Lucene search
K
WpexploitMost viewed

4359 matches found

wpexploit
wpexploit
added 2019/10/15 12:0 a.m.482 views

WordPress <= 5.2.3 - Unauthenticated View Private/Draft Posts

Description This vulnerability could allow an unauthenticated user to view private or draft posts due to an issue within WPQuery. http://wordpress.local/?static=1&order=asc...

5.3CVSS7.3AI score0.36503EPSS
Exploits2References4
wpexploit
wpexploit
added 2022/09/06 12:0 a.m.480 views

Ketchup Restaurant Reservations <= 1.0.0 - Unauthenticated Blind SQLi

The plugin does not validate and escape some reservation parameters before using them in SQL statements, which could allow unauthenticated attackers to perform SQL Injection attacks As unauthenticated, fill the reservation form it's on a page where the reservationform is embed, intercept the...

9.8CVSS0.7AI score0.37709EPSS
Exploits2
wpexploit
wpexploit
added 2021/08/30 12:0 a.m.480 views

User Activity Log < 1.4.7 - Reflected Cross Site Scripting via Query String

The plugin does not escape the $SERVER'QUERYSTRING' before outputting it back in attributes, which could lead to Reflected Cross-Site Scripting in web browsers which do not encode URL characters. With a web browser which does not encode characters or use burp suite and decode the URL via the...

0.7AI score
Exploits0
wpexploit
wpexploit
added 2024/03/13 12:0 a.m.479 views

Malware Scanner < 4.7.3 and Web Application Firewall < 2.1.2 - Unauthenticated Privilege Escalation

Description The plugin does not prevent unauthenticated users from resetting any account's password, allowing them to takeover sites by resetting one of its administrators' password. curl --url 'http://vulnerable-site.tld/wp-login.php' --data...

9.8CVSS9.7AI score0.01712EPSS
Exploits1References1
wpexploit
wpexploit
added 2023/01/19 12:0 a.m.479 views

YARPP - Yet Another Related Posts Plugin < 5.30.3 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks v 5.30.3 yarpp template="'...

6.8CVSS5.2AI score0.00707EPSS
Exploits2
wpexploit
wpexploit
added 2022/09/05 12:0 a.m.479 views

Ldap WP Login / Active Directory Integration < 3.0.2 - Unauthenticated Settings Update to Auth Bypass

The plugin does not have any authorisation and CSRF checks when updating it's settings which are hooked to the init action, allowing unauthenticated attackers to update them. Attackers could set their own LDAP server to be used to authenticated users, therefore bypassing the current authenticatio...

7.5CVSS1.2AI score0.00386EPSS
Exploits2
wpexploit
wpexploit
added 2021/09/20 12:0 a.m.479 views

Polo Video Gallery <= 1.2 - Contributor+ Stored Cross-Site Scripting

The plugin does not sanitise or validate the parameters from its shortcode, allowing users with a role as low as contributor to set Cross-Site Scripting payload in them which will be triggered in the page/s with the embed malicious shortcode Log in as contributor and add the following shortcode i...

5.4CVSS0.8AI score0.00562EPSS
Exploits1
wpexploit
wpexploit
added 2022/10/03 12:0 a.m.478 views

Kadence WooCommerce Email Designer < 1.5.7 - Admin+ PHP Objection Injection

The plugin unserialises the content of an imported file, which could lead to PHP object injections issues when an admin import intentionally or not a malicious file and a suitable gadget chain is present on the blog. To simulate a gadget chain, put the following code in a plugin class Evil public...

7.2CVSS0.2AI score0.0115EPSS
Exploits2
wpexploit
wpexploit
added 2024/04/29 12:0 a.m.477 views

All in One SEO – Best WordPress SEO Plugin – Easily Improve SEO Rankings & Increase Traffic < 4.6.1.1 - Contributor+ Stored Cross-Site Scripting via Shortcode

Description The All in One SEO – Best WordPress SEO Plugin – Easily Improve SEO Rankings & Increase Traffic plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes insufficient input sanitization and output escaping on user supplied attributes. This makes it...

6.4CVSS5.8AI score0.00457EPSS
Exploits1References1
wpexploit
wpexploit
added 2021/08/16 12:0 a.m.477 views

Email Artillery <= 4.1 - Multiple Reflected Cross-Site Scripting

The plugin does not sanitise, validate or escape some user input before outputting back in pages leading to Reflected Cross-Site Scripting issues which will be executed in the context of a logged in admin...

0.6AI score
Exploits0
wpexploit
wpexploit
added 2021/04/03 12:0 a.m.477 views

Pie Register < 3.7.0.1 - Reflected Cross-Site Scripting (XSS)

The plugin does not sanitise the invitaioncode GET parameter when outputting it in the Activation Code page, leading to a reflected Cross-Site Scripting issue. https://example.com/wp-admin/admin.php?page=prnewregistrationform&showdashwidget=1&invitaioncode=PHNjcmlwdD5hbGVydCgxKTs8L3NjcmlwdD4=...

4.3CVSS1.8AI score0.01602EPSS
Exploits2References1
wpexploit
wpexploit
added 2022/12/27 12:0 a.m.476 views

Sitemap < 4.4 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. pagelist...

5.4CVSS1.3AI score0.00471EPSS
Exploits2
wpexploit
wpexploit
added 2023/01/03 12:0 a.m.475 views

PDF Viewer < 1.0.0 - Contributor+ Stored XSS via Shortcode

The plugin does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack. Exploit shortcode: pdfviewer height='" onmouseover="alert1"'http://localhost/file.pdf/pdfviewer...

5.4CVSS1.2AI score0.00471EPSS
Exploits2
wpexploit
wpexploit
added 2023/06/21 12:0 a.m.473 views

Gravity Forms < 2.7.5 - Reflected XSS

The plugin does not escape generated URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting which could be used against high-privileged users such as admin. Make a logged in admin open the following URL:...

6.1CVSS8.7AI score0.00482EPSS
Exploits2
wpexploit
wpexploit
added 2020/12/08 12:0 a.m.474 views

WP Hotel Booking <= 1.10.3 - Unauthenticated PHP Object Injection

The plugin unserialised the value in the thimpresshotelbooking1 cookie without sanitisation, which could lead to an unauthenticated PHP Object Injection. If the plugin is installed on WP 5.5.2, then there is a suitable gadget chain to obtain RCE, otherwise, another gadget chain will have to be us...

7.5CVSS0.4AI score0.14269EPSS
Exploits2References1
wpexploit
wpexploit
added 2022/08/30 12:0 a.m.472 views

Simple File List < 4.4.12 - Reflected Cross-Site Scripting

The plugin does not escape parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting https://example.com/wp-admin/admin.php?page=ee-simple-file-list&tab="style=animation-name:rotation+onanimationstart=alert/XSS///...

6.1CVSS1.5AI score0.44095EPSS
Exploits2
wpexploit
wpexploit
added 2021/10/27 12:0 a.m.472 views

Registrations for The Events Calendar < 2.7.5 - Reflected Cross-Site Scripting

The plugin does not escape the v parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting https://example.com/wp-admin/admin.php?page=registrations-for-the-events-calendar&tab=registrations&v="+style=animation-name:rotation+onanimationstart=alert/XSS///...

6.1CVSS6.2AI score0.01165EPSS
Exploits2
wpexploit
wpexploit
added 2021/07/05 12:0 a.m.472 views

Calendar Event Multi View < 1.4.01 - Unauthenticated Reflected Cross-Site Scripting (XSS)

The plugin does not sanitise or escape the 'start' and 'end' GET parameters before outputting them in the page via php/edit.php, leading to a reflected Cross-Site Scripting issue...

4.3CVSS1.8AI score0.03065EPSS
Exploits2References1
wpexploit
wpexploit
added 2022/12/27 12:0 a.m.471 views

Login Logout Menu < 1.4.0 - Contributor+ Stored XSS in Shortcode

The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. Exploit...

5.4CVSS0.8AI score0.00534EPSS
Exploits2
wpexploit
wpexploit
added 2021/10/25 12:0 a.m.471 views

WP Spell Check < 9.3 - Reflected Cross-Site Scripting

The plugin does not escape the page and wpsc-scan-tab parameters before outputting them back in attributes, leading Reflected Cross-Site Scripting issues alert/XSS/' / alert/XSS/' /...

Exploits0
wpexploit
wpexploit
added 2023/06/05 12:0 a.m.470 views

Formidable Forms < 6.3.1 - Subscriber+ Remote Code Execution

The plugin does not adequately authorize the user or validate the plugin URL in its functionality for installing add-ons. This allows a user with a role as low as Subscriber to install and activate arbitrary plugins of arbitrary versions from the WordPress.org plugin repository onto the site,...

8.8CVSS6.8AI score0.22452EPSS
Exploits3
wpexploit
wpexploit
added 2022/09/07 12:0 a.m.470 views

Frontend File Manager < 21.3 - Subscriber+ Arbitrary File Upload

The plugin allows any authenticated users, such as subscriber, to rename a file to an arbitrary extension, like PHP, which could allow them to basically be able to upload arbitrary files on the server and achieve RCE 1. Navigate to the page where ffmwp shortcode is included as Subscriber 2. Uploa...

8.8CVSS0.2AI score0.01113EPSS
Exploits2
wpexploit
wpexploit
added 2021/09/27 12:0 a.m.470 views

Visual Form Builder < 3.0.4 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise or escape its Form Name, allowing high privilege users such as admin to set Cross-Site Scripting payload in them, even when the unfilteredhtml capability is disallowed Create a new Form via the plugin, fill it with any values. In the next step, change the Form name to...

4.8CVSS0.5AI score0.00598EPSS
Exploits2
wpexploit
wpexploit
added 2023/01/17 12:0 a.m.469 views

Widget Shortcode <= 0.3.5 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. Exploit...

5.4CVSS5.1AI score0.0054EPSS
Exploits2
wpexploit
wpexploit
added 2021/10/18 12:0 a.m.469 views

IMPress for IDX Broker < 3.0.6 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape the leadID parameter before outputting it back in attributes, leading to a Reflected Cross-Site Scripting issue https://examle.com/wp-admin/admin.php?page=edit-lead&leadID="alert/XSS/...

1.1AI score
Exploits0
wpexploit
wpexploit
added 2022/08/29 12:0 a.m.468 views

Zephyr Project Manager < 3.2.5 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape a parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting https://example.com/wp-admin/admin.php?page=zephyrprojectmanagerprojects&projectspage=--...

1.1AI score
Exploits0
wpexploit
wpexploit
added 2021/09/13 12:0 a.m.468 views

Avada < 7.4.2 - Reflected Cross-Site Scripting

Description The theme does not properly escape bbPress searches before outputting them back as breadcrumbs, leading to a Reflected Cross-Site Scripting issue. https://theme-fusion.com/forums/search/z--FAIL/...

6.7AI score
Exploits0References1
wpexploit
wpexploit
added 2022/01/17 12:0 a.m.467 views

Complianz - GDPR/CCPA Cookie Consent < 6.0.0 - Reflected Cross-Site Scripting

The plugin does not escape the s parameter before outputting it back in an attribute in an admin page, leading to a Reflected Cross-Site Scripting https://example.com/wp-admin/admin.php?page=cmplz-proof-of-consent&s=%22+style%3Danimation-name%3Ashine+onanimationstart%3Dalert%281%29+x%3D...

6.1CVSS1.4AI score0.00863EPSS
Exploits2References1
wpexploit
wpexploit
added 2023/01/20 12:0 a.m.466 views

Amazon JS <= 0.10 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. amazonjs asin='XSS' imgsize='"...

6.8CVSS5.2AI score0.00635EPSS
Exploits2
wpexploit
wpexploit
added 2022/01/26 12:0 a.m.466 views

WP Ultimate CSV Importer < 6.4.3 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escaped imported comments, which could allow high privilege users to import malicious ones either intentionnaly or not and lead to Stored Cross-Site Scripting issues Import the following CSV as comment:...

4.8AI score0.00637EPSS
Exploits2References1
wpexploit
wpexploit
added 2021/10/18 12:0 a.m.466 views

TableOn < 1.0.1 - Reflected Cross-Site Scripting

The plugin does not sanitise or escape some parameters before outputting them back in the page, leading to Reflected Cross-Site Scripting issues https://example.com/?tableon-remote-page=alert/XSS-page/&anchor=1&width=alert/XSS-width/...

0.7AI score
Exploits0
wpexploit
wpexploit
added 2022/10/10 12:0 a.m.465 views

Newspaper < 12 - Reflected Cross-Site Scripting

Description The theme does not sanitise a parameter before outputting it back in an HTML attribute via an AJAX action, leading to a Reflected Cross-Site Scripting. " / document.forms0.submit;...

6.1CVSS6.3AI score0.00969EPSS
Exploits2
wpexploit
wpexploit
added 2022/12/29 12:0 a.m.464 views

GeoDirectory < 2.2.22 - Contributor+ Stored XSS via Shortcode

The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. Note: First,...

5.4CVSS1.4AI score0.00471EPSS
Exploits2
wpexploit
wpexploit
added 2023/01/27 12:0 a.m.463 views

Greenshift < 5.0 - Contributor+ Stored XSS

The plugin does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. Exploit Additional CSS classes for "Advanced Heading"...

6.8CVSS5.2AI score0.00627EPSS
Exploits2
wpexploit
wpexploit
added 2023/01/03 12:0 a.m.463 views

MediaElement.js – HTML5 Video & Audio Player <= 4.2.8 - Contributor+ Stored XSS via Shortcode

The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high-privilege users such as admins. 1. Insert the...

5.4CVSS0.8AI score0.00534EPSS
Exploits2
wpexploit
wpexploit
added 2022/12/07 12:0 a.m.463 views

WP Social Sharing <= 2.2 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. 1. Go to Settings » WP Social Sharing page of the...

4.8CVSS0.006EPSS
Exploits2
wpexploit
wpexploit
added 2021/12/27 12:0 a.m.463 views

Registrations for the Events Calendar < 2.7.10 - Reflected Cross-Site Scripting

The plugin does not escape the qtype parameter before outputting it back in an attribute in the settings page, leading to a Reflected Cross-Site Scripting...

6.1CVSS1.2AI score0.00887EPSS
Exploits2References1
wpexploit
wpexploit
added 2024/05/23 12:0 a.m.462 views

Web Directory Free < 1.7.0 - Unauthenticated SQL Injection

Description The plugin does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection with different techniques like UNION, Time-Based and Error-Based. curl --url...

9.9AI score0.67288EPSS
Exploits4
wpexploit
wpexploit
added 2022/12/27 12:0 a.m.463 views

Landing Page Builder < 1.4.9.9 - Contributor+ Cross-Site Scripting via Shortcode

The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. 1. Insert the...

5.4CVSS1.5AI score0.00471EPSS
Exploits2
wpexploit
wpexploit
added 2022/09/05 12:0 a.m.461 views

SEO Smart Links <= 3.0.1 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup Put the following payload in the "Whitelisted...

4.8CVSS4.7AI score0.00532EPSS
Exploits2
wpexploit
wpexploit
added 2022/02/09 12:0 a.m.461 views

Ditty (formerly Ditty News Ticker) < 3.0.15 - Reflected Cross-Site Scripting (XSS)

The plugin is affected by a Reflected Cross-Site Scripting XSS vulnerability. http://127.0.0.1:8001/wp-admin/edit.php?posttype=ditty&page=dittysettings&tab=%22%3E%3Cimg+src+onerror%3Dalert%281%29%3E...

6.1CVSS1.3AI score0.01857EPSS
Exploits2References1
wpexploit
wpexploit
added 2022/12/28 12:0 a.m.459 views

Word Balloon < 4.19.3 - Contributor+ Stored XSS via Shortcode

The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. Exploit...

5.4CVSS1.6AI score0.00471EPSS
Exploits2
wpexploit
wpexploit
added 2021/08/30 12:0 a.m.459 views

User Activity Log < 1.4.7 - Reflected Cross-Site Scripting

The plugin does not escape the txtsearch parameter before outputting it in an attribute, leading to a Reflected Cross-Site Scripting issue https://example.com/wp-admin/admin.php?page=useractionlog&txtsearch=%22+style%3Danimation-name%3Arotation+onanimationstart%3Dalert%28%2FXSS%2F%29%2F%2F...

1.1AI score
Exploits0
wpexploit
wpexploit
added 2024/03/25 12:0 a.m.458 views

WooCommerce < 8.6 - Contributor+ Private/Draft Products Access

Description The plugin does not prevent users with at least the contributor role from leaking products they shouldn't have access to. e.g. private, draft and trashed products 1. ADMIN: Install WooCommerce 2. ADMIN: Add products of various visibility and statuses including Publish, Draft, Private,...

6.8AI score0.0068EPSS
Exploits2
wpexploit
wpexploit
added 2023/01/24 12:0 a.m.458 views

Intuitive Custom Post Order < 3.1.4 - Subscriber+ Arbitrary Menu Order Update

The plugin does not check for authorization in the update-menu-order ajax action, allowing any logged in user with roles as low as Subscriber to update the menu order Open the below HTML while being logged in as a subscriber...

4.3CVSS5.2AI score0.00486EPSS
Exploits2
wpexploit
wpexploit
added 2023/01/18 12:0 a.m.458 views

Location Weather < 1.3.4 - Contributor+ Stored XSS

The plugin does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. Exploit Additional CSS classes for "Location Weather"...

5.4CVSS5.2AI score0.0054EPSS
Exploits2
wpexploit
wpexploit
added 2023/01/03 12:0 a.m.458 views

Accordion Shortcodes <= 2.4.2 - Contributor+ Stored XSS via Shortcode

The plugin does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack. Exploit shortcode: accordion class='" onmouseover="alert1" style="background:red;width:100px;height:100px;"'...

5.4CVSS1.6AI score0.00471EPSS
Exploits2
wpexploit
wpexploit
added 2022/07/19 12:0 a.m.458 views

Elementor Contact Form DB < 1.8.0 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape some parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting When there is at least one submission: https://example.com/wp-admin/edit.php?posttype=elementorcfdb&page=sbelemcfd&formid="...

6.1CVSS0.7AI score0.0051EPSS
Exploits2
wpexploit
wpexploit
added 2021/11/22 12:0 a.m.458 views

Icegram < 2.0.5 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape the messageid parameter of the getmessageactionrow AJAX action before outputting it back in an attribute, leading to a reflected Cross-Site Scripting issue var form1 = document.getElementById'hack'; form1.submit; The XSS will be triggered when moving the...

6.1CVSS0.008EPSS
Exploits2
wpexploit
wpexploit
added 2022/12/29 12:0 a.m.457 views

Genesis Columns Advanced < 2.0.4 - Contributor+ Stored XSS via Shortcode

The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as a contributor to perform Stored Cross-Site Scripting attacks which could be used against high-privilege users such as admins. 1. Insert t...

5.4CVSS1.1AI score0.00471EPSS
Exploits2
Total number of security vulnerabilities4359