Lucene search
K
WpexploitMost viewed

4359 matches found

wpexploit
wpexploit
•added 2024/06/24 12:0 a.m.•550 views

WooCommerce 8.8.0 - 8.9.2 - Reflected XSS

Description The plugin is vulnerable to Reflected Cross-Site Scripting due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an...

5.4CVSS5.4AI score0.00483EPSS
Exploits1References1
wpexploit
wpexploit
•added 2021/11/01 12:0 a.m.•550 views

GenerateBlocks < 1.4.0 - Contributor+ Stored Cross-Site Scripting

The plugin does not validate the generateblocks/container block's tagName attribute, which could allow users with a role as low as contributor to perform Cross-Site Scripting attacks. Add the following code in a post/page while in code editor mode with an Contributor account: Then view/preview th...

5.4CVSS5.3AI score0.00604EPSS
Exploits2
wpexploit
wpexploit
•added 2021/10/19 12:0 a.m.•550 views

Images to WebP < 1.9 - Multiple Cross Site Request Forgery (CSRF)

The plugin does not have CSRF checks in place when performing some administrative actions, which could result in modification of plugin settings, Denial-of-Service, as well as arbitrary image conversion The PoC varies based on the endpoint targeted. Here is one example that will modify the...

8.1CVSS0.3AI score0.00519EPSS
Exploits2
wpexploit
wpexploit
•added 2021/07/15 12:0 a.m.•550 views

Form Maker < 1.13.60 - Authenticated Stored XSS

The plugin does not escape its Form Title before outputting it in an attribute when editing a form in the admin dashboard, leading to an authenticated Stored Cross-Site Scripting issue Create or edit a form and add the following payload in the Form Title field "autofocus onmouseover=alert/XSS///...

3.5CVSS0.3AI score0.01091EPSS
Exploits2
wpexploit
wpexploit
•added 2021/06/21 12:0 a.m.•550 views

Prismatic < 2.8 - Contributor+ Stored XSS

The plugin does not sanitise or validate some of its shortcode parameters, allowing users with a role as low as Contributor to set Cross-Site payload in them. A post made by a contributor would still have to be approved by an admin to have the XSS trigger able in the frontend, however, higher...

5.4CVSS0.3AI score0.00624EPSS
Exploits2
wpexploit
wpexploit
•added 2021/08/16 12:0 a.m.•549 views

Amazon Auto Links < 4.6.20 - Reflected Cross-Site Scripting

The plugin does not escape some parameters before outputting them back in attributes in an admin page, leading to Reflected Cross-Site Scripting issues alert/XSS-page/' / alert/XSS-tab/' /...

0.5AI score
Exploits0
wpexploit
wpexploit
•added 2021/08/10 12:0 a.m.•549 views

Custom Post View Generator <= 0.4.6 - Reflected Cross-Site Scripting

The createpostpage AJAX action of the plugin available to authenticated user does not sanitise or escape user input before outputting it back in the response, leading to a Reflected Cross-Site issue '...

3.5CVSS0.3AI score0.006EPSS
Exploits2
wpexploit
wpexploit
•added 2021/07/29 12:0 a.m.•549 views

Alojapro Widget < 1.1.16 - Authenticated Stored Cross-Site Scripting (XSS)

The plugin doesn't properly sanitise its Custom CSS settings, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed Put the following code in the Custom CSS settings of the plugin setTimeout"alert'1'",3000...

3.5CVSS0.5AI score0.00598EPSS
Exploits2
wpexploit
wpexploit
•added 2021/06/03 12:0 a.m.•549 views

Quiz And Survey Master < 7.1.19 - Unauthenticated Stored Cross-Site Scripting (XSS)

When the "Disable collecting and storing IP addresses?" setting is not used, the plugin retrieves the IP address of the submitting user via various methods, such as $SERVER'REMOTEADDR' but also arbitrary headers which can be tampered with. The final IP is not sanitised or validated, before being...

5.9AI score
Exploits0References1
wpexploit
wpexploit
•added 2021/03/31 12:0 a.m.•549 views

Realteo < 1.2.4 - Arbitrary Property Deletion via IDOR

The plugin, used by the Findeo Theme, did not ensure that the requested property to be deleted belong to the user making the request, allowing any authenticated users to delete arbitrary properties by tampering with the propertyid parameter. GET...

4CVSS2.8AI score0.01114EPSS
Exploits2References3
wpexploit
wpexploit
•added 2021/10/18 12:0 a.m.•548 views

Active Directory Integration / LDAP Integration < 3.6.95 - Reflected Cross-Site Scripting

The plugin does not escape the testusername parameter before outputting it back in the settings page, leading to a Reflected Cross-Site Scripting issue alert/XSS/' /...

0.8AI score
Exploits0
wpexploit
wpexploit
•added 2021/09/28 12:0 a.m.•548 views

Flat Preloader < 1.5.5 - Admin+ Stored Cross-Site Scripting

The plugin does not escape some of its settings when outputting them in attribute in the frontend, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml is disallowed Put the following payload in the "Alt text" setting of the plugin, then view...

4.8CVSS0.6AI score0.00622EPSS
Exploits2
wpexploit
wpexploit
•added 2021/07/27 12:0 a.m.•548 views

uListing < 2.0.6 - Settings Update via CSRF

A Settings Update via CSRF vulnerability was discovered in the plugin. Missing WPNonce security tokens https://codex.wordpress.org/WordPressNonces . PoC 1 | CSRF | Main Settings Update: POST /wp-admin/admin-ajax.php HTTP/2 Host: example.com Cookie: admin cookies User-Agent: Mozilla/5.0...

4.3CVSS0.6AI score0.00423EPSS
Exploits1
wpexploit
wpexploit
•added 2021/07/21 12:0 a.m.•548 views

Charitable – Donation Plugin < 1.6.51 - Authenticated Stored Cross-Site Scripting (XSS)

The plugin is affected by an authenticated stored cross-site scripting vulnerability which was found in the add donation feature. 1. Go to /wp-admin/edit.php?posttype=donation 2. Add new donation 3. In the first or last name forms, add the XSS payload 4. Save and the XSS payload will be executed...

3.5CVSS0.7AI score0.00576EPSS
Exploits1References1
wpexploit
wpexploit
•added 2021/06/21 12:0 a.m.•548 views

Browser Screenshots < 1.7.6 - Contributor+ Stored XSS

The plugin allowed authenticated users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks as the imageclass parameter of the browser-shot shortcode was not escaped. Add the following shortcode in a page, then view the page either published or as preview to trigger th...

5.4CVSS0.3AI score0.0062EPSS
Exploits2
wpexploit
wpexploit
•added 2022/12/12 12:0 a.m.•547 views

Wholesale Market < 2.2.1 - Unauthenticated Arbitrary File Download

The plugin does not have authorisation check, as well as does not validate user input used to generate system path, allowing unauthenticated attackers to download arbitrary file from the server. 1. Install woocommerce dependency, no setup required 2. Install the vulnerable plugin wholesale-market...

9.8CVSS1AI score0.01833EPSS
Exploits2
wpexploit
wpexploit
•added 2022/11/08 12:0 a.m.•547 views

Theme-Demo-Importer < 1.1.1 - Admin+ Arbitrary File Upload

The plugin does not validate the imported file, allowing high-privilege users such as admin to upload arbitrary files such as PHP even when FILEMODS and FILEEDIT are disallowed. 1. Navigate to: Appearance Import Demo Content Theme Demo Importer Manually upload the demo files 2. Use the XML file...

0.2AI score0.012EPSS
Exploits2
wpexploit
wpexploit
•added 2021/11/01 12:0 a.m.•547 views

Check & Log Email < 1.0.4 - Reflected Cross-Site Scripting

The plugin does not escape the d parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting With the "Enable Logs" setting activated: https://example.com/wp-admin/admin.php?page=check-email-logs&d="+style=animation-name:rotation+onanimationstart=alert/XSS///...

6.1CVSS6.2AI score0.00757EPSS
Exploits2
wpexploit
wpexploit
•added 2021/10/25 12:0 a.m.•547 views

Video Lessons Manager - Admin+ Stored Cross-Site Scripting

The plugins do not properly sanitize and escape values when updating their settings, which could allow high privilege users to perform Cross-Site Scripting attacks Open the CM Video Lesson Plugin's Settings page. Click on Label Tab Enter payload like "alert1 into the "channel" or "channels" field...

4.8CVSS0.7AI score0.00598EPSS
Exploits2
wpexploit
wpexploit
•added 2021/08/16 12:0 a.m.•547 views

CBX Bookmark & Favorite < 1.6.9 - Reflected Cross-Site Scripting

The plugin does not escape a page parameter before outputting it back in attributes, leading to Reflected Cross-Site Scripting issues alert/XSS/' / alert/XSS/' /...

6.6AI score
Exploits0
wpexploit
wpexploit
•added 2021/04/19 12:0 a.m.•547 views

Popup by Supsystic < 1.10.5 - Reflected Cross-Site scripting (XSS)

The plugin did not sanitise the tab parameter of its options page before outputting it in an attribute, leading to a reflected Cross-Site Scripting issue /wp-admin/admin.php?page=popup-wp-supsystic&tab="onmouseover=alert1//...

4.3CVSS1.1AI score0.18165EPSS
Exploits5
wpexploit
wpexploit
•added 2023/02/02 12:0 a.m.•546 views

Show-Hide / Collapse-Expand <= 1.2.5 - Contributor+ Stored XSS via Shortcode

The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. Exploit...

5.4CVSS5.1AI score0.0049EPSS
Exploits2
wpexploit
wpexploit
•added 2022/12/27 12:0 a.m.•546 views

Login as User or Customer < 3.3 - Unauthenticated Privilege Escalation to Admin

The plugin lacks authorization checks to ensure that users are allowed to log in as another one, which could allow unauthenticated attackers to obtain a valid admin session. Run the below command in the developer console of the web browser while being on the blog as an unauthenticated user, then...

9.8CVSS1.8AI score0.38625EPSS
Exploits2
wpexploit
wpexploit
•added 2021/09/15 12:0 a.m.•547 views

Podcast Subscribe Buttons < 1.4.2 - Contributor+ Stored XSS

The plugin allows users with any role capable of editing or adding posts to perform stored XSS. Add the below payload as a shortcode block: podcastsubscribe alignment='" style="animation-name:twentytwentyone-close-button-transition" onanimationend="alertorigin//'...

5.4CVSS1AI score0.00604EPSS
Exploits2
wpexploit
wpexploit
•added 2021/09/06 12:0 a.m.•546 views

Modern Events Calendar Lite < 5.22.2 - Admin+ Stored Cross-Site Scripting

The plugin does not escape some of its settings before outputting them in attributes, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. Go to the plugin Settings Messages Taxonomies...

4.8CVSS0.2AI score0.00598EPSS
Exploits2
wpexploit
wpexploit
•added 2021/08/09 12:0 a.m.•546 views

SpeakOut! Email Petitions < 2.13.3 - Reflected Cross-Site Scripting

The plugin does not escape its searchString parameter before outputting it back in an attribute in the admin dashboard, leading to a Reflected Cross-Site Scripting issue https://example.com/wp-admin/admin.php?page=dkspeakoutsignatures&action=search&searchString="alert/XSS/...

0.8AI score
Exploits0
wpexploit
wpexploit
•added 2022/02/23 12:0 a.m.•544 views

Amelia < 1.0.46 - Arbitrary Customer Deletion via CSRF

The plugin does not have CSRF check in place when deleting customers, which could allow attackers to make a logged in admin delete arbitrary customers via a CSRF attack...

4.3CVSS2.4AI score0.00429EPSS
Exploits2
wpexploit
wpexploit
•added 2021/08/31 12:0 a.m.•544 views

Software License Manager < 4.5.0 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise or escape its License Key Prefix setting before outputting it in the Add/Edit Licenses page, leading to an Authenticated Stored Cross-Site Scripting issue Go the plugin’s settings and add "alert/XSS/ as a License Key Prefix Then go the the Add/Edit Licenses page to...

0.2AI score
Exploits0
wpexploit
wpexploit
•added 2021/07/26 12:0 a.m.•544 views

Simple Social Media Share Buttons < 3.2.3 - Contributor+ Stored XSS

The plugin did not escape the align and likebuttonsize parameters of its SSB shortcode, which could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks. SSB align='" onmouseover="alert/align///' likebuttonsize='4" onmouseover="alert/likebuttonsize///' SSB...

3.5CVSS2.2AI score0.00624EPSS
Exploits2
wpexploit
wpexploit
•added 2021/09/07 12:0 a.m.•543 views

Chained Quiz < 1.2.7.2 - Authenticated Stored Cross Site Scripting

The plugin does not properly sanitize or escape inputs in the plugin's settings. Open "Chained Quiz Social Sharing" in the WP admin panel. Under title field enter the payload : "alertdocument.domain Click on Save All Setting and the XSS will fire every time the Social Sharing page is loaded...

5.4CVSS0.1AI score0.00604EPSS
Exploits2
wpexploit
wpexploit
•added 2021/08/10 12:0 a.m.•543 views

Two Factor Authentication < 1.0.8 - Reflected Cross-Site Scripting

The plugin does not escape the user parameter before outputting it back in an attribute in the dashboard page to confirm the 2FA reset, leading to a Reflected Cross-Site Scripting issue https://example.com/wp-admin/users.php?page=reset&action=resetedit&user="alert/XSS/...

0.7AI score
Exploits0
wpexploit
wpexploit
•added 2021/07/21 12:0 a.m.•543 views

Charitable - Donation Plugin < 1.6.51 - Unauthenticated Stored Cross-Site Scripting

While fixing an Authenticated Stored Cross-Site Scripting issue https://wpscan.com/vulnerability/a5837621-ee6e-4876-9f65-82658fc0341f, the vendor identified another Cross-Site Scripting issue, which could be exploited by unauthenticated users and would be triggered in the context of a logged in...

Exploits0References2
wpexploit
wpexploit
•added 2021/07/05 12:0 a.m.•543 views

Filter Gallery < 0.0.7 - Unauthorised AJAX Calls

The plugin had a logic flaw in the CSRF checks of its AJAX calls, allowing them to be passed by not providing the related parameter in the request. This could allow attacker to make logged in users do unwanted actions. Furthermore, the AJAX calls are also lacking capability checks, allowing any...

0.1AI score
Exploits0
wpexploit
wpexploit
•added 2021/04/10 12:0 a.m.•543 views

Contact Form Check Tester <= 1.0.2 - Broken Access Control to Cross-Site Scripting (XSS)

The plugin settings are visible to all registered users in the dashboard and are lacking any sanitisation. As a result, any registered user, such as subscriber, can leave an XSS payload in the plugin settings, which will be triggered by any user visiting them, and could allow for privilege...

3.5CVSS0.4AI score0.04703EPSS
Exploits5
wpexploit
wpexploit
•added 2023/03/21 12:0 a.m.•542 views

Redirection < 1.1.5 - Plugin Reset via CSRF

The plugin does not have CSRF checks in the uninstall action, which could allow attackers to make logged in admins delete all the redirections through a CSRF attack. https://example.com/wp-admin/admin-post.php?action=iruninstall...

6.5CVSS6.3AI score0.00326EPSS
Exploits2
wpexploit
wpexploit
•added 2022/12/12 12:0 a.m.•542 views

Quote-O-Matic <= 1.0.5 - Admin+ SQLi

The plugin does not properly sanitize and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin. https://example.com/wp-admin/edit.php?page=quote-o-matic.php&sortby=qomID+AND+SELECT+3477+FROM+SELECTSLEEP5DhVP...

7.2CVSS1.8AI score0.00902EPSS
Exploits2
wpexploit
wpexploit
•added 2021/11/29 12:0 a.m.•542 views

WP Mail Logging < 1.10.0 - Outdated Redux Framework

The plugin uses an outdated version of the Redux Framework, which is know to be affected by security issues CVE-2021-38312 and CVE-2021-38314, and could allow unauthenticated attackers to change some of the Framework settings by using CVE-2021-38314 The first endpoint we can identify is gathered...

7.1CVSS0.1AI score0.28961EPSS
Exploits7
wpexploit
wpexploit
•added 2021/10/11 12:0 a.m.•542 views

Multiple Plugins from WPPlugin - Reflected Cross-Site Scripting via page Parameter

The plugins do not escape a page parameter before outputting it back in an attribute in various admin pages, leading to Reflected Cross-Site Scripting issues. The issues were reported to the vendor on August 10th, 2021 Example in easy-paypal-donation alert/XSS/' / alert/XSS/' /...

0.5AI score
Exploits0
wpexploit
wpexploit
•added 2021/09/29 12:0 a.m.•542 views

Modern Events Calendar Lite < 5.22.3 - Authenticated Stored Cross Site Scripting

The plugin does not properly sanitize or escape values set by users with access to adjust settings withing wp-admin. Go to Setting Tab Under Calendar Lite Plugin Under Setting tab Click on Slugs/Permalinks tab Enter the XSS payload into Main Slug and Category Slug both. Both fields are vulnerable...

5.4CVSS0.00629EPSS
Exploits2
wpexploit
wpexploit
•added 2021/08/16 12:0 a.m.•542 views

Email Artillery <= 4.1 - Multiple Authenticated SQL Injections

The plugin does not sanitise, validate or escape some user input before using it in SQL statements in the admin dashboard, leading to SQL Injections https://example.com/wp-admin/admin.php?page=etmbu-all-posts&s=yes&postid=1%20AND%20SELECT%2042%20FROM%20SELECTSLEEP5aa...

1.3AI score
Exploits0
wpexploit
wpexploit
•added 2021/09/28 12:0 a.m.•541 views

Connections Business Directory < 10.4.3 - Admin+ Stored Cross-Site Scripting

The plugin does not escape the Address settings when creating an Entry, which could allow high privilege users to perform Cross-Site Scripting when the unfilteredhtml capability is disallowed. Add an Entry /wp-admin/admin.php?page=connectionsadd and put the following payload in the Address Line...

4.8CVSS4.8AI score0.00705EPSS
Exploits2
wpexploit
wpexploit
•added 2021/08/10 12:0 a.m.•541 views

Book appointment Online < 1.39 - Authenticated Stored Cross-Site Scripting (XSS)

The plugin does not sanitise or escape Service Prices before outputting it in the List, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. In the admin dashboard navigate to Services Add service and put the followi...

4.8CVSS0.5AI score0.00598EPSS
Exploits2
wpexploit
wpexploit
•added 2021/06/08 12:0 a.m.•541 views

JoomSport < 5.1.8 - Unauthenticated PHP Object Injection

The joomsportmdload AJAX action of the plugin, registered for both unauthenticated and unauthenticated users, unserialised user input from the shattr POST parameter, leading to a PHP Object Injection issue. Even though the plugin does not have a suitable gadget chain to exploit this, other...

9.8CVSS2.1AI score0.02068EPSS
Exploits2
wpexploit
wpexploit
•added 2021/09/21 12:0 a.m.•540 views

Fetch Tweets <= 2.6.4 - Reflected Cross-Site Scripting

The plugin does not escape some parameters before outputting them back in attributes in an admin page, leading to Reflected Cross-Site Scripting issues alert/XSS-page/' / alert/XSS-tab/' /...

Exploits0
wpexploit
wpexploit
•added 2021/08/24 12:0 a.m.•540 views

Contact List < 2.9.42 - Reflected Cross-Site Scripting

The plugin does not escape the cardheight parameter before outputting it back in a page, leading to a Reflected Cross-Site Scripting issue https://example.com/wp-admin/edit.php?posttype=contact&page=contact-list-printable&cardheight="alert/XSS/...

0.6AI score
Exploits0
wpexploit
wpexploit
•added 2021/08/11 12:0 a.m.•540 views

Software License Manager < 4.4.8 - Reflected Cross-Site Scripting

The plugin does not sanitise or escape the editrecord parameter before outputting it back in the page in the admin dashboard, leading to a Reflected Cross-Site Scripting issue...

6.1CVSS0.9AI score0.00702EPSS
Exploits1
wpexploit
wpexploit
•added 2021/07/19 12:0 a.m.•540 views

Wonder PDF Embed < 1.7 - Contributor+ Stored XSS

The plugin does not escape parameters of its wonderpluginpdf shortcode, which could allow users with a role as low as Contributor to perform Stored XSS attacks. wonderpluginpdf src="a" onload="alert1"...

3.5CVSS2.6AI score0.00624EPSS
Exploits2
wpexploit
wpexploit
•added 2021/06/16 12:0 a.m.•540 views

Request a Quote < 2.3.4 - Authenticated Stored XSS

The plugin did not sanitise and escape some of its quote fields when adding/editing a quote as admin, leading to Stored Cross-Site scripting issues when the quote is output in the 'All Quotes" table. Note: By default, admins and editors are allowed to use JavaScript in posts and page, unless the...

5.4CVSS0.3AI score0.00624EPSS
Exploits2
wpexploit
wpexploit
•added 2023/01/23 12:0 a.m.•539 views

WP Review Slider < 12.2 - Subscriber+ SQLi

The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as subscriber. Run the following code in the browser console on any WP Admin page. fetch'/wp-admin/admin-ajax.php', method: 'POST',...

8.8CVSS9.2AI score0.00919EPSS
Exploits2
wpexploit
wpexploit
•added 2021/09/28 12:0 a.m.•539 views

WP Reactions Lite < 1.3.6 - Authenticated Stored Cross Site Scripting

The plugin does not properly sanitize inputs within wp-admin pages, allowing users with sufficient access to inject XSS payloads within /wp-admin/ pages. Open Global Activation and Click on Customize Now On Step3 StylingTab Enter the XSS payload into "Whats your reaction" field Payload Used :...

5.4CVSS5.3AI score0.00629EPSS
Exploits2
Total number of security vulnerabilities4359