Lucene search
K
WpexploitMost viewed

4359 matches found

wpexploit
wpexploit
added 2022/06/28 12:0 a.m.151 views

SP Project & Document Manager < 4.58 - Sensitive File Disclosure

The plugin uses an easily guessable path to store user files, bad actors could use that to access other users' sensitive files. 1. Upload a file using the plugin. 2. On another browser, access the newly uploaded file via:...

6.5CVSS6.5AI score0.00807EPSS
Exploits2
wpexploit
wpexploit
added 2022/05/18 12:0 a.m.151 views

WP-CRM <= 1.2.1 - CSV Injection

The plugin does not validate and sanitise fields when exporting people to a CSV file, leading to a CSV injection vulnerability. 1. Add new person and put the following CSV calculator payload into the Display Name, Phone Number and Description field and save the entry. payload : =cmd|' /C calc'!'A...

7.8CVSS0.7AI score0.00988EPSS
Exploits2
wpexploit
wpexploit
added 2022/05/11 12:0 a.m.151 views

WP Fundraising Donation and Crowdfunding Platform < 1.5.0 - Unauthenticated SQLi

The plugin does not sanitise and escape a parameter before using it in a SQL statement via one of it's REST route, leading to an SQL injection exploitable by unauthenticated users curl 'https://example.com/index.php?restroute=/xs-donate-form/payment-redirect/3' \ --data '"id": "SELECT 1 FROM...

9.8CVSS1.6AI score0.07879EPSS
Exploits2
wpexploit
wpexploit
added 2022/03/02 12:0 a.m.151 views

MC4WP < 4.8.7 - Admin+ Stored Cross-Site Scripting

The plugin does not properly sanitise from data, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. Create a form and put the following payload in the Form Code textarea: The XSS will be triggered whe...

1.1AI score
Exploits0References1
wpexploit
wpexploit
added 2022/01/25 12:0 a.m.151 views

AP Custom Testimonial < 1.4.8 - Admin+ SQL Injection

The plugin does not validate and escape the id parameter before using it in a SQL statement when retrieving a testimonial to edit, leading to a SQL Injection https://example.com/wp-admin/admin.php?page=apcttestimonialedit&id=1+AND+SELECT+42+FROM+SELECTSLEEP5b...

7.2CVSS2AI score0.01445EPSS
Exploits2References1
wpexploit
wpexploit
added 2021/10/07 12:0 a.m.151 views

Unlimited PopUps <= 4.5.3 - Author+ SQL Injection

The plugin does not sanitise or escape the did GET parameter before using it in a SQL statement, available to users as low as editor, leading to an authenticated SQL Injection https://plugins.trac.wordpress.org/browser/unlimited-popups/trunk/popuplist.phpL16...

8.8CVSS1.9AI score0.01517EPSS
Exploits2References1
wpexploit
wpexploit
added 2021/07/29 12:0 a.m.151 views

WordPress Download Manager < 3.1.25 - Authenticated Directory Traversal

Authenticated Directory Traversal in WordPress Download Manager Add New. Name the post, and intercept the request when you Submit for Review no file needs to be uploaded. In the filepagetemplate parameter, swap out page-template-1col-flat.php for “\../../../../../wp-config.php” Then preview the...

4CVSS6.2AI score0.01331EPSS
Exploits1References1
wpexploit
wpexploit
added 2021/07/19 12:0 a.m.151 views

Mimetic Books <= 0.2.13 - Authenticated Stored Cross-Site Scripting (XSS)

The plugin was vulnerable to Authenticated Stored Cross-Site Scripting XSS in the "Default Publisher ID" field on the plugin's settings page. 1. Install WordPress 5.7.2 2. Install and activate Mimetic Books 3. Navigate to Settings Mimetic Books API and enter the XSS payload into the Default...

3.5CVSS0.4AI score0.0062EPSS
Exploits2References1
wpexploit
wpexploit
added 2021/05/16 12:0 a.m.151 views

Bello < 1.6.0 - Authenticated Cross-Site Scripting (XSS) and XFS

The theme did not properly sanitise its postexcerpt parameter before outputting it back in the shop/my-account/bello-listing-endpoint/ page, leading to a Cross-Site Scripting issue -- Payloads: $ $ -- PoC | Authenticated XFS | My Listings: ! POST...

5.4CVSS0.1AI score0.01681EPSS
Exploits2References1
wpexploit
wpexploit
added 2024/05/24 12:0 a.m.150 views

Alemha Watermarker <= 1.3.1 - Author+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup 1. As an "author" level user, add a ne...

5.6AI score0.00359EPSS
Exploits2
wpexploit
wpexploit
added 2024/03/25 12:0 a.m.150 views

Everest Backup < 2.2.5 - Admin+ Arbitrary File Upload

Description The plugin does not properly validate backup files to be uploaded, allowing high privilege users such as admin to upload arbitrary files on the server even when they should not be allowed to for example in multisite setup 1. Go to the plugin setting and in the "Restore" section upload...

9.4AI score0.00649EPSS
Exploits2
wpexploit
wpexploit
added 2024/03/11 12:0 a.m.150 views

Hubbub Lite < 1.33.1 - Unauthenticated Password Protected Posts Access

Description The plugin does not ensure that user have access to password protected post before displaying its content in a meta tag. When the "Disable Open Graph Meta Tags" settings of the plugin is disabled, view the source of a password protected post and note its content being disclosed in the...

6.8AI score0.00516EPSS
Exploits2
wpexploit
wpexploit
added 2024/02/05 12:0 a.m.150 views

Shariff Wrapper < 4.6.10 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup Put the following payload in the...

7.9AI score0.00417EPSS
Exploits2References1
wpexploit
wpexploit
added 2024/01/27 12:0 a.m.150 views

Allow SVG < 1.2.0 - Author+ Stored XSS via SVG

Description The plugin does not sanitize uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads. Upload an SVG with the following code: alert"xss"; Access the uploaded file directly to see the XSS...

9.3AI score0.00319EPSS
Exploits2
wpexploit
wpexploit
added 2024/01/23 12:0 a.m.150 views

illi Link Party! <= 1.0 - Settings Update via CSRF

Description The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack. Make an admin open the following HTML: See that the support the plugin option is toggled on/off...

9.4AI score0.00153EPSS
Exploits2
wpexploit
wpexploit
added 2024/01/03 12:0 a.m.150 views

TJ Shortcodes <= 0.1.3 - Contributor+ Stored XSS via Shortcodes

Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. junkie-button...

5.4CVSS8.3AI score0.00406EPSS
Exploits2References1
wpexploit
wpexploit
added 2023/10/16 12:0 a.m.150 views

URL Shortify < 1.7.9.1 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup Multiple parameters in the plugin's...

4.8CVSS5AI score0.00408EPSS
Exploits2
wpexploit
wpexploit
added 2023/07/17 12:0 a.m.150 views

MultiParcels Shipping For WooCommerce < 1.14.14 - Subscriber+ Arbitrary Shipment Deletion

Description The plugin does not have authorisation when deleting shipment, allowing any authenticated users, such as subscriber to delete arbitrary shipment Login as a subscriber an open https://example.com/wp-admin/admin-post.php?action=multiparcelsdeleteshipping&id=1 to delete the shipment with...

8.1CVSS8.2AI score0.00592EPSS
Exploits2
wpexploit
wpexploit
added 2023/06/19 12:0 a.m.150 views

AN_GradeBook <= 5.0.1 - Admin+ XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. 1. When adding a new course in the plugin setting...

4.8CVSS8.4AI score0.00522EPSS
Exploits2
wpexploit
wpexploit
added 2023/06/05 12:0 a.m.150 views

Aajoda Testimonials < 2.2.2 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. 1. In Aajoda » Optional Aajoda Style, insert the...

4.8CVSS8.4AI score0.00773EPSS
Exploits2
wpexploit
wpexploit
added 2023/05/02 12:0 a.m.150 views

WP Fatest Cache < 1.1.5 - Blind SSRF via CSRF

The plugin does not have CSRF check in an AJAX action, and does not validate user input before using it in the wpremoteget function, leading to a Blind SSRF issue Note: CSRF was fixed in 1.1.4, the SSRF in 1.1.5 Make a logged in admin open...

8.8CVSS9.1AI score0.08466EPSS
Exploits2
wpexploit
wpexploit
added 2023/04/10 12:0 a.m.150 views

Advanced Custom Fields < 5.12.5 - Contributor+ PHP Object Injection

The plugin unserializes user controllable data, which could allow users with a role of Contributor and above to perform PHP Object Injection when a suitable gadget is present. Setup As admin - To simulate a gadget chain, put the following code in a plugin: class Evil public function wakeup : void...

8.8CVSS9.6AI score0.0108EPSS
Exploits3
wpexploit
wpexploit
added 2023/02/27 12:0 a.m.150 views

GN Publisher < 1.5.6 - Reflected XSS

The plugin does not sanitise and escape the tab parameter before outputting it back in a page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

6.1CVSS6.3AI score0.0126EPSS
Exploits3
wpexploit
wpexploit
added 2022/11/22 12:0 a.m.150 views

WP Stripe Checkout < 1.2.2.21 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks As a contributor, put the following shortcode in a page/post wpstripecheckout...

5.4CVSS1.1AI score0.00471EPSS
Exploits2
wpexploit
wpexploit
added 2022/10/05 12:0 a.m.150 views

Create Block Theme < 1.2.2 - Unauthenticated Arbitrary File Upload

The plugin does not have authorisation and CSRF checks, as well as does not validate the file to be uploaded, which could allow unauthenticated attackers to upload arbitrary files to the server As unauthenticated user, open The file will be uploaded at...

0.6AI score
Exploits0References1
wpexploit
wpexploit
added 2022/07/20 12:0 a.m.150 views

Duplicate Page and Post Plugin < 2.8 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. Put the following payload in the "Duplicate Post Suffix" or "Duplicate Link Text" settings: "alert/XSS/...

4.8CVSS0.4AI score0.00493EPSS
Exploits2
wpexploit
wpexploit
added 2022/07/19 12:0 a.m.150 views

Easy Student Results <= 2.2.8 - Sensitive Information Disclosure via REST API

The plugin lacks authorisation in its REST API, allowing unauthenticated users to retrieve information related to the courses, exams, departments as well as student's grades and PII such as email address, physical address, phone number etc When the "Enable API for Mobile Apps" settings...

7.5CVSS1.7AI score0.02801EPSS
Exploits2
wpexploit
wpexploit
added 2022/06/21 12:0 a.m.150 views

Best Contact Management Software <= 3.7.3 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. Put the following payload in the "No Access Message" settings...

4.8CVSS4.8AI score0.00493EPSS
Exploits2
wpexploit
wpexploit
added 2021/02/08 12:0 a.m.150 views

Contact Form by Supsystic < 1.7.7 - Authenticated Stored Cross-Site Scripting (XSS)

The label field Form name was vulnerable to stored Cross-Site Scripting issue. When creating or editing a form, use the following payload as a Form name label field: "alert1!--', which will be executed when viewing the "Show All Forms" section, as well as when opening the Contact Details of a use...

Exploits0References1
wpexploit
wpexploit
added 2024/06/11 12:0 a.m.149 views

EazyDocs < 2.5.0 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup The PoC will be displayed on June 25,...

6AI score0.00397EPSS
Exploits2
wpexploit
wpexploit
added 2024/06/05 12:0 a.m.149 views

WebP & SVG Support <= 1.4.0 - Author+ Stored XSS via SVG

Description The plugin does not sanitise uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads. Upload an SVG with the following markup: alert"XSS"; Load the SVG and see the XSS. Code reference:...

6.2AI score0.00331EPSS
Exploits2
wpexploit
wpexploit
added 2024/05/31 12:0 a.m.149 views

WP Logs Book <= 1.0.1 - Unauthenticated Stored XSS

Description The plugin does not sanitise and escape some of its log data before outputting them back in an admin dashboard, leading to an Unauthenticated Stored Cross-Site Scripting 1. On the login page, enter any username and for the password enter alert1 2. As an admin, view the logs at:...

6.2AI score0.00307EPSS
Exploits2
wpexploit
wpexploit
added 2024/05/06 12:0 a.m.149 views

Business Card <= 1.0.0 - Arbitrary Card Deletion via CSRF

Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions such as deleting cards via CSRF attacks Make a logged in admin open an HTML document containing where is a valid ID: "...

6.7AI score0.00276EPSS
Exploits2
wpexploit
wpexploit
added 2024/04/15 12:0 a.m.149 views

Crelly Slider <= 1.4.5 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup 1. Go to "Crelly Slider" 2. Add a slid...

5.7AI score0.00425EPSS
Exploits2
wpexploit
wpexploit
added 2024/03/04 12:0 a.m.149 views

CM Download and File Manager < 2.9.0 - Download Unpublish via CSRF

Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in admins unpublish downloads via a CSRF attack Make an admin open the URL below https://example.com/cmdownload/unpublish/id/...

6.7AI score0.00225EPSS
Exploits2
wpexploit
wpexploit
added 2023/08/30 12:0 a.m.149 views

DoLogin Security < 3.7 - IP Spoofing

Description The plugin uses headers such as the X-Forwarded-For to retrieve the IP address of the request, which could lead to IP spoofing. 1. Send login request with x-forwarded-for: REDACTEDIP 2. See spoofed IP address in the "Login Attempts Log"...

5.3CVSS5.4AI score0.00624EPSS
Exploits2
wpexploit
wpexploit
added 2023/08/21 12:0 a.m.149 views

FTP Access <= 1.0 - Subscriber+ Stored XSS

Description The plugin does not have authorisation and CSRF checks when updating its settings and is missing sanitisation as well as escaping in them, allowing any authenticated users, such as subscriber to update them with XSS payloads, which will be triggered when an admin will view the setting...

5.4CVSS5.4AI score0.00193EPSS
Exploits2
wpexploit
wpexploit
added 2023/06/23 12:0 a.m.149 views

Supsystic Popup < 1.10.19 - Prototype Pollution

The plugin has a prototype pollution vulnerability that could allow an attacker to inject arbitrary properties into Object.prototype. 1 Create a pop-up that is set to load on any page 2 Go to http://example.com/?protopoc=polluted 3 Open browser console 4 Type poc and see polluted as the result...

9.8CVSS6.5AI score0.01442EPSS
Exploits2
wpexploit
wpexploit
added 2023/06/02 12:0 a.m.149 views

Online Booking & Scheduling Calendar for WordPress by vcita < 4.3.0 - Subscriber+ Denial of Service by account logout

The plugin does not validate authorization in the vcitalogout ajax action, allowing any logged in user with roles as low as subscriber to log the site out from the cvita account, causing a denial of service for the appointment scheduling functionality...

5.4CVSS8.9AI score0.00698EPSS
Exploits2References1
wpexploit
wpexploit
added 2023/02/07 12:0 a.m.149 views

Yellow Yard < 2.8.12 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks yyfilter field='" style=background-color:red...

5.8AI score0.00467EPSS
Exploits2
wpexploit
wpexploit
added 2022/11/21 12:0 a.m.149 views

Jetpack CRM < 5.4.3 - Admin+ Cross-Site Scripting

The plugin does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. 1. In the settings of the plugin, in the three input boxes are named "Second Address Label", "Login Logo...

4.8CVSS0.1AI score0.0047EPSS
Exploits2
wpexploit
wpexploit
added 2022/08/08 12:0 a.m.149 views

Simply Schedule Appointments < 1.5.7.7 - Unauthenticated Email Address Disclosure

The plugin is missing authorisation in a REST endpoint, allowing unauthenticated users to retrieve WordPress users details such as name and email address https://example.com/wp-json/ssa/v1/users...

5.3CVSS2.4AI score0.01424EPSS
Exploits2
wpexploit
wpexploit
added 2022/07/05 12:0 a.m.149 views

Advanced WordPress Reset < 1.6 - Reflected Cross-Site Scripting

The plugin does not escape some generated URLs before outputting them back in href attributes of admin dashboard pages, leading to Reflected Cross-Site Scripting - Completely reset the site using the plugin - Visit https://example.com/wp-admin/tools.php?page=advancedwpreset&"alert1...

6.1CVSS0.5AI score0.0055EPSS
Exploits2
wpexploit
wpexploit
added 2022/05/17 12:0 a.m.149 views

Bestbooks <= 2.6.3 - Unauthenticated SQLi

The plugin does not sanitise and escape some parameters before using them in a SQL statement via an AJAX action, leading to an SQL Injection exploitable by unauthenticated users Affected parameters: credit and debit curl https://example.com/wp-admin/admin-ajax.php \ --data...

9.8CVSS1.1AI score0.09047EPSS
Exploits2
wpexploit
wpexploit
added 2022/04/18 12:0 a.m.149 views

Slide Anything < 2.3.44 - Editor+ Stored Cross-Site Scripting

The plugin does not sanitize and escape sliders' description, which could allow high privilege users such as editor and above to perform Cross-Site Scripting attacks even when the unfilteredhtml is disallowed Create/edit a Slider with the plugin and put the following payload in a Slide Descriptio...

4.8CVSS0.3AI score0.00577EPSS
Exploits2
wpexploit
wpexploit
added 2022/02/25 12:0 a.m.149 views

Simple Membership < 4.1.0 - Arbitrary Transaction Deletion via CSRF

The plugin does not have CSRF check in place when deleting Transactions, which could allow attackers to make a logged in admin delete arbitrary transactions via a CSRF attack https://example.com/wp-admin/admin.php?page=simplewpmembershippayments&action=deletetxn&id=1 will delete the transaction...

6.5CVSS2.5AI score0.00523EPSS
Exploits2
wpexploit
wpexploit
added 2021/11/15 12:0 a.m.149 views

Improved Include Page <= 1.2 - Contributor+ Arbitrary Posts/Pages Access

The plugin allows passing shortcode attributes with posttype & poststatus which can be used to retrieve arbitrary content. This way, users with a role as low as Contributor can gain access to content they are not supposed to. include-page allowtype="post" allowstatus="draft" id="131" include-page...

6.5CVSS6.6AI score0.00995EPSS
Exploits2
wpexploit
wpexploit
added 2021/08/30 12:0 a.m.149 views

Easy Social Icons < 3.0.9 - Reflected Cross-Site Scripting

The plugin does not escape the $SERVER'PHPSELF' input before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting issue https://example.com/wp-admin/admin.php/alert/XSS//?page=cnsssocialiconpage...

6.1CVSS0.7AI score0.0236EPSS
Exploits2References1
wpexploit
wpexploit
added 2021/08/06 12:0 a.m.149 views

WP Fusion Lite < 3.37.30 - Reflected Cross-Site Scripting (XSS)

The plugin is vulnerable to Reflected Cross-Site Scripting via the startdate parameter found in the /includes/admin/logging/class-log-table-list.php file which allows attackers to inject arbitrary web scripts WPScanTeam: The issue was reported as fixed, but the fix was insufficient and a separate...

6.1CVSS2.5AI score0.00819EPSS
Exploits2References1
wpexploit
wpexploit
added 2021/07/23 12:0 a.m.149 views

Alipay <= 3.7.2 - Authenticated SQL Injection

A proid GET parameter of the plugin is not sanitised, properly escaped or validated before inserting to a SQL statement not delimited by quotes, leading to SQL injection. GET /wp-admin/options-general.php?page=wsalipay&action=edit&proid=-5818%20UNION%20ALL%20SELECT...

6.5CVSS1.3AI score0.01547EPSS
Exploits2References1
Total number of security vulnerabilities4359