Lucene search
K
WpexploitRecent

4359 matches found

wpexploit
wpexploit
added 2026/01/08 12:0 a.m.131 views

Notification Bar for WordPress <= 1.1.8 – Unauthenticated Subscriber Data Disclosure

Description The plugin exposes an unauthenticated CSV export script that discloses all stored subscriber emails. https://example.com/wp-content/plugins/8-degree-notification-bar/inc/backend/blocks/export-csv.php...

5.4AI score
Exploits1
wpexploit
wpexploit
added 2025/02/11 12:0 a.m.301 views

360 Product Rotation <= 1.5.8 - Reflected XSS

Description The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against only unauthenticated users. http://example.com/wp-content/plugins/360-product-rotation/includes/iframe.php?licenseid=1"ale...

6.3AI score0.00301EPSS
Exploits2
wpexploit
wpexploit
added 2024/11/15 12:0 a.m.156 views

3DPrint Lite < 2.1 - Settings Update via CSRF

Description The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack. Have a logged in admin open an HTML page containing the following form: input type="hidden" name="p3dlitesettingscanvaswidth"...

4.3CVSS6.8AI score0.00193EPSS
Exploits2
wpexploit
wpexploit
added 2024/06/25 12:0 a.m.1398 views

WordPress < 6.5.5 - Contributor+ Stored XSS in Template-Part Block

Description WordPress does not properly escape the "tagName" attribute in the "Template Part block" allowing high-privileged users to perform Stored Cross-Site Scripting XSS attacks. As a contributor, add a "Template Part" block to a post, click on "Start Blank" and then Create. Go into Editor mo...

6AI score
Exploits0References1
wpexploit
wpexploit
added 2024/06/24 12:0 a.m.550 views

WooCommerce 8.8.0 - 8.9.2 - Reflected XSS

Description The plugin is vulnerable to Reflected Cross-Site Scripting due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an...

5.4CVSS5.4AI score0.00483EPSS
Exploits1References1
wpexploit
wpexploit
added 2024/06/12 12:0 a.m.147 views

Himer - Social Questions and Answers < 2.1.1 - Contributor+ Stored XSS

Description The theme does not sanitise and escape some of its Post settings, which could allow high privilege users such as Contributor to perform Stored Cross-Site Scripting attacks The PoC will be displayed on June 26, 2024, to give users the time to update...

5.8AI score0.00335EPSS
Exploits2
wpexploit
wpexploit
added 2024/06/12 12:0 a.m.144 views

Himer - Social Questions and Answers < 2.1.1 - Multiple CSRF on the Group Section

Description The theme does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks. These include declining and accepting group invitations or leaving a group The PoC will be displayed on June 26, 2024, to give users the...

6.8AI score0.00193EPSS
Exploits2
wpexploit
wpexploit
added 2024/06/12 12:0 a.m.144 views

Himer - Social Questions and Answers < 2.1.1 - Arbitrary Group Joining via CSRF

Description The theme does not have CSRF checks in some places, which could allow attackers to make users join private groups via a CSRF attack The PoC will be displayed on June 26, 2024, to give users the time to update...

6.7AI score0.00193EPSS
Exploits2
wpexploit
wpexploit
added 2024/06/12 12:0 a.m.138 views

WPQA < 6.1.1 - Contributor+ Stored XSS

Description The plugin does not sanitise and escape some of its Slider settings, which could allow high privilege users such as contributor to perform Stored Cross-Site Scripting attacks The PoC will be displayed on June 26, 2024, to give users the time to update...

5.8AI score0.00329EPSS
Exploits2
wpexploit
wpexploit
added 2024/06/12 12:0 a.m.128 views

Himer - Social Questions and Answers < 2.1.1 - Bypass Poll Voting Restrictions via CSRF

Description The theme does not have CSRF checks in some places, which could allow attackers to make users vote on any polls, including those they don't have access to via a CSRF attack The PoC will be displayed on June 26, 2024, to give users the time to update...

6.7AI score0.00193EPSS
Exploits2
wpexploit
wpexploit
added 2024/06/12 12:0 a.m.138 views

Himer - Social Questions and Answers < 2.1.1 - Subscriber+ Private Group Joining via IDOR

Description The plugin allows any authenticated user to join a private group due to a missing authorization check on a function The PoC will be displayed on June 26, 2024, to give users the time to update...

6.5AI score0.00374EPSS
Exploits1
wpexploit
wpexploit
added 2024/06/12 12:0 a.m.140 views

WPQA < 6.1.1 - Arbitrary Category and Tag Follow/Unfollow via CSRF

Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks The PoC will be displayed on June 26, 2024, to give users the time to update...

6.8AI score0.00372EPSS
Exploits2
wpexploit
wpexploit
added 2024/06/11 12:0 a.m.131 views

Sitetweet <= 0.2 - Stored XSS via CSRF

Description The plugin does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack The PoC will be displayed on June 25, 2024, to give users the time to update...

5.9AI score0.00345EPSS
Exploits2
wpexploit
wpexploit
added 2024/06/11 12:0 a.m.191 views

Rank Math SEO < 1.0.219 - Authenticated Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow users with access to the General Settings by default admin, however such access can be given to lower roles via the Role Manager feature of the plugin to perform Stored Cross-Site Scripting attacks even wh...

5.8AI score0.00391EPSS
Exploits2
wpexploit
wpexploit
added 2024/06/11 12:0 a.m.149 views

EazyDocs < 2.5.0 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup The PoC will be displayed on June 25,...

6AI score0.00397EPSS
Exploits2
wpexploit
wpexploit
added 2024/06/10 12:0 a.m.169 views

Quiz And Survey Master < 9.0.2 - Contributor+ SQLi

Description The plugin is vulnerable does not validate and escape the questionid parameter in the qsmbulkdeletequestionfromdatabase AJAX action, leading to a SQL injection exploitable by Contributors and above role 1 You will need a valid nonce for deletion of quiz questions. 2 Sign in as a...

8.1AI score0.00591EPSS
Exploits2References1
wpexploit
wpexploit
added 2024/06/10 12:0 a.m.163 views

Quiz And Survey Master < 9.0.2 - Contributor+ Stored XSS

Description The plugin does not validate and escape some of its Quiz fields before outputting them back in a page/post where the Quiz is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks 1. Go to to Quizzes & Surveys 2. Add/edit a...

5.9AI score0.00351EPSS
Exploits2References1
wpexploit
wpexploit
added 2024/06/07 12:0 a.m.146 views

Simple Photoswipe <= 0.1 - Subscriber+ Arbitrary Settings Update

Description The plugin does not have authorisation check when updating its settings, which could allow any authenticated users, such as subscriber to update them history.pushState'', '', '/'; document.forms0.submit; the response of the request above is 403, but the settings update still happens...

6.6AI score0.00547EPSS
Exploits2
wpexploit
wpexploit
added 2024/06/07 12:0 a.m.142 views

Animated AL List <= 1.0.6 - Reflected XSS

Description The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin 1. Add a new project 2. Access the URL...

6AI score0.00475EPSS
Exploits2
wpexploit
wpexploit
added 2024/06/07 12:0 a.m.361 views

Pagerank Tools <= 1.1.5 - Reflected XSS

Description The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin https://example.com/wp-admin/tools.php?page=pagepageranks&url="alert333...

8.7AI score0.00395EPSS
Exploits4
wpexploit
wpexploit
added 2024/06/07 12:0 a.m.129 views

Simple AL Slider <= 1.2.10 - Reflected XSS

Description The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin 1. Add a new project 2. As an admin, access the URL:...

6AI score0.00475EPSS
Exploits4
wpexploit
wpexploit
added 2024/06/07 12:0 a.m.133 views

Widget4Call <= 1.0.7 - Reflected XSS

Description The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin Make an admin open the URL:...

6AI score0.00555EPSS
Exploits2
wpexploit
wpexploit
added 2024/06/06 12:0 a.m.201 views

H5P < 1.15.8 - Contributor+ Stored XSS

Description The plugin does not validate uploads which could allow a Contributors and above to update malicious SVG files, leading to Stored Cross-Site Scripting issues 1. Upload an H5P archive containing a malicious SVG file w/an XSS 2. Example:...

6AI score0.00315EPSS
Exploits2
wpexploit
wpexploit
added 2024/06/06 12:0 a.m.234 views

Kadence Blocks Pro < 2.3.8 - Contributor+ Arbitrary Option Access

Description The plugin does not prevent users with at least the contributor role using some of its shortcode's functionalities to leak arbitrary options from the database. 1. ADMIN: Install Kadence Blocks Pro 2. CONTRIBUTOR: Add shortcode to any post and specify/guess the option name and save 3...

6.8AI score0.00423EPSS
Exploits2
wpexploit
wpexploit
added 2024/06/06 12:0 a.m.130 views

WP Chat App < 3.6.5 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admins to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed. 1. Navigate to http://vulnerable-site.tld/wp-admin/admin.php?page=ntawhatsappfloatingwidg...

6AI score0.00373EPSS
Exploits2
wpexploit
wpexploit
added 2024/06/05 12:0 a.m.135 views

Spotify Play Button <= 1.0 - Contributor+ Stored XSS

Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. spotify-play...

5.9AI score0.00356EPSS
Exploits2
wpexploit
wpexploit
added 2024/06/05 12:0 a.m.170 views

Muslim Prayer Time BD <= 2.4 - Settings Reset via CSRF

Description The plugin does not have CSRF check in place when reseting its settings, which could allow attackers to make a logged in admin reset them via a CSRF attack Make a logged in admin open an HTML file containing:...

6.7AI score0.00264EPSS
Exploits2
wpexploit
wpexploit
added 2024/06/05 12:0 a.m.149 views

WebP & SVG Support <= 1.4.0 - Author+ Stored XSS via SVG

Description The plugin does not sanitise uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads. Upload an SVG with the following markup: alert"XSS"; Load the SVG and see the XSS. Code reference:...

6.2AI score0.00331EPSS
Exploits2
wpexploit
wpexploit
added 2024/06/05 12:0 a.m.164 views

Simple Photoswipe <= 0.1 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. 1 As admin, go to plugin settings...

5.7AI score0.00281EPSS
Exploits2
wpexploit
wpexploit
added 2024/06/05 12:0 a.m.126 views

Frontend Checklist <= 2.3.2 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup 1. Go to frontend-checklist admin...

5.7AI score0.00329EPSS
Exploits2
wpexploit
wpexploit
added 2024/06/05 12:0 a.m.160 views

Bookster <= 1.1.0 - Unauthenticated Appointment Status Update

Description The plugin allows adding sensitive parameters when validating appointments allowing attackers to manipulate the data sent when booking an appointment the request body to change its status from pending to approved. 1. Open the Wordpress where the plugin is installed with default...

6.6AI score0.004EPSS
Exploits2
wpexploit
wpexploit
added 2024/06/05 12:0 a.m.145 views

Video Widget <= 1.2.3 - Admin+ Stored XSS via Widget

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup 1. Add a "Video Widget" to a widget ar...

5.7AI score0.00399EPSS
Exploits2
wpexploit
wpexploit
added 2024/06/05 12:0 a.m.141 views

Frontend Checklist <= 2.3.2 - Admin+ Stored XSS via Items

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup 1. Add a checklist and for an item,...

5.7AI score0.0033EPSS
Exploits2
wpexploit
wpexploit
added 2024/06/05 12:0 a.m.303 views

Contact Form 7 < 5.9.5 - Unauthenticated Open Redirect

Description The plugin has an open redirect that allows an attacker to utilize a false URL and redirect to the URL of their choosing. 1. Add a form to a footer widget area 2. Disable JavaScript 3. Access the URL: https://example.com/%0a/google.com 4. Fill out the form and submit 5. The browser wi...

6.6AI score0.00449EPSS
Exploits2
wpexploit
wpexploit
added 2024/06/05 12:0 a.m.142 views

Easy Table of Contents < 2.0.66 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as editors to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed You should create new post with two more heading. Go to the settings of the plugin and...

5.9AI score0.00329EPSS
Exploits2References1
wpexploit
wpexploit
added 2024/06/04 12:0 a.m.138 views

Logo Manager For Enamad <= 0.7.0 - Stored XSS via CSRF

Description The plugin does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack Make a logged in admin open an HTML file containing: alert/XSS: enamad-code/" alert/XSS:...

5.9AI score0.00464EPSS
Exploits2
wpexploit
wpexploit
added 2024/06/04 12:0 a.m.180 views

Email Subscribers by Icegram Express < 5.7.21 - Unauthenticated SQL Injection via hash

Description The Email Subscribers by Icegram Express plugin for WordPress is vulnerable to SQL Injection via the ‘hash’ parameter in all versions up to, and including, 5.7.20 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query...

9.8CVSS9.7AI score0.10161EPSS
Exploits1References1
wpexploit
wpexploit
added 2024/06/04 12:0 a.m.140 views

Mime Types Extended <= 0.11 - Author+ Stored XSS via SVG Upload

Description The plugin does not sanitise uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads. 1. As an admin, enable SVG uploads at https://example.com/wp-admin/options-general.php?page=mime-types-extended 2. As an author,...

6.1AI score0.0035EPSS
Exploits2
wpexploit
wpexploit
added 2024/06/03 12:0 a.m.138 views

SEOPress < 7.8 - Contributor+ Open Redirect

Description The plugin does not validate and escape one of its Post settings, which could allow contributor and above role to perform Open redirect attacks against any user viewing a malicious post As a contributor, create a new Post, at the bottom of the page put the following payload in the...

6.6AI score0.00329EPSS
Exploits2References1
wpexploit
wpexploit
added 2024/06/03 12:0 a.m.167 views

SEOPress < 7.8 - Contributor+ Stored XSS

Description The plugin does not sanitise and escape some of its Post settings, which could allow high privilege users such as contributor to perform Stored Cross-Site Scripting attacks. As a contributor, create a new Post, at the bottom of the page put the following payload in the "SEO Title" fie...

5.7AI score0.00337EPSS
Exploits2References1
wpexploit
wpexploit
added 2024/05/31 12:0 a.m.156 views

PayPal Pay Now, Buy Now, Donation and Cart Buttons Shortcode <= 1.7 - Contributor+ Stored XSS

Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks paypalbutton type="addtocart"...

5.8AI score0.00315EPSS
Exploits2
wpexploit
wpexploit
added 2024/05/31 12:0 a.m.124 views

WP Logs Book <= 1.0.1 - Log Clearing via CSRF

Description The plugin does not have CSRF check when clearing logs, which could allow attackers to make a logged in admin clear the logs them via a CSRF attack Make an admin open an HTML file containing: Note: The 404 Error Logs can also be cleared by modifying the PoC...

6.6AI score0.00183EPSS
Exploits2
wpexploit
wpexploit
added 2024/05/31 12:0 a.m.153 views

Google CSE <= 1.0.7 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup 1. Go to...

5.6AI score0.00255EPSS
Exploits2
wpexploit
wpexploit
added 2024/05/31 12:0 a.m.149 views

WP Logs Book <= 1.0.1 - Unauthenticated Stored XSS

Description The plugin does not sanitise and escape some of its log data before outputting them back in an admin dashboard, leading to an Unauthenticated Stored Cross-Site Scripting 1. On the login page, enter any username and for the password enter alert1 2. As an admin, view the logs at:...

6.2AI score0.00307EPSS
Exploits2
wpexploit
wpexploit
added 2024/05/31 12:0 a.m.165 views

Widget Bundle <= 2.0.0 - Unauthencated Reflected XSS

Description The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against only unauthenticated users On a site with the User Login/Registration widget active, have an unauthenticated user send a...

6.2AI score0.00408EPSS
Exploits2
wpexploit
wpexploit
added 2024/05/31 12:0 a.m.193 views

PayPal Pay Now, Buy Now, Donation and Cart Buttons Shortcode <= 1.7 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup 1. Go to...

5.6AI score0.00319EPSS
Exploits2
wpexploit
wpexploit
added 2024/05/31 12:0 a.m.129 views

Widget Bundle <= 2.0.0 - Widget Disable/Enable via CSRF

Description The plugin does not have CSRF checks when logging Widgets, which could allow attackers to make logged in admin enable/disable widgets via a CSRF attack This PoC disables the User Registration widget. To do so, make a logged in admin open an HTML file containing:...

6.6AI score0.00199EPSS
Exploits2
wpexploit
wpexploit
added 2024/05/31 12:0 a.m.154 views

DOP Shortcodes <= 1.2 - Contributor+ Stored XSS via Shortcode

Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks Add the following shortcode to a...

5.8AI score0.00315EPSS
Exploits2
wpexploit
wpexploit
added 2024/05/31 12:0 a.m.120 views

CB (legacy) <= 0.9.4.18 - Code/Timeframe/Booking Deletion via CSRF

Description The plugin does not have CSRF checks in some bulk actions, which could allow attackers to make logged in admins perform unwanted actions, such as deleting codes, timeframes, and bookings via CSRF attacks Codes:...

6.7AI score0.00209EPSS
Exploits2
wpexploit
wpexploit
added 2024/05/31 12:0 a.m.161 views

CSSable Countdown <= 1.5 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup 1. Go to...

5.6AI score0.00354EPSS
Exploits2
Total number of security vulnerabilities4359