Lucene search
K
WpexploitMost viewed

4359 matches found

wpexploit
wpexploit
added 2021/04/26 12:0 a.m.149 views

Car Seller - Auto Classifieds Script <= 2.1.0 - Unauthenticated SQL Injection

The requestlistrequest AJAX call of the plugin, available to both authenticated and unauthenticated users, does not sanitise, validate or escape the orderid POST parameter before using it in a SQL statement, leading to a SQL Injection issue. curl 'https://example.com/wp-admin/admin-ajax.php' ...

9.8CVSS1.4AI score0.14697EPSS
Exploits2References1
wpexploit
wpexploit
added 2021/04/22 12:0 a.m.149 views

Multiple WP-Buy Plugins - Arbitrary Plugin Installation/Activation via Low Privilege User

Low privileged users could use the AJAX action "cppluginsdobuttonjoblatercallback" from multiple plugins of the WP-Buy vendor, to install any plugin including a specific version from the WordPress repository, which helps attackers install vulnerable plugins and could lead to more critical...

6.5CVSS0.9AI score0.01325EPSS
Exploits9References1
wpexploit
wpexploit
added 2021/03/26 12:0 a.m.149 views

N5 Upload Form <= 1.0 - Unauthenticated Arbitrary File Upload to RCE

The plugin suffers from an arbitrary file upload issue in page where a Form from the plugin is embed, as any file can be uploaded. The uploaded filename might be hard to guess as it's generated with md5uniqidrand, however, in the case of misconfigured servers with Directory listing enabled,...

7.5CVSS0.8AI score0.02207EPSS
Exploits2References1
wpexploit
wpexploit
added 2024/05/28 12:0 a.m.148 views

FooBox (Free and Premium) < 2.7.28 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. Go to settings and change the "Specif...

7.8AI score0.00335EPSS
Exploits2References1
wpexploit
wpexploit
added 2024/05/14 12:0 a.m.148 views

FS Product Inquiry <= 1.1.1 - Reflected XSS

Description The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin or unauthenticated users Have any user admin or unauthenticated open an HTML page with...

8.8AI score0.00478EPSS
Exploits2
wpexploit
wpexploit
added 2024/05/01 12:0 a.m.149 views

IDonate <= 1.9.0 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup 1. Navigate to...

5.7AI score0.00518EPSS
Exploits2References1
wpexploit
wpexploit
added 2024/04/25 12:0 a.m.148 views

Newsletter Popup <= 1.2 - List Deletion via CSRF

Description The plugin does not have CSRF check when deleting list, which could allow attackers to make logged in admins perform such action via a CSRF attack Make an admin open a URL where is a valid id: http://example.com4/wp-admin/admin.php?page=wpnewslettershowitems&action=trash&id=...

6.7AI score0.0035EPSS
Exploits3
wpexploit
wpexploit
added 2024/02/20 12:0 a.m.148 views

Backup Bolt < 1.4.0 - Sensitive Data Exposure

Description The plugin is vulnerable to Information Exposure via the unprotected access of debug logs. This makes it possible for unauthenticated attackers to retrieve the debug log which may contain information like system errors which could contain sensitive information. Access the error log at...

9.3AI score0.0055EPSS
Exploits2References1
wpexploit
wpexploit
added 2024/01/08 12:0 a.m.148 views

Product Enquiry for WooCommerce < 3.2 - Reflected XSS

Description The plugin does not sanitise and escape the page parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin Make a logged in admin open a page with the code below alert/XSS/'...

6.1CVSS6AI score0.0046EPSS
Exploits2
wpexploit
wpexploit
added 2023/12/06 12:0 a.m.148 views

Royal Elementor Addons and Templates < 1.3.81 - Unauthenticated Arbitrary Post Read

Description The plugin does not ensure that users accessing posts via an AJAX action and REST endpoint, currently disabled in the plugin have the right to do so, allowing unauthenticated users to access arbitrary draft, private and password protected posts/pages content WooCommerce needs to be...

7.5CVSS7.1AI score0.0071EPSS
Exploits2
wpexploit
wpexploit
added 2023/11/29 12:0 a.m.148 views

BestWebSoft's Like & Share < 2.74 - Unauthenticated Password Protected Post Read

Description The plugin discloses the content of password protected posts to unauthenticated users via a meta tag In the web browser, view the source of any password protected post and check the og:description meta tag...

7.5CVSS7AI score0.00456EPSS
Exploits2
wpexploit
wpexploit
added 2023/11/13 12:0 a.m.148 views

Funnelforms Free < 3.4.2 - Form Deletion/Duplication via CSRF

Description The plugin does not have CSRF checks on some of its form actions such as deletion and duplication, which could allow attackers to make logged in admin perform such actions via CSRF attacks Make a logged in admin open an HTML page with the form below Deletion This will delete the form...

6.5CVSS7.3AI score0.0027EPSS
Exploits2
wpexploit
wpexploit
added 2023/10/27 12:0 a.m.148 views

Article Analytics <= 1.0 - Unauthenticated SQL injection

Description The plugin does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection vulnerability. On a Wordpress blog using MySQL the following PoC allows to extract the hash of the...

9.8CVSS7.3AI score0.01012EPSS
Exploits2References1
wpexploit
wpexploit
added 2023/10/09 12:0 a.m.148 views

Fattura24 < 6.2.8 - Reflected Cross-Site Scripting

Description The plugin does not sanitize or escape the 'id' parameter before outputting it back in the page, leading to a reflected Cross-Site Scripting vulnerability. wp-admin/options-general.php?page=fatt-24-tax&id=12alert1%3B...

6.1CVSS6.2AI score0.00396EPSS
Exploits2
wpexploit
wpexploit
added 2023/09/25 12:0 a.m.148 views

PageLayer < 1.7.7 - Unauthenticated Stored XSS

Description The plugin doesn't prevent unauthenticated attackers from updating a post's header or footer code on scheduled posts. Unauthenticated attacker Proof of Concept 1 As a legitimate administrator, schedule a post to be published in a few minutes. 2 Close every window to that site to preve...

6.1CVSS6.6AI score0.00455EPSS
Exploits2
wpexploit
wpexploit
added 2023/09/21 12:0 a.m.148 views

Magee Shortcodes <= 2.1.1 - Contributor+ Stored XSS via shortcode

Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. msalert...

5.4CVSS5.4AI score0.00403EPSS
Exploits2
wpexploit
wpexploit
added 2023/09/20 12:0 a.m.148 views

Funnelforms Free < 3.4 Unauthenticated Stored Cross-Site Scripting

Description The plugin does not sanitise and escape some parameters, which could allow unauthenticated users to perform Cross-Site Scripting attacks 1. Create a contact form 2. Embed the contact form shortcode on a post or page. 3. As an Unauthitncated user, inject the inputs for a malicious scri...

6.1CVSS6.1AI score0.0047EPSS
Exploits2
wpexploit
wpexploit
added 2023/08/30 12:0 a.m.148 views

FileOrganizer < 1.0.3 - Admin+ Arbitrary File Access

Description The plugin does not restrict functionality on multisite instances, allowing site admins to gain full control over the server. On a multisite instance, log in as an admin. Click on File Organizer in the sidebar. The UI gives full control to the files on the server, despite not being a...

7.2CVSS7.2AI score0.00628EPSS
Exploits1
wpexploit
wpexploit
added 2023/08/23 12:0 a.m.148 views

Leyka < 3.30.4 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup Note: The issue was reported to the...

4.8CVSS4.8AI score0.00379EPSS
Exploits2
wpexploit
wpexploit
added 2023/06/19 12:0 a.m.148 views

URL Shortify < 1.7.0 - Admin+ Cross Site Scripting

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup 1. Navigate to "URL Shortify Settings Links" 2. Ad...

4.8CVSS5.5AI score0.00469EPSS
Exploits2
wpexploit
wpexploit
added 2023/06/02 12:0 a.m.148 views

Online Booking & Scheduling Calendar for WordPress by vcita < 4.3.1 - Unauthenticated Stored Cross-Site Scripting

The plugin does not sanitize and escape the businessid parameter of an unprotected REST route endpoint before rendering it back in pages on the website, allowing an unauthenticated attacker to inject arbitrary web scripts, which could target authenticated users such as administrators. curl...

7.2CVSS6.9AI score0.00607EPSS
Exploits1References1
wpexploit
wpexploit
added 2023/05/26 12:0 a.m.148 views

QueryWall: Plug'n Play Firewall <= 1.1.1 - Admin+ SQLi

The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin. 1. Send GET /wp-admin/admin.php?page=querywall&orderby=datetimegmt&order=desc%2cselectfromselectsleep20a 2. See SQL execut...

7.2CVSS9.8AI score0.0089EPSS
Exploits2
wpexploit
wpexploit
added 2023/05/22 12:0 a.m.148 views

Multiple Plugins from Wow-Company - Reflected XSS

The plugins do not escape the page parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin Make a logged in admin open a page with the code below ' / The XSS will be triggered when pressing...

6.1CVSS8.7AI score0.00458EPSS
Exploits2
wpexploit
wpexploit
added 2023/05/16 12:0 a.m.148 views

Photo Gallery by Ays < 5.1.7 - Reflected XSS

The plugin does not escape some parameters before outputting it back in attributes, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin Make a logged in admin open one of the URLs below v 5.1.7 -...

6.1CVSS8.7AI score0.00458EPSS
Exploits2
wpexploit
wpexploit
added 2023/05/11 12:0 a.m.148 views

10WebSocial < 1.2.9 - Reflected XSS

The plugin does not sanitise and escape some parameter before outputting it back in a page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin Make a logged in admin open a page with the code below The XSS will be triggered when pressing...

6.1CVSS8.6AI score0.00458EPSS
Exploits2
wpexploit
wpexploit
added 2023/04/19 12:0 a.m.148 views

WooCommerce Order Status Change Notifier <= 1.1.0 - Subscriber+ Arbitrary Order Status Update

The plugin does not have authorisation and CSRF when updating status orders via an AJAX action available to any authenticated users, which could allow low privilege users such as subscriber to update arbitrary order status, making them paid without actually paying for them for example Run the bel...

6.5CVSS9.3AI score0.00337EPSS
Exploits2
wpexploit
wpexploit
added 2023/03/08 12:0 a.m.148 views

Drag and Drop Multiple File Upload PRO - Contact Form 7 with Remote Storage Integrations < 5.0.6.3 - Path Traversal

The plugin does not properly check the value of the input "uploaddir", which is modifiable by the user. As a result, by changing the value of this input, it's possible to upload a file anywhere writable in the webserver. 1. Create a contact form and add a "multiple file upload" field. 2. Add the...

9.8CVSS9.1AI score0.03004EPSS
Exploits3
wpexploit
wpexploit
added 2022/11/22 12:0 a.m.148 views

Responsive Lightbox2 < 1.0.4 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks As a contributor, put, the following shortcode in a page/post lightbox2 url='"...

5.4CVSS0.1AI score0.00471EPSS
Exploits2
wpexploit
wpexploit
added 2022/07/28 12:0 a.m.148 views

VR Calendar < 2.3.1 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape some parameters before outputting them back in the page, leading to Reflected Cross-Site Scripting https://example.com/wp-admin/plugins.php?vrcmsg=&vrcmsgtype="...

1AI score
Exploits0
wpexploit
wpexploit
added 2022/06/27 12:0 a.m.148 views

Page Generator Plugin < 1.6.6 - Arbitrary Keywords Deletion/Duplication via CSRF

The plugin does not have CSRF check in place when deleting and duplicating keywords, which could allow attackers to make a logged in admin delete and duplicate arbitrary keywords via CSRF attacks https://example.com/wp-admin/admin.php?page=page-generator-keywords&cmd=delete&id=3...

4.3AI score
Exploits0
wpexploit
wpexploit
added 2022/05/26 12:0 a.m.148 views

Seamless Donations < 5.1.9 - Arbitrary Settings Update via CSRF

The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack document.getElementById"test".submit; Some link: https://google.com input type="text" name="dgxdonateemailanon" value="You have requested th...

6.5CVSS0.4AI score0.00513EPSS
Exploits2
wpexploit
wpexploit
added 2022/05/26 12:0 a.m.148 views

Mail Subscribe List < 2.1.4 - Arbitrary Subscribed User Deletion via CSRF

The plugin does not have CSRF check in place when deleting subscribed users, which could allow attackers to make a logged in admin perform such action and delete arbitrary users from the subscribed list document.getElementById"test".submit;...

4.3CVSS1.9AI score0.00412EPSS
Exploits2
wpexploit
wpexploit
added 2022/04/13 12:0 a.m.148 views

Easily Generate Rest API Url <= 1.0.0 - Admin+ Stored Cross-Site Scripting

The plugin does not escape some of its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed Put the following payload in the "Post Per Page" or "Enter Search Text": settings of the plugin: "autofocus...

4.8CVSS0.5AI score0.00577EPSS
Exploits2
wpexploit
wpexploit
added 2022/03/30 12:0 a.m.148 views

Animate It! < 2.4.0 - Contributor+ Stored Cross-Site Scripting

The plugin has flawed validations and does not escape its shortcode argument, allowing users with a role as low as contributor to perform Cross-Site Scripting attacks via a malicious shortcode v 2.3.8 edsanimate animation="attacker" delay='1"...

1.4AI score
Exploits0
wpexploit
wpexploit
added 2022/03/01 12:0 a.m.148 views

Bank Mellat <= 1.3.7 - Reflected Cross-Site Scripting

The plugin does not sanitize and escape the orderId parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting. https://example.com/wp-admin/admin.php?page=bank-mellat&orderId="...

6.1CVSS0.8AI score0.00788EPSS
Exploits2
wpexploit
wpexploit
added 2022/02/21 12:0 a.m.148 views

Multisite Content Copier/Updater < 2.1.2 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape the s parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting issue in the network dashboard...

6.1CVSS1.1AI score0.00788EPSS
Exploits2
wpexploit
wpexploit
added 2021/11/15 12:0 a.m.148 views

WP Limits <= 1.0 - Plugin's Settings Update via CSRF

The plugin does not have CSRF check when saving its settings, allowing attacker to make a logged in admin change them, which could make the blog unstable by setting low values...

4.3CVSS5AI score0.00435EPSS
Exploits2
wpexploit
wpexploit
added 2024/06/12 12:0 a.m.147 views

Himer - Social Questions and Answers < 2.1.1 - Contributor+ Stored XSS

Description The theme does not sanitise and escape some of its Post settings, which could allow high privilege users such as Contributor to perform Stored Cross-Site Scripting attacks The PoC will be displayed on June 26, 2024, to give users the time to update...

5.8AI score0.00335EPSS
Exploits2
wpexploit
wpexploit
added 2024/05/06 12:0 a.m.147 views

KKProgressbar2 Free <= 1.1.4.2 - Stored XSS via CSRF

Description The plugin does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack Make a logged in admin open an HTML file containing: alert/XSS/' csrf" XSS will trigger on...

5.9AI score0.002EPSS
Exploits2
wpexploit
wpexploit
added 2024/03/25 12:0 a.m.147 views

Advance Search <= 1.1.6 - Shortcode Deletion via CSRF

Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks Make a logged in admin open the following HTML replace FORMID with a valid ID: The security field isn't validated and the shortcode is...

6.8AI score0.00335EPSS
Exploits2
wpexploit
wpexploit
added 2024/03/19 12:0 a.m.147 views

Woomotiv < 3.5.0 - Review Count Reset via CSRF

Description The plugin is vulnerable to Cross-Site Request Forgery due to missing or incorrect nonce validation on the 'ajaxcancelreview' function. This makes it possible for unauthenticated attackers to reset the site's review count via a forged request granted they can trick a site administrato...

4.3CVSS4.9AI score0.00253EPSS
Exploits1References1
wpexploit
wpexploit
added 2024/03/15 12:0 a.m.147 views

Gutenberg Blocks by Kadence Blocks < 3.2.26 - Contributor+ Stored XSS

Description The plugin does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks As a contributor or above, edit a post in...

5.8AI score0.00427EPSS
Exploits3References1
wpexploit
wpexploit
added 2024/01/10 12:0 a.m.147 views

EventON (Free < 2.2.8, Premium < 4.5.6) - Unauthenticated Arbitrary Post Metadata Update

Description The plugins do not have authorisation in an AJAX action, and does not ensure that the post to be updated belong to the plugin, allowing unauthenticated users to update arbitrary post metadata. Note: Such issue could lead to Unauthenticated Stored XSS due to the lack of sanitisation in...

6.1CVSS6.2AI score0.00373EPSS
Exploits1
wpexploit
wpexploit
added 2023/11/13 12:0 a.m.147 views

AMP+ Plus <= 3.0 - Reflected Cross Site Scripting

Description The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin https://example.com/?p=1&yolo=%22%3E%3CScRiPt%3Ealert%28%27XSS%27%29%3C%2FsCrIpT%3E...

6.1CVSS6.5AI score0.00412EPSS
Exploits1
wpexploit
wpexploit
added 2023/10/16 12:0 a.m.147 views

Templately < 2.2.6 - Unauthenticated Arbitrary Post Deletion

Description The plugin does not properly authorize the saved-templates/delete REST API call, allowing unauthenticated users to delete arbitrary posts. Ensure the Elementor plugin is installed so that the Elementor Template functionality is enabled. curl -X POST...

7.5CVSS7.8AI score0.00608EPSS
Exploits2
wpexploit
wpexploit
added 2023/09/25 12:0 a.m.147 views

Testimonial Slider Shortcode < 1.1.9 - Contributor+ Stored XSS

Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admin...

5.4CVSS5.9AI score0.00403EPSS
Exploits2
wpexploit
wpexploit
added 2023/08/21 12:0 a.m.147 views

Herd Effects < 5.2.3 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup In the plugin settings, add a new item...

4.8CVSS4.8AI score0.00402EPSS
Exploits2
wpexploit
wpexploit
added 2023/08/04 12:0 a.m.147 views

User Access Manager < 2.2.18 - IP Spoofing

Description The plugin prioritizes getting a visitor's IP from certain HTTP headers over PHP's REMOTEADDR, which makes it possible for attackers to access restricted content in certain situations. Set HTTPXREALIP which is used in checkUserGroupAccess to use an IP from the allowlist...

5.3CVSS5.3AI score0.00582EPSS
Exploits2
wpexploit
wpexploit
added 2023/06/19 12:0 a.m.147 views

Companion Sitemap Generator < 4.5.3 - Reflected XSS

The plugin does not sanitise and escape some parameters before outputting them back in pages, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin. Make a logged-in admin open: https://example.com/wp-admin/tools.php?page=csg-sitemap&tabbed=...

6.1CVSS8.6AI score0.01019EPSS
Exploits2
wpexploit
wpexploit
added 2023/05/30 12:0 a.m.147 views

Feather Login Page < 1.1.2 - Missing Authorization to Non-Arbitrary User Deletion

The plugin does not check authorization when processing the ftlpp-ext-expirable-delete-user ajax action, which could allow users with roles as low as subscriber to delete temporary users generated by the plugin, furthermore it does not protect the action against CSRF attacks, allowing an...

5.4CVSS6.2AI score0.00442EPSS
Exploits1References1
Total number of security vulnerabilities4359