Lucene search
K
WpexploitMost viewed

4359 matches found

wpexploit
wpexploit
added 2024/05/31 12:0 a.m.195 views

PayPal Pay Now, Buy Now, Donation and Cart Buttons Shortcode <= 1.7 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup 1. Go to...

5.6AI score0.00319EPSS
Exploits2
wpexploit
wpexploit
added 2024/05/10 12:0 a.m.195 views

Migration Backup Restore < 3.5.0 - Admin+ SSRF

Description The plugin does not prevent users with the administrator role from pinging conducting SSRF attacks, which may be a problem in multisite configurations. 1. Click on "Upload Backup" and add http://127.0.0.1:XXX/123.wpstg - "Upload". If the port is open it will return an error "Not Found...

9.4AI score0.00591EPSS
Exploits2References1
wpexploit
wpexploit
added 2023/11/28 12:0 a.m.195 views

BSK Forms Blacklist < 3.7 - Admin+ Stored Cross-Site Scripting

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. 1. In the plugin settings ex:...

4.8CVSS7.3AI score0.00379EPSS
Exploits2
wpexploit
wpexploit
added 2023/11/10 12:0 a.m.195 views

Welcart e-Commerce < 2.9.5 - Subscriber+ Arbitrary File Upload

Description The plugin does not validate files to be uploaded, as well as does not have authorisation and CSRF in an AJAX action handling such upload. As a result, any authenticated users, such as subscriber could upload arbitrary files, such as PHP on the server Setup As admin: - Go the the...

8.8CVSS7.4AI score0.00479EPSS
Exploits2
wpexploit
wpexploit
added 2023/06/08 12:0 a.m.195 views

Kanban Boards for WordPress < 2.5.21 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup 1. Go to...

4.8CVSS5.4AI score0.00548EPSS
Exploits2
wpexploit
wpexploit
added 2022/07/11 12:0 a.m.195 views

CAPTCHA 4WP < 7.1.0 - Local File Inclusion via CSRF

The plugin lets user input reach a sensitive requireonce call in one of its admin-side templates. This can be abused by attackers, via a Cross-Site Request Forgery attack to run arbitrary code on the server. 1 Create a malicious PHP script $ echo ' shell.php 2 Add it to a fake .doc file, who will...

8.8CVSS0.7AI score0.00489EPSS
Exploits2
wpexploit
wpexploit
added 2024/04/05 12:0 a.m.194 views

Salon booking system < 9.6.6 - Editor+ Stored XSS via Email Settings

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin or editor depending on plugin configuration to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite...

5.6AI score0.00465EPSS
Exploits2
wpexploit
wpexploit
added 2024/01/04 12:0 a.m.194 views

Relevanssi (Free < 4.22.0, Premium < 2.25.0) - Unauthenticated Private/Draft Post Disclosure

Description The plugin allows any unauthenticated user to read draft and private posts via a crafted request https://example.com/?poststatus=draft https://example.com/?poststatus=private...

5.3CVSS6.7AI score0.00616EPSS
Exploits2References1
wpexploit
wpexploit
added 2023/12/21 12:0 a.m.194 views

EazyDocs < 2.3.6 - Subscriber+ Arbitrary Posts Deletion and Document Management

Description The plugin does not have authorization and CSRF checks when handling documents and does not ensure that they are documents from the plugin, allowing any authenticated users, such as subscriber to delete arbitrary posts, as well as add and delete documents/sections. 1. Install the...

7.5CVSS6.8AI score0.00248EPSS
Exploits3
wpexploit
wpexploit
added 2023/10/16 12:0 a.m.194 views

Awesome Support < 6.1.5 - Submitter+ Arbitrary File Deletion

Description The plugin does not sanitize file paths when deleting temporary attachment files, allowing a ticket submitter to delete arbitrary files on the server. 1. Visit Tickets Settings File Upload 2. Ensure "Enable File Upload", "Enable drag-n-drop uploader for ticket form", and "Check this t...

8.1CVSS6.7AI score0.0066EPSS
Exploits2
wpexploit
wpexploit
added 2023/09/21 12:0 a.m.194 views

DoLogin Security < 3.7.1 - Subscriber+ IP Address leak

Description The plugin does not restrict the access of a widget that shows the IPs of failed logins to low privileged users. Just login to subscriber account and go to: http://localhost/wp-admin/index.phplog...

6.5CVSS6.5AI score0.00861EPSS
Exploits1
wpexploit
wpexploit
added 2023/09/19 12:0 a.m.194 views

File Manager Pro < 1.8.1 - Admin+ Stored Cross-Site Scripting

Description The plugin does not adequately validate and escape some inputs, leading to XSS by high-privilege users. As an admin, open the File Manager and run the following JS code: fetch"http://localhost:10008/wp-admin/admin-ajax.php", "headers": "content-type": "application/x-www-form-urlencode...

4.8CVSS5AI score0.00402EPSS
Exploits2
wpexploit
wpexploit
added 2023/07/17 12:0 a.m.194 views

MultiParcels Shipping For WooCommerce < 1.15.4 - Reflected XSS

Description The plugin does not sanitise and escape various parameters before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin Note: The issue was fixed in 1.14.15 but re-introduced in 1.14.16 Make a logged ...

6.1CVSS6.2AI score0.00396EPSS
Exploits2
wpexploit
wpexploit
added 2023/03/20 12:0 a.m.194 views

Hummingbird < 3.4.2 - Unauthenticated Path Traversal

The plugin does not validate the generated file path for page cache files before writing them, leading to a path traversal vulnerability in the page cache module. This allows an attacker to: - Enumerate file system directories where the user who starts the web server process has write access. -...

9.8CVSS9.1AI score0.01119EPSS
Exploits2
wpexploit
wpexploit
added 2021/02/10 12:0 a.m.194 views

Map Block for Google Maps < 1.32 - Unauthorised Google API Key change

The gmwmapblocksavekey AJAX action, available to both authenticated and unauthenticated users did not have any check in place to prevent unauthorised change of the Google API key...

0.8AI score
Exploits0References1
wpexploit
wpexploit
added 2023/04/26 12:0 a.m.193 views

SEO ALert <= 1.59 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. 1. Go to Vanilla Beans » SEO Alert. 2. In "Slack...

5.4AI score0.00472EPSS
Exploits3
wpexploit
wpexploit
added 2022/08/10 12:0 a.m.193 views

Best Payments Plugin for WP < 4.2.1 - Unauthenticated Stored Cross-Site Scripting

The plugin does not sanitise and escape user input given in its forms, which could allow unauthenticated attackers to perform Cross-Site Scripting attacks against admins As unauthenticated, on a page/post where there is a contact form created via the plugin, put the following payload in the Name,...

7.2CVSS0.5AI score0.00568EPSS
Exploits2
wpexploit
wpexploit
added 2021/01/15 12:0 a.m.193 views

Simple Job Board < 2.9.4 - Authenticated Path Traversal Leading to Arbitrary File Download

The plugin does not validate the sjbfile parameter when viewing a resume, allowing authenticated user with the downloadresume capability such as HR users to download arbitrary files from the web-server via a path traversal attack The sjbfile parameter to use may depends on the configuration of th...

4CVSS0.4AI score0.30479EPSS
Exploits7References2
wpexploit
wpexploit
added 2024/01/19 12:0 a.m.192 views

lasTunes <= 3.6.1 - Settings Update via CSRF

Description The plugin does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack ' ' document.forms0...

9AI score0.00199EPSS
Exploits2
wpexploit
wpexploit
added 2023/09/19 12:0 a.m.192 views

File Manager Pro < 1.8.1 - Admin+ Remote Code Execution

Description The plugin allows admin users to upload arbitrary files, even in environments where such a user should not be able to gain full control of the server, such as a multisite installation. This leads to remote code execution. As an admin, use the File Manager UI to upload a file shell.php...

7.2CVSS7.5AI score0.01331EPSS
Exploits2
wpexploit
wpexploit
added 2023/06/19 12:0 a.m.192 views

MStore API < 3.9.9 - Unauthenticated Privilege Escalation

The plugin does not prevent visitors from creating user accounts with the role of their choice via their wholesale REST API endpoint. This is only exploitable if the site owner paid to access the plugin's pro features. 1 Simulate the site has a valid Pro API key by running the following in WP CLI...

9.8CVSS9.1AI score0.01728EPSS
Exploits2
wpexploit
wpexploit
added 2022/03/21 12:0 a.m.192 views

Advanced Booking Calendar < 1.7.1 - Admin+ SQLi

The plugin does not sanitise and escape the id parameter when editing Calendars, which could allow high privilege users such as admin to perform SQL injection attacks Edit an existing Seasons & Calendars /wp-admin/admin.php?page=advanced-booking-calendar-show-seasons-calendars and tamper the id...

7.2CVSS0.2AI score0.01461EPSS
Exploits2References1
wpexploit
wpexploit
added 2021/07/02 12:0 a.m.192 views

Workreap < 2.2.2 - Multiple CSRF + IDOR Vulnerabilities

Several AJAX actions available in the theme lacked CSRF protections, as well as allowing insecure direct object references that were not validated. This allows an attacker to trick a logged in user to submit a POST request to the vulnerable site, potentially modifying or deleting arbitrary object...

5.8CVSS0.6AI score0.00646EPSS
Exploits2References1
wpexploit
wpexploit
added 2017/05/05 12:0 a.m.192 views

WordPress 2.3-4.8.3 - Host Header Injection in Password Reset

Description Attacker may be able to set the 'From' email header in password reset emails. curl -H "Host: www.evil.com" --data "userlogin=admin&redirectto=&wp-submit=Get+New+Password" http://example.com/wp-login.php?action=lostpassword...

5.9CVSS6.2AI score0.26699EPSS
Exploits7References2
wpexploit
wpexploit
added 2024/06/11 12:0 a.m.191 views

Rank Math SEO < 1.0.219 - Authenticated Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow users with access to the General Settings by default admin, however such access can be given to lower roles via the Role Manager feature of the plugin to perform Stored Cross-Site Scripting attacks even wh...

5.8AI score0.00391EPSS
Exploits2
wpexploit
wpexploit
added 2024/05/14 12:0 a.m.191 views

Insert or Embed Articulate Content into WordPress <= 4.3000000023 - Iframe Injection

Description The plugin lacks validation of URLs when adding iframes, allowing attackers to inject an iFrame in the page and thus load arbitrary content from any page. 1 Create a new post 2 Add and e-Learning block and upload a zip file 3 Select the "Insert As: Iframe" option 4 Intercept the reque...

5.4CVSS6.8AI score0.00202EPSS
Exploits2References1
wpexploit
wpexploit
added 2023/05/31 12:0 a.m.191 views

File Manager Advanced Shortcode <= 2.3.2 - Unauthenticated Remote Code Execution through shortcode

The plugin does not adequately prevent uploading files with disallowed MIME types when using the shortcode. This leads to RCE in cases where the allowed MIME type list does not include PHP files. In the worst case, this is available to unauthenticated users. 1. Add the following shortcode to a...

9.8CVSS9.3AI score0.3962EPSS
Exploits8
wpexploit
wpexploit
added 2022/07/07 12:0 a.m.191 views

Shortcode For Current Date < 2.1.7 - Contributor+ Stored Cross-Site Scripting

The plugin does not escape the some of its shortcode's attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks currentdate format='d/m/Y' size="10px;position:absolute;top:0;left:0;max-width:9999px;width:9999px;height:9999px'...

1.2AI score
Exploits0
wpexploit
wpexploit
added 2022/02/17 12:0 a.m.191 views

ARI Fancy Lightbox < 1.3.9 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape the msg parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting https://example.com/wp-admin/admin.php?page=ari-fancy-lightbox&msg=%3Cimg+src+onerror%3Dalert%28/XSS/%29%3E...

0.8AI score0.00863EPSS
Exploits2References1
wpexploit
wpexploit
added 2022/02/01 12:0 a.m.191 views

Page Views Count < 2.4.15 - Unauthenticated SQL Injection

The plugin does not sanitise and escape the postids parameter before using it in a SQL statement via a REST endpoint, available to both unauthenticated and authenticated users. As a result, unauthenticated attackers could perform SQL injection attacks...

9.8CVSS3AI score0.14783EPSS
Exploits2
wpexploit
wpexploit
added 2023/10/09 12:0 a.m.190 views

WordPress File Sharing Plugin < 2.0.5 - Subscriber+ Sensitive Data and Files Exposure via IDOR

Description The plugin does not check authorization before displaying files and folders, allowing users to gain access to those filed by manipulating IDs which can easily be brute forced 1. Create a private folder that contains a file that you intend keep secret. 2. Add the plugin shortcode...

4.3CVSS4.9AI score0.00487EPSS
Exploits2References1
wpexploit
wpexploit
added 2023/08/07 12:0 a.m.190 views

GDPR Cookie Compliance < 4.12.5 - License Update/Deactivation via CSRF

Description The plugin does not have proper CSRF checks when managing its license, which could allow attackers to make logged in admins update and deactivate the plugin's license via CSRF attacks Make a logged in admin open a page with the code below To make them deactivate the license To make th...

6.5CVSS7.3AI score0.00269EPSS
Exploits2
wpexploit
wpexploit
added 2023/06/26 12:0 a.m.190 views

WooCommerce Google Sheet Connector <= 1.3.5 - Access Code Update via CSRF

The plugin does not have CSRF check when updating its Access Code, which could allow attackers to make logged in admin change the access code to an arbitrary one via a CSRF attack Make a logged in admin open https://example.com/wp-admin/admin.php?page=wc-gsheetconnector-config&code=attacker-code...

8.8CVSS6.6AI score0.00386EPSS
Exploits2
wpexploit
wpexploit
added 2023/06/02 12:0 a.m.190 views

Contact Form Builder by vcita < 4.10.2 - Contributor+ Stored Cross-Site Scripting

The plugin does not sanitize and escape the email parameter in the plugin settings, which could allow users with roles as low as contributor to inject arbitrary web scripts targeting higher privileged users, such as administrators, into the plugin settings...

6.4CVSS6.2AI score0.0051EPSS
Exploits1References2
wpexploit
wpexploit
added 2022/11/30 12:0 a.m.190 views

Eventify <= 2.1 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. 1. Go to Settings » Eventify. 2. Under 'Category...

4.8CVSS4.7AI score0.00532EPSS
Exploits2
wpexploit
wpexploit
added 2022/11/21 12:0 a.m.190 views

Cooked Pro < 1.7.5.7 - Unauthenticated PHP Object Injection

The plugin does not properly validate or sanitize the recipeargs parameter before unserializing it in the cookedloadmore action, allowing an unauthenticated attacker to trigger a PHP Object injection vulnerability. POST /wp-admin/admin-ajax.php HTTP/1.1 Content-Type:...

9.8CVSS2.8AI score0.18966EPSS
Exploits2
wpexploit
wpexploit
added 2022/11/21 12:0 a.m.190 views

Livemesh Addons for Elementor < 7.2.4 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. 1. Enter the setting page of this plugin. 2. In t...

4.8CVSS4.7AI score0.0047EPSS
Exploits2
wpexploit
wpexploit
added 2022/10/31 12:0 a.m.190 views

Popup Maker < 1.16.11 - Contributor+ Stored Cross Site Scripting

The plugin does not sanitise and escape some of its Popup options, which could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks, which could be used against admins Create a New popup Insert pop-up name, title, and body text. Add a new trigger with defau...

5.5CVSS0.2AI score0.00622EPSS
Exploits2
wpexploit
wpexploit
added 2022/07/01 12:0 a.m.190 views

WP All Import < 3.6.8 - Admin+ Arbitrary File Upload

The plugin accepts all zip files and automatically extracts the zip file without validating the extracted file type. Allowing high privilege users such as admin to upload an arbitrary file like PHP, leading to RCE As an admin upload a php file containing the palyload zipped along with a valid XML...

7.2CVSS0.3AI score0.01374EPSS
Exploits2
wpexploit
wpexploit
added 2022/01/20 12:0 a.m.190 views

WordPress Download Manager < 3.2.34 - Authenticated SQL Injection to Reflected XSS

The plugin does not sanitise and escape the packageids parameter before using it in a SQL statement, leading to a SQL injection, which can also be exploited to cause a Reflected Cross-Site Scripting issue...

8.8CVSS1.7AI score0.01464EPSS
Exploits2References1
wpexploit
wpexploit
added 2021/11/22 12:0 a.m.190 views

WCFM - WooCommerce Multivendor Marketplace < 3.4.12 - Unauthenticated SQL Injection

The wcfmajaxcontroller AJAX action of the plugin, available to unauthenticated and authenticated user, does not properly sanitise multiple parameters before using them in SQL statements, leading to SQL injections v 3.4.11 POST /wp-admin/admin-ajax.php HTTP/1.1 Accept:...

9.8CVSS1.5AI score0.0848EPSS
Exploits2
wpexploit
wpexploit
added 2021/07/24 12:0 a.m.190 views

Edit Comments <= 0.3 - Unauthenticated SQL Injection

The plugin does not sanitise, validate or escape the jaleditcomments GET parameter before using it in a SQL statement, leading to a SQL injection issue Post a comment on a page, then open https://example.com//?jaleditcomments=7%20AND%20SELECT%209114%20FROM SELECTSLEEP5wjzD...

7.5CVSS1.2AI score0.01911EPSS
Exploits2References1
wpexploit
wpexploit
added 2021/05/17 12:0 a.m.190 views

WP Prayer < 1.6.2 - Authenticated Stored Cross-Site Scripting (XSS)

The plugin provides the functionality to store requested prayers/praises and list them on a WordPress website. These stored prayer/praise requests can be listed by using the WP Prayer engine. An authenticated WordPress user with any role can fill in the form to request a prayer. The form to reque...

5.4CVSS5.2AI score0.00698EPSS
Exploits5References2
wpexploit
wpexploit
added 2023/11/20 12:0 a.m.189 views

EazyDocs < 2.3.4 - Subscriber + SQLi

Description The plugin does not properly sanitize and escape "data" parameter before using it in an SQL statement via an AJAX action, which could allow any authenticated users, such as subscribers, to perform SQL Injection attacks. 1. Create a document then create some sections in the document 2...

8.8CVSS7.6AI score0.00853EPSS
Exploits2
wpexploit
wpexploit
added 2023/11/17 12:0 a.m.189 views

LearnPress < 4.2.5.5 - Reflected Cross-Site Scripting

Description The plugin does not sanitise and escape user input before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. Make a logged in admin open v 4.2.5.2 -...

6.1CVSS6AI score0.00916EPSS
Exploits2
wpexploit
wpexploit
added 2023/08/02 12:0 a.m.189 views

Simple Blog Card < 1.31 - Contributor+ Stored XSS via Shortcode

Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks As a contributor, put the...

5.4CVSS5.4AI score0.00371EPSS
Exploits2References1
wpexploit
wpexploit
added 2023/07/24 12:0 a.m.189 views

User Activity Log < 1.6.5 - Unauthenticated SQLi

Description The plugin does not correctly sanitise and escape several parameters before using it in a SQL statement as part of its exportation feature, allowing unauthenticated attackers to conduct SQL injection attacks. Version 1.6.4 mitigates the issue for unauthenticated users but it is still...

9.8CVSS10AI score0.00808EPSS
Exploits2
wpexploit
wpexploit
added 2023/06/19 12:0 a.m.189 views

Call Now Accessibility Button < 1.1 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup 1. Fields in the "Options" section of the plugin a...

4.8CVSS5.5AI score0.00451EPSS
Exploits2References1
wpexploit
wpexploit
added 2023/06/02 12:0 a.m.189 views

CRM and Lead Management by vcita < 2.7.0 - Contributor+ Stored Cross-Site Scripting

The plugin does not sanitize and escape the email and uid parameters in the plugin settings before rendering it on the page, which could allow users with roles as low as contributor to inject arbitrary web scripts targeting high privilege users such as administrators...

6.4CVSS9AI score0.00596EPSS
Exploits2References2
wpexploit
wpexploit
added 2023/04/04 12:0 a.m.189 views

Quick Paypal Payments < 5.7.26.4 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup Original request - with sandbox=checked POST...

4.8CVSS5.3AI score0.0047EPSS
Exploits2
Total number of security vulnerabilities4359