Lucene search
K
WpexploitMost viewed

4359 matches found

wpexploit
wpexploit
added 2021/09/20 12:0 a.m.528 views

LearnPress < 4.1.3.1 - Multiple Admin+ Stored Cross-Site Scripting

The plugin does not properly sanitize or escape various inputs within course settings, which could allow high privilege users to perform Cross-Site Scripting attacks when the unfiltredhtml capability is disallowed When adding new courses, the following fields can have XSS payloads like "alert1...

4.8CVSS0.2AI score0.00661EPSS
Exploits2
wpexploit
wpexploit
added 2021/06/03 12:0 a.m.528 views

Quiz And Survey Master < 7.1.18 - Reflected Cross-Site Scripting (XSS)

The plugin did not sanitise or escape its resultid parameter when displaying an existing quiz result page, leading to a reflected Cross-Site Scripting issue. This could allow for privilege escalation by inducing a logged in admin to open a malicious link...

6.1CVSS0.3AI score0.00827EPSS
Exploits2
wpexploit
wpexploit
added 2021/10/20 12:0 a.m.527 views

BetterLinks < 1.2.6 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of imported link fields, which could lead to Stored Cross-Site Scripting issues when an admin import a malicious CSV. Go to Plugin's Settings page, in "Tool" tab, import a CSV file with Betterlinks option. Put a simple XSS payload into "linktitle" colu...

5.4CVSS0.1AI score0.00604EPSS
Exploits2
wpexploit
wpexploit
added 2021/08/26 12:0 a.m.527 views

PostX Gutenberg Blocks Saved Templates Addon < 2.4.10 - Private Content Disclosure

The plugin, with Saved Templates Addon enabled, allows users with Contributor roles or higher to read password-protected or private post contents the user is otherwise unable to read, given the post ID. If the post 1234, created by other users, is set as private, save gutenbergpostblocks id="1234...

4.3CVSS0.7AI score0.00739EPSS
Exploits1
wpexploit
wpexploit
added 2021/08/02 12:0 a.m.527 views

StoryChief < 1.0.31 - Authenticated Stored Cross-Site Scripting (XSS)

The plugin does not sanitise and escape its StoryChief Key setting before outputting it in an attribute, leading to an Authenticated Stored Cross-Site Scripting issue Put the following payload in the StoryChief Key setting and save them: "alert/XSS/...

1AI score
Exploits0
wpexploit
wpexploit
added 2021/03/30 12:0 a.m.527 views

Woocommerce Customers Manager < 26.6 - Authenticated Reflected Cross-Site Scripting (XSS)

The wccmcustomersids and wccmcustomersemails parameters are output in href attributes, after being sanitised with the sanitizetextfield function, which is not appropriate for such case, as payload such as ' injected-attribute=value will still be injected. This lead to a reflected XSS issue in the...

1.6AI score
Exploits0References2
wpexploit
wpexploit
added 2021/03/17 12:0 a.m.527 views

WP Page Builder < 1.2.4 - Insecure default configuration Allows Subscribers Editing Access to Posts

By default, the plugin allows subscriber-level users to edit and make changes to any and all posts pages - user roles must be specifically blocked from editing posts and pages. A subscriber, upon registering an account with a site with the WP Pagebuilder plugin, could immediately modify or delete...

4CVSS1.1AI score0.00689EPSS
Exploits2References2
wpexploit
wpexploit
added 2023/01/02 12:0 a.m.526 views

Google Analyticator < 6.5.6 - Admin+ PHP Object Injection

The plugin unserializes user input provided via the settings, which could allow high privilege users such as admin to perform PHP Object Injection when a suitable gadget is present To simulate a gadget chain, put the following code in a plugin: class Evil public function wakeup : void die"Arbitra...

7.2CVSS0.8AI score0.01046EPSS
Exploits2
wpexploit
wpexploit
added 2021/05/12 12:0 a.m.526 views

Weekly Schedule < 3.4.3 - Authenticated Stored XSS

The "Schedule Name" input in the plugin general options did not properly sanitize input, allowing a user to inject javascript code using the Go to Weekly Schedule - General Options /wp-admin/admin.php?page=weekly-schedule - Schedule Name - Fill the field with a payload such as alertxss...

5.4CVSS5.5AI score0.0065EPSS
Exploits2
wpexploit
wpexploit
added 2022/11/08 12:0 a.m.525 views

Form Vibes < 1.4.5 - Admin+ SQLi

The "deleteentries" function does not filter parameters from the request. This leads to an SQL Injection vulnerability. - Create a submission using the Contact From 7 plugin. - On the Form Vibes tab in the dashboard, click "submissions" and implement the delete function on an entry. - Intercept t...

0.5AI score0.00981EPSS
Exploits2
wpexploit
wpexploit
added 2022/09/05 12:0 a.m.525 views

Slider Hero < 8.4.4 - Admin+ Stored Cross-Site Scripting

The plugin does not escape the slider Name, which could allow high-privileged users to perform Cross-Site Scripting attacks. Create or edit a Slide and put the following payload in the Name field: " onfocus=alert/XSS/ autofocus=" The XSS will be triggered when editing the slide again...

4.8CVSS0.5AI score0.00475EPSS
Exploits2
wpexploit
wpexploit
added 2021/10/18 12:0 a.m.525 views

Insert Pages < 3.7.0 - Contributor+ Arbitrary Posts/Pages Access

The plugin allows users with a role as low as Contributor to access content and metadata from arbitrary posts/pages regardless of their author and status ie private, using a shortcode. Password protected posts/pages are not affected by such issue. insert page='pageslug' display='all' Where pagesl...

4.3CVSS2.8AI score0.00913EPSS
Exploits2References1
wpexploit
wpexploit
added 2023/01/25 12:0 a.m.524 views

Simple File Downloader <= 1.0.4 - Contributor+ Stored XSS via Shortcode

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks As a Contributor+ create a new post and add...

6.8CVSS5.2AI score0.00627EPSS
Exploits2
wpexploit
wpexploit
added 2021/10/04 12:0 a.m.524 views

Coming Soon, Under Construction & Maintenance Mode By Dazzler < 1.6.7 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise or escape its description setting when outputting it in the frontend when the Coming Soon mode is enabled, even when the unfilteredhtml capability is disallowed, leading to an authenticated Stored Cross-Site Scripting issue Via the plugin's settings: - Enable the...

4.8CVSS4.8AI score0.00571EPSS
Exploits2
wpexploit
wpexploit
added 2021/09/27 12:0 a.m.524 views

WordPress Contact Forms by Cimatti < 1.4.12 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape the Form Title before outputting it in some admin pages. which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml is disallowed. 1. go to Forms. 2. go to Add New Form 3. In th title put alert"Ehlo"; 4. Save...

4.8CVSS0.3AI score0.00598EPSS
Exploits2
wpexploit
wpexploit
added 2021/09/13 12:0 a.m.524 views

Comments - wpDiscuz < 7.3.2 - Admin+ Stored Cross-Site Scripting

The plugin does not properly sanitise or escape the Follow and Unfollow messages before outputting them in the page, which could allow high privilege users to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. Timeline: May 18th, 2021 - Vendor...

4.8CVSS4.9AI score0.00598EPSS
Exploits2
wpexploit
wpexploit
added 2021/08/10 12:0 a.m.524 views

Picture Gallery < 1.4.4 - Authenticated Stored XSS

The plugin does not properly sanitize input on a field found in the plugin's settings page, leading to a stored cross site scripting risk where authenticated users can target other authenticated users. Enter a XSS payload like "alertdocument.location in the "Content URL" field found on the plugin...

0.4AI score
Exploits0References1
wpexploit
wpexploit
added 2021/07/31 12:0 a.m.524 views

WP Dialog <= 1.2.5.5 - Authenticated Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its settings before outputting them in pages, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. Put the following payload in the Welcome message stcontent parameter of the...

4.8CVSS0.2AI score0.00598EPSS
Exploits2
wpexploit
wpexploit
added 2022/11/29 12:0 a.m.523 views

WP CSV Exporter < 1.3.7 - CSV Injection

The plugin does not properly escape the fields when exporting data as CSV, leading to a CSV injection vulnerability. - create a post using =5+5 as the title - export the data as CSV - open the CSV with a spreadsheet application Excel, Libre Office - the CSV formula gets executed...

7.8CVSS0.6AI score0.0041EPSS
Exploits1
wpexploit
wpexploit
added 2021/08/25 12:0 a.m.523 views

Contact Form 7 Zoho < 1.1.8 - Reflected Cross-Site Scripting

The plugin does not escape some of its filters before outputting them back in the admin dashboard, leading to Reflected Cross-Site Scripting issues https://example.com/wp-admin/admin.php?page=vxcfzoho&tab=logs&startdate="alert/XSS-startdate/&enddate="alert/XSS-enddate/...

0.6AI score
Exploits0
wpexploit
wpexploit
added 2021/12/21 12:0 a.m.522 views

Asgaros Forum < 1.15.15 - Admin+ SQL Injection via forum_id

The plugin does not validate or escape the forumid parameter before using it in a SQL statement when editing a forum, leading to an SQL injection issue POST /wp-admin/admin.php?page=asgarosforum-structure HTTP/1.1 Accept:...

7.2CVSS1.9AI score0.01502EPSS
Exploits2References1
wpexploit
wpexploit
added 2021/09/21 12:0 a.m.522 views

Game Server Status <= 1.0 - Contributor+ SQL Injection

The plugin does not validate or escape the server id shortcode attribute before using it in a SQL statement, allowing any user with a role as low as contributor to perform SQL Injection attacks As a contributor or above, put the below shortcode in a page/post and view/preview it game-servers...

1.4AI score
Exploits0
wpexploit
wpexploit
added 2021/04/19 12:0 a.m.522 views

Contact Form by Supsystic < 1.7.15 - Reflected Cross-Site scripting (XSS)

The plugin did not sanitise the tab parameter of its options page before outputting it in an attribute, leading to a reflected Cross-Site Scripting issue /wp-admin/admin.php?page=contact-form-supsystic&tab="onmouseover=alert1//...

4.3CVSS0.9AI score0.16044EPSS
Exploits5
wpexploit
wpexploit
added 2020/08/18 12:0 a.m.522 views

Internal Links Manager < 2.1.1 - Multiple Authenticated Stored Cross-Site Scripting (XSS)

Due to lack of user input filtering and validation, the "Add New Link" and "All Links" features are vulnerable to cross-site scripting. The following fields are vulnerable: Internal Title title, Link Title titleattr. Issues were reported to vendor and WP plugins team by reporter. Edit WPScanTeam:...

6.9AI score
Exploits0References1
wpexploit
wpexploit
added 2023/01/23 12:0 a.m.520 views

Pinpoint Booking System < 2.9.9.2.9 - Subscriber+ SQLi

The plugin does not validate and escape one of its shortcode attributes before using it in a SQL statement, which could allow any authenticated users, such as subscriber to perform SQL Injection attacks. Note: A Calendar is needed if there is not one already. Run the below command in the develope...

8.8CVSS9.1AI score0.00937EPSS
Exploits2
wpexploit
wpexploit
added 2023/01/12 12:0 a.m.520 views

Paid Membership Pro < 2.9.8 - Unauthenticated SQLi

The plugin does not properly sanitise and escape the code parameter before using it in a SQL statement via the /pmpro/v1/order REST route, leading to a SQL injection exploitable by unauthenticated users curl...

9.8CVSS1.5AI score0.9246EPSS
Exploits6References1
wpexploit
wpexploit
added 2022/12/27 12:0 a.m.520 views

Pardakht Delkhah < 2.9.3 - Unauthenticated Stored XSS

The plugin does not sanitise and escape some parameters, allowing unauthenticated attackers to send a request with XSS payloads, which will be triggered when a high privilege users such as admin visits a page from the plugin. 1. Install and activate WoocCommerce dependency, no configuration...

6.1CVSS0.6AI score0.00526EPSS
Exploits2
wpexploit
wpexploit
added 2021/08/17 12:0 a.m.520 views

PostX Gutenberg Blocks for Post Grid < 2.4.10 - Missing Access Controls

The plugin performs incorrect checks before allowing any logged in user to perform some ajax based requests, allowing any user to modify, delete or add ultpoptions values. You can run this from a browser's javascript console:...

6.5CVSS0.1AI score0.00693EPSS
Exploits1
wpexploit
wpexploit
added 2021/03/14 12:0 a.m.520 views

Social Slider Widget < 1.8.5 - Authenticated Reflected Cross-Site Scripting (XSS)

The plugin allowed Authenticated Reflected XSS in the plugin settings page as the ‘tokenerror’ parameter can be controlled by users and it is directly echoed without being sanitized /wp-admin/admin.php?page=settings-wisw&tokenerror=alert/XSS/;...

3.5CVSS1.9AI score0.00679EPSS
Exploits2References1
wpexploit
wpexploit
added 2023/01/31 12:0 a.m.519 views

Correos Oficial <= 1.3.0.0 - Unauthenticated Arbitrary File Download

The plugin does not have an authorization check user input validation when generating a file path, allowing unauthenticated attackers to download arbitrary files from the server. Dependency: WooCommerce plugin Use the following curl command to download the contents of the wp-config.php file: curl...

7.5CVSS7.9AI score0.00849EPSS
Exploits2
wpexploit
wpexploit
added 2022/12/09 12:0 a.m.519 views

LetsRecover < 1.2.0 - Admin+ SQLi

The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin POST /wp-admin/admin.php?page=letsrecover-templates&subscriberid=6&cartid=10+AND+SELECT+5926+FROM+SELECTSLEEP5erUA HTTP/1.1...

7.2CVSS0.8AI score0.00874EPSS
Exploits1References1
wpexploit
wpexploit
added 2022/01/17 12:0 a.m.520 views

PPOM for WooCommerce < 24.0 - Subscriber+ Settings Update to Stored XSS

The plugin does not have authorisation and CSRF checks in the ppomsettingspanelaction AJAX action, allowing any authenticated to call it and set arbitrary settings. Furthermore, due to the lack of sanitisation and escaping, it could lead to Stored XSS issues 1. Use the new settings panel framewor...

5.4CVSS0.5AI score0.00516EPSS
Exploits2
wpexploit
wpexploit
added 2023/12/11 12:0 a.m.518 views

Popup Builder < 4.2.3 - Unauthenticated Stored XSS

Description The plugin does not prevent simple visitors from updating existing popups, and injecting raw JavaScript in them, which could lead to Stored XSS attacks. 1 Create a popup using the plugin 2 Run the following curl command, switching $POPUPID with that popup's ID: curl --url...

6.1CVSS9AI score0.01999EPSS
Exploits4References1
wpexploit
wpexploit
added 2021/08/16 12:0 a.m.517 views

WP Courses LMS < 2.0.44 - Authenticated Stored XSS via Video Embed Code

The plugin does not sanitise its Video Embed Code, allowing malicious code to be injected in it by high privilege users, even when the unfilteredhtml capability is disallowed, which could lead to Stored Cross-Site Scripting issues 1. On the dashboard, navigate to WP Courses Courses Add New Video...

4.8CVSS0.7AI score0.00598EPSS
Exploits2
wpexploit
wpexploit
added 2021/08/09 12:0 a.m.517 views

Form Builder 1.9.8.4 - Reflected Cross-Site Scripting (XSS)

The plugin does not properly sanitise and escape its fromid parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting issue. The formid digits before the payload must be valid: https://example.com/wp-admin/admin.php?page=smuz-forms&formid=1242;alert/XSS/...

0.3AI score
Exploits0
wpexploit
wpexploit
added 2022/12/27 12:0 a.m.516 views

WordPress Simple Shopping Cart < 4.6.2 - Contributor+ Stored XSS via Shortcode

The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. Exploit...

5.4CVSS1.6AI score0.00534EPSS
Exploits2
wpexploit
wpexploit
added 2022/05/09 12:0 a.m.517 views

Team Members < 5.1.1 - Admin+ Stored Cross-Site Scripting

The plugin does not escape some of its Team settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed The teamcolor field ie "Main color" setting of a team is affected POST /wp-admin/post.php HTTP/1.1 Accept:...

4.8CVSS0.2AI score0.00565EPSS
Exploits2
wpexploit
wpexploit
added 2021/11/01 12:0 a.m.516 views

Shop Page WP < 1.2.8 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of the Product fields, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. Add/edit a product and put the following payload in the Product Affiliate URL, Custom Button Text fields...

4.8CVSS5.1AI score0.00598EPSS
Exploits2
wpexploit
wpexploit
added 2021/03/24 12:0 a.m.516 views

All Thrive Themes and Plugins - Unauthenticated Option Update

The plugins and themes register a REST API endpoint associated with Zapier functionality. While this endpoint was intended to require an API key in order to access, it was possible to access it by supplying an empty apikey parameter in vulnerable versions if Zapier was not enabled. Attackers coul...

5CVSS1.1AI score0.02076EPSS
Exploits2References1
wpexploit
wpexploit
added 2021/10/12 12:0 a.m.515 views

Discounts Manager for Products < 3.4.5 - Reflected Cross-Site Scripting

The plugin does not escape the wcdptab parameter before outputting it back in a JavaScript context, leading to a Reflected Cross-Site Scripting issue v alert/XSS/ v 3.4.5 - https://example.com/wp-admin/admin.php?page=wcwcdp&wcdptab=a';alert/XSS/;//...

0.5AI score
Exploits0
wpexploit
wpexploit
added 2021/06/01 12:0 a.m.515 views

All 404 Redirect to Homepage < 2.1 - Authenticated Stored Cross-Site Scripting (XSS)

The plugin v1.21 attempted to fix a Stored Cross-Site scripting issue in its "Redirect All 404 page to" settings, however the fix is insufficient, still allowing the issue to be triggered. This could allow high privilege users even with the unfilteredhtml disabled to use malicious payloads in it,...

0.2AI score
Exploits0
wpexploit
wpexploit
added 2023/02/28 12:0 a.m.514 views

OAuth Single Sign On - SSO (OAuth Client) Free < 6.24.2 - IdP Deletion via CSRF

The plugin does not have CSRF checks when deleting Identity Providers IdP, which could allow attackers to make logged in admins delete arbitrary IdP via a CSRF attack https://example.com/wp-admin/admin.php?page=mooauthsettings&tab=config&action=delete&app=wordpress...

6.5CVSS6.8AI score0.00442EPSS
Exploits5
wpexploit
wpexploit
added 2023/01/19 12:0 a.m.514 views

GPT3 AI Content Writer < 1.4.38 - Subscriber+ Arbitrary Post Content Update

The plugin does not perform any kind of nonce or privilege checks before letting logged-in users modify arbitrary posts. fetch'http://localhost/wp-admin/admin-ajax.php', method: 'POST', headers: new Headers 'Content-Type': 'application/x-www-form-urlencoded', , body:...

5.4CVSS5.5AI score0.00512EPSS
Exploits2
wpexploit
wpexploit
added 2022/08/22 12:0 a.m.514 views

WP Server Health Stats < 1.7.0 - Admin+ Stored Cross-Site Scripting

The plugin does not escape some of its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. As admin, put the following payload in the "Provide your IP-API Pro key", "Memcached Server Host", "Set the realti...

4.8CVSS0.1AI score0.00538EPSS
Exploits2
wpexploit
wpexploit
added 2022/01/03 12:0 a.m.514 views

SVG Support < 2.3.20 - Admin+ Stored Cross-Site Scripting

The plugin does not escape the "CSS Class to target" setting before outputting it in an attribute, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. With the Advanced Mode enabled, put the following payload in the...

4.8CVSS0.3AI score0.00654EPSS
Exploits2References1
wpexploit
wpexploit
added 2021/10/19 12:0 a.m.514 views

Tutor LMS < 1.9.11 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape user input before outputting back in attributes in the Student Registration page, leading to a Reflected Cross-Site Scripting issue https://example.com/student-registration/?userlogin="alert/XSS/...

6.1CVSS0.3AI score0.00757EPSS
Exploits1References1
wpexploit
wpexploit
added 2021/10/05 12:0 a.m.514 views

Booking.com Banner Creator < 1.4.3 - Admin+ Stored Cross-Site Scripting

The plugin does not properly sanitize inputs when creating banners, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed Open the plugin's add new banner page B.com Banner - Add New Banner The form field named "Banner...

4.8CVSS0.6AI score0.00598EPSS
Exploits2
wpexploit
wpexploit
added 2021/10/04 12:0 a.m.514 views

Themify Builder < 5.3.2 - Reflected Cross-Site Scripting

The plugin does not escape some parameters before outputting them back in attributes and tags in an admin page, leading to Reflected Cross-Site Scripting issues https://example.com/wp-admin/admin.php?page=themify-global-styles&status="alert/XSS/...

1.4AI score
Exploits0
wpexploit
wpexploit
added 2021/09/20 12:0 a.m.514 views

One User Avatar < 2.3.7 - Avatar Update via CSRF

The plugin does not check for CSRF when updating the Avatar in page where the avatarupload shortcode is embed. As a result, attackers could make logged in user change their avatar via a CSRF attack Click...

6.5CVSS0.5AI score0.00553EPSS
Exploits2
wpexploit
wpexploit
added 2021/09/20 12:0 a.m.514 views

Html5 Audio Player < 2.1.3 - Contributor+ Stored Cross-Site Scripting

The plugin does not sanitise or validate the parameters from its shortcode, allowing users with a role as low as contributor to set Cross-Site Scripting payload in them which will be triggered in the page/s with the embed malicious shortcode Log in as contributor and add the following shortcode i...

5.4CVSS0.6AI score0.00629EPSS
Exploits2
Total number of security vulnerabilities4359