Lucene search
K
WpexploitMost viewed

4359 matches found

wpexploit
wpexploit
•added 2023/12/18 12:0 a.m.•312 views

WP Blogs' Planetarium <= 1.0 - Settings Update via CSRF

Description The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack document.forms0.submit;...

8.8CVSS8.7AI score0.00348EPSS
Exploits2References1
wpexploit
wpexploit
•added 2023/12/16 12:0 a.m.•312 views

CommentTweets <= 0.6 - Settings Update via CSRF

Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks HTMLFormElement.prototype.submit.call document.forms0 ;...

8.8CVSS8.8AI score0.0032EPSS
Exploits1References1
wpexploit
wpexploit
•added 2022/11/02 12:0 a.m.•312 views

Font Awesome 4 Menus <= 4.7.0 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. Put the following payload in the "A custom...

0.00524EPSS
Exploits2
wpexploit
wpexploit
•added 2023/07/17 12:0 a.m.•311 views

WPCode < 2.0.13.1 - Reflected XSS

Description The plugin does not escape generated URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting Make a logged in admin open https://example.com/wp-admin/admin.php?page=wpcode&a"alert/XSS/=2...

6.1CVSS6.2AI score0.00452EPSS
Exploits2
wpexploit
wpexploit
•added 2021/06/28 12:0 a.m.•311 views

W3 Total Cache < 2.1.4 - Reflected XSS in Extensions Page (Attribute Context)

The plugin was vulnerable to a reflected Cross-Site Scripting XSS security vulnerability within the "extension" parameter in the Extensions dashboard, which is output in an attribute without being escaped first. This could allow an attacker, who can convince an authenticated admin into clicking a...

4.3CVSS1.4AI score0.01905EPSS
Exploits2
wpexploit
wpexploit
•added 2024/02/28 12:0 a.m.•310 views

Travelpayouts < 1.1.17 - Open Redirect

Description The plugin is vulnerable to Open Redirect due to insufficient validation on the travelpayoutsredirect variable. This makes it possible for unauthenticated attackers to redirect users to potentially malicious sites if they can successfully trick them into performing an action...

6.7AI score0.00891EPSS
Exploits2
wpexploit
wpexploit
•added 2022/05/18 12:0 a.m.•310 views

Member Hero <= 1.0.9 - Unauthenticated RCE

The plugin lacks authorization checks, and does not validate the a request parameter in an AJAX action, allowing unauthenticated users to call arbitrary PHP functions with no arguments. curl https://example.com/wp-admin/admin-ajax.php?action=memberherosendform&memberherohook=phpinfo...

9.8CVSS3AI score0.09105EPSS
Exploits2
wpexploit
wpexploit
•added 2024/01/03 12:0 a.m.•307 views

Biteship for WooCommerce < 2.2.25 - Reflected Cross-Site Scripting

Description The plugin does not sanitise and escape the biteshiperror and biteshipmessage parameters before outputting them back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin Make a logged in admin open one of the URLs belo...

6.1CVSS6AI score0.0037EPSS
Exploits2
wpexploit
wpexploit
•added 2021/04/20 12:0 a.m.•307 views

Redirection for Contact Form 7 < 2.3.4 - Unauthenticated Arbitrary Nonce Generation

In the plugin, unauthenticated users can use the wpcf7rgetnonce AJAX action to retrieve a valid nonce for any WordPress action/function. 'wpcf7rgetnonce', 'param' = 'ANY ACTION HERE' ; $output = curlexec$ch; curlclose$ch; printr$output; ?...

5CVSS2.9AI score0.07359EPSS
Exploits2References1
wpexploit
wpexploit
•added 2023/12/04 12:0 a.m.•305 views

Duplicator < 1.5.7.1; Duplicator Pro < 4.5.14.2 - Unauthenticated Sensitive Data Exposure

Description The plugin does not disallow listing the backups-dup-lite/tmp directory or the backups-dup-pro/tmp directory in the Pro version, which temporarily stores files containing sensitive data. When directory listing is enabled in the web server, this allows unauthenticated attackers to...

7.5CVSS8.8AI score0.30894EPSS
Exploits5References1
wpexploit
wpexploit
•added 2023/05/15 12:0 a.m.•304 views

Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblue < 3.1.61 - Reflected XSS

The plugin does not sanitise and escape a parameter before outputting it back in the admin dashboard when the WPML plugin is also active and configured, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin Make a logged in admin open a page...

6.1CVSS5.7AI score0.00486EPSS
Exploits2
wpexploit
wpexploit
•added 2024/06/05 12:0 a.m.•303 views

Contact Form 7 < 5.9.5 - Unauthenticated Open Redirect

Description The plugin has an open redirect that allows an attacker to utilize a false URL and redirect to the URL of their choosing. 1. Add a form to a footer widget area 2. Disable JavaScript 3. Access the URL: https://example.com/%0a/google.com 4. Fill out the form and submit 5. The browser wi...

6.6AI score0.00449EPSS
Exploits2
wpexploit
wpexploit
•added 2022/11/21 12:0 a.m.•303 views

Dokan < 3.7.6 - Unauthenticated SQLi

The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by unauthenticated users Setup: - Install WooCommerce dependency, no setup required - Install the plugin, complete the wizard no special configuration was...

9.8CVSS0.1AI score0.01059EPSS
Exploits2
wpexploit
wpexploit
•added 2025/02/11 12:0 a.m.•301 views

360 Product Rotation <= 1.5.8 - Reflected XSS

Description The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against only unauthenticated users. http://example.com/wp-content/plugins/360-product-rotation/includes/iframe.php?licenseid=1"ale...

6.3AI score0.00301EPSS
Exploits2
wpexploit
wpexploit
•added 2023/05/30 12:0 a.m.•301 views

Jetpack < 12.1.1 - Author+ Arbitrary File Manipulation via API

The plugin does not validate uploaded files, allowing users with author roles or above to manipulate existing files on the site, deleting arbitrary files, and in rare cases achieve Remote Code Execution via phar deserialization. curl --json ' "media": "tmpname": "/WPCONTENTPATH/wp-config.php",...

8.8CVSS9.6AI score0.04824EPSS
Exploits2References1
wpexploit
wpexploit
•added 2024/02/02 12:0 a.m.•300 views

WPDashboardNotes < 1.0.11 - Unauthorised Deletion of Private Notes

Description The plugin is vulnerable to Insecure Direct Object References IDOR in postid= parameter. Authenticated users are able to delete private notes associated with different user accounts. This poses a significant security risk as it violates the principle of least privilege and compromises...

6.7AI score0.00402EPSS
Exploits2
wpexploit
wpexploit
•added 2023/12/09 12:0 a.m.•300 views

Download Manager < 3.2.83 - Unauthenticated Protected File Download Password Leak

Description The plugin does not protect file download's passwords, leaking it upon receiving an invalid one. 223 being the ID of a password protected download: curl -X POST --data 'wpdmID=223&dataType=json&execute=wpdmgetlink&action=wpdmajaxcall&password=123322'...

7.5CVSS6.8AI score0.02437EPSS
Exploits3
wpexploit
wpexploit
•added 2022/07/25 12:0 a.m.•299 views

SearchWP Live Ajax Search < 1.6.2 - Unauthenticated Arbitrary Post Title Disclosure

The plugin does not ensure that users making. alive search are limited to published posts only, allowing unauthenticated users to make a crafted query disclosing private/draft/pending post titles along with their permalink...

5.3CVSS2AI score0.01464EPSS
Exploits2
wpexploit
wpexploit
•added 2022/03/07 12:0 a.m.•298 views

Menu Image, Icons made easy < 3.0.8 - Subscriber+ Stored Cross-Site Scripting

The plugin does not have authorisation and CSRF checks when saving menu settings, and does not validate, sanitise and escape them. As a result, any authenticate users, such as subscriber can update the settings or arbitrary menu and put Cross-Site Scripting payloads in them which will be triggere...

5.4CVSS0.1AI score0.00595EPSS
Exploits2
wpexploit
wpexploit
•added 2024/02/26 12:0 a.m.•297 views

Ultimate Member 2.1.3 - 2.8.2 - Unauthenticated SQL Injection

Description The plugin does not sanitize and escape the sorting parameter before using it in a SQL statement, allowing unauthenticated users to perform SQL injection attacks when the "Enable custom table for usermeta" option is enabled. Requirement: "Enable custom table for usermeta" option to be...

9.8CVSS9.8AI score0.89431EPSS
Exploits8References1
wpexploit
wpexploit
•added 2024/02/02 12:0 a.m.•297 views

JetBackup < 2.0.9.9 - Directory Listing Exposing Backups

Description The plugin doesn't use index files to prevent public directory listing of sensitive directories in certain configurations, which allows malicious actors to leak backup files. A partial fix was released in 2.0.9.6, removing the ability to list the directory but still allowing direct...

9.2AI score0.01915EPSS
Exploits2References1
wpexploit
wpexploit
•added 2022/07/07 12:0 a.m.•295 views

Microsoft Advertising Universal Event Tracking < 1.0.4 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. Due to the nature of this plugin, well crafted XSS can also leak into the frontpage. Put the following...

4.8CVSS0.2AI score0.01052EPSS
Exploits2
wpexploit
wpexploit
•added 2021/02/08 12:0 a.m.•295 views

WP Amour < 1.5.7 - Authenticated Stored Cross-Site Scripting (XSS)

The plugin did not sanitise and escape its setting fields, leading to Stored Cross-Site Scripting issues. Furthermore, the lack of CSRF checks could also allow attackers to trigger the XSS via CSRF attacks against a logged in administrator alert/XSS-Field/' / alert/XSS-Error/' /...

0.9AI score
Exploits0References1
wpexploit
wpexploit
•added 2021/05/24 12:0 a.m.•293 views

JNews < 8.0.6 - Reflected Cross-Site Scripting (XSS)

The theme did not sanitise the catid parameter in the POST request /?ajax-request=jnews with action=jnewsbuildmegacategory, leading to a Reflected Cross-Site Scripting XSS issue. POST /?ajax-request=jnews HTTP/1.1 Accept: text/html, /; q=0.01 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip,...

6.1CVSS0.2AI score0.01975EPSS
Exploits2
wpexploit
wpexploit
•added 2022/04/11 12:0 a.m.•292 views

Sitemap by click5 < 1.0.36 - Unauthenticated Arbitrary Options Update

The plugin does not have authorisation and CSRF checks when updating options via a REST endpoint, and does not ensure that the option to be updated belongs to the plugin. As a result, unauthenticated attackers could change arbitrary blog options, such as the userscanregister and defaultrole,...

8.8CVSS1.9AI score0.13329EPSS
Exploits2
wpexploit
wpexploit
•added 2022/02/21 12:0 a.m.•292 views

Hide Admin Bar Based on User Roles < 3.0.0 - Subscriber+ Settings Update

The plugin does not have authorisation and CSRF checks, allowing any authenticated users, such as subscriber, to update the plugin's settings https://example.com/wp-admin/admin-ajax.php?action=saveuserroles&caps=test&disableForAll=no...

3AI score
Exploits0
wpexploit
wpexploit
•added 2021/06/29 12:0 a.m.•288 views

RSVPMaker < 8.7.3 - Authenticated (admin+) SSRF

The Import feature of the plugin /wp-admin/tools.php?page=rsvpmakerexportscreen takes an URL input and calls curl on it, without first validating it to ensure it's a remote one. As a result, a high privilege user could use that feature to scan the internal network via a SSRF attack. Go to the...

4CVSS0.7AI score0.01012EPSS
Exploits2References1
wpexploit
wpexploit
•added 2021/06/28 12:0 a.m.•287 views

Onair2 < 3.9.9.2 & KenthaRadio < 2.0.2 - Unauthenticated RFI and SSRF

The theme and plugin have exposed proxy functionality to unauthenticated users, sending requests to this proxy functionality will have the web server fetch and display the content from any URI, this would allow for SSRF Server Side Request Forgery and RFI Remote File Inclusion vulnerabilities on...

7.5CVSS3.3AI score0.56614EPSS
Exploits2
wpexploit
wpexploit
•added 2021/07/01 12:0 a.m.•286 views

Leaflet Map < 3.0.0 - Contributor+ Stored XSS

The plugin does not escape some shortcode attributes before they are used in JavaScript code or HTML, which could allow users with a role as low as Contributors to exploit stored XSS issues Most of the shortcode attributes are not escaped, so these are just one of them: leaflet-map...

3.5CVSS5.3AI score0.00624EPSS
Exploits2
wpexploit
wpexploit
•added 2021/08/06 12:0 a.m.•285 views

Paid Member Subscriptions < 2.4.2 - Authenticated SQL Injection

The plugin did not sanitise, validate or escape its order and orderby parameters before using them in SQL statement, leading to Authenticated SQL Injections in the Members and Payments pages. http://www.example.com/wp-admin/admin.php?page=pms-members-page&orderby=userid&order=asc,select from...

8.8CVSS1.7AI score0.01659EPSS
Exploits2References2
wpexploit
wpexploit
•added 2024/04/04 12:0 a.m.•283 views

WP Advanced Search <= 1.1.6 - Admin+ SQL Injection

Description The plugin does not properly escape parameters appended to an SQL query, making it possible for users with the administrator role to conduct SQL Injection attacks in the context of a multisite WordPress configurations. 1. Log in as an administrator 2. Visit...

7.8AI score0.00422EPSS
Exploits2
wpexploit
wpexploit
•added 2021/06/16 12:0 a.m.•283 views

Filebird 4.7.3 - Unauthenticated SQL Injection

The Filebird Plugin 4.7.3 introduced a SQL injection vulnerability as it is making SQL queries without escaping user input data from a HTTP post request. This is a major vulnerability as the user input is not escaped and passed directly to the getcol function and it allows SQL injection. The Rest...

9.8CVSS0.2AI score0.02793EPSS
Exploits2References1
wpexploit
wpexploit
•added 2020/09/01 12:0 a.m.•282 views

File Manager 6.0-6.9 - Unauthenticated Arbitrary File Upload leading to RCE

Seravo noticed multiple cases where WordPress sites were breached using 0-day in wp-file-manager confirmed with v6.8, which was the latest version available in wordpress.org. File lib/php/connector.minimal.php can be by default opened directly, and this file loads...

7.5CVSS10AI score0.97328EPSS
Exploits14References5
wpexploit
wpexploit
•added 2024/02/02 12:0 a.m.•281 views

JobSearch WP Job Board < 2.3.4 - Authentication Bypass

Description The plugin does not prevent attackers from logging-in as any users with the only knowledge of that user's email address. Browse to the site, paste the following in your browser's console replace the email address with that site's administrator's email address:...

6.8AI score0.00549EPSS
Exploits2
wpexploit
wpexploit
•added 2021/11/15 12:0 a.m.•281 views

Modern Events Calendar < 6.1.5 - Unauthenticated Blind SQL Injection

The plugin does not sanitise and escape the time parameter before using it in a SQL statement in the mecloadsinglepage AJAX action, available to unauthenticated users, leading to an unauthenticated SQL injection issue...

9.8CVSS9.9AI score0.728EPSS
Exploits7
wpexploit
wpexploit
•added 2021/04/20 12:0 a.m.•281 views

Kaswara Modern VC Addons (0-day) - Unauthenticated Arbitrary File Upload

The plugin allows unauthenticated arbitrary file upload via the 'uploadFontIcon' AJAX action. The supplied zipfile being unzipped in the wp-content/uploads/kaswara/fontsicon directory with no checks for malicious files such as PHP. The vendor has been unresponsive to both the reporter and Envato,...

7.5CVSS1.6AI score0.4214EPSS
Exploits3References1
wpexploit
wpexploit
•added 2024/05/03 12:0 a.m.•280 views

Royal Elementor Addons < 1.3.95 - Unauthenticated IP Spoofing

Description The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to IP Address Spoofing due to insufficient IP address validation. This makes it possible for unauthenticated attackers to spoof their IP addresses. Set any of the following server headers as used in getclienti...

9.8CVSS5.3AI score0.00455EPSS
Exploits1References1
wpexploit
wpexploit
•added 2023/12/12 12:0 a.m.•279 views

WP Go Maps < 9.0.28 - Unauthenticated Stored XSS

Description The plugin does not properly protect most of its REST API routes, which attackers can abuse to store malicious HTML/Javascript on the site. Run the following Python script, then visit https://vulnerable-site.tld/wp-admin/admin.php?page=wp-google-maps-menu&action=edit&mapid=1...

6.1CVSS6.7AI score0.00619EPSS
Exploits2References1
wpexploit
wpexploit
•added 2023/06/05 12:0 a.m.•279 views

KiviCare Management System < 3.2.1 - Multiple CSRF

The plugin does not have CSRF checks either flawed or missing completely in various AJAX actions, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks. This includes, but is not limited to: Delete arbitrary appointments/medical records/etc, create/update...

8.8CVSS9.2AI score0.00389EPSS
Exploits2
wpexploit
wpexploit
•added 2023/12/12 12:0 a.m.•278 views

Backup Migration < 1.3.8 - Unauthenticated RCE

Description The plugin is vulnerable to Remote Code Execution via the /includes/backup-heart.php file. This is due to an attacker being able to control the values passed to an include, and subsequently leverage that to achieve remote code execution. This makes it possible for unauthenticated...

9.8CVSS10AI score0.97846EPSS
Exploits14References1
wpexploit
wpexploit
•added 2022/02/28 12:0 a.m.•278 views

Simple Link Directory < 7.7.2 - Unauthenticated SQL injection

The plugin does not validate and escape the postid parameter before using it in a SQL statement via the qcopdupvoteaction AJAX action available to unauthenticated and authenticated users, leading to an unauthenticated SQL Injection curl 'http://example.com/wp-admin/admin-ajax.php' --data...

9.8CVSS2.9AI score0.10825EPSS
Exploits2References1
wpexploit
wpexploit
•added 2021/02/19 12:0 a.m.•278 views

Testimonial Rotator <= 3.0.3 - Authenticated Stored Cross-Site Scripting

Stored Cross-Site Scripting vulnerabilities in Testimonial Rotator 3.0.3 allow low privileged users Contributor to inject arbitrary JavaScript code or HTML without approval. This could lead to privilege escalation Edit WPScanTeam: The https://wordpress.org/plugins/themify-portfolio-post/ plugin...

0.3AI score0.00687EPSS
Exploits2References1
wpexploit
wpexploit
•added 2022/11/21 12:0 a.m.•277 views

Betheme < 26.6 - Contributor+ PHP Object Injection

The plugin unserializes user input provided via the import, mfn-items-import-page, and mfn-items-import parameters passed through the mfnbuilderimport, mfnbuilderimportpage, importdata, importsinglepage, and importfromclipboard functions. This could allow users with a role as low as contributor t...

8.8CVSS0.6AI score0.01984EPSS
Exploits5References1
wpexploit
wpexploit
•added 2024/03/20 12:0 a.m.•276 views

Avada < 7.11.7 - Unauthenticated Sensitive Information Exposure via Form Uploads Directory Listing

Description The Avada theme for WordPress is vulnerable to Sensitive Information Exposure via the '/wp-content/uploads/fusion-forms/' directory. This makes it possible for unauthenticated attackers to extract sensitive data uploaded via an Avada created form with a file upload mechanism. Access t...

5.3CVSS5.7AI score0.27997EPSS
Exploits1References1
wpexploit
wpexploit
•added 2023/05/08 12:0 a.m.•276 views

Download Manager < 3.2.71 - Broken Access Controls

The plugin does not adequately validate passwords for password-protected files. Upon validation, a master key is generated and exposed to the user, which may be used to download any password-protected file on the server, allowing a user to download any file with the knowledge of any one file's...

6.5CVSS9.1AI score0.00737EPSS
Exploits2
wpexploit
wpexploit
•added 2022/07/12 12:0 a.m.•274 views

User Private Files < 1.1.3 - Subscriber+ Arbitrary File Upload

The plugin does not filter file extensions when letting users upload files on the server, which may lead to malicious code being uploaded. 1 Create a file named exploit.php, which contains: ?php phpinfo; 2 Find the upfajaxnonce on the site's front page. 2 Run the following cURL request, curl --ur...

8.8CVSS0.2AI score0.0078EPSS
Exploits2
wpexploit
wpexploit
•added 2024/02/28 12:0 a.m.•273 views

System Dashboard < 2.8.10 - XSS via Header Injection

Description The plugin does not sanitize and escape some parameters, which could allow administrators in multisite WordPress configurations to perform Cross-Site Scripting attacks X-Forwarded-For: 11.11.11.11alert1...

6.1AI score0.00813EPSS
Exploits2References1
wpexploit
wpexploit
•added 2023/07/24 12:0 a.m.•272 views

WordPress Database Administrator <= 1.0.3 - Unauthenticated SQL Injection

Description The plugin does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection. Run the command: curl -i -s -k -X POST --data-binary...

9.7AI score0.0084EPSS
Exploits2
wpexploit
wpexploit
•added 2021/06/28 12:0 a.m.•272 views

W3 Total Cache < 2.1.5 - Reflected XSS in Extensions Page (JS Context)

The plugin was affected by a reflected Cross-Site Scripting XSS issue within the "extension" parameter in the Extensions dashboard, when the 'Anonymously track usage to improve product quality' setting is enabled, as the parameter is output in a JavaScript context without proper escaping. This...

4.3CVSS5.9AI score0.01996EPSS
Exploits2
wpexploit
wpexploit
•added 2023/11/06 12:0 a.m.•270 views

Asgaros Forum < 2.7.1 - Unauthenticated Arbitrary File Upload

Description The plugin allows forum administrators, who may not be WordPress super-administrators, to set insecure configuration that allows unauthenticated users to upload dangerous files e.g. .php, .phtml, potentially leading to remote code execution. Any user who has the rights to modify the...

9.8CVSS9.9AI score0.01964EPSS
Exploits2
Total number of security vulnerabilities4359