namishelex01 · August 31, 2018 11:24
diff --git a/Top Vulnerabilities WebApp b/Top Vulnerabilities WebApp
 > WordPress Plugin Quizlord 2.0 - XSS	
 > WordPress Plugin Jibu Pro 1.7 - XSS	
 > phpMyAdmin 4.7.x - XSRF	
 > WordPress Plugin Plainview Activity Monitor 20161228 - (Authenticated) Command Injection	
 > Responsive FileManager < 9.13.4 - Directory Traversal	
 > LiteCart 2.1.2 - Arbitrary File Upload	
 > Gleez CMS 1.2.0 - XSRF (Add Admin)	
 > WordPress Plugin Gift Voucher 1.0.5 - 'template_id' SQLi	
 > UltimatePOS 2.5 - RCE	
 > Twitter-Clone 1 - 'code' SQLi	
 > KingMedia 4.1 - RCE	
 > Wordpress Plugin Ninja Forms 3.3.13 - CSV Injection	
 > Twitter-Clone 1 - XSRF (Delete Post)	
 > Twitter-Clone 1 - 'userid' SQLi	
 > Countly - Persistent XSS	
 > Easylogin Pro 1.3.0 - 'Encryptor.php' Unserialize RCE	
 > WordPress Plugin Tagregator 0.6 - XSS	
 > MyBB Moderator Log Notes Plugin 1.1 - XSRF	
 > WordPress Plugin Chained Quiz 1.0.8 - 'answer' SQLi	
 > Pimcore 5.2.3 - SQLi / XSS / XSRF	
 > WordPress Plugin Export Users to CSV 1.1.1 - CSV Injection	
 > MyBB Like Plugin 3.0.0 - XSS	
 > MyBB Thank You/Like Plugin 3.0.0 - XSS	
 > Zimbra 8.6.0_GA_1153 - XSS	
 > Monstra-Dev 3.0.4 - XSRF (Account Hijacking)	
 > OpenEMR < 5.0.1 - RCE	
 > Monstra 3.0.4 - XSS	
 > CMS ISWEB 3.5.3 - Directory Traversal	
 > onArcade 2.4.2 - XSRF (Add Admin)	
 > Subrion CMS 4.2.1 - XSS	
 > PHP Template Store Script 3.0.6 - XSS
 > CoSoSys Endpoint Protector 4.5.0.1 - Authenticated Remote Root Command Injection	
 > PageResponse FB Inboxer Add-on 1.2 - 'search_field' SQLi	
 > TI Online Examination System v2 - Arbitrary File Download	
 > WityCMS 0.6.2 - XSRF (Password Change)	
 > WordPress Plugin Responsive Thumbnail Slider - Arbitrary File Upload (Metasploit)	
 > SoftNAS Cloud < 4.0.3 - OS Command Injection	
 > Micro Focus Secure Messaging Gateway (SMG) < 471 - RCE (Metasploit)	
 > Kirby CMS 2.5.12 - XSS	
 > MSVOD 10 - 'cid' SQLi	
 > MyBB New Threads Plugin 1.1 - XSS	
 > WordPress Plugin All In One Favicon 4.6 - (Authenticated) XSS	
 > Modx Revolution < 2.6.4 - RCE	
 > FTP2FTP 1.0 - Arbitrary File Download	
 > Smart SMS & Email Manager 3.3 - 'contact_type_id' SQLi	
 > PrestaShop < 1.6.1.19 - 'BlowFish ECD' Privilege Escalation	
 > PrestaShop < 1.6.1.19 - 'AES CBC' Privilege Escalation	
 > WordPress Plugin Job Manager 4.1.0 - XSS	
 > phpMyAdmin - (Authenticated) RCE (Metasploit)	
 > Zeta Producer Desktop CMS 14.2.0 - RCE / Local File Disclosure
	> WordPress Plugin Quizlord 2.0 - XSS
	> WordPress Plugin Jibu Pro 1.7 - XSS
	> phpMyAdmin 4.7.x - XSRF
	> WordPress Plugin Plainview Activity Monitor 20161228 - (Authenticated) Command Injection
	> Responsive FileManager < 9.13.4 - Directory Traversal
	> LiteCart 2.1.2 - Arbitrary File Upload
	> Gleez CMS 1.2.0 - XSRF (Add Admin)
	> WordPress Plugin Gift Voucher 1.0.5 - 'template_id' SQLi
	> UltimatePOS 2.5 - RCE
	> Twitter-Clone 1 - 'code' SQLi
	> KingMedia 4.1 - RCE
	> Wordpress Plugin Ninja Forms 3.3.13 - CSV Injection
	> Twitter-Clone 1 - XSRF (Delete Post)
	> Twitter-Clone 1 - 'userid' SQLi
	> Countly - Persistent XSS
	> Easylogin Pro 1.3.0 - 'Encryptor.php' Unserialize RCE
	> WordPress Plugin Tagregator 0.6 - XSS
	> MyBB Moderator Log Notes Plugin 1.1 - XSRF
	> WordPress Plugin Chained Quiz 1.0.8 - 'answer' SQLi
	> Pimcore 5.2.3 - SQLi / XSS / XSRF
	> WordPress Plugin Export Users to CSV 1.1.1 - CSV Injection
	> MyBB Like Plugin 3.0.0 - XSS
	> MyBB Thank You/Like Plugin 3.0.0 - XSS
	> Zimbra 8.6.0_GA_1153 - XSS
	> Monstra-Dev 3.0.4 - XSRF (Account Hijacking)
	> OpenEMR < 5.0.1 - RCE
	> Monstra 3.0.4 - XSS
	> CMS ISWEB 3.5.3 - Directory Traversal
	> onArcade 2.4.2 - XSRF (Add Admin)
	> Subrion CMS 4.2.1 - XSS
	> PHP Template Store Script 3.0.6 - XSS
	> CoSoSys Endpoint Protector 4.5.0.1 - Authenticated Remote Root Command Injection
	> PageResponse FB Inboxer Add-on 1.2 - 'search_field' SQLi
	> TI Online Examination System v2 - Arbitrary File Download
	> WityCMS 0.6.2 - XSRF (Password Change)
	> WordPress Plugin Responsive Thumbnail Slider - Arbitrary File Upload (Metasploit)
	> SoftNAS Cloud < 4.0.3 - OS Command Injection
	> Micro Focus Secure Messaging Gateway (SMG) < 471 - RCE (Metasploit)
	> Kirby CMS 2.5.12 - XSS
	> MSVOD 10 - 'cid' SQLi
	> MyBB New Threads Plugin 1.1 - XSS
	> WordPress Plugin All In One Favicon 4.6 - (Authenticated) XSS
	> Modx Revolution < 2.6.4 - RCE
	> FTP2FTP 1.0 - Arbitrary File Download
	> Smart SMS & Email Manager 3.3 - 'contact_type_id' SQLi
	> PrestaShop < 1.6.1.19 - 'BlowFish ECD' Privilege Escalation
	> PrestaShop < 1.6.1.19 - 'AES CBC' Privilege Escalation
	> WordPress Plugin Job Manager 4.1.0 - XSS
	> phpMyAdmin - (Authenticated) RCE (Metasploit)
	> Zeta Producer Desktop CMS 14.2.0 - RCE / Local File Disclosure