Exploit for Incorrect Authorization in Miniorange Web3_-_Crypto_Wallet_Login_\&_Nft_Token_Gating

CVE-2023-6036 POC about Wordpress plugin Web3 – Crypto wallet...

illi Link Party! <= 1.0 - Unauthenticated Stored XSS

Description The plugin does not sanitise and escape some parameters, which could allow unauthenticated vistors to perform Cross-Site Scripting attacks. 1. Add a new link party and add its shortcode to a new post. 2. In a new private window, navigate to the post where you added the shortcode. 3...

WassUp Real Time Analytics <= 1.9.4.5 - Unauthenticated Stored XSS

Description The plugin does not escape IP address provided via some headers before outputting them back in an admin page, allowing unauthenticated users to perform Stored XSS attacks against logged in admins wget --header="X-Forwarded-For: " https://example.com -q -O- The XSS will be triggered wh...

Multiple Plugins from ServMask - Unauthenticated Access Token Update

Description The plugins do not have authorisation in the init function hooked to the admininit action, allowing unauthenticated attackers to update the access token With the All-in-One WP Migration Box Extension installed, open the below URL as unauthenticated:...

CVE-2023-0219 FluentSMTP < 2.2.3 - Stored XSS via Email Logs

The FluentSMTP WordPress plugin before 2.2.3 does not sanitize or escape email content, making it vulnerable to stored cross-site scripting attacks XSS when an administrator views the email logs. This exploit requires other plugins to enable users to send emails with unfiltered HTML...

CVE-2022-2433 WordPress Infinite Scroll – Ajax Load More <= 5.5.3 - Cross-Site Request Forgery to PHAR Deserialization

The WordPress Infinite Scroll – Ajax Load More plugin for WordPress is vulnerable to deserialization of untrusted input via the 'almrepeatersexport' parameter in versions up to, and including 5.5.3. This makes it possible for unauthenticated users to call files using a PHAR wrapper, granted they...

Social comments by WpDevArt < 2.5.0 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when unfilteredhtml is disallowed Put the following payload in any of the plugin's text field settings such as Title , Title font-size etc: "svg...

CAOS < 4.1.9 - Admin+ Arbitrary Folder Deletion via Path Traversal

The plugin does not validate the cache directory setting, allowing high privilege users to use a path traversal vector and delete arbitrary folders when uninstalling the plugin As admin, put the following payload in the "Cache directory for analytics.js" setting of the plugin: ../wp-includes, tic...

WP Sitemap Page < 1.7.0 - Admin+ Stored Cross Site Scripting

The plugin does not properly sanitise and escape some of its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. Put the following payloads in the mentioned settings of the plugin: - How to display the pos...

Print My Blog < 3.4.2 - Plugin Deactivation via CSRF

The plugin does not enforce nonce CSRF checks, which allows attackers to make logged in administrators deactivate the Print My Blog plugin and delete all saved data for that plugin by tricking them to open a malicious link...

Daily Prayer Time < 2021.08.10 - Authenticated Stored XSS

The plugin does not sanitise or escape some of its settings before outputting them in the page, leading to Authenticated Stored Cross-Site Scripting issues. Put the following payload in the Fajr, Sunrise, Zuhr, Asr, Maghrib and/or Isha field of the Language settings of the plugin...

All 404 Redirect to Homepage < 2.1 - Authenticated Stored Cross-Site Scripting (XSS)

The plugin v1.21 attempted to fix a Stored Cross-Site scripting issue in its "Redirect All 404 page to" settings, however the fix is insufficient, still allowing the issue to be triggered. This could allow high privilege users even with the unfilteredhtml disabled to use malicious payloads in it,...

Controlled Admin Access < 1.5.6 - Improper Access Control to Privilege Escalation

The plugin did not properly restrict access when checking user with limited access, allowing them to query pages they should not be able to, which could lead to privilege escalation by creating a new administrator with full, unrestricted access to the blog. Created a temporary admin account via t...

Email Verification for WooCommerce < 1.8.2 - Loose Comparison to Authentication Bypass

The plugin is affected by a loose comparison issue, which could allow any user to log in as administrator. An attacker can manipulate $GET'algwcevverifyemail' and set this payload: eyJpZCI6MSwiY29kZSI6MH0= Example: https://example.com/my-account/?algwcevverifyemail=eyJpZCI6MSwiY29kZSI6MH0= after...

Batch-Move Posts <= 1.5 - Broken Authentication leading to Unauthenticated Stored XSS

An attacker can add a Cross-Site Scripting XSS payload remotely without any authentication. The Payload gets triggered when an Admin visits the settings page of the plugin. Edit WPScanTeam: The plugin is still affected and has been closed. Vulnerable code is from lines 68 to 84. The code gets the...

CVE-2011-10013

creationtimestamp| type| source ---|---|--- 2018-05-29 15:50:33+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/traqpluginexec.rb 2025-10-23 21:12:56+00:00| seen| MISP/a9d21043-f825-4bac-8d2b-56fb9e8343e7...

Larry's Cabinet of Web Vulnerability Curiosities

One of my responsibilities as a member of the Akamai Security Intelligence Response Team SIRT is to research new web application vulnerabilities. For the last year, I have focused on Wordpress plugin vulnerabilities, and looking for any interesting code tidbits in my box of Wordpress toys. There...

Anti-Malware & Brute-Force Security by ELI <= 4.15.22 - Stored XSS

The Anti-Malware and Brute-Force Security by ELI has two issues which we will cover in this report. The first is that no nonce CSRF token is utilized on the settings screen. This could potentially result in resource utilization by performing a large number of scans simultaneously, should an...

WordPress Aspose Cloud eBook Generator File Download Vulnerability

WordPress Aspose Cloud eBook Generator plugin suffers from an arbitrary file download vulnerability. |||||||||||||||||||||||||||||||||||||||||||||||||| |-------------------------------------------------------------------------| | + Exploit Title:Wordpress Aspose-Cloud-eBook-Generator Plugin...

[Full-Disclosure] Gaim festival plugin exploit

It has come to my attention that people have actually used this example code for a gaim plugin: AIM::register"Festival TTS", "0.0.1", "goodbye", ""; AIM::print"Perl Says", "Loaded Festival TTS"; AIM::command"idle", "60000" if $pro ne "Offline"; AIM::addeventhandler"eventimrecv", "synthesize"; sub...