JOIN TELEGRAM CHANNEL
Home
Blog
Tools
PHP Shell
ASP/ASPX Shell
Bypass Shell
Exploits
WordPress Exploits
Joomla Exploits
Drupal Exploits
PrestaShop Exploits
OpenCart Exploits
WordPress Exploits
DATABASE
Litespeed Cache WordPress Plugin 6.3.0.1 – Privilege Escalation
CVE-2024-28000
php
VIEW
WordPress User Registration & Membership Plugin 4.1.2 – Authentication Bypass
CVE-2025-2594
multiple
VIEW
WordPress Frontend Login and Registration Blocks Plugin 1.0.7 – Privilege Escalation
CVE-2025-3605
multiple
VIEW
WordPress Depicter Plugin 3.6.1 – SQL Injection
CVE-2025-2011
multiple
VIEW
WordPress Core 6.2 – Directory Traversal
CVE-2023-2745
php
VIEW
LearnPress WordPress LMS Plugin 4.2.7 – SQL Injection
CVE-2024-8522
php
VIEW
WordPress User Registration & Membership Plugin 4.1.1 – Unauthenticated Privilege Escalation
multiple
VIEW
WordPress Theme XStore 9.3.8 – SQLi
CVE-2024-33559
php
VIEW
WordPress Plugin Background Image Cropper v1.2 – Remote Code Execution
php
VIEW
WordPress Plugin Playlist for Youtube 1.32 – Stored Cross-Site Scripting (XSS)
php
VIEW
WordPress Plugin WP Video Playlist 1.1.1 – Stored Cross-Site Scripting (XSS)
php
VIEW
WordPress Theme Travelscape v1.0.3 – Arbitrary File Upload
php
VIEW
WordPress Plugin Alemha Watermarker 1.3.1 – Stored Cross-Site Scripting (XSS)
php
VIEW
WordPress Plugin – Membership For WooCommerce < v2.1.7 - Arbitrary File Upload to Shell (Unauthenticated)
CVE-2022-4395
php
VIEW
WordPress File Upload Plugin < 4.23.3 - Stored XSS
php
VIEW
WordPress Plugin Duplicator < 1.5.7.1 - Unauthenticated Sensitive Data Exposure to Account Takeover
php
VIEW
Neontext WordPress Plugin – Stored XSS
php
VIEW
WordPress Plugin Admin Bar & Dashboard Access Control Version: 1.2.8 – _Dashboard Redirect_ field Stored Cross-Site Scripting (XSS)
php
VIEW
WordPress Plugin Canto < 3.0.5 - Remote File Inclusion (RFI) and Remote Code Execution (RCE)
php
VIEW
WordPress Seotheme – Remote Code Execution Unauthenticated
php
VIEW
WordPress Augmented-Reality – Remote Code Execution Unauthenticated
php
VIEW
Media Library Assistant WordPress Plugin – RCE and LFI
CVE-2023-4634
php
VIEW
WordPress Plugin Masterstudy LMS – 3.0.17 – Unauthenticated Instructor Account Creation
CVE-2023-4278
php
VIEW
WordPress Sonaar Music Plugin 4.7 – Stored XSS
php
VIEW
WordPress Plugin Elementor 3.5.5 – Iframe Injection
CVE-2022-4953
php
VIEW
WordPress Plugin EventON Calendar 4.4 – Unauthenticated Event Access
CVE-2023-2796
php
VIEW
WordPress Plugin EventON Calendar 4.4 – Unauthenticated Post Access via IDOR
CVE-2023-3219
php
VIEW
WordPress Plugin Forminator 1.24.6 – Unauthenticated Remote Command Execution
php
VIEW
WordPress Plugin Ninja Forms 3.6.25 – Reflected XSS
CVE-2023-37979
php
VIEW
WordPress adivaha Travel Plugin 2.3 – Reflected XSS
php
VIEW
WordPress adivaha Travel Plugin 2.3 – SQL Injection
php
VIEW
WordPress Plugin AN_Gradebook 5.0.1 – SQLi
CVE-2023-2636
php
VIEW
WordPress Theme Medic v1.0.0 – Weak Password Recovery Mechanism for Forgotten Password
CVE-2020-11027
php
VIEW
WordPress Theme Workreap 2.2.2 – Unauthenticated Upload Leading to Remote Code Execution
CVE-2021-24499
php
VIEW
WordPress Plugin Backup Migration 1.2.8 – Unauthenticated Database Backup
php
VIEW
Paid Memberships Pro v2.9.8 (WordPress Plugin) – Unauthenticated SQL Injection
CVE-2023-23488
php
VIEW
NEX-Forms WordPress plugin < 7.9.7 - Authenticated SQLi
CVE-2022-3142
php
VIEW
Translatepress Multilinugal WordPress plugin < 2.3.3 - Authenticated SQL Injection
CVE-2022-3141
php
VIEW
