Lucene search
K
WpexploitMost viewed

4359 matches found

wpexploit
wpexploit
•added 2022/07/04 12:0 a.m.•156 views

Popup Anything < 2.1.7 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape a parameter before outputting it back in a frontend page, leading to a Reflected Cross-Site Scripting On a post/page where the paocdetails display="keyxxx" shortcode is embed, append the following payload: ?xxx=11111%3Cscript%3Ealert/XSS/%3C/script%3E e.g:...

6.1CVSS6.2AI score0.0055EPSS
Exploits2
wpexploit
wpexploit
•added 2022/05/17 12:0 a.m.•156 views

Advanced Admin Search < 1.1.6 - Reflected Cross-Site Scripting

The plugin does not sanitize and escape some parameters before outputting them back in an admin page, leading to a Reflected Cross-Site Scripting. Affected parameters: keyword, user, metaKey, and metaValue https://example.com/wp-admin/admin.php?page=advanced-admin-search&keyword="...

6.1CVSS0.3AI score0.00757EPSS
Exploits2
wpexploit
wpexploit
•added 2022/02/21 12:0 a.m.•156 views

Contact Form Submissions < 1.7.3 - Unauthenticated Stored XSS

The plugin does not sanitise and escape additional fields in contact form requests before outputting them in the related submission. As a result, unauthenticated attacker could perform Cross-Site Scripting attacks against admins viewing the malicious submission POST...

6.1CVSS0.7AI score0.01691EPSS
Exploits2References1
wpexploit
wpexploit
•added 2021/09/21 12:0 a.m.•156 views

WP HTML Author Bio <= 1.2.0 - Author+ Stored Cross-Site Scripting

The plugin does not sanitise the HTML allowed in the Bio of users, allowing them to use malicious JavaScript code, which will be executed when anyone visit a post in the frontend made by such user. As a result, user with a role as low as author could perform Cross-Site Scripting attacks against...

5.4CVSS0.5AI score0.01771EPSS
Exploits3
wpexploit
wpexploit
•added 2021/09/03 12:0 a.m.•156 views

Support Board < 3.3.4 - Multiple Unauthenticated SQL Injections

The plugin does not escape multiple POST parameters such as statuscode, department, userid, conversationid, conversationstatuscode, and recipientid before using them in SQL statements, leading to SQL injections which are exploitable by unauthenticated users. The login-cookie parameter is needed,...

9.8CVSS0.6AI score0.05516EPSS
Exploits3References2
wpexploit
wpexploit
•added 2021/07/02 12:0 a.m.•156 views

Workreap < 2.2.2 - Unauthenticated Upload Leading to Remote Code Execution

The theme's AJAX actions workreapawardtempfileuploader and workreaptempfileuploader did not perform nonce checks, or validate that the request is from a valid user in any other way. The endpoints allowed for uploading arbitrary files to the uploads/workreap-temp directory. Uploaded files were...

7.5CVSS0.7AI score0.60113EPSS
Exploits9References1
wpexploit
wpexploit
•added 2021/03/25 12:0 a.m.•156 views

Facebook for WordPress 3.0.0-3.0.3 - CSRF to Stored XSS and Settings Deletion

The wpajaxsavefbesettings and wpajaxdeletefbesettings AJAX actions of the plugin were vulnerable to CSRF due to a lack of nonce protection. The settings in the saveFbeSettings function had no sanitization allowing for script tags to be saved. CSRF to XSS alert0" / alert0" / alert0" / CSRF to Dele...

6.8CVSS8.8AI score0.00699EPSS
Exploits2References1
wpexploit
wpexploit
•added 2021/02/08 12:0 a.m.•156 views

Digital Publications by Supsystic < 1.6.12 - Authenticated Path Traversal

The "Folder" tab under "Publications" is vulnerable to path traversal and exposes limited information, for example, the user can gain information regarding images stored in outside of the WordPress blog, ie, home directories. Enter the following payload into the "Folder" input field of a...

0.6AI score
Exploits0References1
wpexploit
wpexploit
•added 2024/04/03 12:0 a.m.•155 views

Better Comments < 1.5.6 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup 1. From the WordPress menu on the left...

5.7AI score0.00403EPSS
Exploits2
wpexploit
wpexploit
•added 2024/03/28 12:0 a.m.•155 views

Otter Blocks < 2.6.6 - Contributor+ Stored XSS

Description The plugin does not properly escape its mainHeadings blocks' attribute before appending it to the final rendered block, allowing contributors to conduct Stored XSS attacks. As a contributor, put the following payload in a post while in Code Editor mode The XSS will be triggered when...

9.1AI score0.0042EPSS
Exploits2References1
wpexploit
wpexploit
•added 2024/03/25 12:0 a.m.•155 views

Fancy Product Designer < 6.1.81 - Admin+ Cross Site Scripting via Product Title

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup Note: This requires WooCommerce to be...

8.1AI score0.00441EPSS
Exploits2
wpexploit
wpexploit
•added 2024/03/13 12:0 a.m.•155 views

WooCommerce Cart Abandonment Recovery < 1.2.27 - Templates/Abandoned Orders Deletion via CSRF

Description The plugin does not have CSRF check in its bulk actions, which could allow attackers to make logged in admins delete arbitrary email templates as well as delete and unsubscribe users from abandoned orders via CSRF attacks. Make a logged in admin open one of the URLs below - To make th...

6.9AI score0.00353EPSS
Exploits2
wpexploit
wpexploit
•added 2024/03/12 12:0 a.m.•155 views

Page Builder Gutenberg Blocks < 3.1.7 - Contributor+ Stored XSS

Description The plugin does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks Create/Edit a Post, add an "Icon" block and...

5.9AI score0.00446EPSS
Exploits2References1
wpexploit
wpexploit
•added 2024/03/07 12:0 a.m.•155 views

Pz-LinkCard < 2.5.3 - Reflected XSS

Description The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin Make a logged in admin open a page containing the code below ' /...

6AI score0.00491EPSS
Exploits2
wpexploit
wpexploit
•added 2024/02/17 12:0 a.m.•155 views

Login as User or Customer <= 3.8 - Admin Account Takeover

Description The plugin does not prevent users to log in as any other user on the site. 1. As an admin, log in as some user. Note the user ID. 2. Run the following curl command, filling in the ADMINID and the USERID: curl -v https://example.com/wp-admin/admin-ajax.php -H 'Cookie:...

6.6AI score0.00636EPSS
Exploits2References2
wpexploit
wpexploit
•added 2024/01/23 12:0 a.m.•155 views

Advanced Page Visit Counter <= 8.0.6 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup 1. Visit the "Settings" interface...

5.7AI score0.00318EPSS
Exploits2
wpexploit
wpexploit
•added 2024/01/10 12:0 a.m.•155 views

EventON (Free < 2.2.8, Premium < 4.5.5) - Unauthenticated Email Address Disclosure

Description The plugins do not have authorisation in an AJAX action, allowing unauthenticated users to retrieve email addresses of any users on the blog To get the administrator user emails: curl -X POST --data 'userrole=administrator'...

5.3CVSS5.4AI score0.37957EPSS
Exploits3
wpexploit
wpexploit
•added 2023/11/21 12:0 a.m.•155 views

Autocomplete Location field Contact Form 7 < 3.0 - Admin+ Store Cross-Site Scripting

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup 1. Go to "Contact Google Place API" 2...

4.8CVSS7.9AI score0.00442EPSS
Exploits2
wpexploit
wpexploit
•added 2023/11/14 12:0 a.m.•155 views

WP Not Login Hide <= 1.0 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup 1. Visit the "WPNLH" interface availab...

4.8CVSS5.6AI score0.00425EPSS
Exploits2
wpexploit
wpexploit
•added 2023/11/13 12:0 a.m.•155 views

BSK Contact Form 7 Blacklist <= 1.0.1 - Reflected Cross-Site Scripting

Description The plugin does not sanitise and escape the insertedcount parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin Make a logged in admin open the URL below...

6.1CVSS6.5AI score0.00444EPSS
Exploits2
wpexploit
wpexploit
•added 2023/09/21 12:0 a.m.•155 views

Enable Media Replace < 4.1.3 - Author+ PHP Object Injection

Description The plugin unserializes user input via the Remove Background feature, which could allow Author+ users to perform PHP Object Injection when a suitable gadget is present on the blog Step 1: Add the following code to the end of the file located at...

8.8CVSS8.9AI score0.00837EPSS
Exploits2
wpexploit
wpexploit
•added 2023/08/09 12:0 a.m.•155 views

Profile Builder < 3.9.8 - Unauthenticated Plugin's Pages Creation

Description The plugin lacks authorisation and CSRF in its page creation function which allows unauthenticated users to create the register, log-in and edit-profile pages from the plugin on the blog 1. Access the URL:...

4.3CVSS7.4AI score0.002EPSS
Exploits1
wpexploit
wpexploit
•added 2023/07/17 12:0 a.m.•155 views

WP Shopping Pages <= 1.14 - Stored XSS via CSRF

Description The plugin does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack. Make a logged in admin access a page with the following code: ' input type...

6.8CVSS6.7AI score0.00327EPSS
Exploits2
wpexploit
wpexploit
•added 2023/06/21 12:0 a.m.•155 views

WooCommerce Product Vendors < 2.1.77 - Vendor Admin+ SQLi

The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as Admin Vendor and above As an Admin vendor, open the URL below...

7.5AI score0.00929EPSS
Exploits1References1
wpexploit
wpexploit
•added 2023/06/13 12:0 a.m.•155 views

WooCommerce Stripe Payment Gateway < 7.4.1 - Unauthenticated PII Disclosure via IDOR

The plugin does not ensure that the order details to be displayed belongs to the user making the request, allows unauthenticated users to access sensitive information about the reorder details such as first/last names, email and address As unauthenticated, see the source of...

7.5CVSS7.6AI score0.01214EPSS
Exploits2References1
wpexploit
wpexploit
•added 2023/05/02 12:0 a.m.•155 views

Newsletter Popup <= 1.2 - Unauthenticated Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow unauthenticated users to perform Stored Cross-Site Scripting attacks 1. Create a Newsletter popup any will do and publish it. 2. Use an incognito window and open the website involved, then run the following code in th...

6.1CVSS8.6AI score0.0051EPSS
Exploits2
wpexploit
wpexploit
•added 2022/11/14 12:0 a.m.•155 views

Becustom < 1.0.5.3 - Settings Update via CSRF

The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

8.8CVSS0.4AI score0.00781EPSS
Exploits5References1
wpexploit
wpexploit
•added 2022/06/06 12:0 a.m.•155 views

miniOrange's Malware Scanner < 4.5.2 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its settings, leading to malicious users with administrator privileges to store malicious Javascript code leading to Cross-Site Scripting attacks when unfilteredhtml is disallowed for example in multisite setup Put the following payload in the...

4.8CVSS0.8AI score0.00548EPSS
Exploits2
wpexploit
wpexploit
•added 2022/05/23 12:0 a.m.•155 views

LaTeX for WordPress <= 3.4.10 - Arbitrary Settings Update via CSRF to Stored XSS

The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack which could also lead to Stored Cross-Site Scripting due to the lack of sanitisation and escaping " document.getElementById"test".submit;...

5.4CVSS1AI score0.00292EPSS
Exploits2
wpexploit
wpexploit
•added 2022/05/16 12:0 a.m.•155 views

Photo Gallery < 1.6.4 - Admin+ Stored Cross-Site Scripting

The plugin does not properly validate and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks when unfilteredhtml is disallowed Go to Photo Gallery Global Settings Watermark Using the web browser inspector, change the input typ...

4.8CVSS0.5AI score0.00995EPSS
Exploits2
wpexploit
wpexploit
•added 2022/03/29 12:0 a.m.•155 views

uDraw < 3.3.3 - Unauthenticated Arbitrary File Access

The plugin does not validate the url parameter in its udrawconverturltobase64 AJAX action available to both unauthenticated and authenticated users before using it in the filegetcontents function and returning its content base64 encoded in the response. As a result, unauthenticated users could re...

7.5CVSS0.4AI score0.07736EPSS
Exploits2
wpexploit
wpexploit
•added 2022/02/28 12:0 a.m.•155 views

3D FlipBook < 1.12.1 - Subscriber+ Stored Cross-Site Scripting

The plugin does not have authorisation and CSRF checks when updating its settings, and does not have any sanitisation/escaping, allowing any authenticated users, such as subscriber to put Cross-Site Scripting payloads in all pages with a 3d flipbook. As a subscriber:...

5.4CVSS1AI score0.00591EPSS
Exploits2
wpexploit
wpexploit
•added 2022/02/02 12:0 a.m.•155 views

Wordpress Download Manager < 3.2.25 - Sensitive Information Disclosure

The plugin does not have any authorisation checks in some of the REST API endpoints, allowing unauthenticated attackers to call them, which could lead to sensitive information disclosure, such as posts passwords fixed in 3.2.24 and files Master Keys fixed in 3.2.25. Expose plaintext passwords fix...

7.5CVSS7.5AI score0.01493EPSS
Exploits2
wpexploit
wpexploit
•added 2022/01/24 12:0 a.m.•155 views

Anti-Malware Security and Brute-Force Firewall < 4.20.94 - Admin+ Reflected Cross-Site Scripting

The plugin does not sanitise and escape the POST data before outputting it back in attributes of an admin page, leading to a Reflected Cross-Site scripting. Due to the presence of specific parameter value, available to admin users, this can only be exploited by an admin against another admin user...

4.8CVSS4.9AI score0.00588EPSS
Exploits2
wpexploit
wpexploit
•added 2021/11/15 12:0 a.m.•155 views

Single Post Exporter <= 1.1.1 - Plugin's Settings Update via CSRF

The plugin does not have CSRF checks when saving its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and give access to the export feature to any role such as subscriber. Subscriber users would then be able to export an arbitrary post/page such as...

4.3CVSS5.3AI score0.00435EPSS
Exploits2
wpexploit
wpexploit
•added 2021/10/19 12:0 a.m.•156 views

Easy Digital Downloads < 2.11.2.1 - Reflected Cross-Site Scripting

The plugin does not escape the start-date and end-date parameters in the payment history dashboard before outputting them back in attributes, leading to Reflected Cross-Site Scripting issues...

4.8CVSS1.6AI score0.00902EPSS
Exploits2References3
wpexploit
wpexploit
•added 2021/08/22 12:0 a.m.•155 views

WordPress Page Contact <= 1.0 - Authenticated (editor+) SQL Injection

The Orders functionality in the plugin has an orderid parameter which is not sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection. The feature is available to low privilege users such as contributors POST /wp-admin/admin.php?page=wpagecontact-plugin HTTP/1...

7.2CVSS2.2AI score0.01467EPSS
Exploits2References1
wpexploit
wpexploit
•added 2021/07/20 12:0 a.m.•155 views

NEX Forms < 7.8.8 - Authentication Bypass for Excel Reports

The plugin was vulnerable to Authentication Bypass for Excel Reports allowing unauthenticated attackers to download Excel reports. http://www.example.com/wp-admin/admin.php?page=nex-forms-dashboard&exportcsv=true...

5CVSS4AI score0.01822EPSS
Exploits2References3
wpexploit
wpexploit
•added 2021/07/20 12:0 a.m.•155 views

NEX Forms < 7.8.8 - Authentication Bypass for PDF Reports

The plugin was vulnerable to Authentication Bypass for PDF Reports allowing unauthenticated attackers to download PDF reports. http://www.example.com/wp-content/uploads/submissionreport.pdf...

5CVSS4AI score0.01822EPSS
Exploits2References3
wpexploit
wpexploit
•added 2021/07/14 12:0 a.m.•155 views

Current Book <= 1.0.1 - Authenticated Stored Cross-Site Scripting (XSS)

The plugin does not sanitize user input when an authenticated user adds Author or Book Title, then does not escape these values when outputting to the browser leading to an Authenticated Stored XSS Cross-Site Scripting issue. 1. Install WordPress 5.7.2 2. Install and activate Custom Book 3...

3.5CVSS5.2AI score0.0062EPSS
Exploits2References1
wpexploit
wpexploit
•added 2021/06/30 12:0 a.m.•155 views

Profile Builder < 3.4.8 - Authenticated Stored XSS

The plugin does not sanitise or escape its 'Modify default Redirect Delay timer' setting, allowing high privilege users to use JavaScript code in it, even when the unfilteredhtml capability is disallowed, leading to an authenticated Stored Cross-Site Scripting issue As admin, put the following...

3.5CVSS4.7AI score0.00613EPSS
Exploits2
wpexploit
wpexploit
•added 2024/05/31 12:0 a.m.•154 views

DOP Shortcodes <= 1.2 - Contributor+ Stored XSS via Shortcode

Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks Add the following shortcode to a...

5.8AI score0.00315EPSS
Exploits2
wpexploit
wpexploit
•added 2024/05/30 12:0 a.m.•154 views

HTML5 Video Player < 2.5.27 - Unauthenticated SQLi

Description The plugin does not sanitize and escape a parameter from a REST route before using it in a SQL statement, allowing unauthenticated users to perform SQL injection attacks % time curl "https://example.com/?restroute=/h5vp/v1/video/1&id=1'+OR+SELECT+1+FROM+SELECTSLEEP5xyz--+-"...

7.4AI score0.02639EPSS
Exploits6
wpexploit
wpexploit
•added 2024/05/15 12:0 a.m.•154 views

BuddyBoss Platform < 2.6.0 - Subscriber+ Comment on Private Post via IDOR

Description The plugin contains an IDOR vulnerability that allows a user to comment on a private post by manipulating the ID included in the request POST /wp-admin/admin-ajax.php HTTP/2 Host: online-communities.demos.buddyboss.com Cookie:...

4.3CVSS6.6AI score0.00375EPSS
Exploits2References2
wpexploit
wpexploit
•added 2024/04/24 12:0 a.m.•154 views

Base64 Encoder/Decoder <= 0.9.2 - Stored XSS via CSRF

Description The plugin does not have CSRF check when updating its settings, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack Make a logged in admin open an HTML file containing the following: alert999'...

5.9AI score0.00217EPSS
Exploits2
wpexploit
wpexploit
•added 2024/04/24 12:0 a.m.•154 views

SP Project & Document Manager <= 4.71 - Subscriber+ File Download via IDOR

Description The plugin lacks proper access controllers and allows a logged in user to view and download files belonging to another user As a logged in user, send a GET request: GET /wp-admin/admin-ajax.php?action=cdmfilelist&uid=3CHANGE HERE&pid=0CHANGE HERE&search=&=1708406394720 You can view...

6.6AI score0.00523EPSS
Exploits2
wpexploit
wpexploit
•added 2024/04/08 12:0 a.m.•154 views

GamiPress < 6.8.9 - Broken Access Control

Description The plugin's access control mechanism fails to properly restrict access to its settings, permitting Authors to manipulate requests and extend access to lower privileged users, like Subscribers, despite initial settings prohibiting such access. This vulnerability resembles broken acces...

6.6AI score0.00635EPSS
Exploits2
wpexploit
wpexploit
•added 2024/02/28 12:0 a.m.•154 views

Simple Ajax Chat < 20240223 - Unauthenticated Stored XSS

Description The plugin does not prevent visitors from using malicious Names when using the chat, which will be reflected unsanitized to other users. await fetch"http://vulnerable-site.tld/wp-content/plugins/simple-ajax-chat/simple-ajax-chat-core.php?sacSendChat=yes", "credentials": "include",...

6.7AI score0.00452EPSS
Exploits2
wpexploit
wpexploit
•added 2023/11/30 12:0 a.m.•154 views

Quiz Maker < 6.4.9.5 - Reflected Cross-Site Scripting

Description The plugin does not escape generated URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting Visit the following URL: https://example.com/wp-admin/admin.php?page=quiz-maker-questions&fake%22%3E%3Cscript%3Ealert/xss/%3C/script%3E=something...

6.1CVSS6.6AI score0.0042EPSS
Exploits2
wpexploit
wpexploit
•added 2023/11/06 12:0 a.m.•154 views

WordPress Backup & Migration < 1.4.5 - Subscriber+ Stored XSS

Description The plugin does not sanitise and escape some parameters, which could allow users with a role as low as Subscriber to perform Cross-Site Scripting attacks. This was partially fixed in version 1.4.4 but it still allowed XSS attacks from Admin users. fetch"/wp-admin/admin-ajax.php",...

5.4CVSS5.6AI score0.00426EPSS
Exploits2
Total number of security vulnerabilities4359