Lucene search
K
WpexploitMost viewed

4359 matches found

wpexploit
wpexploit
added 2023/05/24 12:0 a.m.147 views

WP Custom Cursors < 3.2 - Admin+ SQLi

The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as Admin. 1. Add a new "WP Custom Cursor". 2. Return to the "WP Custom Cursors" page and click edit Cursor. 3.The WP Custom Cursors...

7.2CVSS7.3AI score0.00945EPSS
Exploits2
wpexploit
wpexploit
added 2023/05/15 12:0 a.m.147 views

ConvertKit < 2.2.1 - Reflected XSS

The plugin does not escape a parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin Make a logged in admin open a page with the code below...

6.1CVSS8.6AI score0.00458EPSS
Exploits2
wpexploit
wpexploit
added 2023/02/27 12:0 a.m.147 views

Shortcodes Ultimate < 5.12.8 - Subscriber+ User Meta Disclosure

The plugin does not validate the user meta to be retrieved via the user shortcode, allowing any authenticated users such as subscriber to retrieve arbitrary user meta except the userpass, such as the user email and activation key by default. Run one of the below commands in the developer console ...

6.5CVSS7AI score0.00654EPSS
Exploits2
wpexploit
wpexploit
added 2023/02/20 12:0 a.m.147 views

Namaste! LMS < 2.6 - Admin+ Stored XSS

The plugin does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. One XSS issue was fixed in version 2.5.9.9. The...

4.8CVSS5.2AI score0.00442EPSS
Exploits2
wpexploit
wpexploit
added 2023/01/10 12:0 a.m.147 views

Post Category Image With Grid and Slider < 1.4.8 - Contributor+ Stored XSS via Shortcode

The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. Exploit...

5.4CVSS1.5AI score0.00685EPSS
Exploits2
wpexploit
wpexploit
added 2022/12/21 12:0 a.m.147 views

Fontsy <= 1.8.6 - Multiple Unauthenticated SQLi

The plugin does not properly sanitize and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection. curl -i 'http://example.com/wp-admin/admin-ajax.php?action=getfonts' \ --data 'id=1 AND SELECT 1 FROM SELECTSLEEP5hewu...

9.8CVSS1.1AI score0.04795EPSS
Exploits2
wpexploit
wpexploit
added 2022/08/04 12:0 a.m.147 views

Sensei LMS < 4.5.2 - Arbitrary Private Message Sending via IDOR

The plugin does not ensure that the sender of a private message is either the teacher or the original sender, allowing any authenticated user to send messages to arbitrary private conversation via a IDOR attack. Note: Attackers are not able to see responses/messages between the teacher and studen...

4.3CVSS1.7AI score0.00645EPSS
Exploits2References1
wpexploit
wpexploit
added 2022/08/01 12:0 a.m.147 views

Social Slider Feed < 2.0.5 - Subscriber+ Arbitrary Feed Deletion

The plugin does not have authorisation and CSRF check in place when deleting feeds, allowing ay authenticated users, such as subscriber to delete arbitrary feeds As any authenticated user, such as subscriber. Or via CSRF against them...

0.5AI score
Exploits0
wpexploit
wpexploit
added 2022/07/23 12:0 a.m.147 views

Translatepress Multilinugal < 2.3.3 - Admin+ SQLi

The plugin is vulnerable to an authenticated SQL injection. By adding a new language via the settings page containing specific special characters, the backticks in the SQL query can be surpassed and a time-based blind payload can be injected. To exploit the vulnerability, someone must send a...

8.8CVSS1AI score0.03851EPSS
Exploits5References2
wpexploit
wpexploit
added 2022/07/06 12:0 a.m.147 views

Simple Membership < 4.1.3 - Unauthenticated Membership Privilege Escalation

The plugin allows user to change their membership at the registration stage due to insufficient checking of a user supplied parameter. Note: This only affects membership from the plugin, not the WordPress role The request contains the levelidentifier parameter with the md52 value, where 2 is the...

9.8CVSS0.7AI score0.01104EPSS
Exploits2
wpexploit
wpexploit
added 2022/06/28 12:0 a.m.147 views

Request a Quote <= 2.3.7 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. Put the following payload in the Misc No Access Message setting of the plugin: alert/XSS/; The X...

4.8CVSS0.1AI score0.00532EPSS
Exploits2
wpexploit
wpexploit
added 2022/06/27 12:0 a.m.147 views

Simple Page Transition <= 1.4.1 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfilteredhtml capability is disallowed for example in multisite setup Put the following payload in the "Ignored Download Link...

4.8CVSS0.00608EPSS
Exploits2References1
wpexploit
wpexploit
added 2022/06/20 12:0 a.m.147 views

WP OAuth Server ( Login with WordPress ) < 4.0.1 - Authentication Bypass

The plugin is affected by an Auth Bypass security vulnerability. To bypass authentication, we only need to know the user’s username. Depending on whose username we know, which can be easily queried because it is usually public data, we may even be given an administrative role on the client’s...

9.8CVSS0.2AI score0.01025EPSS
Exploits1
wpexploit
wpexploit
added 2022/06/06 12:0 a.m.147 views

miniOrange Google Authenticator < 1.0.5 - CSRF to Stored Cross-Site Scripting

The plugin does not have CSRF check when saving its settings, and does not sanitise as well as escape them, allowing attackers to make a logged in admin change them and perform Cross-Site Scripting attacks v ' / v...

4.3CVSS0.5AI score0.00412EPSS
Exploits2
wpexploit
wpexploit
added 2022/04/13 12:0 a.m.147 views

Admin Menu Editor <= 1.0.4 - Reflected Cross-Site Scripting

The plugin does not sanitize and escape a parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting. https://example.com/wp-admin/options-general.php?page=admin-menu-restriction&role="...

6.1CVSS1.1AI score0.00773EPSS
Exploits2
wpexploit
wpexploit
added 2022/03/07 12:0 a.m.147 views

Church Admin < 3.4.135 - Unauthenticated Plugin's Backup Disclosure

The plugin does not have authorisation and CSRF in some of its action as well as requested files, allowing unauthenticated attackers to repeatedly request the "refresh-backup" action, and simultaneously keep requesting a publicly accessible temporary file generated by the plugin in order to...

4.3CVSS0.8AI score0.00487EPSS
Exploits2
wpexploit
wpexploit
added 2021/07/23 12:0 a.m.147 views

WordPress Membership SwiftCloud.io <= 1.0 - Authenticated SQL Injection

An id GET parameter of the plugin is not properly sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection. GET /wp-admin/admin.php?page=swiftbookaddemailtemplate&id=0%20UNION%20ALL%20SELECT%20NULL,NULL,user,NULL,NULL-- HTTP/1.1 Cache-Control: max-age=0...

6.5CVSS1.3AI score0.01547EPSS
Exploits2References1
wpexploit
wpexploit
added 2021/03/23 12:0 a.m.147 views

Controlled Admin Access < 1.5.2 - Improper Access Control & Privilege Escalation

An Improper Access Control vulnerability was discovered in the plugin. Uncontrolled access to the website customization functionality and global CMS settings, like /wp-admin/customization.php and /wp-admin/options.php, can lead to a complete compromise of the target resource. Even with the maximu...

10CVSS1.5AI score0.09733EPSS
Exploits2References1
wpexploit
wpexploit
added 2019/04/02 12:0 a.m.147 views

WP Google Maps 7.11.00-7.11.17 - Unauthenticated SQL Injection

The includes/class.rest-api.php in the REST API does not sanitize field names before a SELECT statement, leading to an unauthenticated SQL injection issue. curl -k --silent "http://example.com/index.php?restroute=3D/wpgmza/v1/markers/&filter=3D%7B%7D&=fields=3D+from+wpusers+--+-"...

7.5CVSS1.5AI score0.78699EPSS
Exploits6References3
wpexploit
wpexploit
added 2024/06/07 12:0 a.m.146 views

Simple Photoswipe <= 0.1 - Subscriber+ Arbitrary Settings Update

Description The plugin does not have authorisation check when updating its settings, which could allow any authenticated users, such as subscriber to update them history.pushState'', '', '/'; document.forms0.submit; the response of the request above is 403, but the settings update still happens...

6.6AI score0.00547EPSS
Exploits2
wpexploit
wpexploit
added 2024/04/05 12:0 a.m.146 views

ENL Newsletter <= 1.0.1 - Admin+ SQL Injection

Description The plugin does not sanitize and escape a parameter before using it in a SQL statement, allowing admin+ to perform SQL injection attacks As an admin open a link like:...

7.5AI score0.00512EPSS
Exploits2
wpexploit
wpexploit
added 2024/04/02 12:0 a.m.146 views

Save as PDF by Pdfcrowd < 3.2.2 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup 1. Go to "Settings Save as Image" 2...

5.7AI score0.00266EPSS
Exploits2
wpexploit
wpexploit
added 2024/03/25 12:0 a.m.146 views

Simple Buttons Creator <= 1.04 - Aribtrary Button Deletion via CSRF

Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks Make a logged in admin open a page with the code below where is an existing button:...

9.5AI score0.00192EPSS
Exploits2
wpexploit
wpexploit
added 2023/11/13 12:0 a.m.146 views

Simply Excerpts <= 1.4 - Admin+ Stored XSS

Description The plugin does not sanitize and escape some fields in the plugin settings, which could allow high-privilege users such as an administrator to inject arbitrary web scripts even when the unfilteredhtml capability is disallowed for example in a multisite setup. Put the following payload...

4.8CVSS7AI score0.00424EPSS
Exploits2
wpexploit
wpexploit
added 2023/10/16 12:0 a.m.146 views

Awesome Support < 6.1.5 - Reflected Cross-Site Scripting

Description The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. Visit the following URL as an admin user, with any valid ticket ID. Press the access k...

6.1CVSS5.8AI score0.00398EPSS
Exploits2
wpexploit
wpexploit
added 2023/09/21 12:0 a.m.146 views

Drag and Drop Multiple File Upload < 1.1.1 - Unauthenticated Stored Cross-Site Scripting

Description The plugin does not filter all potentially dangerous file extensions. Therefore, an attacker can upload unsafe .shtml or .svg files containing malicious scripts. Using malicious SVG files: Go to a product page that features the file upload form, and paste the following in your browser...

5.4CVSS5.7AI score0.00395EPSS
Exploits2
wpexploit
wpexploit
added 2023/07/10 12:0 a.m.146 views

WooCommerce Pre-Orders < 2.0.3 - Arbitrary Pre-Order Canceling via CSRF

The plugin has a flawed CSRF check when canceling pre-orders, which could allow attackers to make logged in admins cancel arbitrary pre-orders via a CSRF attack Make a logged in admin open the URL below 42 being a pre-order to be canceled...

6.9AI score0.00261EPSS
Exploits2
wpexploit
wpexploit
added 2023/05/10 12:0 a.m.146 views

Hostel < 1.1.5.2 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. 1. Go to Manage Rooms and click on "Click here to...

4.8CVSS8.4AI score0.00442EPSS
Exploits2
wpexploit
wpexploit
added 2023/04/12 12:0 a.m.146 views

UserPlus <= 2.0 - Stored XSS via CSRF

The plugin does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged-in admin add Stored XSS payloads via a CSRF attack. Open the .html file where the admin user is logged in history.pushState'', '', '/' input type="hi...

9AI score0.00319EPSS
Exploits2
wpexploit
wpexploit
added 2023/03/22 12:0 a.m.146 views

Gift Voucher < 4.3.3 - Subscriber+ SQLi

The plugin does not properly sanitise and escape the template parameter before using it in a SQL statement via the wpgvdoajaxvoucherpdfsavefunc AJAX action, leading to a SQL injection exploitable by any authenticated users, such as subscriber curl "http://$TARGETHOST/wp-admin/admin-ajax.php" --da...

9.8CVSS9.8AI score0.42186EPSS
Exploits2References1
wpexploit
wpexploit
added 2023/02/13 12:0 a.m.146 views

UpQode Google Maps <= 1.0.5 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. Exploit: vcugmmap mapheight='100px;...

1AI score0.00534EPSS
Exploits2
wpexploit
wpexploit
added 2022/12/01 12:0 a.m.146 views

Google Apps Login < 3.4.5 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. 1. Go to the setting page of this plugin. 2. In...

4.8CVSS4.7AI score0.00532EPSS
Exploits2
wpexploit
wpexploit
added 2022/05/23 12:0 a.m.146 views

Peter’s Collaboration E-mails <= 2.2.0 - Arbitrary Settings Update via CSRF

The plugin is vulnerable to CSRF due to missing nonce checks. This allows the change of its settings, which can be used to lower the required user level, change texts, the used email address and more. input type="text" name="pceemailstosend...

6.5CVSS0.2AI score0.00502EPSS
Exploits2
wpexploit
wpexploit
added 2022/02/28 12:0 a.m.146 views

Infographic Maker - iList < 4.3.8 - Unauthenticated SQL Injection

The plugin does not validate and escape the postid parameter before using it in a SQL statement via the qcldupvoteaction AJAX action available to unauthenticated and authenticated users, leading to an unauthenticated SQL Injection curl https://example.com/wp-admin/admin-ajax.php --data...

9.8CVSS2.4AI score0.15254EPSS
Exploits2References1
wpexploit
wpexploit
added 2022/02/21 12:0 a.m.146 views

Simple Theme Options < 1.7 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed Put the following payload in any of textarea field settings of the plugin such as 'Google Analytics': " T...

4.8CVSS0.1AI score0.00612EPSS
Exploits2
wpexploit
wpexploit
added 2022/02/14 12:0 a.m.146 views

WordPress File Upload < 4.16.3 - Contributor+ Stored Cross-Site Scripting via Shortcode

The plugin does not escape some of its shortcode argument, which could allow users with a role as low as Contributor to perform Cross-Site Scripting attacks wordpressfileupload widths='title:1;animation-nametwentytwentyone-close-button-transition" onanimationend="alert/XSS-widths/'...

5.4CVSS2.4AI score0.0077EPSS
Exploits2References1
wpexploit
wpexploit
added 2021/11/03 12:0 a.m.146 views

WP Google Fonts < 3.1.5 - Reflected Cross-Site Scripting

The plugin does not escape the googlefontajaxname and googlefontajaxfamily parameter of the googlefontaction AJAx action available to any authenticated user before outputing them in attributes, leading Reflected Cross-Site Scripting issues var form1 = document.getElementById'hack'; //form1.submit...

6.1CVSS5.9AI score0.00861EPSS
Exploits2References1
wpexploit
wpexploit
added 2021/07/18 12:0 a.m.147 views

Photo Gallery < 1.5.75 - File Upload Path Traversal

The plugin did not ensure that uploaded files are kept inside its uploads folder, allowing high privilege users to put images/SVG anywhere in the filesystem via a path traversal vector The below requests will put the xss.svg file into the /wp-content/uploads/ folder rather than...

4CVSS0.8AI score0.01893EPSS
Exploits2
wpexploit
wpexploit
added 2021/07/05 12:0 a.m.146 views

Speed Booster Pack 4.2.0-beta - Authenticated (admin+) RCE

The plugin did not validate its cachingexcludeurls and cachingincludequerystrings settings before outputting them in a PHP file, which could lead to RCE PoC | Authenticated RCE | Caching Exclude URLs / Cached query strings: POST /wp-admin/admin.php?page=sbp-settings HTTP/2 Host: example.com Cooki...

6.5CVSS7AI score0.01721EPSS
Exploits2References1
wpexploit
wpexploit
added 2024/06/05 12:0 a.m.145 views

Video Widget <= 1.2.3 - Admin+ Stored XSS via Widget

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup 1. Add a "Video Widget" to a widget ar...

5.7AI score0.00399EPSS
Exploits2
wpexploit
wpexploit
added 2024/05/17 12:0 a.m.145 views

WP Backpack <= 2.1 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup 1. Go to...

5.6AI score0.00333EPSS
Exploits2
wpexploit
wpexploit
added 2024/04/11 12:0 a.m.145 views

Sticky Buttons < 3.2.4 - Button Deletion via CSRF

Description The plugin does not have CSRF checks in some bulk actions, which could allow attackers to make logged in admins perform unwanted actions, such as deleting buttons via CSRF attacks Make a logged in admin open an HTML file where ID is a valid ID: action...

6.8AI score0.00283EPSS
Exploits2
wpexploit
wpexploit
added 2024/04/11 12:0 a.m.145 views

Herd Effects < 5.2.7 - Effect Deletion via CSRF

Description The plugin does not have CSRF checks in some bulk actions, which could allow attackers to make logged in admins perform unwanted actions, such as deleting effects via CSRF attacks Make a logged in admin open an HTML file where ID is a valid ID: action...

6.8AI score0.00223EPSS
Exploits2
wpexploit
wpexploit
added 2024/01/31 12:0 a.m.145 views

MapPress < 2.88.17 - Contributor+ Stored XSS via Map Settings

Description The plugin is vulnerable to Stored Cross-Site Scripting via the width and height parameters, allowing with contributor access and above to perform Stored XSS attacks - Go to Plugin’s page /wp-admin/admin.php?page=mappressmaps - Add New Map and search any location you want. - Add XSS...

4.9CVSS5.8AI score0.00491EPSS
Exploits2References2
wpexploit
wpexploit
added 2024/01/23 12:0 a.m.145 views

Advanced Schedule Posts <= 2.1.8 - Reflected XSS

Description The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admins...

8.7AI score0.00265EPSS
Exploits2
wpexploit
wpexploit
added 2023/12/26 12:0 a.m.145 views

Colibri Page Builder < 1.0.240 - Contributor+ Stored XSS

Description The plugin does not validate and escape some its extendbuilderrenderjs shortcode content before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

6.4CVSS8.3AI score0.00373EPSS
Exploits1References1
wpexploit
wpexploit
added 2023/11/28 12:0 a.m.145 views

WP Crowdfunding < 2.1.8 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup 1. Add a campaign and for the reward...

4.8CVSS5.7AI score0.00451EPSS
Exploits2
wpexploit
wpexploit
added 2023/11/06 12:0 a.m.145 views

Mmm Simple File List <= 2.3 - Contributor+ Stored XSS

Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks As a contributor, put the below...

5.4CVSS5.6AI score0.00416EPSS
Exploits2
wpexploit
wpexploit
added 2023/11/06 12:0 a.m.145 views

WPB Show Core <= 2.2 - Unauthenticated Server Side Request Forgery

Description This plugin is vulnerable to server-side request forgery SSRF via the path parameter. Send a GET request to wpb-show-core/download-file.php with the path parameter set to an arbitrary URL http://example.com/latest/meta-data/iam/security-credentials/wpb-apps-prod-role the website will...

9.8CVSS9.7AI score0.0315EPSS
Exploits2
wpexploit
wpexploit
added 2023/10/31 12:0 a.m.145 views

EventPrime < 3.3.6 - Booking Pricing Bypass

Description The plugin specifies the price of a booking in the client request, allowing an attacker to purchase bookings without payment. Create an Event, noting its ID. Add a ticket type to the Event, ensuring that the price is not zero. As a logged-in user, go through the process of paying for ...

5.3CVSS5.2AI score0.00541EPSS
Exploits2
Total number of security vulnerabilities4359