Lucene search
K
WpexploitMost viewed

4359 matches found

wpexploit
wpexploit
added 2022/04/19 12:0 a.m.160 views

th23 Social <= 1.2.0 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed Put the following payload in the plugin's settings...

4.8CVSS0.8AI score0.00565EPSS
Exploits2
wpexploit
wpexploit
added 2021/06/07 12:0 a.m.160 views

Jannah < 5.4.4 - Reflected Cross-Site Scripting (XSS)

The theme did not properly sanitize the options JSON parameter in its tiegetuserweather AJAX action before outputting it back in the page, leading to a Reflected Cross-Site Scripting XSS vulnerability. via GET:...

6.1CVSS0.3AI score0.01975EPSS
Exploits2
wpexploit
wpexploit
added 2021/03/25 12:0 a.m.160 views

Facebook for WordPress < 3.0.0 - PHP Object Injection with POP Chain

The runaction function of the plugin deserializes user supplied data making it possible for PHP objects to be supplied creating an Object Injection vulnerability. There was also a useable magic method in the plugin that could be used to achieve remote code execution. Step 1: Use the nonce...

6.8CVSS0.2AI score0.0352EPSS
Exploits2References1
wpexploit
wpexploit
added 2024/05/24 12:0 a.m.159 views

Similarity <= 3.0 - Plugin Reset via CSRF

Description The plugin does not have CSRF check in place when resetting its settings, which could allow attackers to make a logged in admin reset them via a CSRF attack Make a logged in admin open an HTML file containing:...

9.4AI score0.002EPSS
Exploits2
wpexploit
wpexploit
added 2024/04/18 12:0 a.m.159 views

Add Custom CSS and JS <= 1.20 - Stored XSS via CSRF

Description The plugin does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in as author and above add Stored XSS payloads via a CSRF attack Make an author or above role open the following HTML: alert"frontendjs"' /...

5.9AI score0.00212EPSS
Exploits2
wpexploit
wpexploit
added 2024/03/27 12:0 a.m.159 views

Salon booking system < 9.6.3 - Unauthenticated Stored XSS

Description The plugin does not properly sanitize and escape the 'Mobile Phone' field and 'smsprefix' parameter when booking an appointment, allowing customers to conduct Stored Cross-Site Scripting attacks. The payload gets triggered when an admin visits the 'Bookings' page and the malicious...

6AI score0.00464EPSS
Exploits2
wpexploit
wpexploit
added 2024/03/07 12:0 a.m.159 views

My Calendar < 3.4.24 - Authenticated Stored XSS

Description The plugin does not sanitise and escape some parameters, which could allow users with a role as low as Subscriber to perform Cross-Site Scripting attacks depending on the permissions set by the admin 1. Use any type of role as long as you permit it the action to Add Events. 2. Add a n...

6AI score0.00425EPSS
Exploits2
wpexploit
wpexploit
added 2024/02/26 12:0 a.m.159 views

Team Members < 5.3.2 - Author+ Stored XSS

Description The plugin does not validate and escape some of its Team options attributes before outputting them back in a page/post where the related shortcode is embed, which could allow users with the author role and above to perform Stored Cross-Site Scripting attacks. 1. Create/edit a team and...

5.9AI score0.00443EPSS
Exploits2
wpexploit
wpexploit
added 2024/01/10 12:0 a.m.159 views

Voting Record <= 2.0 - Settings Update to Stored XSS via CSRF

Description The plugin does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack Have an admin open an HTML page containing the following: alert1' document.forms0.submit;...

5.4CVSS5.7AI score0.00207EPSS
Exploits2References1
wpexploit
wpexploit
added 2023/12/04 12:0 a.m.159 views

JSON Content Importer < 1.5.4 - Reflected XSS

Description The plugin does not sanitise and escape the tab parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin Make a logged in admin open:...

6.1CVSS6AI score0.0042EPSS
Exploits2
wpexploit
wpexploit
added 2023/09/04 12:0 a.m.159 views

All in One B2B for WooCommerce <= 1.0.3 - Unauthenticated Privilege Escalation

Description The plugin does not properly validate parameters when updating user details, allowing an unauthenticated attacker to update the details of any user. Updating the password of an Admin user leads to privilege escalation. curl 'https://example.com/' -d...

6.9AI score0.00569EPSS
Exploits2
wpexploit
wpexploit
added 2023/08/30 12:0 a.m.159 views

WP Job Portal < 2.0.6 - Unauthenticated SQLi

Description The plugin does not sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by unauthenticated users Setup as admin: Create a dummy company and a job if there are none Attack as unauthenticated: time curl -X POST --data...

9.8CVSS9.9AI score0.03122EPSS
Exploits2
wpexploit
wpexploit
added 2023/08/14 12:0 a.m.159 views

123.chat < 1.3.1 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup In the plugin's "User-ID" setting fiel...

4.8CVSS5AI score0.00399EPSS
Exploits2
wpexploit
wpexploit
added 2023/07/24 12:0 a.m.159 views

IURNY by INDIGITALL < 3.2.3 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup 1. Go to the plugin's settings. 2...

7.5AI score0.00405EPSS
Exploits2
wpexploit
wpexploit
added 2023/06/19 12:0 a.m.159 views

MStore API < 3.9.8 - Unauthenticated Blind SQLi

The plugin does not sanitise and escape a parameter before using it in a SQL statement, leading to a Blind SQL injection exploitable by unauthenticated users. This is only exploitable if the site owner elected to pay to get access to the plugins' pro features, and uses the woocommerce-appointment...

9.8CVSS10AI score0.05304EPSS
Exploits2
wpexploit
wpexploit
added 2023/06/05 12:0 a.m.159 views

WP ERP < 1.12.4 - Admin+ SQL Injection

The plugin does not properly sanitise and escape the type parameter in the erp/v1/accounting/v1/people REST API endpoint before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin. Sign in as an admin. In WP Admin, run the following code in th...

7.2CVSS7.4AI score0.02632EPSS
Exploits5
wpexploit
wpexploit
added 2023/05/03 12:0 a.m.159 views

OSM – OpenStreetMap <= 6.01 - Contributor+ Stored XSS via Shortcode

The plugin does not validate and escape some of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack. osmmap mapborder='3px solid black;background:red;width:100px;height:100px;" onmouseover="alert1"'...

5.4CVSS8.6AI score0.00444EPSS
Exploits2
wpexploit
wpexploit
added 2023/03/20 12:0 a.m.159 views

FluentForms < 4.3.25 - Contributor+ Stored XSS via Custom HTML Form Field

The plugin does not properly sanitize and escape the srcdoc attribute in iframes in it's custom HTML field type, allowing a logged in user with roles as low as contributor to inject arbitrary javascript into a form which will trigger for any visitor to the form or admins previewing or editing the...

5.4CVSS6.2AI score0.00478EPSS
Exploits2
wpexploit
wpexploit
added 2022/12/29 12:0 a.m.159 views

Multiple themes - Unauthenticated Arbitrary File Upload

Multiple themes from ChimpStudio and PixFill does not have any authorisation and upload validation in the langupload.php file, allowing any unauthenticated attacker to upload arbitrary files to the web server. Create a malicious file "backdoor.php", then curl...

9.8CVSS1.4AI score0.02084EPSS
Exploits12
wpexploit
wpexploit
added 2022/11/21 12:0 a.m.159 views

AntiHacker < 4.20 - Subscriber+ Arbitrary Plugin Installation

The plugin does not have proper authorisation and CSRF in an AJAX action, allowing any authenticated users, such as subscriber to call it and install and activate arbitrary plugins from wordpress.org Run the below command in the developer console of the web browser while being on the blog as a...

6.5CVSS1.5AI score0.0034EPSS
Exploits2
wpexploit
wpexploit
added 2022/10/31 12:0 a.m.159 views

WP User Frontend < 3.5.29 - Obscure Registration as Admin

The plugin uses a user supplied argument called urhidden in its registration form, which contains the role for the account to be created with, encrypted via wpufencryption. This could allow an attacker having access to the AUTHKEY and AUTHSALT constant via an arbitrary file access issue for...

9.8CVSS0.4AI score0.00646EPSS
Exploits2
wpexploit
wpexploit
added 2022/07/26 12:0 a.m.159 views

Transposh WordPress Translation <= 1.0.8 - Subscriber+ Unauthorised Calls

The plugin exposes a couple of sensitive actions such has “tpreset” under the Utilities tab /wp-admin/admin.php?page=tputils, which can be used/executed as the lowest-privileged user. Basically all Utilities functionalities are vulnerable this way, which involves resetting configurations and...

6.5CVSS1.2AI score0.00891EPSS
Exploits5
wpexploit
wpexploit
added 2022/06/06 12:0 a.m.159 views

WordPress Security < 4.2.1 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its settings, leading to malicious users with administrator privileges to store malicious Javascript code leading to Cross-Site Scripting attacks when unfilteredhtml is disallowed for example in multisite setup Put the following payload in the...

4.8CVSS0.7AI score0.00548EPSS
Exploits2
wpexploit
wpexploit
added 2021/11/22 12:0 a.m.159 views

Logo Carousel < 3.4.2 - Contributor+ Stored Cross-Site Scripting

The plugin does not validate and escape the "Logo Margin" carousel option, which could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks 1 Make a new carousel /wp-admin/post-new.php?posttype=splcshortcodes 2 Set "Logo Margin" of the Style Setting to the...

5.4CVSS0.3AI score0.00604EPSS
Exploits2
wpexploit
wpexploit
added 2021/11/15 12:0 a.m.159 views

Temporary Login Without Password < 1.7.1 - Subscriber+ Plugin's Settings Update

The plugin does not have authorisation and CSRF checks when updating its settings, which could allows any logged-in users, such as subscribers to update them jQuery.post"https://example.com/wp-admin/index.php", "wtlwp-nonce": "foo", // Not validated tlwpsettingsdata: defaultrole: "editor",...

4.3CVSS5.2AI score0.00347EPSS
Exploits2
wpexploit
wpexploit
added 2021/06/16 12:0 a.m.159 views

Backup by 10Web <= 1.0.20 - Reflected Cross-Site Scripting (XSS)

The plugin does not sanitise or escape the tab parameter before outputting it back in the page, leading to a reflected Cross-Site Scripting issue http://example.com/wp-admin/admin.php?page=buwdrestore&tab=general%22%3E%3Cimg%20src=x%20onerror=alertdocument.domain;%20m0ze...

4.8CVSS0.9AI score0.00626EPSS
Exploits2References1
wpexploit
wpexploit
added 2021/05/19 12:0 a.m.159 views

FlightLog <= 3.0.2 - Authenticated (editor+) SQL Injection

The plugin does not sanitise, validate or escape various POST parameters before using them a SQL statement, leading to SQL injections exploitable by editor and administrator users 1. to and from parameters Editor Level Tools - Flightlog - add a record POST...

7.2CVSS0.1AI score0.01547EPSS
Exploits2References1
wpexploit
wpexploit
added 2021/04/08 12:0 a.m.159 views

Imagements <= 1.2.5 - Unauthenticated Arbitrary File Upload to RCE

The Imagements WordPress plugin, versions = 1.2.5, allowed images to be uploaded in comments, however, only checked for the Content-Type HTTP header for validation, which can be tampered with. This allows unauthenticated attackers to upload arbitrary files by using a valid image Content-Type head...

7.5CVSS1.6AI score0.0714EPSS
Exploits2References1
wpexploit
wpexploit
added 2021/02/08 12:0 a.m.159 views

Backup by Supsystic <= 2.3.9 - Authenticated Arbitrary File Download and Deletion

The plugin does not check for path traversal attacks, allowing administrator to download and delete any file from the web server. Due to the lack of CSRF check on the file deletion, unauthenticated attacker could make a logged in administrator delete files from the web server as well The PoC will...

2.2AI score
Exploits0References1
wpexploit
wpexploit
added 2024/05/28 12:0 a.m.158 views

Simple Share Buttons Adder < 8.5.1 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as editors to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed 1. Go to the plugin settings 2. In the "Additional CSS" field, enter the payload 3. Save...

5.9AI score0.00399EPSS
Exploits2References1
wpexploit
wpexploit
added 2024/05/24 12:0 a.m.158 views

Similarity <= 3.0 - Stored XSS via CSRF

Description The plugin does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack Make a logged in admin open an HTML file containing: alert3' /...

9AI score0.00229EPSS
Exploits2
wpexploit
wpexploit
added 2024/04/25 12:0 a.m.158 views

Newsletter Popup <= 1.2 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup 1. Go to "Newsletter Popup Add New" 2...

5.7AI score0.00372EPSS
Exploits2
wpexploit
wpexploit
added 2024/03/27 12:0 a.m.158 views

Social Media Share Buttons < 2.8.9 - Admin+ Stored XSS via settings

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup 1. Go to "Ultimate Social Media Icons"...

5.7AI score0.00405EPSS
Exploits2References1
wpexploit
wpexploit
added 2024/03/25 12:0 a.m.158 views

Simple Buttons Creator <= 1.04 - Unauthenticated Stored XSS

Description The plugin does not have any authorisation as well as CSRF in its add button function, allowing unauthenticated users to call them either directly or via CSRF attacks. Furthermore, due to the lack of sanitisation and escaping, it could also allow them to perform Stored Cross-Site...

8.4AI score0.00235EPSS
Exploits2
wpexploit
wpexploit
added 2024/03/11 12:0 a.m.158 views

WooCommerce Product Filter < 1.4.4 - Reflected XSS

Description The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin Make a logged in admin open the URL below the filter with the slug test1 needs to exist...

6AI score0.00402EPSS
Exploits2
wpexploit
wpexploit
added 2024/01/23 12:0 a.m.158 views

Add SVG Support for Media Uploader | inventivo <= 1.0.5 - Author+ Stored XSS via SVG

Description The plugin does not sanitize uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads. Upload an SVG with the following code: alert"xss"; Access the uploaded file directly to see the XSS...

9.3AI score0.00243EPSS
Exploits2
wpexploit
wpexploit
added 2023/12/18 12:0 a.m.158 views

Clone < 2.4.3 - Unauthenticated Backup Download

Description The plugin uses buffer files to store in-progress backup informations, which is stored at a publicly accessible, statically defined file path. While a backup job is running, visitors can access one of the following files it might take a couple tries, as the timing needs to be right:...

7.5CVSS6.7AI score0.01961EPSS
Exploits2References1
wpexploit
wpexploit
added 2023/11/30 12:0 a.m.158 views

Quiz Maker < 6.4.9.5 - Unauthenticated Email Address Disclosure

Description The plugin does not adequately authorize the aysquizauthorusersearch AJAX action, allowing an unauthenticated attacker to perform a search for users of the system, ultimately leaking user email addresses. import string import requests baseurl =...

5.3CVSS6.9AI score0.00565EPSS
Exploits2
wpexploit
wpexploit
added 2023/09/25 12:0 a.m.158 views

WP Matterport Shortcode < 2.1.7 - Reflected XSS

Description The plugin does not escape the PHPSELF server variable when outputting it in attributes, leading to Reflected Cross-Site Scripting issues which could be used against high privilege users such as admin Make a logged in admin open https://example.com/wp-admin/admin.php/"/?page=wpms-opti...

6.1CVSS6.1AI score0.0042EPSS
Exploits2
wpexploit
wpexploit
added 2023/08/30 12:0 a.m.158 views

Prevent files / folders access < 2.5.2 - Admin+ Arbitrary File Upload

Description The plugin does not validate files to be uploaded, which could allow attackers to upload arbitrary files such as PHP on the server. 1 Create a PHP file cmd.php with the contents 2 Go to https://example.com/wp-admin/admin.php?page=momediarestrict&tab=privatedirectory 3 Then upload a fi...

7.2CVSS7.5AI score0.01297EPSS
Exploits2References1
wpexploit
wpexploit
added 2023/06/20 12:0 a.m.158 views

WooCommerce Bulk Stock Management < 2.2.34 - Reflected XSS

The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin Make a logged in admin open the URL below...

7.1CVSS8.6AI score0.00424EPSS
Exploits1
wpexploit
wpexploit
added 2023/06/19 12:0 a.m.158 views

Float menu < 5.0.3 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup 1. Add a new item in the plugin settings 2. Enter...

4.8CVSS5.8AI score0.00543EPSS
Exploits2
wpexploit
wpexploit
added 2023/06/19 12:0 a.m.158 views

PrePost SEO <= 3.0 - Admin+ Stored Cross-Site Scripting

The plugin does not properly sanitize some of its settings, which could allow high-privilege users to perform Stored Cross-Site Scripting XSS attacks even when the unfilteredhtml capability is disallowed for example in multisite setup 1. Add XSS payload to plugin's "Account API key" setting: "" 2...

4.8CVSS5.3AI score0.0061EPSS
Exploits3
wpexploit
wpexploit
added 2023/06/05 12:0 a.m.158 views

KiviCare Management System < 3.2.1 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as administrator Make a logged in admin open...

6.1CVSS5.7AI score0.01156EPSS
Exploits4
wpexploit
wpexploit
added 2023/05/25 12:0 a.m.158 views

AI ChatBot < 4.5.6 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape numerous of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks to all admin when setting chatbot and all client when using chatbot 1. Go to "Settings Language Settings ChatBot Keywords" 2. Enter...

4.8CVSS8.5AI score0.00442EPSS
Exploits2
wpexploit
wpexploit
added 2023/05/24 12:0 a.m.158 views

Conditional Menus < 1.2.1 - Reflected XSS

The plugin does not escape a parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin Make a logged in admin open a page with the HTML code below '...

6.1CVSS8.6AI score0.00493EPSS
Exploits2
wpexploit
wpexploit
added 2023/05/15 12:0 a.m.158 views

WooCommerce Composite Products < 8.7.6 - Reflected XSS

The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin On a page where a Component Product is displayed, append...

5.8AI score0.00396EPSS
Exploits1References1
wpexploit
wpexploit
added 2023/03/27 12:0 a.m.158 views

WC Fields Factory < 4.1.7 - ShopManager+ SQLi

The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin...

7.2CVSS7.9AI score0.00909EPSS
Exploits2References1
wpexploit
wpexploit
added 2023/03/13 12:0 a.m.158 views

Solidres <= 0.9.4 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup Add a new currency...

4.8CVSS5.3AI score0.00612EPSS
Exploits2References1
wpexploit
wpexploit
added 2022/11/07 12:0 a.m.158 views

WPSmartContracts < 1.3.12 - Author+ SQLi

The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as author Logon as an author and open the following URL, which will result in a delayed response...

8.8CVSS0.8AI score0.03663EPSS
Exploits2References1
Total number of security vulnerabilities4359