Skip to content

Instantly share code, notes, and snippets.

View jasoncarle's full-sized avatar

jason carle jasoncarle

1 follower · 7 following
View GitHub Profile
@jasoncarle
jasoncarle / spin-wheel-2.0.2-client-side-prize-manipulation.MD
Created December 17, 2025 14:36
Spin Wheel <= v2.0.2 Client-Side Prize Selection Manipulation Vulnerability

Spin Wheel <= v2.0.2 Client-Side Prize Selection Manipulation Vulnerability

  • Discovery date: 17/12/2025
  • Discovered by: jason carle
  • Reported to: Wordfence

Plugin Information

@jasoncarle
jasoncarle / userback-1.0.15-missing-auth-vuln.MD
Last active December 17, 2025 14:18
Userback <= 1.0.15 Missing Authorization Vulnerability

Userback <= 1.0.15 WP Plugin Missing Authorization Vulnerability

  • Discovery date: 8/12/2025
  • Discovered by: jason carle
  • Reported to: Wordfence

Plugin Information

@jasoncarle
jasoncarle / vuln-url-media-uploader.MD
Last active December 17, 2025 15:04
URL Media Uploader v1.0.1 - Privilege Escalation / Missing Auth Vulnerability

URL Media Uploader Plugin <= v1.0.1 Privilege Escalation Vulnerability

Summary

Plugin Name: URL Media Uploader
Plugin Slug: url-media-uploader
WP.org Repo URL: https://wordpress.org/plugins/url-media-uploader/
Affected Versions: 1.0.0 - 1.0.1 (Latest)
Vulnerability Type: Missing Authorization / Privilege Escalation
Discovery Date: November 26, 2025

@jasoncarle
jasoncarle / linkview-stored-xss.MD
Last active November 3, 2025 14:08
Link View <= v0.8.0 Stored XSS Vulnerability

Link View <= v0.8.0 plugin - Stored Cross-Site Scripting (XSS)

  • Discovery date: 3/11/2025
  • Discovered by: jsonc
  • Reported to: None - went to disclose to find it's already reported :D

Plugin Information

@jasoncarle
jasoncarle / context-blog-theme-1.2.5-unauth-access-vuln.MD.md
Last active February 18, 2026 03:26
Context Blog Theme <= 1.2.5 Vulnerability
@jasoncarle
jasoncarle / topbar-1.0-csrf.MD
Last active October 15, 2025 01:31
TopBar <= v1.0.0 CSRF Unauthorized Access Vulnerability