Vulnerabilities & exploits

Security advisories

• CVE-2025-4208 / Wordfence - NEX-Forms – Ultimate Form Builder – Contact forms and much more <= 8.9.1 - Authenticated (Custom) Limited Code Execution via get_table_records Function
• CVE-2025-3468 / Wordfence - NEX-Forms – Ultimate Form Builder – Contact forms and much more <= 8.9.1 - Authenticated (Custom) Stored Cross-Site Scripting
• CVE-2025-2009 / Wordfence - Newsletters <= 4.9.9.7 - Unauthenticated Stored Cross-Site Scripting
• CVE-2025-1507 / Wordfence - ShareThis Dashboard for Google Analytics <= 3.2.1 - Missing Authorization to Unauthenticated Feature Deactivation
• CVE-2024-6336 - GitHub Enterprise Server - Security misconfiguration was identified in GitHub Enterprise Server that allowed sensitive data exposure
  • Discovered together with my colleagues: Omar, Giovanni and Andrea.
• CVE-2023-39364 / GHSA-4pjv-rmrp-r59x - Cacti 1.2.24 - Open redirect in change password functionality
• CVE-2023-39362 / GHSA-g6ff-58cj-x3cp - Cacti 1.2.24 - Authenticated command injection when using SNMP options

Exploits

• [Python] - CVE-2024-10924 - Really Simple Security (Free, Pro, and Pro Multisite) 9.0.0 - 9.1.1.1 - Authentication Bypass
• [Python] - CVE-2024-9926 - Jetpack < 13.9.1 - Subscriber+ Arbitrary Feedback Access
• [text] - CVE-2023-39362 - Cacti 1.2.24 - Authenticated command injection when using SNMP options
• [Python] - CVE-2022-2884 - GitLab v15.3 - Remote Code Execution (RCE) (Authenticated)
• [Java] - CVE-2017-8046 - Spring Data REST < 2.6.9 (Ingalls SR9) / 3.0.1 (Kay SR1) - PATCH Request Remote Code Execution
• [Java] - CVE-2017-5638 - Apache Struts 2.3.5 < 2.3.31 / 2.5 < 2.5.10 - Remote Code Execution