List of the public advisories and exploits I have found to the date.

2020

• rConfig v3.9.5 - Multiple RCEs & Authentication Bypasses - SSD Advisory

• OpenEDX Platform - RCE, CSVi and Stored XSS

  • CVE-2020-13144
  • CVE-2020-13145
  • CVE-2020-13146

• SEOPanel 4.6.0 - Remote Code Execution (CVE-2020-27461)

• Online Course Registration 2.0 - Authentication Bypass (CVE-2020-12429) - Exploit-DB

• Lotus Core CMS v.1.0.1 - Local File Inclusion (CVE-2020-8641) - Exploit-DB

• WordPress Plugin: Media Library Assistant v2.81

  • Local File Inclusion (CVE-2020-11372) - Exploit-DB
  • Multiple XSS (CVE-2020-11371) - Exploit-DB

• WordPress Plugin: Appointment Booking Calendar 1.3.34

  • CSV Injection (CVE-2020-9372) - Exploit-DB
  • Stored XSS (CVE-2020-9371)

• WordPress Plugin: Search Meter 2.13.2 - CSV Injection (CVE-2020-11548) - Exploit-DB