Lucene search
K
WpexploitMost viewed

4359 matches found

wpexploit
wpexploit
•added 2015/05/06 12:0 a.m.•238 views

Twenty Fifteen Theme <= 1.1 - DOM Cross-Site Scripting (XSS)

Genericons...

4.3CVSS0.9AI score0.03803EPSS
Exploits3References3
wpexploit
wpexploit
•added 2022/09/13 12:0 a.m.•237 views

Soledad < 8.2.5 - Reflected Cross-site Scripting

The theme does not sanitise the id,datafiltertype,... parameters in its pencimoreslistpostajax AJAX action, leading to a Reflected Cross-Site Scripting XSS vulnerability. A threat actor can collect the nonce value on the main webpage by searching for it on the ajaxvarmore call: var ajaxvarmore =...

6.1CVSS6AI score0.00486EPSS
Exploits2
wpexploit
wpexploit
•added 2022/05/31 12:0 a.m.•237 views

Germanized for WooCommerce < 3.9.5 - Reflected Cross-Site Scripting

The plugin does not escape some URLs before outputting them back in attributes, leading to Reflected Cross-Site Scripting https://example.com/wp-admin/admin.php?page=wc-settings&tab=germanized&a"alert/XSS/...

0.3AI score
Exploits0
wpexploit
wpexploit
•added 2021/11/15 12:0 a.m.•237 views

StopBadBots < 6.67 - Unauthenticated SQL Injection

The plugin does not sanitise and escape the User Agent before using it in a SQL statement to save it, leading to a SQL injection GET / HTTP/1.1 User-Agent: Zongbot' where id = 'xxxxxxxxxxxxxxxxxxxxxxxxxxxx'-- - Accept:...

9.8CVSS9.4AI score0.01575EPSS
Exploits2
wpexploit
wpexploit
•added 2024/03/26 12:0 a.m.•236 views

My Sticky Bar < 2.6.8 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup You should click on "My Sticky Bar" an...

5.7AI score0.00315EPSS
Exploits2
wpexploit
wpexploit
•added 2023/11/06 12:0 a.m.•236 views

Webpushr < 4.35.0 - Unauthenticated Stored XSS

Description The plugin does not prevent visitors on the site from changing some of the plugin options, some of which may be used to conduct Stored XSS attacks. 1. Woocommerce needs to be installed as well as activating webpushr-web-push-notifications by creating an account. 2. Run the following...

5.4CVSS5.8AI score0.00426EPSS
Exploits2
wpexploit
wpexploit
•added 2023/10/13 12:0 a.m.•236 views

Gutenberg < 16.8.1 - Contributor+ Stored XSS

Description The plugin does not adequately escape the content of the footnotes within the paragraph block of the block editor, leading to a Contributor+ Cross-Site Scripting vulnerability. 1. Create a new post as a Contributor user. 2. Add a paragraph block and add a footnote to the paragraph. 3...

6.6AI score
Exploits0
wpexploit
wpexploit
•added 2023/04/10 12:0 a.m.•236 views

Blocksy Companion < 1.8.82 - Subscriber+ Draft Post Access

The plugin does not ensure that posts to be accessed via a shortcode are already public and can be viewed, allowing any authenticated users, such as subscriber to access draft posts for example Run the below command in the developer console of the web browser while being on the blog as a subscrib...

4.3CVSS9.2AI score0.0055EPSS
Exploits2
wpexploit
wpexploit
•added 2022/08/15 12:0 a.m.•236 views

WP Database Backup < 5.9 - Admin+ Stored Cross-Site Scripting

The plugin does not escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfilteredhtml capability is disallowed for example in multisite setup Put the following payload in any of the Destination FTP Settings: "...

4.8CVSS0.2AI score0.00403EPSS
Exploits1
wpexploit
wpexploit
•added 2022/05/03 12:0 a.m.•236 views

Smush < 3.9.9 - Admin+ Reflected Cross-Site Scripting

The plugin does not sanitise and escape a configuration parameter before outputting it back in an admin page when uploading a malicious preset configuration, leading to a Reflected Cross-Site Scripting. For the attack to be successful, an attacker would need an admin to upload a malicious...

6.1CVSS0.00757EPSS
Exploits2
wpexploit
wpexploit
•added 2024/01/15 12:0 a.m.•235 views

FastDup – Fastest WordPress Migration & Duplicator < 2.2 - Directory Listing to Account Takeover and Sensitive Data Exposure

Description The plugin does not prevent directory listing in sensitive directories containing export files. 1 Run backup function http://yoursite/wordpress/wp-admin/admin.php?page=njt-fastdup/ 2 During backup creation, you can intercept the following paths: wordpress/wp-content/plugins/fastdup/lo...

5.3CVSS5.8AI score0.00913EPSS
Exploits1References1
wpexploit
wpexploit
•added 2021/09/02 12:0 a.m.•235 views

GeoDirectory < 2.1.1.3 - Authenticated (admin+) Stored Cross-Site Scripting (XSS)

The GeoDirectory plugin was vulnerable to Authenticated admin+ Stored Cross-Site Scripting XSS. POST /wp-admin/admin.php?page=gd-settings&tab=general&section=location HTTP/1.1 ..SNIP.. Content-Disposition: form-data; name="defaultlocationlatitude" prompt/XSS/ ..SNIP...

5.4CVSS1.4AI score0.00854EPSS
Exploits2References2
wpexploit
wpexploit
•added 2021/02/17 12:0 a.m.•235 views

Better Search < 2.5.3 - CSRF Nonce Bypass in Import/Export

The plugin did not properly check the CSRF nonces when exporting and importing settings, allowing attackers to make a logged in user with the manageoptions capability export and import arbitrary settings by not providing the nonce parameter in the request POST...

1.1AI score
Exploits0References2
wpexploit
wpexploit
•added 2024/06/06 12:0 a.m.•234 views

Kadence Blocks Pro < 2.3.8 - Contributor+ Arbitrary Option Access

Description The plugin does not prevent users with at least the contributor role using some of its shortcode's functionalities to leak arbitrary options from the database. 1. ADMIN: Install Kadence Blocks Pro 2. CONTRIBUTOR: Add shortcode to any post and specify/guess the option name and save 3...

6.8AI score0.00423EPSS
Exploits2
wpexploit
wpexploit
•added 2021/02/22 12:0 a.m.•234 views

QuadMenu < 2.0.7 - Unauthenticated RCE via compiler_save

The compilersave AJAX action, available to both authenticated and unauthenticated users did not check the extension of the imported file, and had the nonce used for CSRF check displayed in the homepage. This could allow unauthenticated users to create an arbitrary PHP file on the blog, leading to...

1.4AI score
Exploits0References1
wpexploit
wpexploit
•added 2023/11/06 12:0 a.m.•233 views

WPB Show Core <= 2.2 - Unauthenticated Local File Inclusion

Description This plugin is vulnerable to a local file inclusion via the path parameter. Send a GET request to wpb-show-core/download-file.php with the path parameter set to an arbitrary file path on the server, - "/etc/resolv.conf" - "/etc/hosts" - "../../../wp-config.php"...

9.8CVSS9.3AI score0.1567EPSS
Exploits2
wpexploit
wpexploit
•added 2022/07/18 12:0 a.m.•233 views

Crowdsignal Polls & Ratings < 3.0.8 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting var form1 = document.getElementById'hack'; form1.submit;...

6.1CVSS6.2AI score0.0051EPSS
Exploits2
wpexploit
wpexploit
•added 2022/02/28 12:0 a.m.•233 views

miniOrange's Google Authenticator < 5.5 - Unauthenticated Arbitrary Options Deletion

The plugin does not have proper authorisation and CSRF checks when handling the reconfigureMethod, and does not validate the parameters passed to it properly. As a result, unauthenticated users could delete arbitrary options from the blog, making it unusable. Note: The initial issue was fixed in...

8.1CVSS3.2AI score0.00538EPSS
Exploits2
wpexploit
wpexploit
•added 2023/04/17 12:0 a.m.•232 views

Bitcoin / AltCoin Payment Gateway <= 1.7.1 - Unauthenticated SQLi

The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by authenticated users Setup: 1. Install woocommerce dependency, no setup required 2. Install the vulnerable plugin woo-altcoin-payment-gateway version 1.7.1 3. ...

9.8CVSS9.8AI score0.00898EPSS
Exploits2
wpexploit
wpexploit
•added 2021/02/17 12:0 a.m.•232 views

Custom Banners < 3.3 - CSRF Nonce Bypass in saveCustomFields

The plugin did not properly check the CSRF nonce in the saveCustomFields method, which could allow attackers to make a logged in user with the editpost capability to save custom fields in a post. Numerous sanitisation fixes were also added to v3.3 Send a request without the my-custom-fieldswpnonc...

2.4AI score
Exploits0References3
wpexploit
wpexploit
•added 2022/08/15 12:0 a.m.•231 views

Visual Portfolio < 2.19.0 - Contributor+ CSS Injection

The plugin does not have proper authorisation checks in some of its REST endpoints, allowing users with a role as low as contributor to call them and inject arbitrary CSS in arbitrary saved layouts The postid is the ID of a saved layout As a contributor, get a REST nonce via...

5.4CVSS5.5AI score0.00416EPSS
Exploits2
wpexploit
wpexploit
•added 2022/07/21 12:0 a.m.•231 views

GREYD.SUITE < 1.2.7 - Unauthenticated File Upload to RCE

The plugin does not properly validate uploaded custom font packages, and does not perform any authorization or csrf checks, allowing an unauthenticated attacker to upload arbitrary files including php source files, leading to possible remote code execution RCE. Version 1.2.5 added CSRF checks Sen...

9.8CVSS1.5AI score0.01896EPSS
Exploits2
wpexploit
wpexploit
•added 2024/05/09 12:0 a.m.•229 views

LearnPress – WordPress LMS Plugin < 4.2.6.6 - Unauthenticated Time-Based SQL Injection

Description The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to time-based SQL Injection via the ‘termid’ parameter in versions up to, and including, 4.2.6.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL...

9.8CVSS9.7AI score0.36925EPSS
Exploits2References1
wpexploit
wpexploit
•added 2022/11/21 12:0 a.m.•229 views

Booking Calendar < 3.2.2 - Unauthenticated Arbitrary File Upload

The plugin does not validate uploaded files, which could allow unauthenticated users to upload arbitrary files, such as PHP and achieve RCE 1. As an unauthenticated user, navigate to the main WordPress page 2. Extract a valid nonce from the page source CTRL+F for "var wpdevart =", field "ajaxNonc...

9.8CVSS0.2AI score0.04493EPSS
Exploits2
wpexploit
wpexploit
•added 2023/08/14 12:0 a.m.•228 views

Multiple Themes - Reflected XSS

Description The themes suffer from the same issue about the search box reflecting the results causing XSS which allows an unauthenticated attacker to exploit against users if they click a malicious link. https://example.com/?s=katana/asd/...

6.1CVSS6.4AI score0.00972EPSS
Exploits2
wpexploit
wpexploit
•added 2023/06/29 12:0 a.m.•228 views

Ultimate Member < 2.6.7 - Unauthenticated Privilege Escalation

The plugin does not prevent visitors from creating user accounts with arbitrary capabilities, effectively allowing attackers to create administrator accounts at will. This is actively being exploited in the wild. POST /register/ HTTP/1.1 Host: wpscan-vulnerability-test-bench.ddev.site User-Agent:...

9.8CVSS9.1AI score0.72306EPSS
Exploits12References1
wpexploit
wpexploit
•added 2022/08/15 12:0 a.m.•227 views

Multivendor Marketplace Solution for WooCommerce < 3.8.12 - Unauthorised AJAX Calls

The plugin is lacking authorisation and CSRF in multiple AJAX actions, which could allow any authenticated users, such as subscriber to call them and suspend vendors reporter by the submitter or update arbitrary order status identified by WPScan when verifying the issue for example. Other...

4.3CVSS0.8AI score0.00265EPSS
Exploits2
wpexploit
wpexploit
•added 2023/11/23 12:0 a.m.•227 views

The Events Calendar < 6.2.8.1 - Unauthenticated Arbitrary Password Protected Post Read

Description The plugin discloses the content of password protected posts to unauthenticated users via a crafted request Append "?view=single-event" to a password protected post, then view the source of the page and find the post content disclosed in Example:...

7.5CVSS6.9AI score0.00776EPSS
Exploits2
wpexploit
wpexploit
•added 2024/03/26 12:0 a.m.•225 views

Responsive Gallery Grid < 2.3.11 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup 1. Navigate to "RGG Gallery" and scrol...

5.7AI score0.00492EPSS
Exploits2References1
wpexploit
wpexploit
•added 2023/06/26 12:0 a.m.•226 views

WooCommerce Stripe Payment Gateway < 7.4.1 - Subscriber+ Order Intent Update

The plugin does not properly restrict users from making a certain set of changes to other customers' orders. TODO: ADD link to Patchstack's post instead of H1 Affected functions: createpaymentintentajax updatepaymentintentajax saveupeappearanceajax updateorderstatusajax updatefailedorderajax As a...

6.5AI score0.00614EPSS
Exploits1References2
wpexploit
wpexploit
•added 2022/06/16 12:0 a.m.•225 views

WP Championship < 9.3 - Multiple CSRF

The plugin is lacking CSRF checks in various places, allowing attackers to make a logged in admin perform unwanted actions, such as create and delete arbitrary teams as well as update the plugin's settings. Due to the lack of sanitisation and escaping, it could also lead to Stored Cross-Site...

6.5CVSS0.8AI score0.00502EPSS
Exploits2
wpexploit
wpexploit
•added 2022/03/28 12:0 a.m.•225 views

Caldera Forms < 1.9.7 - Reflected Cross-Site Scripting

The plugin does not validate and escape the cf-api parameter before outputting it back in the response, leading to a Reflected Cross-Site Scripting The issue is only exploitable when there are no forms created yet...

6.1CVSS0.6AI score0.01195EPSS
Exploits2
wpexploit
wpexploit
•added 2022/01/02 12:0 a.m.•225 views

WP Photo Album Plus < 8.0.10 - Stored Cross-Site Scripting (XSS)

The plugin was vulnerable to Stored Cross-Site Scripting XSS. Error log content was handled improperly, therefore any user, even unauthenticated, could cause arbitrary javascript to be executed in the admin panel. http://127.0.0.1:8001/?search-submit=img%20src%20onerror=alert1 Then the admin neds...

6.4CVSS6AI score0.00672EPSS
Exploits2References1
wpexploit
wpexploit
•added 2021/06/02 12:0 a.m.•224 views

Stock in & out <= 1.0.4 - Authenticated SQL Injection

The plugin lacks proper sanitization before passing variables to an SQL request, making it vulnerable to SQL Injection attacks. Users with a role of contributor or higher can exploit this vulnerability...

6.5CVSS2.7AI score0.01568EPSS
Exploits2References1
wpexploit
wpexploit
•added 2022/05/02 12:0 a.m.•223 views

WP Meta SEO < 4.4.7 - Admin+ Stored Cross-Site Scripting via breadcrumbs

The plugin does not sanitise or escape the breadcrumb separator before outputting it to the page, allowing a high privilege user such as an administrator to inject arbitrary javascript into the page even when unfiltered html is disallowed. As admin, put the following payload in the Breadcrumb...

4.8CVSS0.3AI score0.00646EPSS
Exploits2
wpexploit
wpexploit
•added 2023/11/13 12:0 a.m.•222 views

Uploading SVG, WEBP and ICO files <= 1.2.1 - Author+ Stored XSS via SVG

Description The plugin does not sanitise uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads. As an author, upload an SVG file with malicious JavaScript: alert"pwned by daniloalbugrque"; Access the file through its URL to see...

6.1CVSS6.4AI score0.00932EPSS
Exploits2
wpexploit
wpexploit
•added 2023/09/20 12:0 a.m.•222 views

Defender Security < 4.1.0 - Protection Bypass (Hidden Login Page)

Description The plugin does not prevent redirects to the login page via the authredirect WordPress function, allowing an unauthenticated visitor to access the login page, even when the hide login page functionality of the plugin is enabled. Example using GravityForms to redirect to the login page...

5.3CVSS5.5AI score0.02235EPSS
Exploits3References1
wpexploit
wpexploit
•added 2023/12/29 12:0 a.m.•221 views

EventON-RSVP < 2.9.5 - Reflected XSS

Description The plugin does not sanitise and escape some parameters before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin Make a logged in admin open a page containing the code below "/...

6.1CVSS6AI score0.0042EPSS
Exploits2
wpexploit
wpexploit
•added 2023/12/15 12:0 a.m.•221 views

Duplicator < 1.3.0 - Unauthenticated RCE

Description The plugin does not properly escape values when its installer script replaces values in WordPress configuration files. If this installer script is left on the site after use, it could be use to run arbitrary code on the server. Steps to Reproduce Setup Download WAMP with the following...

9.8CVSS7AI score0.00916EPSS
Exploits2
wpexploit
wpexploit
•added 2023/06/26 12:0 a.m.•221 views

Floating Chat Widget < 3.1.2 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup Steps to Reproduce: 1. Open Chaty Plugin Dashboard...

4.8CVSS5.5AI score0.00389EPSS
Exploits2
wpexploit
wpexploit
•added 2022/07/18 12:0 a.m.•221 views

WPDating <= 7.1.9 - Multiple SQL Injection Issues

The plugin does not properly escape user input before concatenating it to certain SQL queries, leading to multiple SQL injection vulnerabilities. http://vulnerable-site.tld/wp-content/plugins/dspdating/m1/postone.php?senderid=senderidsleep10&receiverid=senderidsleep10...

9.8CVSS1.6AI score0.0089EPSS
Exploits2
wpexploit
wpexploit
•added 2022/07/07 12:0 a.m.•221 views

Copyright Proof <= 4.16 - Reflected Cross-Site-Scripting

The plugin does not sanitise and escape a parameter before outputting it back via an AJAX action available to both unauthenticated and authenticated users, leading to a Reflected Cross-Site Scripting when a specific setting is enabled. To make it easier to verify the vulnerability without the nee...

6.1CVSS6.1AI score0.00922EPSS
Exploits2
wpexploit
wpexploit
•added 2022/03/01 12:0 a.m.•221 views

WordPress File Upload < 4.16.3 - Contributor+ Path Traversal to RCE

The plugin allows users with a role as low as Contributor to perform path traversal via a shortcode argument, which can then be used to upload a PHP code disguised as an image inside the auto-loaded directory of the plugin, resulting in arbitrary code execution. As a contributor or above, add the...

8.8CVSS0.4AI score0.02849EPSS
Exploits2References1
wpexploit
wpexploit
•added 2021/07/28 12:0 a.m.•221 views

Admin Custom Login < 3.2.8 - CSRF to Stored XSS

The Admin Custom Login WordPress plugin is vulnerable to Cross-Site Request Forgery due to the loginbgSave action found in the /includes/Login-form-setting/Login-form-background.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 3.2.7. input...

6.8CVSS8.7AI score0.007EPSS
Exploits2References1
wpexploit
wpexploit
•added 2023/03/27 12:0 a.m.•220 views

Newsletter < 7.6.9 - Reflected XSS

The plugin does not escape generated URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as administrators Make a logged in admin open...

6.1CVSS5.7AI score0.01198EPSS
Exploits1References1
wpexploit
wpexploit
•added 2022/07/08 12:0 a.m.•220 views

Counter Box < 1.2.1 - Arbitrary Counter Activation/Deactivation via CSRF

The plugin is lacking CSRF check when activating and deactivating counters, which could allow attackers to make a logged in admin perform such actions via CSRF attacks https://example.com/wp-admin/admin.php?page=counter-box&id=1&action=activate...

8.8CVSS4.4AI score0.00443EPSS
Exploits2
wpexploit
wpexploit
•added 2022/05/02 12:0 a.m.•220 views

WP Contacts Manager <= 2.2.4 - Unauthenticated SQLi

The plugin fails to properly sanitize user supplied POST data before it is being interpolated in an SQL statement and then executed, leading to an SQL injection vulnerability. curl 'http://127.0.0.1:8080/wp-admin/admin-ajax.php?action=WPContactsManagercall&type=get-contact' \ --data '"id":"1\u002...

9.8CVSS1AI score0.01568EPSS
Exploits2
wpexploit
wpexploit
•added 2022/07/12 12:0 a.m.•219 views

weForms < 1.6.14 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. On the dashboard navigate to weForms All Forms Add Form Choose Contact Form; Click Create Form Settings...

4.8CVSS0.6AI score0.00493EPSS
Exploits2
wpexploit
wpexploit
•added 2022/04/13 12:0 a.m.•219 views

SEMA API < 4.02 - Unauthenticated SQLi

The plugin does not properly sanitise and escape some parameters before using them in SQL statements via an AJAX action, leading to SQL Injections exploitable by unauthenticated users v 3.64: curl http://example.com/wp-admin/admin-ajax.php --data 'action=getsemadata&type=attributes&catid=-3 UNION...

9.8CVSS1.6AI score0.01779EPSS
Exploits2
wpexploit
wpexploit
•added 2022/02/28 12:0 a.m.•219 views

SEO Plugin by Squirrly SEO < 11.1.12 - Reflected Cross-Site Scripting

The plugin does not escape the type parameter before outputting it back in an attribute in an admin page, leading to a Reflected Cross-Site Scripting...

6.1CVSS1.2AI score0.00788EPSS
Exploits2
Total number of security vulnerabilities4359