Lucene search
K

7 matches found

wpexploit
wpexploit
added 2024/04/24 12:0 a.m.142 views

HL Twitter <= 2014.1.18 - Admin+ Stored XSS via Widget

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup 1. In the widget area, add the widget...

5.7AI score0.00331EPSS
Exploits2
wpexploit
wpexploit
added 2024/04/24 12:0 a.m.129 views

HL Twitter <= 2014.1.18 - Settings Update via CSRF

Description The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack Have a logged in admin open an HTML page containing:...

6.7AI score0.00204EPSS
Exploits2
wpexploit
wpexploit
added 2024/04/24 12:0 a.m.153 views

Base64 Encoder/Decoder <= 0.9.2 - Reflected XSS

Description The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin Make a logged in admin open the URL below...

6AI score0.00741EPSS
Exploits2
wpexploit
wpexploit
added 2024/04/24 12:0 a.m.144 views

Shortcodes Ultimate < 7.1.2 - Contributor+ Stored XSS

Description The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin Add the following shortcode to a post: sulightbox src='123"onmouseover="alert1"'Click...

6AI score0.00441EPSS
Exploits2References1
wpexploit
wpexploit
added 2024/04/24 12:0 a.m.155 views

Base64 Encoder/Decoder <= 0.9.2 - Stored XSS via CSRF

Description The plugin does not have CSRF check when updating its settings, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack Make a logged in admin open an HTML file containing the following: alert999'...

5.9AI score0.00217EPSS
Exploits2
wpexploit
wpexploit
added 2024/04/24 12:0 a.m.155 views

SP Project & Document Manager <= 4.71 - Subscriber+ File Download via IDOR

Description The plugin lacks proper access controllers and allows a logged in user to view and download files belonging to another user As a logged in user, send a GET request: GET /wp-admin/admin-ajax.php?action=cdmfilelist&uid=3CHANGE HERE&pid=0CHANGE HERE&search=&=1708406394720 You can view...

6.6AI score0.00523EPSS
Exploits2
wpexploit
wpexploit
added 2024/04/24 12:0 a.m.138 views

month name translation benaceur < 2.3.8 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup 1. Go to...

5.7AI score0.00352EPSS
Exploits2
Rows per page
Query Builder