Lucene search
K
WpexploitMost viewed

4359 matches found

wpexploit
wpexploit
added 2022/07/19 12:0 a.m.172 views

E Unlocked - Student Result <= 1.0.4 - Arbitrary File Upload via CSRF

The plugin is lacking CSRF and validation when uploading the School logo, which could allow attackers to make a logged in admin upload arbitrary files, such as PHP via a CSRF attack function submitRequest var xhr = new XMLHttpRequest; xhr.open"POST",...

8.8CVSS0.5AI score0.00443EPSS
Exploits2
wpexploit
wpexploit
added 2021/10/07 12:0 a.m.172 views

Chameleon CSS <= 1.2 - Subscriber+ SQL Injection

The plugin does not have any CSRF and capability checks in all its AJAX calls, allowing any authenticated user, such as subscriber to call them and perform unauthorised actions. One of AJAX call, removecss, also does not sanitise or escape the cssid POST parameter before using it in a SQL...

8.8CVSS0.5AI score0.00712EPSS
Exploits2References1
wpexploit
wpexploit
added 2021/03/17 12:0 a.m.172 views

Elementor < 3.1.2 - Authenticated Stored Cross-Site Scripting (XSS) in Image Box Widget

In the plugin, the image box widget includes/widgets/image-box.php accepts a ‘titlesize’ parameter. Although the element control lists a fixed set of possible html tags, it is possible for a user with Contributor or above permissions to send a modified ‘savebuilder’ request containing JavaScript ...

3.5CVSS5.5AI score0.00746EPSS
Exploits2References1
wpexploit
wpexploit
added 2021/02/08 12:0 a.m.172 views

Pricing Table by Supsystic < 1.8.9 - Authenticated SQL Injections

The GET parameter sidx and sord are used in a SQL statement without being sanitised when searching for pricing tables in the dashboard, leading to an authenticated SQL Injection issues...

0.6AI score
Exploits0References1
wpexploit
wpexploit
added 2024/04/24 12:0 a.m.171 views

WP Prayer <= 2.0.9 - Settings Update via CSRF

Description The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack Make a logged in admin open a page containing: input type="hidden"...

6.7AI score0.00258EPSS
Exploits2
wpexploit
wpexploit
added 2024/04/17 12:0 a.m.171 views

SSL Zen <= 4.5.3 - Unauthenticated Private Keys Access

Description The plugin only relies on the use of .htaccess to prevent visitors from accessing the site's generated private keys, which allows an attacker to read them if the site runs on a server who doesn't support .htaccess files, like NGINX. Install the plugin on a server that doesn't support...

6.4AI score0.00413EPSS
Exploits2
wpexploit
wpexploit
added 2024/01/10 12:0 a.m.171 views

EventON (Free < 2.2.7, Premium < 4.5.5) - Admin+ Stored Cross-Site Scripting

Description The plugin does not sanitize and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. 1. Go to the EventON Lite settings an...

4.8CVSS4.7AI score0.0043EPSS
Exploits2
wpexploit
wpexploit
added 2024/01/10 12:0 a.m.171 views

Voting Record <= 2.0 - Subscriber+ Stored XSS

Description The plugin is missing sanitisation as well as escaping, which could allow any authenticated users, such as subscriber to perform Stored XSS attacks Have a subscriber open an HTML file containing the following: ' ' document.forms0.submit; See the XSS when logged in as an admin and...

5.4CVSS5.7AI score0.00403EPSS
Exploits2References1
wpexploit
wpexploit
added 2023/12/21 12:0 a.m.171 views

Post SMTP < 2.8.7 - Reflected Cross-Site Scripting

Description The plugin does not sanitise and escape the msg parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. Make a logged in admin open the following URL:...

6.1CVSS6AI score0.00401EPSS
Exploits2
wpexploit
wpexploit
added 2023/11/21 12:0 a.m.171 views

Quttera Web Malware Scanner < 3.4.2.1 - Admin+ Path Traversal

Description IThe plugin does not validate user input used in a path, which could allow users with an admin role to perform path traversal attacks 1 Go to http://yoursite/wordpress/wp-admin/admin.php?page=qutterawmscannerint 2 Click "Scan Now" 3 Click "Detected Threats" 4 Navigate to some Suspicio...

7.2CVSS9.5AI score0.01061EPSS
Exploits2References1
wpexploit
wpexploit
added 2023/10/16 12:0 a.m.171 views

WP Simple Table Manager Plugin <= 1.5.6 - Admin+ Stored Cross-Site Scripting

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. 1. Click Simple Table Manager then...

4.8CVSS5.5AI score0.00405EPSS
Exploits2References1
wpexploit
wpexploit
added 2023/06/05 12:0 a.m.171 views

USM Premium < 16.3 - Admin+ Stored XSS

The plugin does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example, in multisite setup. Put the payload in any text field of the "8 Do y...

4.8CVSS8.5AI score0.00477EPSS
Exploits3
wpexploit
wpexploit
added 2023/06/04 12:0 a.m.171 views

WP User Switch < 1.0.3 - Subscriber+ Authentication Bypass

The plugin does not properly verify the 'wpuswhoswitch' cookie value, which allows attackers with low-privilege accounts like Subscribers to bypass authentication and login as any other existing user. Log-in as a subscriber onto the affected site. Run the following JS script in your browser's...

8.8CVSS10AI score0.01357EPSS
Exploits1
wpexploit
wpexploit
added 2023/04/26 12:0 a.m.171 views

Booking Manager < 2.0.29 - Subscriber+ SSRF

The plugin does not validate URLs input in it's admin panel or in shortcodes for showing events from a remote .ics file, allowing an attacker with privileges as low as Subscriber to perform SSRF attacks on the sites internal network. As an admin: Type in an internal URL for example...

6.4AI score0.00823EPSS
Exploits2
wpexploit
wpexploit
added 2023/04/17 12:0 a.m.171 views

NEX-Forms < 8.4 - Admin+ SQL Injection

The plugin does not properly escape the table parameter, which is populated with user input, before concatenating it to an SQL query. POST /wp-admin/admin-ajax.php HTTP/1.1 Deleted Headers action=nfupdaterecord&table=Injection Point&editId=1&plugin=shared&title=exploit%60&formfields=/Deleted...

7.2CVSS7.6AI score0.44629EPSS
Exploits3References1
wpexploit
wpexploit
added 2023/04/17 12:0 a.m.171 views

Ultimate Carousel For WPBakery Page Builder <= 2.6 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. The plugin author was made aware of this...

5.4CVSS5.6AI score0.00444EPSS
Exploits2
wpexploit
wpexploit
added 2023/04/10 12:0 a.m.171 views

Product Catalog Feed by PixelYourSite < 2.1.1 - Reflected XSS

The plugin does not sanitise and escape the edit parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as administrators. Make a logged in admin open the following URL:...

6.1CVSS6.3AI score0.00519EPSS
Exploits2
wpexploit
wpexploit
added 2022/12/23 12:0 a.m.171 views

ConvertKit < 2.0.5 - Contributor+ Stored XSS

The plugin does not validate and escapes some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as a contributor to perform Stored Cross-Site Scripting attacks, which could be used against high-privilege users such as admins. Exploit:...

5.4CVSS0.2AI score0.00534EPSS
Exploits2
wpexploit
wpexploit
added 2022/09/14 12:0 a.m.171 views

Multiple Plugins from Viszt Peter - Multiple CSRF

The plugins are lacking CSRF checks in various AJAX actions, which could allow attackers to make logged in Shop Managers and above perform unwanted actions, such as deactivate the plugin's license With the woo-billingo-plus plugin installed, make a logged in user with the editshoporders capabilit...

8.8CVSS1.1AI score0.004EPSS
Exploits2
wpexploit
wpexploit
added 2022/08/29 12:0 a.m.171 views

Visual Composer Website Builder < 45.0.1 - Authenticated Stored XSS via Text Block

The plugin does not sanitise and escape its Text Block fields, which could allow users with access to the plugin's editor to perform Cross-Site Scripting attacks Create a post using the plugin editor, add a Text Block and put the following payload in its content: The XSS will be triggered when...

6.4CVSS5.4AI score0.00489EPSS
Exploits1
wpexploit
wpexploit
added 2022/08/01 12:0 a.m.171 views

Ninja Job Board < 1.3.3 - Resume Disclosure via Directory Listing

The plugin does not protect the directory where it stores uploaded resumes, making it vulnerable to unauthenticated Directory Listing which allows the download of uploaded resumes. curl https://example.com/wp-content/uploads/wpjobboard Search for this path / folder in search engines to find...

7.5CVSS1AI score0.03158EPSS
Exploits2References1
wpexploit
wpexploit
added 2022/05/31 12:0 a.m.171 views

WP Sentry <= 1.0 - Arbitrary Settings Update to Stored XSS via CSRF

The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and lead to Stored Cross-Site Scripting due to the lack of sanitisation and escaping as well ' " document.getElementById"test".submit; "...

4.3CVSS0.8AI score0.00412EPSS
Exploits2
wpexploit
wpexploit
added 2021/11/15 12:0 a.m.171 views

Shiny Buttons <= 1.1.0 - Unauthenticated Stored Cross-Site Scripting

The plugin does not have any authorisation and CSRF in place when saving a template wpbtnsavetemplate function hooked to the init action, nor sanitise and escape them before outputting them in the admin dashboard, which allow unauthenticated users to add a malicious template and lead to Stored...

6.1CVSS5.9AI score0.01167EPSS
Exploits2
wpexploit
wpexploit
added 2021/10/07 12:0 a.m.171 views

SpiderCatalog <= 1.7.3 - Admin+ SQL Injection

The plugin does not sanitise or escape the 'parent' and 'ordering' parameters from the admin dashboard before using them in a SQL statement, leading to a SQL injection when adding a category https://plugins.trac.wordpress.org/browser/catalog/trunk/Categories.phpL320 POST...

7.2CVSS1AI score0.01467EPSS
Exploits2References1
wpexploit
wpexploit
added 2021/08/24 12:0 a.m.171 views

Booster for WooCommerce < 5.4.4 - Authentication Bypass

Versions up to, and including, 5.4.3, of the Booster for WooCommerce WordPress plugin are vulnerable to authentication bypass via the processemailverification function due to a random token generation weakness in the resetandmailactivationlink function found in the...

9.8CVSS0.9AI score0.50869EPSS
Exploits8References1
wpexploit
wpexploit
added 2021/05/27 12:0 a.m.171 views

Sendit WP Newsletter <= 2.5.1 - Authenticated (admin+) SQL Injection

The page lists-management feature of the plugin, available to Administrator users does not sanitise, validate or escape the idlista POST parameter before using it in SQL statement, therefore leading to Blind SQL Injection. time curl -i -s -k -X $'POST' \ -H $'Upgrade-Insecure-Requests: 1' -H...

6.6CVSS0.4AI score0.01338EPSS
Exploits2References1
wpexploit
wpexploit
added 2024/06/05 12:0 a.m.170 views

Muslim Prayer Time BD <= 2.4 - Settings Reset via CSRF

Description The plugin does not have CSRF check in place when reseting its settings, which could allow attackers to make a logged in admin reset them via a CSRF attack Make a logged in admin open an HTML file containing:...

6.7AI score0.00264EPSS
Exploits2
wpexploit
wpexploit
added 2024/04/26 12:0 a.m.170 views

Popup4Phone <= 1.3.2 - Editor+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as Editor to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup 1. Go to "Popup4Phone Settings Form" ...

5.7AI score0.00389EPSS
Exploits2
wpexploit
wpexploit
added 2023/12/21 12:0 a.m.170 views

WP Custom Widget Area <= 1.2.5 - Subscriber+ Menus Creation/Deletion/Update

Description The plugin does not properly apply capability and nonce checks on any of its AJAX action callback functions, which could allow attackers with subscriber+ privilege to create, delete or modify menus on the site. Log in as a subscriber, and paste any of the following fetch call in your...

4.3CVSS6.7AI score0.00389EPSS
Exploits2
wpexploit
wpexploit
added 2023/11/28 12:0 a.m.170 views

WP Mail Log < 1.1.3 – Incorrect Authorization in REST API Endpoints

Description The plugin does not correctly authorize its REST API endpoints, allowing users with the Contributor role to view and delete data that should only be accessible to Admin users. The following actions may be taken by a Contributor user: --- /wmllogs - Information leak Execute the followi...

7.6CVSS7.5AI score0.00499EPSS
Exploits2
wpexploit
wpexploit
added 2023/11/10 12:0 a.m.170 views

Welcart e-Commerce < 2.9.5 - Reflected XSS

Description The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin Make a logged in admin open the URL below:...

6.1CVSS6.5AI score0.00471EPSS
Exploits2
wpexploit
wpexploit
added 2023/04/24 12:0 a.m.170 views

tagDiv Composer < 4.0 - Reflected Cross-site Scripting

The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin Make a logged in admin open a page containing the HTML code below...

6.1CVSS5.7AI score0.00506EPSS
Exploits2
wpexploit
wpexploit
added 2022/11/28 12:0 a.m.170 views

Popup Manager <= 1.6.6 - Unauthenticated Arbitrary Popup Deletion

The plugin does not have authorisation and CSRF checks when deleting popups, which could allow unauthenticated users to delete them As an unauthenticated users, or via CSRF: fetch'/wp-admin/admin-ajax.php', method: 'POST', headers: new Headers 'Content-Type': 'application/x-www-form-urlencoded', ...

4.3CVSS1.7AI score0.00274EPSS
Exploits2
wpexploit
wpexploit
added 2022/11/21 12:0 a.m.170 views

WooCommerce Shipping - DPD baltic < 1.2.57 - Subscriber+ Arbitrary Options Deletion

The plugin does not have authorisation and CSRF in an AJAX action, which could allow any authenticated users, such as subscriber to delete arbitrary options from the blog, which could make the blog unavailable. Run the below command in the developer console of the web browser while being on the...

8.1CVSS0.9AI score0.00424EPSS
Exploits2
wpexploit
wpexploit
added 2022/08/01 12:0 a.m.170 views

Download Manager < 3.2.50 - Bypass IP Address Blocking Restriction

The plugin prioritizes getting a visitor's IP from certain HTTP headers over PHP's REMOTEADDR, which makes it possible to bypass IP-based download blocking restrictions. When downloading a file, add an X-Forwarded-For header that contains a random IP address to your request...

7.5CVSS0.8AI score0.00958EPSS
Exploits2
wpexploit
wpexploit
added 2021/07/02 12:0 a.m.170 views

Workreap < 2.2.2 - Missing Authorization Checks in Ajax Actions

The theme had several AJAX actions missing authorization checks to verify that a user was authorized to perform critical operations such as modifying or deleting objects. This allowed a logged in user to modify or delete objects belonging to other users on the site. log in as arbitrary freelancer...

5.5CVSS1AI score0.01251EPSS
Exploits2References1
wpexploit
wpexploit
added 2021/06/28 12:0 a.m.170 views

ProfilePress 3.0 - 3.1.3 - Authenticated Privilege Escalation

The user profile update functionality of the plugin allowed arbitrary user meta to be supplied, including wpcapabilities, during a profile update which made it possible for users to escalate their privileges to that of an an administrator. 'Hax0r3', 'regemail' = '[email protected]', 'regpassword'...

9.8CVSS0.7AI score0.0412EPSS
Exploits2References1
wpexploit
wpexploit
added 2021/06/28 12:0 a.m.170 views

User Profile Picture < 2.6.0 - Arbitrary User Picture Change/Deletion via IDOR

The plugin was affected by an IDOR issue, allowing users with the uploadimage capability by default author and above to change and delete the profile pictures of other users including those with higher roles. Use a proxy such as Burp Suite to capture the request made when change your own profile...

5.5CVSS0.1AI score0.00775EPSS
Exploits2
wpexploit
wpexploit
added 2021/05/27 12:0 a.m.170 views

Side Menu < 3.1.5 - Authenticated (admin+) SQL Injection

The menu delete functionality of the plugin, available to Administrator users takes the did GET parameter and uses it into an SQL statement without proper sanitisation, validation or escaping, therefore leading to a SQL Injection issue GET...

7.2CVSS0.9AI score0.01565EPSS
Exploits2References1
wpexploit
wpexploit
added 2021/02/16 12:0 a.m.170 views

Ninja Forms < 3.4.34 - Authenticated SendWP Plugin Installation and Client Secret Key Disclosure

The AJAX action, wpajaxninjaformssendwpremoteinstallhandler, did not have a capability check on it, nor did it have any nonce protection, therefore making it possible for low-level users, such as subscribers, to install and activate the SendWP plugin and retrieve the clientsecret key needed to...

0.1AI score0.01439EPSS
Exploits2References1
wpexploit
wpexploit
added 2024/06/10 12:0 a.m.169 views

Quiz And Survey Master < 9.0.2 - Contributor+ SQLi

Description The plugin is vulnerable does not validate and escape the questionid parameter in the qsmbulkdeletequestionfromdatabase AJAX action, leading to a SQL injection exploitable by Contributors and above role 1 You will need a valid nonce for deletion of quiz questions. 2 Sign in as a...

8.1AI score0.00591EPSS
Exploits2References1
wpexploit
wpexploit
added 2024/03/18 12:0 a.m.169 views

SendPress Newsletters <= 1.23.11.6 - Admin+ Stored XSS via Form Settings

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup 1. Click SendPress which is available ...

5.7AI score0.00405EPSS
Exploits2
wpexploit
wpexploit
added 2024/02/14 12:0 a.m.169 views

Bricks < 1.9.6.1 - Unauthenticated Remote Code Execution

Description The plugin does not prevent unauthenticated visitors from running code on vulnerable sites. Run the following JS on any site using the theme: await fetch"/wp-json/bricks/v1/renderelement", "credentials": "include", "headers": "Content-Type": "application/json" , "body":...

7.7AI score
Exploits0References2
wpexploit
wpexploit
added 2024/01/03 12:0 a.m.169 views

Custom User CSS <= 0.2 - Settings Update via CSRF

Description The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack. Create an HTML form with the following content and make a logged in admin open it document.forms0.submit;...

8.8CVSS6.7AI score0.00349EPSS
Exploits2References1
wpexploit
wpexploit
added 2023/12/26 12:0 a.m.169 views

WP SEO Press < 7.3 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed 1. Navigate to http://vulnerable-site.tld/wp-admin/admin.php?page=seopress-titles. 2. Input...

4.8CVSS6AI score0.00402EPSS
Exploits2
wpexploit
wpexploit
added 2023/12/25 12:0 a.m.169 views

Estatik Real Estate Plugin < 4.1.1 - Subscriber+ Arbitrary Option Update

Description The plugin does not prevent user with low privileges on the site, like subscribers, from setting any of the site's options to 1, which could be used to break sites and lead to DoS when certain options are reset Run the below command in the developer console of the web browser while...

6.5CVSS6.7AI score0.0061EPSS
Exploits2
wpexploit
wpexploit
added 2023/10/09 12:0 a.m.169 views

WP Meta and Date Remover < 2.2.0 - Subscriber+ Stored XSS

Description The plugin provides an AJAX endpoint for configuring the plugin settings. This endpoint has no capability checks and does not sanitize the user input, which is then later output unescaped. Allowing any authenticated users, such as subscriber change them and perform Stored Cross-Site...

5.4CVSS5.1AI score0.00377EPSS
Exploits2
wpexploit
wpexploit
added 2023/07/10 12:0 a.m.169 views

Forminator < 1.24.4 - Reflected XSS

The plugin does not properly escape values that are being reflected inside form fields that use pre-populated query parameters, which could lead to reflected XSS attacks. 1. Create a "Contact Us" form from the plugin presets 2. Click on the Message field, go to the "Settings" tab and choose a nam...

6.5AI score0.0354EPSS
Exploits2
wpexploit
wpexploit
added 2023/06/19 12:0 a.m.169 views

Simple Iframe < 1.2.0 - Contributor+ Stored XSS

The plugin does not properly validate one of its WordPress block attribute's content, which may allow users whose role is at least that of a contributor to conduct Stored Cross-Site Scripting attacks. POST /wp-json/wp/v2/posts/60?locale=user HTTP/1.1 Host: 127.0.0.1 Content-Length: 378 sec-ch-ua:...

5.4CVSS8.6AI score0.00452EPSS
Exploits2
wpexploit
wpexploit
added 2023/06/02 12:0 a.m.169 views

Multiple plugins by vcita - Contributor+ Stored Cross-Site Scripting

The plugin does not sanitize and the email field in the plugin settings, which could allow users with roles as low as contributor to inject arbitrary web scripts in the plugin settings page, which could target high privilege users such as administrators...

6.4CVSS6.8AI score0.00755EPSS
Exploits2References3
Total number of security vulnerabilities4359