what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 17 of 17 RSS Feed

Files from Ramuel Gall

First Active2020-12-18
Last Active2023-06-30
WordPress Ultimate Member 2.6.6 Privilege Escalation
Posted Jun 30, 2023
Authored by Marc-Alexandre Montpas, Ramuel Gall, Istvan Marton

WordPress Ultimate Member plugin versions 2.6.6 and below suffer from a privilege escalation vulnerability.

tags | advisory
advisories | CVE-2023-3460
SHA-256 | f5d75217bac851597070df579c5cffbcbc42ab75dddb1476c2fdcaa31a651b75
WordPress Getwid Gutenberg Blocks 1.8.3 Improper Authorization / SSRF
Posted Jun 6, 2023
Authored by Ramuel Gall | Site wordfence.com

WordPress Getwid Gutenberg Blocks plugin versions 1.8.3 and below suffer from improper authorization and server-side request forgery vulnerabilities.

tags | exploit, vulnerability
advisories | CVE-2023-1895, CVE-2023-1910
SHA-256 | fd16cf318565874e0428d155696ca9aae54a064dc9e42d177e02a45bfaa919f2
WordPress Core 6.2 XSS / CSRF / Directory Traversal
Posted May 17, 2023
Authored by Jakub Zoczek, Ramuel Gall, John Blackbourn, Matt Rusnak, Liam Gladdy | Site wordfence.com

WordPress Core versions 6.2 and below suffer from cross site request forgery, persistent cross site scripting, shortcode execution, insufficient sanitization, and directory traversal vulnerabilities.

tags | exploit, vulnerability, code execution, xss, file inclusion, csrf
advisories | CVE-2023-2745
SHA-256 | 3d8efef1ea0dad889c40870748373ac31bd5e9a184eceac6a8668dafb5fdcb38
WordPress Shield Security 17.0.17 Cross Site Scripting / Missing Authorization
Posted Apr 25, 2023
Authored by Ramuel Gall | Site wordfence.com

WordPress Shield Security Smart Bot Blocking and Intrusion Prevention plugin versions 17.0.17 and below suffer from cross site scripting and missing authorization vulnerabilities.

tags | exploit, vulnerability, xss
advisories | CVE-2023-0992, CVE-2023-0993
SHA-256 | 358b29ae547e818a56ed1efd1c28b8c8cf64813a62a0dcf419a7cb3364a65748
WordPress Weaver Xtreme 5.0.7 / Weaver Show Posts 1.6 Cross Site Scripting
Posted Apr 18, 2023
Authored by Ramuel Gall, Alex Thomas | Site wordfence.com

WordPress Weaver Xtreme theme versions 5.0.7 and below and Weaver Show Posts plugin versions 1.6 and below suffer from a persistent cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2023-1403, CVE-2023-1404
SHA-256 | b0172ec77c6215204d9915dd71ebcb20dcc8714211ffcb31f41fff852f6ba6fd
Wordfence 2022 State Of WordPress Security
Posted Jan 25, 2023
Authored by Ramuel Gall | Site wordfence.com

The Wordfence Threat Intelligence team has released their 2022 State of WordPress Security report. In the report, they look at changes in the threat landscape, analyze impactful trends, and provide recommendations based on their findings.

tags | paper
SHA-256 | 833a6664e11b54321c4268553ac08e81c3b99e65165b4e44d62207f09cc2fb5c
WordPress Royal Elementor 1.3.59 XSS / CSRF / Insufficient Access Controls
Posted Jan 11, 2023
Authored by Ramuel Gall | Site wordfence.com

WordPress Royal Elementor add-ons versions 1.3.59 and below suffer from cross site request forgery, insufficient access control, cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, csrf
advisories | CVE-2022-4700, CVE-2022-4701, CVE-2022-4702, CVE-2022-4703, CVE-2022-4704, CVE-2022-4705, CVE-2022-4707, CVE-2022-4708, CVE-2022-4709, CVE-2022-4710, CVE-2022-4711
SHA-256 | 5d3c94aa12c0662cecfc95164895acace4553b37a6d627727e5abb15210b1aba
WordPress Elementor 3.6.2 Shell Upload
Posted Oct 4, 2022
Authored by h00die, Ramuel Gall, AkuCyberSec | Site metasploit.com

WordPress Elementor plugin versions 3.6.0 through 3.6.2 suffer from a remote shell upload vulnerability. This is achieved by sending a request to install Elementor Pro from a user supplied zip file. Any user with Subscriber or more permissions is able to execute this.

tags | exploit, remote, shell
advisories | CVE-2022-1329
SHA-256 | 0537a61d8c7e168ee93f25ae88cc62b13741cb186c02291ebc2f946f834cd81f
WordPress Ninja Forms Code Injection
Posted Jun 20, 2022
Authored by Ramuel Gall | Site wordfence.com

The Wordfence Threat Intelligence team uncovered a code injection vulnerability that made it possible for unauthenticated attackers to call a limited number of methods in various Ninja Forms classes, including a method that unserialized user-supplied content, resulting in Object Injection. This could allow attackers to execute arbitrary code or delete ar bitrary files on sites where a separate POP chain was present. This flaw has been fully patched in versions 3.0.34.2, 3.1.10, 3.2.28, 3.3.21.4, 3.4.34.2, 3.5.8.4, and 3.6.11.

tags | advisory, arbitrary
SHA-256 | e25d000d7a2df2172a646831088ba3e0f1083e02893c12d290f821c392cde8a3
Jupiter / JupiterX Theme Privilege Escalation / LFI / DoS / Access Control Issues
Posted May 18, 2022
Authored by Ramuel Gall | Site wordfence.com

Jupiter Theme versions 6.10.1 and below as well as JupiterX Core plugin versions 2.0.7 and below suffer from privilege escalation and post deletion vulnerabilities. JupiterX Theme versions 2.0.6 and below as well as JupiterX Core versions 2.0.6 and below suffer from plugin deactivation and setting modification flaws. JupiterX Theme versions 2.0.6 and below as well as Jupiter Theme versions 6.10.1 and below suffer from path traversal and local file inclusion vulnerabilities. Jupiter Theme versions 6.10.1 and below suffer from an arbitrary plugin deletion vulnerability. JupiterX Core plugin versions 2.0.6 and below suffer from information disclosure, modification, and denial of service vulnerabilities.

tags | advisory, denial of service, arbitrary, local, vulnerability, file inclusion, info disclosure
advisories | CVE-2022-1654, CVE-2022-1656, CVE-2022-1657, CVE-2022-1658, CVE-2022-1659
SHA-256 | 99977b76ad75b06f3f800ae91ea38ee20b0d9091a394d12146ce6e1c875bc515
WordPress Booking Calendar 9.1 PHP Object Injection / Insecure Deserialization
Posted Apr 27, 2022
Authored by Ramuel Gall | Site wordfence.com

WordPress Booking Calendar plugin versions 9.1 and below suffer from PHP object injection and insecure deserialization vulnerabilities.

tags | advisory, php, vulnerability
advisories | CVE-2022-1463
SHA-256 | ca383548169d539c9e3c7a8fb2058f0828391d09365e432f7376f20ec13cc507
WordPress Elementor 3.6.2 Remote Code Execution
Posted Apr 13, 2022
Authored by Ramuel Gall | Site wordfence.com

WordPress Elementor versions 3.6.0 through 3.6.2 suffer from a remote code execution vulnerability.

tags | advisory, remote, code execution
advisories | CVE-2022-1329
SHA-256 | 6eaed5370d47ef1831e0129aff2a7f1d6e7a9d7ab393c20f0bed1962b0cecff2
WordPress CleanTalk 5.173 Cross Site Scripting
Posted Mar 30, 2022
Authored by Ramuel Gall | Site wordfence.com

WordPress CleanTalk plugin versions 5.173 and below suffer from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
advisories | CVE-2022-28221, CVE-2022-28222
SHA-256 | 4136278cd0e53a4bc876e08a79e68f309bd0ea7712eb64d14cfca18b9f7d6147
WordPress 99robots Header Footer Code Manager 1.1.16 Cross Site Scripting
Posted Feb 22, 2022
Authored by Ramuel Gall | Site wordfence.com

WordPress 99robots Header Footer Code Manager plugin versions 1.1.16 and below suffer from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2022-0710
SHA-256 | 989d395c3d66b15fe519bc0c80e99d2eaaa476e1800da8e837d7674b16acc7fd
PHP Everywhere 2.0.3 Remote Code Execution
Posted Feb 8, 2022
Authored by Ramuel Gall | Site wordfence.com

PHP Everywhere versions 2.0.3 and below suffer from multiple remote code execution vulnerabilities.

tags | exploit, remote, php, vulnerability, code execution
advisories | CVE-2022-24663, CVE-2022-24664, CVE-2022-24665
SHA-256 | 6a2dcc3898ac3a1b90915521a41f2d6e5e9592121ab91ccecbf993baae2e11e2
WordPress NextScripts: Social Networks Auto-Poster 4.3.20 XSS
Posted Oct 29, 2021
Authored by Ramuel Gall, Wordfence | Site wordfence.com

WordPress NextScripts: Social Networks Auto-Poster plugin versions 4.3.20 and below suffer from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2021-38356
SHA-256 | 3b243357482f55615e13c6f86d3c5f7e5661b3bdb1e7d084a3489717be01ceda
WordPress Duplicator 1.3.26 Directory Traversal / File Read
Posted Dec 18, 2020
Authored by Hoa Nguyen, Ramuel Gall | Site metasploit.com

This Metasploit module exploits an unauthenticated directory traversal vulnerability in WordPress Duplicator plugin versions 1.3.24 through 1.3.26, allowing arbitrary file read with the web server privileges. This vulnerability was being actively exploited when it was discovered.

tags | exploit, web, arbitrary, file inclusion
advisories | CVE-2020-11738
SHA-256 | 4ea50cf867ab79c361dd72e12949f0f0d61e20bd60dd59c1e49252679fd3c7a8
Page 1 of 1
Back1Next

File Archive:

April 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    10 Files
  • 2
    Apr 2nd
    26 Files
  • 3
    Apr 3rd
    40 Files
  • 4
    Apr 4th
    6 Files
  • 5
    Apr 5th
    26 Files
  • 6
    Apr 6th
    0 Files
  • 7
    Apr 7th
    0 Files
  • 8
    Apr 8th
    22 Files
  • 9
    Apr 9th
    14 Files
  • 10
    Apr 10th
    10 Files
  • 11
    Apr 11th
    13 Files
  • 12
    Apr 12th
    14 Files
  • 13
    Apr 13th
    0 Files
  • 14
    Apr 14th
    0 Files
  • 15
    Apr 15th
    0 Files
  • 16
    Apr 16th
    0 Files
  • 17
    Apr 17th
    0 Files
  • 18
    Apr 18th
    0 Files
  • 19
    Apr 19th
    0 Files
  • 20
    Apr 20th
    0 Files
  • 21
    Apr 21st
    0 Files
  • 22
    Apr 22nd
    0 Files
  • 23
    Apr 23rd
    0 Files
  • 24
    Apr 24th
    0 Files
  • 25
    Apr 25th
    0 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close