This repository follows the Responsible Disclosure model and discloses the vulnerable details after a period of time. During this period, I try to contact the author of the vulnerable plugins and help them to patch or mitigate the issue. The disclosure period is 15 days If I don't get the response from the original author. After than period, I wll open all details about the vulnerability. When the connection is established the release date depends on the discussion.
This repository will present all verified or suspected vulnerable dynamic web service(DWS) including Wordpress Plugin, Joomla Extension, and some CMS published in Github. I say "verified" means that the vulnerability report got the CVE ID from WPScan but "suspected" is not equal to Safe For Use.
DWS(WrodPress Plugins, Joomla Extension, and CMS in Github)
| Plateform | DWS | CVE-ID |
|---|---|---|
| WordPress | WP-Curricul Vitea Free | CVE-2021-24222 |
| WordPress | N5 Upload Form | CVE-2021-24223 |
| WordPress | Easy Form Builder | CVE-2021-24224 |
| WordPress | Imagement | CVE-2021-24236 |
| WordPress | College Publisher Import | CVE-2021-24253 |
| WordPress | Event Banner | CVE-2021-24251 |
| WordPress | Classyfrieds | CVE-2021-24252 |
| WordPress | Fileviewer | CVE-2021-24491 |
| WordPress | Email Artillery | CVE-2021-24490 |
Recently, we detected total 20+ vulnerable WordPress Plugins that are available to download. Our testing wordpress is version 5.3.8. Some of the plugins are not be installed under default environment of this version or newer one.
React
Typescript
Django
Laravel
Facebook
Microsoft
Google
Alibaba
D3
Tencent