Lucene search
K
WpexploitMost viewed

4359 matches found

wpexploit
wpexploit
•added 2024/01/03 12:0 a.m.•166 views

Easy SVG Allow <= 1.0 - Author+ Stored XSS via SVG

Description The plugin does not sanitize uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads. Upload an SVG with the following code: alert"xss"; Access the uploaded file directly to trigger the XSS...

5.4CVSS9.3AI score0.0038EPSS
Exploits2
wpexploit
wpexploit
•added 2023/11/28 12:0 a.m.•166 views

WP Mail Log < 1.1.3 – Contributor+ SQL Injection in wml_logs/send_mail endpoint

Description The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as Contributor. Run the following within any page on the site. Notice that the request is delayed by the SLEEP call in th...

8.8CVSS7.4AI score0.10826EPSS
Exploits2
wpexploit
wpexploit
•added 2023/11/27 12:0 a.m.•166 views

so-widgets-bundle < 1.51.0 - Admin+ Local File Inclusion

Description The plugin does not validate user input before using it to generate paths passed to include function/s, allowing users with the administrator role to perform LFI attacks in the context of Multisite WordPress sites. 1. Create a multi-site wordpress setup, i.e. using docker-containers,...

7.2CVSS8.7AI score0.01034EPSS
Exploits2
wpexploit
wpexploit
•added 2023/11/06 12:0 a.m.•166 views

Mmm Simple File List <= 2.3 - Subscriber+ Arbitrary Directory Listing

Description The plugin does not validate the generated path to list files from, allowing any authenticated users, such as subscribers, to list the content of arbitrary directories. Run the below command in the developer console of the web browser while being on the blog as a subscriber user...

4.3CVSS6.1AI score0.00637EPSS
Exploits2
wpexploit
wpexploit
•added 2023/10/09 12:0 a.m.•166 views

Photos and Files Contest Gallery – Contact Form < 21.2.8.1 - Unauthenticated Stored XSS via HTTP Headers

Description The plugin does not sanitise and escape some parameters, which could allow unauthenticated users to perform Cross-Site Scripting attacks via certain headers. 1. Use a proxy such as BurpSuite to add the following header to all requests: X-Forwarded-For: 11.11.11.11 2. Create a gallery...

6.1CVSS6.1AI score0.00501EPSS
Exploits2References1
wpexploit
wpexploit
•added 2023/09/07 12:0 a.m.•166 views

Media Library Assistant < 3.10 - Unauthenticated Local/Remote File Inclusion & Remote Code Execution

Description The plugin is vulnerable to Local File Inclusion and Remote Code Execution in versions up to, and including, 3.09. This is due to insufficient controls on file paths being supplied to the 'mlastreamfile' parameter from the /includes/mla-stream-image.php file, where images are processe...

9.8CVSS9.9AI score0.82585EPSS
Exploits6References3
wpexploit
wpexploit
•added 2023/06/12 12:0 a.m.•166 views

ND Shortcodes < 7.0 - Subscriber+ LFI

The plugin does not validate some shortcode attributes before using them to generate paths passed to include function/s, allowing any authenticated users such as subscriber to perform LFI attacks Run the below command in the developer console of the web browser while being on the blog as a...

8.8CVSS8.5AI score0.01683EPSS
Exploits2
wpexploit
wpexploit
•added 2023/06/12 12:0 a.m.•166 views

CF7 Google Sheets Connector (Free < 5.0.2, Pro < 2.3.7) - Reflected XSS

The plugins do not escape a parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin Make a logged in admin open the URL below cf7-google-sheets-connector -...

6.1CVSS8.1AI score0.00458EPSS
Exploits2
wpexploit
wpexploit
•added 2023/04/12 12:0 a.m.•166 views

ChatBot < 4.4.7 - Unauthenticated PHP Object Injection

The plugin unserializes user input from cookies via an AJAX action available to unauthenticated users, which could allow them to perform PHP Object Injection when a suitable gadget is present on the blog To simulate a gadget chain, put the following code in a plugin: class Evil public function...

9.8CVSS9.6AI score0.34351EPSS
Exploits2
wpexploit
wpexploit
•added 2022/06/14 12:0 a.m.•166 views

Woody Code Snippets < 2.4.6 - Reflected Cross-Site Scripting

The plugin does not escape a generated URLs before outputting them back in an attribute, leading to Reflected Cross-Site Scripting https://example.com/wp-admin/edit.php?posttype=wbcr-snippets&page=import-wbcrinsertphp&a"alert/XSS/...

0.3AI score
Exploits0
wpexploit
wpexploit
•added 2022/04/11 12:0 a.m.•166 views

All In One WP Security < 4.4.11 - Authenticated Arbitrary Redirect / Reflected XSS

The plugin does not validate, sanitise and escape the redirectto parameter before using it to redirect user, either via a Location header, or meta url attribute, when the Rename Login Page is active, which could lead to an Arbitrary Redirect as well as Cross-Site Scripting issue. Exploitation of...

4.7CVSS0.4AI score0.00726EPSS
Exploits2
wpexploit
wpexploit
•added 2021/08/30 12:0 a.m.•166 views

TranslatePress < 2.0.9 - Authenticated Stored Cross-Site Scripting

The plugin does not implement a proper sanitisation on the translated strings. The 'trpsanitizestring' function only removes script tag with a regex, still allowing other HTML tags and attributes to execute javascript, which could lead to authenticated Stored Cross-Site Scripting issues. As admin...

4.8CVSS0.1AI score0.05432EPSS
Exploits5References1
wpexploit
wpexploit
•added 2024/05/31 12:0 a.m.•165 views

Widget Bundle <= 2.0.0 - Unauthencated Reflected XSS

Description The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against only unauthenticated users On a site with the User Login/Registration widget active, have an unauthenticated user send a...

6.2AI score0.00408EPSS
Exploits2
wpexploit
wpexploit
•added 2024/05/17 12:0 a.m.•165 views

Logo Slider < 4.0.0 - Contributor+ Stored XSS

Description The plugin does not validate and escape some of its Slider Settings before outputting them back in attributes, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks 1. Using a contributor account, add a Logo Slider using the Shortco...

8.3AI score0.00295EPSS
Exploits1
wpexploit
wpexploit
•added 2024/05/14 12:0 a.m.•165 views

FS Product Inquiry <= 1.1.1 - Unauthenticated Stored XSS

Description The plugin does not sanitise and escape some form submissions, which could allow unauthenticated users to perform Stored Cross-Site Scripting attacks 1. Add an inquiry form using the shortcode fspi-show-products-list 2. As a non-logged in visitor, enter the payload "...

8.3AI score0.00408EPSS
Exploits2
wpexploit
wpexploit
•added 2024/05/02 12:0 a.m.•165 views

Pet Manager <= 1.4 - Reflected XSS

Description The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin 1. Add a pet and publish the listing 2. View the pet on the frontend of the site and ge...

6AI score0.00347EPSS
Exploits2
wpexploit
wpexploit
•added 2024/04/05 12:0 a.m.•165 views

WP Chat App < 3.6.4 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admins to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed 1. Navigate to http://vulnerable-site.tld/wp-admin/admin.php?page=ntawhatsappfloatingwidge...

6AI score0.00522EPSS
Exploits2References1
wpexploit
wpexploit
•added 2024/03/18 12:0 a.m.•165 views

WPB Show Core < 2.6 - Reflected XSS

Description The plugin does not sanitise and escape some parameters before outputting them back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

6AI score0.00499EPSS
Exploits2
wpexploit
wpexploit
•added 2024/01/11 12:0 a.m.•165 views

Hubbub Lite < 1.32.0 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup As admin, enable the 'Floating Sidebar...

4.8CVSS4.7AI score0.0044EPSS
Exploits2
wpexploit
wpexploit
•added 2024/01/08 12:0 a.m.•165 views

PageLayer < 1.8.0 - Author+ Stored XSS

Description The plugin doesn't prevent attackers with administrator privileges from inserting malicious JavaScript inside a post's header or footer code, even when unfilteredhtml is disallowed, such as in multi-site WordPress configurations. - As a user with Author+ capabilities, create a new pos...

4.8CVSS6.7AI score0.00377EPSS
Exploits2
wpexploit
wpexploit
•added 2023/11/29 12:0 a.m.•165 views

rtMedia for WordPress, BuddyPress and bbPress < 4.6.16 - Subscriber+ RCE

Description The plugin does not validate files to be uploaded, which could allow attackers with a low-privilege account e.g. subscribers to upload arbitrary files such as PHP on the server If plugin JSON API is enabled, any logged-in user may execute arbitrary code by uploading a PHP file. After...

8.8CVSS6.9AI score0.00816EPSS
Exploits2
wpexploit
wpexploit
•added 2023/11/13 12:0 a.m.•165 views

Filr – Secure document library < 1.2.3.6 - Author+ RCE via file upload with phar ext

Description The plugin is vulnerable from an RCE Remote Code Execution vulnerability, which allows the operating system to execute commands and fully compromise the server on behalf of a user with Author-level privileges. 1 Go to main dashboard of plugin...

8.8CVSS7.8AI score0.02024EPSS
Exploits2
wpexploit
wpexploit
•added 2023/10/27 12:0 a.m.•166 views

WP Post Popup <= 3.7.3 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its inputs, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup Enter the following payload in the Close...

4.8CVSS5AI score0.00425EPSS
Exploits2
wpexploit
wpexploit
•added 2023/09/25 12:0 a.m.•165 views

Bookly < 22.4 - Admin+ SQLi

Description The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin Go to Bookly Settings Logs Do a search and intercept the request The parameter columns%5B0%5D%5Bdata%5D with...

7.2CVSS7.3AI score0.00717EPSS
Exploits2
wpexploit
wpexploit
•added 2023/09/01 12:0 a.m.•165 views

Activity Log < 2.8.8 - IP Spoofing

Description This plugin retrieves client IP addresses from potentially untrusted headers, allowing an attacker to manipulate its value. This may be used to hide the source of malicious traffic. Run the following code in the web browser and note on the backend that the IP address has been faked...

5.3CVSS5.4AI score0.00627EPSS
Exploits2
wpexploit
wpexploit
•added 2023/08/14 12:0 a.m.•165 views

User Activity Log < 1.6.7 - IP Spoofing

Description This plugin retrieves client IP addresses from potentially untrusted headers, allowing an attacker to manipulate its value. This may be used to hide the source of malicious traffic. 1. In User Activity Log Settings, enable the setting "Allow Ip Address of users to log." and save...

7.5CVSS7.6AI score0.00853EPSS
Exploits2
wpexploit
wpexploit
•added 2023/06/02 12:0 a.m.•165 views

Multiple plugins by vcita - CSRF to Stored XSS in settings page

The plugin does not protect the live-site-parse-vcita-callback settings page against CSRF attacks, allowing an unauthenticated attacker to inject arbitrary web scripts by tricking a logged in user with contributor role or higher to click a link...

6.5CVSS7AI score0.00419EPSS
Exploits2References3
wpexploit
wpexploit
•added 2023/02/28 12:0 a.m.•165 views

WP Shamsi <= 4.3.3 - Subscriber+ Attachment Deletion

The plugin has CSRF and broken access control vulnerabilities which leads user with role as low as subscriber delete attachment. Exploit 1 attachment id delete: fetch'http://localhost/wp-admin/admin-ajax.php', method: 'POST', headers: new Headers 'Content-Type': 'application/x-www-form-urlencoded...

6.5CVSS7.2AI score0.01003EPSS
Exploits2
wpexploit
wpexploit
•added 2023/01/11 12:0 a.m.•165 views

ResponsiveVoice Text To Speech < 1.7.7 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. responsivevoicebutton voice='"; alert1; "'...

5.4CVSS1.3AI score0.00623EPSS
Exploits2
wpexploit
wpexploit
•added 2022/11/28 12:0 a.m.•165 views

Directorist < 7.4.4 - Subscriber+ Sensitive Information Disclosure

The plugin does not prevent users with low privileges like subscribers from accessing sensitive system information. fetch'http://wpscan.local/wp-admin/admin-ajax.php', method: 'POST', headers: new Headers 'Content-Type': 'application/x-www-form-urlencoded', , body: 'action=sendsysteminfo',...

6.5CVSS1.5AI score0.00699EPSS
Exploits2
wpexploit
wpexploit
•added 2022/07/04 12:0 a.m.•165 views

Unyson < 2.7.27 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting https://example.com/wp-admin/admin.php?page=fw-extensions&sub-page=extension&extension=feedbackalert/XSS/...

7.2CVSS0.7AI score0.01448EPSS
Exploits2
wpexploit
wpexploit
•added 2022/05/10 12:0 a.m.•165 views

WP Statistics < 13.2.2 - Reflected Cross-Site Scripting

The plugin does not sanitise the REQUESTURI parameter before outputting it back in the rendered page, leading to Cross-Site Scripting XSS in web browsers which do not encode characters GET /wp-admin/admin.php?page=wpssettingspage&a=confirm/XSS/ HTTP/1.1 Accept:...

6.1CVSS1.1AI score0.00857EPSS
Exploits2
wpexploit
wpexploit
•added 2021/11/08 12:0 a.m.•165 views

Tawk.to Live Chat < 0.6.0 - Subscriber+ Visitor Monitoring & Chat Removal

The plugin does not have capability and CSRF checks in the tawktosetwidget and tawktoremovewidget AJAX actions, available to any authenticated user. The first one allows low-privileged users including simple subscribers to change the 'tawkto-embed-widget-page-id' and 'tawkto-embed-widget-widget-i...

8CVSS7.7AI score0.00519EPSS
Exploits2
wpexploit
wpexploit
•added 2021/07/24 12:0 a.m.•165 views

M-vSlider <= 2.1.3 - Authenticated (admin+) SQL Injection

The update functionality in the rsliderpage uses an rsid POST parameter which is not validated, sanitised or escaped before being inserted in sql query, therefore leading to SQL injection for users having Administrator role. POST /wp-admin/admin.php?page=rsliderpage&updated=true HTTP/1.1 Host:...

6.5CVSS0.8AI score0.01547EPSS
Exploits2References1
wpexploit
wpexploit
•added 2021/07/24 12:0 a.m.•165 views

Project Status <= 1.6 - Reflected Cross-Site Scripting (XSS)

The pspinduplicatepostsaveasnewpost function of the plugin does not sanitise, validate or escape the post GET parameter passed to it before outputting it in an error message when the related post does not exist, leading to a reflected XSS issue Open the below URL as any authenticated user...

3.5CVSS0.3AI score0.00675EPSS
Exploits2References1
wpexploit
wpexploit
•added 2021/07/23 12:0 a.m.•165 views

GTranslate < 2.8.65 - Reflected Cross-Site Scripting (XSS)

In the Pro and Enterprise versions of GTranslate alert123;...

4.3CVSS1.6AI score0.01572EPSS
Exploits2References1
wpexploit
wpexploit
•added 2024/06/05 12:0 a.m.•164 views

Simple Photoswipe <= 0.1 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. 1 As admin, go to plugin settings...

5.7AI score0.00281EPSS
Exploits2
wpexploit
wpexploit
•added 2024/05/14 12:0 a.m.•164 views

WP eMember < 10.3.9 - Reflected XSS

Description The plugin does not sanitize and escape the "fieldId" parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting. https://www.example.com/wp-admin/admin-ajax.php?fieldId=alertdocument.cookie&action=checkname...

9.3AI score0.0044EPSS
Exploits2
wpexploit
wpexploit
•added 2024/05/02 12:0 a.m.•164 views

Button contact VR <= 4.7 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup Click on the "Button contact" and chan...

5.7AI score0.0033EPSS
Exploits2References1
wpexploit
wpexploit
•added 2024/01/16 12:0 a.m.•164 views

EazyDocs < 2.4.0 - Subscriber+ Arbitrary Posts Deletion and Document Management

Description The plugin re-introduced CVE-2023-6029 https://wpscan.com/vulnerability/7a0aaf85-8130-4fd7-8f09-f8edc929597e/ in 2.3.8, allowing any authenticated users, such as subscriber to delete arbitrary posts, as well as add and delete documents/sections. The issue was partially fixed in 2.3.9....

7.5AI score0.00424EPSS
Exploits4
wpexploit
wpexploit
•added 2023/09/25 12:0 a.m.•164 views

Vrm 360 3D Model Viewer <= 1.2.1 - Full Path Disclosure

Description The plugin exposes the full path of a file when putting in a non-existent file in a parameter of the shortcode. 1. Create a page 2. Place the shortcode vrm360 canvasname=s1 modelurl=SACharacter.zip aspectratio=1.8 initialoffset=0.9 on the page SACharacter.zip should be a non-existent...

5.3CVSS5.4AI score0.00545EPSS
Exploits2
wpexploit
wpexploit
•added 2023/07/17 12:0 a.m.•164 views

Bubble Menu < 3.0.5 - Admin+ Stored XSS

Description The plugin does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example, in multisite setup. 1. Click on the "Add new" tab. 2...

4.8CVSS4.8AI score0.00636EPSS
Exploits2
wpexploit
wpexploit
•added 2023/05/22 12:0 a.m.•164 views

Integration for Contact Form 7 and Zoho CRM, Bigin < 1.2.4 - Admin+ SQLi

The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin 1. Send a GET request with...

4.8CVSS9.8AI score0.0044EPSS
Exploits2
wpexploit
wpexploit
•added 2023/04/25 12:0 a.m.•164 views

Tiempo.com <= 0.1.2 - Reflected XSS

The plugin does not sanitise and escape the page parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin Make a logged in admin open a page with the code below ' /...

6.4AI score0.0085EPSS
Exploits2
wpexploit
wpexploit
•added 2023/03/22 12:0 a.m.•164 views

Waiting: One-click Countdowns <= 0.6.2 - Subscriber+ SQLi

The plugin does not properly sanitise and escape the pbcdownmetaid parameter before using it in a SQL statement via the pbcsavedowns AJAX action, leading to a SQL injection exploitable by any authenticated users, such as subscriber Run the below command in the developer console of the web browser...

8.8CVSS9.2AI score0.00872EPSS
Exploits2References1
wpexploit
wpexploit
•added 2022/07/04 12:0 a.m.•164 views

Ivory Search < 5.4.7 - Reflected Cross-Site Scripting

The plugin does not escape some URLs before outputting them back in attributes, leading to Reflected Cross-Site Scripting When the plugin displays the usage notice: https://example.com/wp-admin/plugins.php?"alert/XSS/...

0.2AI score
Exploits0
wpexploit
wpexploit
•added 2022/05/30 12:0 a.m.•164 views

PDF24 Article To PDF <= 4.2.2 - Arbitrary Settings Update via CSRF

The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack input t...

6.5CVSS0.00513EPSS
Exploits2
wpexploit
wpexploit
•added 2022/05/26 12:0 a.m.•164 views

Post Grid, Slider & Carousel Ultimate < 1.5.0 - Admin+ Stored XSS

The plugin does not sanitise and escape the Header Title, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. Create a new Grid/Caroussel, in the General Settings, enable "Display Header Title" and put the following...

4.8CVSS0.1AI score0.00552EPSS
Exploits2
wpexploit
wpexploit
•added 2022/05/09 12:0 a.m.•164 views

External Links in New Window / New Tab < 1.43 - Tabnabbing

The plugin does not ensure window.opener is set to "null" when links to external sites are clicked, which may enable tabnabbing attacks to occur. Create an external link, check window.opener in the newly opened tab after clicking the external link...

6.5CVSS0.5AI score0.01265EPSS
Exploits2
wpexploit
wpexploit
•added 2022/02/28 12:0 a.m.•164 views

AP Mega Menu < 3.0.8 - Reflected Cross-Site Scripting

The plugin does not sanitize and escape the wpnonce parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting. https://example.com/wp-admin/admin.php?page=wpmm-add-theme&wpnonce="...

6.1CVSS1.2AI score0.00853EPSS
Exploits2References1
Total number of security vulnerabilities4359