Lucene search
K
WpexploitMost viewed

4359 matches found

wpexploit
wpexploit
added 2022/12/29 12:0 a.m.457 views

10WebMapBuilder < 1.0.72 - Contributor+ Stored XSS via Shortcode

The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. Exploit:...

5.4CVSS2.2AI score0.00471EPSS
Exploits2
wpexploit
wpexploit
added 2022/10/03 12:0 a.m.457 views

WP Humans.txt <= 1.0.6 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup Put the following payload in the Humans.txt texare...

4.8CVSS0.2AI score0.00583EPSS
Exploits2
wpexploit
wpexploit
added 2022/10/03 12:0 a.m.457 views

Retain Live Chat <= 0.1 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup Put the following payload in the Rtain App ID...

4.8CVSS0.3AI score0.00554EPSS
Exploits2
wpexploit
wpexploit
added 2021/12/27 12:0 a.m.458 views

Tutor LMS < 1.9.12 - Reflected Cross-Site Scripting

The plugin does not escape the search parameter before outputting it back in an attribute in an admin page, leading to a Reflected Cross-Site Scripting https://example.com/wp-admin/admin.php?page=tutorannouncements&search=%22+style%3Danimation-name%3Arotation+onanimationstart%3Dalert%281%29+x%3D...

6.1CVSS1.1AI score0.01005EPSS
Exploits2References1
wpexploit
wpexploit
added 2021/10/05 12:0 a.m.457 views

Two Way Chat < 3.1.5 - Multiple CSRF

The plugin does not have CSRF checks in place in some of its functions, allowing attacker to make logged in admin perform unwanted actions, such as update the plugin's settings...

1AI score
Exploits0References1
wpexploit
wpexploit
added 2021/09/06 12:0 a.m.457 views

PublishPress Editorial Calendar < 3.5.1 - Reflected Cross-Site Scripting

The plugin does not escape some parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting issues https://example.com/wp-admin/admin.php?page=pp-content-overview&orderby="alert/XSS-orderby/&order="alert/XSS-order/...

1.2AI score
Exploits0
wpexploit
wpexploit
added 2023/01/18 12:0 a.m.456 views

Lightbox Gallery < 0.9.5 - Contributor+ Stored XSS via Shortcode

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks gallery ids='88' class='"...

6.8CVSS5.2AI score0.00707EPSS
Exploits2
wpexploit
wpexploit
added 2022/12/27 12:0 a.m.456 views

Easy Appointments < 3.11.2 - Contributor+ Stored XSS in Shortcode

The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. Exploit...

5.4CVSS0.5AI score0.00471EPSS
Exploits2
wpexploit
wpexploit
added 2022/09/23 12:0 a.m.455 views

Popup Maker < 1.16.9 - Contributor+ Stored XSS via Shortcode

The plugin does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks As a user with the Contributor or above, create a new Popup in Popup Maker menu with "content" field containing...

5.4CVSS0.5AI score0.00562EPSS
Exploits2
wpexploit
wpexploit
added 2022/12/07 12:0 a.m.454 views

Login with Cognito < 1.4.9 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. 1. Go to "Cognito Login » Configure OAuth", and a...

4.8CVSS0.1AI score0.00532EPSS
Exploits2
wpexploit
wpexploit
added 2022/12/27 12:0 a.m.452 views

Compact WP Audio Player < 1.9.8 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. Exploit:...

5.4CVSS0.3AI score0.00471EPSS
Exploits2
wpexploit
wpexploit
added 2023/01/26 12:0 a.m.451 views

Hueman Addons <= 2.3.3 - Contributor+ Stored XSS via Shortcode

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks column size='" onmouseover="alert1"...

5.4CVSS5.2AI score0.00471EPSS
Exploits2
wpexploit
wpexploit
added 2022/09/07 12:0 a.m.451 views

Goolytics - Simple Google Analytics < 1.1.2 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. As admin, put the following payloads in Settings Goolytics Google Analytics ID field and save: "...

4.8CVSS0.8AI score0.00605EPSS
Exploits2
wpexploit
wpexploit
added 2022/12/28 12:0 a.m.450 views

Collapse-O-Matic < 1.8.3 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admin. Exploit...

5.4CVSS0.8AI score0.00534EPSS
Exploits2
wpexploit
wpexploit
added 2022/12/27 12:0 a.m.450 views

Easy Social Feed – Social Photos Gallery – Post Feed – Like Box < 6.4.0 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admin. Exploit...

5.4CVSS1.6AI score0.00471EPSS
Exploits2
wpexploit
wpexploit
added 2021/02/08 12:0 a.m.450 views

Data Tables Generator by Supsystic < 1.10.1 - Authenticated Stored Cross-Site Scripting (XSS)

The "Editor" tab under the "Tables" section is vulnerable to stored XSS. It is possible to store XSS in all input fields as the code does not sanitise any of the user input. Open a Table, go to the editor and enter a payload below in a cell, then save the Table...

0.2AI score
Exploits0References1
wpexploit
wpexploit
added 2022/12/27 12:0 a.m.448 views

EU Cookie Law <= 3.1.6 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. 1. Enter the setting page of this plugin. 2. In t...

4.8CVSS4.7AI score0.0047EPSS
Exploits2
wpexploit
wpexploit
added 2022/09/20 12:0 a.m.448 views

We’re Open! < 1.42 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup Put the following payload in the Settings We're Op...

4.8CVSS4.7AI score0.00496EPSS
Exploits2
wpexploit
wpexploit
added 2023/05/02 12:0 a.m.447 views

Otter - Gutenberg Blocks < 2.2.6 - Author+ PHAR Deserialization

The plugin does not sanitize some user-controlled file paths before performing file operations on them. This leads to a PHAR deserialization vulnerability on PHP startBuffering; $phar-addFromString'test.png', 'text'; $phar-setStub"\xff\xd8\xff\n"; $phar-setMetadatanew Evil; $phar-stopBuffering; 2...

8.8CVSS9.1AI score0.17973EPSS
Exploits2
wpexploit
wpexploit
added 2022/09/05 12:0 a.m.447 views

WP Popup Builder < 1.3.0 - Subscriber+ Arbitrary Popup Deletion

The plugin does not have authorisation and CSRF check in an AJAX action, allowing any authenticated users, such as subscribers to delete arbitrary Popup fetch'/wordpress/wp-admin/admin-ajax.php?action=deletepopup', method: 'POST',headers:"content-type":"application/x-www-form-urlencoded", body:...

4.3CVSS2.4AI score0.00262EPSS
Exploits2
wpexploit
wpexploit
added 2022/11/10 12:0 a.m.446 views

WP Page Builder <= 1.2.8 - Admin+ Stored Cross-Site

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. Navigate to Setting » add the payload: ", into...

4.8CVSS0.2AI score0.0047EPSS
Exploits2
wpexploit
wpexploit
added 2022/11/10 12:0 a.m.446 views

Add Comments <= 1.0.1 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. POST /wp-admin/options-general.php?page=addCommen...

4.8CVSS0.2AI score0.00532EPSS
Exploits2
wpexploit
wpexploit
added 2022/11/08 12:0 a.m.445 views

WP OAuth Server < 4.2.2 - Admin+ Stored XSS

The plugin does not sanitize and escape Client IDs, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup Edit a client "OAuth Server Clients and put the following...

4.8CVSS0.1AI score0.00485EPSS
Exploits2
wpexploit
wpexploit
added 2023/03/22 12:0 a.m.444 views

W4 Post List < 2.4.6 - Reflected XSS

The plugin does not escape some URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting Make a logged in admin open https://example.com/wp-admin/edit.php?posttype=w4pl&page=w4pl-docs&a"alert/XSS/ On a page where there is a list with navigation displayed put a nav in t...

6.1CVSS6.7AI score0.00458EPSS
Exploits2
wpexploit
wpexploit
added 2023/03/06 12:0 a.m.444 views

Complianz - GDPR/CCPA Cookie Consent < 6.4.2 - Contributor+ Stored XSS

The plugins do not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks cmplz-consent-area...

5.4CVSS5.7AI score0.00558EPSS
Exploits2
wpexploit
wpexploit
added 2023/01/17 12:0 a.m.444 views

TemplatesNext ToolKit < 3.2.8 - Contributor+ Stored XSS via Shortcode

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. txheading margin='" onmouseover="alert/XSS/...

5.4CVSS5.2AI score0.0054EPSS
Exploits2
wpexploit
wpexploit
added 2022/09/21 12:0 a.m.444 views

WP Custom Cursors <= 3.0.1 - Admin+ SQLi

The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privileged users such as admin As admin, open...

7.2CVSS0.5AI score0.00921EPSS
Exploits2
wpexploit
wpexploit
added 2023/01/26 12:0 a.m.443 views

Bootstrap Shortcodes <= 3.4.0 - Contributor+ Stored XSS via Shortcode

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks As a Contributor+ create a new post and add...

5.4CVSS5.2AI score0.00471EPSS
Exploits2
wpexploit
wpexploit
added 2022/12/28 12:0 a.m.443 views

OneClick Chat to Order < 1.0.4.2 - Contributor+ Stored XSS via Shortcode

The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. 1. Install th...

5.4CVSS1.1AI score0.00471EPSS
Exploits2
wpexploit
wpexploit
added 2022/12/27 12:0 a.m.443 views

Rate my Post – WP Rating System < 3.3.9 - Contributor+ Stored XSS via Shortcode

The plugin does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack. Exploit shortcode: ratemypost-result id='" onmouseover="alert1"'...

5.4CVSS1.9AI score0.00471EPSS
Exploits2
wpexploit
wpexploit
added 2022/12/08 12:0 a.m.443 views

White Label CMS < 2.5 - Admin+ PHP Object Injection

The plugin unserializes user input provided via the settings, which could allow high-privilege users such as admin to perform PHP Object Injection when a suitable gadget is present. To simulate a gadget chain, put the following code in a plugin: class Evil public function wakeup : void...

7.2CVSS0.2AI score0.17686EPSS
Exploits2
wpexploit
wpexploit
added 2021/09/27 12:0 a.m.443 views

WooCommerce Product Table Lite < 2.4.0 - Reflected Cross-Site Scripting

The plugin does not escape the pricerangemin and pricerangemax parameters before outputting them back in attributes, leading a Reflected Cross-Site Scripting issue On a page where there is a Product Table with a Price filter, append the following payload to the min and max price filters:"alert/XS...

0.1AI score
Exploits0
wpexploit
wpexploit
added 2024/03/13 12:0 a.m.442 views

WP Statistics < 14.5.1 - Unauthenticated Stored Cross-Site Scripting

Description The plugin does not properly escape visited URLs which are reflected on the plugin's dashboard. Visit one same page multiple times so it makes it to the most visited pages, adding the following "utmid" parameter to it:...

7.2CVSS7.1AI score0.67723EPSS
Exploits1References1
wpexploit
wpexploit
added 2022/06/22 12:0 a.m.442 views

Data Tables Generator by Supsystic < 1.10.20 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its Table settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfilteredhtml capability is disallowed for example in multisite setup Create/edit a table, go to its settings, enabled...

4.8CVSS0.5AI score0.00493EPSS
Exploits2
wpexploit
wpexploit
added 2023/01/26 12:0 a.m.441 views

Video.js - HTML5 Video Player for WordPress <= 4.5.0 - Contributor+ Stored XSS via Shortcode

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks videojs mp4='" onerror="alert/XSS/"'...

5.4CVSS5.2AI score0.00471EPSS
Exploits2
wpexploit
wpexploit
added 2022/12/27 12:0 a.m.440 views

Mongoose Page Plugin < 1.9.0 - Contributor+ Stored XSS via Shortcode

The plugin does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack. Exploit shortcode: facebook-page-plugin href='test.js' method='sdk' language='" onerror="alert1"'...

5.4CVSS2.1AI score0.00471EPSS
Exploits2
wpexploit
wpexploit
added 2022/04/21 12:0 a.m.440 views

VikBooking Hotel Booking Engine & PMS < 1.5.8 - Admin+ Stored Cross-Site Scripting

The plugin does not escape various settings before outputting them in attributes, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed v 1.5.7 Add/edit a custom field /wp-admin/admin.php?option=comvikbooking&task=custo...

4.8CVSS0.5AI score0.00565EPSS
Exploits2
wpexploit
wpexploit
added 2023/08/30 12:0 a.m.439 views

Import XML and RSS Feeds < 2.1.4 - Admin+ Arbitrary File Upload

Description The plugin does not filter file extensions for uploaded files, allowing an attacker to upload a malicious PHP file, leading to Remote Code Execution. NOTE: Because of an error in this version of the plugin, the following POC only works on PHP versions previous to 8.0. 1. As an admin,...

7.2CVSS7.4AI score0.01698EPSS
Exploits2
wpexploit
wpexploit
added 2023/01/23 12:0 a.m.439 views

WP Helper Lite < 4.3 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape all GET parameters before outputting them back in an AJAX response, leading to a Reflected Cross-Site Scripting https://example.com/wp-admin/admin-ajax.php?action=surveySubmit&a="...

6.1CVSS6.2AI score0.44513EPSS
Exploits2References1
wpexploit
wpexploit
added 2023/12/05 12:0 a.m.438 views

Ecwid Ecommerce Shopping Cart < 6.12.5 - Arbitrary Plugin Settings Change via CSRF

Description The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack. http://vulnerable-site.tld/wp-admin/admin-ajax.php?action=ecwidstorefrontsetpageslug&slug=hehehehe Besides, you can disable the...

4.3CVSS6.7AI score0.00217EPSS
Exploits2
wpexploit
wpexploit
added 2023/02/27 12:0 a.m.438 views

Slimstat Analytics < 4.9.3.3 - Subscriber+ SQL Injection

The plugin does not prevent subscribers from rendering shortcodes that concatenates attributes directly into an SQL query. While logged in as a subscriber, send the following request: await fetch'/wp-admin/admin-ajax.php',method:'POST', headers: 'Content-Type':...

8.8CVSS9AI score0.05141EPSS
Exploits3
wpexploit
wpexploit
added 2023/01/31 12:0 a.m.438 views

Namaste! LMS < 2.5.9.4 - Admin+ Stored XSS

The plugin does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. 1. Go to Namaste Settings, and at Payment Setting...

4.8CVSS5.4AI score0.00527EPSS
Exploits2
wpexploit
wpexploit
added 2022/12/29 12:0 a.m.438 views

Passster < 3.5.5.8 - Contributor+ Stored Cross-Site Scripting

The plugin does not escape the area parameter of its shortcode, which could allow users with a role as low as Contributor to perform Cross-Site Scripting attacks. passster password="1" area='" style="animation-name:twentytwentyone-close-button-transition" onanimationend="alert/XSS///'...

5.4CVSS2.2AI score0.00393EPSS
Exploits1
wpexploit
wpexploit
added 2021/02/12 12:0 a.m.438 views

Post SMTP Mailer/Email Log < 2.0.21 - CSRF Nonce Bypass

A user could bypass the nonce check associated with Export mail to CSV handleCsvExport function Submit a request w/o the post-smtp-log-nonce parameter...

0.3AI score
Exploits0References2
wpexploit
wpexploit
added 2023/01/23 12:0 a.m.437 views

Lightweight Accordion < 1.5.15 - Contributor+ Stored XSS

The plugin does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks Exploit Additional CSS classes for "Lightweight...

5.4CVSS5.2AI score0.00562EPSS
Exploits2
wpexploit
wpexploit
added 2022/03/10 12:0 a.m.437 views

UpdraftPlus < 1.22.9 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape the updraftinterval parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting XSS vulnerability. https://example.com//wp-admin/options-general.php?page=updraftplus&updraftinterval"confirm1...

6.1CVSS1AI score0.07355EPSS
Exploits4
wpexploit
wpexploit
added 2022/09/05 12:0 a.m.435 views

Ldap WP Login / Active Directory Integration < 3.0.2 - Reflected Cross-Site Scripting

The plugin does not escape generated URLs before outputing them in attrubutes, leading to Reflected Cross-Site Scripting Make a logged in admin open https://example.com/wp-admin/admin.php?page=LDAP+authentication+intergrating+with+AD&a"alert/XSS/...

0.5AI score
Exploits0
wpexploit
wpexploit
added 2021/06/28 12:0 a.m.435 views

Tutor LMS < 1.9.2 - Authenticated Stored Cross-Site Scripting (XSS)

The plugin did not escape the Summary field of Announcements when outputting it in an attribute, which can be created by users as low as Tutor Instructor. This lead to a Stored Cross-Site Scripting issue, which is triggered when viewing the Announcements list, and could result in privilege...

3.5CVSS0.6AI score0.00747EPSS
Exploits2
wpexploit
wpexploit
added 2024/03/13 12:0 a.m.435 views

WooCommerce < 8.4.0 - Reflected Cross-Site Scripting

Description The plugin does not properly sanitize user-input provided by the addqueryarg function when echoed back into JavaScript code context. http://vulnerable-site.tld/wp-admin/edit-comments.php?%27;alert1//...

7.5AI score
Exploits0References1
wpexploit
wpexploit
added 2023/01/31 12:0 a.m.434 views

ShortPixel Adaptive Images < 3.6.3 - Reflected XSS

The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against any high privilege users such as admin https://example.com/?SPAIVJS=%3C/script%3E%3Cimg%20src%3D1%20onerror%3Dalert/XSS/;%3E...

6.1CVSS6.3AI score0.00881EPSS
Exploits2
Total number of security vulnerabilities4359