Article: Some WordPress exploits
I found that repository some days ago. Seems to be useful stuff (although probably already mass-exploited by some skids).
They are all public.
- Wordpress plugin wordfence 7.4.6 - Cross-Site Scripting
- Duplicator: Unauthenticated Arbitrary File Download
- WPS Hide Login v18.104.22.168 login page Bypass
- WordPress WP Fastest Cache 0.8.9.5 Directory Traversal
- WordPress Plugin Social Warfare < 3.5.3 - Remote Code Execution
- Ninja Forms File Uploads Extension <= 3.0.22 – Unauthenticated Arbitrary File Upload
- Infinite WP Client: Authentication Bypass
- All-in-One WP Migration <=7.14 Arbitrary Backup Download
- All In One WP Security & Firewall <= 4.4.1 - Open Redirect & Hidden Login Page Exposure