Robert Wiggins (@RandomRobbieBF)

Top repositories

1

CVE-2023-32243

CVE-2023-32243 - Essential Addons for Elementor 5.4.0-5.7.1 - Unauthenticated Privilege Escalation
Python
83
star
2

CVE-2023-2982

WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) <= 7.6.4 - Authentication Bypass
Python
81
star
3

grafana-ssrf

Authenticated SSRF in Grafana
Python
74
star
4

marshalsec-jar

marshalsec-0.0.3-SNAPSHOT-all compiled on X64
66
star
5

CVE-2023-7028

CVE-2023-7028
Python
58
star
6

phpunit-brute

Tool to try multiple paths for PHPunit RCE CVE-2017-9841
Python
25
star
7

wordpress-plugin-list

Wordpress Plugins List for Bruteforcing.
25
star
8

service-now

Service-Now Article Bruteforcer
Python
16
star
9

wp-file-manager

wp-file-manager RCE
Python
10
star
10

nuclei-drupal-sa

Nuclei templates for drupal vulns... far from perfect
8
star
11

CVE-2023-32117

Integrate Google Drive <= 1.1.99 - Missing Authorization via REST API Endpoints
7
star
12

CVE-2023-2732

MStore API <= 3.9.2 - Authentication Bypass
Python
7
star
13

kong-pwn

Use Exposed KongAPI to act like a proxy and get metadata urls or internal urls
Python
6
star
14

redash-reset

Python
5
star
15

CVE-2022-0952

Sitemap by click5 < 1.0.36 - Unauthenticated Arbitrary Options Update
Python
5
star
16

CVE-2023-5412

Image horizontal reel scroll slideshow <= 13.2 - Authenticated (Subscriber+) SQL Injection via Shortcode
5
star
17

coldfusion-amf

Coldfusion AMF PWN
Shell
5
star
18

super-secret-finder

Burp Plugin for Secret Matching
Python
5
star
19

CVE-2023-5204

AI ChatBot <= 4.8.9 - Unauthenticated SQL Injection via qc_wpbo_search_response
4
star
20

CVE-2024-22145

InstaWP Connect <= 0.1.0.8 - Missing Authorization to Arbitrary Options Update (Subscriber+)
Python
4
star
21

simple-file-list-rce

Simple File List < 4.2.3 - Unauthenticated Arbitrary File Upload RCE
Python
4
star
22

CVE-2023-47840

Qode Essential Addons <= 1.5.2 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Installation/Activation
Python
4
star
23

Log4J-Exploits

Log4J Exploits for Different Systems
Python
3
star
24

wordpress-exploits

Random Wordpres Exploits May or May Not Work.
3
star
25

CVE-2022-3904

CVE-2022-3904 MonsterInsights < 8.9.1 - Stored Cross-Site Scripting via Google Analytics
Python
3
star
26

woo

Exploit woocommerce SQLI and grab user and password hash
Python
2
star
27

SAP-brute

SAP Netweaver Login Bruteforcer.
Python
2
star
28

django-bruteforce

Django Admin Url Bruteforce tool.
Python
2
star
29

CVE-2020-12077

MapPress Maps Pro < 2.53.9 - Remote Code Execution (RCE) due to Incorrect Access Control in AJAX Actions
Python
2
star
30

CVE-2023-6700

Cookie Information | Free GDPR Consent Solution <= 2.0.22 - Authenticated (Subscriber+) Arbitrary Options Update
Python
2
star
31

wordpress-php-object-helper

Know a plugin has a php object exploit but need to find which lib to use?
Python
2
star
32

CVE-2023-2877

Formidable Forms < 6.3.1 - Subscriber+ Remote Code Execution
Python
2
star
33

csp-log4j

Finds CSP report urls and tests to see if they are vulnerable to log4j
Go
2
star
34

CVE-2023-0630

CVE-2023-0630 - Slimstat Analytics < 4.9.3.3 - Subscriber+ SQL Injection
Python
2
star
35

what-wordpress

Tool to extract all themes and plugins that are shown on the front page of a wordpress site.
Python
2
star
36

dom-brute

Domain TLD prefix finder / 3rd party hosted.
Python
2
star
37

CVE-2024-0679

ColorMag <= 3.1.2 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Installation/Activation
Python
2
star
38

CVE-2024-9593

Time Clock <= 1.2.2 & Time Clock Pro <= 1.1.4 - Unauthenticated (Limited) Remote Code Execution
1
star
39

juicy-php

Juicy-php - finds PHP info files with juicy information
Python
1
star
40

S3-from-csp

Extracts all S3 Buckets from CSP report headers and then tests for file upload vulns
Go
1
star
41

struts-splunk

Vuln Apache Struts with splunk
Dockerfile
1
star
42

wordpress-plugins-scraper

Will open the first page of wordpress website and extract all js and css links with wp-content/plugins/
Python
1
star
43

dnn-cookie

DNN-Cookie Tester
Python
1
star
44

CVE-2022-1442

WordPress Plugin Metform <= 2.1.3 - Improper Access Control Allowing Unauthenticated Sensitive Information Disclosure
Shell
1
star
45

CVE-2023-45657

Nexter <= 2.0.3 - Authenticated (Subscriber+) SQL Injection via 'to' and 'from'
Python
1
star
46

CVE-2021-25032

PublishPress Capabilities < 2.3.1 - Unauthenticated Arbitrary Options Update to Blog Compromise
Python
1
star
47

CVE-2022-47615

LearnPress Plugin < 4.2.0 - Unauthenticated LFI Description
Python
1
star
48

static-file-checker

Checks Djangos /static/staticfiles.json for exposed creds using nuclei
Go
1
star
49

CVE-2021-24356

Simple 301 Redirects by BetterLinks - 2.0.0 – 2.0.3 - Subscriber + Arbitrary Plugin Installation
Python
1
star
50

CVE-2023-5070

Social Media Share Buttons & Social Sharing Icons <= 2.8.5 - Information Exposure
Python
1
star
51

CVE-2023-45828

RumbleTalk Live Group Chat <= 6.1.9 - Missing Authorization via handleRequest
1
star
52

CVE-2022-45808

LearnPress Plugin < 4.2.0 - Unauthenticated SQLi
1
star
53

CVE-2022-45354

Download Monitor <= 4.7.60 - Sensitive Information Exposure via REST API
Python
1
star
54

js-jobs

JS Job Manager < 1.1.9 - Unauthenticated Arbitrary Plugin Installation/Activation
Python
1
star
55

CVE-2023-36531

LiquidPoll – Advanced Polls for Creators and Brands <= 3.3.68 - Missing Authorization via activate_addon
Python
1
star
56

CVE-2021-24647

CVE-2021-24647 Pie Register < 3.7.1.6 - Unauthenticated Arbitrary Login
Python
1
star
57

CVE-2023-47529

Cloud Templates & Patterns collection <= 1.2.2 - Sensitive Information Exposure via Log File
1
star
58

CVE-2019-15896

LifterLMS <= 3.34.5 - Unauthenticated Options Import
Python
1
star
59

CVE-2023-47179

WooODT Lite <= 2.4.6 - Missing Authorization to Arbitrary Options Update (Subscriber+)
Python
1
star
60

e-signature-poc

e-signature < 1.5.6.8 - Unauthenticated Remote Code Execution
1
star
61

binary-edge-render-extract

Create a datatable output from a binaryedge render scan
Go
1
star
62

CVE-2022-0439

CVE-2022-0439 - Email Subscribers & Newsletters < 5.3.2 - Subscriber+ Blind SQL injection
Python
1
star
63

wordpress-bf

Brute Force Wordpress Blogs.
Python
1
star
64

postgres-bruteforcer

This tool takes a list of default creds and tests it against a postgresql server and logs any that work and the databases it has access to.
Go
1
star
65

import-users-from-csv-with-meta

Import Users From CSV with Meta 1.15 - Unauthorised Authenticated Users Export
Python
1
star
66

CVE-2023-6985

10Web AI Assistant – AI content writing assistant <= 1.0.18 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Installation/Activation Description
Python
1
star
67

CVE-2024-4875

HT Mega – Absolute Addons For Elementor <= 2.5.2 - Missing Authorization to Options Update
Python
1
star
68

CVE-2023-46615

KD Coming Soon <= 1.7 - Unauthenticated PHP Object Injection via cetitle
1
star
69

CVE-2024-25092

NextMove Lite < 2.18.0 - Subscriber+ Arbitrary Plugin Installation/Activation
Python
1
star
70

CVE-2020-36730

CMP - Coming Soon & Maintenance < 3.8.2 - Improper Access Controls on AJAX Calls (Subscriber+)
Python
1
star
71

CVE-2023-51409

AI Engine: ChatGPT Chatbot <= 1.9.98 - Unauthenticated Arbitrary File Upload via rest_upload
1
star
72

learning-management-system

Masteriyo - LMS for WordPress <= 1.6.7 - Sensitive Information Exposure
Python
1
star
73

CVE-2022-1203

Content Mask < 1.8.4 - Subscriber+ Arbitrary Options Update
Python
1
star
74

CVE-2021-34621

ProfilePress 3.0 - 3.1.3 - Unauthenticated Privilege Escalation
Python
1
star