Lucene search
K
WpexploitMost viewed

4359 matches found

wpexploit
wpexploit
•added 2022/01/26 12:0 a.m.•219 views

WP Responsive Menu < 3.1.7.1 - Subscriber+ Settings Update to Stored XSS

The plugin does not have capability and CSRF checks in the wprliveupdate AJAX action, as well as do not sanitise and escape some of the data submitted. As a result, any authenticated, such as subscriber could update the plugin's settings and perform Cross-Site Scripting attacks against all visito...

5.4CVSS5.3AI score0.00591EPSS
Exploits2
wpexploit
wpexploit
•added 2022/05/23 12:0 a.m.•218 views

KiviCare < 2.3.9 - Unauthenticated SQLi

The plugin does not sanitise and escape some parameters before using them in SQL statements via the ajaxpost AJAX action with the getdoctordetails route, leading to SQL Injections exploitable by unauthenticated users With at least one doctor created via the plugin: v 2.3.4 curl...

9.8CVSS1.9AI score0.11485EPSS
Exploits2
wpexploit
wpexploit
•added 2021/02/08 12:0 a.m.•218 views

Welcart e-Commerce < 2.1.1 - Authenticated SQL Injection

The Welcart e-Commerce WordPress plugin, less than version 2.1.1 and possibly below, was vulnerable to authenticated SQLI Injection in the searchordercolumn0 POST parameter of the "/wp-admin/admin.php?page=uscesorderlist" page. Refer to references...

2.9AI score
Exploits0References1
wpexploit
wpexploit
•added 2022/07/11 12:0 a.m.•217 views

Featured Image from URL < 4.0.1 - Admin+ Stored Cross-Site Scripting

The plugin does not validate, sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfilteredhtml capability is disallowed for example in multisite setup POST...

4.8CVSS4.7AI score0.00493EPSS
Exploits2
wpexploit
wpexploit
•added 2023/06/05 12:0 a.m.•216 views

Ultimate Product Catalog < 5.2.6 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup 1. Navigate to the plugin setup page. 2. Go to the...

4.8CVSS8.4AI score0.00501EPSS
Exploits2
wpexploit
wpexploit
•added 2022/11/28 12:0 a.m.•216 views

JobBoardWP < 1.2.2 - Unauthenticated Arbitrary File Upload

The plugin does not properly validate file names and types in its file upload functionalities, allowing unauthenticated users to upload arbitrary files such as PHP. Setup: 1. Install the vulnerable plugin jobboardwp version 1.2.1 2. In the toast message that appears on the plugin's installation...

7.5CVSS0.1AI score0.01354EPSS
Exploits2
wpexploit
wpexploit
•added 2022/08/08 12:0 a.m.•216 views

Leaflet Maps Marker < 3.12.5 - Admin+ SQLi

The plugin does not properly sanitize some parameters before inserting them into SQL queries. As a result, high privilege users could perform SQL injection attacks. PoC for filter-operator1 parameter: POST...

7.2CVSS0.6AI score0.01062EPSS
Exploits2
wpexploit
wpexploit
•added 2024/01/03 12:0 a.m.•215 views

MapPress Maps for WordPress < 2.88.14 - Contributor+ Stored XSS

Description The plugin does not sanitize and escape the Point of Interest Title and Description options in a map, allowing Contributor and above role to perform Stored Cross-Site Scripting attacks As a contributor, add/edit a Map and search any location you want. Add XSS Payload on Location’s...

6.4CVSS5.6AI score0.00547EPSS
Exploits2References2
wpexploit
wpexploit
•added 2022/07/11 12:0 a.m.•215 views

YaySMTP < 2.2.1 - Subscriber+ SMTP Credentials Leak

The plugin does not have capability check before displaying the Mailer Credentials in JS code for the settings, allowing any authenticated users, such as subscriber to retrieve them Install the plugin and configure any mailer other than Default. Access the wp-admin area with a Subscriber+ user an...

6.5CVSS0.00744EPSS
Exploits2
wpexploit
wpexploit
•added 2024/02/02 12:0 a.m.•214 views

JobSearch WP Job Board < 2.3.4 - Arbitrary File Upload to RCE

Description The plugin does not validate files to be uploaded, which could allow unauthenticated attackers to upload arbitrary files such as PHP on the server Navigate to the site, and paste the following in your browser's console: fetch'/wp-admin/admin-ajax.php', method: 'POST', headers:...

7.2AI score0.00602EPSS
Exploits2
wpexploit
wpexploit
•added 2023/09/27 12:0 a.m.•214 views

Collapse-O-Matic <= 1.8.5.5 - Contributor+ Stored XSS

Description The plugin does not validate and escape some parameters, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks As a Contributor user create a new post and add a shortcode containing the following payload: expand elwraptag="img...

6.5CVSS5.3AI score0.00328EPSS
Exploits1References1
wpexploit
wpexploit
•added 2022/11/21 12:0 a.m.•214 views

Motors - Car Dealer, Classifieds & Listing < 1.4.4 - Arbitrary File Upload

The plugin does not properly validate uploaded files for dangerous file types such as .php in an AJAX action, allowing an attacker to sign up on a victim's WordPress instance, upload a malicious PHP file and attempt to launch a brute-force attack to discover the uploaded payload. This PoC was...

8.8CVSS0.2AI score0.01048EPSS
Exploits2
wpexploit
wpexploit
•added 2022/07/11 12:0 a.m.•214 views

Featured Image from URL < 4.0.0 - Arbitrary Settings Update to Stored XSS via CSRF

The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack. Furthermore, due to the lack of validation, sanitisation and escaping in some of them, it could also lead to Stored XSS issues All settings...

6.1CVSS0.8AI score0.0051EPSS
Exploits2
wpexploit
wpexploit
•added 2022/06/06 12:0 a.m.•214 views

XCloner < 4.3.6 - Plugin Settings Reset

The plugin does not have authorisation and CSRF checks when resetting its settings, allowing unauthenticated attackers to reset them, including generating a new backup encryption key. v4.3.5 added capability check, but CSRF one still missing. v...

4.3CVSS1.1AI score0.00283EPSS
Exploits2
wpexploit
wpexploit
•added 2022/05/30 12:0 a.m.•214 views

Coming Soon and Maintenance by Colorlib < 1.0.99 - Admin+ Stored Cross Site Scripting

The plugin does not sanitize and escape some settings, allowing high privilege users such as admin to perform Stored Cross-Site Scripting when unfilteredhtml is disallowed for example in multisite setup Put the following payload in the "Google Analytics" settings of the plugin in the General...

4.8CVSS4.8AI score0.00557EPSS
Exploits2
wpexploit
wpexploit
•added 2021/07/08 12:0 a.m.•214 views

Astra Pro Addon < 3.5.2 - Unauthenticated SQL Injection

The plugin did not properly sanitise or escape some of the POST parameters from the astrapaginationinfinite and astrashoppaginationinfinite AJAX action available to both unauthenticated and authenticated user before using them in SQL statement, leading to an SQL Injection issues Via...

7.5CVSS0.9AI score0.11004EPSS
Exploits2References1
wpexploit
wpexploit
•added 2021/06/14 12:0 a.m.•214 views

wpForo Forum < 1.9.7 - Open Redirect

The plugin did not validate the redirectto parameter in the login form of the forum, leading to an open redirect issue after a successful login. Such issue could allow an attacker to induce a user to use a login URL redirecting to a website under their control and being a replica of the legitimat...

6.1CVSS0.9AI score0.03379EPSS
Exploits2
wpexploit
wpexploit
•added 2021/06/07 12:0 a.m.•214 views

Smart Slider 3 < 3.5.0.9 - Authenticated Stored Cross-Site Scripting (XSS)

The plugin did not sanitise the Project Name before outputting it back in the page, leading to a Stored Cross-Site Scripting issue. By default, only administrator users could access the affected functionality, limiting the exploitability of the vulnerability. However, some WordPress admins may...

5.4CVSS0.2AI score0.00676EPSS
Exploits2References3
wpexploit
wpexploit
•added 2021/04/02 12:0 a.m.•214 views

Business Hours Pro <= 5.5.0 - Unauthenticated Arbitrary File Upload to RCE

The plugin allows a remote attacker to upload arbitrary files using its manual update functionality, leading to an unauthenticated remote code execution vulnerability. Note WPScanTeam: - The issue has been escalated to Envato on March 30th, 2021 and the plugin has been removed from the...

7.5CVSS1.6AI score0.03037EPSS
Exploits1References1
wpexploit
wpexploit
•added 2023/12/18 12:0 a.m.•213 views

Essential Real Estate < 4.4.0 - Subscriber+ Stored XSS

Description The plugin does not apply proper capability checks on its AJAX actions, which among other things, allow attackers with a subscriber account to conduct Stored XSS attacks. 1. Login with a subscriber account, and visit https://vulnerable-site.tld/wp-admin/profile.php?action=delete 2...

5.4CVSS5.8AI score0.00403EPSS
Exploits2
wpexploit
wpexploit
•added 2023/11/30 12:0 a.m.•213 views

WP Sessions Time Monitoring Full Automatic < 1.0.9 - Unauthenticated SQL injection

Description The plugin does not sanitize the request URL or query parameters before using them in an SQL query, allowing unauthenticated attackers to extract sensitive data from the database via blind time based SQL injection techniques, or in some cases an error/union based technique. Blind time...

7.5CVSS8.2AI score0.02221EPSS
Exploits2
wpexploit
wpexploit
•added 2023/11/21 12:0 a.m.•213 views

Quttera Web Malware Scanner < 3.4.2.1 - Directory Listing to Sensitive Data Exposure

Description The plugin doesn't restrict access to detailed scan logs, which allows a malicious actor to discover local paths and portions of the site's code http://yoursite/wordpress/wp-content/plugins/quttera-web-malware-scanner/runtime.log...

5.3CVSS9.3AI score0.18697EPSS
Exploits2References1
wpexploit
wpexploit
•added 2023/10/09 12:0 a.m.•213 views

Campaign Monitor Forms < 2.5.6 - Subscriber+ Arbitrary Options Update

Description The plugin does not prevent users with low privileges like subscribers from overwriting any options on a site with the string "true", which could lead to a variety of outcomes, including DoS. Once the site gets at least 25 conversions using the plugin, a notice will show up on the...

8.1CVSS7.1AI score0.0058EPSS
Exploits2
wpexploit
wpexploit
•added 2023/04/12 12:0 a.m.•213 views

hiWeb Migration Simple <= 2.0.0.1 Reflected Cross-Site Scripting

The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high-privilege users such as admins. The hiweb-migration-simple plugin is vulnerable to POST based XSS on endpoint...

8.7AI score0.00476EPSS
Exploits2
wpexploit
wpexploit
•added 2022/05/30 12:0 a.m.•213 views

Newsletter < 7.4.6 - Admin+ Stored Cross-Site Scripting

The plugin does not escape and sanitise the preheadertext setting, which could allow high privilege users to perform Stored Cross-Site Scripting attacks when the unfilteredhtml is disallowed Go to Newsletters of Newsletter at wordpress admin panel eg...

4.8CVSS0.3AI score0.00552EPSS
Exploits2
wpexploit
wpexploit
•added 2024/02/01 12:0 a.m.•212 views

Fancy Comments WordPress < 1.2.15 - Contributor+ Stored XSS

Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admin Put...

6.3AI score
Exploits0
wpexploit
wpexploit
•added 2024/01/17 12:0 a.m.•212 views

popup-builder < 4.2.6 - Admin+ SSRF & File Read

Description The plugin does not validate a parameter before making a request to it, which could allow users with the administrator role to perform SSRF attack in Multisite WordPress configurations. 1. Create a multi-site wordpress setup, i.e. using docker-containers, and setup a second "site" wit...

6.7AI score0.00812EPSS
Exploits2
wpexploit
wpexploit
•added 2024/01/10 12:0 a.m.•212 views

EventON (Free < 2.2.9, Premium < 4.5.9) - Unauthenticated Virtual Event Settings Update

Description The plugins do not have authorisation and CSRF in some AJAX actions, allowing unauthenticated users to update virtual events settings, such as meeting URL, moderator, access details etc To set the Meeting URL to https://attacker.com/ on the Virtual Event with ID 240: curl -X POST --da...

5.3CVSS5.4AI score0.00411EPSS
Exploits1
wpexploit
wpexploit
•added 2023/08/21 12:0 a.m.•212 views

WP Adminify < 3.1.6 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup Several fields in the plugin are...

4.8CVSS4.8AI score0.00399EPSS
Exploits2
wpexploit
wpexploit
•added 2023/08/17 12:0 a.m.•212 views

tagDiv Composer < 4.2 - Admin+ Stored XSS

Description The plugin, used as a companion by the Newspaper and Newsmag themes from tagDiv, does not validate and escape some settings, which could allow users with Admin privileges to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example i...

4.8CVSS4.9AI score0.00377EPSS
Exploits2
wpexploit
wpexploit
•added 2022/03/01 12:0 a.m.•212 views

OSMapper <= 2.1.5 - Unauthenticated Arbitrary Post Deletion

The plugin contains an AJAX action to delete a plugin related post type named 'map' and is registered with the wpajaxnopriv prefix, making it available to unauthenticated users. There is no authorisation, CSRF and checks in place to ensure that the post to delete is a map one. As a result,...

5.3CVSS1.2AI score0.00519EPSS
Exploits2
wpexploit
wpexploit
•added 2021/02/10 12:0 a.m.•212 views

Responsive Menu < 4.0.4 - CSRF to Arbitrary File Upload

"Attackers could craft a request and trick an administrator into uploading a zip archive containing malicious PHP files. The attacker could then access those files to achieve remote code execution and further infect the targeted site." function submitRequest var xhr = new XMLHttpRequest;...

2.1AI score0.01249EPSS
Exploits2References1
wpexploit
wpexploit
•added 2024/03/25 12:0 a.m.•211 views

Testimonial Slider < 2.3.8 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup 1. Go to "Testimonial Shortcode" 2. Ad...

5.7AI score0.00442EPSS
Exploits2
wpexploit
wpexploit
•added 2022/08/15 12:0 a.m.•211 views

Visual Portfolio < 2.18.0 - Unauthenticated CSS Injection

The plugin does not have proper authorisation checks in some of its REST endpoints, allowing unauthenticated users to call them and inject arbitrary CSS in arbitrary saved layouts The postid is the ID of a saved layout...

6.1CVSS1.9AI score0.00477EPSS
Exploits2
wpexploit
wpexploit
•added 2022/02/11 12:0 a.m.•211 views

Email Subscribers & Newsletters < 5.3.2 - Unauthenticated arbitrary option update

The plugin lacks both authentication and nonce checks in its esdismissadminnotice function, allowing an external attacker to set arbitrary plugin options to "yes". https://example.com/?optionname=userroles&esdismissadminnotice=1 This will set the option igesuserroles to "yes"...

3.3AI score
Exploits0
wpexploit
wpexploit
•added 2021/04/21 12:0 a.m.•211 views

Woocommerce < 5.2.0 - Authenticated Stored Cross-Site Scripting (XSS)

When taxes are enabled, the "Additional tax classes" field was not properly sanitised or escaped before being output back in the admin dashboard, allowing high privilege users such as admin to use XSS payloads even when the unfilteredhtml is disabled Enable taxes...

3.5CVSS0.7AI score0.00743EPSS
Exploits2
wpexploit
wpexploit
•added 2023/06/05 12:0 a.m.•210 views

FormCraft Premium < 3.9.7 - Admin+ SQLi

The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin. 1. View the plugin settings and intercept the request and add the payload sortOrder=ASC%2cselectfromselectsleep20a 2. See...

7.2CVSS9.8AI score0.0085EPSS
Exploits2
wpexploit
wpexploit
•added 2022/06/28 12:0 a.m.•210 views

Custom Product Tabs for WooCommerce < 1.7.8 - Unauthenticated Toggle Content Setting Update

The plugin does not have proper authorisation in one of its REST endpoint, allowing unauthenticated users to update the "Toggle thecontent filter" setting POST /wp-json/yikes/cpt/v1/settings HTTP/1.1 Accept: / Accept-Language: en-GB,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type:...

5.3CVSS0.3AI score0.01226EPSS
Exploits1
wpexploit
wpexploit
•added 2022/06/06 12:0 a.m.•210 views

NextCellent Gallery <= 1.9.35 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its image settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfilteredhtml capability is disallowed for example in multisite setup Create/edit a gallery with at least one image, pu...

4.8CVSS4.7AI score0.00552EPSS
Exploits2
wpexploit
wpexploit
•added 2021/05/16 12:0 a.m.•210 views

Listeo < 1.6.11 - Multiple XSS & XFS vulnerabilities

The theme did not properly sanitise some parameters in its Search, Booking Confirmation and Personal Message pages, leading to Cross-Site Scripting issues - Unauthenticated Reflected XSS | Search query, vulnerable parameters: keywordsearch and locationsearch - Authenticated Persistent XSS & XFS |...

6.1CVSS0.2AI score0.00932EPSS
Exploits2References1
wpexploit
wpexploit
•added 2020/08/19 12:0 a.m.•210 views

Change WordPress Login Logo < 1.1.5 - Authenticated Stored Cross-Site Scripting

The height, and width fields used to update the custom logo was found to be vulnerable to stored XSS, as they did not sanitize user input properly before publishing the changes. It is triggered when a user loads the login page. Set the following payload as Height or Width in the plugin's settings...

6.8AI score
Exploits0References2
wpexploit
wpexploit
•added 2023/11/29 12:0 a.m.•209 views

rtMedia for WordPress, BuddyPress and bbPress < 4.6.16 - Admin+ RCE

Description The plugin loads the contents of the import file in an unsafe manner, leading to remote code execution by privileged users. 1. As an admin, visit rtMedia Settings Export/Import. 2. Click the "Browse File" button beside "Import rtMedia Settings". 3. Upload a file with the extension .js...

7.2CVSS7.6AI score0.01331EPSS
Exploits2
wpexploit
wpexploit
•added 2023/04/10 12:0 a.m.•209 views

SEOPress < 6.5.0.3 - Admin+ PHP Object Injection

The plugin unserializes user input provided via the settings, which could allow high-privilege users such as admin to perform PHP Object Injection when a suitable gadget is present. To simulate a gadget chain, put the following code in a plugin: class Evil public function wakeup : void...

7.2CVSS6.5AI score0.18505EPSS
Exploits2
wpexploit
wpexploit
•added 2022/11/21 12:0 a.m.•209 views

Welcart e-Commerce < 2.8.4 - Multiple Subscriber+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some parameters, which could allow any authenticated users, such as subscriber to perform Stored Cross-Site Scripting attacks add new payment method with XSS exploit: fetch'http://localhost/tester-wp/wp-admin/admin-ajax.php', method: 'POST', headers: new...

5.4CVSS0.00468EPSS
Exploits2
wpexploit
wpexploit
•added 2022/09/06 12:0 a.m.•209 views

WP Socializer < 7.3 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its Icons settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup Activate the Share Icons feature of the...

4.8CVSS4.7AI score0.00591EPSS
Exploits2
wpexploit
wpexploit
•added 2022/07/12 12:0 a.m.•209 views

Discy < 5.0 - Subscriber+ Broken Access Control to change settings

The theme lacks authorization checks then processing ajax requests to the discyupdateoptions action, allowing any logged in users with privileges as low as Subscriber, to change the theme options by sending a crafted POST request. POST /wp-admin/admin-ajax.php HTTP/1.1 Content-Type:...

6.5CVSS2.4AI score0.00623EPSS
Exploits2
wpexploit
wpexploit
•added 2022/08/03 12:0 a.m.•208 views

MailChimp for Woocommerce < 2.7.1 - Subscriber+ SSRF

The plugin has an AJAX action that allows any logged in users such as subscriber to perform a POST request on behalf of the server to the internal network/LAN, the body of the request is also appended to the response so it can be used to scan private network for example As any logged in user:...

4.3CVSS0.2AI score0.00585EPSS
Exploits2
wpexploit
wpexploit
•added 2022/05/17 12:0 a.m.•208 views

iQ Block Country <= 1.2.18 - Protection Bypass due to IP Spoofing

The plugin does not properly checks HTTP headers in order to validate the origin IP address, allowing threat actors to bypass it's block feature by spoofing the headers. curl -i -H 'CF-CONNECTING-IP: 0.0.0.0' https://example.com...

7.5CVSS1.2AI score0.01191EPSS
Exploits2
wpexploit
wpexploit
•added 2019/07/01 12:0 a.m.•208 views

WP Statistics <= 12.6.6.1 - Unauthenticated Blind SQL Injection

An endpoint of the API, which is exposed when the 'use cache plugin' setting is enabled by default disabled, is vulnerable to an unauthenticated blind SQLi issue. time curl -X POST 'http://host/wp-json/wpstatistics/v1/hit' --data...

7.5CVSS1.1AI score0.02605EPSS
Exploits2References1
wpexploit
wpexploit
•added 2023/06/05 12:0 a.m.•207 views

Accordion & FAQ < 1.9.9 - Reflected XSS

The plugin does not escape various generated URLs, before outputting them in attributes when some notices are displayed, leading to Reflected Cross-Site Scripting Make a logged-in admin open one of the URLs below when the feature notice has not been dismissed yet...

6.1CVSS6.3AI score0.00486EPSS
Exploits2
Total number of security vulnerabilities4359