Lucene search
K
WpexploitMost viewed

4359 matches found

wpexploit
wpexploit
•added 2022/12/27 12:0 a.m.•565 views

WP Limit Login Attempts <= 2.6.4 - IP Spoofing

The plugin prioritizes getting a visitor's IP from certain HTTP headers over PHP's REMOTEADDR, which makes it possible to bypass IP-based restrictions on login forms. Set HTTPCLIENTIP or HTTPXFORWARDEDFOR as used in wplimitgetip to spoof the IP address and bypass the block...

7.5CVSS0.7AI score0.00703EPSS
Exploits2
wpexploit
wpexploit
•added 2021/10/11 12:0 a.m.•564 views

3D Print Lite < 1.9.1.6 - Reflected Cross-Site Scripting

Description The plugin does not sanitise and escape some user input before outputting it back in attributes, leading to Reflected Cross-Site Scripting issues https://example.com/wp-admin/admin.php?page=p3dlitematerials&materialtext="alert/XSS/...

6.5AI score
Exploits0
wpexploit
wpexploit
•added 2021/03/30 12:0 a.m.•564 views

Advanced Booking Calendar < 1.6.8 - Authenticated Reflected Cross-Site Scripting (XSS)

The plugin does not sanitise the license error message when output in the settings page, leading to an authenticated reflected Cross-Site Scripting issue https://plugins.trac.wordpress.org/browser/advanced-booking-calendar/tags/1.6.7/backend/settings.phpL550...

3.5CVSS0.5AI score0.0062EPSS
Exploits2References1
wpexploit
wpexploit
•added 2022/11/11 12:0 a.m.•563 views

PostmagThemes Demo < 1.0.8 - Admin+ Arbitrary File Upload

The plugin does not validate the imported file, allowing high-privilege users such as admin to upload arbitrary files such as PHP leading to RCE. 1. Go to Appearance » Import Demo Data » Manual demo files upload » Run "Choose a JSON file for customizer import" and import a PHP file. 2. Click Impo...

7.2CVSS7.1AI score0.01042EPSS
Exploits2
wpexploit
wpexploit
•added 2022/11/09 12:0 a.m.•563 views

WP CSV Exporter < 1.3.7 - Admin+ SQLi

The plugin does not properly sanitise and escape some parameters before using them in a SQL statement, allowing high privilege users such as admin to perform SQL injection attacks As an admin, go to Tools CSV Export, leave everything as default and click on Export POSTS CSV Intercept the request...

7.2CVSS0.8AI score0.0097EPSS
Exploits2
wpexploit
wpexploit
•added 2021/08/11 12:0 a.m.•563 views

FV Flowplayer Video Player < 7.5.3.727 - Reflected Cross-Site Scripting

The plugin does not escape or validate the playerid parameter before outputting back in the Stats page in the admin dashboard, leading to a Reflected Cross-Site Scripting issue which will be executed in the context of a logged in administrator...

2.1AI score
Exploits0
wpexploit
wpexploit
•added 2022/11/21 12:0 a.m.•562 views

Icegram Express < 5.5.1 - Subscriber+ SQLi

The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by any authenticated users, such as subscriber Open the below URL when logged in as a subscriber and notice the 5s delay...

8.8CVSS0.6AI score0.00742EPSS
Exploits1
wpexploit
wpexploit
•added 2021/10/20 12:0 a.m.•562 views

Forminator < 1.15.4 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitize and escape the email field label, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml is disallowed As an admin, create or edit a Forminator form, add an email field and put the following payload in the label...

4.8CVSS0.7AI score0.00598EPSS
Exploits2
wpexploit
wpexploit
•added 2021/08/03 12:0 a.m.•562 views

Availability Calendar < 1.2.2 - Authenticated Stored Cross-Site Scripting

The plugin does not sanitise or escape its Category Names before outputting them in page/post where the associated shortcode is embed, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml is disallowed Create a new category via the plugin...

4.8CVSS0.8AI score0.00598EPSS
Exploits2
wpexploit
wpexploit
•added 2021/10/06 12:0 a.m.•561 views

WP All Export < 1.3.1 - Admin+ Stored Cross-Site Scripting

The plugin does not escape its Export's Name before outputting it in Manage Exports settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed 1. Create a new export via "New Export" page. 2. Go to "Manage Exports...

4.8CVSS0.00598EPSS
Exploits2
wpexploit
wpexploit
•added 2021/08/09 12:0 a.m.•561 views

Site Reviews < 5.13.1 - Authenticated Stored XSS

The plugin does not sanitise some of its Review Details when adding a review as an admin, which could allow them to perform Cross-Site Scripting attacks when the unfilteredhtml is disallowed As an admin, create a review via the Admin dashboard /wp-admin/post-new.php?posttype=site-review and add t...

5.4CVSS0.5AI score0.00624EPSS
Exploits2
wpexploit
wpexploit
•added 2023/08/17 12:0 a.m.•560 views

tagDiv Composer < 4.2 - Unauthenticated Stored XSS

Description The plugin, used as a companion by the Newspaper and Newsmag themes from tagDiv, does not have authorisation in a REST route and does not validate as well as escape some parameters when outputting them back, which could allow unauthenticated users to perform Stored Cross-Site Scriptin...

6.1CVSS6.2AI score0.01595EPSS
Exploits2
wpexploit
wpexploit
•added 2022/11/28 12:0 a.m.•560 views

Wholesale Market for WooCommerce < 1.0.7 - Unauthenticated Arbitrary File Download

The plugin does not have authorisation check, as well as does not validate user input used to generate system path, allowing unauthenticated attackers to download arbitrary file from the server. Note: v1.0.7 added capability check, making the issue still exploitable by high privilege users such a...

7.5CVSS1AI score0.00857EPSS
Exploits2
wpexploit
wpexploit
•added 2022/01/31 12:0 a.m.•560 views

WP Visitor Statistics (Real Time Traffic) < 5.5 - Arbitrary IP Address Exclusion to Stored XSS

The plugin does not have authorisation and CSRF checks in the updateIpAddress AJAX action, allowing any authenticated user to call it, or make a logged in user do it via a CSRF attack and add an arbitrary IP address to exclude. Furthermore, due to the lack of validation, sanitisation and escaping...

5.4CVSS0.5AI score0.00516EPSS
Exploits2
wpexploit
wpexploit
•added 2021/06/21 12:0 a.m.•560 views

Salon Booking System < 6.3.1 - Unauthenticated Stored Cross-Site Scripting (XSS)

The plugin does not properly sanitise and escape the First Name field when booking an appointment, allowing low privilege users such as subscriber to set JavaScript in them, leading to a Stored Cross-Site Scripting XSS vulnerability. The Payload will then be triggered when an admin visits the...

6.1CVSS0.2AI score0.01242EPSS
Exploits2References1
wpexploit
wpexploit
•added 2022/12/28 12:0 a.m.•559 views

Optimize images ALT Text (alt tag) & names for SEO using AI < 2.0.8 - Settings Update via CSRF

The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged-in admin change them via a CSRF attack. Use the following form to abuse the CSRF vulnerability on the settings page: action layout textColor contentBackgroundColor starColor...

6.5CVSS0.3AI score0.00332EPSS
Exploits2
wpexploit
wpexploit
•added 2021/10/26 12:0 a.m.•559 views

About Author Box < 1.0.2 - Contributor+ Stored Cross-Site Scripting

The plugin does not sanitise and escape the Social Profiles field values before outputting them in attributes, which could allow user with a role as low as contributor to perform Cross-Site Scripting attacks. With a role as low as Contributor, put the following payloads in one of the Social Profi...

5.4CVSS0.2AI score0.00604EPSS
Exploits2
wpexploit
wpexploit
•added 2021/08/26 12:0 a.m.•559 views

PostX Gutenberg Blocks for Post Grid < 2.4.10 - Contributor+ Stored Cross-Site Scripting

The plugin allows users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks via the plugin's block. PoC can be entered with code editor the example below uses Taxonomy block; all blocks are vulnerable:...

5.4CVSS5.3AI score0.0053EPSS
Exploits1
wpexploit
wpexploit
•added 2021/08/26 12:0 a.m.•559 views

PostX Gutenberg Blocks Saved Templates Addon < 2.4.10 - Contributor+ Stored Cross-Site Scripting

The plugin, with Saved Templates Addon enabled, allows users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks via the plugin's shortcode. Create a page as any user with the following shortcode block: gutenbergpostblocks id='a"...

5.4CVSS0.8AI score0.00517EPSS
Exploits1
wpexploit
wpexploit
•added 2022/08/23 12:0 a.m.•558 views

Float to Top Button <= 2.3.6 - Admin+ Stored Cross-Site Scripting

The plugin does not escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup Put the following payload in the "Text for the button" or "URL ...

4.8CVSS4.8AI score0.00494EPSS
Exploits2
wpexploit
wpexploit
•added 2021/08/23 12:0 a.m.•558 views

OMGF < 4.5.4 - Subscriber+ Arbitrary File/Folder Deletion

The plugin does not enforce path validation, authorisation and CSRF checks in the omgfajaxemptydir AJAX action, which allows any authenticated users to delete arbitrary files or folders on the server. As an authenticated user, with a role as low as subscriber, viewing the admin the dashboard...

8.1CVSS1.1AI score0.00883EPSS
Exploits2
wpexploit
wpexploit
•added 2021/05/06 12:0 a.m.•558 views

PickPlugins Product Slider for WooCommerce < 1.13.22 - Reflected Cross-Site Scripting (XSS)

The slider import search feature of the plugin settings did not properly sanitised the keyword GET parameter, leading to reflected Cross-Site Scripting issue https://example.com/wp-admin/edit.php?posttype=wcps&page=importlayouts&keyword="onmouseover=alert1;//...

6.1CVSS1AI score0.10587EPSS
Exploits5
wpexploit
wpexploit
•added 2021/03/16 12:0 a.m.•558 views

SEO Redirection < 6.4 - Authenticated Reflected Cross-Site Scripting (XSS)

The setting page of the plugin is vulnerable to reflected Cross-Site Scripting XSS as user input is not properly sanitised before being output in an attribute. Timeline WPScanTeam January 29th, 2021 - Report received & Confirmed & Escalated to WordPress plugins Team who confirmed to have received...

3.5CVSS5.3AI score0.00632EPSS
Exploits2
wpexploit
wpexploit
•added 2021/09/06 12:0 a.m.•557 views

My Chatbot <= 1.1 - Reflected Cross-Site Scripting (XSS)

The plugin does not sanitise or escape its tab parameter in the Settings page before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting issue https://example.com/wp-admin/options-general.php?page=my-chatbot&tab=%22%3E%3Cscript%3Ealert%28%2FXSS%2F%29%3C%2Fscript%3E...

1AI score
Exploits0
wpexploit
wpexploit
•added 2022/07/26 12:0 a.m.•556 views

WP Coder < 2.5.3 - Code Deletion via CSRF

The plugin does not have CSRF check in place when deleting code created by the plugin, which could allow attackers to make a logged in admin delete arbitrary ones via a CSRF attack https://example.com/wp-admin/admin.php?page=wp-coder&info=del&did=1...

6.5CVSS4AI score0.00363EPSS
Exploits2
wpexploit
wpexploit
•added 2021/08/09 12:0 a.m.•556 views

SliceWP < 1.0.46 - Reflected Cross-Site Scripting (XSS)

The plugin does not escape the converted parameter before outputting it back in an attribute in an admin page, leading to a Reflected Cross-Site Scripting issue https://example.com/wp-admin/admin.php?page=slicewp-visits&converted="alert/XSS/...

0.7AI score
Exploits0
wpexploit
wpexploit
•added 2021/06/16 12:0 a.m.•556 views

WP Reset < 1.90 - Authenticated Stored XSS

The plugin did not sanitise or escape its extradata parameter when creating a snapshot via the admin dashboard, leading to an authenticated Stored Cross-Site Scripting issue PoC | Authenticated Persistent XSS | Enter snapshot name or brief description:...

5.4CVSS0.7AI score0.00629EPSS
Exploits2References1
wpexploit
wpexploit
•added 2022/03/21 12:0 a.m.•555 views

Salon booking system < 7.6.3 - Unauthenticated Sensitive Data Disclosure

The plugin does not have proper authorisation when searching bookings, allowing any unauthenticated users to search other's booking, as well as retrieve sensitive information about the bookings, such as the full name, email and phone number of the person who booked it. Although the API only retur...

5.3CVSS0.2AI score0.01146EPSS
Exploits2
wpexploit
wpexploit
•added 2021/11/08 12:0 a.m.•555 views

Email Log < 2.4.8 - Reflected Cross-Site Scripting

The plugin does not escape the d parameter before outputting it back in an attribute in the Log page, leading to a Reflected Cross-Site Scripting issue https://example.com/wp-admin/admin.php?page=email-log&d="+style=animation-name:rotation+onanimationstart=alert/XSS///...

6.1CVSS5.9AI score0.008EPSS
Exploits2
wpexploit
wpexploit
•added 2021/08/09 12:0 a.m.•555 views

Form Builder < 1.9.8.4 - Authenticated Stored Cross-Site Scripting

The plugin does not sanitise or escape its Form Title, allowing high privilege users such as admin to set Cross-Site Scripting payload in them, even when the unfilteredhtml capability is disallowed Create a new Form via the plugin, go to Form Settings then add the following payload in the Title...

5.4CVSS0.1AI score0.00624EPSS
Exploits2
wpexploit
wpexploit
•added 2021/07/27 12:0 a.m.•555 views

uListing < 2.0.6 - Modify User Roles via CSRF

An Add/Edit User Roles via CSRF vulnerability was discovered in the plugin. Missing WPNonce security tokens https://codex.wordpress.org/WordPressNonces . PoC | CSRF | Add/Edit User Roles: POST /wp-admin/admin-ajax.php HTTP/2 Host: example.com Cookie: cookies User-Agent: Mozilla/5.0 Content-Type:...

4.3CVSS0.4AI score0.00428EPSS
Exploits1
wpexploit
wpexploit
•added 2023/01/12 12:0 a.m.•554 views

Easy Digital Downloads 3.1.0.2 & 3.1.0.3 - Unauthenticated SQLi

The plugin does not properly sanitise and escape the s parameter before using it in a SQL statement via the edddownloadsearch AJAX action , leading to a SQL injection exploitable by unauthenticated users curl...

9.8CVSS2.5AI score0.11172EPSS
Exploits2References1
wpexploit
wpexploit
•added 2021/11/01 12:0 a.m.•554 views

Stylish Cost Calculator < 7.04 - Subscriber+ Unauthorised AJAX Calls to Stored XSS

The plugin does not have any authorisation and CSRF checks on some of its AJAX actions available to authenticated users, which could allow any authenticated users, such as subscriber to call them, and perform Stored Cross-Site Scripting attacks against logged in admin, as well as frontend users d...

5.4CVSS5.2AI score0.00307EPSS
Exploits2
wpexploit
wpexploit
•added 2021/10/25 12:0 a.m.•554 views

Slideshow Gallery < 1.7.4 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape the Slide "Title", "Description", and Gallery "Title" fields, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml is disallowed Create/edit a Slide /wp-admin/admin.php?page=slideshow-slides and put the...

4.8CVSS0.4AI score0.00598EPSS
Exploits2
wpexploit
wpexploit
•added 2021/10/04 12:0 a.m.•554 views

BP Better Messages < 1.9.9.41 - Reflected Cross-Site Scripting

The plugin sanitise with sanitizetextfield but does not escape the 'subject' parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting issue https://example.com/chat-rooms/?subject=asd%22%20%22%20onmouseover=javascript:alert1;%20test=%22&new-message=asd...

6.1CVSS0.9AI score0.00912EPSS
Exploits2References1
wpexploit
wpexploit
•added 2021/09/13 12:0 a.m.•554 views

Coming Soon and Maintenance Mode < 3.5.3 - Authenticated Stored XSS

The plugin does not properly sanitize inputs submitted by authenticated users when setting adding or modifying coming soon or maintenance mode pages, leading to stored XSS. Open the Coming Soon plugin's settings Coming Soon - Coming Soon Click on the "Title" section Inject XSS payload into the...

5.4CVSS0.3AI score0.006EPSS
Exploits2
wpexploit
wpexploit
•added 2021/09/06 12:0 a.m.•554 views

CM Tooltip Glossary < 3.9.21 - Contributor+ Stored Cross-Site Scripting

The plugin does not escape some glossarytooltip shortcode attributes, which could allow users a role as low as Contributor to perform Stored Cross-Site Scripting attacks glossarytooltip dashicon='" style="animation-name:twentytwentyone-close-button-transition"...

5.4CVSS1.9AI score0.00604EPSS
Exploits2
wpexploit
wpexploit
•added 2021/08/17 12:0 a.m.•554 views

MF Gig Calendar <= 1.1 - Reflected Cross-Site Scripting (XSS)

The plugin does not sanitise or escape the id GET parameter before outputting back in the admin dashboard when editing an Event, leading to a reflected Cross-Site Scripting issue...

6.1CVSS0.9AI score0.0231EPSS
Exploits1
wpexploit
wpexploit
•added 2021/08/02 12:0 a.m.•554 views

Email Encoder < 2.1.2 - Reflected Cross Site Scripting

The plugin has an endpoint that requires no authentication and will render a user supplied value in the HTML response without escaping or sanitizing the data. The vulnerable function is nonce protected, the nonce can be found in the site's HTML source by searching for the javascript variable...

6.1CVSS0.3AI score0.00855EPSS
Exploits2
wpexploit
wpexploit
•added 2021/09/22 12:0 a.m.•553 views

Easy Media Download < 1.1.7 - Contributor+ Stored Cross-Site Scripting

The plugin does not escape the text argument of its shortcode, which could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks. Affected argument: url, text, target, rel and class easymediadownload url="/" text='" onerror="alert/XSS///http' easymediadownlo...

5.4CVSS1.1AI score0.00604EPSS
Exploits2
wpexploit
wpexploit
•added 2021/08/24 12:0 a.m.•553 views

Contact Form Entries < 1.2.1 - Reflected Cross-Site Scripting

The plugin does not escape some of its filters before outputting them back in the admin dashboard, leading to Reflected Cross-Site Scripting issues https://example.com/wp-admin/admin.php?page=vxcfleads&tab=entries&startdate="alert/XSS-startdate/&enddate="alert/XSS-enddate/...

0.8AI score
Exploits0
wpexploit
wpexploit
•added 2020/12/04 12:0 a.m.•553 views

Themify Portfolio Post < 1.1.6 - Authenticated Stored Cross-Site Scripting

Stored Cross-Site Scripting vulnerabilities in Themify Portfolio Post 3. Publish/Send for review and visit created post/preview as editor/admin to trigger XSS...

5.6AI score0.00658EPSS
Exploits2References1
wpexploit
wpexploit
•added 2022/07/11 12:0 a.m.•552 views

GiveWP < 2.21.3 - Admin+ Stored Cross-Site Scripting

The plugin does not properly sanitise and escape the currency settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfilteredhtml capability is disallowed for example in multisite setup Get a REST nonce logged in as admin:...

4.8CVSS0.00493EPSS
Exploits2
wpexploit
wpexploit
•added 2022/02/23 12:0 a.m.•552 views

WooCommerce < 6.2.1 - Subscriber+ Arbitrary Comment Deletion

The plugin does not have proper authorisation check when deleting reviews, which could allow any authenticated users, such as subscriber to delete arbitrary comment Log in as any user with privileges as low as Subscriber...

0.3AI score0.00675EPSS
Exploits2References2
wpexploit
wpexploit
•added 2021/10/18 12:0 a.m.•552 views

Helpful < 4.4.59 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed Put the following payload in the System Miscellaneous Custom Timezone setting of the plugin: " The XSS...

4.8CVSS4.7AI score0.00733EPSS
Exploits2References1
wpexploit
wpexploit
•added 2021/08/18 12:0 a.m.•553 views

Jock on air now < 5.6.2 - Arbitrary Plugin's Settings Update via CSRF

The plugin does not have CSRF check in place when saving its settings, allowing attackers to make logged in admin change them to arbitrary values via a CSRF attack...

1AI score
Exploits0
wpexploit
wpexploit
•added 2021/08/10 12:0 a.m.•552 views

Daily Prayer Time < 2021.08.10 - Authenticated Stored XSS

The plugin does not sanitise or escape some of its settings before outputting them in the page, leading to Authenticated Stored Cross-Site Scripting issues. Put the following payload in the Fajr, Sunrise, Zuhr, Asr, Maghrib and/or Isha field of the Language settings of the plugin...

5.4CVSS5.3AI score0.006EPSS
Exploits2
wpexploit
wpexploit
•added 2021/05/17 12:0 a.m.•552 views

Smooth Scroll Page Up/Down Buttons < 1.4 - Authenticated Stored XSS

The plugin did not properly sanitise and validate its settings, such as psbdistance, psbbuttonsize, psbspeed, only validating them client side. This could allow high privilege users such as admin to set XSS payloads in them -- Payloads: $ " autofocus=autofocus onfocus=alertdocument.cookie; " $ "...

4.8CVSS0.4AI score0.00652EPSS
Exploits2References1
wpexploit
wpexploit
•added 2021/11/01 12:0 a.m.•551 views

GenerateBlocks < 1.4.0 - Contributor+ Stored Cross-Site Scripting

The plugin does not validate the generateblocks/container block's tagName attribute, which could allow users with a role as low as contributor to perform Cross-Site Scripting attacks. Add the following code in a post/page while in code editor mode with an Contributor account: Then view/preview th...

5.4CVSS5.3AI score0.00604EPSS
Exploits2
wpexploit
wpexploit
•added 2021/07/27 12:0 a.m.•551 views

uListing < 2.0.6 - Reflected Cross-Site Scripting

An Authenticated Reflected XSS vulnerability was discovered in the plugin. Vulnerable parameters: id, user, expireddate, createddate, updateddate. WPNonce is present in the original requests, but doesn't pass the correct check, as a result of which it doesn't work. PoC 1 | Authenticated Reflected...

3.5CVSS1.1AI score0.00749EPSS
Exploits1
Total number of security vulnerabilities4359