Lucene search
K
WpexploitMost viewed

4359 matches found

wpexploit
wpexploit
added 2024/01/23 12:0 a.m.152 views

aBitGone CommentSafe <= 1.0.0 - Settings Update to Stored XSS via CSRF

Description The plugin does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack. Make an admin open an HTML file containing the following: '...

9AI score0.00163EPSS
Exploits2References1
wpexploit
wpexploit
added 2023/11/14 12:0 a.m.152 views

Contact Form Email < 1.3.44 - Editor+ Stored Cross-Site Scripting

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup 1. Create a form and navigate to 'Edit...

6.1CVSS6AI score0.00455EPSS
Exploits2
wpexploit
wpexploit
added 2023/11/03 12:0 a.m.152 views

Medialist < 1.4.1 - Contributor+ Stored XSS

Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks medialist style='"...

5.4CVSS5.5AI score0.00452EPSS
Exploits2References1
wpexploit
wpexploit
added 2023/09/25 12:0 a.m.152 views

PageLayer < 1.7.8 - Author+ Stored XSS

Description The plugin doesn't prevent attackers with author privileges and higher from inserting malicious JavaScript inside a post's header or footer code. - As a user with Author+ capabilities, create a new post draft - Save it, then edit it using the PageLayer page builder - Navigate to the...

5.4CVSS5.6AI score0.00415EPSS
Exploits2
wpexploit
wpexploit
added 2023/09/04 12:0 a.m.152 views

All in One B2B for WooCommerce <= 1.0.3 - Multiple CSRF

Description The plugin does not properly check nonce values in several actions, allowing an attacker to perform CSRF attacks. This CSRF attack will reject a Quote in the database. 1. Go to All In One Quote Quotes 2. Click "Add quote", fill in the title, and save. 3. Find the Quote ID, convert it ...

8.8CVSS8.8AI score0.00321EPSS
Exploits2
wpexploit
wpexploit
added 2023/07/24 12:0 a.m.152 views

Simple Author Box < 2.52 - Contributor+ Arbitrary User Information Disclosure via IDOR

Description The plugin does not verify a user ID before outputting information about that user, leading to arbitrary user information disclosure to users with a role as low as Contributor. 1. Create a new Post as a Contributor user. 2. Add the "Simple Author Box" block. 3. Intercept the request t...

4.3CVSS4.9AI score0.0043EPSS
Exploits2References1
wpexploit
wpexploit
added 2023/06/02 12:0 a.m.152 views

Online Booking & Scheduling Calendar for WordPress by vcita <= 4.3.3 - Denial of Service via CSRF

The plugin does not protect its vcitalogout ajax action against CSRF attacks, allowing an unauthenticated attacker to log the site out from it's vcita account by tricking a logged in user to send a crafted request, causing a denial of service for the appointment scheduling functionality...

6.5CVSS6.8AI score0.00394EPSS
Exploits2References1
wpexploit
wpexploit
added 2023/05/30 12:0 a.m.152 views

Feather Login Page < 1.1.2 - Missing Authorization to Authentication Bypass and Privilege Escalation

The plugin lacks authorization checks in the ftlpp-ext-expirable-get-users ajax action, allowing logged in users with roles as low as subscriber to access the login links for the temporary users created by the plugin, which can be used for privilege escalation. GET...

8.8CVSS8.6AI score0.00714EPSS
Exploits1References1
wpexploit
wpexploit
added 2023/05/30 12:0 a.m.152 views

AI-Engine < 1.6.83 - Admin+ Stored XSS

The plugin does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example, in multisite setup. Go to Meow Apps » AI Engine » Chatbot tab » Visu...

4.8CVSS5.5AI score0.0047EPSS
Exploits2
wpexploit
wpexploit
added 2023/05/22 12:0 a.m.152 views

WooCommerce Warranty Requests < 2.1.7 - Reflected XSS

The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin Make a logged in admin open the URL below v = 2.1.6...

5.8AI score0.00379EPSS
Exploits1References1
wpexploit
wpexploit
added 2023/05/12 12:0 a.m.152 views

WP Multi Store Locator <= 2.5 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks storelocatorshow location="'; alert1;...

5.4CVSS8.5AI score0.00444EPSS
Exploits2
wpexploit
wpexploit
added 2023/05/10 12:0 a.m.152 views

AP Pricing Tables Lite <= 1.1.6 - Admin+ SQLi

The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high-privilege users such as admins. POST /wp-admin/admin-ajax.php HTTP/1.1 Host: localhost Content-Length: 115 Accept: / Content-Type:...

7.2CVSS9.8AI score0.03229EPSS
Exploits2
wpexploit
wpexploit
added 2023/05/08 12:0 a.m.152 views

HollerBox < 2.1.4 - Admin+ SQL Injection

The plugin concatenates user input into an SQL query without escaping it first in the plugin's report API endpoint, which could allow administrators in multi-site configuration to leak sensitive information from the site's database. 1. Login as admin 2. Make sure HollerBox is installed and...

4.9CVSS9.2AI score0.00752EPSS
Exploits2
wpexploit
wpexploit
added 2023/03/16 12:0 a.m.152 views

WP Tiles <= 1.1.2 - Subscriber+ Draft/Private Post Title Disclosure

The plugin does not ensure that posts to be displayed are not draft/private, allowing any authenticated users, such as subscriber to retrieve the titles of draft and privates posts for example. AN attacker could also retrieve the title of any other type of post. Run the below command in the...

6.5CVSS6.4AI score0.00795EPSS
Exploits2
wpexploit
wpexploit
added 2022/12/24 12:0 a.m.152 views

Easy Bootstrap Shortcode <= 4.5.4 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. 1. Insert thi...

5.4CVSS1AI score0.00471EPSS
Exploits2
wpexploit
wpexploit
added 2022/12/19 12:0 a.m.152 views

Table of Contents Plus < 2212 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. toc...

5.4CVSS0.4AI score0.00575EPSS
Exploits2
wpexploit
wpexploit
added 2022/11/16 12:0 a.m.152 views

Easy Form Builder < 3.4.0 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. 1. Navigate to New Form » go to the Settings of t...

4.8CVSS4.7AI score0.00392EPSS
Exploits1
wpexploit
wpexploit
added 2022/08/01 12:0 a.m.152 views

NEX-Forms < 7.9.7 - Authenticated SQLi

The plugin does not properly sanitise and escape user input before using it in SQL statements, leading to SQL injections. The attack can be executed by anyone who is permitted to view the forms statistics chart, by default administrators, however can be configured otherwise via the plugin setting...

8.8CVSS3.1AI score0.10375EPSS
Exploits5References2
wpexploit
wpexploit
added 2022/07/04 12:0 a.m.152 views

Name Directory < 1.25.4 - Stored Cross-Site Scripting via CSRF

The plugin does not have CSRF check when importing names, and is also lacking sanitisation as well as escaping in some of the imported data, which could allow attackers to make a logged in admin import arbitrary names with XSS payloads in them. function submitRequest var xhr = new XMLHttpRequest;...

6.1CVSS6.2AI score0.00284EPSS
Exploits2
wpexploit
wpexploit
added 2022/06/22 12:0 a.m.152 views

Download Manager < 3.2.48 - Contributor+ Stored Cross-Site Scripting

The plugin does not sanitise and escape the 'Insert URL' field, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks. Note: The attempted fix made in 3.2.46 and 3.2.47 were found to be insufficient As a contributor, create/edit a download and pu...

6.4CVSS5.5AI score0.00846EPSS
Exploits3References1
wpexploit
wpexploit
added 2022/06/06 12:0 a.m.152 views

miniOrange's Google Authenticator < 5.5.6 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its settings, leading to malicious users with administrator privileges to store malicious Javascript code leading to Cross-Site Scripting attacks when unfilteredhtml is disallowed for example in multisite setup Enable 2FA + Website Security and put...

4.8CVSS0.4AI score0.00548EPSS
Exploits2
wpexploit
wpexploit
added 2022/06/02 12:0 a.m.152 views

Flower Delivery by Florist One <= 3.5.15 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfilteredhtml capability is disallowed for example in multisite setups As admin, go to the plugin's settings, create a new...

4.8CVSS0.1AI score0.00552EPSS
Exploits2
wpexploit
wpexploit
added 2022/02/22 12:0 a.m.152 views

Advanced Contact form 7 DB < 1.8.7 - Subscriber+ Arbitrary File Deletion

The plugin does not have authorisation nor CSRF checks in the acf7dbeditscrfiledelete AJAX action, and does not validate the file to be deleted, allowing any authenticated user to delete arbitrary files on the web server. For example, removing the wp-config.php allows attackers to trigger WordPre...

8CVSS2.7AI score0.00721EPSS
Exploits2
wpexploit
wpexploit
added 2021/11/15 12:0 a.m.152 views

NEX-Forms <= 7.9.4 - Multiple Admin+ Stored Cross-Site Scripting

The plugin does not escape some of its settings and form fields before outputting them in attributes, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. In Global Setting Preferences Validation, put the following...

4.8CVSS5AI score0.00305EPSS
Exploits2
wpexploit
wpexploit
added 2021/10/06 12:0 a.m.152 views

Age Gate < 2.16.4 - Authenticated Stored Cross-Site Scripting

The plugin does not sanitise and escape the 'Additional content' setting of its 'Messaging' page, which could allow users having access to such setting by default admin, but the plugin has a feature to change this and allow access to lower privileged users to perform Cross-Site Scripting attacks...

0.9AI score
Exploits0References1
wpexploit
wpexploit
added 2021/07/23 12:0 a.m.152 views

Comment Highlighter <= 0.13 - Authenticated SQL Injection

A c GET parameter of the plugin is not properly sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection. GET...

6.5CVSS0.8AI score0.01547EPSS
Exploits2References1
wpexploit
wpexploit
added 2021/06/28 12:0 a.m.152 views

Awesome Weather Widget <= 3.0.2 - Reflected Cross-site Scripting (XSS)

The plugin does not sanitize the id parameter of its awesomeweatherrefresh AJAX action, leading to an unauthenticated Reflected Cross-Site Scripting XSS Vulnerability. Note WPScanTeam: The issue was reported to the WP plugins team on May 4th, 2021, then June 7th, 2021 due to lack of update...

4.3CVSS6.1AI score0.00726EPSS
Exploits1
wpexploit
wpexploit
added 2024/05/14 12:0 a.m.151 views

Jetpack < 13.4 - Contributor+ Stored Cross-Site Scripting via wpvideo Shortcode

Description The plugin did not properly escape some of its shortcode attributes, allowing users with at least the contributor role to conduct Stored XSS attacks. wpvideo OcobLTqC freedom=true preloadContent='"src=x onerror=alertdocument.cookie xss'...

6.4CVSS5.8AI score0.00372EPSS
Exploits1References1
wpexploit
wpexploit
added 2024/04/25 12:0 a.m.151 views

Newsletter Popup <= 1.2 - List Deletion via CSRF

Description The plugin does not have CSRF check when deleting list, which could allow attackers to make logged in admins perform such action via a CSRF attack Make an admin open a URL where is a valid id: http://example.com4/wp-admin/admin.php?page=wpnewslettershowitems&action=trash&id=...

6.7AI score0.0035EPSS
Exploits3
wpexploit
wpexploit
added 2024/03/05 12:0 a.m.151 views

Backup and Restore WordPress < 1.50 - Unauthenticated Sensitive Data Exposure

Description The plugin does not protect some log files containing sensitive information such as site configuration etc, allowing unauthenticated users to access such data. 1 There is a lot of sensitive data and most importantly, you can download this logs to your machine and read it. These files...

6.3AI score0.00565EPSS
Exploits2
wpexploit
wpexploit
added 2024/02/27 12:0 a.m.151 views

Payment Gateway for Telcell < 2.0.4 - Unauthenticated Open Redirect

Description The plugin does not validate the apiurl parameter before redirecting the user to its value, leading to an Open Redirect issue https://localhost/wp-admin/admin.php?page=wc-settings&action=redirecttelcellform&apiurl=https://www.google.com...

6.8AI score0.00464EPSS
Exploits2
wpexploit
wpexploit
added 2024/02/08 12:0 a.m.151 views

Event Tickets and Registration < 5.8.1 - Contributor+ Arbitrary Events Access

Description The plugin does not prevent users with at least the contributor role from leaking the existence of certain events they shouldn't have access to. e.g. draft, private, pending review, pw-protected, and trashed events. 1. ADMIN: Install Event Tickets 2. ADMIN: Install Event Tickets Plus...

6.8AI score0.00604EPSS
Exploits2
wpexploit
wpexploit
added 2024/01/17 12:0 a.m.151 views

Analytics Insights for Google Analytics 4 < 6.3 - Open Redirect

Description The plugin is vulnerable to Open Redirect due to insufficient validation on the redirect oauth2callback.php file. This makes it possible for unauthenticated attackers to redirect users to potentially malicious sites if they can successfully trick them into performing an action...

6.7AI score0.01254EPSS
Exploits2
wpexploit
wpexploit
added 2023/12/15 12:0 a.m.151 views

Email Subscription Popup < 1.2.20 - Reflected XSS

Description The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin Make a logged in admin open " /...

6.1CVSS6AI score0.00442EPSS
Exploits2
wpexploit
wpexploit
added 2023/12/14 12:0 a.m.151 views

WP Crowdfunding < 2.1.9 - Reflected XSS

Description The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin 1. Add a "Campaign Search" widget to your site via Appearance Customise Widgets for...

6.1CVSS6AI score0.0042EPSS
Exploits2
wpexploit
wpexploit
added 2023/11/20 12:0 a.m.151 views

EmbedPress < 3.9.2 - Reflected XSS

Description The plugin does not sanitise and escape user input before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin Make a logged in admin open a page containing the HTML code below " / " /...

6.1CVSS6AI score0.0062EPSS
Exploits2
wpexploit
wpexploit
added 2023/10/16 12:0 a.m.151 views

Responsive Pricing Table < 5.1.8 - Admin+ Stored Cross-Site Scriping

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup 1. Create a New Pricing Table and Add ...

4.8CVSS5.5AI score0.00436EPSS
Exploits2References1
wpexploit
wpexploit
added 2023/09/21 12:0 a.m.151 views

EventON < 2.2 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup 1. Create a new events. 2. In the "Eve...

4.8CVSS4.8AI score0.00402EPSS
Exploits2
wpexploit
wpexploit
added 2023/08/07 12:0 a.m.151 views

Simple Blog Card < 1.32 - Subscriber+ Arbitrary Post Access

Description The plugin does not ensure that posts to be displayed via a shortcode are public, allowing any authenticated users, such as subscriber, to retrieve arbitrary post title and their content such as draft, private and password protected ones Run the below command in the developer console ...

4.3CVSS4.7AI score0.00453EPSS
Exploits2
wpexploit
wpexploit
added 2023/08/02 12:0 a.m.151 views

Front Editor <= 4.3.5 - Admin+ Stored XSS

Description The plugin does not sanitize and escape some of its form settings, which could allow high-privilege users to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup 1. Add a new form. 2. For the "Post Title", add...

4.8CVSS4.8AI score0.00379EPSS
Exploits2
wpexploit
wpexploit
added 2023/06/19 12:0 a.m.151 views

EventON < 2.1.2 - Unauthenticated Event Access

The plugin lacks authentication and authorization in its eventonicsdownload ajax action, allowing unauthenticated visitors to access private and password protected Events by guessing their numeric id. https://example.com/wp-admin/admin-ajax.php?action=eventonicsdownload&eventid=value...

5.3CVSS9.6AI score0.37468EPSS
Exploits5
wpexploit
wpexploit
added 2023/06/02 12:0 a.m.151 views

CRM and Lead Management by vcita <= 2.7.1 - Settings Update Via CSRF

The plugin does not protect its settings page against CSRF attacks, allowing an unauthenticated attacker to inject arbitrary web scripts by tricking a user with the contributor role or higher to click a link. The plugin does not protect its settings page against CSRF attacks, allowing an...

6.5CVSS7AI score0.00335EPSS
Exploits2References2
wpexploit
wpexploit
added 2023/05/25 12:0 a.m.151 views

File Renaming on Upload < 2.5.2 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup Multiple inputs in the plugin's settings -- for...

4.8CVSS8.4AI score0.00442EPSS
Exploits2
wpexploit
wpexploit
added 2023/05/16 12:0 a.m.151 views

Contact Form Email < 1.3.38 - Unauthenticated Stored Cross-Site Scripting

The plugin does not escape submitted values before displaying them in the HTML, leading to a Stored XSS vulnerability. 1. Publish the default form to a page by clicking on "Contact Form to Email" in the sidebar, and the "Publish" button beside the form name. 2. Visit the form on the frontend. Fil...

5.4CVSS5.8AI score0.00505EPSS
Exploits2
wpexploit
wpexploit
added 2023/05/15 12:0 a.m.151 views

WooCommerce Brands < 1.6.46 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks Add a Brand with an image, and assign it to ...

5.6AI score0.00374EPSS
Exploits1References1
wpexploit
wpexploit
added 2023/05/10 12:0 a.m.151 views

Directorist < 7.5.4 - Admin+ LFI

The plugin is vulnerable to Local File Inclusion as it does not validate the file parameter when importing CSV files. This PoC will work on Linux systems. 1. Navigate to the URL path: /wp-admin/edit.php?posttype=atbizdir&page=tools&step=2&file=/etc/passwd&delimiter=; 2.. You will be presented wit...

9.2AI score0.01313EPSS
Exploits2
wpexploit
wpexploit
added 2023/02/27 12:0 a.m.151 views

Shortcodes Ultimate < 5.12.8 - Subscriber+ Arbitrary Post Access

The plugin does not ensure that posts to be displayed via some shortcodes are already public and can be accessed by the user making the request, allowing any authenticated users such as subscriber to view draft, private or even password protected posts. It is also possible to leak the password of...

6.5CVSS6.9AI score0.00654EPSS
Exploits2
wpexploit
wpexploit
added 2023/01/11 12:0 a.m.151 views

WOOF - Products Filter for WooCommerce < 1.3.2 - Admin+ PHP Object Injection

The plugin unserializes user input provided via the settings, which could allow high privilege users such as admin to perform PHP Object Injection when a suitable gadget is present. 1. To simulate a gadget chain, put the following code in a plugin: class Evil public function wakeup : void...

7.2CVSS0.6AI score0.01313EPSS
Exploits2
wpexploit
wpexploit
added 2022/11/30 12:0 a.m.151 views

Sliderby10Web < 1.2.53 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. 1. Go to "Slider » Sliders" and edit one of the...

4.8CVSS4.8AI score0.00532EPSS
Exploits2
wpexploit
wpexploit
added 2022/09/15 12:0 a.m.151 views

Advanced Comment Form < 1.2.1 - Admin+ Authenticated Stored XSS

The plugin does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. In the settings of the plugin, add the following payload to the text before the form:...

4.8CVSS0.5AI score0.0047EPSS
Exploits2
Total number of security vulnerabilities4359