Lucene search
K
WpexploitMost viewed

4359 matches found

wpexploit
wpexploit
added 2022/02/28 12:0 a.m.164 views

AP Mega Menu < 3.0.8 - Reflected Cross-Site Scripting

The plugin does not sanitize and escape the wpnonce parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting. https://example.com/wp-admin/admin.php?page=wpmm-add-theme&wpnonce="...

6.1CVSS1.2AI score0.00853EPSS
Exploits2References1
wpexploit
wpexploit
added 2021/06/15 12:0 a.m.164 views

RSS for Yandex Turbo <= 1.30 - Authenticated Stored XSS

The plugin does not sanitise or escape some of its settings before saving and outputing them in the admin dashboard, leading to an Authenticated Stored Cross-Site Scripting issue even when the unfilteredhtml capability is disallowed. Vulnerable parameters: &ytnetw=, &ytnetwspan=, &ytfeedbacknetw=...

3.5CVSS0.7AI score0.00547EPSS
Exploits1References1
wpexploit
wpexploit
added 2024/06/10 12:0 a.m.163 views

Quiz And Survey Master < 9.0.2 - Contributor+ Stored XSS

Description The plugin does not validate and escape some of its Quiz fields before outputting them back in a page/post where the Quiz is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks 1. Go to to Quizzes & Surveys 2. Add/edit a...

5.9AI score0.00351EPSS
Exploits2References1
wpexploit
wpexploit
added 2024/05/27 12:0 a.m.163 views

PostX < 4.1.0 - Contributor+ Stored XSS

Description The plugin does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks As a contributor, put the below code in a...

8.3AI score0.0043EPSS
Exploits2References1
wpexploit
wpexploit
added 2024/04/30 12:0 a.m.163 views

Sailthru Triggermail <= 1.1 - Reflected XSS

Description The plugin does not sanitise and escape various parameters before outputting them back in pages and attributes, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin Make a logged in admin open: alert23' /...

8.5AI score0.00367EPSS
Exploits3
wpexploit
wpexploit
added 2024/04/24 12:0 a.m.163 views

WP Prayer <= 2.0.9 - Email Settings Update via CSRF

Description The plugin does not have CSRF check in place when updating its email settings, which could allow attackers to make a logged in admin change them via a CSRF attack Make a logged in admin open an HTML file containing:...

6.7AI score0.0035EPSS
Exploits2
wpexploit
wpexploit
added 2024/04/18 12:0 a.m.163 views

Ungallery <= 2.2.4 - Stored XSS via CSRF

Description The plugin does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack Make a logged in admin open an HTML file containing the following: /" alert2' Save Changes...

5.9AI score0.00224EPSS
Exploits2
wpexploit
wpexploit
added 2024/02/02 12:0 a.m.163 views

Smart Forms < 2.6.87 - Subscriber+ Arbitrary Entry Deletion

Description The plugin does not have authorisation in various AJAX actions, which could allow users with a role as low as subscriber to call them and perform unauthorised actions such as deleting entries. The plugin also lacks CSRF checks in some places which could allow attackers to make logged ...

6.7AI score0.00217EPSS
Exploits2
wpexploit
wpexploit
added 2024/01/10 12:0 a.m.163 views

WP Customer Area < 8.2.1 - Subscriber+ Account Address Update

Description The plugin does not properly validate users capabilities in some of its AJAX actions, allowing malicious users to edit other users' account address. You may get the nonce from your save address form fetch"https://example.com/wp-admin/admin-ajax.php", "headers": "content-type":...

4.3CVSS4.7AI score0.00394EPSS
Exploits1
wpexploit
wpexploit
added 2024/01/10 12:0 a.m.163 views

EventON (Free < 2.2.8, Premium < 4.5.5) - Unauthenticated Virtual Event Password Disclosure

Description The plugins do not have authorisation in an AJAX action, allowing unauthenticated users to retrieve the settings of arbitrary virtual events, including any meeting password set for example for Zoom curl -X POST --data "eid=240"...

5.3CVSS5.6AI score0.00453EPSS
Exploits1
wpexploit
wpexploit
added 2023/12/07 12:0 a.m.163 views

WP Staging (Free < 3.1.3, Pro < 5.1.3) - Unauthenticated Backup Download

Description The plugin does not prevent visitors from leaking key information about ongoing backups processes, allowing unauthenticated attackers to download said backups later. The plugin creates temporary cache files when backing up sites, which are publicly accessible to anyone. Said cache fil...

7.5CVSS6.6AI score0.00782EPSS
Exploits2References1
wpexploit
wpexploit
added 2023/09/25 12:0 a.m.163 views

ActivityPub for WordPress < 1.0.0 - Subscriber+ Arbitrary Post Content Disclosure

Description The plugin does not ensure that post contents to be displayed are public and belong to the plugin, allowing any authenticated user, such as subscriber to retrieve the content of arbitrary post such as draft and private via an IDOR vector. Password protected posts are not affected by...

4.3CVSS4.4AI score0.00468EPSS
Exploits2
wpexploit
wpexploit
added 2023/09/25 12:0 a.m.163 views

NextGEN Gallery < 3.39 - Admin+ Arbitrary File Read and Delete

Description The plugin is vulnerable to Arbitrary File Read and Delete due to a lack of input parameter validation in the galleryedit function, allowing an attacker to access arbitrary resources on the server. 1. Create a Gallery called "My Gallery" and note its ID. 2. Run the following code in...

7.2CVSS7.1AI score0.00812EPSS
Exploits2
wpexploit
wpexploit
added 2023/07/10 12:0 a.m.163 views

WooCommerce Pre-Orders < 2.0.3 - Unauthorised Actions via CSRF

The plugin has a flawed CSRF check when processing its tab actions, which could allow attackers to make logged in admins email pre-orders customer, change the released date, mark all pre-orders of a specific product as complete or cancel via CSRF attacks Make a logged in admin open an HTML page...

6.8AI score0.00261EPSS
Exploits2
wpexploit
wpexploit
added 2023/06/19 12:0 a.m.163 views

HTTP Headers < 1.18.11 - Admin+ Remote Code Execution

This plugin allows arbitrary data to be written to arbitrary files, leading to a Remote Code Execution vulnerability. --- " and Password as any value. 4. Navigate to Settings HTTP Headers Advanced settings and set the "Location of .hh-htpasswd" field to its previous value this is only required on...

7.2CVSS9.6AI score0.0132EPSS
Exploits2
wpexploit
wpexploit
added 2023/06/05 12:0 a.m.163 views

CodeColorer < 0.10.1 – Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup 1. In the plugin's settings, add the payload "aler...

4.8CVSS8.4AI score0.00442EPSS
Exploits2
wpexploit
wpexploit
added 2023/06/05 12:0 a.m.163 views

Catalyst Connect Zoho CRM Client Portal < 2.1.0 - Reflected XSS

The plugin does not sanitize and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high-privilege users such as admin. Make a logged-in admin a page with the code below: Note: Make sure in Client Portal the company...

6.1CVSS8.7AI score0.00458EPSS
Exploits2
wpexploit
wpexploit
added 2023/04/17 12:0 a.m.163 views

Membership Database <= 1.0 - Reflected XSS

The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin Make a logged in admin open a page with the code below...

6.1CVSS8.6AI score0.0085EPSS
Exploits2
wpexploit
wpexploit
added 2023/02/14 12:0 a.m.163 views

Popup Builder by OptinMonster < 2.12.2 - Subscriber+ Arbitrary Post Content Disclosure

The plugin does not ensure that the campaign to be loaded via some shortcodes is actually a campaign, allowing any authenticated users such as subscriber to retrieve the content of arbitrary posts, like draft, private or even password protected ones. Run one of the below commands in the developer...

6.5CVSS7.1AI score0.00778EPSS
Exploits2
wpexploit
wpexploit
added 2023/02/13 12:0 a.m.163 views

WooCommerce Checkout Field Manager < 18.0 - Unauthenticated Arbitrary File Upload

The plugin does not validate files to be uploaded, which could allow unauthenticated attackers to upload arbitrary files such as PHP on the server 1. Install and activate woocommerce dependency, no setup required 2. Install and active the vulnerable plugin n-media-woocommerce-checkout-fields 17.2...

9.8CVSS9.5AI score0.04427EPSS
Exploits2
wpexploit
wpexploit
added 2022/11/21 12:0 a.m.163 views

WP Memory < 2.46 - Subscriber+ Arbitrary Plugin Installation

The plugin does not have proper authorisation and CSRF in an AJAX action, allowing any authenticated users, such as subscriber to call it and install and activate arbitrary plugins from wordpress.org Run the below command in the developer console of the web browser while being on the blog as a...

6.5CVSS1AI score0.00327EPSS
Exploits2
wpexploit
wpexploit
added 2022/08/01 12:0 a.m.163 views

WP phpMyAdmin < 5.2.0.4 - Admin+ Stored Cross-Site Scripting

The plugin does not escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfilteredhtml capability is disallowed for example in multisite setup Put the following payload in the "phpMyAdmin on hosting" settings...

4.8CVSS0.5AI score0.00642EPSS
Exploits2
wpexploit
wpexploit
added 2022/05/30 12:0 a.m.163 views

Events Made Easy < 2.2.81 - Unauthenticated SQLi

The plugin does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection Obtain a valid nonce visit the "Events" page, default is /events/, and extract it from the source while looking for...

9.8CVSS1.2AI score0.36655EPSS
Exploits2
wpexploit
wpexploit
added 2022/05/23 12:0 a.m.163 views

Appointment Hour Booking < 1.3.56 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape a settings of its Calendar fields, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml is disallowed. Create/edit a calendar, and put the following payload in the "Additional CSS Class" settings of a...

4.8CVSS4.8AI score0.00565EPSS
Exploits2
wpexploit
wpexploit
added 2022/05/02 12:0 a.m.163 views

StaffList < 3.1.5 - Admin+ SQLi

The plugin does not properly sanitise and escape a parameter before using it in a SQL statement when searching for Staff in the admin dashboard, leading to an SQL Injection https://example.com/wp-admin/admin.php?page=stafflist&search=test%'+AND+SELECT+42+FROM+SELECTSLEEP5b+AND+'aa%'='aa...

9.8CVSS1.6AI score0.2038EPSS
Exploits2References2
wpexploit
wpexploit
added 2022/03/30 12:0 a.m.163 views

Donorbox < 7.1.7 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape its Campaign URL settings before outputting it in an attribute, leading to a Stored Cross-Site Scripting issue even when the unfilteredhtml capability is disallowed Put the following payload in the Campaign URL settings of the plugin: "...

4.8CVSS4.9AI score0.00975EPSS
Exploits2References1
wpexploit
wpexploit
added 2022/03/30 12:0 a.m.163 views

Cab fare calculator < 1.0.4 - Unauthenticated LFI

The plugin does not validate the controller parameter before using it in require statements, which could lead to Local File Inclusion issues. Despite what the original advisory claims, the issue is not exploitable by accessing the file directly as a fatal error is triggered before the vulnerable...

9.8CVSS2AI score0.13592EPSS
Exploits2References2
wpexploit
wpexploit
added 2022/03/08 12:0 a.m.163 views

Google Pagespeed Insights < 4.0.4 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape various parameters before outputting them back in attributes in the plugin's settings dashboard, leading to Reflected Cross-Site Scripting...

6.1CVSS0.2AI score0.00863EPSS
Exploits2References1
wpexploit
wpexploit
added 2021/07/14 12:0 a.m.163 views

Video Posts Webcam Recorder < 3.2.4 - Authenticated Reflected XSS

The plugin has an authenticated reflected cross site scripting XSS vulnerability in one of the administrative functions for handling deletion of videos. .../wp-content/plugins/video-posts-webcam-recorder/posts/videowhisper/recordedvideos.php?delete=%3Cscript%3Ealert1%3C/script%3E...

3.5CVSS1.1AI score0.0062EPSS
Exploits2
wpexploit
wpexploit
added 2021/06/29 12:0 a.m.163 views

FAQ Builder < 1.3.6 - Authenticated Blind SQL Injections

The getfaqs function in the plugin did not use whitelist or validate the orderby parameter before using it in SQL statements passed to the getresults DB calls, leading to SQL injection issues in the admin dashboard SQLMAP: python sqlmap.py -r r.txt -p orderby --level 5 --risk 3 --dbms MySQL...

6.5CVSS0.6AI score0.01362EPSS
Exploits2
wpexploit
wpexploit
added 2021/02/08 12:0 a.m.163 views

Newsletter by Supsystic <= 1.5.6 - Authenticated SQL Injection

The GET parameter "sidx" is used in a SQL statement without being sanitised when searching for subscribers in the dashboard, leading to an authenticated SQL Injection issue. The PoC will be displayed once the issue has been remediated...

0.8AI score
Exploits0References1
wpexploit
wpexploit
added 2024/05/06 12:0 a.m.162 views

Business Card <= 1.0.0 - Category Deletion via CSRF

Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions such as deleting card categories via CSRF attacks Make a logged in admin open an HTML document containing:...

6.7AI score0.00185EPSS
Exploits2
wpexploit
wpexploit
added 2024/03/27 12:0 a.m.162 views

WP Staging (Free < 3.4.0, Pro < 5.4.0) - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup 1. Go to "WP Staging Backup & Migratio...

5.7AI score0.00423EPSS
Exploits2References1
wpexploit
wpexploit
added 2024/03/25 12:0 a.m.162 views

WP User Profile Avatar <= 1.0.1 - Contributor+ Stored XSS

Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks Enter the following shortcode in...

8.3AI score0.0042EPSS
Exploits2References1
wpexploit
wpexploit
added 2024/02/20 12:0 a.m.162 views

Enjoy Social Feed <= 6.2.2 - Unauthenticated Arbitrary Instagram Account Unlinking

Description The plugin does not have authorisation and CSRF in various function hooked to admininit, allowing unauthenticated users to call them and unlink arbitrary users Instagram Account for example As unauthenticated, open the following URL to unlink the Instagram account of the user with ID ...

7.1AI score0.00351EPSS
Exploits2
wpexploit
wpexploit
added 2024/01/29 12:0 a.m.162 views

User Activity Tracking and Log < 4.1.4 - IP Spoofing

Description This plugin retrieves client IP addresses from potentially untrusted headers, allowing an attacker to manipulate its value. 1. Add X-Forwarded-For: 11.11.11.11 to any request which will be in activity log. For example in creation of new post. 2. View the activity log and see that the...

9.5AI score0.0031EPSS
Exploits2References1
wpexploit
wpexploit
added 2024/01/12 12:0 a.m.162 views

Ultimate Maps by Supsystic < 1.2.16 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed Go to the Marker Categories settings of the plugin...

4.8CVSS4.8AI score0.00416EPSS
Exploits1
wpexploit
wpexploit
added 2023/11/21 12:0 a.m.162 views

WP All Export (Free < 1.4.1, Pro < 1.8.6) - Remote Code Execution via CSRF

Description The plugin does not check nonce tokens early enough in the request lifecycle, allowing attackers to make logged in users perform unwanted actions leading to remote code execution. Submit the following form as a Super Admin notice that it does not contain a nonce. Despite the error,...

8.8CVSS9.7AI score0.0055EPSS
Exploits2
wpexploit
wpexploit
added 2023/08/31 12:0 a.m.162 views

Multiple Plugins from ServMask - Unauthenticated Access Token Update

Description The plugins do not have authorisation in the init function hooked to the admininit action, allowing unauthenticated attackers to update the access token With the All-in-One WP Migration Box Extension installed, open the below URL as unauthenticated:...

6.7AI score0.09666EPSS
Exploits1
wpexploit
wpexploit
added 2023/08/21 12:0 a.m.163 views

Appointment booking addon for Gravity Forms < 1.10.0 - Reflected Cross-Site Scripting

Description The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against admin 1. Create a "Service" and a "Provider" under the "gAppointments" sidebar menu. 2. Create a new form within Gravity...

6.1CVSS6.2AI score0.00396EPSS
Exploits2
wpexploit
wpexploit
added 2023/07/03 12:0 a.m.162 views

User Activity Log < 1.6.3 - Admin+ SQL Injection

The plugin does not properly sanitise and escape the txtsearch parameter before using it in a SQL statement in some admin pages, leading to a SQL injection exploitable by high privilege users such as admin. As an admin, visit either of the following URL's. Note that it takes several seconds for t...

7.2CVSS7.3AI score0.00717EPSS
Exploits2
wpexploit
wpexploit
added 2023/04/19 12:0 a.m.162 views

Ad Inserter < 2.7.27 - Admin+ PHP Object Injection

The plugin unserializes user input provided via the settings, which could allow high privilege users such as admin to perform PHP Object Injection when a suitable gadget is present To simulate a gadget chain, put the following code in a plugin: class Evil public function wakeup : void die"Arbitra...

7.2CVSS9.5AI score0.16903EPSS
Exploits2
wpexploit
wpexploit
added 2023/04/17 12:0 a.m.162 views

Ultimate Carousel For Elementor <= 2.1.7 - Contributor+ Stored XSS

The plugin does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. The plugin author was made aware of this vulnerability...

5.4CVSS5.6AI score0.00444EPSS
Exploits2
wpexploit
wpexploit
added 2023/03/07 12:0 a.m.162 views

Coming Soon & Maintenance < 4.1.7 - Unauthenticated Post/Page Access in Maintenance Mode

The plugin does not restrict access to published and non protected posts/pages when the maintenance mode is enabled, allowing unauthenticated users to access them Run the below command in the developer console of the web browser while being on the blog as unauthenticated, when maintenance mode is...

5.3CVSS6.2AI score0.01414EPSS
Exploits1
wpexploit
wpexploit
added 2022/12/16 12:0 a.m.162 views

Vision Interactive For WordPress < 1.5.4 - Contributor+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow users such as contributor+ to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. 1. Create a new vision item with whatever role, even if it's an Administrator 2. Connect...

5.4CVSS0.3AI score0.00471EPSS
Exploits2
wpexploit
wpexploit
added 2022/12/05 12:0 a.m.162 views

Contest Gallery < 19.1.5 - Admin+ SQL Injection

The plugins do not escape the wpuserid GET parameter before concatenating it to an SQL query in management-show-user.php. This may allow malicious users with administrator privileges i.e. on multisite WordPress configurations to leak sensitive information from the site's database. Exploit 1: The...

4.9CVSS0.5AI score0.00846EPSS
Exploits2References1
wpexploit
wpexploit
added 2022/11/16 12:0 a.m.162 views

Image Hover Effects < 5.5 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. Go to the plugin settings Image Hover Effects Ima...

4.8CVSS4.7AI score0.00532EPSS
Exploits2
wpexploit
wpexploit
added 2022/11/16 12:0 a.m.162 views

Directorist < 7.4.2.2 - Subscriber+ Arbitrary User Password Update via IDOR

The plugin suffers from an IDOR vulnerability which an attacker can exploit to change the password of arbitrary users instead of his own. The following Python script automates the exploitation of this vulnerability. The script was tested on an installation of WordPress 6.1 with the vulnerable...

6.5CVSS0.6AI score0.00606EPSS
Exploits2
wpexploit
wpexploit
added 2022/08/15 12:0 a.m.162 views

Multivendor Marketplace Solution for WooCommerce < 3.8.12 - Multiple Reflected Cross-Site Scripting

The plugin does not sanitise and escape numerous parameters before outputting them back in admin pages via various AJAX actions, leading to Reflected Cross-Site Scripting With SitePress active, and with more than 1 active language: ' 6458 being a valid Product ID productid' value="6458"/ 16 being...

0.6AI score
Exploits0
wpexploit
wpexploit
added 2022/07/31 12:0 a.m.162 views

Fast Flow < 1.2.13 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its Widget settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup Create/edit a dashboard with an HTML widget...

5.5CVSS5.1AI score0.00575EPSS
Exploits2
Total number of security vulnerabilities4359