Lucene search
K
WpexploitMost viewed

4359 matches found

wpexploit
wpexploit
added 2021/02/16 12:0 a.m.179 views

Ninja Forms < 3.4.34.1 - Authenticated OAuth Connection Key Disclosure

Low-level users, such as subscribers, were able to trigger the action, wpajaxnfoauth, and retrieve the connection url needed to establish a connection. They could also retrieve the clientid for an already established OAuth connection. Usage: php poc.php subscriber password $wpuser, 'pwd' = $wppas...

0.9AI score0.00889EPSS
Exploits2References1
wpexploit
wpexploit
added 2021/02/08 12:0 a.m.179 views

Membership by Supsystic <= 1.5.0 - Authenticated SQL Injection

The GET parameter "sidx" and "search are used in a SQL statement without being sanitised when searching for badges in the dashboard, leading to authenticated SQL Injection issues. v1.4.8 attempted a fix, which was found to not be sufficient The PoC will be displayed once the issue has been...

1AI score
Exploits0References1
wpexploit
wpexploit
added 2021/02/08 12:0 a.m.179 views

Data Tables Generator by Supsystic < 1.10.0 - Authenticated SQL Injection

The POST parameter "datasearchtextlike" was used in a SQL statement without being sanitised when searching for Tables in the dashboard, leading to an authenticated SQL Injection issue. POST /wp-admin/admin-ajax.php HTTP/1.1 Host: example.com User-Agent: YOLO Accept: / Accept-Language:...

8.2AI score
Exploits0References1
wpexploit
wpexploit
added 2024/03/25 12:0 a.m.178 views

Jetpack < 13.2.1 - Contributor+ Stored XSS

Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks When the "Let visitors subscribe...

6.2AI score
Exploits0
wpexploit
wpexploit
added 2024/03/18 12:0 a.m.178 views

SendPress Newsletters <= 1.23.11.6 - Admin+ Stored XSS via Settings

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup 1. Click SendPress in the Admin menu...

5.7AI score0.0071EPSS
Exploits2
wpexploit
wpexploit
added 2024/03/16 12:0 a.m.178 views

Inline Related Posts < 3.5.0 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as Admin to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed Put the following payload in the CSS margin-top settings: 0 em" onmouseover=alert/XSS/// Th...

8.6AI score0.00424EPSS
Exploits2References1
wpexploit
wpexploit
added 2023/09/25 12:0 a.m.178 views

Tutor LMS < 2.3.0 - Subscriber+ Stored Cross-Site Scripting

Description The plugin does not sanitise and escape some of its settings, which could allow users such as subscriber to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup 1. Register a student account and go to the...

5.4CVSS6AI score0.00403EPSS
Exploits2
wpexploit
wpexploit
added 2023/04/12 12:0 a.m.178 views

WP Inventory Manager < 2.1.0.12 - Reflected XSS

The plugin does not sanitise and escape the message parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as administrators. On a page where the wpinventory shortcode is embed, append the following payloa...

6.1CVSS6.3AI score0.00458EPSS
Exploits2
wpexploit
wpexploit
added 2023/04/03 12:0 a.m.178 views

Ajax Search Lite < 4.11.1, Pro < 4.26.2 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape a parameter before outputting it back in a response of an AJAX action, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin Make a logged in admin open a page with the code below...

6.1CVSS6.3AI score0.00493EPSS
Exploits2
wpexploit
wpexploit
added 2023/01/10 12:0 a.m.178 views

PDF.js Viewer < 2.1.8 - Contributor+ Stored XSS via Shortcode

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. pdfjs-viewer viewerheight='"...

5.4CVSS2.8AI score0.00562EPSS
Exploits2
wpexploit
wpexploit
added 2022/03/01 12:0 a.m.178 views

WPC Smart Wishlist for WooCommerce < 2.9.4 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape the key parameter before outputting it back in the wishlistquickview AJAX action's response available to any authenticated user, leading to a Reflected Cross-Site Scripting alert/XSS/;' The source and destination should use the https:// protocol for the...

5.4CVSS5.4AI score0.00591EPSS
Exploits2
wpexploit
wpexploit
added 2022/02/17 12:0 a.m.178 views

Sync iCloud COS < 2.0.1 - Admin+ Stored Cross-Site Scripting

The plugin does not escape some of its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed Put the following payload in the 本地文件夹 or URL前缀 settings of the plugin: " style=animation-name:rotation...

1.4AI score0.00588EPSS
Exploits2
wpexploit
wpexploit
added 2021/11/15 12:0 a.m.178 views

Auto Featured Image < 3.9.3 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape the postid parameter before outputting back in an admin page within a JS block, leading to a Reflected Cross-Site Scripting issue. https://example.com/wp-admin/upload.php?page=menu-media-apt&postid=alert/XSS/...

6.1CVSS5.9AI score0.008EPSS
Exploits2
wpexploit
wpexploit
added 2021/06/07 12:0 a.m.178 views

WP Hardening < 1.2.2 - Reflected XSS via URI

The plugin did not sanitise or escape the $SERVER'REQUESTURI' before outputting it in an attribute, leading to a reflected Cross-Site Scripting issue. https://example.com/wp-admin/plugins.php?%22%3E%3Cscript%3Ealertdocument.domain%3C/script%3Cv=...

6.1CVSS0.7AI score0.00827EPSS
Exploits2
wpexploit
wpexploit
added 2020/07/14 12:0 a.m.178 views

Email Verification for WooCommerce < 1.8.2 - Loose Comparison to Authentication Bypass

The plugin is affected by a loose comparison issue, which could allow any user to log in as administrator. An attacker can manipulate $GET'algwcevverifyemail' and set this payload: eyJpZCI6MSwiY29kZSI6MH0= Example: https://example.com/my-account/?algwcevverifyemail=eyJpZCI6MSwiY29kZSI6MH0= after...

1AI score
Exploits0References1
wpexploit
wpexploit
added 2024/04/19 12:0 a.m.177 views

VikBooking < 1.6.8 - Broken Access Control

Description The plugin's access control mechanism fails to properly restrict access to its settings, permitting any users that can access a menu to manipulate requests and perform unauthorized actions such as editing, renaming or deleting categories for example despite initial settings prohibitin...

6.7AI score0.0028EPSS
Exploits2
wpexploit
wpexploit
added 2024/04/05 12:0 a.m.177 views

Call Now Button < 1.4.7 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. 1. Navigate to All Buttons, and add a...

5.7AI score0.0067EPSS
Exploits2
wpexploit
wpexploit
added 2024/04/05 12:0 a.m.177 views

WP Google Review Slider < 13.6 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup 1. Go to "WP Google Reviews Templates"...

5.7AI score0.00308EPSS
Exploits2References1
wpexploit
wpexploit
added 2024/02/19 12:0 a.m.177 views

Formidable Registration < 2.12 - Contributor+ Arbitrary User Password Reset To Account Takeover

Description The plugin does not prevent users with at least the contributor role from rendering sensitive shortcodes, allowing them to generate, and leak, valid password reset URLs, which they can use to take over any accounts. 1. ADMIN: Install Formidable Pro plugin 2. ADMIN: Install Formidable...

6.8AI score0.00554EPSS
Exploits2
wpexploit
wpexploit
added 2024/01/23 12:0 a.m.177 views

SVG Uploads Support <= 2.1.1 - Author+ Stored XSS via SVG

Description The plugin does not sanitize uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads. Upload an SVG with the following code: alert"xss"; Access the uploaded file directly to see the XSS...

9.3AI score0.00243EPSS
Exploits2
wpexploit
wpexploit
added 2024/01/18 12:0 a.m.177 views

Smart Manager < 8.28.0 - Admin+ SQL Injection

Description The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin. The vulnerability can be demonstrated using the following POST request: POST...

7.3AI score0.03301EPSS
Exploits5
wpexploit
wpexploit
added 2024/01/03 12:0 a.m.177 views

WordPress Users <= 1.4 - Settings Update via CSRF

Description The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack. Create an HTML with the following and open it when logged in as an Editor or above: document.forms0.submit;...

8.8CVSS9.4AI score0.00329EPSS
Exploits2References1
wpexploit
wpexploit
added 2023/10/16 12:0 a.m.177 views

User Registration < 3.0.4.2 - Admin+ Stored XSS

Description The plugin does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. 1. Install and activate this plugin -...

4.8CVSS5.7AI score0.00562EPSS
Exploits2
wpexploit
wpexploit
added 2023/08/02 12:0 a.m.177 views

PostX - Gutenberg Post Grid Blocks < 3.0.6 - Reflected Cross-Site Scripting

Description The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin Make a logged in admin open the URL below the post value is the ID of a post/page creat...

6.1CVSS6.1AI score0.00427EPSS
Exploits2
wpexploit
wpexploit
added 2023/06/26 12:0 a.m.177 views

Querlo Chatbot <= 1.2.4 - Stored Cross-Site Scripting

The plugin does not escape or sanitize chat messages, leading to a stored Cross-Site Scripting vulnerability. Submit the following in the chat message: """ See the XSS in Querlo...

8.7AI score
Exploits1
wpexploit
wpexploit
added 2023/06/12 12:0 a.m.177 views

Tutor LMS < 2.2.1 - Unauthenticated Access to Tutor LMS Lesson Resources via REST API

The plugin does not implement adequate permission checks for REST API endpoints, allowing unauthenticated attackers to access information from Lessons that should not be publicly available. 1. Create a new Course, add a Topic, and add a Lesson to the Topic. 2. In Tutor LMS Settings Course, ensure...

7.5CVSS8.5AI score0.00984EPSS
Exploits2References2
wpexploit
wpexploit
added 2023/04/19 12:0 a.m.177 views

KIWIZ Invoices Certification & PDF System <= 2.1.3 - Unauthenticated Arbitrary File Download

The plugin does not validate the path of files to be downloaded, which could allow unauthenticated attacker to read/downlaod arbitrary files, as well as perform PHAR unserialization assuming they can upload a file on the server To download ../../../../wp-config.php:...

7.5CVSS9.4AI score0.00866EPSS
Exploits2
wpexploit
wpexploit
added 2022/07/18 12:0 a.m.177 views

Google Maps Anywhere <= 1.2.6.3 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape any of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfilteredhtml capability is disallowed for example in multisite setup Put the following payload in any of the plugin settings:...

4.8CVSS1.1AI score0.00493EPSS
Exploits2
wpexploit
wpexploit
added 2022/06/06 12:0 a.m.177 views

Login using WordPress Users < 1.13.4 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfilteredhtml capability is disallowed for example in multisite setup Put the following payload in the "IDP Metadata" "IdP...

4.8CVSS4.7AI score0.00625EPSS
Exploits2
wpexploit
wpexploit
added 2022/05/23 12:0 a.m.177 views

New User Email Set Up <= 0.5.2 - Arbitrary Settings Update via CSRF

The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack document.getElementById"test".submit;...

6.5CVSS0.5AI score0.00513EPSS
Exploits2
wpexploit
wpexploit
added 2021/10/07 12:0 a.m.177 views

Wow Forms <= 3.1.3 - Admin+ SQL Injection

The plugin does not sanitise or escape a 'did' GET parameter before using it in a SQL statement, when deleting a form in the admin dashboard, leading to an authenticated SQL injection https://plugins.trac.wordpress.org/browser/mwp-forms/trunk/admin/partials/main.phpL13 As admin,...

7.2CVSS1.1AI score0.01497EPSS
Exploits2References1
wpexploit
wpexploit
added 2021/05/26 12:0 a.m.177 views

Visitors <= 0.3 - Unauthenticated Stored Cross-Site Scripting (XSS)

The plugin is affected by an Unauthenticated Stored Cross-Site Scripting XSS vulnerability. The plugin would display the user's user agent string without validation or encoding within the WordPress admin panel. $ curl -i http://localhost:10008/ --user-agent "alert1" The payload will be executed o...

6.1CVSS0.1AI score0.01303EPSS
Exploits2
wpexploit
wpexploit
added 2024/05/06 12:0 a.m.176 views

KKProgressbar2 Free <= 1.1.4.2 - Admin+ SQL Injection

Description The plugin does not sanitize and escape a parameter before using it in a SQL statement, allowing admin users to perform SQL injection attacks 1. Send a POST request to /wp-admin/admin.php?page=kkpb-add-project with the BODY action=edit-project&id=sleep5 2. Observe the delay in respons...

7.4AI score0.00547EPSS
Exploits2
wpexploit
wpexploit
added 2024/03/25 12:0 a.m.176 views

Carousel Slider < 2.2.7 - Editor+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup 1. Add a new slider at "Carousel Slide...

5.7AI score0.00484EPSS
Exploits2References1
wpexploit
wpexploit
added 2024/01/10 12:0 a.m.176 views

WP Customer Area < 8.2.1 - Subscriber+ Account Address Leak

Description The plugin does not properly validates user capabilities in some of its AJAX actions, allowing any users to retrieve other user's account address. Run the below command in the developer console of the browser when being logged in the blog as a subscriber and on your own edit account...

6.5CVSS6.5AI score0.00483EPSS
Exploits1
wpexploit
wpexploit
added 2023/10/09 12:0 a.m.176 views

EventPrime < 3.2.0 - Reflected XSS

Description The plugin does not sanitise and escape some parameters before outputting them back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. POC 1 - Visit any of the following pages created by the plugin: - Event Organize...

6.1CVSS6.1AI score0.0042EPSS
Exploits2
wpexploit
wpexploit
added 2023/09/19 12:0 a.m.176 views

Weaver Xtreme Theme Support < 6.3.1 - Admin+ PHP Object Injection

Description The plugin unserialises the content of an imported file, which could lead to PHP object injections issues when a high privilege user import a malicious file and a suitable gadget chain is present on the blog. To simulate a gadget chain, put the following code in a plugin: class Test...

7.2CVSS7.2AI score0.00976EPSS
Exploits2
wpexploit
wpexploit
added 2023/07/24 12:0 a.m.176 views

WP-EMail < 2.69.1 - Admin+ Stored Cross-Site Scripting

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup 1. In the "Email Options" section of t...

4.8CVSS4.7AI score0.00402EPSS
Exploits2
wpexploit
wpexploit
added 2023/06/19 12:0 a.m.176 views

MStore API < 3.9.7 - Subscriber+ Unauthorized Settings Update

The plugin does not secure most of its AJAX actions by implementing privilege checks, nonce checks, or a combination of both. Make sure the site also has WooCommerce installed and activated, then, while logged-in as a subscriber, visit the following URLs: -...

4.3CVSS6.6AI score0.00507EPSS
Exploits3
wpexploit
wpexploit
added 2023/01/12 12:0 a.m.176 views

jQuery T(-) Countdown Widget < 2.3.24 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. tminus t='2100-01-01' width='"...

5.4CVSS2AI score0.00562EPSS
Exploits2
wpexploit
wpexploit
added 2023/01/05 12:0 a.m.176 views

Social Warfare < 4.4.0 - Post Meta Deletion via CSRF

The plugin does not have CSRF checks in some AJAX actions, allowing attackers, to make a logged in admin call them and delete arbitrary post meta as well as reset access tokens related to network via CSRF attacks...

5.4CVSS2.1AI score0.00374EPSS
Exploits2
wpexploit
wpexploit
added 2022/12/20 12:0 a.m.176 views

Mesmerize Companion < 1.6.135 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. Required them...

5.4CVSS0.2AI score0.00575EPSS
Exploits2
wpexploit
wpexploit
added 2022/11/22 12:0 a.m.176 views

SMSA Shipping for WooCommerce < 1.0.5 - Subscriber+ Arbitrary File Download

The plugin does not have authorisation and proper CSRF checks, as well as does not validate the file to be downloaded, allowing any authenticated users, such as subscriber to download arbitrary file from the server Open the following URL when being logged in as any user...

6.5CVSS1.2AI score0.00382EPSS
Exploits2
wpexploit
wpexploit
added 2022/11/17 12:0 a.m.176 views

Flat PM < 3.0.13 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape some parameters before outputting them back in pages, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin v 3.0.13 the blockid needs to start with an existing block ID...

5.4CVSS0.3AI score0.00869EPSS
Exploits2
wpexploit
wpexploit
added 2022/07/26 12:0 a.m.176 views

Coming Soon - Under Construction <= 1.2.0 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitize and escape some of its settings, which could allow high-privileged users to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed As admin, put the following payload in the "More text information" settings of the plugin: The XSS will be triggered...

4.8CVSS4.9AI score0.00513EPSS
Exploits2
wpexploit
wpexploit
added 2022/06/16 12:0 a.m.176 views

WP Paginate < 2.1.9 - Admin+ Stored Cross-Site Scripting

The plugin does not escape one of its settings, which could allow high privilege users to perform Stored Cross-Site Scripting attacks when unfilteredhtml is disallowed Put the following payload on the Preset settings of the plugin: '+accesskey="X"+onclick="alert1"'...

4.8CVSS1.2AI score0.00493EPSS
Exploits2
wpexploit
wpexploit
added 2021/07/28 12:0 a.m.176 views

Poll Maker < 3.2.9 - Reflected Cross-Site Scripting

The Poll Maker WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the mcount parameter found in the /admin/partials/settings/poll-maker-settings.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 3.2.8...

4.3CVSS2.3AI score0.00938EPSS
Exploits2References1
wpexploit
wpexploit
added 2021/02/23 12:0 a.m.176 views

Photo Gallery by 10web < 1.5.69 - Reflected Cross-Site Scripting (XSS)

The plugin did not properly sanitise the bwgsearchX GET parameter, available in a frontend gallery when the Show Search Box setting is enabled disabled by default, leading to a reflected Cross-Site Scripting issue Append the below payload in a page with an embedded gallery and the Show Search Box...

0.3AI score
Exploits0References1
wpexploit
wpexploit
added 2024/05/24 12:0 a.m.175 views

Inquiry Cart <= 3.4.2 - Stored XSS via CSRF

Description The plugin does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack Make a logged in admin open an HTML file containing: alert9995'...

9AI score0.00212EPSS
Exploits2
wpexploit
wpexploit
added 2024/03/25 12:0 a.m.175 views

Smart Forms < 2.6.94 - Subscriber+ Edit Entries via Broken Access Control

Description The plugin does not have proper authorization in some actions, which could allow users with a role as low as a subscriber to call them and perform unauthorized actions While logged as a subscriber, paste the following in your browser's console: fetch'/wp-admin/admin-ajax.php', method:...

6.7AI score0.00534EPSS
Exploits2
Total number of security vulnerabilities4359