Advertisement · 728 × 90

Posts by abrahack

Quiz Maker SQLi Full Disclosure of CVE-2024-10628 - Second Order SQLi

I just released a new blog post.
In this post we explore an unauthenticated "Second Order" SQLi (CVE-2024-10628) affecting Quiz Maker Pro Wordpress Plugin.

Check it out on my blog post.

abrahack.com/posts/quiz-m...

1 year ago 2 0 0 0

I have published a full disclosure of this vulnerability.

You can find the details exclusively on my blog.

abrahack.com/posts/quiz-m...

1 year ago 1 0 0 0
Gamipress SQLi Full Disclosure of CVE-2024-13496

I just released a new blog post.
In this post we explore an unauthenticated SQLi (CVE-2024-13496) affecting GamiPress Wordpress Plugin.

Check it out on my blog post.

abrahack.com/posts/gamipr...

1 year ago 0 0 0 0

I have published a full disclosure of this vulnerability.

You can find the details exclusively on my blog.

abrahack.com/posts/gamipr...

1 year ago 0 0 0 0

I have published a full disclosure of this vulnerability.

You can find the details exclusively on my blog.

abrahack.com/posts/wp-fil...

1 year ago 0 0 0 0
WordPress File Upload RCE Part2 Full Disclosure of CVE-2024-11613 - When Patches Introduce New Vulnerabilities

I just released a new blog post.
In this post we explore an unauthenticated RCE (CVE-2024-11613) .
This post also details a new attack vector.

Check it out on my blog post.

abrahack.com/posts/wp-fil...

1 year ago 0 0 0 0
WordPress File Upload RCE Part1 Full Disclosure of CVE-2024-9939 & CVE-2024-11635

You can read about both vulnerabilities on my blog.
abrahack.com/posts/wp-fil...

1 year ago 1 0 0 0

I published a full disclosure of CVE-2024-9939 (CVSS 3.1 Score: 7.5) and CVE-2024-11635 CVSS 3.1 Score: 9.8).
In this post we explore two vulnerabilities;
Unauthenticated Arbitrary File Read.
Unauthenticated RCE.
Both affecting the WP File Upload, WordPress plugin.

1 year ago 1 0 1 0

A CVE of mine CVE-2024-10628 (CVSS:3.1 7.5 High) has been released today.
Full disclosure exclusively on my blog abrahack.com, on the 28th March 2025.
You can read more about it at the link below www.wordfence.com/threat-intel...
Please save the date.

1 year ago 1 0 0 1
Advertisement

A CVE of mine CVE-2024-10574 (CVSS:3.1 7.2 High) has been released today.
Full disclosure exclusively on my blog abrahack.com, on the 28th March 2025.
You can read more about it at the link below www.wordfence.com/threat-intel...
Please save the date.

1 year ago 0 0 0 0

A CVE of mine CVE-2024-10633 (CVSS:3.1 7.3 High) has been released today.
Full disclosure exclusively on my blog abrahack.com, at a later date in a larger series.
You can read more about it at the link below www.wordfence.com/threat-intel...

1 year ago 0 0 0 0

A CVE of mine CVE-2024-10636 (CVSS:3.1 6.1 Medium) has been released today.
Full disclosure exclusively on my blog abrahack.com, at a later date in a larger series.
You can read more about it at the link below www.wordfence.com/threat-intel...

1 year ago 0 0 0 0
Learnpress Sensitive Information Exposure Full Disclosure of CVE-2024-11868

I just released a new blog post, in this post we take a deep dive into a payment bypass flaw in the LearnPress – WordPress LMS Plugin.
abrahack.com/posts/learnp...

1 year ago 0 0 0 0
Preview
GamiPress <= 7.2.1 - Unauthenticated SQL Injection via orderby Parameter — Wordfence Intelligence

A CVE of mine CVE-2024-13496 (CVSS:3.1 7.5 High) has been released today.
Full disclosure exclusively on my blog abrahack.com, on the 24th March 2025.
You can read more about it at the link below www.wordfence.com/threat-intel...
Please save the date.

1 year ago 0 0 0 1
Preview
GamiPress <= 7.2.1 - Unauthenticated Arbitrary Shortcode Execution via gamipress_do_shortcode() Function — Wordfence Intelligence

A CVE of mine CVE-2024-13499 (CVSS:3.1 7.3 High) has been released today.
Full disclosure exclusively on my blog abrahack.com, at a later date in a larger series.
You can read more about it at the link below www.wordfence.com/threat-intel...
Please save the date.

1 year ago 0 0 0 0

Hello,

As promised here we go.

abrahack.com/posts/chart-...

1 year ago 1 0 0 0
Chart Builder LFI Full Disclosure on CVE-2024-10571

I just released a new blog post, in this post we take a deep dive into a Critical Local File Inclusion issue in the Chartify – WordPress Chart Plugin.

abrahack.com/posts/chart-...

1 year ago 1 0 0 0
Advertisement

As promised full disclosure on my blog on 13th January 2025.
save the date.

1 year ago 1 0 0 0
Preview
WordPress File Upload <= 4.24.15 - Unauthenticated Remote Code Execution, Arbitrary File Read, and Arbitrary File Deletion — Wordfence Intelligence

A CVE of mine CVE-2024-11613 (CVSS:3.1 9.8 Critical) has been released today.
You can read more about it at the link below www.wordfence.com/threat-intel...
I would be making a full disclosure exclusively on my blog abrahack.com, on the 14th March 2025.
Please save the date.

1 year ago 0 0 0 1
Preview
WordPress File Upload <= 4.24.12 - Unuathenticated Remote Code Execution — Wordfence Intelligence

A CVE of mine CVE-2024-11635 (CVSS:3.1 9.8 Critical) has been released today.
You can read more about it at the link below www.wordfence.com/threat-intel...
I would be making a full disclosure exclusively on my blog abrahack.com, on the 7th March 2025.
Please save the date.

1 year ago 2 0 1 1
Preview
WordPress File Upload <= 4.24.13 - Unauthenticated Path Traversal to Arbitrary File Read in wfu_file_downloader.php — Wordfence Intelligence

A CVE of mine CVE-2024-9939 (CVSS:3.1 7.5 High) has been released today.
You can read more about it at the link below www.wordfence.com/threat-intel...
I would be making a full disclosure exclusively on my blog abrahack.com, on the 7th March 2025.
Please save the date.

1 year ago 0 0 0 0
Preview
LearnPress – WordPress LMS Plugin <= 4.2.7.3 - Course Material Sensitive Information Exposure via REST API — Wordfence Intelligence

A CVE of mine CVE-2024-11868 (CVSS:3.1 5.3 Medium) has been released today.
You can read more about it at the link below www.wordfence.com/threat-intel...
I would be making a full disclosure exclusively on my blog abrahack.com, on the 25th January 2025.
Please save the date.

1 year ago 1 0 0 0
Preview
TI WooCommerce Wishlist <= 2.9.1 - Missing Authorization to Unauthenticated Plugin Setup Wizard Access — Wordfence Intelligence

A CVE of mine CVE-2024-10567 (CVSS:3.1 7.5 High) has been released today.
You can read more about it at the link below www.wordfence.com/threat-intel... .
I would be making a full disclosure exclusively on my blog abrahack.com, next year in a larger series.

1 year ago 0 0 0 0

You missed a betting company from 🇷🇴

1 year ago 1 0 0 0

Can you add me?

1 year ago 1 0 0 0
Newsletter Stay updated with our latest security research, CVEs, and more. Subscribe now!

Get the latest posts in your inbox! 🚨
Subscribe to my newsletter. 👇
abrahack.com/newsletter/

1 year ago 0 0 0 0
Advertisement
Preview
Chartify – WordPress Chart Plugin <= 2.9.5 - Unauthenticated Local File Inclusion via source — Wordfence Intelligence

A CVE of mine CVE-2024-10571 (CVSS:3.1 9.8 Critical) has been released today.
You can read more about it at the link below www.wordfence.com/threat-intel... .
I would be making a full disclosure exclusively on my blog abrahack.com, on the 13th January 2025.
Please save the date.

1 year ago 3 0 0 2

Thanks, sorry about the screenshots.
Will do better next time.

1 year ago 2 0 0 0
Learnpress SQLi Intro. In this post we will be exploring two CVE’s, CVE-2024-8529 - CVSS 3.1 10.0 Critical & CVE-2024-8522 - CVSS 3.1 10.0 Critical affecting LearnPress – WordPress LMS Plugin. A few months ago, I was...

I just released a new blog post, in this post we take a deep dive into two Critical issues in the learnpress WP plugin.
abrahack.com/posts/learnp...

1 year ago 2 1 1 0

I just released a blog post explaining these vulnerabilities in details.
abrahack.com/posts/learnp...

1 year ago 0 0 0 0