Lucene search
K
WpexploitMost viewed

4359 matches found

wpexploit
wpexploit
•added 2022/02/14 12:0 a.m.•500 views

Smart Forms < 2.6.71 - Subscriber+ Form Data Download

The plugin does not have authorisation in its rednaosmartformsentrieslist AJAX action, allowing any authenticated users, such as subscriber, to download arbitrary form's data, which could include sensitive information such as PII depending on the form. Execute the below command in the web develop...

6.5CVSS6.3AI score0.00973EPSS
Exploits2
wpexploit
wpexploit
•added 2021/09/20 12:0 a.m.•499 views

BetterDocs < 1.9.0 - Reflected Cross-Site Scripting

The plugin does not escape the tagID before outputting it back in the edit category page of the admin dashboard, leading to a Reflected Cross-Site Scripting issue https://example.com/wp-admin/term.php?taxonomy=doccategory&tagID=147"alert/XSS/...

0.4AI score
Exploits0
wpexploit
wpexploit
•added 2022/12/28 12:0 a.m.•498 views

ShiftNav – Responsive Mobile Menu < 1.7.2 - Contributor+ Stored XSS in Shortcode

The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. Exploit...

5.4CVSS1AI score0.00471EPSS
Exploits2
wpexploit
wpexploit
•added 2022/12/08 12:0 a.m.•498 views

Joy Of Text Lite < 2.3.1 - Unauthenticated SQLi

The plugin does not properly sanitise and escape some parameters before using them in SQL statements accessible to unauthenticated users, leading to unauthenticated SQL injection Invoke the following curl command to induce a 5 second sleep: time curl...

9.8CVSS1.6AI score0.01037EPSS
Exploits2
wpexploit
wpexploit
•added 2022/02/23 12:0 a.m.•498 views

Amelia < 1.0.46 - Manager+ RCE

The plugin stores image blobs into actual files whose extension is controlled by the user, which may lead to PHP backdoors being uploaded onto the site. This vulnerability can be exploited by logged-in users with the custom "Amelia Manager" role. import requests import base64 BASEURL =...

8.8CVSS8.8AI score0.01439EPSS
Exploits2
wpexploit
wpexploit
•added 2021/11/02 12:0 a.m.•498 views

WP All Import < 3.6.3 - Admin+ Stored Cross-Site Scripting

The plugin does not escape the Import's Title and Unique Identifier fields before outputting them in admin pages, which could allow high privilege users to perform Cross-Site attacks even when the unfilteredhtml capability is disallowed. 1. Add a new Import at "New Import", upload a random.txt...

4.8CVSS5.3AI score0.00598EPSS
Exploits2
wpexploit
wpexploit
•added 2021/10/12 12:0 a.m.•498 views

WooCommerce Products Table < 1.0.4 - Reflected Cross-Site Scripting

The plugin does not sanitise or escape some parameters before outputting them back in pages, leading to Reflected Cross-Site Scripting issues https://example.com/?woot-remote-page=alert/XSS-page/&anchor=1&width=alert/XSS-width/ https://example.com/?woot-remote-page=1&anchor=1&arbitrary=...

0.6AI score
Exploits0
wpexploit
wpexploit
•added 2021/09/21 12:0 a.m.•498 views

Responsive WordPress Slider <= 2.2.0 - Reflected Cross-Site Scripting

The plugin does not escape the id parameter before outputting it back in attributes, leading to a Reflected Cross-Site Scripting issue. Timeline: August 11th, 2021 - Details sent to vendor August 12th, 2021 - Vendor working on a patch August 24th, 2021 - Ticket put as 'solved' on vendor side due ...

0.6AI score
Exploits0
wpexploit
wpexploit
•added 2021/09/20 12:0 a.m.•498 views

Tutor LMS < 1.9.9 - Multiple Admin+ Stored Cross-Site Scripting

The plugin does not escape some of its settings before outputting them in attributes, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. Put the following payload in the Plugin's Settings General "Error message for...

4.8CVSS4.8AI score0.00622EPSS
Exploits2
wpexploit
wpexploit
•added 2022/08/17 12:0 a.m.•497 views

WP STAGING < 2.9.18 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup With the web browser inspector, change the input...

4.8CVSS4.7AI score0.00538EPSS
Exploits2
wpexploit
wpexploit
•added 2022/01/18 12:0 a.m.•497 views

Give < 2.17.3 - Reflected Cross-Site Scripting via Import Tool

The plugin does not escape the json parameter before outputting it back in an attribute in the Import admin dashboard, leading to a Reflected Cross-Site Scripting var form1 = document.getElementById'hack'; form1.submit;...

6.1CVSS0.00853EPSS
Exploits2References1
wpexploit
wpexploit
•added 2021/10/04 12:0 a.m.•497 views

MP3 Audio Player for Music, Radio & Podcast by Sonaar < 2.4.2 - Multiple Admin+ Cross Site Scripting

The plugin does not properly sanitize or escape data in some of its Playlist settings, allowing high privilege users to perform Cross-Site Scripting attacks 1 Add playlist with "Optional Call to Action"'s "Label" set to: " style="animation-name:twentytwentyone-close-button-transition"...

4.8CVSS0.8AI score0.00622EPSS
Exploits2
wpexploit
wpexploit
•added 2022/09/21 12:0 a.m.•496 views

WP Custom Cursors < 3.0.1 - Stored Cross-Site Scripting via CSRF

The plugin does not have CSRF check in place when creating and editing cursors, which could allow attackers to made a logged in admin perform such actions via CSRF attacks. Furthermore, due to the lack of sanitisation and escaping in some of the cursor options, it could also lead to Stored...

6.1CVSS0.2AI score0.00251EPSS
Exploits2
wpexploit
wpexploit
•added 2021/10/25 12:0 a.m.•497 views

eCommerce Product Catalog for WordPress < 3.0.39 - Reflected Cross-Site Scripting

The plugin does not escape the ic-settings-search parameter before outputting it back in the page in an attribute, leading to a Reflected Cross-Site Scripting issue...

6.1CVSS1AI score0.01555EPSS
Exploits1
wpexploit
wpexploit
•added 2023/03/10 12:0 a.m.•495 views

Redirection < 1.1.4 - Redirect Creation via CSRF

The plugin does not add nonce verification in place when adding the redirect, which could allow attackers to add redirects via a CSRF attack. POST /wp-admin/admin-ajax.php HTTP/2 Host: sawcup.s2-tastewp.com Cookie: test=test; User-Agent: useragent Accept: / Accept-Language: en-US,en;q=0.5...

6.5CVSS6.3AI score0.00344EPSS
Exploits2
wpexploit
wpexploit
•added 2022/12/09 12:0 a.m.•495 views

LetsRecover < 1.2.0 - Admin+ SQLi

The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin...

7.2CVSS1.6AI score0.00874EPSS
Exploits1References1
wpexploit
wpexploit
•added 2021/03/08 12:0 a.m.•495 views

The Plus Addons for Elementor Page Builder < 4.1.7 - Authentication Bypass

The plugin was being actively exploited to by malicious actors to bypass authentication, allowing unauthenticated users to log in as any user including admin by just providing the related username, as well as create accounts with arbitrary roles, such as admin. These issues can be exploited even ...

7.5CVSS0.2AI score0.14462EPSS
Exploits3References2
wpexploit
wpexploit
•added 2023/01/23 12:0 a.m.•494 views

WP Airbnb Review Slider < 3.3 - Subscriber+ SQLi

The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as subscriber. Run the following code in the browser console on any WP Admin page. fetch'/wp-admin/admin-ajax.php', method: 'POST',...

8.8CVSS9.2AI score0.00925EPSS
Exploits2
wpexploit
wpexploit
•added 2021/08/30 12:0 a.m.•494 views

CoolClock < 4.3.5 - Contributor+ Stored Cross-Site Scripting

The plugin does not escape some shortcode attributes, allowing users with a role as low as Contributor toperform Stored Cross-Site Scripting attacks As a user with a role as low as contributor, put the following shortcode in a post/page and view/preview it to trigger the XSS which is specific to...

5.4CVSS0.3AI score0.00604EPSS
Exploits2
wpexploit
wpexploit
•added 2022/12/27 12:0 a.m.•493 views

Search & Filter < 1.2.16 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admin. Insert the...

5.4CVSS0.7AI score0.00471EPSS
Exploits2
wpexploit
wpexploit
•added 2022/02/23 12:0 a.m.•493 views

Amelia < 1.0.46 - Reflected Cross-Site Scripting

The plugin does not sanitize and escape the code parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting. https://example.com/wp-admin/admin.php?page=wpamelia-dashboard&code=...

6.1CVSS1.5AI score0.00788EPSS
Exploits2
wpexploit
wpexploit
•added 2021/09/20 12:0 a.m.•492 views

Page Generator < 1.5.9 - Reflected Cross-Site Scripting

The plugin does not properly escape user input before outputting it back in attributes, leading to reflected Cross-Site Scripting issues alert/XSS/' /...

6.6AI score
Exploits0
wpexploit
wpexploit
•added 2022/06/15 12:0 a.m.•491 views

Ninja Forms < 3.6.11 - Unauthenticated PHP Object Injection

The plugin does not validate merge tags provided in the request, which could allow unauthenticated attackers to call any static method present in the blog. One from the plugin in particular could allow for PHP Object Injection when a suitable gadget is also present on the blog. Attackers have bee...

8AI score
Exploits0References2
wpexploit
wpexploit
•added 2021/10/05 12:0 a.m.•491 views

Two Way Chat < 3.1.5 - Admin+ Local File Inclusion

The plugin does not properly sanitise and validate user input before using in require statements, leading to Local File Inclusion issues https://example.com/wp-admin/admin.php?page=TWCHsettings&tab=../../index https://example.com/wp-admin/admin.php?page=TWCHsettings&tab=Float&sT=../../index...

1.1AI score
Exploits0
wpexploit
wpexploit
•added 2021/09/21 12:0 a.m.•490 views

Request a Quote < 2.3.5 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise, validate or escape some of its settings in the admin dashboard, leading to authenticated Stored Cross-Site Scripting issues even when the unfilteredhtml capability is disallowed. As admin, put the below payloads in the related vulnerable field/s and save them there i...

4.8CVSS5.1AI score0.00622EPSS
Exploits2
wpexploit
wpexploit
•added 2023/06/26 12:0 a.m.•489 views

POST SMTP Mailer < 2.5.7 - Arbitrary Log Deletion via CSRF

The plugin does not have proper CSRF checks in some AJAX actions, which could allow attackers to make logged in users with the managepostmansmtp capability delete arbitrary logs via a CSRF attack. Note: The AJAX actions are also affected by SQL injections, making the issue Make a logged in users...

7AI score0.00232EPSS
Exploits2
wpexploit
wpexploit
•added 2022/05/24 12:0 a.m.•489 views

Ocean Extra < 1.9.5 - Reflected Cross-Site Scripting

The plugin does not escape generated links which are then used when the OceanWP theme is active, leading to a Reflected Cross-Site Scripting issue https://example.com/wp-admin/?step=demo&page=owpsetup&a"alert/XSS/...

6.1CVSS0.9AI score0.01355EPSS
Exploits2
wpexploit
wpexploit
•added 2021/12/24 12:0 a.m.•489 views

Affiliates Manager < 2.9.0 - Unauthenticated Stored Cross-Site Scripting

The plugin does not validate, sanitise and escape the IP address of requests logged by the click tracking feature, allowing unauthenticated attackers to perform Cross-Site Scripting attacks against admin viewing the tracked requests. As unauthenticated: wget "https://example.com/?wpamid=1"...

6.1CVSS1.4AI score0.02288EPSS
Exploits2References1
wpexploit
wpexploit
•added 2021/09/21 12:0 a.m.•489 views

Responsive WordPress Slider <= 2.2.0 - Subscriber+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of the Slider options, allowing Cross-Site Scripting payloads to be set in them. Furthermore, as by default any authenticated user is allowed to create Sliders https://wordpress.org/support/topic/slider-can-be-changed-from-any-user-even-subscriber/, su...

5.4CVSS5.5AI score0.006EPSS
Exploits2
wpexploit
wpexploit
•added 2021/09/06 12:0 a.m.•489 views

User Registration < 2.0.2 - Low Privilege Stored Cross-Site Scripting

The plugin does not properly sanitise the userregistrationprofilepicurl value when submitted directly via the userregistrationupdateprofiledetails AJAX action. This could allow any authenticated user, such as subscriber, to perform Stored Cross-Site attacks when their profile is viewed 1. Login a...

5.4CVSS0.1AI score0.006EPSS
Exploits3
wpexploit
wpexploit
•added 2023/02/14 12:0 a.m.•488 views

Ocean Extra < 2.1.3 - Subscriber+ Arbitrary Post Content Disclosure

The plugin does not ensure that the template to be loaded via a shortcode is actually a template, allowing any authenticated users such as subscriber to retrieve the content of arbitrary posts, such as draft, private or even password protected ones. Note: This requires the OceanWP theme to be...

6.5CVSS7AI score0.00654EPSS
Exploits2
wpexploit
wpexploit
•added 2022/12/28 12:0 a.m.•488 views

WP Popups < 2.1.4.8 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. Exploit:...

5.4CVSS0.6AI score0.00471EPSS
Exploits2
wpexploit
wpexploit
•added 2022/12/09 12:0 a.m.•488 views

Image Optimizer, Resizer and CDN < 6.8.1 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. Step 1: Install the plugin and register for an...

4.8CVSS4.8AI score0.0047EPSS
Exploits2
wpexploit
wpexploit
•added 2023/02/16 12:0 a.m.•486 views

WordPress Infinite Scroll - Ajax Load More < 5.6.0.3 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. Examples a lot of attributes are affected!,...

5.4CVSS5.6AI score0.00478EPSS
Exploits2
wpexploit
wpexploit
•added 2021/12/27 12:0 a.m.•486 views

Tutor LMS < 1.9.12 - Subscriber+ Stored Cross-Site Scripting

The plugin does not escape the 'Job Title" field of user's profile, which could allow any authenticated users to set a Cross-Site Scripting payload in it, which will be triggered when an admin edit the related profile As a subscriber, edit your profile and add the following payload in the Job Tit...

0.2AI score
Exploits0References1
wpexploit
wpexploit
•added 2021/10/05 12:0 a.m.•486 views

Booking.com Product Helper < 1.0.2 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitize and escape Product Code when creating Product Shortcode, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed When creating a "New product shortcode" you can inject XSS payloads like --! i...

4.8CVSS0.1AI score0.00598EPSS
Exploits2
wpexploit
wpexploit
•added 2021/10/05 12:0 a.m.•486 views

WP-Recall < 16.24.48 - Reflected Cross-Site Scripting

The plugin does not escape some filters parameters before outputting them back in attributes when the Commerce add-on is active, leading to Reflected Cross-Site Scripting issues Activate the Commerce Add-On of the plugin and open the below URL...

0.8AI score
Exploits0
wpexploit
wpexploit
•added 2023/05/02 12:0 a.m.•485 views

Image Optimizer by 10web < 1.0.27 - Admin+ Path Traversal

The plugin does not sanitize the dir parameter when handling the getsubdirs ajax action, allowing a high privileged users such as admins to inspect names of files and directories outside of the sites root. - Payload: ../../../../../../../../../../../../../../../../../../../ - At the "Other...

2.7CVSS8.9AI score0.00665EPSS
Exploits2
wpexploit
wpexploit
•added 2022/12/12 12:0 a.m.•485 views

LetsRecover < 1.2.0 - Unauthenticated SQLi

The plugin does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection. GET /checkout/order-received/30/?key=wcorderKwss5kjkrhgKG HTTP/1.1 Host: localhost User-Agent: Mozilla/5.0 X11; Linux...

9.8CVSS0.7AI score0.00997EPSS
Exploits1References1
wpexploit
wpexploit
•added 2021/11/01 12:0 a.m.•485 views

Ibtana - Ecommerce Product Addons < 0.2.4 - Reflected Cross-Site Scripting

The plugin does not escape some user input before outputting them back in attributes, leading to Reflected Cross-Site Scripting issues. v alert/XSS/ v 0.2.4 - https://example.com/wp-admin/admin.php?page=ibtana-custom-post-type&posttypeid="+style=animation-name:rotation+onanimationstart=alert/XSS/...

6.2AI score
Exploits0
wpexploit
wpexploit
•added 2022/09/05 12:0 a.m.•484 views

NinjaForms < 3.6.13 - Admin+ PHP Objection Injection

The plugin unserialises the content of an imported file, which could lead to PHP object injections issues when an admin import intentionally or not a malicious file and a suitable gadget chain is present on the blog. To simulate a gadget chain, put the following code in a plugin class Evil public...

7.2CVSS0.3AI score0.0108EPSS
Exploits2
wpexploit
wpexploit
•added 2021/09/27 12:0 a.m.•484 views

Great Quotes <= 1.0.0 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape the Quote and Author fields of its Quotes, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml is disallowed. Add/edit a Quote and put the following payload in the "Quote" and "Author" fields:...

4.8CVSS0.9AI score0.00598EPSS
Exploits2
wpexploit
wpexploit
•added 2022/01/19 12:0 a.m.•483 views

Shield Security < 13.0.6 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape admin notes, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml is disallowed. Put the following payload as an Admin Note Shield Security Tools Admin Notes: alert/XSS/;...

4.8CVSS0.7AI score0.00588EPSS
Exploits2
wpexploit
wpexploit
•added 2021/09/20 12:0 a.m.•483 views

One User Avatar < 2.3.7 - Contributor+ Stored Cross-Site Scripting

The plugin does not escape the link and target attributes of its shortcode, allowing users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks avatar link="javascript:alertorigin" avatar target='" style="animation-name:twentytwentyone-close-button-transition"...

5.4CVSS1.8AI score0.00629EPSS
Exploits2
wpexploit
wpexploit
•added 2023/01/27 12:0 a.m.•482 views

Paid Memberships Pro < 2.9.9 - Contributor+ Stored XSS via Shortcode

The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. 1. Insert the...

6.1CVSS5.1AI score0.65006EPSS
Exploits2
wpexploit
wpexploit
•added 2022/08/29 12:0 a.m.•482 views

Gettext override translations < 2.0.0 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup Create/edit a translation and put the following...

4.8CVSS0.0056EPSS
Exploits2
wpexploit
wpexploit
•added 2022/07/26 12:0 a.m.•482 views

Rezgo Online Booking < 4.1.8 - Reflected Cross-Site-Scripting

The plugin does not sanitise and escape some parameters before outputting them back in a page, leading to a Reflected Cross-Site Scripting, which can be exploited either via a LFI in an AJAX action, or direct call to the affected file Direct call:...

6.1CVSS0.4AI score0.00531EPSS
Exploits2
wpexploit
wpexploit
•added 2021/10/18 12:0 a.m.•482 views

Client Invoicing by Sprout Invoices < 19.9.7 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed Put the following payload in one of the vulnerable fields in the General Settings of the plugin...

4.8CVSS0.6AI score0.00598EPSS
Exploits2
wpexploit
wpexploit
•added 2021/09/13 12:0 a.m.•482 views

SEO Redirection < 7.4 - Reflected Cross-Site Scripting

The plugin does not escape the tab parameter before outputting it back in JavaScript code, leading to a Reflected Cross-Site Scripting issue " / " /...

0.1AI score
Exploits0
wpexploit
wpexploit
•added 2022/06/14 12:0 a.m.•481 views

WP All Export < 1.3.6 - Reflected Cross-Site Scripting

The plugin does not escape some URLs before outputting them back in attributes, leading to Reflected Cross-Site Scripting https;?/example.com/wp-admin/admin.php?page=pmxe-admin-manage&a"alert/XSS/...

0.2AI score
Exploits0
Total number of security vulnerabilities4359