Lucene search
K
ZdtMost viewed

39001 matches found

0day.today
0day.today
added 2019/04/10 12:0 a.m.253 views

Dell KACE Systems Management Appliance (K1000) 6.4.120756 - Remote Code Execution Expoit

Exploit for php platform in category web applications !/usr/bin/python Exploit Title: Dell KACE Systems Management Appliance K1000 = 6.4.120756 Unauthenticated RCE Version: = 6.4.120756 Author: Julien Ahrens @MrTuxracer Software Link:...

7.4AI score
Exploits0
0day.today
0day.today
added 2018/11/09 12:0 a.m.253 views

D-LINK Central WifiManager (CWM 100) 1.03 r0098 Man-In-The-Middle Vulnerability

The FTP Server component of the D-LINK Central WifiManager can be used as a man-in-the-middle machine allowing PORT Command bounce scan attacks. This vulnerability allows remote attackers to abuse your network and discreetly conduct network port scanning. Victims will then think these scans are...

5.8CVSS0.5AI score0.02034EPSS
Exploits3
0day.today
0day.today
added 2014/11/18 12:0 a.m.253 views

Internet Explorer 8 - Fixed Col Span ID Full ASLR, DEP & EMET 5.1 Bypass (MS12-037)

Exploit for windows platform in category remote exploits function strtointstr return str.charCodeAt10x10000 + str.charCodeAt0; var free = "EEEE"; while free.length 500 free += free; var string1 = "AAAA"; while string1.length 500 string1 += string1; var string2 = "BBBB"; while string2.length 500...

9.3CVSS0.64962EPSS
Exploits27
0day.today
0day.today
added 2013/03/01 12:0 a.m.253 views

PHP-Fusion 7.02.05 XSS / LFI / SQL Injection Vulnerabilities

PHP-Fusion version 7.02.05 suffers from insecure backup handling, cross site scripting, local file inclusion, and remote SQL injection vulnerabilities. Multiple Vulnerabilities in PHP-Fusion 7.02.05 ===================================================== Author: Janek Vind "waraxe" Date: 27. Februa...

7.9AI score
Exploits0
0day.today
0day.today
added 2010/11/28 12:0 a.m.253 views

Kleeja Upload Script remote read config Vulnerability

Exploit for php platform in category web applications ===================================================== Kleeja Upload Script remote read config Vulnerability ===================================================== + Author : ali.erroor Contact : email protected HomePage :...

7.1AI score
Exploits0
0day.today
0day.today
added 2007/01/17 12:0 a.m.253 views

Woltlab Burning Board <= 1.0.2, 2.3.6 search.php SQL Injection Exploit 2

Exploit for unknown platform in category web applications ======================================================================== Woltlab Burning Board = 1.0.2, 2.3.6 search.php SQL Injection Exploit 2 ======================================================================== !/usr/bin/perl Woltla...

7.1AI score
Exploits0
0day.today
0day.today
added 2024/08/08 12:0 a.m.252 views

Journyx 11.5.4 XML Injection Vulnerability

Journyx version 11.5.4 has an issue where the soapcgi.pyc API handler allows the XML body of SOAP requests to contain references to external entities. This allows an unauthenticated attacker to read local files, perform server-side request forgery, and overwhelm the web server resources. Title:...

7.5CVSS7.1AI score0.32916EPSS
Exploits3
0day.today
0day.today
added 2023/05/02 12:0 a.m.252 views

revive-adserver v5.4.1 - Cross-Site Scripting Vulnerability

Exploit Title: revive-adserver v5.4.1 - Cross-Site Scripting XSS Application: revive-adserver Version: 5.4.1 Bugs: XSS Technology: PHP Vendor URL: https://www.revive-adserver.com/ Software Link: https://www.revive-adserver.com/download/ Date of found: 31-03-2023 Author: Mirabbas Ağalarov Tested o...

6.9AI score
Exploits0
0day.today
0day.today
added 2023/04/05 12:0 a.m.252 views

D-Link DIR-846 - Remote Command Execution Vulnerability

Exploit Title: D-Link DIR-846 - Remote Command Execution RCE vulnerability Exploit Author: Françoa Taffarel Vendor Homepage: https://www.dlink.com.br/produto/roteador-dir-846-gigabit-wi-fi-ac1200/suportehttps://www.dlink.com.br/wp-content/uploads/2020/02/DIR846enFW100A53DBR-Retail.zip Software...

8.8CVSS8.9AI score0.10503EPSS
Exploits4
0day.today
0day.today
added 2023/03/27 12:0 a.m.252 views

NVFLARE < 2.1.4 - Unsafe Deserialization due to Pickle Vulnerability

Exploit Title: NVFLARE 2.1.4 - Unsafe Deserialization due to Pickle Exploit Author: Elias Hohl Vendor Homepage: https://www.nvidia.com Software Link: https://github.com/NVIDIA/NVFlare Version: 2.1.4 Tested on: Ubuntu 20.04 CVE : CVE-2022-34668...

9.8CVSS9.6AI score0.08529EPSS
Exploits3
0day.today
0day.today
added 2023/03/06 12:0 a.m.252 views

Purchase Order Management - 1.0 - File Inclusion Vulnerabilities

Title: Purchase Order Management-1.0 - File Inclusion Vulnerabilities - Unprivilage user interaction Author: nu11secur1ty Date: 03.06.2023 Vendor: https://www.sourcecodester.com/user/257130/activity Software:...

7.1AI score
Exploits0
0day.today
0day.today
added 2022/12/24 12:0 a.m.252 views

Senayan Library Management System 9.2.0 SQL Injection Vulnerability

Title: Senayan Library Management System v9.2.0 a.k.a SLIMS 9 SQLi Author: nu11secur1ty Vendor: https://slims.web.id/web/ Software: https://github.com/slims/slims9bulian/releases/tag/v9.2.0 Reference: https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/slims.web.id/SLIMS-9.2.0/SQLi...

0.4AI score
Exploits0
0day.today
0day.today
added 2022/10/04 12:0 a.m.252 views

Joomla Rentalot Plus 19.05 Cross Site Scripting Vulnerability

┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ┌┘ Exploits ┌┘ └───────────────────────────────────────────────────────────────────────────────────────┘┘ : Author : CraCkEr : │ Website : extensions.joomla.org │ │ Vendor : Les Arbres Design │ │ Software :...

7.4AI score
Exploits0
0day.today
0day.today
added 2022/05/16 12:0 a.m.252 views

IpMatcher 1.0.4.1 Server-Side Request Forgery Vulnerability

IpMatcher versions 1.0.4.1 and below for .NET Core 2.0 and .NET Framework 4.5.2 incorrectly validates octal and hexadecimal input data which can lead to indeterminate server-side request forgery, local file inclusion, remote file inclusion, and denial of service vectors. Exploit Title: SSRF in .N...

9.8CVSS0.4AI score0.01962EPSS
Exploits3
0day.today
0day.today
added 2022/03/23 12:0 a.m.253 views

ImpressCMS 1.4.2 Authentication Bypass Vulnerability

----------------------------------------------------------------------- ImpressCMS stripSlashesGPC$autologinName; 46. $pass = $myts-stripSlashesGPC$autologinPass; 47. if empty$uname || isnumeric$pass 48. $user = false ; 49. else 50. // V3 51. $uname4sql = addslashes$uname; 52. $criteria = new...

9.8CVSS0.7AI score0.05544EPSS
Exploits3
0day.today
0day.today
added 2022/03/14 12:0 a.m.252 views

VIVE Runtime Service - (ViveAgentService) Unquoted Service Path Vulnerability

Exploit Title: VIVE Runtime Service - 'ViveAgentService' Unquoted Service Path Exploit Author: Faisal Alasmari Vendor Homepage: https://www.vive.com/ Software Link: https://developer.vive.com/resources/downloads/ Version: 1.0.0.4 Tested: Windows 10 x64 C:\Users\Usersc qc "VIVE Runtime Service" SC...

7.4AI score
Exploits0
0day.today
0day.today
added 2022/02/14 12:0 a.m.252 views

Slurp 1.10.2 Format String Vulnerability

Exploit Title: Slurp 1.10.2 - Remote Format String Date: 2022-02-12 Author: Milad Karimi slurp is a freely available, open source NNTP client. It is designed for use on most Unix and Linux operating systems. It may be possible for a remote server to execute code on a vulnerable client. slurp offe...

7.4AI score
Exploits0
0day.today
0day.today
added 2022/02/02 12:0 a.m.252 views

WordPress Domain Check 1.0.16 Plugin - Reflected Cross-Site Scripting Vulnerability

Exploit Title: WordPress Plugin Domain Check 1.0.16 - Reflected Cross-Site Scripting XSS Authenticated Exploit Author: Ceylan Bozogullarindan Author Webpage: https://bozogullarindan.com Vendor Homepage: https://domaincheckplugin.com/ Software Link: https://wordpress.org/plugins/domain-check/...

6.1CVSS0.1AI score0.12857EPSS
Exploits5
0day.today
0day.today
added 2022/01/19 12:0 a.m.252 views

uDoctorAppointment v2.1.1 - (Multiple) Cross Site Scripting Vulnerability

Exploit Title: uDoctorAppointment v2.1.1 - 'Multiple' Cross Site Scripting XSS Document Title: =============== uDoctorAppointment v2.1.1 - Multiple XSS Vulnerabilities Product & Service Introduction: =============================== Clinic management, doctor or therapist online medical appointment...

Exploits0
0day.today
0day.today
added 2022/01/17 12:0 a.m.253 views

OpenBMCS 2.4 Remote Privilege Escalation Vulnerability

OpenBMCS 2.4 Create Admin / Remote Privilege Escalation Vendor: OPEN BMCS Product web page: https://www.openbmcs.com Affected version: 2.4 Summary: Building Management & Controls System BMCS. No matter what the size of your business, the OpenBMCS software has the ability to expand to hundreds of...

7.1AI score
Exploits0
0day.today
0day.today
added 2020/03/02 12:0 a.m.252 views

Microsoft Windows Kernel Privilege Escalation Exploit

This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Tracing...

7.8CVSS0.1AI score0.2605EPSS
Exploits8
0day.today
0day.today
added 2018/11/09 12:0 a.m.252 views

D-LINK Central WifiManager (CWM 100) 1.03 r0098 DLL Hijacking Exploit

D-Link Central WiFiManager CWM-100 version 1.03 r0098 devices will load a trojan horse "quserex.dll" and will create a new thread running with SYSTEM integrity. + Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source:...

0.3AI score0.01675EPSS
Exploits3
0day.today
0day.today
added 2018/03/17 12:0 a.m.252 views

Firefox 44.0.2 - ASM.JS JIT-Spray Remote Code Execution Exploit

Exploit for windows platform in category remote exploits 46.0.1 -- CVE-2016-1960 and ASM.JS JIT-Spray "use strict" var Exploit = function this.asmjs = new Asmjs this.heap = new Heap Exploit.prototype.go = function / target address of fake node object / var nodetargetad...

9.1AI score0.87598EPSS
Exploits24
0day.today
0day.today
added 2016/11/03 12:0 a.m.252 views

SweetRice 1.5.1 - Cross-Site Request Forgery / PHP Code Execution Exploit

Exploit for php platform in category web applications Hacked '; phpinfo; Code You Can Customize Exploit For Your Self . Exploit : -- Hacked '; phpinfo;? 0day.today 2018-03-31...

Exploits0
0day.today
0day.today
added 2016/08/01 12:0 a.m.252 views

WordPress WP Live Chat Support 6.2.03 Plugin - Persistent Cross-Site Scripting

Exploit for php platform in category web applications Stored Cross-Site Scripting vulnerability in WP Live Chat Support WordPress Plugin Abstract A stored Cross-Site Scripting vulnerability was found in the WP Live Chat Support WordPress Plugin. This issue can be exploited by an unauthenticated...

7.1AI score
Exploits0
0day.today
0day.today
added 2011/05/21 12:0 a.m.252 views

vBulletin 4.0.x => 4.1.2 (search.php) SQL Injection Vulnerability

Exploit for php platform in category web applications 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /' \ /\ //\ Exploit database separated by exploit 0 0 // type local, remote, DoS, etc. 1 1 1 0 +...

7.1AI score
Exploits0
0day.today
0day.today
added 2024/10/22 12:0 a.m.251 views

SofaWiki 3.9.2 Cross Site Scripting Vulnerability

Exploit Title: SofaWiki 3.9.2 - Stored XSS Authenticated Exploit Author: Chokri Hammedi Vendor Homepage: https://www.sofawiki.com Software Link: https://www.sofawiki.com/site/files/snapshot.zip Version: 3.9.2 Tested on: Windows XP Summary: A stored XSS exists in SofaWiki's Open Ticket feature. An...

7.4AI score
Exploits0
0day.today
0day.today
added 2024/06/04 12:0 a.m.251 views

Serendipity 2.5.0 - Remote Code Execution Exploit

Exploit Title: Serendipity 2.5.0 - Remote Code Execution RCE Discovered by: Ahmet Ümit BAYRAM Vendor Homepage: https://docs.s9y.org/ Software Link:https://www.s9y.org/latest Tested Version: v2.5.0 latest Tested on: MacOS import requests import time import random import string from bs4 import...

7.4AI score
Exploits0
0day.today
0day.today
added 2024/01/29 12:0 a.m.251 views

Blood Bank & Donor Management System using v2.2 - Stored XSS Vulnerability

Exploit Title: Blood Bank & Donor Management System using v2.2 - Stored XSS Application: Blood Donor Management System Version: v2.2 Bugs: Stored XSS Technology: PHP Vendor Homepage: https://phpgurukul.com/ Software Link: https://phpgurukul.com/blood-bank-donor-management-system-free-download/...

7.4AI score
Exploits0
0day.today
0day.today
added 2024/01/22 12:0 a.m.251 views

ProSysInfo TFTP Server TFTPDWIN 0.4.2 Denial Of Service Exploit

!/usr/bin/perl use IO::Socket::INET; Exploit Title: ProSysInfo TFTP Server TFTPDWIN 0.4.2 - Denial of Service DoS Discovery by: Fernando Mengali Discovery Date: 20 january 2024 Vendor Homepage: N/A Download to demo: https://drive.google.com/file/d/1MLqBkCyu0dA-cNgYxCAO8xbsVcof060Z/view?usp=sharin...

7.4AI score
Exploits0
0day.today
0day.today
added 2023/09/04 12:0 a.m.251 views

Blood Donor Management System v1.0 - Stored XSS Vulnerability

Exploit Title: Blood Donor Management System v1.0 - Stored XSS Application: Blood Donor Management System Version: v1.0 Bugs: Stored XSS Technology: PHP Vendor Homepage: https://phpgurukul.com/ Software Link: https://phpgurukul.com/blood-donor-management-system-using-codeigniter/ Author: Ehlullah...

7.1AI score
Exploits0
0day.today
0day.today
added 2023/05/23 12:0 a.m.251 views

eScan Management Console 14.0.1400.2281 - Cross Site Scripting Vulnerability

Exploit Title: eScan Management Console 14.0.1400.2281 - Cross Site Scripting Exploit Author: Sahil Ojha Vendor Homepage: https://www.escanav.com Software Link: https://cl.escanav.com/ewconsole.dll Version: 14.0.1400.2281 Tested on: Windows CVE : CVE-2023-31703 Step of Reproduction/ Proof of...

6CVSS9.3AI score0.04475EPSS
Exploits4
0day.today
0day.today
added 2023/04/14 12:0 a.m.251 views

Sielco PolyEco Digital FM Transmitter 2.0.6 - Authentication Bypass Exploit

!/usr/bin/env python3 -- coding: utf-8 -- Exploit Title: Sielco PolyEco Digital FM Transmitter 2.0.6 - Authentication Bypass Exploit Exploit Author: LiquidWorm Sielco PolyEco Digital FM Transmitter 2.0.6 Authentication Bypass Exploit Vendor: Sielco S.r.l Product web page: https://www.sielco.org...

7.4AI score
Exploits0
0day.today
0day.today
added 2023/04/06 12:0 a.m.251 views

Auto Dealer Management System v1.0 - SQL Injection Vulnerability (2)

Exploit Title: Auto Dealer Management System v1.0 - SQL Injection in sellvehicle.php Author Name: Muhammad Navaid Zafar Ansari Date: 18 February 2023 CVE Assigned: CVE-2023-0913 mitre.org nvd.nist.org Vendor Homepage: https://www.sourcecodester.com Software Link: Auto Dealer Management System...

8.8CVSS8.8AI score0.01635EPSS
Exploits5
0day.today
0day.today
added 2023/03/28 12:0 a.m.251 views

SuperMailer v11.20 - Buffer overflow DoS Vulnerability

Exploit Title: SuperMailer v11.20 - Buffer overflow DoS Exploit Author: Rafael Pedrero Vendor Homepage: https://int.supermailer.de/downloadnewslettersoftware.htm Software Link : https://int.supermailer.de/smintsw.zip / https://int.supermailer.de/smintswx64.zip Tested Version: v11.20 32bit/64bit...

6.8AI score
Exploits0
0day.today
0day.today
added 2022/07/31 12:0 a.m.251 views

Carel pCOWeb HVAC BACnet Gateway 2.1.0 - Directory Traversal Vulnerability

Exploit Title: Carel pCOWeb HVAC BACnet Gateway 2.1.0 - Directory Traversal Exploit Author: LiquidWorm Vendor: CAREL INDUSTRIES S.p.A. Product web page: https://www.carel.com Affected version: Firmware: A2.1.0 - B2.1.0 Application Software: 2.15.4A Software version: v16 13020200 Summary: pCO...

0.3AI score
Exploits0
0day.today
0day.today
added 2022/05/12 12:0 a.m.251 views

D-LINK DAP-1620 A1 v1.01 - Directory Traversal Vulnerability

Exploit Title: DLINK DAP-1620 A1 v1.01 - Directory Traversal Exploit Author: Momen Eldawakhly Cyber Guy Vendor Homepage: https://me.dlink.com/consumer Version: DAP-1620 - A1 v1.01 Tested on: Linux CVE : CVE-2021-46381 POST /apply.cgi HTTP/1.1 Content-Type: application/x-www-form-urlencoded Refere...

7.5CVSS7.6AI score0.57984EPSS
Exploits4
0day.today
0day.today
added 2022/01/05 12:0 a.m.251 views

SAFARI Montage 8.5 - Reflected Cross Site Scripting Vulnerability

Exploit Title: SAFARI Montage 8.5 - Reflected Cross Site Scripting XSS Exploit Author: Momen Eldawakhly - Cyber Guy - Resecurity Inc Vendor Homepage: https://www.safarimontage.com/ Version: 8.3 and 8.5 Tested on: Ubuntu Linux Firefox CVE: CVE-2021-45425 Proof of Concept: GET...

6.1CVSS0.3AI score0.03394EPSS
Exploits4
0day.today
0day.today
added 2020/07/27 12:0 a.m.251 views

Socket.io-file 2.0.31 - Arbitrary File Upload Exploit

Exploit for multiple platform in category web applications...

1.8AI score
Exploits0
0day.today
0day.today
added 2020/04/24 12:0 a.m.251 views

QRadar Community Edition 7.3.1.6 Default Credentials Vulnerability

QRadar Community Edition version 7.3.1.6 is deployed with a default password for the ConfigServices account. Using this default password it is possible to download configuration sets containing sensitive information, including encrypted credentials and host tokens. With these host tokens it is...

5CVSS7.6AI score0.01959EPSS
Exploits3
0day.today
0day.today
added 2020/02/27 12:0 a.m.251 views

Cacti 1.2.8 - Unauthenticated Remote Code Execution Exploit

Exploit for multiple platform in category web applications !/usr/bin/python3 Exploit Title: Cacti v1.2.8 Unauthenticated Remote Code Execution Exploit Author: Askar @mohammadaskar2 CVE: CVE-2020-8813 Vendor Homepage: https://cacti.net/ Version: v1.2.8 Tested on: CentOS 7.3 / PHP 7.1.33 import...

7.1AI score0.73779EPSS
Exploits24
0day.today
0day.today
added 2020/01/23 12:0 a.m.251 views

Reliable Datagram Sockets (RDS) rds_atomic_free_op Privilege Escalation Exploit

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Reliable Datagram Sockets RDS rdsatomicfreeop NULL pointer dereference Privilege Escalation', 'Description' = %q This module attempts to gain roo...

5.5CVSS0.8AI score0.07679EPSS
Exploits7
0day.today
0day.today
added 2019/12/14 12:0 a.m.252 views

FTP Commander Pro 8.03 - Local Stack Overflow Exploit

Exploit Title: FTP Commander Pro 8.03 - Local Stack Overflow Exploit Author: boku Discovered by: UNNON Original DoS: FTP Commander 8.02 - Overwrite SEH Original DoS Link: https://www.exploit-db.com/exploits/37810 Software Vendor: http://www.internet-soft.com/ Software Link:...

7.4AI score
Exploits0
0day.today
0day.today
added 2019/07/02 12:0 a.m.251 views

Linux/ARM64 - Bind (4444/TCP) Shell (/bin/sh) + Null-Free Shellcode (164 bytes)

/ Title: Linux/ARM64 - Bind 4444/TCP Shell /bin/sh + Null-Free Shellcode 164 bytes Date: 2019-06-30 Tested: Ubuntu 16.04 aarch64 Author: Ken Kitahara Compilation: gcc -o loader loader.c ubuntu@ubuntu:/works$ lsbrelease -a No LSB modules are available. Distributor ID: Ubuntu Description: Ubuntu...

7.4AI score
Exploits0
0day.today
0day.today
added 2019/06/30 12:0 a.m.251 views

Windows/x86 - Start iexplore.exe (http://192.168.10.10/) Shellcode (191 Bytes)

191 bytes small Windows/x86 start iexplore.exe shellcode. / Title: start iexplore.exe Author: Joseph McDonagh Shellcode length 191 Could be smaller if the app your are exploiting loads msvcrt. Purpose: Use the start command to open internet explorer and connect to a malicious web server The comma...

7.4AI score
Exploits0
0day.today
0day.today
added 2019/06/18 12:0 a.m.251 views

Thunderbird ESR < 60.7.XXX - icalmemorystrdupanddequote Heap-Based Buffer Overflow Vulnerability

Heap-based buffer overflow in Thunderbird ========================================= Severity Rating: High Confirmed Affected Versions: All versions affected Confirmed Patched Versions: Thunderbird ESR 60.7.XXX Vendor: Thunderbird Vendor URL: https://www.thunderbird.net/ Vendor Reference:...

9.8CVSS9.2AI score0.10527EPSS
Exploits4
0day.today
0day.today
added 2019/05/24 12:0 a.m.251 views

Microsoft Windows (x84) - Task Scheduler (.job) Import Arbitrary Discretionary Access Control List

Exploit for windows platform in category local exploits Microsoft Windows x84 - Task Scheduler' .job' Import Arbitrary Discretionary Access Control List Write / Local Privilege Escalation Task Scheduler .job import arbitrary DACL write Tested on: Windows 10 32-bit Bug information: There are two...

7.2AI score
Exploits0
0day.today
0day.today
added 2018/11/05 12:0 a.m.251 views

CMS Made Simple 2.2.7 Remote Code Execution Exploit

Exploit for php platform in category web applications Exploit Title: CMS Made Simple 2.2.7 - Remote Code Execution Exploit Author: Lucian Ioan Nitescu Contact: https://twitter.com/LucianNitescu Webiste: https://nitesculucian.github.io Vendor Homepage: https://www.cmsmadesimple.org/ Software Link:...

6.5CVSS7.3AI score0.12178EPSS
Exploits5
0day.today
0day.today
added 2006/05/07 12:0 a.m.251 views

EQdkp <= 1.3.0 (dbal.php) Remote File Inclusion Vulnerability

Exploit for unknown platform in category web applications ============================================================= EQdkp = 1.3.0 dbal.php Remote File Inclusion Vulnerability ============================================================= Title: EQdkp = 1.3.0 Remote File Inclusion URL:...

7.1AI score
Exploits0
0day.today
0day.today
added 2025/02/18 12:0 a.m.250 views

WordPress A/B Image Optimizer 3.3 Plugin Arbitrary File Download Vulnerability

WordPress Plugin A/B Image Optimizer plugin versions 3.3 and below suffers from an arbitrary file download vulnerability. CVE-2025-25163 Plugin A/B Image Optimizer = 3.3 - Authenticated Subscriber+ Arbitrary File Download Description The Plugin A/B Image Optimizer plugin for WordPress is vulnerab...

9.8CVSS9.6AI score0.01966EPSS
Exploits4
Total number of security vulnerabilities5000