Lucene search
K
WpexploitMost viewed

4359 matches found

wpexploit
wpexploit
added 2023/01/25 12:0 a.m.374 views

Opening Hours <= 2.3.0 - Contributor+ Stored XSS via Shortcode

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks Note: A Set needs to be present op-is-open...

5.4CVSS5.2AI score0.00471EPSS
Exploits2
wpexploit
wpexploit
added 2023/01/12 12:0 a.m.373 views

Login with Phone Number < 1.4.2 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape the ID parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin https://example.com/wp-admin/admin-ajax.php?action=lwpforgotpassword&ID=...

8.8CVSS1.2AI score0.57397EPSS
Exploits2References1
wpexploit
wpexploit
added 2022/03/01 12:0 a.m.373 views

Narnoo Distributor <= 2.5.1 - Unauthenticated LFI to Arbitrary File Read / RCE

The plugin fails to validate and sanitize the libpath parameter before it is passed into a call to require via the narnoodistributorlibrequest AJAX action available to both unauthenticated and authenticated users which results in the disclosure of arbitrary files as the content of the file is the...

9.8CVSS1AI score0.4783EPSS
Exploits2
wpexploit
wpexploit
added 2020/12/28 12:0 a.m.374 views

WooCommerce < 4.7.0 - Arbitrary Order Status Disclosure via IDOR

"The WooCommerce plugin before 4.7.0 for WordPress allows remote attackers to view the status of arbitrary orders via the orderid parameter in a fetchorderstatus action." https://example.com/wp-admin/admin-ajax.php?action=fetchorderstatus&orderid=XX...

5CVSS4.5AI score0.04026EPSS
Exploits2References1
wpexploit
wpexploit
added 2022/12/21 12:0 a.m.371 views

Woo Products Widgets For Elementor < 1.0.8 - Contributor+ Stored XSS via Shortcode

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks 1. Install WooCommerce and add a product. 2...

5.4CVSS0.7AI score0.00471EPSS
Exploits2
wpexploit
wpexploit
added 2022/12/08 12:0 a.m.370 views

Product list Widget for Woocommerce <= 1.0 - Reflected XSS

The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against both unauthenticated and authenticated users such as high privilege one like admin. Make any unauthenticated or authenticated users su...

6.1CVSS0.3AI score0.00483EPSS
Exploits2
wpexploit
wpexploit
added 2023/02/13 12:0 a.m.369 views

Beautiful Cookie Consent Banner < 2.10.2 - Unauthenticated Stored XSS

The plugin does not have authorisation and CSRF check when updating its settings, and does not escape some of them when outputting them, which could allow unauthenticated attackers to perform Stored Cross-Site Scripting attacks. An initial fix was released in version 2.10.1, and completed in...

1.3AI score
Exploits0
wpexploit
wpexploit
added 2022/01/31 12:0 a.m.368 views

TI WooCommerce Wishlist < 1.40.1 - Unauthenticated Blind SQL Injection

The plugins do not sanitise and escape the itemid parameter before using it in a SQL statement via the wishlist/removeproduct REST endpoint, allowing unauthenticated attackers to perform SQL injection attacks time wget...

9.8CVSS2AI score0.73998EPSS
Exploits2References1
wpexploit
wpexploit
added 2021/12/06 12:0 a.m.368 views

Site Reviews < 5.17.3 - Unauthenticated Stored Cross-Site Scripting

The plugin does not sanitise and escape the site-reviews parameter of the glsraction AJAX action available to unauthenticated and any authenticated users, allowing them to perform Cross-Site Scripting attacks against logged in admins viewing the Tool dashboard of the plugin...

6.1CVSS0.01314EPSS
Exploits2References1
wpexploit
wpexploit
added 2023/01/24 12:0 a.m.367 views

Timed Content < 2.73 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. timed-content-client hide="10:00:'...

5.4CVSS5.2AI score0.00471EPSS
Exploits2
wpexploit
wpexploit
added 2023/01/23 12:0 a.m.366 views

PickPlugins Product Slider for WooCommerce < 1.13.42 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. wcps id='" onmouseover="alert/XSS/"'...

5.4CVSS5.2AI score0.00477EPSS
Exploits2
wpexploit
wpexploit
added 2022/10/03 12:0 a.m.363 views

Post to CSV by BestWebSoft <= 1.4.0 - Author+ CSV Injection

The plugin does not properly escape fields when exporting data as CSV, leading to a CSV injection - create a post using =5+5 as the title - export the data as CSV /wp-admin/admin.php?page=post-to-csv.php - open the CSV with a spreadsheet application Excel, Libre Office - the CSV formula gets...

9.8CVSS0.4AI score0.01279EPSS
Exploits2
wpexploit
wpexploit
added 2023/02/23 12:0 a.m.362 views

BuddyForms < 2.7.8 - Unauthenticated PHAR Deserialization

The plugin does not validate the url parameter of its uploadimagefromurl AJAX action, which could allow unauthenticated attackers to perform PHAR deserialisation granted they an upload a file to the server and a suitable gadget chain is present as well 1. Create a malicious phar file. 2. Upload t...

9.8CVSS9.3AI score0.03824EPSS
Exploits5
wpexploit
wpexploit
added 2024/06/07 12:0 a.m.361 views

Pagerank Tools <= 1.1.5 - Reflected XSS

Description The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin https://example.com/wp-admin/tools.php?page=pagepageranks&url="alert333...

8.7AI score0.00395EPSS
Exploits4
wpexploit
wpexploit
added 2023/01/23 12:0 a.m.361 views

Social Like Box and Page by WpDevArt < 0.8.41 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. wpdevartlikebox height='"...

5.4CVSS5.2AI score0.00477EPSS
Exploits2
wpexploit
wpexploit
added 2023/01/04 12:0 a.m.361 views

FL3R FeelBox <= 8.1 - Settings Update via CSRF to Stored XSS

The plugin does not have CSRF check when updating its settings, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack Make a logged in admin open a page containing the HTML code below '...

6.1CVSS0.3AI score0.00285EPSS
Exploits2
wpexploit
wpexploit
added 2023/01/17 12:0 a.m.358 views

Simple URLs < 115 - Multiple Reflected XSS

The plugin does not sanitise and escape some parameters before outputting them back in some pages, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin. https://example.com/wp-content/plugins/simple-urls/admin/assets/js/import-js.php?search=...

6.1CVSS5.8AI score0.01726EPSS
Exploits6
wpexploit
wpexploit
added 2021/12/06 12:0 a.m.358 views

Chaty Free < 2.8.3 & Pro < 2.8.2 - Reflected Cross-Site Scripting

The plugins do not sanitise and escape the search parameter before outputting it back in the admin dashboard, leading to a Reflected Cross-Site Scripting http://example.com/wp-admin/admin.php?page=chaty-contact-form-feed&search=%3C%2Fscript%3E%3Cimg+src+onerror%3Dalert%28/XSS/%29%3E...

6.1CVSS0.6AI score0.01806EPSS
Exploits2
wpexploit
wpexploit
added 2023/01/28 12:0 a.m.357 views

ShopLentor < 2.5.4 - Contributor+ Stored XSS

The plugin does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. As a contributor, add a "WL : FAQ" Gutenberg block to ...

5.4CVSS5.2AI score0.00534EPSS
Exploits2
wpexploit
wpexploit
added 2023/01/03 12:0 a.m.356 views

Justified Gallery < 1.7.1 - Contributor+ Stored XSS via Shortcode

The plugin does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack. Exploit shortcode: gallery ids="1" lightbox="' onmouseover='alert1'"...

5.4CVSS1.8AI score0.0049EPSS
Exploits2
wpexploit
wpexploit
added 2022/11/15 12:0 a.m.354 views

Helloprint < 1.4.7 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting Make a logged in admin open the following URL: https://example.com/wp-admin/admin.php?page=language-translate.php&success=added"alertXSS...

6.1CVSS6.2AI score0.00897EPSS
Exploits2
wpexploit
wpexploit
added 2022/02/11 12:0 a.m.353 views

Email Subscribers & Newsletters < 5.3.2 - Subscriber+ Blind SQL injection

The plugin does not correctly escape the order and orderby parameters to the ajaxfetchreportlist action, making it vulnerable to blind SQL injection attacks by users with roles as low as Subscriber. Further, it does not have any CSRF protection in place for the action, allowing an attacker to tri...

8.8CVSS2.4AI score0.04184EPSS
Exploits3
wpexploit
wpexploit
added 2022/12/07 12:0 a.m.352 views

BookingPress < 1.0.31 - Unauthenticated IDOR in appointment_id

The plugin suffers from an Insecure Direct Object Reference IDOR vulnerability in it's thank you page, allowing any visitor to display information about any booking, including full name, date, time and service booked, by manipulating the appointmentid query parameter. curl -s...

5.3CVSS0.5AI score0.00669EPSS
Exploits2
wpexploit
wpexploit
added 2023/01/24 12:0 a.m.349 views

Easy Affiliate Links < 3.7.1 - Contributor+ Stored XSS

The plugin does not validate and escape some of its block options before outputting them back in a page/post where the block is embedded, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. Exploit Additional CSS classes for "Easy Affiliate...

6.8CVSS5.2AI score0.00699EPSS
Exploits2
wpexploit
wpexploit
added 2023/12/11 12:0 a.m.348 views

WP TripAdvisor Review Slider < 11.9 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup 1. Go to Get TripAdvisor Reviews optio...

4.8CVSS5.7AI score0.00402EPSS
Exploits2
wpexploit
wpexploit
added 2021/02/13 12:0 a.m.348 views

Theme Editor < 2.6 - Authenticated Arbitrary File Download

The plugin did not validate the GET file parameter before passing it to the downloadfile function, allowing administrators to download arbitrary files on the web server, such as /etc/passwd Edit WPScanTeam: The AJAX action wpajaxmkthemeeditorfileopen could also be used to achieve the same thing a...

0.01066EPSS
Exploits1
wpexploit
wpexploit
added 2024/03/19 12:0 a.m.345 views

Everest Forms < 2.0.8 - Unauthenticated Server-Side Request Forgery via font_url

Description The Everest Forms plugin for WordPress is vulnerable to Server-Side Request Forgery via the 'fonturl' parameter. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application and can be used to query and modify...

7.2CVSS6.7AI score0.00536EPSS
Exploits1References1
wpexploit
wpexploit
added 2023/11/06 12:0 a.m.344 views

Security & Malware scan by CleanTalk < 2.121 - IP Spoofing

Description This plugin retrieves client IP addresses from potentially untrusted headers, allowing an attacker to manipulate its value. This may be used to bypass bruteforce protection. Send 5 invalid login requests and thus block the IP address. POST /wp-login.php HTTP/1.1 Host: localhost...

7.5CVSS7.6AI score0.00653EPSS
Exploits2
wpexploit
wpexploit
added 2022/12/23 12:0 a.m.343 views

User Post Gallery <= 2.19 - Unauthenticated RCE

The plugin does not limit what callback functions can be called by users, making it possible to any visitors to run code on sites running it. Invoke the following curl command to execute the "id" command via PHP's exec function: curl -i...

9.8CVSS1.7AI score0.42723EPSS
Exploits2
wpexploit
wpexploit
added 2023/12/11 12:0 a.m.341 views

Burst Statistics (Free < 1.5.0, Pro < 1.5.1) - Unauthenticated SQL Injection

Description The plugins do not properly sanitise and escape the url parameter before using it in a SQL statement, leading to an SQL injection exploitable by any authenticated users, such as subscribers curl 'https://example.com/burst-statistics-endpoint.php' \ -H 'content-type:...

9.8CVSS8AI score0.0069EPSS
Exploits1References1
wpexploit
wpexploit
added 2023/11/06 12:0 a.m.340 views

POST SMTP Mailer < 2.7.1 - Unauthenticated Cross-site Scripting

Description The plugin does not escape email message content before displaying it in the backend, allowing an unauthenticated attacker to perform XSS attacks against highly privileged users. 1. Install Post SMTP in version 3. Visit /wp-admin/admin.php?page=postmanemaillog Post SMTP - Email Log 4...

6.1CVSS6.1AI score0.0051EPSS
Exploits2
wpexploit
wpexploit
added 2022/09/14 12:0 a.m.338 views

Slider, Gallery, and Carousel by MetaSlider < 3.27.9 - Admin+ Stored Cross Site Scripting

The plugin does not sanitise and escape some of its Gallery Image parameters, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup Add an image to a Gallery via...

4.8CVSS0.0047EPSS
Exploits2
wpexploit
wpexploit
added 2023/12/08 12:0 a.m.337 views

Html5 Video Player < 2.5.19 - Subscriber+ Stored XSS

Description The plugin does not sanitise and escape some of its player settings, which combined with missing capability checks around the plugin could allow any authenticated users, such as low as subscribers to perform Stored Cross-Site Scripting attacks against high privilege users like admins...

5.4CVSS5.6AI score0.00527EPSS
Exploits2
wpexploit
wpexploit
added 2021/11/17 12:0 a.m.337 views

Login/Signup Popup < 2.2 - Reflected Cross-Site Scripting

The plugin does not escape its tab parameter before outputting it back in an attribute in the admin dashboard, leading to a Reflected Cross-Site Scripting issue https://example.com/wp-admin/admin.php?page=xoo-el-fields&tab="alert/XSS/...

6.3AI score
Exploits0
wpexploit
wpexploit
added 2021/11/29 12:0 a.m.336 views

MOLIE <= 0.5 - Authenticated SQL Injection

The plugin does not validate and escape a post parameter before using in a SQL statement, leading to an SQL Injection https://example.com/wp-admin/post.php?post=validpostid+and+SLEEP%285%29&action=edit https://example.com/wp-admin/admin-post.php?action=edit&post=1+and+SLEEP%285%29...

9.8CVSS2.2AI score0.01583EPSS
Exploits2
wpexploit
wpexploit
added 2024/02/02 12:0 a.m.335 views

PageLayer < 1.8.1 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup 1. Enter the following payload in the...

5.7AI score0.00402EPSS
Exploits2
wpexploit
wpexploit
added 2021/04/11 12:0 a.m.335 views

Business Directory Plugin < 5.11.1 - Authenticated PHP4 Upload to RCE

The plugin did not properly check for imported files, forbidding certain extension via a blacklist approach, allowing administrator to import an archive with a .php4 inside for example, leading to RCE Create a php4 file with PHP code in it, zip it and import it via the plugin import feature...

6.5CVSS0.5AI score0.01583EPSS
Exploits2
wpexploit
wpexploit
added 2021/02/04 12:0 a.m.335 views

Contact Form 7 Style <= 3.1.9 - Cross-Site Request Forgery to Stored Cross-Site Scripting

Due to the lack of sanitization and lack of nonce protection on the custom CSS feature, an attacker could craft a request to inject malicious JavaScript on a site using the plugin. If an attacker successfully tricked a site’s administrator into clicking a link or attachment, then the request coul...

0.3AI score0.00593EPSS
Exploits1References1
wpexploit
wpexploit
added 2022/03/07 12:0 a.m.334 views

Plezi < 1.0.3 - Unauthenticated Stored XSS

The plugin has a REST endpoint allowing unauthenticated users to update the plzconfigurationtrackerenable option, which is then displayed in the admin panel without sanitisation and escaping, leading to a Stored Cross-Site Scripting issue curl -X POST...

6.1CVSS1.8AI score0.00852EPSS
Exploits2
wpexploit
wpexploit
added 2023/12/13 12:0 a.m.332 views

Ovic Responsive WPBakery < 1.2.9 - Subscriber+ Option Update

Description The plugin does not limit which options can be updated via some of its AJAX actions, which may allow attackers with a subscriber+ account to update blog options, such as 'userscanregister' and 'defaultrole'. It also unserializes user input in the process, which may lead to Object...

8.8CVSS8.9AI score0.0056EPSS
Exploits1
wpexploit
wpexploit
added 2023/11/06 12:0 a.m.324 views

kk Star Ratings < 5.4.6 - Rating Tampering via Race Condition

Description The plugin does not implement atomic operations, allowing one user vote multiple times on a poll due to a Race Condition. 1- Install and activate kk Star Ratings. 2- Go to the page that displays the star rating. 3- Using Burp and the Turbo Intruder extension, intercept the rating...

5.9CVSS5.8AI score0.00414EPSS
Exploits5
wpexploit
wpexploit
added 2021/03/17 12:0 a.m.324 views

Elementor < 3.1.2 - Authenticated Stored Cross-Site Scripting (XSS) in Column Element

In the plugin, the column element includes/elements/column.php accepts an ‘htmltag’ parameter. Although the element control lists a fixed set of possible html tags, it is possible for a user with Contributor or above permissions to send a modified ‘savebuilder’ request containing JavaScript in th...

3.5CVSS0.1AI score0.00746EPSS
Exploits2References1
wpexploit
wpexploit
added 2023/12/21 12:0 a.m.320 views

Post SMTP < 2.6.1 - Authenticated (Administrator+) SQL Injection

Description The Post SMTP plugin for WordPress is vulnerable to time-based SQL Injection via the logid parameter in versions up to, and including, 2.6.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible...

7.7AI score
Exploits0References1
wpexploit
wpexploit
added 2023/12/12 12:0 a.m.321 views

Prime Mover < 1.9.3 - Directory Listing to Sensitive Data Exposure

Description The plugin does not prevent directory listing in sensitive directories containing export files. http://127.0.0.1/wordpress/wp-content/uploads/prime-mover-export-files/1/ 0 Go to packages and crate new If there is no backup now 1 Go to this URL manualy 2 Use Exploit...

7.5CVSS6.7AI score0.39867EPSS
Exploits1References1
wpexploit
wpexploit
added 2023/12/11 12:0 a.m.319 views

affiliate-toolkit < 3.4.3 - Unauthenticated SSRF

Description The plugin lacks authorization and authentication for requests to it's affiliate-toolkit-starter/tools/atkpimagereceiver.php endpoint, allowing unauthenticated visitors to make requests to arbitrary URL's, including RFC1918 private addresses, leading to a Server Side Request Forgery...

9.8CVSS7.2AI score0.00898EPSS
Exploits2
wpexploit
wpexploit
added 2021/04/21 12:0 a.m.319 views

iThemes Security Free (< 7.9.1) & Pro (< 6.8.4) - Hide Backend Bypass

Both the iThemes Security free and pro versions were affected. - Patched in Version iThemes Security: 7.9.1 - Patched in Version iThemes Security Pro: 6.8.4 The bug allowed attackers to bypass the "Hide Backend" feature, that, when enabled, hides the WordPress wp-login.php and wp-admin pages...

7.4AI score
Exploits0References2
wpexploit
wpexploit
added 2022/11/14 12:0 a.m.318 views

Chaty < 3.0.3 - Admin+ SQLi

The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as admin...

7.2CVSS1.4AI score0.00992EPSS
Exploits2
wpexploit
wpexploit
added 2022/05/18 12:0 a.m.315 views

HC Custom WP-Admin URL <= 1.4 - Unauthenticated Secret URL Disclosure

The plugin leaks the secret login URL when sending a specific crafted request curl -sIXGET -H "Cookie: validloginslug=1" https://example.com/wp-login.php HTTP/2 302 x-redirect-by: WordPress location: secret...

5.3CVSS5.3AI score0.02621EPSS
Exploits2
wpexploit
wpexploit
added 2024/02/02 12:0 a.m.314 views

Spiffy Calendar < 4.9.9 - Broken Access Control

Description The plugin doesn't check the eventauthor parameter, and allows any user to alter it when creating an event, leading to deceiving users/admins that a page was created by a Contributor+. Using a Contributor+ account and a proxy interceptor such as Burp Suite, create an event. Change the...

6.7AI score0.00482EPSS
Exploits2
wpexploit
wpexploit
added 2022/11/21 12:0 a.m.314 views

Listingo < 3.2.7 - Unauthenticated Arbitrary File Upload

The theme does not validate files to be uploaded via an AJAX action available to unauthenticated users, which could allow them to upload arbitrary files and lead to RCE Listingo Unauthenticated File Upload Upload a File: The response give the path to the file uploaded:...

9.8CVSS0.3AI score0.21205EPSS
Exploits2
Total number of security vulnerabilities4359