Projects in Awesome Lists by RandomRobbieBF
A curated list of projects in awesome lists by RandomRobbieBF .
https://github.com/randomrobbiebf/cve-2023-32243
CVE-2023-32243 - Essential Addons for Elementor 5.4.0-5.7.1 - Unauthenticated Privilege Escalation
cve-2023-32243 wordpress-exploit wordpress-plugin
Last synced: 08 Jul 2025
https://github.com/randomrobbiebf/cve-2023-2982
WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) <= 7.6.4 - Authentication Bypass
Last synced: 12 Feb 2026
https://github.com/RandomRobbieBF/grafana-ssrf
Authenticated SSRF in Grafana
Last synced: 02 Apr 2025
https://github.com/randomrobbiebf/grafana-ssrf
Authenticated SSRF in Grafana
Last synced: 14 Apr 2025
https://github.com/randomrobbiebf/marshalsec-jar
marshalsec-0.0.3-SNAPSHOT-all compiled on X64
Last synced: 19 Sep 2025
https://github.com/randomrobbiebf/phpunit-brute
Tool to try multiple paths for PHPunit RCE CVE-2017-9841
bugbounty cve-2017-9841 phpunit
Last synced: 08 Jul 2025
https://github.com/randomrobbiebf/wordpress-plugin-list
Wordpress Plugins List for Bruteforcing.
Last synced: 14 Mar 2025
https://github.com/randomrobbiebf/service-now
Service-Now Article Bruteforcer
Last synced: 08 Jul 2025
https://github.com/randomrobbiebf/nuclei-drupal-sa
Nuclei templates for drupal vulns... far from perfect
Last synced: 02 Jan 2026
https://github.com/randomrobbiebf/kong-pwn
Use Exposed KongAPI to act like a proxy and get metadata urls or internal urls
Last synced: 08 Jul 2025
https://github.com/randomrobbiebf/cve-2023-2732
MStore API <= 3.9.2 - Authentication Bypass
Last synced: 13 Apr 2025
https://github.com/randomrobbiebf/cve-2023-5412
Image horizontal reel scroll slideshow <= 13.2 - Authenticated (Subscriber+) SQL Injection via Shortcode
Last synced: 01 Jan 2026
https://github.com/randomrobbiebf/super-secret-finder
Burp Plugin for Secret Matching
Last synced: 26 Jul 2025
https://github.com/randomrobbiebf/simple-file-list-rce
Simple File List < 4.2.3 - Unauthenticated Arbitrary File Upload RCE
Last synced: 08 Jul 2025
https://github.com/randomrobbiebf/cve-2024-10924
Really Simple Security (Free, Pro, and Pro Multisite) 9.0.0 – 9.1.1.1 – Authentication Bypass
Last synced: 03 Aug 2025
https://github.com/randomrobbiebf/cve-2022-0952
Sitemap by click5 < 1.0.36 - Unauthenticated Arbitrary Options Update
Last synced: 13 Apr 2025
https://github.com/randomrobbiebf/cve-2024-22145
InstaWP Connect <= 0.1.0.8 - Missing Authorization to Arbitrary Options Update (Subscriber+)
cve-2024-22145 exploit instawp-connect wordpress
Last synced: 08 Oct 2025
https://github.com/randomrobbiebf/cve-2023-47840
Qode Essential Addons <= 1.5.2 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Installation/Activation
Last synced: 01 Oct 2025
https://github.com/randomrobbiebf/cve-2024-9932
Wux Blog Editor <= 3.0.0 - Unauthenticated Arbitrary File Upload
Last synced: 14 Mar 2025
https://github.com/randomrobbiebf/log4j-exploits
Log4J Exploits for Different Systems
Last synced: 13 Apr 2025
https://github.com/randomrobbiebf/cve-2024-49681
WP Sessions Time Monitoring Full Automatic <= 1.0.9 - Unauthenticated SQL Injection
Last synced: 15 Aug 2025
https://github.com/randomrobbiebf/wordpress-exploits
Random Wordpres Exploits May or May Not Work.
Last synced: 02 Jan 2026
https://github.com/randomrobbiebf/cve-2022-3904
CVE-2022-3904 MonsterInsights < 8.9.1 - Stored Cross-Site Scripting via Google Analytics
Last synced: 12 Jun 2025
https://github.com/randomrobbiebf/csp-log4j
Finds CSP report urls and tests to see if they are vulnerable to log4j
Last synced: 08 Jul 2025
https://github.com/randomrobbiebf/cve-2024-0679
ColorMag <= 3.1.2 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Installation/Activation
cve-2024-0679 exploit wordpress
Last synced: 29 Dec 2025
https://github.com/randomrobbiebf/cve-2024-6624
JSON API User <= 3.9.3 - Unauthenticated Privilege Escalation
Last synced: 24 Jan 2026
https://github.com/randomrobbiebf/cve-2023-2877
Formidable Forms < 6.3.1 - Subscriber+ Remote Code Execution
Last synced: 13 Apr 2025
https://github.com/randomrobbiebf/django-bruteforce
Django Admin Url Bruteforce tool.
Last synced: 14 Aug 2025
https://github.com/randomrobbiebf/cve-2023-0630
CVE-2023-0630 - Slimstat Analytics < 4.9.3.3 - Subscriber+ SQL Injection
cve-2023-0630 exploit wordpress wordpress-plugin
Last synced: 13 Apr 2025
https://github.com/randomrobbiebf/cve-2024-50483
Meetup <= 0.1 - Authentication Bypass via Account Takeover
Last synced: 02 Jan 2026
https://github.com/randomrobbiebf/wordpress-php-object-helper
Know a plugin has a php object exploit but need to find which lib to use?
Last synced: 13 Apr 2025
https://github.com/randomrobbiebf/cve-2023-6700
Cookie Information | Free GDPR Consent Solution <= 2.0.22 - Authenticated (Subscriber+) Arbitrary Options Update
Last synced: 16 Oct 2025
https://github.com/randomrobbiebf/cve-2024-9935
PDF Generator Addon for Elementor Page Builder <= 1.7.5 - Unauthenticated Arbitrary File Download
Last synced: 28 Dec 2025
https://github.com/randomrobbiebf/sap-brute
SAP Netweaver Login Bruteforcer.
Last synced: 28 Dec 2025
https://github.com/randomrobbiebf/what-wordpress
Tool to extract all themes and plugins that are shown on the front page of a wordpress site.
Last synced: 14 Mar 2025
https://github.com/randomrobbiebf/woo
Exploit woocommerce SQLI and grab user and password hash
Last synced: 14 Mar 2025
https://github.com/randomrobbiebf/dom-brute
Domain TLD prefix finder / 3rd party hosted.
Last synced: 14 Mar 2025
https://github.com/randomrobbiebf/cve-2020-12077
MapPress Maps Pro < 2.53.9 - Remote Code Execution (RCE) due to Incorrect Access Control in AJAX Actions
Last synced: 12 Jun 2025
https://github.com/randomrobbiebf/wordpress-plugins-scraper
Will open the first page of wordpress website and extract all js and css links with wp-content/plugins/
Last synced: 29 Dec 2025
https://github.com/randomrobbiebf/cve-2024-4875
HT Mega – Absolute Addons For Elementor <= 2.5.2 - Missing Authorization to Options Update
Last synced: 14 Mar 2025
https://github.com/randomrobbiebf/cve-2024-25092
NextMove Lite < 2.18.0 - Subscriber+ Arbitrary Plugin Installation/Activation
Last synced: 14 Mar 2025
https://github.com/randomrobbiebf/cve-2023-6985
10Web AI Assistant – AI content writing assistant <= 1.0.18 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Installation/Activation Description
ai-assistant-by-10web cve-2023-6985 wordpress
Last synced: 14 Mar 2025
https://github.com/randomrobbiebf/cve-2024-50450
WordPress Meta Data and Taxonomies Filter (MDTF) <= 1.3.3.4 - Unauthenticated Arbitrary Shortcode Execution
Last synced: 03 Feb 2026
https://github.com/randomrobbiebf/wordpress-bf
Brute Force Wordpress Blogs.
Last synced: 29 Dec 2025
https://github.com/randomrobbiebf/cve-2023-47529
Cloud Templates & Patterns collection <= 1.2.2 - Sensitive Information Exposure via Log File
Last synced: 05 Feb 2026
https://github.com/randomrobbiebf/cve-2024-13800
Popup Plugin For WordPress - ConvertPlus <= 3.5.30 - Missing Authorization to Authenticated (Subscriber+) Limited Options Update
Last synced: 14 Feb 2026
https://github.com/randomrobbiebf/cve-2024-51665
Magical Addons For Elementor <= 1.2.1 - Authenticated (Subscriber+) Server-Side Request Forgery
Last synced: 01 Jan 2026
https://github.com/randomrobbiebf/cve-2023-46615
KD Coming Soon <= 1.7 - Unauthenticated PHP Object Injection via cetitle
Last synced: 02 Jan 2026
https://github.com/randomrobbiebf/cve-2022-0439
CVE-2022-0439 - Email Subscribers & Newsletters < 5.3.2 - Subscriber+ Blind SQL injection
Last synced: 14 Mar 2025
https://github.com/randomrobbiebf/juicy-php
Juicy-php - finds PHP info files with juicy information
Last synced: 14 Mar 2025
https://github.com/randomrobbiebf/struts-splunk
Vuln Apache Struts with splunk
Last synced: 02 Jan 2026
https://github.com/randomrobbiebf/cve-2024-9234
GutenKit <= 2.1.0 - Unauthenticated Arbitrary File Upload
Last synced: 10 Feb 2026
https://github.com/randomrobbiebf/cve-2023-51409
AI Engine: ChatGPT Chatbot <= 1.9.98 - Unauthenticated Arbitrary File Upload via rest_upload
Last synced: 11 Feb 2026
https://github.com/randomrobbiebf/cve-2024-10586
Debug Tool <= 2.2 - Unauthenticated Arbitrary File Creation
Last synced: 13 Feb 2026
https://github.com/randomrobbiebf/cve-2024-52429
WP Quick Setup <= 2.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin/Theme Installation
Last synced: 07 Jan 2026
https://github.com/randomrobbiebf/s3-from-csp
Extracts all S3 Buckets from CSP report headers and then tests for file upload vulns
Last synced: 14 Mar 2025
https://github.com/randomrobbiebf/cve-2020-36730
CMP - Coming Soon & Maintenance < 3.8.2 - Improper Access Controls on AJAX Calls (Subscriber+)
Last synced: 14 Mar 2025
https://github.com/randomrobbiebf/cve-2024-50478
1-Click Login: Passwordless Authentication 1.4.5 - Authentication Bypass via Account Takeover
Last synced: 10 Oct 2025
https://github.com/randomrobbiebf/cve-2024-43919
YARPP <= 5.30.10 - Missing Authorization
Last synced: 12 Oct 2025
https://github.com/randomrobbiebf/whatismyip-serverless
PHP - serverless IP grabber for testing SSRF
Last synced: 13 Oct 2025
https://github.com/randomrobbiebf/cve-2023-47668
Restrict Content <= 3.2.7 - Information Exposure via legacy log file
Last synced: 14 Oct 2025
https://github.com/randomrobbiebf/cve-2023-6289
Swift Performance Lite <= 2.3.6.14 - Missing Authorization to Unauthenticated Settings Export
Last synced: 15 Oct 2025
https://github.com/randomrobbiebf/cve-2024-50427
SurveyJS: Drag & Drop WordPress Form Builder <= 1.9.136 - Authenticated (Subscriber+) Arbitrary File Upload
Last synced: 16 Oct 2025
https://github.com/randomrobbiebf/cve-2021-25032
PublishPress Capabilities < 2.3.1 - Unauthenticated Arbitrary Options Update to Blog Compromise
Last synced: 25 Oct 2025
https://github.com/randomrobbiebf/cve-2023-46197
Popup by Supsystic <= 1.10.19 - Missing Authorization to Sensitive Information Exposure
Last synced: 06 Feb 2026
https://github.com/randomrobbiebf/cve-2024-13478
LTL Freight Quotes – TForce Edition <= 3.6.4 - Unauthenticated SQL Injection
Last synced: 08 Feb 2026
https://github.com/randomrobbiebf/cve-2023-40600
EWWW Image Optimizer <= 7.2.0 - Unauthenticated Sensitive Information Exposure via Debug Log
Last synced: 09 Feb 2026
https://github.com/randomrobbiebf/cve-2024-50482
Woocommerce Product Design <= 1.0.0 - Unauthenticated Arbitrary File Upload
Last synced: 12 Feb 2026
https://github.com/randomrobbiebf/cve-2024-13481
LTL Freight Quotes – R+L Carriers Edition <= 3.3.4 - Unauthenticated SQL Injection
Last synced: 14 Feb 2026
https://github.com/randomrobbiebf/cve-2024-52433
My Geo Posts Free <= 1.2 - Unauthenticated PHP Object Injection
Last synced: 11 Jan 2026
https://github.com/randomrobbiebf/randomrobbiebf
Config files for my GitHub profile.
Last synced: 29 Dec 2025
https://github.com/randomrobbiebf/cve-2024-50490
PegaPoll <= 1.0.2 - Unauthenticated Arbitrary Options Update
Last synced: 28 Oct 2025
https://github.com/randomrobbiebf/cve-2024-13483
LTL Freight Quotes – SAIA Edition <= 2.2.10 - Unauthenticated SQL Injection
Last synced: 02 Mar 2025
https://github.com/randomrobbiebf/cve-2024-13489
LTL Freight Quotes – Old Dominion Edition <= 4.2.10 - Unauthenticated SQL Injection
Last synced: 28 Nov 2025
https://github.com/randomrobbiebf/cve-2025-25163
Plugin A/B Image Optimizer <= 3.3 - Authenticated (Subscriber+) Arbitrary File Download
Last synced: 02 Mar 2025
https://github.com/randomrobbiebf/cve-2022-45354
Download Monitor <= 4.7.60 - Sensitive Information Exposure via REST API
Last synced: 29 Dec 2025
https://github.com/randomrobbiebf/cve-2024-13479
LTL Freight Quotes – SEFL Edition <= 3.2.4 - Unauthenticated SQL Injection
Last synced: 02 Feb 2026
https://github.com/randomrobbiebf/cve-2024-10629
GPX Viewer <= 2.2.8 - Authenticated (Subscriber+) Arbitrary File Creation
Last synced: 01 Jan 2026
https://github.com/randomrobbiebf/cve-2023-45828
RumbleTalk Live Group Chat <= 6.1.9 - Missing Authorization via handleRequest
Last synced: 02 Jan 2026
https://github.com/randomrobbiebf/e-signature-poc
e-signature < 1.5.6.8 - Unauthenticated Remote Code Execution
Last synced: 02 Jan 2026
https://github.com/randomrobbiebf/cve-2024-50493
Automatic Translation <= 1.0.4 - Unauthenticated Arbitrary File Upload
Last synced: 02 Jan 2026
https://github.com/randomrobbiebf/cve-2024-10470
WPLMS Learning Management System for WordPress <= 4.962 – Unauthenticated Arbitrary File Read and Deletion
Last synced: 02 Jan 2026
https://github.com/randomrobbiebf/cve-2024-13488
LTL Freight Quotes – Estes Edition <= 3.3.7 - Unauthenticated SQL Injection
Last synced: 03 Feb 2026
https://github.com/randomrobbiebf/cve-2024-9933
WatchTowerHQ <= 3.10.1 - Authentication Bypass to Administrator due to Missing Empty Value Check
Last synced: 02 Jan 2026
https://github.com/randomrobbiebf/cve-2024-2242
Contact Form 7 <= 5.9 - Reflected Cross-Site Scripting
Last synced: 29 Dec 2025
https://github.com/randomrobbiebf/cve-2023-41652
RSVPMarker <= 10.6.6 - Unauthenticated SQL Injection
Last synced: 29 Dec 2025
https://github.com/randomrobbiebf/elastic-search-email-extractor
Searches Elasticsearch database for email addresses
Last synced: 14 Mar 2025
https://github.com/randomrobbiebf/cve-2019-15896
LifterLMS <= 3.34.5 - Unauthenticated Options Import
Last synced: 13 Oct 2025
https://github.com/randomrobbiebf/cve-2024-50477
Stacks Mobile App Builder <= 5.2.3 - Authentication Bypass via Account Takeover
Last synced: 06 Feb 2026
https://github.com/randomrobbiebf/cve-2024-50476
GRÜN spendino Spendenformular <= 1.0.1 - Unauthenticated Arbitrary Options Update
Last synced: 29 Dec 2025
https://github.com/randomrobbiebf/cve-2024-50488
Token Login <= 1.0.3 - Authenticated (Subscriber+) Privilege Escalation
Last synced: 02 Jan 2026
https://github.com/randomrobbiebf/cve-2023-5070
Social Media Share Buttons & Social Sharing Icons <= 2.8.5 - Information Exposure
Last synced: 14 Mar 2025
https://github.com/randomrobbiebf/cve-2022-45808
LearnPress Plugin < 4.2.0 - Unauthenticated SQLi
Last synced: 02 Jan 2026