Lucene search
K
WpexploitMost viewed

4359 matches found

wpexploit
wpexploit
added 2023/01/13 12:0 a.m.169 views

ExactMetrics < 7.12.1 - Contributor+ Stored XSS

The plugin does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. As a contributor, add a "Popular Posts" block and put...

5.4CVSS0.9AI score0.00573EPSS
Exploits2
wpexploit
wpexploit
added 2022/12/22 12:0 a.m.169 views

Anti-Malware Security and Brute-Force Firewall < 4.21.86 - Admin+ PHP Object Injection

The plugin unserializes user input provided via the settings, which could allow high privilege users such as admin to perform PHP Object Injection when a suitable gadget is present. 1. To simulate a gadget chain, put the following code in a plugin: class Evil public function wakeup : void...

0.6AI score
Exploits1
wpexploit
wpexploit
added 2022/03/02 12:0 a.m.169 views

Limit Login Attempts (Spam Protection) < 5.1 - Unauthenticated SQLi

The plugin does not sanitise and escape some parameters before using them in SQL statements via AJAX actions available to unauthenticated users, leading to SQL Injections order and columns parameters are affected curl 'https://example.com/wp-admin/admin-ajax.php' --data...

9.8CVSS1.5AI score0.08852EPSS
Exploits2
wpexploit
wpexploit
added 2021/07/24 12:0 a.m.169 views

AceIDE <= 2.6.2 - Authenticated (admin+) Arbitrary File Access

The plugin does not sanitise or validate the user input which is appended to system paths before using it in various actions, such as to read arbitrary files from the server. This allows high privilege users such as administrator to access any file on the web server outside of the blog directory...

4CVSS1.9AI score0.0157EPSS
Exploits2References1
wpexploit
wpexploit
added 2021/02/08 12:0 a.m.169 views

Ultimate Maps by Supsystic < 1.1.17 - Authenticated SQL Injections

The GET parameters sidx and sord were used in a SQL statement without being sanitised when searching for maps in the dashboard, leading to an authenticated SQL Injection issues...

1.5AI score
Exploits0References2
wpexploit
wpexploit
added 2021/02/08 12:0 a.m.169 views

Digital Publications by Supsystic <= 1.6.11 - Authenticated Stored Cross-Site Scripting (XSS)

When creating or editing a publication, all values such as Area Width, Publication Width are vulnerable to stored XSS. It is possible to store code in all input fields as the code does not sanitize any user input. v1.6.11 attempted to fix the issue by using sanitizetextfield, however the output i...

0.3AI score
Exploits0References1
wpexploit
wpexploit
added 2024/05/24 12:0 a.m.168 views

WordPress Jitsi Shortcode <= 0.1 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup 1. Go to:...

5.6AI score0.00294EPSS
Exploits2
wpexploit
wpexploit
added 2024/03/25 12:0 a.m.168 views

Top Bar < 3.0.5 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup 1. Go to "Top Bar" in WP Admin 2. Save...

5.7AI score0.00441EPSS
Exploits2
wpexploit
wpexploit
added 2024/01/10 12:0 a.m.168 views

EventON (Free < 2.2.8, Premium < 4.5.5) - Reflected XSS

Description The plugins do not properly sanitise and escape a parameter before outputting it back in pages, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin Make a logged in admin open a page with the code below...

6.1CVSS6.1AI score0.00366EPSS
Exploits1
wpexploit
wpexploit
added 2023/12/07 12:0 a.m.168 views

ArtPlacer Widget < 2.20.7 - Editor+ SQLi

Description The plugin does not sanitize and escape the "id" parameter before submitting the query, leading to a SQLI exploitable by editors and above. Note: Due to the lack of CSRF check, the issue could also be exploited via a CSRF against a logged editor or above As an editor, open...

8.8CVSS6.7AI score0.00415EPSS
Exploits2
wpexploit
wpexploit
added 2023/11/06 12:0 a.m.168 views

WP-UserOnline < 2.88.3 - Unauthenticated Stored XSS

Description The plugin does not sanitise and escape the X-Forwarded-For header before outputting its content on the page, which allows unauthenticated users to perform Cross-Site Scripting attacks. curl https://example.com -H 'X-Forwarded-For: ' Then, as a high-privileged user, visit...

6.1CVSS6.1AI score0.0051EPSS
Exploits2
wpexploit
wpexploit
added 2023/06/23 12:0 a.m.168 views

Enable SVG, WebP & ICO Upload <= 1.0.3 - Author+ Stored XSS

The plugin does not sanitize SVG file contents, leading to a Cross-Site Scripting vulnerability. 1. Upload an SVG file with the following contents. 2. View the SVG file on the frontend and see the alerts. alert/XSS2/...

5.4CVSS5.9AI score0.0032EPSS
Exploits1
wpexploit
wpexploit
added 2023/06/19 12:0 a.m.168 views

All In One Redirection < 2.2.0 - Admin+ SQLi

The plugin does not properly sanitise and escape multiple parameters before using them in an SQL statement, leading to a SQL injection exploitable by high privilege users such as admin. When adding a redirection, sourceurlinsert is vulnerable with the payload: sourceurlinsert...

7.2CVSS9.8AI score0.00831EPSS
Exploits2
wpexploit
wpexploit
added 2023/06/15 12:0 a.m.168 views

Contact Form by WD <= 1.13.23 - Admin+ SQLi

The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin 1. When editing a form, go to "Settings MySQL Mapping". 2. Click "Add a Query" 3. When mapping the form to the database in...

9.2AI score0.00933EPSS
Exploits2
wpexploit
wpexploit
added 2023/06/12 12:0 a.m.168 views

Forminator < 1.24.1 - Unauthenticated Race Condition on poll vote

The plugin does not use an atomic operation to check whether a user has already voted, and then update that information. This leads to a Race Condition that may allow a single user to vote multiple times on a poll. 1. Create a poll and publish a page with a poll. 2. Visit the page with the poll. ...

3.1CVSS8.5AI score0.00359EPSS
Exploits2
wpexploit
wpexploit
added 2023/06/02 12:0 a.m.168 views

WooCommerce Box Office < 1.1.52 - Unauthenticated Ticket Barcode Update

The plugin does not have authorisation and CSRF when updating a ticket bar-code, allowing unauthenticated users to perform such action curl https://example.com/wp-admin/admin-ajax.php -d "action=saveticketbarcode&ticketbarcodeimage=xxx&ticketbarcodetext=xxxxx&ticketid=86"...

6.7AI score0.00348EPSS
Exploits1References1
wpexploit
wpexploit
added 2023/05/12 12:0 a.m.168 views

Get Your Number <= 1.1.3 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup 1. In the plugin's settings, enter the payload...

4.8CVSS8.4AI score0.00539EPSS
Exploits2
wpexploit
wpexploit
added 2023/04/19 12:0 a.m.168 views

RapidExpCart <= 1.0 - Stored XSS via CSRF

The plugin does not sanitize and escape the url parameter in the rapidexpcart endpoint before storing it and outputting it back in the page, leading to a Stored Cross-Site Scripting vulnerability which could be used against high-privilege users such as admin, furthermore lack of csrf protection...

5.4CVSS8.3AI score0.00239EPSS
Exploits2
wpexploit
wpexploit
added 2023/04/12 12:0 a.m.168 views

ChatBot < 4.4.5 - Stored XSS via CSRF

The plugin does not escape most of its settings before outputting them back in the dashboard, and does not have a proper CSRF check, allowing attackers to make a logged in admin set XSS payloads in them. Note: v4.4.5 fixed the CSRF issue, the lack of escaping was fixed in 4.5.1 and a separate iss...

6.1CVSS6.5AI score0.00237EPSS
Exploits2
wpexploit
wpexploit
added 2022/12/24 12:0 a.m.168 views

Conditional Payment Methods for WooCommerce <= 1.0 - Admin+ SQLi

The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin|users with a role as low as admin...

7.2CVSS1.9AI score0.00945EPSS
Exploits2References1
wpexploit
wpexploit
added 2022/10/18 12:0 a.m.168 views

ImageMagick-Engine < 1.7.6 - Command Injection via CSRF

The plugin is missing CSRF checks in multiple actions, which could allow attackers to make a logged in admin perform unwanted actions. In this case, it could lead to RCE via Command Injection https://example.com/wp-admin/admin-ajax.php?action=imetestimpath&clipath=payload...

4.4AI score0.01074EPSS
Exploits2References2
wpexploit
wpexploit
added 2022/06/02 12:0 a.m.168 views

Mihdan: No External Links < 5.0.2 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup Put the following payload in any of the text field...

4.8CVSS4.7AI score0.00552EPSS
Exploits2
wpexploit
wpexploit
added 2021/09/06 12:0 a.m.168 views

Enfold Theme < 4.8.4 - Reflected Cross-Site Scripting (XSS)

The Enfold theme was vulnerable to Reflected Cross-Site Scripting XSS. The vulnerability is present on Enfold versions previous than 4.8.4 which use Avia Page Builder. The issue appears when pagination comes in place while navigating on a WordPress site with Enfold theme active. When that occurs,...

6.1CVSS6.1AI score0.02959EPSS
Exploits5
wpexploit
wpexploit
added 2021/07/28 12:0 a.m.168 views

SEO Backlinks <= 4.0.1 - CSRF to Stored XSS

The SEO Backlinks WordPress plugin is vulnerable to Cross-Site Request Forgery via the locconfig function found in the /seo-backlinks.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 4.0.1. CSRF PoC alert1" / alert1" / function csrfSubmit let submit...

6.8CVSS0.7AI score0.0068EPSS
Exploits2References1
wpexploit
wpexploit
added 2024/06/03 12:0 a.m.167 views

SEOPress < 7.8 - Contributor+ Stored XSS

Description The plugin does not sanitise and escape some of its Post settings, which could allow high privilege users such as contributor to perform Stored Cross-Site Scripting attacks. As a contributor, create a new Post, at the bottom of the page put the following payload in the "SEO Title" fie...

5.7AI score0.00337EPSS
Exploits2References1
wpexploit
wpexploit
added 2024/05/17 12:0 a.m.167 views

ArForms < 6.6 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup 1. Add or edit an existing form and in...

7.9AI score0.00351EPSS
Exploits2
wpexploit
wpexploit
added 2024/04/26 12:0 a.m.167 views

Swift Framework < 2024.0.0 - Contributor+ Stored XSS via Shortcode

Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. 1...

5.9AI score0.00332EPSS
Exploits2
wpexploit
wpexploit
added 2024/04/24 12:0 a.m.167 views

HL Twitter <= 2014.1.18 - Unlink Twitter Account via CSRF

Description The plugin does not have CSRF check when unlinking twitter accounts, which could allow attackers to make logged in admins perform such actions via a CSRF attack Make an admin open an HTML file containing: The Twitter connection will be removed API tokens reset to ''...

6.7AI score0.00211EPSS
Exploits2
wpexploit
wpexploit
added 2024/01/05 12:0 a.m.167 views

Woostify Sites Library < 1.4.8 - Subscriber+ Arbitrary Options Update to DoS

Description The plugin does not have authorisation in an AJAX action, allowing any authenticated users, such as subscriber to update arbitrary blog options and set them to 'activated' which could lead to DoS when using a specific option name Login as subscriber, open...

7.1CVSS6.7AI score0.00493EPSS
Exploits2
wpexploit
wpexploit
added 2023/12/25 12:0 a.m.167 views

Estatik Real Estate Plugin < 4.1.1 - Unauthenticated PHP Object Injection

Description The plugin unserializes user input via some of its cookies, which could allow unauthenticated users to perform PHP Object Injection when a suitable gadget chain is present on the blog To simulate a gadget chain, put the following code in a plugin: class Evil public function wakeup :...

9.8CVSS7.2AI score0.00926EPSS
Exploits2
wpexploit
wpexploit
added 2023/12/22 12:0 a.m.167 views

WP Crowdfunding < 2.1.10 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup Affected settings: - Crowdfunding...

4.8CVSS5.7AI score0.00402EPSS
Exploits2
wpexploit
wpexploit
added 2023/12/22 12:0 a.m.167 views

easy.jobs < 2.4.7 - Subscriber+ Arbitrary Settings Update

Description The plugin does not properly secure some of its AJAX actions, allowing any logged-in users to modify its settings. fetch"/wp-admin/admin-ajax.php", "headers": "content-type": "multipart/form-data; boundary=----WebKitFormBoundaryvEIqF0bdJXlPN58D", , "body":...

4.3CVSS6.7AI score0.00405EPSS
Exploits2
wpexploit
wpexploit
added 2023/12/18 12:0 a.m.167 views

Essential Real Estate < 4.4.0 - Subscriber+ Denial of Service via Arbitrary Option Update

Description The plugin does not apply proper capability checks on its AJAX actions, which among other things, allow attackers with a subscriber account to conduct Denial of Service attacks. 1. login, and visit https://vulnerable-site.tld/wp-admin/profile.php?action=delete 2. run the following in...

6.5CVSS6.7AI score0.00609EPSS
Exploits2
wpexploit
wpexploit
added 2023/11/23 12:0 a.m.167 views

SmartCrawl WordPress SEO checker < 3.8.3 - Unauthenticated Password Protected Post Disclosure

Description The plugin does not prevent unauthorised users from accessing password-protected posts' content. As unauthenticated, view the source via the web browser of any password protected post and find The content of the post will be disclosed in the meta and script tags after this, example:...

7.5CVSS6.8AI score0.00756EPSS
Exploits2
wpexploit
wpexploit
added 2023/09/25 12:0 a.m.167 views

WP Matterport Shortcode < 2.1.8 - Contributor+ Stored XSS via shortcode

Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks As a contributor, put the...

5.4CVSS5.4AI score0.00403EPSS
Exploits2References1
wpexploit
wpexploit
added 2023/09/25 12:0 a.m.167 views

WordPress File Upload < 4.23.3 - Author+ Stored Cross-Site Scripting

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as authors to perform Stored Cross-Site Scripting attacks. 1. Add the following shortcode to a post: wordpressfileupload redirect="true" redirectlink="javascript:alert1" 2. Upload...

5.4CVSS5.3AI score0.00394EPSS
Exploits3
wpexploit
wpexploit
added 2023/07/24 12:0 a.m.167 views

Ultimate Addons for Contact Form 7 < 3.1.29 - Reflected XSS

Description The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. 1. Ensure Contact Form 7 is installed, along with this plugin 2. Visit Contact Ultimat...

6.1CVSS6.1AI score0.00482EPSS
Exploits2
wpexploit
wpexploit
added 2023/06/19 12:0 a.m.167 views

TinyMCE Custom Styles < 1.1.4 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. 1. Go to "Settings" » "TinyMCE Custom Styles"...

4.8CVSS5.5AI score0.00451EPSS
Exploits2
wpexploit
wpexploit
added 2023/06/05 12:0 a.m.167 views

Social Media Share Buttons & Social Sharing Icons < 2.8.2 - Admin+ Stored XSS

The plugin does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example, in multisite setup. Put the payload in any text field of the "8 Do y...

4.8CVSS8.5AI score0.00477EPSS
Exploits3
wpexploit
wpexploit
added 2023/04/25 12:0 a.m.167 views

Ko-fi Button < 1.3.3 - Admin+ Stored XSS

The plugin does not properly some of its settings, which could allow high-privilege users to perform Stored Cross-Site Scripting XSS attacks even when the unfilteredhtml capability is disallowed for example in multisite setup, and we consider it a low risk. 1. In the Kofi plugin settings, change...

5.3AI score0.00442EPSS
Exploits2
wpexploit
wpexploit
added 2023/04/19 12:0 a.m.167 views

Bit Form < 1.9 - RCE via Unauthenticated Arbitrary File Upload

The plugin does not validate the file types uploaded via it's file upload form field, allowing unauthenticated users to upload arbitrary files types such as PHP or HTML files to the server, leading to Remote Code Execution. As an unauthenticated user access a form containing a File Upload form...

9.8CVSS6.9AI score0.01785EPSS
Exploits2
wpexploit
wpexploit
added 2023/02/28 12:0 a.m.167 views

WP Plugin Manager < 1.1.8 - Arbitrary Plugin Activation via CSRF

The plugin does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack fetch'https://example.com/wp-admin/admin-ajax.php', method: 'POST', headers: new Headers 'Content-Type':...

4.3CVSS5.6AI score0.00252EPSS
Exploits2
wpexploit
wpexploit
added 2022/08/22 12:0 a.m.167 views

Tutor LMS < 2.0.9 - Reflected Cross-Site Scripting

The plugin does not escape an URL before outputting it back in an attribute, leading to Reflected Cross-Site Scripting The issue was initially fixed in 1.9.13 but re-introduced in 2.0.0 https://example.com/wp-admin/post.php?post=1369&action=edit&settingstab=general&a'alert/XSS/...

0.4AI score
Exploits0
wpexploit
wpexploit
added 2022/08/02 12:0 a.m.167 views

Fluent Support < 1.5.8 - Admin+ SQLi

The plugin does not properly sanitise, validate and escape various parameters before using them in an SQL statement, leading to an SQL Injection vulnerability exploitable by high privilege users With at least one support ticket in the system:...

7.2CVSS0.5AI score0.00966EPSS
Exploits2
wpexploit
wpexploit
added 2022/07/18 12:0 a.m.167 views

mTouch Quiz <= 3.1.3 - Admin+ Stored Cross Site Scripting

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfilteredhtml capability is disallowed for example in multisite setup Put the following payload in any of the delimiter...

4.8CVSS0.5AI score0.00493EPSS
Exploits2
wpexploit
wpexploit
added 2022/06/01 12:0 a.m.167 views

Add Post URL <= 2.1.0 - Arbitrary Settings Update to Stored XSS via CSRF

The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and lead to Stored Cross-Site Scripting due to the lack of sanitisation and escaping " document.getElementById"test".submit; XSS will be...

4.3CVSS0.5AI score0.00412EPSS
Exploits2
wpexploit
wpexploit
added 2021/11/15 12:0 a.m.167 views

ToTop Link <= 1.7.1 - Unauthenticated PHP Object Injection

The plugin passes base64 encoded user input to the unserialize PHP function, which could lead to PHP Object injection if a plugin installed on the blog has a suitable gadget chain. https://example.com/wp-content/plugins/totop-link/trunk/totop-link.css.php?vars=base64encodedpayload...

9.8CVSS9.4AI score0.01841EPSS
Exploits2
wpexploit
wpexploit
added 2024/05/23 12:0 a.m.166 views

Floating Chat Widget < 3.2.3 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. 1. Go "Chaty Create New Widgets 3...

5.7AI score0.00426EPSS
Exploits2References1
wpexploit
wpexploit
added 2024/05/06 12:0 a.m.166 views

Business Card <= 1.0.0 - Card Edit via CSRF

Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions such as editing cards via CSRF attacks Make a logged in admin open an HTML document containing where is a valid ID: " method="post"...

6.7AI score0.0025EPSS
Exploits2
wpexploit
wpexploit
added 2024/01/03 12:0 a.m.166 views

WP Plugin Lister <= 2.1.0 - Settings Update to Stored XSS via CSRF

Description The plugin does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack. Make an admin open an HTML page containing the following code: ' ' document.forms0.submit...

5.4CVSS9AI score0.00216EPSS
Exploits2References1
Total number of security vulnerabilities4359