Lucene search
K
WpexploitMost viewed

4359 matches found

wpexploit
wpexploit
added 2021/10/11 12:0 a.m.189 views

Pie Register < 3.7.1.6 - Unauthenticated Arbitrary Login

The plugin has a flaw in the social login implementation, allowing unauthenticated attacker to login as any user on the site by only knowing their user ID or username /pie-register-login/ is the login page of the plugin, ie the one with pieregisterlogin v 3.7.1.5 POST /pie-register-login/ HTTP/1....

8.1CVSS1.6AI score0.08377EPSS
Exploits3
wpexploit
wpexploit
added 2024/05/24 12:0 a.m.188 views

LuckyWP Table of Contents <= 2.1.4 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup Request: POST...

5.6AI score0.00342EPSS
Exploits2
wpexploit
wpexploit
added 2024/05/17 12:0 a.m.188 views

ArForms < 6.6 - Unauthenticated RCE

Description The plugin allows unauthenticated users to modify uploaded files in such a way that PHP code can be uploaded when an upload file input is included on a form 1. Create a form with an upload input 2. As an unauthenticated user, upload an image file and intercept the request. 3. Modify i...

9.6AI score0.03345EPSS
Exploits2
wpexploit
wpexploit
added 2024/01/05 12:0 a.m.188 views

EventON < 4.4.1 - Reflected Cross-Site Scripting

Description The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin Make a logged in admin open a page containing one of the code below: 2.6.x the cmonth a...

6.1CVSS6AI score0.00426EPSS
Exploits2
wpexploit
wpexploit
added 2023/12/25 12:0 a.m.189 views

Estatik Real Estate Plugin < 4.1.1 - Reflected XSS

Description The plugin does not sanitise and escape various parameters and generated URLs before outputting them back in attributes, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin Make a logged in admin open one of the URLs below some...

6.1CVSS6AI score0.0042EPSS
Exploits2
wpexploit
wpexploit
added 2023/04/25 12:0 a.m.188 views

Tiempo.com <= 0.1.2 - Stored XSS via CSRF

The plugin does not have CSRF check when creating and editing its shortcode, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack Make a logged in admin open a page with the code below input type="hid...

6.4AI score0.00237EPSS
Exploits2
wpexploit
wpexploit
added 2023/04/10 12:0 a.m.188 views

Download Manager Pro < 6.3.0 - Unauthenticated Sensitive Information Disclosure

The plugin leaks master key information without the need for a password, allowing attackers to download arbitrary password-protected package files. - Create a password protected package containing one or more files. - Navigate to the download page of the package e.g. /download/package1 - Inspect...

7.5CVSS7.7AI score0.00738EPSS
Exploits2
wpexploit
wpexploit
added 2023/02/16 12:0 a.m.188 views

WoodMart < 7.1.2 - Unauthenticated Arbitrary Shortcode Injection

The theme could allow arbitrary shortcode to be injected when the "Display results from blog" settings is enabled, which could lead to Reflected XSS for example, when using a shortcode vulnerable to XSS When the "Display results from blog" settings is enabled:...

1.1AI score0.00523EPSS
Exploits3References1
wpexploit
wpexploit
added 2022/04/11 12:0 a.m.188 views

Adrotate < 5.8.23 - Admin+ XSS via Advert Name

The plugin does not sanitise and escape Advert Names which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed Create/edit an Advert and put the following payload in the Name field: " The XSS will be triggered when accessi...

4.8CVSS1.4AI score0.00577EPSS
Exploits2
wpexploit
wpexploit
added 2022/02/28 12:0 a.m.188 views

Modern Events Calendar Lite < 6.4.0 - Contributor+ Stored Cross Site Scripting

The plugin does not sanitize and escape some of the Hourly Schedule parameters which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks As a contributor, create/edit an Event, add the following payload in a "Hourly Schedule" title, as well as any of...

5.4CVSS0.1AI score0.69552EPSS
Exploits2
wpexploit
wpexploit
added 2024/04/30 12:0 a.m.187 views

Social Icons Widget & Block < 4.2.18 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its Widget settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup 1. As an administrator, visit...

5.7AI score0.00391EPSS
Exploits2References1
wpexploit
wpexploit
added 2024/03/29 12:0 a.m.187 views

Genesis Blocks < 3.1.3 - Contributor+ Stored XSS

Description The plugin does not properly escape data input provided to some of its blocks, allowing using with at least contributor privileges to conduct Stored XSS attacks. As a contributor, put the below code in a post while in Code Editor mode The XSS will be triggered when viewing/previewing...

5.9AI score0.00665EPSS
Exploits2References1
wpexploit
wpexploit
added 2024/01/02 12:0 a.m.187 views

Autotitle for WordPress <= 1.0.3 - Settings Update to Stored XSS via CSRF

Description The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack. document.forms0.submit;...

8.8CVSS6.7AI score0.00346EPSS
Exploits2References1
wpexploit
wpexploit
added 2022/11/21 12:0 a.m.187 views

All In One WP Security & Firewall < 5.0.8 - IP Spoofing

The plugin is susceptible to IP Spoofing attacks, which can lead to bypassed security features like IP blocks, rate limiting, brute force protection, and more. Set HTTPXREALIP or HTTPXFORWARDEDFOR used in getuseripaddress to bypass IP-based blocks...

5.3CVSS1AI score0.00576EPSS
Exploits2
wpexploit
wpexploit
added 2022/08/22 12:0 a.m.187 views

Post SMTP < 2.1.4 - Admin+ Stored Cross-Site Scripting

The plugin does not escape some of its settings before outputting them in the admins dashboard, allowing high privilege users to perform Cross-Site Scripting attacks against other users even when the unfilteredhtml capability is disallowed. Put the following payload in the Post SMTP Settings...

4.8CVSS4.8AI score0.00538EPSS
Exploits2
wpexploit
wpexploit
added 2022/07/25 12:0 a.m.187 views

WP-DBManager < 2.80.8 - Admin+ Remote Command Execution

The plugin does not prevent administrators from running arbitrary commands on the server in multisite installations, where only super-administrators should. Use any WordPress plugin that allows the users to upload files with extension - ".php" is not required - for example: .jpg usually many...

7.2CVSS0.9AI score0.01012EPSS
Exploits2
wpexploit
wpexploit
added 2022/03/08 12:0 a.m.187 views

Ninja Forms File Uploads Extension < 3.3.1 - Unauthenticated Arbitrary File Upload

The plugin is vulnerable to arbitrary file uploads due to insufficient input file type validation found in the /includes/ajax/controllers/uploads.php file which can be bypassed making it possible for unauthenticated attackers to upload malicious files that can be used to obtain remote code...

9.8CVSS0.9AI score0.39393EPSS
Exploits2References1
wpexploit
wpexploit
added 2022/02/15 12:0 a.m.187 views

Persian Woocommerce < 5.9.8 - Reflected Cross-Site Scripting

The plugin does not escape the s parameter before outputting it back in an attribute in the admin dashboard, which could lead to a Reflected Cross-Site Scripting issue https://example.com/wp-admin/admin.php?page=persian-wc&s=xxxxx%22+accesskey%3DX+onclick%3Dalert%281%29+test%3D%22...

6.1CVSS1.9AI score0.01477EPSS
Exploits2
wpexploit
wpexploit
added 2021/03/24 12:0 a.m.187 views

All Thrive Themes Legacy Themes < 2.0.0 - Unauthenticated Arbitrary File Upload and Option Deletion

Thrive “Legacy” themes register a REST API endpoint to compress images using the Kraken image optimization engine. By supplying a crafted request in combination with data inserted using the Option Update vulnerability, it was possible to use this endpoint to retrieve malicious code from a remote...

6.4CVSS1AI score0.03946EPSS
Exploits2References1
wpexploit
wpexploit
added 2024/04/03 12:0 a.m.186 views

Import WP < 2.13.1 - Admin+ Server-side Request Forgery

Description The plugin does not prevent users with the administrator role from pinging conducting SSRF attacks, which may be a problem in multisite configurations. 1. As an admin, create a new importer in /wp-admin/tools.php?page=importwp 2. Visit /wp-admin/admin-ajax.php?action=rest-nonce and...

6.7AI score0.00568EPSS
Exploits2
wpexploit
wpexploit
added 2023/06/02 12:0 a.m.186 views

Online Booking & Scheduling Calendar for WordPress by vcita <= 4.3.3 - Missing authentication

The plugin does not validate authorization in its vcita-wordpress/v1/actions/auth REST route endpoint, allowing an unauthenticated attacker to set the connection parameters for the vcita account connection, including businessname and email address. Furthermore, the variables are stored in the...

5.3CVSS5.9AI score0.00645EPSS
Exploits1References1
wpexploit
wpexploit
added 2023/01/04 12:0 a.m.186 views

RSS Aggregator by Feedzy < 4.1.1 - Contributor+ Stored XSS

The plugin does not validate and escape some of its block options before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. 1. Add the Feedzy RS...

5.4CVSS0.2AI score0.00507EPSS
Exploits2
wpexploit
wpexploit
added 2022/11/07 12:0 a.m.186 views

Checkout Field Editor for WooCommerce < 1.8.0 - Admin+ PHP Object Injection

The plugin unserialize user input provided via the settings, which could allow high privilege users such as admin to perform PHP Object Injection when a suitable gadget is present To simulate a gadget chain, put the following code in a plugin class Evil public function wakeup : void die"Arbitrary...

7.2CVSS1.1AI score0.01141EPSS
Exploits2
wpexploit
wpexploit
added 2022/08/15 12:0 a.m.186 views

Fast Flow < 1.2.12 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape some parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting ' https://example.com/wp-admin/admin.php?page=fast-flow&p="...

1.2AI score
Exploits0
wpexploit
wpexploit
added 2022/04/05 12:0 a.m.186 views

Advanced Page Visit Counter < 6.1.2 - Unauthenticated Stored Cross-Site Scripting

The plugin does not sanitise and escape some input before outputting it in an admin dashboard page, allowing unauthenticated attackers to perform Cross-Site Scripting attacks against admins viewing it As unauthenticated: wget "https://example.com/?p=1" --header "Referer: " -O- The XSS will be...

6.1CVSS1AI score0.01277EPSS
Exploits2
wpexploit
wpexploit
added 2021/08/02 12:0 a.m.186 views

VDZ Google Analytics or Google Tag Manager / GTM < 1.4.9 - Authenticated Stored XSS

The plugin does not properly sanitise or escape some of its settings, allowing high privilege users such as admin to perform XSS attacks even when the unfilteredhtml capability is disallowed Put the following payloads in the Google Analytics ID settings of the plugin...

0.3AI score
Exploits0References2
wpexploit
wpexploit
added 2021/02/16 12:0 a.m.186 views

Ninja Forms < 3.4.34 - CSRF to OAuth Service Disconnection

The wpajaxnfoauthdisconnect from the plugin had no nonce protection making it possible for attackers to craft a request to disconnect a site's OAuth connection...

1.4AI score0.00458EPSS
Exploits2References1
wpexploit
wpexploit
added 2024/04/12 12:0 a.m.185 views

Carousel Slider < 2.2.10 - Editor+ Stored XSS

Description The plugin does not validate and escape some of its Slide options before outputting them back in the page/post where the related Slide shortcode is embed, which could allow users with the Editor role and above to perform Stored Cross-Site Scripting attacks As an Editor, create/edit a...

8.2AI score0.00497EPSS
Exploits2References1
wpexploit
wpexploit
added 2023/12/21 12:0 a.m.185 views

JSM file_get_contents() Shortcode < 2.7.1 - Contributor+ SSRF

Description The plugin does not validate one of its shortcode's parameters before making a request to it, which could allow users with contributor role and above to perform SSRF attacks. wpfgc url="http://127.0.0.1:8084"...

8.8CVSS6.8AI score0.00694EPSS
Exploits2
wpexploit
wpexploit
added 2023/11/06 12:0 a.m.185 views

Limit Login Attempts Reloaded < 2.25.26 - Admin+ Missing Authorization to Toggle Plugin Auto-Update

Description The plugin is missing authorization on the toggleautoupdate AJAX action, allowing any user with a valid nonce to toggle the auto-update status of the plugin. As an Admin, open the Limit Login Attempts page in WP Admin and run the following code in the browser console: nonce =...

4.3CVSS4.7AI score0.00454EPSS
Exploits2
wpexploit
wpexploit
added 2023/11/06 12:0 a.m.185 views

Woocommerce Vietnam Checkout < 2.0.6 - Unauthenticated Stored XSS

Description The plugin does not escape the custom shipping phone field no the checkout form leading to XSS 1 Install both WooCommerce and the plugin. 2 Set a WooCommerce shipping method, and the store's address to one that is in Vietnam. 3 Add product to cart, and proceed to checkout 4 Tick "Ship...

6.1CVSS6.3AI score0.00471EPSS
Exploits2
wpexploit
wpexploit
added 2023/09/25 12:0 a.m.185 views

WPSchoolPress < 2.2.5 - Teacher+ SQLi

Description The plugin uses the WordPress escsql function on a field not delimited by quotes and did not first prepare the query, leading to a SQL injection exploitable by relatively low-privilege users like Teachers. 1. Install the WPSchoolpress plugin and Import Demo Data. 2. Log in as a teache...

8.8CVSS9.1AI score0.00721EPSS
Exploits2
wpexploit
wpexploit
added 2023/08/08 12:0 a.m.185 views

Chatbot < 4.7.8 - Admin+ Stored XSS in Language Settings

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup 1. In the plugin settings, select "WPB...

4.8CVSS4.8AI score0.00408EPSS
Exploits2
wpexploit
wpexploit
added 2023/01/11 12:0 a.m.185 views

Hide My WP < 6.2.9 - Unauthenticated SQLi

The plugin does not properly sanitize and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection. curl -k --location --request GET "http://localhost:10008" --header "X-Forwarded-For:...

9.8CVSS1.2AI score0.03824EPSS
Exploits5
wpexploit
wpexploit
added 2022/06/01 12:0 a.m.185 views

My Private Site < 3.0.8 - Arbitrary Settings Update via CSRF

The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack document.getElementById"test".submit; document.getElementById"test".submit; sc...

4.3CVSS0.8AI score0.00412EPSS
Exploits2
wpexploit
wpexploit
added 2024/05/02 12:0 a.m.184 views

Flattr <= 1.2.2 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup 1. Go to "Flattr" settings 2. In the...

5.7AI score0.00372EPSS
Exploits2
wpexploit
wpexploit
added 2024/03/27 12:0 a.m.184 views

Easy Social Feed < 6.5.6 - Contributor+ Stored XSS

Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admin...

6AI score0.00303EPSS
Exploits2References1
wpexploit
wpexploit
added 2023/11/23 12:0 a.m.184 views

Slider - Ultimate Responsive Image Slider < 3.5.12 - Subscriber+ Arbitrary Post Access

Description The plugin does not ensure that posts to be accessed via an AJAX action are slides and can be viewed by the user making the request, allowing any authenticated users, such as subscriber to access the content arbitrary post such as private, draft and password protected Run the below...

6.5CVSS6.9AI score0.00665EPSS
Exploits2
wpexploit
wpexploit
added 2023/09/25 12:0 a.m.184 views

WP Job Openings < 3.4.3 - Sensitive Data Exposure via Directory Listing

Description The plugin does not block listing the contents of the directories where it stores attachments to job applications, allowing unauthenticated visitors to list and download private attachments if the autoindex feature of the web server is enabled...

5.3CVSS5.4AI score0.00541EPSS
Exploits2References1
wpexploit
wpexploit
added 2023/08/07 12:0 a.m.184 views

All Users Messenger <= 1.24 - Subscriber+ Message Deletion via IDOR

Description The plugin does not prevent non-administrator users from deleting messages from the all-users messenger. 1 Go to the messenger 2 Catch a request that is constantly running at intervals of 3 seconds 3 Change the message time argument to true 4 Set true for permission to delete a commen...

4.3CVSS4.8AI score0.00402EPSS
Exploits2References1
wpexploit
wpexploit
added 2023/04/17 12:0 a.m.184 views

WP Popups < 2.1.5.1 - Contributor+ Stored XSS

The plugin does not properly escape the href attribute of its spu-facebook-page shortcode before outputting it back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. This is due to an insufficie...

6.5CVSS5.6AI score0.00444EPSS
Exploits2
wpexploit
wpexploit
added 2022/11/21 12:0 a.m.184 views

Car Dealer < 3.05 - Subscriber+ Arbitrary Plugin Installation

The plugin does not have proper authorisation and CSRF in an AJAX action, allowing any authenticated users, such as subscriber to call it and install and activate arbitrary plugins from wordpress.org Run the below command in the developer console of the web browser while being on the blog as a...

6.5CVSS1.1AI score0.00336EPSS
Exploits2
wpexploit
wpexploit
added 2022/08/15 12:0 a.m.184 views

Multivendor Marketplace Solution for WooCommerce < 3.8.12 - Unauthenticated LFI

The plugin does not validate and sanitise a parameter before using it to include a file via an AJAX action available to both unauthenticated and authenticated users, which could lead to Local File Inclusion POST /wp-admin/admin-ajax.php HTTP/1.1 Accept:...

2.4AI score
Exploits0
wpexploit
wpexploit
added 2021/07/18 12:0 a.m.184 views

Photo Gallery < 1.5.75 - Stored Cross-Site Scripting via Uploaded SVG

The plugin did not ensure that uploaded SVG files added to a gallery do not contain malicious content. As a result, users allowed to add images to gallery can upload an SVG file containing JavaScript code, which will be executed when accessing the image directly ie in the...

4.3CVSS0.3AI score0.00827EPSS
Exploits2
wpexploit
wpexploit
added 2021/03/17 12:0 a.m.185 views

Elementor < 3.1.2 - Authenticated Stored Cross-Site Scripting (XSS) in Divider Widget

In the plugin, the divider widget includes/widgets/divider.php accepts an ‘htmltag’ parameter. Although the element control lists a fixed set of possible html tags, it is possible for a user with Contributor or above permissions to send a modified ‘savebuilder’ request with this parameter set to...

3.5CVSS0.00746EPSS
Exploits2References1
wpexploit
wpexploit
added 2024/05/23 12:0 a.m.183 views

FooGallery < 2.4.15 - Author+ Stored XSS

Description The plugin does not validate and escape some of its Gallery settings before outputting them back in the page, which could allow users with a role as low as Author to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admin Create a new...

8.2AI score0.00368EPSS
Exploits2References1
wpexploit
wpexploit
added 2024/05/06 12:0 a.m.183 views

Ditty < 3.1.36 - Author+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup 1. Go to...

5.6AI score0.00399EPSS
Exploits2References1
wpexploit
wpexploit
added 2024/01/17 12:0 a.m.183 views

MapPress Maps for WordPress < 2.88.15 - Contributor+ Stored XSS

Description The plugin does not sanitize and escape the map title when outputting it back in the admin dashboard, allowing Contributors and above roles to perform Stored Cross-Site Scripting attacks As a contributor, create/edit a map with the below payload as title and attach it to a post can be...

5.9AI score0.00462EPSS
Exploits2
wpexploit
wpexploit
added 2023/11/21 12:0 a.m.183 views

Product Catalog Enquiry for WooCommerce < 5.0.3 - Unauthenticated Stored XSS via Arbitrary Setting Update

Description The plugin does not properly authorize settings updates or escape settings values, leading to stored XSS by unauthenticated users. 1 Make sure the plugin is configured with the "Catalog Mode" activated. 2 Launch the following from your browser's console:...

6.1CVSS6AI score0.00531EPSS
Exploits2
wpexploit
wpexploit
added 2023/05/02 12:0 a.m.183 views

AnyWhere Elementor < 1.2.8 - Freemius API Key Disclosure

The plugin discloses a Freemius Secret Key which could be used by an attacker to purchase the pro subscription using test credit card numbers without actually paying the amount. Such key has been revoked. See the disclosed secret key in includes/pro.php...

5.3CVSS6.8AI score0.0062EPSS
Exploits2
Total number of security vulnerabilities4359