Lucene search
K
WpexploitMost viewed

4359 matches found

wpexploit
wpexploit
added 2022/11/28 12:0 a.m.183 views

Popup Manager <= 1.6.6 - Unauthenticated Stored XSS

The plugin does not have authorisation and CSRF check when creating/updating popups, and is missing sanitisation as well as escaping, which could allow unauthenticated attackers to create arbitrary popups and add Stored XSS payloads as well fetch'/wp-admin/admin-ajax.php', method: 'POST', headers...

4.3CVSS1.2AI score0.00285EPSS
Exploits2
wpexploit
wpexploit
added 2021/11/16 12:0 a.m.183 views

Directorist – Business Directory Plugin < 7.0.6.2 - CSRF to Remote File Upload

The plugin was vulnerable to Cross-Site Request Forgery to Remote File Upload leading to arbitrary PHP shell uploads in the wp-content/plugins directory. This vulnerability was seen actively exploited by Sucuri in the wild for ransomware attacks. 1. Authenticate as any user. 2. Paste below HTML...

7.5CVSS7.7AI score0.00811EPSS
Exploits2References2
wpexploit
wpexploit
added 2021/10/07 12:0 a.m.183 views

Post Content XMLRPC <= 1.0 - Admin+ SQL Injections

The plugin does not sanitise or escape multiple GET/POST parameters before using them in SQL statements in the admin dashboard, leading to an authenticated SQL Injections https://example.com/wp-admin/admin.php?page=pcxaddsites&mode=add&id=1%20AND%20SELECT%207953%20FROM%20SELECTSLEEP5AgUn...

7.2CVSS1.4AI score0.01497EPSS
Exploits2References1
wpexploit
wpexploit
added 2024/03/18 12:0 a.m.182 views

Font Farsi <= 1.6.6 - Admin+ Stored XSS in Settings

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup 1. Go to...

5.7AI score0.00443EPSS
Exploits2
wpexploit
wpexploit
added 2024/03/05 12:0 a.m.182 views

Testimonial Slider < 2.3.7 - Author+ Settings Update

Description The plugin does not properly ensure that a user has the necessary capabilities to edit certain sensitive plugin settings, making it possible for users with at least the Author role to edit them. 1 Go to a page where one of the sliders is already in use and intercept the nonce tss 2...

9.5AI score0.00381EPSS
Exploits2References1
wpexploit
wpexploit
added 2024/03/04 12:0 a.m.182 views

CM Download Manager < 2.9.0 - Download Deletion via CSRF

Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in admins delete downloads via a CSRF attack Make an admin open the URL below https://example.com/cmdownload/del/id/...

6.7AI score0.00244EPSS
Exploits2
wpexploit
wpexploit
added 2023/12/28 12:0 a.m.182 views

Product Enquiry for WooCommerce < 3.1 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup Form Customizer: 1. Navigate to...

4.8CVSS5.7AI score0.00402EPSS
Exploits2
wpexploit
wpexploit
added 2023/06/19 12:0 a.m.182 views

Enable SVG Uploads <= 2.1.5 - Author+ Stored XSS via SVG

The plugin does not sanitise uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads. 1. Upload a malicious SVG: alert"XSS Test"; 2. Add to post and view SVG to see XSS...

5.4CVSS8.8AI score0.00523EPSS
Exploits2
wpexploit
wpexploit
added 2023/04/18 12:0 a.m.182 views

Clock In Portal <= 2.1 - Staff Deletion via CSRF

The plugin does not have CSRF check when deleting Staff members, which could allow attackers to make logged in admins delete arbitrary Staff via a CSRF attack Make a logged in admin open a page with the code below, this will make them delete the Staff with ID 1...

4.3CVSS8.5AI score0.00278EPSS
Exploits2
wpexploit
wpexploit
added 2022/12/21 12:0 a.m.182 views

Sidebar Widgets by CodeLights <= 1.4 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks Insert the following shortcode in a post:...

5.4CVSS5.2AI score0.00471EPSS
Exploits2
wpexploit
wpexploit
added 2022/07/11 12:0 a.m.182 views

Event Timeline <= 1.1.6 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitize and escape Timeline Text, which could allow high-privileged users such as admin to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed Create/edit a Timeline, put the following payload in the "Text" field at the bottom: alert/XSS/ Click save...

4.8CVSS4.9AI score0.00493EPSS
Exploits2
wpexploit
wpexploit
added 2021/11/22 12:0 a.m.182 views

Kudos Donations < 3.1.2 - Arbitrary Items Deletion via CSRF

The plugin has a logic flaw in its CSRF checks when deleting items such as Donors, Transactions, Subscriptions etc, allowing attackers to make a logged in admin delete them https://example.com/wp-admin/admin.php?page=kudos-transactions&action=delete&id=1...

6.9AI score
Exploits0
wpexploit
wpexploit
added 2021/10/15 12:0 a.m.182 views

WordPress + Microsoft Office 365 < 15.4 - Unauthenticated Stored Cross-Site Scripting

The plugin does not sanitise error descriptions before outputting them in the log notice, which could allow unauthenticated users to perform Cross-Site Scripting attacks against a logged in administrator POST / HTTP/1.1 Content-Length: 242 Content-Type: application/x-www-form-urlencoded...

9.3CVSS2.7AI score0.00937EPSS
Exploits2References1
wpexploit
wpexploit
added 2021/08/31 12:0 a.m.182 views

underConstruction < 1.19 - Reflected Cross-Site Scripting

The plugin does not escape the PHPSELF before outputting it in an attribute, leading to a Reflected Cross-Site Scripting issue https://example.com/wp-admin/admin.php/"alert/XSS//?page=under-construction...

6.1CVSS1AI score0.02335EPSS
Exploits1References2
wpexploit
wpexploit
added 2021/05/24 12:0 a.m.182 views

iFlyChat – WordPress Chat <= 4.6.4 - Authenticated Stored Cross-Site Scripting (XSS)

The plugin does not sanitise its APP ID setting before outputting it back in the page, leading to an authenticated Stored Cross-Site Scripting issue Step1: Install and activate the plugin "iFlyChat – WordPress Chat-4.6.4" Step2: Enter the following payload in the "APP ID" field of the plugin...

4.8CVSS0.00613EPSS
Exploits2
wpexploit
wpexploit
added 2024/04/05 12:0 a.m.181 views

Salon booking system < 9.6.6 - Settings Update via CSRF

Description The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack Make an admin open a page containing the code: input type="submit" valu...

6.6AI score0.00247EPSS
Exploits2
wpexploit
wpexploit
added 2024/02/26 12:0 a.m.181 views

Responsive Pricing Table < 5.1.11 - Author+ Stored XSS

Description The plugin does not validate and escape some of its Pricing Table options before outputting them back in a page/post where the related shortcode is embed, which could allow users with the author role and above to perform Stored Cross-Site Scripting attacks - Create a new Pricing Table...

8.3AI score0.00401EPSS
Exploits2References1
wpexploit
wpexploit
added 2023/11/13 12:0 a.m.181 views

WP Fastest Cache < 1.2.2 - Unauthenticated SQL Injection

Description The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by unauthenticated users. 1. Visit WP Fastest Cache Settings. Ensure "Cache System" is enabled, and "Logged-in Users" is disabled. Click "Submit" at...

7.5CVSS8.2AI score0.73708EPSS
Exploits11References1
wpexploit
wpexploit
added 2023/06/19 12:0 a.m.181 views

WooCommerce Product Vendors < 2.1.79 - ShopManager+ SQLi

The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as ShopManager As ShopManager, open the URL below...

7.5AI score0.00579EPSS
Exploits1References1
wpexploit
wpexploit
added 2023/04/03 12:0 a.m.181 views

WPCode Lite < 2.0.9 - Arbitrary Log File Deletion via CSRF

The plugin has a flawed CSRF when deleting log, and does not ensure that the file to be deleted is inside the expected folder. This could allow attackers to make users with the wpcodeactivatesnippets capability delete arbitrary log files on the server, including outside of the blog folders Make a...

6.5CVSS7AI score0.00307EPSS
Exploits2
wpexploit
wpexploit
added 2022/11/28 12:0 a.m.181 views

JoomSport < 5.2.8 - Unauthenticated SQLi

The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by unauthenticated users 1. Install the vulnerable plugin joomsport-sports-league-results-management version 5.2.6, skip the demo data import when prompted 2...

9.8CVSS0.6AI score0.04756EPSS
Exploits2
wpexploit
wpexploit
added 2022/10/03 12:0 a.m.181 views

WP ALL Export Pro < 1.7.9 - Authenticated SQLi

The plugin uses the contents of the ccsql POST parameter directly as a database query, allowing users which has been given permission to run exports to execute arbitrary SQL statements, leading to a SQL Injection vulnerability. By default only users with the Administrator role can perform exports...

8.8CVSS0.00945EPSS
Exploits2
wpexploit
wpexploit
added 2022/04/11 12:0 a.m.181 views

Multiple Shipping Address Woocommerce < 2.0 - Unauthenticated SQLi

The plugin does not properly sanitise and escape numerous parameters before using them in SQL statements via some AJAX actions available to unauthenticated users, leading to unauthenticated SQL injections curl 'https://example.com/wp-admin/admin-ajax.php' --data...

9.8CVSS2.2AI score0.06849EPSS
Exploits2
wpexploit
wpexploit
added 2022/01/31 12:0 a.m.181 views

Asgaros Forum < 2.0.0 - Subscriber+ Blind SQL Injection

The plugin does not sanitise and escape the postid parameter before using it in a SQL statement via a REST route of the plugin accessible to any authenticated user, leading to a SQL injection As any authenticated user, such as subscriber To get the nonce: /wp-admin/admin-ajax.php?action=rest-nonc...

0.9AI score0.01493EPSS
Exploits2References1
wpexploit
wpexploit
added 2021/11/22 12:0 a.m.181 views

Everest Forms < 1.8.0 - Reflected Cross-Site Scripting

The plugin does not escape the status parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting issue The formid needs to be a valid one...

6.1CVSS0.8AI score0.00907EPSS
Exploits2
wpexploit
wpexploit
added 2021/06/28 12:0 a.m.181 views

ProfilePress 3.0 - 3.1.3 - Arbitrary File Upload in File Uploader Component

There is functionality in the plugin to add file uploads to user registrations and profile updates that had no file type checking in place making it possible for arbitrary files to be uploaded. fh = open'shell.php', 'wb' fh.writeb'\xFF\xD8\xFF\xE0' + b'' fh.close 'Hax0r', 'regemail' =...

9.8CVSS0.06744EPSS
Exploits2References1
wpexploit
wpexploit
added 2024/06/04 12:0 a.m.180 views

Email Subscribers by Icegram Express < 5.7.21 - Unauthenticated SQL Injection via hash

Description The Email Subscribers by Icegram Express plugin for WordPress is vulnerable to SQL Injection via the ‘hash’ parameter in all versions up to, and including, 5.7.20 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query...

9.8CVSS9.7AI score0.10161EPSS
Exploits1References1
wpexploit
wpexploit
added 2024/04/26 12:0 a.m.180 views

Popup4Phone <= 1.3.2 - Unauthenticated Stored XSS

Description The plugin does not sanitise and escape some parameters, which could allow unauthenticated users to perform Cross-Site Scripting attacks against admins. Run the following JavaScript in the browser console: fetch"/", "headers": "content-type": "application/x-www-form-urlencoded", ,...

6.2AI score0.00684EPSS
Exploits2
wpexploit
wpexploit
added 2024/04/12 12:0 a.m.180 views

Responsive Contact Form Builder & Lead Generation Plugin <= 1.8.9 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup To replicate this vulnerability, follo...

5.7AI score0.00472EPSS
Exploits2
wpexploit
wpexploit
added 2023/12/29 12:0 a.m.180 views

EventPrime < 3.3.6 - Unauthenticated Event Access

Description The plugin lacks authentication and authorization, allowing unauthenticated visitors to access private and password protected Events by guessing their numeric id/event name. 1. Create a password-protected event or a private event then publish it. 2. Access to the URL on a private...

5.3CVSS7.3AI score0.00564EPSS
Exploits2
wpexploit
wpexploit
added 2023/11/06 12:0 a.m.180 views

Seraphinite Accelerator < 2.20.32 - Unauthorised Settings Reset/Import

Description The plugin does not have authorisation and CSRF checks when resetting and importing its settings, allowing unauthenticated users to reset them The issue was partially fixed in 2.20.29 only adding authorisation checks. CSRF checks were added in 2.20.32 As an unauthenticated user, open...

5.3CVSS5.7AI score0.00268EPSS
Exploits2
wpexploit
wpexploit
added 2023/08/10 12:0 a.m.180 views

Post Timeline < 2.2.6 - Reflected XSS

Description The plugin does not sanitise and escape an invalid nonce before outputting it back in an AJAX response, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin Make a logged in admin open the URL below...

6.1CVSS6.3AI score0.00709EPSS
Exploits1
wpexploit
wpexploit
added 2022/08/22 12:0 a.m.180 views

Classified Listing Pro < 2.0.20 - Reflected Cross-Site Scripting

The plugin does not escape a generated URL before outputting it back in an attribute in an admin page, leading to a Reflected Cross-Site Scripting https://example.com/all-ads/?"alert/XSS/ https://example.com/all-properties/?"alert/XSS/...

6.1CVSS0.9AI score0.00557EPSS
Exploits2
wpexploit
wpexploit
added 2022/07/26 12:0 a.m.180 views

Feed Them Social < 3.0.1 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting Both can be used against authenticated and unauthenticated users https://example.com/wp-admin/admin-ajax.php?action=ftsrefreshtokenajax&accesstoken=...

6.1CVSS0.1AI score0.04873EPSS
Exploits2
wpexploit
wpexploit
added 2022/06/27 12:0 a.m.180 views

Contact Form 7 Captcha < 0.1.2 - Reflected Cross-Site Scripting

The plugin does not escape the $SERVER'REQUESTURI' parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers https://example.com/wp-admin/options-general.php?page=cf7sredit&"alert/XSS/...

6.1CVSS1.1AI score0.01277EPSS
Exploits2
wpexploit
wpexploit
added 2021/11/17 12:0 a.m.180 views

Preview E-mails for WooCommerce < 2.0.0 - Reflected Cross-Site Scripting

The plugin is vulnerable to reflected XSS via the searchorder parameter found in the /views/form.php file. alert1" /...

6.1CVSS6AI score0.01131EPSS
Exploits3References1
wpexploit
wpexploit
added 2021/02/08 12:0 a.m.180 views

Pricing Table by Supsystic < 1.9.0 - Authenticated Stored Cross-Site Scripting

The label and datahtml POST parameter are not properly sanitised and escaped before being saved and output back in the page, leading to stored Cross-Site Scripting issues v alert1alert1 instead of the one above v 1.9.0, the edit HTML feature was removed client side but a crafted request could sti...

6.4AI score
Exploits0References1
wpexploit
wpexploit
added 2024/05/27 12:0 a.m.179 views

Easy Notify Lite < 1.1.33 - Contributor+ Stored XSS

Description The plugin does not sanitise and escape some of its Notification fields, which could allow users such as contributor and above to perform Stored Cross-Site Scripting attacks. - Create/edit a Notification https://example.com/wp-admin/post-new.php?posttype=easynotify - Put the following...

5.8AI score0.00312EPSS
Exploits2
wpexploit
wpexploit
added 2024/05/06 12:0 a.m.179 views

KKProgressbar2 Free <= 1.1.4.2 - Progress Bar Deletion via CSRF

Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks Make a logged in admin open an HTML file containing where is a valid ID: "...

6.7AI score0.00324EPSS
Exploits3
wpexploit
wpexploit
added 2024/04/11 12:0 a.m.179 views

Wow Skype Buttons < 4.0.4 - Button Deletion via CSRF

Description The plugin does not have CSRF checks in some bulk actions, which could allow attackers to make logged in admins perform unwanted actions, such as deleting buttons via CSRF attacks As an admin open HTML file containing: action...

6.8AI score0.0035EPSS
Exploits2
wpexploit
wpexploit
added 2024/04/05 12:0 a.m.179 views

MM-email2image <= 0.2.5 - Contributor+ Stored XSS

Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks Add the following payload to a...

8.3AI score0.00624EPSS
Exploits2
wpexploit
wpexploit
added 2024/03/27 12:0 a.m.179 views

Salon Booking System < 9.6.3 - Unauthenticated Stored XSS

Description The plugin does not properly sanitize and escape the 'Mobile Phone' field when booking an appointment, allowing customers to conduct Stored Cross-Site Scripting attacks. The payload gets triggered when an admin visits the 'Customers' page and the malicious script is executed in the...

6AI score0.00631EPSS
Exploits2
wpexploit
wpexploit
added 2024/02/20 12:0 a.m.179 views

Buttons Shortcode and Widget <= 1.16 - Stored XSS via shortcode

Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. otwshortcodebutton...

5.9AI score0.00413EPSS
Exploits2
wpexploit
wpexploit
added 2024/01/17 12:0 a.m.179 views

Web3 – Crypto wallet Login & NFT token gating < 3.0.0 - Authentication Bypass

Description The plugin is vulnerable to an authentication bypass due to incorrect authentication checking in the login flow in functions 'handleauthrequest' and 'hadleloginrequest'. This makes it possible for non authenticated attackers to log in as any existing user on the site, such as an...

6.8AI score0.01773EPSS
Exploits3
wpexploit
wpexploit
added 2023/12/26 12:0 a.m.179 views

WP Review Slider < 13.0 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup Add the payload "...

4.8CVSS5.7AI score0.00336EPSS
Exploits1
wpexploit
wpexploit
added 2023/03/14 12:0 a.m.179 views

Modern Events Calendar lite <= 5.16.2 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. 1. Go to the import/export section. 2. Enter the...

4.8CVSS5.3AI score0.00501EPSS
Exploits2
wpexploit
wpexploit
added 2022/07/18 12:0 a.m.179 views

Easy Username Updater < 1.0.5 - Arbitrary Username Update via CSRF

The plugin does not implement CSRF checks, which could allow attackers to make a logged in admin change any user's username includes the admin...

6.5CVSS1.1AI score0.00319EPSS
Exploits2
wpexploit
wpexploit
added 2022/07/06 12:0 a.m.179 views

Flexi Quote Rotator <= 0.9.4 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. Add the following payload to a new quote:...

4.8CVSS1.8AI score0.00493EPSS
Exploits2
wpexploit
wpexploit
added 2022/05/18 12:0 a.m.179 views

Themify - WooCommerce Product Filter < 1.3.8 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape the page parameter before outputting it back in an attribute in an admin page, leading to a Reflected Cross-Site Scripting ' /...

6.1CVSS0.2AI score0.00815EPSS
Exploits2
wpexploit
wpexploit
added 2021/11/15 12:0 a.m.179 views

Quotes Collection <= 2.5.2 - Admin+ SQL Injection

The plugin does not validate and escape the bulkcheck parameter before using it in a SQL statement, leading to a SQL injection https://example.com/wp-admin/admin.php?page=quotes-collection&s=&wpnonce=6e21e0a8b6&action=makepublic&paged=1&bulkcheck=1%20and%20sleep10--%20-&action2=makepublic...

7.2CVSS7.2AI score0.01275EPSS
Exploits2
Total number of security vulnerabilities4359