Lucene search
K
WpexploitMost viewed

4359 matches found

wpexploit
wpexploit
added 2023/02/16 12:0 a.m.414 views

Campaign URL Builder < 1.8.2 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks The shortcode need to be active can be done...

5.4CVSS5.6AI score0.00444EPSS
Exploits2
wpexploit
wpexploit
added 2023/01/30 12:0 a.m.414 views

Real Media Library < 4.18.29 - Author+ Stored XSS

The plugin does not sanitise and escape the created folder names, which could allow users with the role of author and above to perform Stored Cross-Site Scripting attacks. As a user with the author role, go to Media Library and create a new folder with the following payload: " Then Add a new medi...

5.4CVSS5.6AI score0.00457EPSS
Exploits2
wpexploit
wpexploit
added 2023/01/03 12:0 a.m.414 views

CPT Bootstrap Carousel <= 1.12 - Contributor+ Stored XSS via Shortcode

The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. Note: First y...

5.4CVSS1.6AI score0.00534EPSS
Exploits2
wpexploit
wpexploit
added 2022/07/18 12:0 a.m.414 views

YaySMTP < 2.2.2 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfilteredhtml capability is disallowed for example in multisite setup Put the following payload in the From Email or From Nam...

4.8CVSS0.4AI score0.00493EPSS
Exploits2
wpexploit
wpexploit
added 2022/05/31 12:0 a.m.414 views

Spectra < 1.25.6 - Reflected Cross-Site Scripting

The plugin does not escape some URLs before outputting them back in attributes, leading to Reflected Cross-Site Scripting When the admin notice about Usage Tracking is displayed: https://example.com/wp-admin/index?a"alert/XSS/...

Exploits0
wpexploit
wpexploit
added 2023/01/24 12:0 a.m.413 views

LearnPress Plugin < 4.2.0 - Subscriber+ SQLi

The plugin does not validate and escape some of its shortcode attributes before using them in SQL statement/s, which could allow any authenticated users, such as subscriber to perform SQL Injection attacks Note: The original advisory mentioned that the issue is only exploitable by contributors, b...

9.1CVSS9.1AI score0.01005EPSS
Exploits2
wpexploit
wpexploit
added 2023/01/24 12:0 a.m.413 views

Shortcode for Font Awesome < 1.4.1 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embedded, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. fa set='" onmouseover="alert1"...

5.4CVSS5.2AI score0.00534EPSS
Exploits2
wpexploit
wpexploit
added 2023/01/17 12:0 a.m.413 views

Judge.me Product Reviews for WooCommerce < 1.3.21 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. Note: First, you need to set Judge.me shop...

6.8CVSS5.2AI score0.00635EPSS
Exploits2
wpexploit
wpexploit
added 2023/01/03 12:0 a.m.413 views

Portfolio for Elementor, Image Gallery & Post Grid | PowerFolio < 2.3.1 - Contributor+ Stored XSS via Shortcode

The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. Note: First,...

5.4CVSS1.6AI score0.00534EPSS
Exploits2
wpexploit
wpexploit
added 2022/10/31 12:0 a.m.413 views

Booster for WooCommerce - Checkout Files Deletion via CSRF

The plugins do not have CSRF check in place when deleting files uploaded at the checkout, allowing attackers to make a logged in shop manager or admin delete them via a CSRF attack Requirements: - Enable the "Checkout File Upload" module of the plugin...

8.1CVSS1AI score0.00371EPSS
Exploits2
wpexploit
wpexploit
added 2023/01/16 12:0 a.m.412 views

Contextual Related Posts < 3.3.1 - Contributor+ Stored XSS

The plugin does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks 1. Insert a "Contextual Related Posts" block, and give ...

5.4CVSS5.2AI score0.0054EPSS
Exploits2
wpexploit
wpexploit
added 2023/01/17 12:0 a.m.411 views

Easy Accept Payments for PayPal < 4.9.10 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. wppaypalpaymentboxforanyamount...

5.4CVSS5.2AI score0.0054EPSS
Exploits2
wpexploit
wpexploit
added 2023/03/22 12:0 a.m.410 views

W4 Post List < 2.4.6 - Subscriber+ Password Protected Post Content Disclosure

The plugin does not ensure that password protected posts can be accessed before displaying their content, which could allow any authenticated users to access them Setup: Create a default Post list, and create a password protected post with secret content Then, run the below command in the develop...

6.5CVSS6.9AI score0.00654EPSS
Exploits2
wpexploit
wpexploit
added 2023/01/31 12:0 a.m.410 views

Arigato Autoresponder and Newsletter < 2.1.7.2 - Admin+ Stored XSS

The plugin does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. 1. Go to the Mailing list option and register a new user with the value "autofoc...

4.8CVSS5.4AI score0.00465EPSS
Exploits2
wpexploit
wpexploit
added 2023/01/18 12:0 a.m.410 views

TemplatesNext ToolKit < 3.2.9 - Contributor+ Stored XSS

The plugin does not validate some of its shortcode attributes before using them to generate an HTML tag, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks txheading tag='script' headingtext='alert/XSS/'...

5.4CVSS1.5AI score0.0049EPSS
Exploits2
wpexploit
wpexploit
added 2021/12/01 12:0 a.m.410 views

Booster for WooCommerce < 5.4.9 - Reflected Cross-Site Scripting in Product XML Feeds Module

The plugin does not sanitise and escape the wcjcreateproductsxmlresult parameter before outputting back in the admin dashboard when the Product XML Feeds module is enabled, leading to a Reflected Cross-Site Scripting issue The "Product XML Feeds" module needs to be enabled in "Woocommerce - Boost...

6.1CVSS6.1AI score0.00757EPSS
Exploits2
wpexploit
wpexploit
added 2022/02/21 12:0 a.m.409 views

WPCargo < 6.9.0 - Unauthenticated RCE

The plugin contains a file which could allow unauthenticated attackers to write a PHP file anywhere on the web server, leading to RCE import sys import binascii import requests This is a magic string that when treated as pixels and compressed using the png algorithm, will cause to be written to t...

0.4AI score0.56148EPSS
Exploits3
wpexploit
wpexploit
added 2023/01/24 12:0 a.m.408 views

Intuitive Custom Post Order < 3.1.4 - Arbitrary Menu Order Update via CSRF

The plugin lacks CSRF protection in its update-menu-order ajax action, allowing an attacker to trick any user to change the menu order via a CSRF attack...

4.3CVSS5.1AI score0.00267EPSS
Exploits2
wpexploit
wpexploit
added 2023/01/24 12:0 a.m.408 views

Spectra < 1.15.0 - Contributor+ Stored Cross-Side Scripting

The plugin does not sanitize user input as it reaches its style HTML attribute, allowing contributors to conduct stored XSS attacks via the plugin's Gutenberg blocks. Note: The exploit requires the Contact Form 7 plugin. Exploit Additional CSS classes for “Contact Form 7 Styler” Gutenberg block: ...

5.4CVSS5.3AI score0.00507EPSS
Exploits2
wpexploit
wpexploit
added 2022/10/31 12:0 a.m.408 views

Booster for WooCommerce - ShopManager+ Arbitrary File Download

The plugins do not validate files to download in some of its modules, which could allow ShopManager and Admin to download arbitrary files from the server even when they are not supposed to be able to for example in multisite Enable the "Checkout File Upload" module and open the following URL as a...

6.5CVSS6.5AI score0.00914EPSS
Exploits2
wpexploit
wpexploit
added 2021/12/28 12:0 a.m.408 views

UpdraftPlus < 1.16.69 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape the updraftrestore parameter before outputting it back in the Restore page, leading to a Reflected Cross-Site Scripting...

6.1CVSS1.1AI score0.008EPSS
Exploits2
wpexploit
wpexploit
added 2021/11/08 12:0 a.m.408 views

WooCommerce Currency Switcher < 1.3.7.1 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape the key parameter of the woocsupdateprofilesdata AJAX action available to any authenticated user before outputting it back in the response, leading to a Reflected cross-Site Scripting issue " / var form1 = document.getElementById'hack'; form1.submit; POST...

6.1CVSS6AI score0.00795EPSS
Exploits2
wpexploit
wpexploit
added 2023/02/09 12:0 a.m.407 views

Scriptless Social Sharing < 3.2.2 - Contributor+ Stored XSS

The plugin does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. Add a "Scriptless Social Sharing" Gutenberg block to a...

5.4CVSS5.6AI score0.00811EPSS
Exploits2
wpexploit
wpexploit
added 2023/01/24 12:0 a.m.407 views

Page Builder: Live Composer < 1.5.23 - Contributor+ Stored XSS via Shortcode

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. dslcnotification color='red"...

5.4CVSS5.2AI score0.00393EPSS
Exploits1
wpexploit
wpexploit
added 2023/05/01 12:0 a.m.406 views

Product Addons & Fields for WooCommerce < 32.0.7 - Reflected Cross-Site Scripting

The plugin does not sanitize and escape some URL parameters, leading to Reflected Cross-Site Scripting. Ensure WooCommerce is installed. Visit the following path, while logged in as an Admin: /wp-admin/admin.php?page=ppom&productmetaid=5&dometa=edit&"alert/XSS/=1...

6.1CVSS9.1AI score0.00952EPSS
Exploits2
wpexploit
wpexploit
added 2023/01/30 12:0 a.m.406 views

EmbedSocial < 1.1.28 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks embedsocialstories id="' onmouseover='alert1...

5.4CVSS5.6AI score0.00457EPSS
Exploits2
wpexploit
wpexploit
added 2023/01/03 12:0 a.m.407 views

PixCodes < 2.3.7 - Contributor+ Stored XSS in Shortcode

The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. Exploit...

5.4CVSS0.4AI score0.00471EPSS
Exploits2
wpexploit
wpexploit
added 2022/12/27 12:0 a.m.406 views

HashBar – WordPress Notification Bar < 1.3.6 - Contributor+ Stored XSS via Shortcode

The plugin does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack. Exploit shortcode: hashbarbtn btntarget='" onmouseover="alert1"'...

5.4CVSS1.8AI score0.00534EPSS
Exploits2
wpexploit
wpexploit
added 2022/12/23 12:0 a.m.406 views

Greenshift – animation and page builder blocks < 4.8.9 - Contributor+ Stored XSS via Shortcode

The plugin does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack. Exploit shortcode: wpreusablerender id='2' ajax='true' height='100px;width:100px;background:red;" onmouseover="alert1"'...

5.4CVSS1.7AI score0.00393EPSS
Exploits1
wpexploit
wpexploit
added 2022/12/09 12:0 a.m.406 views

WP-Lister Lite for Amazon < 2.4.4 - Reflected XSS

The plugin does not sanitize and escapes a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which can be used against high-privilege users such as admin. 1. Install and activate WooCommerce dependency, no setup required 2. Install and activate the...

6.1CVSS6.1AI score0.00486EPSS
Exploits2
wpexploit
wpexploit
added 2022/01/18 12:0 a.m.406 views

Give < 2.17.3 - Unauthenticated Reflected Cross-Site Scripting

The plugin does not sanitise and escape the formid parameter before outputting it back in the response of an unauthenticated request via the givecheckoutlogin AJAX action, leading to a Reflected Cross-Site Scripting As an unauthenticated user: alert/XSS/' / var form1 =...

6.1CVSS0.3AI score0.02145EPSS
Exploits2References1
wpexploit
wpexploit
added 2023/01/20 12:0 a.m.405 views

FL3R FeelBox <= 8.1 - Unauthenticated SQLi

The plugin does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection. 1. Visit a blog post and extract the nonce from the source search for "feelboxAjax", and extract the "token" curl -s...

9.8CVSS9.6AI score0.0105EPSS
Exploits2
wpexploit
wpexploit
added 2023/04/24 12:0 a.m.404 views

Product Addons & Fields for WooCommerce < 32.0.6 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitize and escape some of its setting fields, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example, in multisite setup. - Install the plugin and WooCommerce, whic...

4.8CVSS5.5AI score0.00461EPSS
Exploits2
wpexploit
wpexploit
added 2022/02/28 12:0 a.m.404 views

Unauthorised AJAX Calls via Freemius

Description The plugins and themes use an insecure version of the Freemius Framework, which is lacking CSRF and/or authorisation in some of its AJAX actions. As a result, any authenticated users, such as subscriber could access the debug logs. Unauthenticated attackers could also make a logged in...

7.2AI score
Exploits0
wpexploit
wpexploit
added 2023/01/18 12:0 a.m.403 views

Better Font Awesome < 2.0.4 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. icon name='flag' class='4x border' title='"...

6.8CVSS5.2AI score0.00762EPSS
Exploits2
wpexploit
wpexploit
added 2022/12/06 12:0 a.m.403 views

WordPress Filter Gallery Plugin < 0.1.6 - Admin+ Stored XSS

The plugin does not properly escape the filters passed in the ufggalleryfilters ajax action before outputting them on the page, allowing a high privileged user such as an administrator to inject HTML or javascript to the plugin settings page, even when the unfilteredhtml capability is disabled...

4.8CVSS0.7AI score0.0047EPSS
Exploits2
wpexploit
wpexploit
added 2022/06/20 12:0 a.m.403 views

Give < 2.21.0 - Reflected Cross-Site Scripting

The plugin does not escape some URLs before outputting them back in attributes, leading to Reflected Cross-Site Scripting https://example.com/wp-admin/edit.php?posttype=giveforms&page=give-tools&a"alert/XSS/...

0.2AI score
Exploits0
wpexploit
wpexploit
added 2022/04/21 12:0 a.m.403 views

VikBooking Hotel Booking Engine & PMS < 1.5.7 - Stored Cross-Site Scripting via CSRF

The plugin does not have CSRF check in place when adding a tracking campaign, and does not escape the campaign fields when outputting them In attributes. As a result, attackers could make a logged in admin add tracking campaign with XSS payloads in them via a CSRF attack XSS will be triggered in...

6.5CVSS0.8AI score0.00513EPSS
Exploits2
wpexploit
wpexploit
added 2021/12/01 12:0 a.m.404 views

Booster for Woocommerce < 5.4.9 - Reflected Cross-Site Scripting in PDF Invoicing Module

The plugin does not sanitise and escape the wcjnotice parameter before outputting it back in the admin dashboard when the Pdf Invoicing module is enabled, leading to a Reflected Cross-Site Scripting With the PDF Invoicing module active:...

6.1CVSS0.4AI score0.00757EPSS
Exploits2
wpexploit
wpexploit
added 2021/12/13 12:0 a.m.402 views

WOOCS < 1.3.7.3 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape the customprices parameter before outputting it back in the response, leading to a Reflected Cross-Site Scripting issue https://example.com/wp-admin/admin-ajax.php?action=woocsgetcustompricehtml&customprices=%3Cimg%20src%20onerror=alertXSS%3E...

6.1CVSS0.7AI score0.00876EPSS
Exploits2References1
wpexploit
wpexploit
added 2022/04/12 12:0 a.m.401 views

Popup Maker < 1.16.5 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its Popup settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed Popup Maker Create Popup Popup Settings Triggers Add New Cookie Add Cookie...

4.8CVSS0.2AI score0.55784EPSS
Exploits2
wpexploit
wpexploit
added 2023/03/13 12:0 a.m.400 views

Solidres <= 0.9.4 - Multiple Reflected XSS

The plugin does not sanitise and escape numerous parameter before outputting them back in pages, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin Make a logged in admin open...

6.1CVSS6.3AI score0.00458EPSS
Exploits2
wpexploit
wpexploit
added 2023/01/23 12:0 a.m.400 views

Zoho Forms < 3.0.1 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. As a contributor, put the following in a bl...

5.4CVSS5.2AI score0.01648EPSS
Exploits2
wpexploit
wpexploit
added 2023/01/04 12:0 a.m.400 views

FL3R FeelBox <= 8.1 - Moods Reset via CSRF

The plugin does not have CSRF check when updating reseting moods which could allow attackers to make logged in admins perform such action via a CSRF attack and delete the lydlposts & lydlpoststimestamp DB tables Make a logged in admin open a page containing the HTML code below...

4.3CVSS1AI score0.00267EPSS
Exploits2
wpexploit
wpexploit
added 2022/07/18 12:0 a.m.400 views

YaySMTP < 2.2.1 - Subscriber+ Stored Cross-Site Scripting

The plugin does not have proper authorisation when saving its settings, allowing users with a role as low as subscriber to change them, and use that to conduct Stored Cross-Site Scripting attack due to the lack of escaping in them as well. v2.2.1 fixed the authorisation issue but not the escaping...

5.4CVSS0.00495EPSS
Exploits2
wpexploit
wpexploit
added 2023/01/26 12:0 a.m.399 views

Download Video Sidebar Widgets <= 6.1 - Contributor+ Stored XSS via Shortcode

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks vsw source="youtube" id="3PdILZ1P74"...

5.4CVSS5.2AI score0.00471EPSS
Exploits2
wpexploit
wpexploit
added 2023/01/25 12:0 a.m.399 views

Easy Social Box < 4.1.3 - Contributor+ Stored XSS via Shortcode

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks easy-fb-like-box locale='"; alert1; var xss=...

5.4CVSS5.2AI score0.00471EPSS
Exploits2
wpexploit
wpexploit
added 2023/01/19 12:0 a.m.399 views

Easy PayPal Buy Now Button < 1.7.4 - Contributor+ Stored XSS in Shortcode

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks wpecpp name="' accesskey='X' onclick='alert1...

5.4CVSS5.2AI score0.00477EPSS
Exploits2
wpexploit
wpexploit
added 2021/12/16 12:0 a.m.399 views

Landing Page Builder < 1.4.9.6 - Authenticated Reflected Cross-Site Scripting (XSS)

The plugin was affected by a reflected XSS in page-builder-add on the ulpbpost admin page. http://127.0.0.1:8001/wp-admin/edit.php?posttype=ulpbpost&page=page-builder-new-landing-page&thisPostID="+style=animation-name:rotation+onanimationstart=alert1+x=...

5.4CVSS1.8AI score0.01271EPSS
Exploits2
wpexploit
wpexploit
added 2021/12/06 12:0 a.m.399 views

UpdraftPlus < 1.16.66 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape the backuptimestamp and jobid parameter before outputting then back in admin pages, leading to Reflected Cross-Site Scripting issues...

6.1CVSS1.3AI score0.01122EPSS
Exploits2References2
Total number of security vulnerabilities4359