Lucene search
K
WpexploitMost viewed

4359 matches found

wpexploit
wpexploit
•added 2023/01/25 12:0 a.m.•434 views

Loan Comparison < 1.5.3 - Contributor+ Stored XSS via shortcode

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks loancomparison slider='" onmouseover="alert1...

5.4CVSS5.2AI score0.00534EPSS
Exploits2
wpexploit
wpexploit
•added 2023/01/24 12:0 a.m.•434 views

WP Font Awesome < 1.7.9 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embedded, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. wpfa color='red" onmouseover="alert1"'...

5.4CVSS5.2AI score0.00471EPSS
Exploits2
wpexploit
wpexploit
•added 2022/09/05 12:0 a.m.•434 views

WP Popup Builder < 1.2.9 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting The custom-popup parameter needs to be the ID of an existing popup https://example.com/wp-admin/admin.php?page=wppb&pos-name=xxx"alert%2FXSS%2F%3B&custom-popup=1...

6.1CVSS0.1AI score0.00492EPSS
Exploits2
wpexploit
wpexploit
•added 2021/11/23 12:0 a.m.•434 views

Paid Memberships Pro < 2.6.6 - Reflected Cross-Site Scripting

The plugin does not escape the s parameter before outputting it back in an attribute in an admin page, leading to a Reflected Cross-Site Scripting https://example.com/wp-admin/admin.php?page=pmpro-discountcodes&s=s"+style=animation-name:rotation+onanimationstart=alert/XSS///...

6.1CVSS1.6AI score0.01868EPSS
Exploits2References1
wpexploit
wpexploit
•added 2022/11/10 12:0 a.m.•433 views

Advanced WP Columns <= 2.0.6 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. Put the following payload in the plugin setting i...

4.8CVSS0.3AI score0.00567EPSS
Exploits2
wpexploit
wpexploit
•added 2021/10/25 12:0 a.m.•433 views

Ecommerce - Two Factor Authentication < 1.0.5 - Reflected Cross-Site Scripting

The plugin does not escape the user parameter before outputting it back in an attribute in the dashboard page to confirm the 2FA reset, leading to a Reflected Cross-Site Scripting issue v alert/XSS/ v 1.0.5: https://example.com/wp-admin/users.php?page=reset&action=resetedit&user="...

0.3AI score
Exploits0
wpexploit
wpexploit
•added 2022/12/06 12:0 a.m.•432 views

WP-Ban < 1.69.1 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. 1. Go to the plugin settings and set these fields...

4.8CVSS4.7AI score0.00851EPSS
Exploits2
wpexploit
wpexploit
•added 2022/01/18 12:0 a.m.•432 views

Give < 2.17.3 - Reflected Cross-Site Scripting via Donation Forms Dashboard

The plugin does not escape the s parameter before outputting it back in an attribute in the Donation Forms dashboard, leading to a Reflected Cross-Site Scripting...

6.1CVSS1.8AI score0.00853EPSS
Exploits2References1
wpexploit
wpexploit
•added 2023/01/25 12:0 a.m.•431 views

Login Logout Menu <= 1.3.3 - Contributor+ Stored XSS in Shortcode

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks login edittag=' onmouseover="alert1"'...

5.4CVSS5.2AI score0.00471EPSS
Exploits2
wpexploit
wpexploit
•added 2023/01/19 12:0 a.m.•431 views

Themify Portfolio Post < 1.2.2 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. themifyportfolioposts imageh='100"...

5.4CVSS5.2AI score0.00526EPSS
Exploits2
wpexploit
wpexploit
•added 2022/12/02 12:0 a.m.•431 views

WP Google Review Slider < 11.6 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. POST /wp-admin/admin-ajax.php?fsblogadmin=true...

4.8CVSS0.4AI score0.00532EPSS
Exploits2
wpexploit
wpexploit
•added 2022/11/10 12:0 a.m.•431 views

Uji Countdown <= 2.2 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. 1. In the settings of the plugin add the payload ...

4.8CVSS0.4AI score0.0047EPSS
Exploits2
wpexploit
wpexploit
•added 2023/02/01 12:0 a.m.•430 views

Donation Block For PayPal < 2.1.0 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. paypaldonationblock size='"...

5.4CVSS5.6AI score0.00466EPSS
Exploits2
wpexploit
wpexploit
•added 2023/01/03 12:0 a.m.•430 views

Simple Sitemap < 3.5.8 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. Exploit...

5.4CVSS0.8AI score0.00519EPSS
Exploits2
wpexploit
wpexploit
•added 2021/02/24 12:0 a.m.•430 views

NextGEN Gallery Pro < 3.1.11 - Reflected Cross-Site Scripting (XSS)

In the eCommerce module of NextGEN Gallery Pro, there is an action to call getcartitems via photocratiajax , after that the settingsshippingaddressname is able to inject malicious javascript. On a page where a NextGEN Pro gallery is embed:...

1AI score
Exploits0References1
wpexploit
wpexploit
•added 2022/12/06 12:0 a.m.•429 views

All-in-One Addons for Elementor - WidgetKit < 2.4.4 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup Go to WidgetKit - API Keys, put the following...

4.8CVSS0.1AI score0.0047EPSS
Exploits2
wpexploit
wpexploit
•added 2023/01/17 12:0 a.m.•428 views

YaMaps for WordPress Plugin < 0.6.26 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. yamap height='100px;" onmouseover="alert1"'...

5.4CVSS5.2AI score0.00477EPSS
Exploits2
wpexploit
wpexploit
•added 2022/12/29 12:0 a.m.•428 views

Content Control < 1.1.10 - Contributor+ Stored XSS

The plugin does not validate and escapes some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as a contributor to perform Stored Cross-Site Scripting attacks, which could be used against high privilege users such as admins. Exploit...

5.4CVSS0.9AI score0.00471EPSS
Exploits2
wpexploit
wpexploit
•added 2022/12/09 12:0 a.m.•428 views

WP User <= 7.0 - Unauthenticated SQLi

The plugin does not properly sanitize and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by unauthenticated users. 1. As an unauthenticated user, visit the "Sign Up" page by default, this is /?pageid=5, or /user/ 2. Extract the "wpuserupdatesetting"...

9.8CVSS0.3AI score0.04756EPSS
Exploits2
wpexploit
wpexploit
•added 2020/01/04 12:0 a.m.•428 views

WordPress <= 5.3 - wp_kses_bad_protocol() Colon Bypass

Description A JavaScript payload such as "javascript:alert1" in a URL could cause a Cross-Site Scripting XSS vulnerability. According to the commit message see references: "wpksesbadprotocol makes sure to validate that uri attributes don’t contain invalid/or not allowed protocols. While this work...

9.8CVSS8.6AI score0.04654EPSS
Exploits1References2
wpexploit
wpexploit
•added 2023/04/17 12:0 a.m.•427 views

Japanized For WooCommerce < 2.5.8 - Reflected XSS

The plugin does not escape generated URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting With the PeachPay payment gateway enabled can be enabled via the settings: http://example.com/wp-admin/admin.php?page=wc4jp-options&tab=payment Make a logged in admin open the...

6.1CVSS6.7AI score0.0085EPSS
Exploits2
wpexploit
wpexploit
•added 2024/04/29 12:0 a.m.•426 views

All in One SEO < 4.6.1.1 - Contributor+ Stored XSS

Description The plugin does not validate and escape some of its Post fields before outputting them back, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks As a contributor, create a post and put the following payload in the "Meta Descriptio...

5.9AI score0.00369EPSS
Exploits2References1
wpexploit
wpexploit
•added 2023/03/22 12:0 a.m.•426 views

W4 Post List < 2.4.6 - Contributor+ Stored XSS

The plugin does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. On a post, add a "W4 Post List" block, select a list a...

5.4CVSS5.6AI score0.00444EPSS
Exploits2
wpexploit
wpexploit
•added 2022/12/28 12:0 a.m.•426 views

Product Slider for WooCommerce < 2.6.4 - Contributor+ Stored XSS in Shortcode

The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. Install the...

5.4CVSS5.3AI score0.00471EPSS
Exploits2
wpexploit
wpexploit
•added 2022/03/15 12:0 a.m.•426 views

Sassy Social Share < 3.3.40 - Reflected Cross-Site Scripting

The plugin does not escape the viewed post URL before outputting it back in onclick attributes when the "Enable 'More' icon" option is enabled which is the default setting, leading to a Reflected Cross-Site Scripting issue. Note: Vendor was notified on September 14th, 2021...

6.1CVSS0.9AI score0.02244EPSS
Exploits2
wpexploit
wpexploit
•added 2022/02/07 12:0 a.m.•426 views

White Label MS < 2.2.9 - Reflected Cross-Site Scripting

The plugin does not sanitise and validate the wlcmslogincustomjs parameter before outputting it back in the response while previewing, leading to a Reflected Cross-Site Scripting issue In v...

6.1CVSS6.1AI score0.0812EPSS
Exploits2References1
wpexploit
wpexploit
•added 2023/01/25 12:0 a.m.•425 views

Loan Comparison < 1.5.2 - Reflected XSS via shortcode

The plugin does not validate and escape some of its query parameters before outputting them back in a page/post via an embedded shortcode, which could allow an attacker to inject javascript into into the site via a crafted URL. Create a page "Test" containing the shortcode "loancomparison", then...

6.1CVSS6.1AI score0.00486EPSS
Exploits2
wpexploit
wpexploit
•added 2022/12/13 12:0 a.m.•425 views

WP Custom Admin Interface < 7.29 - Admin+ PHP Object Injection

The plugin unserialize user input provided via the settings, which could allow high privilege users such as admin to perform PHP Object Injection when a suitable gadget is present. action=importsettings&settings=O%3a4%3a%22Evil%22%3a0%3a%7b%7d%3b&security=6960d7bb50...

7.2CVSS4.6AI score0.17686EPSS
Exploits2
wpexploit
wpexploit
•added 2022/07/04 12:0 a.m.•425 views

Booster for WooCommerce < 5.6.2 - Reflected Cross-Site Scripting

The plugin does not escape some generated URLs before outputting them back in attributes, leading to Reflected Cross-Site Scripting v alert/XSS/ v alert/XSS/...

0.3AI score
Exploits0
wpexploit
wpexploit
•added 2023/02/02 12:0 a.m.•424 views

Embed PDF <= 1.0.6 - Contributor+ Stored XSS via Shortcode

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks gdoc class='"...

5.4CVSS5.2AI score0.0049EPSS
Exploits2
wpexploit
wpexploit
•added 2023/02/02 12:0 a.m.•423 views

Galleries by Angie Makes <= 1.67 - Contributor+ Stored XSS via Shortcode

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks gallery ids='1' captions="'...

5.4CVSS5.6AI score0.00466EPSS
Exploits2
wpexploit
wpexploit
•added 2022/09/29 12:0 a.m.•423 views

Contact Bank <= 3.0.30 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its Form settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup Create/edit a form and put the following...

4.8CVSS0.1AI score0.00489EPSS
Exploits2
wpexploit
wpexploit
•added 2021/11/02 12:0 a.m.•423 views

Ivory Search < 4.8 - Contributor+ Stored Cross-Site Scripting

The plugin dos not escape the id argument of its shortcode, allowing users with a role as low as contributor to perform Cross-Site Scripting attacks As a contributor or above, put the following shortcode in a post/page ivory-search title="Some Form" id='1" onmouseover="alert/XSS/'...

1AI score
Exploits0
wpexploit
wpexploit
•added 2023/01/12 12:0 a.m.•422 views

Quick Event Manager < 9.7.5 - Reflected Cross-Site

The plugin does not sanitise and escape the category parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin https://example.com/wp-admin/admin-ajax.php?action=qemajaxcalendar&category=alert1...

6.1CVSS0.7AI score0.01179EPSS
Exploits2References1
wpexploit
wpexploit
•added 2022/12/29 12:0 a.m.•422 views

Top 10 < 3.2.3 - Contributor+ Stored XSS

The plugin does not validate and escape some of its Block attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. 1. Insert a Top 1...

5.4CVSS0.5AI score0.00471EPSS
Exploits2
wpexploit
wpexploit
•added 2022/01/31 12:0 a.m.•421 views

Essential Addons for Elementor < 5.0.5 - Unauthenticated LFI

The plugin does not validate and sanitise some template data before it them in include statements, which could allow unauthenticated attackers to perform Local File Inclusion attack and read arbitrary files on the server, this could also lead to RCE via user uploaded files or other LFI to RCE...

9.8CVSS0.01989EPSS
Exploits1
wpexploit
wpexploit
•added 2023/01/23 12:0 a.m.•419 views

Spotlight Social Feeds < 1.4.3 - Contributor+ Stored XSS

The plugin does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks Exploit Additional CSS classes for "Spotlight Instagram...

5.4CVSS5.2AI score0.00526EPSS
Exploits2
wpexploit
wpexploit
•added 2022/09/07 12:0 a.m.•419 views

Donation Thermometer < 2.1.3 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup Put the following payload in the Settings...

4.8CVSS0.1AI score0.00548EPSS
Exploits2
wpexploit
wpexploit
•added 2023/02/02 12:0 a.m.•418 views

Olevmedia Shortcodes <= 1.1.9 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. button style='"...

5.4CVSS5.2AI score0.0049EPSS
Exploits2
wpexploit
wpexploit
•added 2023/01/24 12:0 a.m.•418 views

Watu Quiz < 3.3.8.3 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. Put the following payload in one of the 'Words us...

4.8CVSS4.9AI score0.0047EPSS
Exploits2
wpexploit
wpexploit
•added 2022/11/21 12:0 a.m.•418 views

Booster for WooCommerce - Custom Role Creation/Deletion via CSRF

The plugins does not properly check for CSRF when creating and deleting Customer roles, allowing attackers to make logged admins create and delete arbitrary custom roles via CSRF attacks To delete the custom role dj it's possible to delete roles created by other plugins, make a logged in admin op...

6.5CVSS0.6AI score0.00338EPSS
Exploits2
wpexploit
wpexploit
•added 2022/08/31 12:0 a.m.•418 views

Wordlift < 3.37.2 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. - Go to publisher and select Create a New Publisher - Add publisher name " - Click on Save Changes - Now...

4.8CVSS0.9AI score0.0047EPSS
Exploits2
wpexploit
wpexploit
•added 2023/01/30 12:0 a.m.•416 views

EmbedStories < 0.7.5 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks embedsocialstories id="' onmouseover='alert1...

5.4CVSS5.6AI score0.00457EPSS
Exploits2
wpexploit
wpexploit
•added 2023/01/24 12:0 a.m.•416 views

Markup <= 4.8.1 - Contributor+ Stored XSS via Shortcode

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. wp-structuring-markup-breadcrumb class='"...

5.4CVSS5.2AI score0.00471EPSS
Exploits2
wpexploit
wpexploit
•added 2022/09/21 12:0 a.m.•416 views

WP Custom Cursors < 3.0.1 - Arbitrary Cursor Deletion via CSRF

The plugin does not have CSRF check in place when deleting cursors, which could allow attackers to made a logged in admin delete arbitrary cursors via a CSRF attack. Make a logged in admin open a page with the following JS code: fetch'https://example.com/wp-admin/admin.php?page=wpcustomcursors',...

4.3CVSS1.4AI score0.00267EPSS
Exploits2
wpexploit
wpexploit
•added 2022/09/06 12:0 a.m.•416 views

Ketchup Restaurant Reservations <= 1.0.0 - Unauthenticated Stored XSS

The plugin does not sanitise and escape some of the reservation user inputs, allowing unauthenticated attackers to perform Cross-Site Scripting attacks logged in admin viewing the malicious reservation made As unauthenticated, make a reservation ie on a page where the reservationform is embed and...

6.1CVSS0.3AI score0.83373EPSS
Exploits2
wpexploit
wpexploit
•added 2023/01/30 12:0 a.m.•415 views

Easy Digital Downloads < 3.1.0.5 - Contributor+ Stored XSS

The plugin does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. Add the "EDD Buy Button" Gutenberg block to a post and...

5.4CVSS5.6AI score0.00457EPSS
Exploits2
wpexploit
wpexploit
•added 2023/01/18 12:0 a.m.•415 views

GigPress < 2.3.28 - Contributor+ Stored XSS via Shortcode

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks Note: A Show needs to exist for the issue to...

6.8CVSS5.2AI score0.00707EPSS
Exploits2
wpexploit
wpexploit
•added 2022/10/03 12:0 a.m.•415 views

Blog2Social < 6.9.10 - Subscriber+ SSRF

The plugin does not have authorisation in an AJAX action, and does not ensure that the URL to make a request to is an external one. As a result, any authenticated users, such as subscriber could perform SSRF attacks Run this script in the web browser console while being logged in as a subscriber...

6.5CVSS1.3AI score0.0066EPSS
Exploits2
wpexploit
wpexploit
•added 2022/04/21 12:0 a.m.•415 views

VikBooking Hotel Booking Engine & PMS < 1.5.8 - Admin+ PHP File Upload

The plugin does not properly validate images, allowing high privilege users such as administrators to upload PHP files disguised as images and containing malicious PHP code Edit/add a Characteristics /wp-admin/admin.php?option=comvikbooking&task=carat and upload a fake GIF with PHP code in it as ...

7.2CVSS0.8AI score0.01436EPSS
Exploits2
Total number of security vulnerabilities4359