Lucene search
K
WpexploitMost viewed

4359 matches found

wpexploit
wpexploit
added 2022/08/09 12:0 a.m.158 views

Photo Gallery < 1.7.1 - Reflected Cross-Site Scripting

The plugin does not escape some URLs before outputting them back in attributes, leading to Reflected Cross-Site Scripting When the plugin displays a notice: https://example.com/wp-admin/plugins.php?"alert/XSS/...

Exploits0
wpexploit
wpexploit
added 2022/02/16 12:0 a.m.158 views

Powerkit < 2.5.9 - Post Views Settings Update/Reset via CSRF

The plugin does not have CSRF checks when saving or reseting its post views settings, which could allow an attacker to make a logged in admin change or reset them via a CSRF attack...

2.5AI score
Exploits0References1
wpexploit
wpexploit
added 2022/01/26 12:0 a.m.158 views

LearnPress < 4.1.5 - Arbitrary Image Renaming

Users of the plugin can upload an image as a profile avatar after the registration. After this process the user crops and saves the image. Then a "POST" request that contains user supplied name of the image is sent to the server for renaming and cropping of the image. As a result of this request,...

4.3CVSS4.7AI score0.03205EPSS
Exploits5References2
wpexploit
wpexploit
added 2021/11/18 12:0 a.m.158 views

WP User Frontend < 3.5.25 - Admin+ SQL Injection

The plugin does not validate and escape the postid parameter from the Subscribers list before using in a SQL statement, leading to an SQL injection https://example.com/wp-admin/edit.php?posttype=wpufsubscription&page=wpufsubscribers&postID=1+AND+%28SELECT+42+FROM+%28SELECT%28SLEEP%285%29%29%29b%2...

7.3AI score
Exploits0References1
wpexploit
wpexploit
added 2021/11/15 12:0 a.m.158 views

Pixel Cat Lite < 2.6.3 - Admin+ Stored Cross-Site Scripting

The plugin does not escape some of its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml is disallowed Put the following payload in the Google Product Category setting of the plugin at wp-admin/admin.php?page=fcapcsettingspage in...

4.8CVSS5AI score0.00598EPSS
Exploits2
wpexploit
wpexploit
added 2021/06/28 12:0 a.m.158 views

Event Geek <= 2.5.2 - Stored Cross-site Scripting (XSS)

The plugin does not sanitise or escape its "Use your own theme" setting before outputting it in the page, leading to an authenticated admin+ stored Cross-Site Scripting issue As admin, put the following payload in the "Use your own theme enter URL:" option...

3.5CVSS0.2AI score0.00613EPSS
Exploits2
wpexploit
wpexploit
added 2021/05/24 12:0 a.m.158 views

Easy Preloader <= 1.0.0 - Authenticated Stored Cross-Site Scripting (XSS)

The plugin does not sanitise its setting fields, leading to authenticated admin+ Stored Cross-Site scripting issues Step 1: Install the plugin "Easy Preloader" Step 2: Enter the payload below in the text field "Choose overlay color" or any other text fields in the plugin's settings...

4.8CVSS0.5AI score0.00542EPSS
Exploits1
wpexploit
wpexploit
added 2024/05/06 12:0 a.m.157 views

Business Card <= 1.0.0 - Category Edit via CSRF

Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions such as editing card categories via CSRF attacks Make a logged in admin open an HTML document containing:...

6.7AI score0.00209EPSS
Exploits2
wpexploit
wpexploit
added 2024/04/12 12:0 a.m.157 views

Gutenverse < 1.9.1 - Contributor+ Stored XSS

Description The plugin does not validate the htmlTag option in various of its block before outputting it back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks As a contributor, put the below code in...

6AI score0.00442EPSS
Exploits2References1
wpexploit
wpexploit
added 2024/03/11 12:0 a.m.157 views

WooCommerce Product Filter < 1.4.4 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its Filters settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup As and admin, create a filter...

5.7AI score0.0042EPSS
Exploits2
wpexploit
wpexploit
added 2024/01/26 12:0 a.m.157 views

Travelpayouts < 1.1.13 - Settings Update via CSRF

Description The plugin does not have CSRF check in place when importing settings from the v1, which could allow attackers to make a logged in admin update some settings via a CSRF attack Make a logged in admin open a page containing the HTML code below, this will make them update the plugin's...

6.7AI score0.00213EPSS
Exploits2
wpexploit
wpexploit
added 2024/01/05 12:0 a.m.157 views

WP STAGING WordPress Backup Plugin – Migration Backup Restore < 3.2.0 - Unauthorized Sensitive Data Exposure

Description The plugin allows access to cache files during the cloning process which provides unauthorized access to sensitive data 1 When an admin creates a staging site, an attacker can capture a .cache file which reveals sensitive information including: DBname, DBtables, DBcolumns. 2 These fil...

7.5CVSS6.6AI score0.00644EPSS
Exploits2
wpexploit
wpexploit
added 2023/11/13 12:0 a.m.157 views

Popup box < 3.8.6 - Admin+ Stored XSS in Popup Settings

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup 1. Add a new Popup 2. In the "Popups...

4.8CVSS6AI score0.0045EPSS
Exploits2
wpexploit
wpexploit
added 2023/08/30 12:0 a.m.157 views

Translate WordPress with GTranslate < 3.0.4 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. This vulnerability affects multiple...

4.8CVSS6AI score0.00402EPSS
Exploits2
wpexploit
wpexploit
added 2023/07/31 12:0 a.m.157 views

Blog2Social < 7.2.1 - Reflected XSS

Description The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin Make a logged in admin open the URL below...

6.1CVSS6.1AI score0.0093EPSS
Exploits2
wpexploit
wpexploit
added 2023/07/17 12:0 a.m.157 views

Quiz And Survey Master < 8.1.11 - Contributor+ Stored XSS

Description The plugin does not properly sanitize and escape question titles, which could allow users with the Contributor role and above to perform Stored Cross-Site Scripting attacks As a Contributor, create or edit a Quiz with the default theme and put the following payload in a question title...

5.4CVSS5.3AI score0.00469EPSS
Exploits2References1
wpexploit
wpexploit
added 2023/07/10 12:0 a.m.157 views

Multiple Plugins from Addify - Multiple CSRF

The plugins have flawed CSRF checks in various places, which could allow attackers to make logged in users perform unwanted actions addify-order-approval-woocommerce - To make a logged in admin approve the order with ID 103...

6.9AI score0.00269EPSS
Exploits2
wpexploit
wpexploit
added 2023/06/06 12:0 a.m.157 views

Getwid < 1.8.4 - Subscriber+ SSRF

The plugin does not validate a parameter via the getremotecontent REST API endpoint before making a request to it, which could allow any authenticated users, such as subscriber to perform SSRF attack. Note: We do not consider flushing of cache to be a security issue, therefore CVE-2023-1910 has n...

9.6CVSS10AI score0.00606EPSS
Exploits2References1
wpexploit
wpexploit
added 2023/05/30 12:0 a.m.157 views

CRM Perks Forms < 1.1.2 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitize and escape the formid field in the plugin settings page, which could allow high-privilege users such as an administrator to inject arbitrary web scripts even when the unfilteredhtml capability is disallowed for example in a multisite setup...

4.8CVSS6AI score0.00604EPSS
Exploits2References1
wpexploit
wpexploit
added 2022/11/30 12:0 a.m.157 views

Paytium < 4.3.7 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. 1. Go to Playtium » Settings and in the 'Test'...

4.8CVSS0.5AI score0.0047EPSS
Exploits2
wpexploit
wpexploit
added 2022/07/04 12:0 a.m.157 views

Header Footer Code Manager < 1.1.24 - Reflected Cross-Site Scripting

The plugin does not escape generated URLs before outputting them back in attributes in an admin page, leading to a Reflected Cross-Site Scripting. https://example.com/wp-admin/admin.php?page=hfcm-list&'alert/XSS/...

6.1CVSS0.5AI score0.01072EPSS
Exploits2
wpexploit
wpexploit
added 2022/04/20 12:0 a.m.157 views

Social Stickers <= 2.2.9 - Stored Cross-Site Scripting via CSRF

The plugin does not have CSRF checks in place when updating its Social Network settings, and does not escape some of these fields, which could allow attackers to make a logged-in admin change them and lead to Stored Cross-Site Scripting issues. history.pushState'', '', '/' input type="hidden"...

6.1CVSS6AI score0.00377EPSS
Exploits2
wpexploit
wpexploit
added 2022/01/24 12:0 a.m.157 views

Coming soon and Maintenance mode < 3.6.8 - Arbitrary Email Sending to Subscribed Users via CSRF

The plugin does not have CSRF check in its comingsoonsendmail AJAX action, allowing attackers to make logged in admin to send arbitrary emails to all subscribed users via a CSRF attack fetch"https://example.com/wp-admin/admin-ajax.php", "headers": "content-type":...

4.3CVSS1.1AI score0.00464EPSS
Exploits2References1
wpexploit
wpexploit
added 2021/11/15 12:0 a.m.157 views

Page/Post Content Shortcode <= 1.0 - Contributor+ Arbitrary Posts/Pages Access

The plugin does not have proper authorisation in place, allowing users with a role as low as contributor to access draft/private/password protected/trashed posts/pages they should not be allowed to, including posts created by other users such as admins and editors. As a contributor, add the...

4.3CVSS5.1AI score0.00783EPSS
Exploits2
wpexploit
wpexploit
added 2021/08/06 12:0 a.m.157 views

WP Simple Booking Calendar <= 2.0.6 (before 07/12/2021) - Authenticated SQL Injection

The plugin did not escape, validate or sanitise the orderby parameter in its Search Calendars action, before using it in a SQL statement, leading to an authenticated SQL injection issue Note WPScanTeam: The issue was fixed without bumping the version, so there are two 2.0.6 versions out there, on...

8.8CVSS2.8AI score0.01517EPSS
Exploits2References1
wpexploit
wpexploit
added 2021/07/01 12:0 a.m.157 views

WP Google Map < 1.7.7 - Authenticated Stored Cross-Site Scripting (XSS)

The plugin did not sanitise or escape the Map Title before outputting them in the page, leading to a Stored Cross-Site Scripting issue by high privilege users, even when the unfilteredhtml capability is disallowed Create a new map. Add an XSS payload to the title. Click "Show as map title". Add t...

3.5CVSS0.1AI score0.00668EPSS
Exploits2References2
wpexploit
wpexploit
added 2024/11/15 12:0 a.m.156 views

3DPrint Lite < 2.1 - Settings Update via CSRF

Description The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack. Have a logged in admin open an HTML page containing the following form: input type="hidden" name="p3dlitesettingscanvaswidth"...

4.3CVSS6.8AI score0.00193EPSS
Exploits2
wpexploit
wpexploit
added 2024/05/31 12:0 a.m.156 views

PayPal Pay Now, Buy Now, Donation and Cart Buttons Shortcode <= 1.7 - Contributor+ Stored XSS

Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks paypalbutton type="addtocart"...

5.8AI score0.00315EPSS
Exploits2
wpexploit
wpexploit
added 2024/05/31 12:0 a.m.156 views

Widget Bundle <= 2.0.0 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup 1. Enable the "Text Form" widget 2. Ad...

5.6AI score0.00356EPSS
Exploits2
wpexploit
wpexploit
added 2024/05/02 12:0 a.m.156 views

CAS <= 1.0.0 - Unauthenticated SSRF

Description The plugin does not validate a parameter before making a request to it, which could allow unauthenticated users to perform SSRF attack https://example.com/wp-content/themes/cas/download.php?path=http://127.0.0.1:8080...

6.9AI score0.01836EPSS
Exploits2
wpexploit
wpexploit
added 2024/03/25 12:0 a.m.156 views

Responsive Tabs < 4.0.7 - Contributor+ Stored XSS

Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks 1. Go to "Tab Sets Add New" in W...

5.9AI score0.00501EPSS
Exploits2References1
wpexploit
wpexploit
added 2024/03/20 12:0 a.m.157 views

The Ultimate Video Player For WordPress < 2.2.3 - Contributor+ Stored XSS

Description The plugin does not have proper capability check when updating its settings via a REST route, allowing Contributor and above users to update them. Furthermore, due to the lack of escaping in one of the settings, this also allows them to perform Stored XSS attacks As a contributor, get...

9AI score0.00495EPSS
Exploits2References1
wpexploit
wpexploit
added 2024/02/12 12:0 a.m.156 views

Login Lockdown – Protect Login Form < 2.09 - Subscriber+ Options Leak

Description The plugin does not prevent logged-in users of any role e.g. subscribers from leaking its settings, which may include allowlisted IP addresses as well as a global unlock key, with which they could add their own IP address to the plugin's list. As a logged-in subscriber, visit the...

5.4CVSS9.4AI score0.00393EPSS
Exploits1References1
wpexploit
wpexploit
added 2024/01/19 12:0 a.m.156 views

Chart.js for WordPress <= 2023.2 - Editor+ Stored Cross-Site Scripting

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. 1. Go to "Charts Settings". 2. For th...

7.9AI score0.0039EPSS
Exploits2References1
wpexploit
wpexploit
added 2024/01/03 12:0 a.m.156 views

Wp-Adv-Quiz < 1.0.3 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed. 1. Add a new quiz. 2. Under the created quiz, click on "Questions". 3. Add a question and...

4.8CVSS6AI score0.00402EPSS
Exploits2
wpexploit
wpexploit
added 2023/10/27 12:0 a.m.156 views

Magic Embeds < 3.1.2 - Contributor+ Stored XSS via shortcode

Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks v 3.1.1 - fbplugin video...

5.4CVSS5.6AI score0.00426EPSS
Exploits2
wpexploit
wpexploit
added 2023/10/27 12:0 a.m.156 views

Forminator and Forminator Pro < 1.27.0 - Admin+ Stored Cross-Site Scripting

Description The plugin does not properly sanitize the redirect-url field in the form submission settings, which could allow high-privilege users such as an administrator to inject arbitrary web scripts even when the unfilteredhtml capability is disallowed for example in a multisite setup. Select...

4.8CVSS7.1AI score0.00451EPSS
Exploits2
wpexploit
wpexploit
added 2023/10/26 12:0 a.m.156 views

WP Hotel Booking < 2.0.8 - Subscriber+ Arbitrary Post Deletion

Description The plugin does not have authorisation and CSRF checks, as well as does not ensure that the package to be deleted is a package, allowing any authenticated users, such as subscriber to delete arbitrary posts Run the below command in the developer console of the web browser while being ...

5.4CVSS7.2AI score0.00271EPSS
Exploits2
wpexploit
wpexploit
added 2023/07/19 12:0 a.m.156 views

T1 theme <= 19.0 - Open Redirect

Description The theme is vulnerable to unauthenticated open redirect with which any attacker and redirect users to arbitrary websites. https://www.example.com/wp-content/themes/t1/page-templates/applyredirection.php?file=240317005410&urlnow=http://google.com&urljs=https://www.evil.com?...

6.8AI score0.0046EPSS
Exploits2
wpexploit
wpexploit
added 2023/07/17 12:0 a.m.156 views

WP Food Manager < 1.0.4 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup 1. Go to "Food manager Add Food" and a...

5.4CVSS5.3AI score0.00431EPSS
Exploits2
wpexploit
wpexploit
added 2023/06/19 12:0 a.m.156 views

AI ChatBot < 4.6.1 - Admin+ Stored Cross-Site Scripting

The plugin does not adequately escape some settings, allowing high-privilege users such as admin to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. 1. Visit WPBot Lite Settings Language Center. 2. Within any of the tabs "General", "FAQ", or "ChatBot...

4.8CVSS5.9AI score0.00511EPSS
Exploits2
wpexploit
wpexploit
added 2023/06/02 12:0 a.m.156 views

Contact Form and Calls To Action by vcita < 2.7.1 - Contributor+ Stored Cross-Site Scripting

The plugin does not sanitize and escape the email and uid parameters in the plugin settings, which could allow users with roles as low as contributor to inject arbitrary web scripts into the settings, targeting higher-privileged users such as administrators...

6.4CVSS6.2AI score0.00518EPSS
Exploits1References2
wpexploit
wpexploit
added 2023/05/02 12:0 a.m.156 views

Login Rebuilder < 2.8.1 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. 1. Go to Settings » Login rebuilder 2. In Login...

4.8CVSS8.4AI score0.00552EPSS
Exploits3
wpexploit
wpexploit
added 2023/04/26 12:0 a.m.156 views

ClickFunnels <= 3.1.1 - Contributor+ Stored XSS via Shortcode

The plugin does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack. clickfunnelsembed url="javascript:alert1"...

5.5AI score0.00444EPSS
Exploits2
wpexploit
wpexploit
added 2023/01/17 12:0 a.m.156 views

Calculated Fields Form < 1.1.151 - Admin+ Stored Cross-Site Scripting via Dropdown Fields

The plugin does not sanitise and escape some of its form settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup Partial fixes were implemented in versions...

0.8AI score0.00473EPSS
Exploits2
wpexploit
wpexploit
added 2022/11/21 12:0 a.m.156 views

Welcart e-Commerce < 2.8.4 - Subscriber+ Arbitrary Shipping Method Creation/Update/Deletion

The plugin does not have authorisation and CSRF in an AJAX action, allowing any logged-in user to create, update and delete shipping methods. wpajaxshopoptionsajax hook calls shopoptionsajax function without nonce and without access control update shipping method name 0 shipping method id exploit...

6.5CVSS1.2AI score0.00329EPSS
Exploits2
wpexploit
wpexploit
added 2022/08/04 12:0 a.m.156 views

Sensei LMS < 4.5.0 - Unauthenticated Private Messages Disclosure via Rest API

The plugin does not have proper permissions set in one of its REST endpoint, allowing unauthenticated users to access private messages sent to teachers https://example.com/wp-json/wp/v2/sensei-messages/...

5.3CVSS1.8AI score0.01868EPSS
Exploits2References1
wpexploit
wpexploit
added 2022/08/01 12:0 a.m.156 views

Simple Job Board < 2.10.0 - Resume Disclosure via Directory Listing

The plugin is susceptible to Directory Listing which allows the public listing of uploaded resumes in certain configurations. curl https://example.com/wp-content/uploads/jobpost Search for this path / folder in search engines to find uploaded resumes...

5.3CVSS0.8AI score0.00787EPSS
Exploits2
wpexploit
wpexploit
added 2022/07/04 12:0 a.m.156 views

Popup Anything < 2.1.7 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape a parameter before outputting it back in a frontend page, leading to a Reflected Cross-Site Scripting On a post/page where the paocdetails display="keyxxx" shortcode is embed, append the following payload: ?xxx=11111%3Cscript%3Ealert/XSS/%3C/script%3E e.g:...

6.1CVSS6.2AI score0.0055EPSS
Exploits2
wpexploit
wpexploit
added 2022/05/17 12:0 a.m.156 views

Advanced Admin Search < 1.1.6 - Reflected Cross-Site Scripting

The plugin does not sanitize and escape some parameters before outputting them back in an admin page, leading to a Reflected Cross-Site Scripting. Affected parameters: keyword, user, metaKey, and metaValue https://example.com/wp-admin/admin.php?page=advanced-admin-search&keyword="...

6.1CVSS0.3AI score0.00757EPSS
Exploits2
Total number of security vulnerabilities4359