abrahack
@abrahack.bsky.social
Bug Bounty Hunter | hackerone.com/abrahack .
Synack Red Team Member @SynackRedTeam | acropolis.synack.com/inductees/abrahack
My blog | https://abrahack.com
Synack Red Team Member @SynackRedTeam | acropolis.synack.com/inductees/abrahack
My blog | https://abrahack.com
Pinned
abrahack
@abrahack.bsky.social
· Mar 24
Gamipress SQLi
Full Disclosure of CVE-2024-13496
abrahack.com
I just released a new blog post.
In this post we explore an unauthenticated SQLi (CVE-2024-13496) affecting GamiPress Wordpress Plugin.
Check it out on my blog post.
abrahack.com/posts/gamipr...
In this post we explore an unauthenticated SQLi (CVE-2024-13496) affecting GamiPress Wordpress Plugin.
Check it out on my blog post.
abrahack.com/posts/gamipr...
I just released a new blog post.
In this post we explore an unauthenticated "Second Order" SQLi (CVE-2024-10628) affecting Quiz Maker Pro Wordpress Plugin.
Check it out on my blog post.
abrahack.com/posts/quiz-m...
In this post we explore an unauthenticated "Second Order" SQLi (CVE-2024-10628) affecting Quiz Maker Pro Wordpress Plugin.
Check it out on my blog post.
abrahack.com/posts/quiz-m...
Quiz Maker SQLi
Full Disclosure of CVE-2024-10628 - Second Order SQLi
abrahack.com
March 28, 2025 at 7:11 AM
I just released a new blog post.
In this post we explore an unauthenticated "Second Order" SQLi (CVE-2024-10628) affecting Quiz Maker Pro Wordpress Plugin.
Check it out on my blog post.
abrahack.com/posts/quiz-m...
In this post we explore an unauthenticated "Second Order" SQLi (CVE-2024-10628) affecting Quiz Maker Pro Wordpress Plugin.
Check it out on my blog post.
abrahack.com/posts/quiz-m...
I have published a full disclosure of this vulnerability.
You can find the details exclusively on my blog.
abrahack.com/posts/quiz-m...
You can find the details exclusively on my blog.
abrahack.com/posts/quiz-m...
March 28, 2025 at 7:10 AM
I have published a full disclosure of this vulnerability.
You can find the details exclusively on my blog.
abrahack.com/posts/quiz-m...
You can find the details exclusively on my blog.
abrahack.com/posts/quiz-m...
I just released a new blog post.
In this post we explore an unauthenticated SQLi (CVE-2024-13496) affecting GamiPress Wordpress Plugin.
Check it out on my blog post.
abrahack.com/posts/gamipr...
In this post we explore an unauthenticated SQLi (CVE-2024-13496) affecting GamiPress Wordpress Plugin.
Check it out on my blog post.
abrahack.com/posts/gamipr...
Gamipress SQLi
Full Disclosure of CVE-2024-13496
abrahack.com
March 24, 2025 at 9:19 AM
I just released a new blog post.
In this post we explore an unauthenticated SQLi (CVE-2024-13496) affecting GamiPress Wordpress Plugin.
Check it out on my blog post.
abrahack.com/posts/gamipr...
In this post we explore an unauthenticated SQLi (CVE-2024-13496) affecting GamiPress Wordpress Plugin.
Check it out on my blog post.
abrahack.com/posts/gamipr...
I have published a full disclosure of this vulnerability.
You can find the details exclusively on my blog.
abrahack.com/posts/gamipr...
You can find the details exclusively on my blog.
abrahack.com/posts/gamipr...
March 24, 2025 at 9:19 AM
I have published a full disclosure of this vulnerability.
You can find the details exclusively on my blog.
abrahack.com/posts/gamipr...
You can find the details exclusively on my blog.
abrahack.com/posts/gamipr...
I have published a full disclosure of this vulnerability.
You can find the details exclusively on my blog.
abrahack.com/posts/wp-fil...
You can find the details exclusively on my blog.
abrahack.com/posts/wp-fil...
March 14, 2025 at 8:30 AM
I have published a full disclosure of this vulnerability.
You can find the details exclusively on my blog.
abrahack.com/posts/wp-fil...
You can find the details exclusively on my blog.
abrahack.com/posts/wp-fil...
I just released a new blog post.
In this post we explore an unauthenticated RCE (CVE-2024-11613) .
This post also details a new attack vector.
Check it out on my blog post.
abrahack.com/posts/wp-fil...
In this post we explore an unauthenticated RCE (CVE-2024-11613) .
This post also details a new attack vector.
Check it out on my blog post.
abrahack.com/posts/wp-fil...
WordPress File Upload RCE Part2
Full Disclosure of CVE-2024-11613 - When Patches Introduce New Vulnerabilities
abrahack.com
March 14, 2025 at 8:27 AM
I just released a new blog post.
In this post we explore an unauthenticated RCE (CVE-2024-11613) .
This post also details a new attack vector.
Check it out on my blog post.
abrahack.com/posts/wp-fil...
In this post we explore an unauthenticated RCE (CVE-2024-11613) .
This post also details a new attack vector.
Check it out on my blog post.
abrahack.com/posts/wp-fil...
I published a full disclosure of CVE-2024-9939 (CVSS 3.1 Score: 7.5) and CVE-2024-11635 CVSS 3.1 Score: 9.8).
In this post we explore two vulnerabilities;
Unauthenticated Arbitrary File Read.
Unauthenticated RCE.
Both affecting the WP File Upload, WordPress plugin.
In this post we explore two vulnerabilities;
Unauthenticated Arbitrary File Read.
Unauthenticated RCE.
Both affecting the WP File Upload, WordPress plugin.
A CVE of mine CVE-2024-11635 (CVSS:3.1 9.8 Critical) has been released today.
You can read more about it at the link below www.wordfence.com/threat-intel...
I would be making a full disclosure exclusively on my blog abrahack.com, on the 7th March 2025.
Please save the date.
You can read more about it at the link below www.wordfence.com/threat-intel...
I would be making a full disclosure exclusively on my blog abrahack.com, on the 7th March 2025.
Please save the date.
WordPress File Upload <= 4.24.12 - Unuathenticated Remote Code Execution — Wordfence Intelligence
www.wordfence.com
March 7, 2025 at 6:09 AM
I published a full disclosure of CVE-2024-9939 (CVSS 3.1 Score: 7.5) and CVE-2024-11635 CVSS 3.1 Score: 9.8).
In this post we explore two vulnerabilities;
Unauthenticated Arbitrary File Read.
Unauthenticated RCE.
Both affecting the WP File Upload, WordPress plugin.
In this post we explore two vulnerabilities;
Unauthenticated Arbitrary File Read.
Unauthenticated RCE.
Both affecting the WP File Upload, WordPress plugin.
A CVE of mine CVE-2024-10628 (CVSS:3.1 7.5 High) has been released today.
Full disclosure exclusively on my blog abrahack.com, on the 28th March 2025.
You can read more about it at the link below www.wordfence.com/threat-intel...
Please save the date.
Full disclosure exclusively on my blog abrahack.com, on the 28th March 2025.
You can read more about it at the link below www.wordfence.com/threat-intel...
Please save the date.
www.wordfence.com
January 25, 2025 at 4:53 PM
A CVE of mine CVE-2024-10628 (CVSS:3.1 7.5 High) has been released today.
Full disclosure exclusively on my blog abrahack.com, on the 28th March 2025.
You can read more about it at the link below www.wordfence.com/threat-intel...
Please save the date.
Full disclosure exclusively on my blog abrahack.com, on the 28th March 2025.
You can read more about it at the link below www.wordfence.com/threat-intel...
Please save the date.
A CVE of mine CVE-2024-10574 (CVSS:3.1 7.2 High) has been released today.
Full disclosure exclusively on my blog abrahack.com, on the 28th March 2025.
You can read more about it at the link below www.wordfence.com/threat-intel...
Please save the date.
Full disclosure exclusively on my blog abrahack.com, on the 28th March 2025.
You can read more about it at the link below www.wordfence.com/threat-intel...
Please save the date.
www.wordfence.com
January 25, 2025 at 4:52 PM
A CVE of mine CVE-2024-10574 (CVSS:3.1 7.2 High) has been released today.
Full disclosure exclusively on my blog abrahack.com, on the 28th March 2025.
You can read more about it at the link below www.wordfence.com/threat-intel...
Please save the date.
Full disclosure exclusively on my blog abrahack.com, on the 28th March 2025.
You can read more about it at the link below www.wordfence.com/threat-intel...
Please save the date.
A CVE of mine CVE-2024-10633 (CVSS:3.1 7.3 High) has been released today.
Full disclosure exclusively on my blog abrahack.com, at a later date in a larger series.
You can read more about it at the link below www.wordfence.com/threat-intel...
Full disclosure exclusively on my blog abrahack.com, at a later date in a larger series.
You can read more about it at the link below www.wordfence.com/threat-intel...
www.wordfence.com
January 25, 2025 at 4:51 PM
A CVE of mine CVE-2024-10633 (CVSS:3.1 7.3 High) has been released today.
Full disclosure exclusively on my blog abrahack.com, at a later date in a larger series.
You can read more about it at the link below www.wordfence.com/threat-intel...
Full disclosure exclusively on my blog abrahack.com, at a later date in a larger series.
You can read more about it at the link below www.wordfence.com/threat-intel...
A CVE of mine CVE-2024-10636 (CVSS:3.1 6.1 Medium) has been released today.
Full disclosure exclusively on my blog abrahack.com, at a later date in a larger series.
You can read more about it at the link below www.wordfence.com/threat-intel...
Full disclosure exclusively on my blog abrahack.com, at a later date in a larger series.
You can read more about it at the link below www.wordfence.com/threat-intel...
www.wordfence.com
January 25, 2025 at 4:50 PM
A CVE of mine CVE-2024-10636 (CVSS:3.1 6.1 Medium) has been released today.
Full disclosure exclusively on my blog abrahack.com, at a later date in a larger series.
You can read more about it at the link below www.wordfence.com/threat-intel...
Full disclosure exclusively on my blog abrahack.com, at a later date in a larger series.
You can read more about it at the link below www.wordfence.com/threat-intel...
I just released a new blog post, in this post we take a deep dive into a payment bypass flaw in the LearnPress – WordPress LMS Plugin.
abrahack.com/posts/learnp...
abrahack.com/posts/learnp...
Learnpress Sensitive Information Exposure
Full Disclosure of CVE-2024-11868
abrahack.com
January 25, 2025 at 7:36 AM
I just released a new blog post, in this post we take a deep dive into a payment bypass flaw in the LearnPress – WordPress LMS Plugin.
abrahack.com/posts/learnp...
abrahack.com/posts/learnp...
A CVE of mine CVE-2024-13496 (CVSS:3.1 7.5 High) has been released today.
Full disclosure exclusively on my blog abrahack.com, on the 24th March 2025.
You can read more about it at the link below www.wordfence.com/threat-intel...
Please save the date.
Full disclosure exclusively on my blog abrahack.com, on the 24th March 2025.
You can read more about it at the link below www.wordfence.com/threat-intel...
Please save the date.
GamiPress <= 7.2.1 - Unauthenticated SQL Injection via orderby Parameter — Wordfence Intelligence
www.wordfence.com
January 21, 2025 at 11:07 PM
A CVE of mine CVE-2024-13496 (CVSS:3.1 7.5 High) has been released today.
Full disclosure exclusively on my blog abrahack.com, on the 24th March 2025.
You can read more about it at the link below www.wordfence.com/threat-intel...
Please save the date.
Full disclosure exclusively on my blog abrahack.com, on the 24th March 2025.
You can read more about it at the link below www.wordfence.com/threat-intel...
Please save the date.
A CVE of mine CVE-2024-13499 (CVSS:3.1 7.3 High) has been released today.
Full disclosure exclusively on my blog abrahack.com, at a later date in a larger series.
You can read more about it at the link below www.wordfence.com/threat-intel...
Please save the date.
Full disclosure exclusively on my blog abrahack.com, at a later date in a larger series.
You can read more about it at the link below www.wordfence.com/threat-intel...
Please save the date.
GamiPress <= 7.2.1 - Unauthenticated Arbitrary Shortcode Execution via gamipress_do_shortcode() Function — Wordfence Intelligence
www.wordfence.com
January 21, 2025 at 11:07 PM
A CVE of mine CVE-2024-13499 (CVSS:3.1 7.3 High) has been released today.
Full disclosure exclusively on my blog abrahack.com, at a later date in a larger series.
You can read more about it at the link below www.wordfence.com/threat-intel...
Please save the date.
Full disclosure exclusively on my blog abrahack.com, at a later date in a larger series.
You can read more about it at the link below www.wordfence.com/threat-intel...
Please save the date.
January 13, 2025 at 9:39 AM
I just released a new blog post, in this post we take a deep dive into a Critical Local File Inclusion issue in the Chartify – WordPress Chart Plugin.
abrahack.com/posts/chart-...
abrahack.com/posts/chart-...
Chart Builder LFI
Full Disclosure on CVE-2024-10571
abrahack.com
January 13, 2025 at 9:38 AM
I just released a new blog post, in this post we take a deep dive into a Critical Local File Inclusion issue in the Chartify – WordPress Chart Plugin.
abrahack.com/posts/chart-...
abrahack.com/posts/chart-...
As promised full disclosure on my blog on 13th January 2025.
save the date.
save the date.
A CVE of mine CVE-2024-10571 (CVSS:3.1 9.8 Critical) has been released today.
You can read more about it at the link below www.wordfence.com/threat-intel... .
I would be making a full disclosure exclusively on my blog abrahack.com, on the 13th January 2025.
Please save the date.
You can read more about it at the link below www.wordfence.com/threat-intel... .
I would be making a full disclosure exclusively on my blog abrahack.com, on the 13th January 2025.
Please save the date.
Chartify – WordPress Chart Plugin <= 2.9.5 - Unauthenticated Local File Inclusion via source — Wordfence Intelligence
www.wordfence.com
January 7, 2025 at 9:05 PM
As promised full disclosure on my blog on 13th January 2025.
save the date.
save the date.
A CVE of mine CVE-2024-11613 (CVSS:3.1 9.8 Critical) has been released today.
You can read more about it at the link below www.wordfence.com/threat-intel...
I would be making a full disclosure exclusively on my blog abrahack.com, on the 14th March 2025.
Please save the date.
You can read more about it at the link below www.wordfence.com/threat-intel...
I would be making a full disclosure exclusively on my blog abrahack.com, on the 14th March 2025.
Please save the date.
WordPress File Upload <= 4.24.15 - Unauthenticated Remote Code Execution, Arbitrary File Read, and Arbitrary File Deletion — Wordfence Intelligence
www.wordfence.com
January 7, 2025 at 9:01 PM
A CVE of mine CVE-2024-11613 (CVSS:3.1 9.8 Critical) has been released today.
You can read more about it at the link below www.wordfence.com/threat-intel...
I would be making a full disclosure exclusively on my blog abrahack.com, on the 14th March 2025.
Please save the date.
You can read more about it at the link below www.wordfence.com/threat-intel...
I would be making a full disclosure exclusively on my blog abrahack.com, on the 14th March 2025.
Please save the date.
A CVE of mine CVE-2024-11635 (CVSS:3.1 9.8 Critical) has been released today.
You can read more about it at the link below www.wordfence.com/threat-intel...
I would be making a full disclosure exclusively on my blog abrahack.com, on the 7th March 2025.
Please save the date.
You can read more about it at the link below www.wordfence.com/threat-intel...
I would be making a full disclosure exclusively on my blog abrahack.com, on the 7th March 2025.
Please save the date.
WordPress File Upload <= 4.24.12 - Unuathenticated Remote Code Execution — Wordfence Intelligence
www.wordfence.com
January 7, 2025 at 9:01 PM
A CVE of mine CVE-2024-11635 (CVSS:3.1 9.8 Critical) has been released today.
You can read more about it at the link below www.wordfence.com/threat-intel...
I would be making a full disclosure exclusively on my blog abrahack.com, on the 7th March 2025.
Please save the date.
You can read more about it at the link below www.wordfence.com/threat-intel...
I would be making a full disclosure exclusively on my blog abrahack.com, on the 7th March 2025.
Please save the date.
A CVE of mine CVE-2024-9939 (CVSS:3.1 7.5 High) has been released today.
You can read more about it at the link below www.wordfence.com/threat-intel...
I would be making a full disclosure exclusively on my blog abrahack.com, on the 7th March 2025.
Please save the date.
You can read more about it at the link below www.wordfence.com/threat-intel...
I would be making a full disclosure exclusively on my blog abrahack.com, on the 7th March 2025.
Please save the date.
WordPress File Upload <= 4.24.13 - Unauthenticated Path Traversal to Arbitrary File Read in wfu_file_downloader.php — Wordfence Intelligence
www.wordfence.com
January 7, 2025 at 9:01 PM
A CVE of mine CVE-2024-9939 (CVSS:3.1 7.5 High) has been released today.
You can read more about it at the link below www.wordfence.com/threat-intel...
I would be making a full disclosure exclusively on my blog abrahack.com, on the 7th March 2025.
Please save the date.
You can read more about it at the link below www.wordfence.com/threat-intel...
I would be making a full disclosure exclusively on my blog abrahack.com, on the 7th March 2025.
Please save the date.
A CVE of mine CVE-2024-11868 (CVSS:3.1 5.3 Medium) has been released today.
You can read more about it at the link below www.wordfence.com/threat-intel...
I would be making a full disclosure exclusively on my blog abrahack.com, on the 25th January 2025.
Please save the date.
You can read more about it at the link below www.wordfence.com/threat-intel...
I would be making a full disclosure exclusively on my blog abrahack.com, on the 25th January 2025.
Please save the date.
LearnPress – WordPress LMS Plugin <= 4.2.7.3 - Course Material Sensitive Information Exposure via REST API — Wordfence Intelligence
www.wordfence.com
December 10, 2024 at 12:32 PM
A CVE of mine CVE-2024-11868 (CVSS:3.1 5.3 Medium) has been released today.
You can read more about it at the link below www.wordfence.com/threat-intel...
I would be making a full disclosure exclusively on my blog abrahack.com, on the 25th January 2025.
Please save the date.
You can read more about it at the link below www.wordfence.com/threat-intel...
I would be making a full disclosure exclusively on my blog abrahack.com, on the 25th January 2025.
Please save the date.
A CVE of mine CVE-2024-10567 (CVSS:3.1 7.5 High) has been released today.
You can read more about it at the link below www.wordfence.com/threat-intel... .
I would be making a full disclosure exclusively on my blog abrahack.com, next year in a larger series.
You can read more about it at the link below www.wordfence.com/threat-intel... .
I would be making a full disclosure exclusively on my blog abrahack.com, next year in a larger series.
TI WooCommerce Wishlist <= 2.9.1 - Missing Authorization to Unauthenticated Plugin Setup Wizard Access — Wordfence Intelligence
www.wordfence.com
December 3, 2024 at 8:04 PM
A CVE of mine CVE-2024-10567 (CVSS:3.1 7.5 High) has been released today.
You can read more about it at the link below www.wordfence.com/threat-intel... .
I would be making a full disclosure exclusively on my blog abrahack.com, next year in a larger series.
You can read more about it at the link below www.wordfence.com/threat-intel... .
I would be making a full disclosure exclusively on my blog abrahack.com, next year in a larger series.
Newsletter
Stay updated with our latest security research, CVEs, and more. Subscribe now!
abrahack.com
November 22, 2024 at 12:04 PM
A CVE of mine CVE-2024-10571 (CVSS:3.1 9.8 Critical) has been released today.
You can read more about it at the link below www.wordfence.com/threat-intel... .
I would be making a full disclosure exclusively on my blog abrahack.com, on the 13th January 2025.
Please save the date.
You can read more about it at the link below www.wordfence.com/threat-intel... .
I would be making a full disclosure exclusively on my blog abrahack.com, on the 13th January 2025.
Please save the date.
Chartify – WordPress Chart Plugin <= 2.9.5 - Unauthenticated Local File Inclusion via source — Wordfence Intelligence
www.wordfence.com
November 13, 2024 at 10:04 PM
A CVE of mine CVE-2024-10571 (CVSS:3.1 9.8 Critical) has been released today.
You can read more about it at the link below www.wordfence.com/threat-intel... .
I would be making a full disclosure exclusively on my blog abrahack.com, on the 13th January 2025.
Please save the date.
You can read more about it at the link below www.wordfence.com/threat-intel... .
I would be making a full disclosure exclusively on my blog abrahack.com, on the 13th January 2025.
Please save the date.
I just released a new blog post, in this post we take a deep dive into two Critical issues in the learnpress WP plugin.
abrahack.com/posts/learnp...
abrahack.com/posts/learnp...
Learnpress SQLi
Intro. In this post we will be exploring two CVE’s, CVE-2024-8529 - CVSS 3.1 10.0 Critical & CVE-2024-8522 - CVSS 3.1 10.0 Critical affecting LearnPress – WordPress LMS Plugin.
A few months ago, I was...
abrahack.com
November 11, 2024 at 1:10 AM
I just released a new blog post, in this post we take a deep dive into two Critical issues in the learnpress WP plugin.
abrahack.com/posts/learnp...
abrahack.com/posts/learnp...