Lucene search
K
WpexploitMost viewed

4359 matches found

wpexploit
wpexploit
added 2022/06/27 12:0 a.m.162 views

Download Manager < 3.2.44 - Reflected Cross-Site Scripting

The plugin does not escape a generated URL before outputting it back in an attribute of the history dashboard, leading to Reflected Cross-Site Scripting https://example.com/wp-admin/edit.php?posttype=wpdmpro&page=wpdm-stats&type=history&userids=1&"alert/XSS/...

6.1CVSS0.8AI score0.0106EPSS
Exploits2
wpexploit
wpexploit
added 2022/06/22 12:0 a.m.162 views

404s < 3.5.1 - Admin+ Stored Cross-Site Scripting

Description The plugin does not sanitise and escape its fields, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. Create/edit a new 404 via the plugin and put the following payload in the "Please enter the 40...

4.8CVSS4.8AI score0.00493EPSS
Exploits2
wpexploit
wpexploit
added 2022/04/25 12:0 a.m.162 views

Call Now Button < 1.1.2 - Reflected Cross-Site Scripting

The plugin does not escape a parameter before outputting it back in an attribute of a hidden input, leading to a Reflected Cross-Site Scripting when the premium is enabled With premium enabled: http://example.com/wp-admin/admin.php?page=call-now-button&bid=xxxxx" accesskey=X onclick=alert/XSS/...

6.1CVSS0.2AI score0.00757EPSS
Exploits2
wpexploit
wpexploit
added 2024/06/05 12:0 a.m.161 views

Bookster <= 1.1.0 - Unauthenticated Appointment Status Update

Description The plugin allows adding sensitive parameters when validating appointments allowing attackers to manipulate the data sent when booking an appointment the request body to change its status from pending to approved. 1. Open the Wordpress where the plugin is installed with default...

6.6AI score0.004EPSS
Exploits2
wpexploit
wpexploit
added 2024/05/31 12:0 a.m.161 views

CSSable Countdown <= 1.5 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup 1. Go to...

5.6AI score0.00354EPSS
Exploits2
wpexploit
wpexploit
added 2024/05/14 12:0 a.m.161 views

Simple Ajax Chat < 20240412 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup This was partially fixed in 0240216 bu...

7.8AI score0.00335EPSS
Exploits2
wpexploit
wpexploit
added 2024/05/08 12:0 a.m.161 views

Site Reviews < 7.0.0 - IP Spoofing

Description The plugin retrieves client IP addresses from potentially untrusted headers, allowing an attacker to manipulate its value. This may be used to bypass IP-based blocking Request sent to the server to add review: POST /wordpress/wp-admin/admin-ajax.php HTTP/1.1 Host: localhost:8888...

6.7AI score0.00565EPSS
Exploits2
wpexploit
wpexploit
added 2024/04/25 12:0 a.m.161 views

Newsletter Popup <= 1.2 - Subscriber Deletion via CSRF

Description The plugin does not have CSRF check when deleting subscriber, which could allow attackers to make logged in admins perform such action via a CSRF attack Make an admin open a link where is a valid user:...

6.7AI score0.00254EPSS
Exploits2
wpexploit
wpexploit
added 2024/04/15 12:0 a.m.161 views

Fancy Product Designer < 6.1.81 - Admin+ Cross Site Scripting

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup 1. Go to:...

5.7AI score0.00584EPSS
Exploits2
wpexploit
wpexploit
added 2024/04/11 12:0 a.m.161 views

Counter Box < 1.2.4 - Counter Deletion via CSRF

Description The plugin does not have CSRF checks in some bulk actions, which could allow attackers to make logged in admins perform unwanted actions, such deleting counters via CSRF attacks Make a logged in admin open an HTML file where ID is a valid ID: action...

6.8AI score0.00272EPSS
Exploits2
wpexploit
wpexploit
added 2024/04/01 12:0 a.m.161 views

Tickera < 3.5.2.5 - Ticket leakage through IDOR

Description The plugin does not prevent users from leaking other users' tickets. After a user has bought a ticket, an example of a ticket would look like https://www.website.com/?downloadticket=1&orderkey=1234567890&downloadticketnonce=ab903b7c71, but due to missing validation, the URL can be...

6.8AI score0.00515EPSS
Exploits2
wpexploit
wpexploit
added 2024/03/25 12:0 a.m.161 views

WooCommerce Customers Manager < 29.7 - Subscriber+ SQL Injection

Description The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to an SQL injection exploitable by Subscriber+ role. Note: v29.5 added authorisation, however the injection was not fixed and still exploitable by users with the managewoocommerce...

7.4AI score0.02877EPSS
Exploits5
wpexploit
wpexploit
added 2024/03/23 12:0 a.m.161 views

Shortcodes Ultimate < 7.0.5 - Contributor+ Stored XSS

Description The plugin does not properly escape some of its shortcodes attributes before they are echoed back to users, making it possible for users with the contributor role to conduct Stored XSS attacks. sunote notecolor='123"onmouseover="alert/XSS/"' textcolor='1' radius='1' class='1' id="1"No...

5.9AI score0.00403EPSS
Exploits2References1
wpexploit
wpexploit
added 2024/02/20 12:0 a.m.161 views

Scalable Vector Graphics (SVG) <= 3.4 - Author+ Stored XSS via SVG

Description The plugin does not sanitize uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads. Upload an SVG with the following code: alert"xss"; Access the uploaded file directly to see the XSS...

8.5AI score0.00371EPSS
Exploits2
wpexploit
wpexploit
added 2023/12/29 12:0 a.m.161 views

WP All Import < 3.7.3 - Admin+ Arbitrary File Upload to RCE

Description The plugin accepts all zip files and automatically extracts the zip file into a publicly accessible directory without sufficiently validating the extracted file type. This may allows high privilege users such as administrator to upload an executable file type leading to remote code...

7.2CVSS7.2AI score0.01231EPSS
Exploits2
wpexploit
wpexploit
added 2023/12/28 12:0 a.m.161 views

Product Enquiry for WooCommerce < 3.1 - Arbitrary Enquiry Deletion via CSRF

Description The plugin does not have a CSRF check in place when deleting inquiries, which could allow attackers to make a logged in admin delete them via a CSRF attack 1. Make an enquiry from the frontend form 2. Go to "Woo Quote Popup Enquiry List" 3. Get the ID of an item 4. Add the ID to the...

4.3CVSS6.7AI score0.00203EPSS
Exploits2
wpexploit
wpexploit
added 2023/12/13 12:0 a.m.162 views

Debug Log Manager < 2.3.0 - Sensitive Logs Exposure

Description The plugin contains a Directory listing vulnerability was discovered, which allows you to download the debug log without authorization and gain access to sensitive data https://yoursite/wordpress/wp-content/uploads/debug-log-manager/...

7.5CVSS6.7AI score0.00647EPSS
Exploits2References1
wpexploit
wpexploit
added 2023/11/21 12:0 a.m.161 views

WP All Export (Free < 1.4.0, Pro < 1.8.6) - Admin+ RCE

Description The plugin does not validate and sanitise the wpquery parameter which allows an attacker to run arbitrary command on the remote server 1. Go to "All Export" "New Export" 2. Select "WP Query Results" as the export type 3. Enter the payload phpinfo for the query. 4. Click customize and...

7.2CVSS9.7AI score0.01151EPSS
Exploits2
wpexploit
wpexploit
added 2023/11/06 12:0 a.m.161 views

Simple Social Buttons < 5.1.1 - Unauthenticated Password Protected Post Access

Description The plugin leaks password-protected post content to unauthenticated visitors in some meta tags As unauthenticated, view the source of any password-protected post and see that the content of the post is disclosed in the og:description and twitter:description meta tags...

5.3CVSS5.4AI score0.00575EPSS
Exploits2
wpexploit
wpexploit
added 2023/10/27 12:0 a.m.161 views

myStickymenu < 2.6.5 - Subscriber+ Arbitrary Form Leads Deletion

Description The plugin does not adequately authorize some ajax calls, allowing any logged-in user to perform the actions. 1. Visit myStickymenu + Create new Welcome Bar. Ensure "Collect leads" is enabled, enable the toggle at the top, and Save. 2. In a logged-out window, fill the lead form in the...

5.4CVSS6.7AI score0.0052EPSS
Exploits2
wpexploit
wpexploit
added 2023/10/16 12:0 a.m.161 views

Ninja Forms < 3.6.34 - Admin+ Stored XSS

Description The plugin does not sanitize and escape its label fields, which could allow high privilege users such as admin to perform Stored XSS attacks. Only users with the unfilteredhtml capability can perform this, and such users are already allowed to use JS in posts/comments etc however the...

4.8CVSS5.6AI score0.0062EPSS
Exploits2References1
wpexploit
wpexploit
added 2023/09/25 12:0 a.m.161 views

NextGEN Gallery < 3.39 - Admin+ Local File Inclusion

Description The plugin does not validate some block attributes before using them to generate paths passed to include function/s, allowing Admin users to perform LFI attacks 1. Create a gallery and upload an image. 2. Add the NextGEN Gallery block to a page and click Edit. Select the Gallery creat...

4.9CVSS5.2AI score0.00787EPSS
Exploits2
wpexploit
wpexploit
added 2023/08/30 12:0 a.m.161 views

DoLogin Security < 3.7 - Unauthenticated Stored Cross-Site Scripting

Description The plugin does not properly sanitize IP addresses coming from the X-Forwarded-For header, which can be used by attackers to conduct Stored XSS attacks via WordPress' login form. 1. Put javascript payload on html.cafe. const url = 'https://s…t/wp-admin/user-new.php'; fetchurl...

6.1CVSS6AI score0.00627EPSS
Exploits2
wpexploit
wpexploit
added 2023/08/14 12:0 a.m.161 views

Orders Tracking for WooCommerce < 1.2.6 - Admin+ Arbitrary File Access/Read

Description The plugin doesn't validate the fileurl parameter when importing a CSV file, allowing high privilege users with the managewoocommerce capability to access any file on the web server via a Traversal attack. The content retrieved is however limited to the first line of the file. As an...

2.7CVSS3.9AI score0.00545EPSS
Exploits2
wpexploit
wpexploit
added 2023/07/27 12:0 a.m.161 views

Bit Assist < 1.1.9 - Admin+ Stored Cross-Site Scripting

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup 1. In the plugin's settings, click on...

4.8CVSS4.8AI score0.00379EPSS
Exploits2
wpexploit
wpexploit
added 2023/07/24 12:0 a.m.161 views

WP Brutal AI < 2.06 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. In the plugin settings, for a campaig...

4.8CVSS4.8AI score0.01973EPSS
Exploits3
wpexploit
wpexploit
added 2023/06/19 12:0 a.m.161 views

Greeklish-permalink <= 3.3 - Unauthenticated Post Slug Update

The plugin does not implement correct authorization or nonce checks in the cyrtransajaxold AJAX action, allowing unauthenticated and low-privilege users to trigger the plugin's functionality to change Post slugs either directly or through CSRF. 1. Create a post with the name "Νέα ανάρτηση". 2...

4.3CVSS9.2AI score0.00265EPSS
Exploits2
wpexploit
wpexploit
added 2023/06/05 12:0 a.m.161 views

Responsive CSS EDITOR <= 1.0 - Admin+ SQLi

The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high-privilege users such as admin. 1. Send a request with the payload:...

7.2CVSS9.8AI score0.0085EPSS
Exploits2
wpexploit
wpexploit
added 2023/03/20 12:0 a.m.161 views

Groundhogg Contacts < 2.7.9.4 - Admin+ SQLi

The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admins 1. Login as a WordPress administrator or any of the custom roles from GroundHogg 2. Navigate to the URL:...

7.2CVSS7.9AI score0.0085EPSS
Exploits2
wpexploit
wpexploit
added 2022/11/22 12:0 a.m.161 views

Checkout for PayPal < 1.0.14 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks As a contributor, put the following shortcode in a page/post checkoutforpaypal...

5.4CVSS1AI score0.00471EPSS
Exploits2
wpexploit
wpexploit
added 2022/11/02 12:0 a.m.161 views

OWM Weather < 5.6.9 - Contributor+ SQLi

The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as contributor Logon as contributor and open the below URL, which will result in a delayed response If the "could not find original...

8.8CVSS0.7AI score0.01053EPSS
Exploits2References1
wpexploit
wpexploit
added 2022/05/09 12:0 a.m.161 views

JivoChat < 1.3.5.4 - Stored Cross-Site Scripting via CSRF

The plugin does not properly check CSRF tokens on POST requests to the plugins admin page, and does not sanitise some parameters, leading to a stored Cross-Site Scripting vulnerability where an attacker can trick a logged in administrator to inject arbitrary javascript. XSS will be triggered when...

5.4CVSS0.9AI score0.00292EPSS
Exploits2
wpexploit
wpexploit
added 2021/11/15 12:0 a.m.161 views

WP Admin Logo Changer <= 1.0 - Plugin's Settings Update via CSRF

The plugin does not have CSRF check when saving its settings, which could allow attackers to make a logged in admin update them via a CSRF attack. csrf.submit...

6.5CVSS6.3AI score0.00531EPSS
Exploits2
wpexploit
wpexploit
added 2021/08/11 12:0 a.m.161 views

Securimage-WP-Fixed <= 3.5.4 - Reflected Cross-Site Scripting (XSS)

The plugin is affected by a Reflected Cross-Site Scripting issue due to the use of $SERVER'PHPSELF' in the /securimage-wp.php file which allows attackers to inject arbitrary web scripts https://example.com/wp-admin/options-general.php/"alert/XSS//script%3E?page=securimage-wp-options%2F...

6.1CVSS2.1AI score0.02313EPSS
Exploits2References1
wpexploit
wpexploit
added 2021/08/06 12:0 a.m.161 views

Block and Stop Bad Bots < 6.60 - Authenticated SQL Injections

The plugin did not validate or escape the order and orderby GET parameter in some of its admin dashboard pages, leading to Authenticated SQL Injections...

8.8CVSS2AI score0.01659EPSS
Exploits2References2
wpexploit
wpexploit
added 2021/05/19 12:0 a.m.161 views

Video Embed <= 1.0 - Authenticated (subscriber+) SQL Injection

The id GET parameter of one of the plugin's page available via forced browsing is not sanitised, validated or escaped before being used in a SQL statement, allowing low privilege users, such as subscribers, to perform SQL injection. Note: The URL /wp-admin/admin.php?page=edit-video-embed&id=1 is...

8.8CVSS0.6AI score0.01568EPSS
Exploits2References1
wpexploit
wpexploit
added 2024/05/30 12:0 a.m.160 views

Responsive video embed < 0.5.1 - Contributor+ Stored XSS

Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. As a contributor, create a post...

8.3AI score0.00367EPSS
Exploits2
wpexploit
wpexploit
added 2024/05/23 12:0 a.m.160 views

Search & Replace < 3.2.2 - Admin+ SQL injection

Description The plugin does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks such as within a multi-site network. 1. Go to the Tools parameter 2. Select Search & Replace 3. Click "Do Search & Replace" 4. Change the parameters...

7.5AI score0.00444EPSS
Exploits2References1
wpexploit
wpexploit
added 2024/01/23 12:0 a.m.160 views

Marketing Twitter Bot <= 1.11 - Settings Update to Stored XSS via CSRF

Description The plugin does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack Have an admin open an HTML page containing the following: ' document.forms0.submit;...

9AI score0.0014EPSS
Exploits2References1
wpexploit
wpexploit
added 2023/12/16 12:0 a.m.160 views

Getwid < 2.0.3 - Unauthenticated Arbitrary Email Sending to Admin

Description Any unauthenticated user may send e-mail from the site with any title or content to the admin fetch"http://127.0.0.1:8001/wp-admin/admin-ajax.php?action=getwidsendmail", "headers": "content-type": "application/x-www-form-urlencoded", , "body": "datasubject=Urgent WordPress update neee...

7.5CVSS6.8AI score0.00563EPSS
Exploits2
wpexploit
wpexploit
added 2023/11/06 12:0 a.m.160 views

Job Manager & Career < 1.4.4 - Directory listing to Sensitive Data Exposure

Description The plugin contains a vulnerability in the Directory Listings system, which allows an unauthorized user to view and download private files of other users. This vulnerability poses a serious security threat because it allows an attacker to gain access to confidential data and files of...

7.5CVSS7.8AI score0.00767EPSS
Exploits2
wpexploit
wpexploit
added 2023/08/14 12:0 a.m.160 views

Robo Gallery < 3.2.16 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup 1. Go to:...

4.8CVSS4.8AI score0.00402EPSS
Exploits2
wpexploit
wpexploit
added 2023/06/19 12:0 a.m.160 views

Multiple Plugins - Cross-Site Scripting From Third-party Library

The plugins use a third-party library that removes the escaping on some HTML characters, leading to a cross-site scripting vulnerability. WP-Optimize - Reflected Cross-Site Scripting 1. Go to the plugin settings and in the "Images" section check the box "Create WebP version of image". 2. Visit th...

6.1CVSS6AI score0.01099EPSS
Exploits2
wpexploit
wpexploit
added 2023/04/24 12:0 a.m.160 views

HTTP Headers < 1.18.8 - Admin+ SQL Injection

This plugin has an import functionality which executes arbitrary SQL on the server, leading to an SQL Injection vulnerability. 1. Create an SQL file with the following contents: UPDATE wpoptions SET optionvalue = "Hacked" WHERE optionname = "blogname" 2. As an admin user within WP Admin, navigate...

7.2CVSS8AI score0.00885EPSS
Exploits2
wpexploit
wpexploit
added 2023/04/24 12:0 a.m.160 views

Side Cart Woocommerce < 2.2 - Settings Reset via CSRF

The plugin does not have CSRF check when reseting its Settings, which could allow attackers to make logged in admins perform such action via a CSRF attack Make a logged in admin open https://example.com/wp-admin/admin.php?page=side-cart-woocommerce-settings&reset=yes...

8.8CVSS6.3AI score0.00273EPSS
Exploits1
wpexploit
wpexploit
added 2022/12/05 12:0 a.m.160 views

Stop Spammers Security < 2022.6 - Unauthenticated PHP Object Injection

The plugin passes base64 encoded user input to the unserialize PHP function when CAPTCHA are used as second challenge, which could lead to PHP Object injection if a plugin installed on the blog has a suitable gadget chain To simulate a gadget chain, put the following code in a plugin class Evil...

9.8CVSS0.8AI score0.18121EPSS
Exploits2
wpexploit
wpexploit
added 2022/12/02 12:0 a.m.160 views

Simple Basic Contact Form < 20221201 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. 1. Go to "Settings » Contact Form » Plugin Option...

4.8CVSS0.3AI score0.00532EPSS
Exploits2
wpexploit
wpexploit
added 2022/11/28 12:0 a.m.160 views

Better Click to Tweet < 5.10.4 - Settings Update via CSRF

The plugin lacks CSRF protection when updating the bctt-twitter-handle option, allowing an attacker to change the plugin settings by tricking a logged in admin to submit a form. curl -b .cookies -d bctt-twitter=$NEWHANDLE 'https://example.com/wp-admin/?page=bctt-welcome&step=welcome'...

2.7AI score0.0038EPSS
Exploits1References1
wpexploit
wpexploit
added 2022/11/21 12:0 a.m.160 views

StopBadBots < 7.24 - Subscriber+ Arbitrary Plugin Installation

The plugin does not have proper authorisation and CSRF in an AJAX action, allowing any authenticated users, such as subscriber to call it and install and activate arbitrary plugins from wordpress.org Run the below command in the developer console of the web browser while being on the blog as a...

6.5CVSS1.2AI score0.00327EPSS
Exploits2
wpexploit
wpexploit
added 2022/07/26 12:0 a.m.160 views

Automations By Autonami < 2.1.2 - Subscriber+ Automation Creation

The plugin does not have authorisation and CSRF checks in one of its AJAX action, allowing any authenticated users, such as subscriber to create automations var data = new FormData data.append'file',new...

4.3CVSS0.2AI score0.00308EPSS
Exploits2
Total number of security vulnerabilities4359