Abrahack's Blog

Quiz Maker SQLi

Fri, 28 Mar 2025 02:00:00 +0100

Introduction

In this post, I’ll walk through the discovery and analysis of CVE-2024-10628, a high impact vulnerability (CVSS 3.1 Score: 7.5). This vulnerability allows unauthenticated attackers to perform unauthenticated SQLi attacks.

Background

During an offsite security assessment, I noticed the Quiz Maker plugin installed on a customer’s WordPress instance. As part of my standard methodology, I obtained Business version 8.8.0 of the plugin for local analysis, which led to the discovery of an unauthenticated SQLi.

Gamipress SQLi

Mon, 24 Mar 2025 02:00:00 +0100

Introduction

In this post, I’ll walk through the discovery and analysis of CVE-2024-13496, a high impact vulnerability (CVSS 3.1 Score: 7.5). This vulnerability allows unauthenticated attackers to perform unauthenticated SQLi attacks.

Background

During an offsite security assessment, I noticed the GamiPress plugin installed on a customer’s WordPress instance. As part of my standard methodology, I downloaded version 7.2.1 of the plugin for local analysis, which led to the discovery of an unauthenticated SQLi.

WordPress File Upload RCE Part2

Fri, 14 Mar 2025 02:00:00 +0100

Introduction

In my previous post, I detailed the discovery of CVE-2024-9939 and CVE-2024-11635, high-impact vulnerabilities affecting the WordPress File Upload plugin. As promised, this follow-up examines how the vendor’s patch inadvertently introduced a new critical vulnerability (CVSS 3.1 Score: 9.8): CVE-2024-11613.

Background

After reporting the initial vulnerabilities, the WordPress File Upload plugin was updated to version 4.24.14, which removed the use of cookie-based inputs. However, during my post-patch analysis, I discovered that this fix created a new attack vector with equally severe implications.

WordPress File Upload RCE Part1

Fri, 07 Mar 2025 02:00:00 +0100

Introduction

In this post, I’ll walk through the discovery and analysis of CVE-2024-9939, a high impact vulnerability (CVSS 3.1 Score: 7.5) and CVE-2024-11635, a critical impact vulnerability (CVSS 3.1 Score: 9.8) affecting the WordPress File Upload Plugin. This vulnerability allows unauthenticated attackers to perform Arbitrary File Read and Remote Code Execution attacks.

Background

During an offsite security assessment, I noticed the WordPress File Upload Plugin installed on a customer’s WordPress instance. As part of my standard methodology, I downloaded version 4.24.11 of the plugin for local analysis, which led to the discovery of two severe security flaws;

Learnpress Sensitive Information Exposure

Sat, 25 Jan 2025 05:00:00 +0100

Introduction

This post details the discovery and analysis of CVE-2024-11868, a medium-severity vulnerability (CVSS 3.1: 5.3) in the LearnPress – WordPress LMS Plugin. The flaw allows unauthenticated attackers to access sensitive course materials, bypassing payment requirements.

Background

Following my previous analysis of LearnPress, I revisited the plugin to audit the latest version (4.2.7.3). Within hours, I identified an unauthenticated Sensitive Information Exposure vulnerability affecting paid course content.

Affected Versions

Plugin: LearnPress – WordPress LMS Plugin
Version: ≤ 4.2.7.3

Initial Analysis

My vulnerability discovery process began by identifying potential entry points. So I began to look for potential REST endpoints, with unauthenticated access.

Chart Builder LFI

Mon, 13 Jan 2025 05:22:41 +0100

Introduction

In this post, I’ll walk through the discovery and analysis of CVE-2024-10571, a critical vulnerability (CVSS 3.1 Score: 9.8) affecting the Chartify – WordPress Chart Plugin. This vulnerability allows unauthenticated attackers to perform Local File Inclusion (LFI) attacks.

Background

During an offsite security assessment, I noticed the Chartify – WordPress Chart Plugin plugin installed on a customer’s WordPress instance. As part of my standard methodology, I downloaded version 2.9.4 of the plugin for local analysis. This routine audit led to the discovery of a severe security flaw.

Learnpress SQLi

Thu, 07 Nov 2024 00:18:42 +0100

Intro.

In this post we will be exploring two CVE’s, CVE-2024-8529 - CVSS 3.1 10.0 Critical & CVE-2024-8522 - CVSS 3.1 10.0 Critical affecting LearnPress – WordPress LMS Plugin.

A few months ago, I was engaged in a pentest and came across a WordPress asset utilizing the LearnPress – WordPress LMS Plugin. I quickly confirmed the version and realized the latest version had been installed, therefore no known CVEs would work.

I decided to review past vulnerabilities on the plugin and their respective patches to see whether I could find a bypass.

Metabase One Click Rce

Sun, 06 Oct 2024 17:49:28 +0100

Intro.

In this post we would be exploring a chain of two CVE’s CVE-2022-39362 & CVE-2022-39361 affecting MetaBase .

CVE-2022-39362

This bug is a Cross Site Request Forgery (CSRF), this issue arose from the /question endpoint. The impact allowed an attacker arbitrary SQL queries on the target application, all an attacker needed was for a logged in user to click a link.

Metabase fixed this issue, by no longer automatically executing ad-hoc native queries

About

Sat, 05 Oct 2024 00:00:00 +0000

About Me

Welcome to my blog!

Hi! I’m abrahack, a Security Researcher & Bug Bounty Hunter. This blog is a place where I share my thoughts, insights, and projects related to cyber security .

Why I Started This Blog

I started this blog to talk about my journey so far, to rant a bit and share some knowledge.

What You’ll Find Here

[CVE’s]: Here we would explore CVEs indepth, either ones found my me or by other researchers.
[Bug Bounty Findings]: Here we would explore my past exploits during bug bounty research.
[Rants]: Here I express complaints and philosophical opinions about cyber security in general.

I hope you’ll find something useful, inspiring, or interesting during your visit!

Contact

Sat, 05 Oct 2024 00:00:00 +0000

Reach me at: On X, my DM’s are open

Mon, 01 Jan 0001 00:00:00 +0000

Stay updated with our latest security research, CVEs, and more. Subscribe now!

Abrahack's Blog

Quiz Maker SQLi

Introduction

Background

Gamipress SQLi

Introduction

Background

WordPress File Upload RCE Part2

Introduction

Background

WordPress File Upload RCE Part1

Introduction

Background

Learnpress Sensitive Information Exposure

Introduction

Background

Affected Versions

Initial Analysis

Chart Builder LFI

Introduction

Background

Learnpress SQLi

Intro.

Metabase One Click Rce

Intro.

CVE-2022-39362

About

About Me

Why I Started This Blog

What You’ll Find Here

Contact

Newsletter