Showing 1 - 16 of 16

Files from Evex

Personal Background

web developer - security researcher

WordPress WPLMS Theme Privilege Escalation: Posted Aug 31, 2024; Authored by Evex, rastating | Site metasploit.com; The WordPress WPLMS theme from version 1.5.2 to 1.8.4.1 allows an authenticated user of any user level to set any system option due to a lack of validation in the import_data function of /includes/func.php. The module first changes the admin e-mail address to prevent any notifications being sent to the actual administrator during the attack, re-enables user registration in case it has been disabled and sets the default role to be administrator. This will allow for the user to create a new account with admin privileges via the default registration page found at /wp-login.php?action=register.; tags | exploit, php; SHA-256 | 3114c995b0c2306901d1283939e44b371d069e27d3e312a12481be6528b00537; Download | Favorite | View

WordPress Media File Manager Advanced 1.1.5 XSS / SQL Injection: Posted May 14, 2015; Authored by Evex; WordPress Media File Manager Advanced plugin versions 1.1.5 and below suffer from cross site scripting, various modification, and remote SQL injection vulnerabilities.; tags | exploit, remote, vulnerability, xss, sql injection; SHA-256 | 4166675e925816acdce6d734916fadfe5a205ce3a81f8404d06202ad9247bc71; Download | Favorite | View

WordPress Yet Another Related Posts 4.2.4 CSRF / XSS / Code Execution: Posted May 8, 2015; Authored by Evex; WordPress Yet Another Related Posts plugin versions 4.2.4 and below suffer from cross site request forgery, remote code execution, and cross site scripting vulnerabilities.; tags | exploit, remote, vulnerability, code execution, xss, csrf; SHA-256 | 35afdb8d38644ef3657288d6e17f966e9fc4f0349858bab68ec3c2c3e99d31b9; Download | Favorite | View

WordPress 4.2.1 XSS / Code Execution: Posted May 5, 2015; Authored by Evex; Exploit that uses a WordPress cross site scripting flaw to execute code as the administrator.; tags | exploit, xss; SHA-256 | 33c5a93d9c166c66afcb482c710e464de322c5ec0a613732f0359dd148d1bd94; Download | Favorite | View

WordPress WooCommerce Amazon Affiliates 7.0 Shell Upload / File Disclosure: Posted Apr 26, 2015; Authored by Evex; WordPress WooCommerce Amazon Affiliates plugin version 7.0 suffers from file disclosure and remote shell upload vulnerabilities.; tags | exploit, remote, shell, vulnerability, info disclosure; SHA-256 | 6bf85916f8328ca14bfba59426f65b3d54e44bb1f87dfe285d315cafe7390693; Download | Favorite | View

WooThemes WooFramework 4.5.1 Cross Site Scripting: Posted Apr 24, 2015; Authored by Evex; WooThemes WooFramework version 4.5.1 suffers from a cross site scripting vulnerability.; tags | exploit, xss; SHA-256 | 5d124409091d48c2939ad588a90764b38d2a4484f4d89a3139fb746c2c995abf; Download | Favorite | View

WordPress QAEngine Theme 1.4 Privilege Escalation: Posted Apr 24, 2015; Authored by Evex; WordPress QAEngine Theme version 1.4 suffers from a privilege escalation vulnerability.; tags | exploit; SHA-256 | 83976326087c31c7102e2646fc3829eb8a1f6ff16ade8fae6f4bec7ea6e1d799; Download | Favorite | View

WordPress Premium SEO Pack 1.8.0 Shell Upload / File Disclosure: Posted Apr 24, 2015; Authored by Evex; WordPress Premium SEO Pack plugin version 1.8.0 suffers from file disclosure and remote shell upload vulnerabilities.; tags | exploit, remote, shell, vulnerability; SHA-256 | ac5f4c1d1a43f1db2b74fd991cc42657c14e00af6344504e6ebedd072e8cb46d; Download | Favorite | View

WordPress Ajax Search Pro Remote Code Execution: Posted Mar 22, 2015; Authored by Evex; WordPress Ajax Search Pro plugin suffered from a remote code execution vulnerability.; tags | exploit, remote, code execution; SHA-256 | 5e6475faedc63a601f3aa6133883268940ff45a73b0f968fdc25e796ce956a12; Download | Favorite | View

WordPress Fraction Theme 1.1.1 Privilege Escalation: Posted Mar 10, 2015; Authored by Evex; WordPress Fraction Theme version 1.1.1 suffers from a privilege escalation vulnerability.; tags | exploit; SHA-256 | 514f51682d65cc17a08cfd688cea64b4379893537219d8ead242db19b88559cb; Download | Favorite | View

WordPress Ya'aburnee / Dignitas Privilege Escalation: Posted Mar 4, 2015; Authored by Evex; WordPress Ya'aburnee theme version 1.0.7 and Dignitas theme 1.1.9 suffer from a privilege escalation vulnerability.; tags | exploit; SHA-256 | 37ce88880aa5688e3b5d1d56ea6f15647fe379e279c550ce24f8011e752eea85; Download | Favorite | View

WordPress WP All 3.2.3 Shell Upload: Posted Mar 2, 2015; Authored by Evex; WordPress WP All Import plugin versions 3.2.3 and below suffer from a remote shell upload vulnerability.; tags | exploit, remote, shell; SHA-256 | c38ce943c8d2cafa463b95e04fd56a3eb2837ceab61b895ff74cbe8f9c336f12; Download | Favorite | View

WordPress Fusion 3.1 Arbitrary File Upload: Posted Feb 13, 2015; Authored by Evex; WordPress Fusion theme version 3.1 suffers from a remote file upload vulnerability.; tags | exploit, remote, file upload; SHA-256 | 7e949922af7e084f3e5004bd72e715be162526c75d9eeb904ce6040f218ca1c7; Download | Favorite | View

WordPress WPLMS 1.8.4.1 Privilege Escalation: Posted Feb 8, 2015; Authored by Evex; WordPress WPLMS theme version 1.8.4.1 suffers from a privilege escalation vulnerability.; tags | exploit; SHA-256 | 20bf53d920b0b4f78e622fa2e701a7ebcd9399db4deb7cc6f801c67cb63a9873; Download | Favorite | View

WordPress Quasar Theme 1.9.1 Privilege Escalation: Posted Feb 2, 2015; Authored by Evex; WordPress Quasar Theme version 1.9.1 suffers from a privilege escalation vulnerability.; tags | exploit; SHA-256 | c598b7e66c16762ea7b73df6860b119e97301a02e41b309dcab241a0b8b7878b; Download | Favorite | View

WordPress Dmsguestbook Unauthenticated Data Injection: Posted Dec 29, 2014; Authored by Evex; WordPress Dmsguestbook plugin suffers from a remote unauthenticated data injection vulnerability.; tags | exploit, remote; SHA-256 | 196b447c8f48a497957f3386f73aabc903eced80e2d5a3266d6cfe4877d68af5; Download | Favorite | View

Page 1 of 1 Back 1 Next