Lucene search
K
WpexploitMost viewed

4359 matches found

wpexploit
wpexploit
added 2021/08/28 12:0 a.m.780 views

Duplicate Page < 4.4.3 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise or escape the Duplicate Post Suffix settings before outputting it, which could allow high privilege users to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. The attempt to fix the issue in 4.4.2 is insufficient and...

4.8CVSS0.0087EPSS
Exploits2References1
wpexploit
wpexploit
added 2021/08/30 12:0 a.m.779 views

Premium Addons for Elementor < 4.5.2 - Subscriber+ Arbitrary Blog Option Update

The plugin does not have any CSRF and authorisation checks in the padismissadminnotice AJAX action, available to any authenticated users, and do not validate the option key to ensure the option to update belongs to the plugin. As a result, any authenticated user, such as subscriber can update...

0.7AI score
Exploits0
wpexploit
wpexploit
added 2021/10/26 12:0 a.m.778 views

Ninja Forms < 3.6.4 - Admin+ SQL Injection

The plugin does not escape keys of the fields POST parameter, which could allow high privilege users to perform SQL injections attacks POST /wp-admin/post.php HTTP/1.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: zh,en;q=0.5...

7.2CVSS7.1AI score0.01275EPSS
Exploits2
wpexploit
wpexploit
added 2021/08/17 12:0 a.m.778 views

Shopp eCommerce <= 1.4 - Unauthenticated Arbitrary File Upload

The shoppuploadfile AJAX action of the plugin, available to both unauthenticated and authenticated user does not have any security measure in place to prevent upload of malicious files, such as PHP, allowing unauthenticated users to upload arbitrary files and leading to RCE...

9.8CVSS0.6AI score0.01914EPSS
Exploits2
wpexploit
wpexploit
added 2021/08/02 12:0 a.m.778 views

WP LMS < 1.1.5 - Unauthenticated Arbitrary User Field Edition/Creation

The plugin is lacking any CSRF and capability checks when creating and editing User Fields, allowing unauthorised edition and creation of them either via CSRF or as any user including unauthenticated v1.1.5 added CSRF but still no capability check POST...

1.5AI score
Exploits0
wpexploit
wpexploit
added 2021/07/27 12:0 a.m.778 views

Blue Admin <= 21.06.01 - CSRF to Stored Cross-Site Scripting (XSS)

The plugin does not sanitise or escape its "Logo Title" setting before outputting in a page, leading to a Stored Cross-Site Scripting issue. Furthermore, the plugin does not have CSRF check in place when saving its settings, allowing the issue to be exploited via a CSRF attack. Add the following...

6.8CVSS8.1AI score0.04106EPSS
Exploits5
wpexploit
wpexploit
added 2022/09/05 12:0 a.m.776 views

Download Manager < 3.2.55 - Admin+ Arbitrary File/Folder Access via Path Traversal

The plugin does not validate one of its settings, which could allow high privilege users such as admin to list and read arbitrary files and folders outside of the blog directory 1. Navigate to settings page /wp-admin/edit.php?posttype=wpdmpro&page=settings 2. In the “File Browser Root:” setting,...

4.9CVSS0.5AI score0.01315EPSS
Exploits2
wpexploit
wpexploit
added 2021/09/30 12:0 a.m.776 views

JS Job Manager < 1.1.9 - Unauthenticated Arbitrary Plugin Installation/Activation

The jsjobsajax AJAX action of the plugin available to both authenticated and unauthenticated users does not have proper authorisation and CSRF checks, in particular when using the installPluginFromAjax and activatePluginFromAjax, which could allow unauthenticated attackers to install arbitrary...

0.9AI score
Exploits0References1
wpexploit
wpexploit
added 2021/09/21 12:0 a.m.776 views

Video Gallery - Vimeo and YouTube Gallery < 1.1.5 - Admin+ Stored Cross-Site Scripting

The plugin does not escape the Title and Description of the videos in a gallery before outputting them in attributes, leading to Stored Cross-Site Scripting issues Add the following payload in the Title or Description of a Video added in a List/Gallery: "onmouseover=alert/XSS/// Then view the...

4.8CVSS0.00598EPSS
Exploits2
wpexploit
wpexploit
added 2021/08/23 12:0 a.m.776 views

Comment Link Remove and Other Comment Tools < 2.1.6 - Arbitrary Comment Deletion via CSRF

The plugin does not have CSRF check in its 'Delete comments easily', which could allow attackers to make logged in admin delete arbitrary comments POST /wp-admin/admin.php?page=comment-link-remove HTTP/1.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/;q=0.8...

4.3CVSS2.7AI score0.00471EPSS
Exploits2References1
wpexploit
wpexploit
added 2021/05/31 12:0 a.m.776 views

The Plus Addons for Elementor Page Builder < 4.1.10 - Open Redirect

The plugin did not validate a redirect parameter on a specifically crafted URL before redirecting the user to it, leading to an Open Redirect issue. The vulnerable code leading to the open redirect is in the function "redirecttotpcustompasswordreset" in...

6.1CVSS0.6AI score0.02295EPSS
Exploits2References1
wpexploit
wpexploit
added 2021/03/13 12:0 a.m.773 views

VM Backups <= 1.0 - CSRF to Database Backup Download

The plugin does not have CSRF checks, allowing attackers to make a logged in user unwanted actions, such as generate backups of the DB, plugins, and current theme. The files will be created in the uploads directory by default, with a timestamp in their filenames, without any access restriction,...

4.3CVSS4.6AI score0.00411EPSS
Exploits1
wpexploit
wpexploit
added 2021/10/11 12:0 a.m.772 views

Post Expirator < 2.6.0 - Contributor+ Arbitrary Post Schedule Deletion

The plugin does not have proper capability checks in place, which could allow users with a role as low as Contributor to schedule deletion of arbitrary posts. Run on "Posts" page: jQuery.postajaxurl, nonce: config.ajax.nonce, action:"managewppostsusingbulkquicksavebulkedit", postids:783,...

6.5CVSS1.4AI score0.00798EPSS
Exploits2
wpexploit
wpexploit
added 2021/08/09 12:0 a.m.772 views

AddToAny < 1.7.46 - Authenticated Stored XSS

The plugin does not sanitise its Sharing Header setting when outputting it in frontend pages, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed Put the following payload in the Sharing Header setting of the...

5.4CVSS0.6AI score0.00624EPSS
Exploits2
wpexploit
wpexploit
added 2021/04/14 12:0 a.m.771 views

Fitness Calculators < 1.9.6 - Cross-Site Request Forgery to Cross-Site Scripting (XSS)

The plugin add calculators for Water intake, BMI calculator, protein Intake, and Body Fat and was lacking CSRF check, allowing attackers to make logged in users perform unwanted actions, such as change the calculator headers. Due to the lack of sanitisation, this could also lead to a Stored...

4.3CVSS0.3AI score0.01815EPSS
Exploits5
wpexploit
wpexploit
added 2021/09/27 12:0 a.m.770 views

WP Debugging < 2.11.0 - Unauthenticated Plugin's Settings Update

The plugin has its updatesettings function hooked to admininit and is missing any authorisation and CSRF checks, as a result, the settings can be updated by unauthenticated users. csrf.submit POST /wp-admin/admin-post.php HTTP/1.1 Accept:...

6.5CVSS1.3AI score0.00556EPSS
Exploits2
wpexploit
wpexploit
added 2021/11/01 12:0 a.m.769 views

Email Before Download < 6.8 - Admin+ SQL Injection

The plugin does not properly validate and escape the order and orderby GET parameters before using them in SQL statements, leading to authenticated SQL injection issues...

8.8CVSS9.3AI score0.01318EPSS
Exploits2
wpexploit
wpexploit
added 2021/10/11 12:0 a.m.767 views

Similar Posts < 3.1.6 - Admin+ Arbitrary PHP Code Execution

The plugin allow high privilege users to execute arbitrary PHP code in an hardened environment ie with DISALLOWFILEEDIT, DISALLOWFILEMODS and DISALLOWUNFILTEREDHTML set to true via the 'widgetrrmsimilarpostscondition' widget setting of the plugin. Vendor was notified in July 2021, the issue was...

7.2CVSS1.3AI score0.01514EPSS
Exploits2
wpexploit
wpexploit
added 2021/11/09 12:0 a.m.764 views

LearnPress < 4.1.4 - Admin+ SQL Injection

The plugin does not sanitise, validate and escape the id parameter before using it in SQL statements when duplicating course/lesson/quiz/question, leading to SQL Injections issues Id needs to start with a valid course/lesson/quiz/question ID:...

9.8CVSS9.5AI score0.01575EPSS
Exploits2
wpexploit
wpexploit
added 2021/06/29 12:0 a.m.764 views

Portfolio Responsive Gallery < 1.1.8 - Authenticated Blind SQL Injections

The getportfolios and getportfolioattributes functions in the class-portfolio-responsive-gallery-list-table.php and class-portfolio-responsive-gallery-attributes-list-table.php files of the plugin did not use whitelist or validate the orderby parameter before using it in SQL statements passed to...

6.5CVSS0.3AI score0.01373EPSS
Exploits2
wpexploit
wpexploit
added 2021/10/11 12:0 a.m.763 views

Affiliate Manager < 2.8.7 - Admin+ SQL injection

The plugin does not validate the orderby parameter before using it in an SQL statement in the admin dashboard, leading to an SQL Injection issue POST /wp-admin/admin.php?page=wpam-affiliates&tab=exportdata&orderby=if&order=0,1,SLEEP10 HTTP/1.1 Accept:...

7.2CVSS2.1AI score0.01484EPSS
Exploits2References2
wpexploit
wpexploit
added 2021/09/21 12:0 a.m.763 views

WP Mega Menu < 1.4.1 - Subscriber+ Arbitrary Post Access

The plugin does not properly check for capability and CSRF due to a logic flaw, in its exporttheme and exportwpmegamenunavmenu methods, hooked as AJAX actions and available to any authenticated users. As a result, low privilege authenticated users such as subscribers can call them and access...

0.8AI score
Exploits0
wpexploit
wpexploit
added 2020/06/03 12:0 a.m.763 views

AdRotate < 5.8.4 - Authenticated SQL Injection

Authenticated SQL injection in the AdRotate 5.8.3.1 exists via param "id". However, this requires an admin privileged user. NOTE: The plugin author mistook this SQLi bug for XSS but the remedy remains OK. Param "id" is vulneable to SQL Injeciton. Example 1:...

1.6AI score0.01231EPSS
Exploits2References2
wpexploit
wpexploit
added 2021/08/17 12:0 a.m.762 views

Fileviewer <= 2.2 - Arbitrary File Upload/Deletion via CSRF

The plugin does not have CSRF checks in place when performing actions such as upload and delete files. As a result, attackers could make a logged in administrator delete and upload arbitrary files via a CSRF attack To delete /phpinfo.php:...

8.8CVSS0.9AI score0.0069EPSS
Exploits2
wpexploit
wpexploit
added 2021/06/07 12:0 a.m.761 views

Comments Like Dislike < 1.1.4 - Add Like/Dislike Bypass

The plugin allows users to like/dislike posted comments, however does not prevent them from replaying the AJAX request to add a like. This allows any user even unauthenticated to add unlimited like/dislike to any comment. The plugin appears to have some Restriction modes, such as Cookie...

5.3CVSS0.8AI score0.00981EPSS
Exploits2
wpexploit
wpexploit
added 2020/05/29 12:0 a.m.761 views

Blog2Social: Social Media Auto Post & Scheduler < 6.3.1 - Authenticated SQL Injection

SQL Injection in the Blog2Social plugin 6.3.0 for WordPress exists via Re-Share Posts feature. Please refer to the video below for steps to reproduce and demonstration of automatic exploit with sqlmap. - Mega.nz: https://mega.nz/file/mt1gFYTKe3XkA-zY0cCApTYlLZktRZ4Q4vchVhbPsNqQC6CKORo - Drive:...

0.7AI score0.01505EPSS
Exploits2
wpexploit
wpexploit
added 2021/07/19 12:0 a.m.760 views

Verse-O-Matic <= 4.1.1 - CSRF to Stored XSS

The plugin does not have any CSRF checks in place, allowing attackers to make logged in administrators do unwanted actions, such as add/edit/delete arbitrary verses and change the settings. Due to the lack of sanitisation in the settings and verses, this could also lead to Stored Cross-Site...

4.3CVSS0.00412EPSS
Exploits2
wpexploit
wpexploit
added 2021/04/06 12:0 a.m.759 views

WPBakery Page Builder Clipboard < 4.5.8 - Unauthorised Arbitrary License Options Update

An AJAX action registered by the plugin did not have capability checks, allowing low privilege users, such as subscribers, to update the license options key, email. When logged in as a user with Subcriber role or greater, submit a request to wp-admin/admin-ajax.php with action =...

4CVSS0.5AI score0.00938EPSS
Exploits2References1
wpexploit
wpexploit
added 2022/08/25 12:0 a.m.757 views

Alphabetic Pagination < 3.0.8 - Unauthenticated Arbitrary Option Update

The plugin does not have any proper authorisation in place when updating some settings via a REST endpoint, and does not ensure that the options to be updated belong to the plugin. As a result, unauthenticated attackers could update arbitrary option from the blog and allow registration with a...

3.3AI score
Exploits0
wpexploit
wpexploit
added 2021/01/25 12:0 a.m.754 views

Contact Form 7 Database Addon < 1.2.5.6 - CSV Injection

The plugin was prone to a vulnerability that lets remote attackers inject arbitrary formulas into CSV files. Attackers can possibly exploit this issue to execute arbitrary commands on the victim's system, by the use of Microsoft Excel DDE function, or to leak data via maliciously injected...

1.5AI score0.01244EPSS
Exploits1References1
wpexploit
wpexploit
added 2021/09/29 12:0 a.m.753 views

Stylish Price List < 6.9.1 - Subscriber+ Arbitrary Image Upload

The plugin does not perform capability checks in its spluploadserimg AJAX action available to authenticated users, which could allow any authenticated users, such as subscriber, to upload arbitrary images...

6.5CVSS0.8AI score0.00825EPSS
Exploits2
wpexploit
wpexploit
added 2021/05/05 12:0 a.m.751 views

Parcel Tracker eCourier < 1.0.2 - Plugin's Settings Update via CSRF

The plugin did not properly check for CSRF, allowing attackers to make a logged in administrator update the plugin's settings...

1.5AI score
Exploits0
wpexploit
wpexploit
added 2022/08/23 12:0 a.m.748 views

WordPress Ping Optimizer < 2.35.1.3.0 - Arbitrary Settings Update via CSRF

The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack http://evil.com aaaa bbbb document.getElementById"test".submit;...

4.3CVSS1.7AI score0.00284EPSS
Exploits2
wpexploit
wpexploit
added 2022/02/07 12:0 a.m.748 views

Catch Themes Demo Import < 2.1.1 - Admin+ Remote Code Execution

The plugin does not validate one of the file to be imported, which could allow high privivilege admin to upload an arbitrary PHP file and gain RCE even in the case of an hardened blog ie DISALLOWUNFILTEREDHTML, DISALLOWFILEEDIT and DISALLOWFILEMODS constants set to true Author : qerogram import...

7.2CVSS0.6AI score0.0142EPSS
Exploits2
wpexploit
wpexploit
added 2021/06/29 12:0 a.m.748 views

Survey Maker < 1.5.6 - Authenticated Blind SQL Injections

The getresults and getitems functions in the plugin did not use whitelist or validate the orderby parameter before using it in SQL statements passed to the getresults DB calls, leading to SQL injection issues in the admin dashboard Note WPScanTeam: Other SQLi were identified when confirming the...

6.5CVSS0.5AI score0.01362EPSS
Exploits2
wpexploit
wpexploit
added 2023/05/02 12:0 a.m.747 views

Elementor Website Builder < 3.12.2 - Admin+ SQLi

The plugin does not properly sanitize and escape the Replace URL parameter in the Tools module before using it in a SQL statement, leading to a SQL injection exploitable by users with the Administrator role. 1. Go to Elementor Tools Replace URL 2. Fill the first field with http://localhost:8000/ ...

7.2CVSS7.3AI score0.19695EPSS
Exploits7
wpexploit
wpexploit
added 2021/09/20 12:0 a.m.747 views

Wechat Reward <= 1.7 - CSRF to Stored Cross-Site Scripting

The plugin does not sanitise or escape its QR settings, nor has any CSRF check in place, allowing attackers to make a logged in admin change the settings and perform Cross-Site Scripting attacks. Put the following payload in the QR setting: "alert/XSS/ The XSS will be triggered in the plugin's...

5.4CVSS5.4AI score0.00382EPSS
Exploits1
wpexploit
wpexploit
added 2023/01/23 12:0 a.m.746 views

WP TripAdvisor Review Slider < 10.8 - Subscriber+ SQLi

The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as subscriber. Run the following code in the browser console on any WP Admin page. fetch'/wp-admin/admin-ajax.php', method: 'POST',...

8.8CVSS9.2AI score0.04356EPSS
Exploits2
wpexploit
wpexploit
added 2021/10/25 12:0 a.m.746 views

Reviews Plus < 1.2.14 - Subscriber+ Reviews DoS

The plugin does not validate the submitted rating, allowing submission of long integer, causing a Denial of Service in the review section when an authenticated user submit such rating and the reviews are set to be displayed on the post/page Enable reviews for post/pages, and enable the "Show...

6.5CVSS0.01433EPSS
Exploits2References1
wpexploit
wpexploit
added 2022/08/19 12:0 a.m.744 views

Calendar Event Multi View < 1.4.07 - Unauthenticated Arbitrary Event Deletion

The plugin does not have any authorisation and CSRF checks in place when deleting events which could allow unauthenticated attackers to delete arbitrary events As an unauthenticated user, open the code below, this will delete the event with ID 4 from the calendar with ID 1...

1.2AI score
Exploits0
wpexploit
wpexploit
added 2021/10/19 12:0 a.m.742 views

Download Plugin < 1.6.1 - Subscriber+ Arbitrary Plugin Activation

The plugin does not have capability and CSRF checks in the dpwappluginactivate AJAX action, allowing any authenticated users, such as subscribers, to activate plugins that are already installed. v 1.5.9 - jQuery.postajaxurl, action:"dpwappluginactivate", dpwapurl:"hello.php" v 1.6.0 -...

5.7CVSS3.2AI score0.00386EPSS
Exploits2
wpexploit
wpexploit
added 2021/06/30 12:0 a.m.742 views

MailOptin < 1.2.35.2 - Unauthorised AJAX Call

The fetchcustomfields and fetchtags function did not have proper CSRF check and authorisation, allowing unauthorised users to call the related AJAX action via either low privilege account or CSRF attack POST /wp-admin/admin-ajax.php HTTP/1.1 Accept: application/json, text/javascript, /; q=0.01...

2.2AI score
Exploits0
wpexploit
wpexploit
added 2021/09/07 12:0 a.m.741 views

Weather Effect < 1.3.4 - CSRF to Stored Cross-Site Scripting

The plugin does not have any CSRF checks in place when saving its settings, and do not validate or escape them, which could lead to Stored Cross-Site Scripting issue. v1.3.4 fixed the CSRF, but not the sanitisation/escaping fully. Another issue has been created for it To have the XSS only trigger...

5.4CVSS0.1AI score0.00399EPSS
Exploits2
wpexploit
wpexploit
added 2021/09/27 12:0 a.m.740 views

Permalink Manager Lite < 2.2.13.1 - Admin+ SQL Injection

The plugin does not validate and escape the orderby parameter before using it in a SQL statement in the Permalink Manager page, leading to a SQL Injection https://example.com/wp-admin/tools.php?page=permalink-manager&orderby=ID+AND+SELECT+9480+FROM+SELECTSLEEP5EXid...

7.2CVSS1.6AI score0.01336EPSS
Exploits2
wpexploit
wpexploit
added 2021/09/20 12:0 a.m.740 views

MainWP Child Reports < 2.0.8 - Admin+ SQL Injection

The plugin does not validate or sanitise the order parameter before using it in a SQL statement in the admin dashboard, leading to an SQL injection issue https://example.com/wp-admin/options-general.php?page=mainwp-reports-page&order=+AND+SELECT+7332 FROM+SELECTSLEEP5qiXg - the web page freezes f...

7.2CVSS0.8AI score0.01327EPSS
Exploits2
wpexploit
wpexploit
added 2021/07/26 12:0 a.m.740 views

Simple Banner < 2.10.4 - Authenticated Stored XSS

The plugin does not sanitise and escape one of its settings, allowing high privilege users such as admin to use Cross-Site Scripting payload even when the unfilteredhtml capability is disallowed. Put the following payload in the Simple Banner Text setting of the plugin: The XSS will be triggered ...

3.5CVSS0.1AI score0.00676EPSS
Exploits2References1
wpexploit
wpexploit
added 2021/05/05 12:0 a.m.738 views

Ship To Ecourier < 1.0.2 - Plugin's Settings Update via CSRF

The plugin did not properly check for CSRF, allowing attackers to make a logged in administrator update the plugin's settings...

1.3AI score
Exploits0
wpexploit
wpexploit
added 2021/03/13 12:0 a.m.738 views

VM Backups <= 1.0 - CSRF to Stored Cross-Site Scripting (XSS)

The plugin does not have CSRF checks, allowing attackers to make a logged in user unwanted actions, such as update the plugin's options, leading to a Stored Cross-Site Scripting issue. The PoC will be displayed once the issue has been remediated...

4.3CVSS1.8AI score0.00377EPSS
Exploits1
wpexploit
wpexploit
added 2021/08/16 12:0 a.m.734 views

Smash Balloon Social Post Feed < 2.19.2 - Unauthenticated Stored XSS

The plugin does not sanitise or escape the feedID POST parameter in its feedlocator AJAX action available to both authenticated and unauthenticated users before outputting a truncated version of it in the admin dashboard, leading to an unauthenticated Stored Cross-Site Scripting issue which will ...

6.1CVSS0.01322EPSS
Exploits2
wpexploit
wpexploit
added 2021/06/21 12:0 a.m.734 views

Glass <= 1.3.2 - CSRF to Stored Cross-Site Scripting (XSS)

The plugin does not sanitise or escape its "Glass Pages" setting before outputting in a page, leading to a Stored Cross-Site Scripting issue. Furthermore, the plugin did not have CSRF check in place when saving its settings, allowing the issue to be exploited via a CSRF attack. Add the following...

6.1CVSS0.00412EPSS
Exploits2
Total number of security vulnerabilities4359