CVE-2023-32243
CVE-2023-32243 - Essential Addons for Elementor 5.4.0-5.7.1 - Unauthenticated Privilege EscalationCVE-2023-2982
WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) <= 7.6.4 - Authentication Bypassgrafana-ssrf
Authenticated SSRF in Grafanamarshalsec-jar
marshalsec-0.0.3-SNAPSHOT-all compiled on X64CVE-2023-7028
CVE-2023-7028phpunit-brute
Tool to try multiple paths for PHPunit RCE CVE-2017-9841wordpress-plugin-list
Wordpress Plugins List for Bruteforcing.service-now
Service-Now Article Bruteforcerwp-file-manager
wp-file-manager RCEnuclei-drupal-sa
Nuclei templates for drupal vulns... far from perfectCVE-2023-32117
Integrate Google Drive <= 1.1.99 - Missing Authorization via REST API EndpointsCVE-2023-2732
MStore API <= 3.9.2 - Authentication Bypasskong-pwn
Use Exposed KongAPI to act like a proxy and get metadata urls or internal urlsredash-reset
CVE-2022-0952
Sitemap by click5 < 1.0.36 - Unauthenticated Arbitrary Options UpdateCVE-2023-5412
Image horizontal reel scroll slideshow <= 13.2 - Authenticated (Subscriber+) SQL Injection via Shortcodecoldfusion-amf
Coldfusion AMF PWNsuper-secret-finder
Burp Plugin for Secret MatchingCVE-2023-5204
AI ChatBot <= 4.8.9 - Unauthenticated SQL Injection via qc_wpbo_search_responseCVE-2024-22145
InstaWP Connect <= 0.1.0.8 - Missing Authorization to Arbitrary Options Update (Subscriber+)simple-file-list-rce
Simple File List < 4.2.3 - Unauthenticated Arbitrary File Upload RCECVE-2023-47840
Qode Essential Addons <= 1.5.2 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Installation/ActivationLog4J-Exploits
Log4J Exploits for Different Systemswordpress-exploits
Random Wordpres Exploits May or May Not Work.CVE-2022-3904
CVE-2022-3904 MonsterInsights < 8.9.1 - Stored Cross-Site Scripting via Google Analyticswoo
Exploit woocommerce SQLI and grab user and password hashSAP-brute
SAP Netweaver Login Bruteforcer.django-bruteforce
Django Admin Url Bruteforce tool.CVE-2020-12077
MapPress Maps Pro < 2.53.9 - Remote Code Execution (RCE) due to Incorrect Access Control in AJAX ActionsCVE-2023-6700
Cookie Information | Free GDPR Consent Solution <= 2.0.22 - Authenticated (Subscriber+) Arbitrary Options Updatewordpress-php-object-helper
Know a plugin has a php object exploit but need to find which lib to use?CVE-2023-2877
Formidable Forms < 6.3.1 - Subscriber+ Remote Code Executioncsp-log4j
Finds CSP report urls and tests to see if they are vulnerable to log4jCVE-2023-0630
CVE-2023-0630 - Slimstat Analytics < 4.9.3.3 - Subscriber+ SQL Injectionwhat-wordpress
Tool to extract all themes and plugins that are shown on the front page of a wordpress site.dom-brute
Domain TLD prefix finder / 3rd party hosted.CVE-2024-0679
ColorMag <= 3.1.2 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Installation/ActivationCVE-2024-9593
Time Clock <= 1.2.2 & Time Clock Pro <= 1.1.4 - Unauthenticated (Limited) Remote Code Executionjuicy-php
Juicy-php - finds PHP info files with juicy informationS3-from-csp
Extracts all S3 Buckets from CSP report headers and then tests for file upload vulnsstruts-splunk
Vuln Apache Struts with splunkwordpress-plugins-scraper
Will open the first page of wordpress website and extract all js and css links with wp-content/plugins/dnn-cookie
DNN-Cookie TesterCVE-2022-1442
WordPress Plugin Metform <= 2.1.3 - Improper Access Control Allowing Unauthenticated Sensitive Information DisclosureCVE-2023-45657
Nexter <= 2.0.3 - Authenticated (Subscriber+) SQL Injection via 'to' and 'from'CVE-2021-25032
PublishPress Capabilities < 2.3.1 - Unauthenticated Arbitrary Options Update to Blog CompromiseCVE-2022-47615
LearnPress Plugin < 4.2.0 - Unauthenticated LFI Descriptionstatic-file-checker
Checks Djangos /static/staticfiles.json for exposed creds using nucleiCVE-2021-24356
Simple 301 Redirects by BetterLinks - 2.0.0 – 2.0.3 - Subscriber + Arbitrary Plugin InstallationCVE-2023-5070
Social Media Share Buttons & Social Sharing Icons <= 2.8.5 - Information ExposureCVE-2023-45828
RumbleTalk Live Group Chat <= 6.1.9 - Missing Authorization via handleRequestCVE-2022-45808
LearnPress Plugin < 4.2.0 - Unauthenticated SQLiCVE-2022-45354
Download Monitor <= 4.7.60 - Sensitive Information Exposure via REST APIjs-jobs
JS Job Manager < 1.1.9 - Unauthenticated Arbitrary Plugin Installation/ActivationCVE-2023-36531
LiquidPoll – Advanced Polls for Creators and Brands <= 3.3.68 - Missing Authorization via activate_addonCVE-2021-24647
CVE-2021-24647 Pie Register < 3.7.1.6 - Unauthenticated Arbitrary LoginCVE-2023-47529
Cloud Templates & Patterns collection <= 1.2.2 - Sensitive Information Exposure via Log FileCVE-2019-15896
LifterLMS <= 3.34.5 - Unauthenticated Options ImportCVE-2023-47179
WooODT Lite <= 2.4.6 - Missing Authorization to Arbitrary Options Update (Subscriber+)e-signature-poc
e-signature < 1.5.6.8 - Unauthenticated Remote Code Executionbinary-edge-render-extract
Create a datatable output from a binaryedge render scanCVE-2022-0439
CVE-2022-0439 - Email Subscribers & Newsletters < 5.3.2 - Subscriber+ Blind SQL injectionwordpress-bf
Brute Force Wordpress Blogs.postgres-bruteforcer
This tool takes a list of default creds and tests it against a postgresql server and logs any that work and the databases it has access to.import-users-from-csv-with-meta
Import Users From CSV with Meta 1.15 - Unauthorised Authenticated Users ExportCVE-2023-6985
10Web AI Assistant – AI content writing assistant <= 1.0.18 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Installation/Activation DescriptionCVE-2024-4875
HT Mega – Absolute Addons For Elementor <= 2.5.2 - Missing Authorization to Options UpdateCVE-2023-46615
KD Coming Soon <= 1.7 - Unauthenticated PHP Object Injection via cetitleCVE-2024-25092
NextMove Lite < 2.18.0 - Subscriber+ Arbitrary Plugin Installation/ActivationCVE-2020-36730
CMP - Coming Soon & Maintenance < 3.8.2 - Improper Access Controls on AJAX Calls (Subscriber+)CVE-2023-51409
AI Engine: ChatGPT Chatbot <= 1.9.98 - Unauthenticated Arbitrary File Upload via rest_uploadlearning-management-system
Masteriyo - LMS for WordPress <= 1.6.7 - Sensitive Information ExposureCVE-2022-1203
Content Mask < 1.8.4 - Subscriber+ Arbitrary Options UpdateCVE-2021-34621
ProfilePress 3.0 - 3.1.3 - Unauthenticated Privilege EscalationLove Open Source and this site? Check out how you can help us