Robert Wiggins's Projects
Reads a Binaryedge.io JSON blob and outputs the IP:PORT to a text file for parsing.
Create a datatable output from a binaryedge render scan
Aws S3 Tko Tool
Cameradar hacks its way into RTSP videosurveillance cameras
Extracts all the chart lists from ChartMuseum
Coldfusion AMF PWN
Finds CSP report urls and tests to see if they are vulnerable to log4j
LifterLMS <= 3.34.5 - Unauthenticated Options Import
RCE exploit for a .NET deserialization vulnerability in Telerik UI for ASP.NET AJAX.
MapPress Maps Pro < 2.53.9 - Remote Code Execution (RCE) due to Incorrect Access Control in AJAX Actions
CMP - Coming Soon & Maintenance < 3.8.2 - Improper Access Controls on AJAX Calls (Subscriber+)
IBM Maximo Asset Management is vulnerable to Information Disclosure via XXE Vulnerability (CVE-2020-4463)
Simple 301 Redirects by BetterLinks - 2.0.0 ā 2.0.3 - Subscriber + Arbitrary Plugin Installation
Astra Pro Addon < 3.5.2 - Unauthenticated SQL Injection - CVE-2021-24507
CVE-2021-24647 Pie Register < 3.7.1.6 - Unauthenticated Arbitrary Login
PublishPress Capabilities < 2.3.1 - Unauthenticated Arbitrary Options Update to Blog Compromise
ProfilePress 3.0 - 3.1.3 - Unauthenticated Privilege Escalation
CVE-2022-0439 - Email Subscribers & Newsletters < 5.3.2 - Subscriber+ Blind SQL injection
Sitemap by click5 < 1.0.36 - Unauthenticated Arbitrary Options Update
Content Mask < 1.8.4 - Subscriber+ Arbitrary Options Update
WordPress Plugin Metform <= 2.1.3 - Improper Access Control Allowing Unauthenticated Sensitive Information Disclosure
CVE-2022-3904 MonsterInsights < 8.9.1 - Stored Cross-Site Scripting via Google Analytics
Download Monitor <= 4.7.60 - Sensitive Information Exposure via REST API
LearnPress Plugin < 4.2.0 - Unauthenticated SQLi
LearnPress Plugin < 4.2.0 - Unauthenticated LFI Description
CVE-2023-0630 - Slimstat Analytics < 4.9.3.3 - Subscriber+ SQL Injection
MStore API <= 3.9.2 - Authentication Bypass
Formidable Forms < 6.3.1 - Subscriber+ Remote Code Execution
WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) <= 7.6.4 - Authentication Bypass