Vulnerability research by Dr. John Umoru of ClarenSec.
Each directory holds a write-up, a PoC script, and (where applicable) a video walkthrough. Findings are published after coordinated disclosure with the vendor, or after the plugin has been confirmed unmaintained.
| ID | Plugin | Class | CVSS |
|---|---|---|---|
CVE-2026-6433 |
FlipperCode Custom CSS, JS & PHP <= 2.0.7 |
Unauth SQLi → RCE | 9.8 |
RSSSL 9.5.10 2FA Bypass |
Really Simple Security <= 9.5.10 |
2FA Auth Bypass | 8.1 |
Run these only against systems you own or are explicitly authorized to test. Educational and defensive research only.
Dr. John Umoru · ClarenSec · clarensec.com · @johnumorujo · john@clarensec.com