JOIN TELEGRAM CHANNEL
Archives
DATABASE
Litespeed Cache WordPress Plugin 6.3.0.1 – Privilege Escalation
Litespeed Cache WordPress Plugin 6.3.0.1 – Privilege Escalation
15.06.2025
File
WordPress Digits Plugin 8.4.6.1 – Authentication Bypass via OTP Bruteforcing
WordPress Digits Plugin 8.4.6.1 – Authentication Bypass via OTP Bruteforcing
29.05.2025
File
WordPress User Registration & Membership Plugin 4.1.2 – Authentication Bypass
WordPress User Registration & Membership Plugin 4.1.2 – Authentication Bypass
25.05.2025
File
WordPress Frontend Login and Registration Blocks Plugin 1.0.7 – Privilege Escalation
WordPress Frontend Login and Registration Blocks Plugin 1.0.7 – Privilege Escalation
13.05.2025
File
WordPress Depicter Plugin 3.6.1 – SQL Injection
WordPress Depicter Plugin 3.6.1 – SQL Injection
09.05.2025
File
WordPress Core 6.2 – Directory Traversal
WordPress Core 6.2 – Directory Traversal
22.04.2025
File
Drupal 11.x-dev – Full Path Disclosure
Drupal 11.x-dev – Full Path Disclosure
19.04.2025
File
LearnPress WordPress LMS Plugin 4.2.7 – SQL Injection
LearnPress WordPress LMS Plugin 4.2.7 – SQL Injection
11.04.2025
File
WordPress User Registration & Membership Plugin 4.1.1 – Unauthenticated Privilege Escalation
WordPress User Registration & Membership Plugin 4.1.1 – Unauthenticated Privilege Escalation
08.04.2025
File
WordPress Theme XStore 9.3.8 – SQLi
WordPress Theme XStore 9.3.8 – SQLi
19.05.2024
File
WordPress Plugin Background Image Cropper v1.2 – Remote Code Execution
WordPress Plugin Background Image Cropper v1.2 – Remote Code Execution
21.04.2024
File
WordPress Plugin Playlist for Youtube 1.32 – Stored Cross-Site Scripting (XSS)
WordPress Plugin Playlist for Youtube 1.32 – Stored Cross-Site Scripting (XSS)
12.04.2024
File
WordPress Plugin WP Video Playlist 1.1.1 – Stored Cross-Site Scripting (XSS)
WordPress Plugin WP Video Playlist 1.1.1 – Stored Cross-Site Scripting (XSS)
12.04.2024
File
WordPress Theme Travelscape v1.0.3 – Arbitrary File Upload
WordPress Theme Travelscape v1.0.3 – Arbitrary File Upload
08.04.2024
File
WordPress Plugin Alemha Watermarker 1.3.1 – Stored Cross-Site Scripting (XSS)
WordPress Plugin Alemha Watermarker 1.3.1 – Stored Cross-Site Scripting (XSS)
03.04.2024
File
WordPress Plugin – Membership For WooCommerce < v2.1.7 - Arbitrary File Upload to Shell (Unauthenticated)
WordPress Plugin – Membership For WooCommerce < v2.1.7 - Arbitrary File Upload to Shell (Unauthenticated)
02.04.2024
File
OpenCart Core 4.0.2.3 – ‘search’ SQLi
OpenCart Core 4.0.2.3 – ‘search’ SQLi
02.04.2024
File
WordPress File Upload Plugin < 4.23.3 - Stored XSS
WordPress File Upload Plugin < 4.23.3 - Stored XSS
18.03.2024
File
WordPress Plugin Duplicator < 1.5.7.1 - Unauthenticated Sensitive Data Exposure to Account Takeover
WordPress Plugin Duplicator < 1.5.7.1 - Unauthenticated Sensitive Data Exposure to Account Takeover
11.03.2024
File
Neontext WordPress Plugin – Stored XSS
Neontext WordPress Plugin – Stored XSS
05.03.2024
File
WordPress Plugin Admin Bar & Dashboard Access Control Version: 1.2.8 – _Dashboard Redirect_ field Stored Cross-Site Scripting (XSS)
WordPress Plugin Admin Bar & Dashboard Access Control Version: 1.2.8 – _Dashboard Redirect_ field Stored Cross-Site Scripting (XSS)
28.02.2024
File
WordPress Plugin Canto < 3.0.5 - Remote File Inclusion (RFI) and Remote Code Execution (RCE)
WordPress Plugin Canto < 3.0.5 - Remote File Inclusion (RFI) and Remote Code Execution (RCE)
27.02.2024
File
WordPress Seotheme – Remote Code Execution Unauthenticated
WordPress Seotheme – Remote Code Execution Unauthenticated
09.02.2024
File
WordPress Augmented-Reality – Remote Code Execution Unauthenticated
WordPress Augmented-Reality – Remote Code Execution Unauthenticated
09.02.2024
File
WordPress Sonaar Music Plugin 4.7 – Stored XSS
WordPress Sonaar Music Plugin 4.7 – Stored XSS
09.10.2023
File
WordPress Plugin Masterstudy LMS – 3.0.17 – Unauthenticated Instructor Account Creation
WordPress Plugin Masterstudy LMS – 3.0.17 – Unauthenticated Instructor Account Creation
09.10.2023
File
Media Library Assistant WordPress Plugin – RCE and LFI
Media Library Assistant WordPress Plugin – RCE and LFI
09.10.2023
File
Drupal 10.1.2 – web-cache-poisoning-External-service-interaction
Drupal 10.1.2 – web-cache-poisoning-External-service-interaction
08.09.2023
File
WordPress Plugin Elementor 3.5.5 – Iframe Injection
WordPress Plugin Elementor 3.5.5 – Iframe Injection
08.09.2023
File
WordPress adivaha Travel Plugin 2.3 – SQL Injection
WordPress adivaha Travel Plugin 2.3 – SQL Injection
04.08.2023
File
WordPress adivaha Travel Plugin 2.3 – Reflected XSS
WordPress adivaha Travel Plugin 2.3 – Reflected XSS
04.08.2023
File
WordPress Plugin EventON Calendar 4.4 – Unauthenticated Event Access
WordPress Plugin EventON Calendar 4.4 – Unauthenticated Event Access
04.08.2023
File
WordPress Plugin EventON Calendar 4.4 – Unauthenticated Post Access via IDOR
WordPress Plugin EventON Calendar 4.4 – Unauthenticated Post Access via IDOR
04.08.2023
File
WordPress Plugin Forminator 1.24.6 – Unauthenticated Remote Command Execution
WordPress Plugin Forminator 1.24.6 – Unauthenticated Remote Command Execution
04.08.2023
File
WordPress Plugin Ninja Forms 3.6.25 – Reflected XSS
WordPress Plugin Ninja Forms 3.6.25 – Reflected XSS
04.08.2023
File
Joomla JLex Review 6.0.1 – Reflected XSS
Joomla JLex Review 6.0.1 – Reflected XSS
04.08.2023
File
Joomla Solidres 2.13.3 – Reflected XSS
Joomla Solidres 2.13.3 – Reflected XSS
31.07.2023
File
Joomla iProperty Real Estate 4.1.1 – Reflected XSS
Joomla iProperty Real Estate 4.1.1 – Reflected XSS
31.07.2023
File
Joomla VirtueMart Shopping Cart 4.0.12 – Reflected XSS
Joomla VirtueMart Shopping Cart 4.0.12 – Reflected XSS
28.07.2023
File
WordPress Plugin AN_Gradebook 5.0.1 – SQLi
WordPress Plugin AN_Gradebook 5.0.1 – SQLi
28.07.2023
File
Joomla HikaShop 4.7.4 – Reflected XSS
Joomla HikaShop 4.7.4 – Reflected XSS
28.07.2023
File
Joomla! com_booking component 2.4.9 – Information Leak (Account enumeration)
Joomla! com_booking component 2.4.9 – Information Leak (Account enumeration)
19.07.2023
File
Prestashop 8.0.4 – Cross-Site Scripting (XSS)
Prestashop 8.0.4 – Cross-Site Scripting (XSS)
03.07.2023
File
PrestaShop Winbiz Payment module – Improper Limitation of a Pathname to a Restricted Directory
PrestaShop Winbiz Payment module – Improper Limitation of a Pathname to a Restricted Directory
26.06.2023
File
WordPress Theme Medic v1.0.0 – Weak Password Recovery Mechanism for Forgotten Password
WordPress Theme Medic v1.0.0 – Weak Password Recovery Mechanism for Forgotten Password
19.06.2023
File
WordPress Theme Workreap 2.2.2 – Unauthenticated Upload Leading to Remote Code Execution
WordPress Theme Workreap 2.2.2 – Unauthenticated Upload Leading to Remote Code Execution
09.06.2023
File
WordPress Plugin Backup Migration 1.2.8 – Unauthenticated Database Backup
WordPress Plugin Backup Migration 1.2.8 – Unauthenticated Database Backup
23.05.2023
File
Prestashop 8.0.4 – CSV injection
Prestashop 8.0.4 – CSV injection
23.05.2023
File
Joomla! v4.2.8 – Unauthenticated information disclosure
Joomla! v4.2.8 – Unauthenticated information disclosure
08.04.2023
File
Paid Memberships Pro v2.9.8 (WordPress Plugin) – Unauthenticated SQL Injection
Paid Memberships Pro v2.9.8 (WordPress Plugin) – Unauthenticated SQL Injection
03.04.2023
File
1235