.65046EPSS
Exploits4
Packet Storm
Packet Storm
added 2026/03/04 12:0 a.m.151 views

📄 WordPress AI Engine 3.1.3 Mass Enumeration

This advisory documents a fully automated PHP-based exploitation framework designed to perform mass enumeration, plugin detection, token extraction, and automated account creation targeting vulnerable WordPress MCP-related REST API endpoints...

9.8CVSS5.9AI score0.75063EPSS
Exploits5
Packet Storm
Packet Storm
added 2026/03/04 12:0 a.m.115 views

📄 WordPress AI Engine 3.1.3 Add Admin / Shell Upload

The AI Engine WordPress plugin version 3.1.3 exposes an MCP JSON RPC endpoint allowing unauthenticated calls to administrative functions. An attacker can remotely create an administrator account then upload a malicious plugin or payload to obtain full remote code execution on the WordPress Server...

9.8CVSS6.6AI score0.75063EPSS
Exploits7
Packet Storm
Packet Storm
added 2026/03/03 12:0 a.m.117 views

📄 WeGIA 3.5.0 SQL Injection

Proof of concept remote SQL injection exploit for WeGIA versions 3.5.0 and below. Exploit Title: WeGIA 3.5.0 - SQL Injection Date: 2025-10-14 Exploit Author: Onur Demir OnurDemir-Dev Vendor Homepage: https://www.wegia.org Software Link: https://github.com/LabRedesCefetRJ/WeGIA/ Version: " echo...

9.4CVSS6AI score0.00821EPSS
Exploits3
Packet Storm
Packet Storm
added 2026/03/03 12:0 a.m.142 views

📄 Google Cloud Vertex AI SDK Cross Site Scripting / Code Execution

A persistent cross site scripting vulnerability was identified in the genai/evalsvisualization component of Google Cloud Vertex AI SDK google-cloud-aiplatform, affecting versions 1.98.0 up to but not including 1.131.0. The vulnerability allows an unauthenticated remote attacker to inject maliciou...

5.7AI score
Exploits0
Packet Storm
Packet Storm
added 2026/03/03 12:0 a.m.123 views

📄 GVfs 1.58.1 FTP Backend CRLF Injection

A vulnerability was identified in the FTP backend of GVfs due to improper input validation. A remote attacker can exploit this flaw by supplying specially crafted file paths containing Carriage Return and Line Feed CRLF sequences. Because these CRLF sequences are not properly sanitized, they allo...

4.3CVSS6.3AI score0.0036EPSS
Exploits2
Packet Storm
Packet Storm
added 2026/03/03 12:0 a.m.131 views

📄 libvips 8.19.0 VIPS Image Extraction Crash / Auditor

This Python script performs a comprehensive security and stability audit of the vips image processing binary. It tests the extractarea function using extreme int32 and uint32 values as well as normal ranges to detect crashes, memory corruption, or buffer overflows. The audit automates setup,...

6AI score
Exploits0
Packet Storm
Packet Storm
added 2026/03/03 12:0 a.m.125 views

📄 Easy File Sharing Web Server 7.2 Buffer Overflow

Easy File Sharing Web Server version 7.2 suffers from a buffer overflow vulnerability. Exploit title: Easy File Sharing Web Server v7.2 - Buffer Overflow Date: 16/10/2025 Exploit Author: Donwor X: @realDonwor Discord: Donwor Website: https://github.com/D0nw0r Software Link:...

6.1AI score
Exploits0
Packet Storm
Packet Storm
added 2026/03/03 12:0 a.m.134 views

📄 Wireshark 4.4.8 NULL Pointer Dereference

Proof of concept exploit that affects Wireshark versions 4.4.0 through 4.4.8. This report documents a NULL Pointer Dereference vulnerability pattern that can be triggered by opening a specially crafted PCAP file. The provided proof of concept is written in Python and demonstrates how malformed...

7.8CVSS6.3AI score0.00194EPSS
Exploits1
Packet Storm
Packet Storm
added 2026/03/03 12:0 a.m.158 views

📄 libvips 8.19.0 vips_extract_area_build Local Integer Overflow

This Python script performs an advanced security audit on libvips version 8.19.0. It specifically targets the integer overflow vulnerability in the function vipsextractareabuild...

5.5CVSS6AI score0.00214EPSS
Exploits2
Packet Storm
Packet Storm
added 2026/03/03 12:0 a.m.121 views

📄 GNU Inetutils telnetd NEW-ENVIRON Authentication Bypass

This Metasploit module exploits an authentication bypass vulnerability in GNU Inetutils telnetd. By sending a specially crafted NEW-ENVIRON subnegotiation with a USER variable containing -f root, an attacker can login as root without a password. This occurs because telnetd passes the environment...

9.8CVSS6AI score0.98871EPSS
Exploits60
Packet Storm
Packet Storm
added 2026/03/02 12:0 a.m.146 views

📄 WordPress Eventin 4.0.34 Account Takeover

A critical vulnerability exists in the Speaker Management component of the target where an authenticated attacker can intercept the speaker update process and change any speaker's registered email address without proper authorization. This flaw allows the attacker to hijack arbitrary accounts by...

8.8CVSS6.1AI score0.00526EPSS
Exploits3
Packet Storm
Packet Storm
added 2026/03/02 12:0 a.m.147 views

📄 WordPress Document Library Lite 1.1.6 Information Disclosure

Proof of concept exploit for WordPress Document Library Lite plugin version 1.1.6. The plugin fails to restrict access to an internal AJAX API endpoint allowing unauthenticated attackers to fetch document records exposing sensitive metadata...

5.3CVSS5.9AI score0.0028EPSS
Exploits2
Packet Storm
Packet Storm
added 2026/03/02 12:0 a.m.102 views

📄 FreeRDP Integer Overflow

A vulnerability in FreeRDP prior to version 3.23.0 allows an attacker to trigger an endless blocking loop due to an integer overflow in the StreamEnsureCapacity function. The issue occurs when a requested buffer size approaches or exceeds half of SIZEMAX on 32-bit systems. During capacity...

6.1AI score
Exploits0
Packet Storm
Packet Storm
added 2026/03/02 12:0 a.m.152 views

📄 WordPress Query Console 1.0 Code Injection

This code represents an advanced, class-based proof-of-concept targeting a code injection vulnerability in WordPress Query Console plugin version 1.0. It is designed as a CLI-only tool that automates payload upload, verification, command execution testing, and optional interactive shell access,...

10CVSS7.5AI score0.5364EPSS
Exploits4
Packet Storm
Packet Storm
added 2026/03/02 12:0 a.m.158 views

📄 WordPress Backup Migration 1.3.7 Database Disclosure

WordPress Backup Migration plugin version 1.3.7 allows unauthenticated users to access sensitive backup files, potentially exposing the full database and website content. An attacker can retrieve backup archives without authentication...

5.9AI score
Exploits0
Packet Storm
Packet Storm
added 2026/03/02 12:0 a.m.170 views

📄 WordPress Real Spaces Properties Directory Theme 3.6 Missing Authorization

Proof of concept exploit for a missing authorization vulnerability in WordPress Real Spaces Properties Directory Theme version 3.6. ============================================================================================================================================= | Title : WordPress Rea...

9.8CVSS5.9AI score0.00352EPSS
Exploits3
Packet Storm
Packet Storm
added 2026/03/02 12:0 a.m.189 views

📄 WordPress File Away 3.9.9.0.1 Arbitrary File Read

Proof of concept exploit for a WordPress File Away plugin version 3.9.9.0.1 arbitrary file read vulnerability. ============================================================================================================================================= | Title : WordPress File Away Plugin =...

7.5CVSS6AI score0.0155EPSS
Exploits6
Packet Storm
Packet Storm
added 2026/03/02 12:0 a.m.193 views

📄 WordPress King Addons for Elementor 51.1.14 Privilege Escalation

Proof of concept for a WordPress King Addons for Elementor plugin versions 24.12.92 through 51.1.14 unauthenticated privilege escalation vulnerability. ============================================================================================================================================= |...

9.8CVSS5.9AI score0.09142EPSS
Exploits4
Packet Storm
Packet Storm
added 2026/03/02 12:0 a.m.169 views

📄 WordPress Premium Age Verification Restriction 3.0.2 Shell Upload

A critical security vulnerability exists in the WordPress Age Restriction plugin version 3.0.2 and earlier. The vulnerability allows unauthenticated attackers to upload arbitrary PHP files and execute remote code via the remotetunnel.php endpoint. This leads to complete compromise of the WordPres...

9.8CVSS6.3AI score0.0055EPSS
Exploits2
Packet Storm
Packet Storm
added 2026/03/02 12:0 a.m.253 views

📄 WordPress Elementor 3.18.1 Shell Upload

Proof of concept exploit for WordPress Elementor plugin version 3.18.1 that demonstrates a remote shell upload vulnerability. ============================================================================================================================================= | Title : WordPress Elementor...

9.9CVSS6AI score0.041EPSS
Exploits3
Packet Storm
Packet Storm
added 2026/03/02 12:0 a.m.126 views

📄 WordPress Really Simple Security 9.1.1.1 Authentication Bypass

This Metasploit module exploits an authentication bypass vulnerability in the WordPress Really Simple SSL plugin versions 9.1.1.1 and below. The vulnerability exists in the skiponboarding REST API endpoint. When exploited, the module allows unauthenticated attackers to gain full administrator...

9.8CVSS5.9AI score0.81722EPSS
Exploits21
Packet Storm
Packet Storm
added 2026/03/02 12:0 a.m.154 views

📄 MajorDoMo Supply Chain Remote Code Execution

This Metasploit module exploits an unauthenticated remote code execution vulnerability in MajorDoMo's saverestore module via supply chain poisoning. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require...

9.8CVSS6.5AI score0.01086EPSS
Exploits4
Packet Storm
Packet Storm
added 2026/03/02 12:0 a.m.142 views

📄 Checkmk 2.4.0p21 Cross Site Scripting

Checkmk suffers from a persistent cross site scripting vulnerability. Versions affected include 2.4.0 before 2.4.0p22 and 2.3.0 before 2.3.0p43. ============================================================================================================================================= | Title :...

7.3CVSS5.3AI score0.00141EPSS
Exploits1
Packet Storm
Packet Storm
added 2026/03/02 12:0 a.m.166 views

📄 WordPress MPMF Plugin 1.0.2 Shell Upload

This Metasploit module exploits an unauthenticated file upload vulnerability in WordPress Multi‑Purpose Multi‑Form MPMF plugin version 1.0.2. By abusing a vulnerable AJAX action exposed via admin-ajax.php, an attacker can upload a crafted PHP file and trigger its execution to obtain remote code...

10CVSS6.5AI score0.00611EPSS
Exploits2
Packet Storm
Packet Storm
added 2026/03/02 12:0 a.m.148 views

📄 WordPress Project Notebooks 1.1.4 Remote Code Execution

Proof of concept exploit for the WordPress Project Notebooks plugin version 1.1.4 remote code execution vulnerability that allows for privilege escalation through improper validation of AJAX actions and nonce exposure...

9.8CVSS6.5AI score0.00583EPSS
Exploits2
Packet Storm
Packet Storm
added 2026/03/02 12:0 a.m.202 views

📄 WordPress File Upload 4.24.11 Path Traversal / Remote Code Execution

A critical unauthenticated remote code execution vulnerability exists in the WordPress File Upload plugin versions 4.24.11 and earlier. The vulnerability allows attackers to execute arbitrary operating system commands through path traversal and improper input validation in the wfufiledownloader.p...

9.8CVSS6.7AI score0.92319EPSS
Exploits4
Packet Storm
Packet Storm
added 2026/03/02 12:0 a.m.118 views

📄 WordPress External Post Editor 1.2.3 Scanner

This PHP forensic scanner is designed to assess WordPress sites for the External Post Editor plugin vulnerability in version 1.2.3 that allows unauthenticated file upload potentially leading to remote code execution...

9.8CVSS6.2AI score0.37815EPSS
Exploits5
Packet Storm
Packet Storm
added 2026/03/02 12:0 a.m.137 views

📄 WordPress PDF Generator Addon for Elementor Page Builder 1.75 Traversal

Proof of concept exploit for a WordPress PDF Generator Addon for Elementor Page Builder plugin version 1.75 unauthenticated arbitrary file download vulnerability that leverages a path traversal...

7.5CVSS6AI score0.07486EPSS
Exploits3
Packet Storm
Packet Storm
added 2026/03/02 12:0 a.m.158 views

📄 WordPress Flex QR Code Generator 1.2.5 Shell Upload

Proof of concept exploit for a remote shell upload vulnerability in WordPress Flex QR Code Generator plugin version 1.2.5. ============================================================================================================================================= | Title : WordPress Flex QR Code...

9.8CVSS6AI score0.00878EPSS
Exploits3
Packet Storm
Packet Storm
added 2026/03/02 12:0 a.m.127 views

📄 MajorDoMo Console Eval Unauthenticated Remote Code Execution

This Metasploit module exploits an unauthenticated remote code execution vulnerability in MajorDoMo, an open-source home automation platform. The admin panels PHP console is accessible without authentication due to a missing exit after redirect in modules/panel.class.php. The redirect"/" call...

9.8CVSS6.5AI score0.06996EPSS
Exploits4
Packet Storm
Packet Storm
added 2026/03/02 12:0 a.m.121 views

📄 MajorDoMo Remote Command Injection / Race Condition

This Metasploit module exploits an unauthenticated command injection vulnerability in MajorDoMos remote command handler rc/index.php. The param parameter is interpolated into double quotes without escapeshellarg, and the resulting string is passed to safeexec which inserts it into the safeexecs...

9.8CVSS5.9AI score0.06872EPSS
Exploits3
Packet Storm
Packet Storm
added 2026/03/02 12:0 a.m.126 views

📄 WordPress Email Subscribers 5.7.14 SQL Injection

WordPress Email Subscribers plugin version 5.7.14 remote SQL injection proof of concept exploit. ============================================================================================================================================= | Title : wordpress Email Subscribers 5.7.14 Sql Injection...

9.8CVSS6AI score0.80596EPSS
Exploits4
Packet Storm
Packet Storm
added 2026/03/02 12:0 a.m.146 views

📄 Honeywell Trend IQ4xx BMS Controller Unauthenticated Remote Web-HMI Control / Lockout

The Honeywell IQ4 Trend IQ4 exposes its full web-based HMI without authentication in its factory-default configuration. With no user module configured, security is disabled by design and the system operates under a System User level 100 context, granting read/write privileges to any party able to...

5.9AI score
Exploits0
Packet Storm
Packet Storm
added 2026/02/27 12:0 a.m.128 views

📄 WordPress RFC 6.0.8 Security Scanner

WordPress RFC plugin version 6.0.8 security scanner that detects and attempts remote shell upload. ============================================================================================================================================= | Title : WordPress RFC Plugin 6.0.8 Security Scanner | ...

6AI score
Exploits0
Packet Storm
Packet Storm
added 2026/02/27 12:0 a.m.166 views

📄 WordPress RomethemeKit for Elementor 1.5.4 Privilege Escalation

Proof of concept exploit for an unauthorized privilege escalation vulnerability in WordPress RomethemeKit for Elementor plugin version 1.5.4 ============================================================================================================================================= | Title :...

9.9CVSS5.9AI score0.0176EPSS
Exploits2
Packet Storm
Packet Storm
added 2026/02/27 12:0 a.m.145 views

📄 WordPress RestroPress Online Food Ordering System 3.1.9.2 Disclosure Scanner

WordPress RestroPress Online Food Ordering System plugin version 3.1.9.2 user metadata exposure scanner. ============================================================================================================================================= | Title : WordPress RestroPress Online Food Orderi...

9.8CVSS5.9AI score0.02196EPSS
Exploits6
Total number of security vulnerabilities50738