Lucene search
K
WpexploitMost viewed

4359 matches found

wpexploit
wpexploit
•added 2021/09/20 12:0 a.m.•514 views

Html5 Audio Player < 2.1.3 - Contributor+ Stored Cross-Site Scripting

The plugin does not sanitise or validate the parameters from its shortcode, allowing users with a role as low as contributor to set Cross-Site Scripting payload in them which will be triggered in the page/s with the embed malicious shortcode Log in as contributor and add the following shortcode i...

5.4CVSS0.6AI score0.00629EPSS
Exploits2
wpexploit
wpexploit
•added 2022/12/29 12:0 a.m.•513 views

Video Conferencing with Zoom < 4.0.10 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. 1. Insert the...

5.4CVSS0.7AI score0.00471EPSS
Exploits2
wpexploit
wpexploit
•added 2022/08/22 12:0 a.m.•513 views

WP Taxonomy Import <= 1.0.4 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting alert/XSS/" /...

6.1CVSS6.2AI score0.00491EPSS
Exploits2
wpexploit
wpexploit
•added 2021/11/02 12:0 a.m.•513 views

ARForms Form Builder < 1.5 - Admin+ Stored Cross Site Scripting

The plugin does not properly sanitize some of its settings allowing high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed Put the following payload in the From/Replyto Name field at ARForms Lite General Settings Email Settings: "alert/X...

4.8CVSS5.1AI score0.00598EPSS
Exploits2
wpexploit
wpexploit
•added 2021/10/11 12:0 a.m.•513 views

Quiz Tool Lite <= 2.3.15 - Multiple Admin+ Stored Cross-Site Scripting

The plugin does not sanitize multiple input fields used when creating or managing quizzes and in other setting options, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. 1. When creating a new Question Pot, you can inject ...

4.8CVSS0.1AI score0.00598EPSS
Exploits2
wpexploit
wpexploit
•added 2021/10/05 12:0 a.m.•513 views

World Travel Information <= 1.0.0 - Reflected Cross-Site Scripting

The plugin does not escape the $SERVER'PHPSELF' parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting issue https://example.com/wp-admin/admin.php/"alert/XSS//?page=ti-info...

0.9AI score
Exploits0
wpexploit
wpexploit
•added 2022/09/07 12:0 a.m.•512 views

Frontend File Manager < 21.3 - Unauthenticated File Renaming

The plugin allows any unauthenticated user to rename uploaded files from users. Furthermore, due to the lack of validation in the destination filename, this could allow allow them to change the content of arbitrary files on the web server curl -i -s -k -X 'POST' --data-binary...

5.3CVSS1.7AI score0.06199EPSS
Exploits2
wpexploit
wpexploit
•added 2021/09/02 12:0 a.m.•512 views

Easy Social Icons < 3.1.3 - Reflected Cross-Site Scripting

The plugin does not escape user input before outputting it back in attributes, leading to Reflected Cross-Site Scripting issues Affected parameters: width, height, margin, attrid, attrclass alert/XSS/' /...

6.6AI score
Exploits0
wpexploit
wpexploit
•added 2023/01/19 12:0 a.m.•511 views

Amr Shortcode Any Widget <= 4.0 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. 1. Insert a...

5.4CVSS5.1AI score0.00477EPSS
Exploits2
wpexploit
wpexploit
•added 2022/12/27 12:0 a.m.•511 views

Page-list < 5.3 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. Exploit...

5.4CVSS0.8AI score0.00471EPSS
Exploits2
wpexploit
wpexploit
•added 2022/07/11 12:0 a.m.•511 views

GiveWP < 2.21.3 - DoS via CSRF

The plugin does not have CSRF in place when exporting data, and does not validate the exporting parameters such as dates, which could allow attackers to make a logged in admin DoS the web server via a CSRF attack as the plugin will try to retrieve data from the database many times which leads to...

6.5CVSS1AI score0.00375EPSS
Exploits2
wpexploit
wpexploit
•added 2021/09/15 12:0 a.m.•511 views

Compact WP Audio Player < 1.9.7 - Setting Change via CSRF

The plugin does not implement nonce checks, which could allow attackers to make a logged in admin change the "Disable Simultaneous Play" setting via a CSRF attack. csrf.submit...

6.5CVSS1.6AI score0.00553EPSS
Exploits2
wpexploit
wpexploit
•added 2023/02/23 12:0 a.m.•510 views

ReviewX < 1.6.4 - Subscriber+ SQLi

The plugin does not properly sanitise and escape the filterValue and selectedColumns parameters before using them in SQL statements via the rxexportreview AJAX action available to any authenticated users, leading to a SQL injection exploitable by users with a role as low as subscriber Run the bel...

8.8CVSS9.2AI score0.00872EPSS
Exploits2
wpexploit
wpexploit
•added 2022/12/09 12:0 a.m.•510 views

Visual Email Designer for WooCommerce < 1.7.2 - Multiple Author+ SQLi

The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as author. action=INSERT HERE NAME OF...

8.8CVSS1.5AI score0.00907EPSS
Exploits2
wpexploit
wpexploit
•added 2022/08/29 12:0 a.m.•510 views

Slickr Flickr <= 2.8.1 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. Open the plugin and intercept the request using burpsuite. Give the below payload in the parameter...

4.8CVSS0.4AI score0.00494EPSS
Exploits2
wpexploit
wpexploit
•added 2021/12/27 12:0 a.m.•510 views

myCred < 2.4 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape the search query before outputting it back in the history dashboard page, leading to a Reflected Cross-Site Scripting issue https://example.com/wp-admin/users.php?page=mycreddefault-history&s=%3Cimg+src+onerror%3Dalert%28/XSS/%29%3E...

6.1CVSS0.5AI score0.00887EPSS
Exploits2References1
wpexploit
wpexploit
•added 2021/09/20 12:0 a.m.•510 views

Easy Twitter Feed < 1.2 - Contributor+ Stored Cross-Site Scripting

The plugin does not sanitise or validate the parameters from its shortcode, allowing users with a role as low as contributor to set Cross-Site Scripting payload in them which will be triggered in the page/s with the embed malicious shortcode Log in as contributor and add the following shortcode i...

5.4CVSS5.3AI score0.00629EPSS
Exploits2
wpexploit
wpexploit
•added 2022/08/16 12:0 a.m.•509 views

Affiliates Manager < 2.9.14 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape parameters before outputting them back in pages, which could lead to Reflected Cross-Site Scripting GET /wp-admin/admin.php?page=wpam-settings&b=" HTTP/1.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8...

1.5AI score
Exploits0
wpexploit
wpexploit
•added 2022/01/19 12:0 a.m.•509 views

WOOCS < 1.3.7.5 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape the woocsinordercurrency parameter of the woocsgetproductspricehtml AJAX action available to both unauthenticated and authenticated users before outputting it back in the response, leading to a Reflected Cross-Site Scripting...

6.1CVSS0.9AI score0.01798EPSS
Exploits2References1
wpexploit
wpexploit
•added 2022/01/10 12:0 a.m.•509 views

Ivory Search < 5.4.1 - Multiple Admin+ Stored Cross-Site Scripting

The plugin does not escape some of the Form settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. Go to the AJAX settings of a Form and put the following payload in the "Minimum number of characters required...

4.8CVSS0.00598EPSS
Exploits2
wpexploit
wpexploit
•added 2022/01/03 12:0 a.m.•509 views

NextScripts: Social Networks Auto-Poster < 4.3.24 - Unauthenticated Stored XSS

The plugin does not sanitise and escape logged requests before outputting them in the related admin dashboard, leading to an Unauthenticated Stored Cross-Site Scripting issue curl -H 'x-tomato: alert/XSS/;' 'https://example.com/?nxs-cronrun=yes' The XSS will be triggered in the Log/History...

6.1CVSS1.2AI score0.01334EPSS
Exploits2References1
wpexploit
wpexploit
•added 2021/10/25 12:0 a.m.•509 views

Falang multilanguage for WordPress < 1.3.18 - Reflected Cross-Site Scripting

The plugin does not escape the page parameter before outputting it back in an attribute, leading to a Reflected Cross-Site scripting issue alert/XSS/' /...

0.2AI score
Exploits0
wpexploit
wpexploit
•added 2021/08/16 12:0 a.m.•509 views

Email Artillery <= 4.1 - CSRF to Stored XSS

The plugin does not sanitise, validate or escape its settings, and is lacking any CSRF check before saving them. As a result, an attacker could make a logged in admin change them and put malicious JavaScript code as well, leading to Stored Cross-Site Scripting issues. alert/XSS/' /...

0.2AI score
Exploits0
wpexploit
wpexploit
•added 2023/06/26 12:0 a.m.•508 views

POST SMTP Mailer < 2.5.7 - Account Takeover via CSRF

The plugin does not have proper CSRF checks in some AJAX actions, which could allow attackers to make logged in users with the managepostmansmtp capability resend an email to an arbitrary address for example a password reset email could be resent to an attacker controlled email, and allow them to...

8.8CVSS7.1AI score0.00321EPSS
Exploits2
wpexploit
wpexploit
•added 2022/12/23 12:0 a.m.•508 views

Themify Portfolio Post < 1.2.1 - Contributor+ Stored XSS

The plugin does not validate and escapes some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as a contributor to perform Stored Cross-Site Scripting attacks, which could be used against high privileged users such as admin. Exploit...

5.4CVSS0.7AI score0.00534EPSS
Exploits2
wpexploit
wpexploit
•added 2022/08/23 12:0 a.m.•508 views

Scroll To Top < 1.4.1 - Admin+ Stored Cross-Site Scripting

The plugin does not escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup Put the following payload in the "Text" settings of the plugin...

4.8CVSS0.3AI score0.005EPSS
Exploits2
wpexploit
wpexploit
•added 2021/11/29 12:0 a.m.•508 views

WP RSS Aggregator < 4.19.3 - Subscriber+ Stored Cross-Site Scripting

The plugin does not sanitise and escape data before outputting it in the System Info admin dashboard, which could lead to a Stored XSS issue due to the wprssdismissaddonnotice AJAX action missing authorisation and CSRF checks, allowing any authenticated users, such as subscriber to call it and se...

5.4CVSS0.3AI score0.00292EPSS
Exploits2
wpexploit
wpexploit
•added 2021/10/18 12:0 a.m.•508 views

QR Redirector < 1.6.1 - Contributor+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of the QR Redirect fields, which could allow users with a role as low as Contributor perform Stored Cross-Site Scripting attacks. As a contributor, create/edit a "QR Redirect" and set the following fields: "URL to Redirect to": https://example.com/"...

5.4CVSS5.3AI score0.00604EPSS
Exploits2
wpexploit
wpexploit
•added 2021/09/06 12:0 a.m.•508 views

ELEX WooCommerce Google Shopping < 1.2.4 - Reflected Cross-Site Scripting (XSS)

The plugin does not sanitise or escape the search GET parameter before outputting back in the page, leading to a reflected Cross-Site Scripting issue, which will be executed in a logged in admin context https://example.com/wp-admin/admin.php?page=elex-product-feed-manage&search="alert/XSS/...

0.5AI score
Exploits0
wpexploit
wpexploit
•added 2021/09/20 12:0 a.m.•507 views

BetterDocs 1.9.0-1.9.1 - Reflected Cross-Site Scripting

The plugin does not escape the daterange parameter before outputting it back in the All docs admin dashboard, leading to a Reflected Cross-Site Scripting issue https://example.com/wp-admin/admin.php?page=betterdocs-admin&daterange="alert/XSS/...

0.7AI score
Exploits0
wpexploit
wpexploit
•added 2021/08/25 12:0 a.m.•507 views

Responsive Poll < 1.5.9 - Reflected Cross-Site Scripting

The TotalSoftPoll1Vote AJAX action available to both unauthenticated and unauthenticated users outputs the invalid nonce without escaping it first, leading to a Reflected Cross-Site Scripting issue. The issue was fixed in 1.5.5, however additional sanitisation and escaping was done in 1.5.5 to...

6.8AI score
Exploits0
wpexploit
wpexploit
•added 2022/08/29 12:0 a.m.•505 views

Zephyr Project Manager < 3.2.5 - Unauthorised REST Calls to Stored XSS

The plugin does not have proper authorisation even when the Require Authorisation for REST API Requests is enabled in all its REST endpoints, allowing unauthenticated users to call them either directly. Furthermore, due to the lack of sanitisation and escaping, it could also allow them to perform...

0.7AI score
Exploits0
wpexploit
wpexploit
•added 2021/10/18 12:0 a.m.•505 views

Paypal Donation < 1.3.2 - Admin+ Stored Cross-Site Scripting

The plugin does not escape the Amount Menu Name field of created Buttons, which could allow a high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. Create/Edit a Button and put the following payload in the Amount Menu Name field...

4.8CVSS0.1AI score0.00598EPSS
Exploits2
wpexploit
wpexploit
•added 2021/10/18 12:0 a.m.•505 views

My Tickets < 1.8.31 - Unauthenticated Stored Cross-Site Scripting

The plugin does not properly sanitise and escape the Email field of booked tickets before outputting it in the Payment admin dashboard, which could allow unauthenticated users to perform Cross-Site Scripting attacks against admins As unauthenticated, book a ticket, fill the purchase form with dum...

6.1CVSS6.1AI score0.01167EPSS
Exploits2
wpexploit
wpexploit
•added 2021/10/05 12:0 a.m.•505 views

Simple Download Monitor < 3.9.6 - Unauthorised Log Reset

The sdmresetlog AJAX action of the plugin does not have any capability and CSRF checks, which could allow any authenticated user such as subscriber, or an attacker performing a CSRF attack against a logged in admin to reset the log entries...

2.7AI score
Exploits0
wpexploit
wpexploit
•added 2021/10/04 12:0 a.m.•505 views

Cardinity Payment Gateway for WooCommerce < 3.0.7 - Reflected Cross-Site Scripting

The plugin does not escape various parameter before outputting them in attributes, leading to Reflected Cross-Site Scripting issues Vulnerable parameters: amount, country, currency, orderid, description, returnurl, projectid, signature...

0.1AI score
Exploits0
wpexploit
wpexploit
•added 2021/06/16 12:0 a.m.•505 views

W3 Total Cache < 2.1.3 - Authenticated Stored XSS

The plugin did not sanitise or escape some of its CDN settings, allowing high privilege users to use JavaScript in them, which will be output in the page, leading to an authenticated Stored Cross-Site Scripting issue Vulnerable parameters: &cdncnames= 1, cdncnames= 2, cdncnames= 3. CDN Type:...

4.8CVSS0.1AI score0.00622EPSS
Exploits2References1
wpexploit
wpexploit
•added 2021/08/16 12:0 a.m.•504 views

WP Courses LMS < 2.0.44 - Reflected Cross-Site Scripting

The plugin does not escape some parameters before outputting them back in admin pages, leading to Reflected Cross-Site Scripting issues https://example.com/wp-admin/admin.php?page=managestudents&courseid=1&studentid="alert/XSS/...

0.7AI score
Exploits0
wpexploit
wpexploit
•added 2022/08/16 12:0 a.m.•503 views

Affiliates Manager < 2.9.14 - Arbitrary Affiliates & Creatives Deletion via CSRF

The plugin does not have CSRF checks when deleting affiliates and creatives, which could allow attackers to make a logged in admin perform such actions via CSRF attacks Make a logged in admin open - https://example.com/wp-admin/admin.php?page=wpam-affiliates&deleteaid=2 -...

3AI score
Exploits0
wpexploit
wpexploit
•added 2022/06/01 12:0 a.m.•503 views

Easy SVG Support < 3.3.0 - Author+ Stored Cross Site Scripting via SVG

The plugin does not sanitise uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads As an author or above, upload the below SVG file via the Media library: alert/XSS/; The XSS will be triggered when accessing the file directly, e...

5.4CVSS5.3AI score0.00558EPSS
Exploits2
wpexploit
wpexploit
•added 2021/11/01 12:0 a.m.•503 views

WP RSS Aggregator < 4.19.2 - Admin+ Stored Cross-Site Scripting

The plugin does not properly sanitise and escape the URL to Blacklist field, allowing malicious HTML to be inserted by high privilege users even when the unfilteredhtml capability is disallowed, which could lead to Cross-Site Scripting issues. Add an URL to Blacklist RSS Aggregator Tools Blacklis...

4.8CVSS5AI score0.00598EPSS
Exploits2
wpexploit
wpexploit
•added 2021/10/11 12:0 a.m.•503 views

YITH WooCommerce Multi Vendor < 3.8.1 - Reflected Cross-Site Scripting

The plugin does not escape some parameters before outputting them back in admin pages, leading to Reflected Cross-Site Scripting issues https://example.com/wp-admin/admin.php?page=yithvendorcommissions&message=error&text=alert/XSS/ fixed in 3.8.0 Below fixed in 3.8.1 alert/XSS/' /...

0.6AI score
Exploits0
wpexploit
wpexploit
•added 2021/10/05 12:0 a.m.•503 views

Simple Download Monitor < 3.9.5 - Reflected Cross-Site Scripting

The plugin does not escape the 1 sdmactivetab GET parameter and 2 sdmstatsstartdate/sdmstatsenddate POST parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting issues PoC 1: This requires Firefox due to onclick+accesskey trick on hidden input. There is...

6.1CVSS6.1AI score0.008EPSS
Exploits2
wpexploit
wpexploit
•added 2021/08/24 12:0 a.m.•503 views

TextME SMS < 1.8.9 - Authenticated Stored XSS

The plugin does not escape its settings when outputting them, allowing high privilege users to perform XSS attacks even when the unfilteredhtml capability is disallowed Put the following payload in the Account Username or Password settings of the plugin: " style=animation-name:rotation...

1AI score
Exploits0References2
wpexploit
wpexploit
•added 2022/01/31 12:0 a.m.•502 views

WP Review Slider < 11.0 - Admin+ SQL Injection

The plugin does not sanitise and escape the pid parameter when copying a Twitter source, which could allow a high privilege users to perform SQL Injections attacks Create a Twitter Source, copy it via the 'Copy' button, then change the pid parameter in the URL to 1000 UNION ALL SELECT...

7.2CVSS0.7AI score0.01445EPSS
Exploits2References1
wpexploit
wpexploit
•added 2022/10/05 12:0 a.m.•501 views

LearnPress < 4.1.7.2 - Unauthenticated PHP Object Injection via REST API

The plugin unserialises user input in a REST API endpoint available to unauthenticated users, which could lead to PHP Object Injection when a suitable gadget is present, leadint to remote code execution RCE. To successfully exploit this vulnerability attackers must have knowledge of the site...

8.1CVSS0.6AI score0.01786EPSS
Exploits2
wpexploit
wpexploit
•added 2022/08/17 12:0 a.m.•501 views

Mobile Events Manager < 1.4.8 - Admin+ CSV Injection

The plugin does not properly escape the Enquiry source field when exporting events, or the Paid for field when exporting transactions as CSV, leading to a CSV injection vulnerability. Export events with malicious CSV: 1. Create and save a new Enquiry source and add the following in the name field...

8.8CVSS0.5AI score0.00977EPSS
Exploits2
wpexploit
wpexploit
•added 2021/10/13 12:0 a.m.•501 views

Testimonial Builder < 1.6.0 - Admin+ Stored Cross-Site Scripting

The plugin does not escape some testimonial fields which could allow high privilege users to perform Cross Site Scripting attacks even when the unfilteredhtml capability is disallowed As admin, create/edit a testimonial and put the following payload in the Testimonial User Name field: "...

4.8CVSS0.9AI score0.00654EPSS
Exploits2References1
wpexploit
wpexploit
•added 2021/09/15 12:0 a.m.•501 views

Compact WP Audio Player < 1.9.7 - Contributor+ Stored Cross-Site Scripting

The plugin does not escape some of its shortcodes attributes, which could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks. scembedplayer fileurl='" style="animation-name:twentytwentyone-close-button-transition" onanimationend="alertorigin//'...

5.4CVSS2.4AI score0.00629EPSS
Exploits2
wpexploit
wpexploit
•added 2023/12/21 12:0 a.m.•500 views

Post SMTP < 2.8.7 - Admin+ SQL Injection

Description The plugin does not properly sanitise and escape several parameters before using them in SQL statements, leading to a SQL injection exploitable by high privilege users such as admin. In ps-delete-email-logs action: Visit the Post SMTP Email Log page and run the following code in the...

7.2CVSS7.3AI score0.14169EPSS
Exploits2
Total number of security vulnerabilities4359