Lucene search
K
WpexploitMost viewed

4359 matches found

wpexploit
wpexploit
added 2023/10/31 12:0 a.m.145 views

EventPrime < 3.3.6 - Booking Pricing Bypass

Description The plugin specifies the price of a booking in the client request, allowing an attacker to purchase bookings without payment. Create an Event, noting its ID. Add a ticket type to the Event, ensuring that the price is not zero. As a logged-in user, go through the process of paying for ...

5.3CVSS5.2AI score0.00541EPSS
Exploits2
wpexploit
wpexploit
added 2023/09/25 12:0 a.m.145 views

ActivityPub for WordPress < 1.0.0 - Subscriber+ Arbitrary Post Title Disclosure

Description The plugin does not ensure that post titles to be displayed are public and belong to the plugin, allowing any authenticated user, such as subscriber to retrieve the title of arbitrary post such as draft and private via an IDOR vector Run the below command in the developer console of t...

4.3CVSS4.5AI score0.00468EPSS
Exploits2
wpexploit
wpexploit
added 2023/09/19 12:0 a.m.145 views

Form-Maker < 1.15.20 - Unauthenticated Arbitrary File Upload

Description The plugin does not validate signatures when creating them on the server from user input, allowing unauthenticated users to create arbitrary files and lead to RCE On a page where there is a form with a Signature field, run the following code in the web developer console while...

9.8CVSS7.5AI score0.03283EPSS
Exploits3
wpexploit
wpexploit
added 2023/09/11 12:0 a.m.145 views

WooCommerce Subscriptions < 4.6.0 - Subscription Suspension/Activation via CSRF

Description The plugin does not have CSRF check when suspending and activating subscriptions, which could allow attackers to make a logged in admin suspend or activate arbitrary subscription via a CSRF attack Deactivate subscription with ID 53:...

7.3AI score
Exploits0References1
wpexploit
wpexploit
added 2023/08/09 12:0 a.m.145 views

User Activity Log < 1.6.6 - Subscriber+ Log Export

Description The plugin lacks proper authorisation when exporting its activity logs, allowing any authenticated users, such as subscriber to perform such action and retrieve PII such as email addresses. As a subscriber, open the following URL...

4.3CVSS4.7AI score0.00427EPSS
Exploits2
wpexploit
wpexploit
added 2023/07/24 12:0 a.m.145 views

Custom Field For WP Job Manager < 1.2 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup To test, you also need to have WP Job...

4.8CVSS6AI score0.00382EPSS
Exploits2
wpexploit
wpexploit
added 2023/05/25 12:0 a.m.145 views

Google Map Shortcode <= 3.1.2 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admin Note: The plugi...

5.4CVSS8.5AI score0.00444EPSS
Exploits2
wpexploit
wpexploit
added 2023/05/22 12:0 a.m.145 views

Icegram Engage < 3.1.12 - Reflected XSS

The plugin does not escape a parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin Make a logged in admin open a page with the code below...

6.1CVSS5.7AI score0.00486EPSS
Exploits2
wpexploit
wpexploit
added 2023/05/15 12:0 a.m.145 views

Stop Spammers Security < 2023 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup Put the payload below in any of the "Challenge &...

4.8CVSS8.4AI score0.00442EPSS
Exploits2
wpexploit
wpexploit
added 2022/12/23 12:0 a.m.145 views

MonsterInsights < 8.9.1 - Stored Cross-Site Scripting via Google Analytics

The plugin does not sanitize or escape page titles in the top posts/pages section, allowing an unauthenticated attacker to inject arbitrary web scripts into the titles by spoofing requests to google analytics. 1. Open a WP page with the plugin and Google analytics installed and search for somethi...

6.1CVSS0.5AI score0.01339EPSS
Exploits3
wpexploit
wpexploit
added 2022/10/03 12:0 a.m.145 views

WP ALL Export Pro < 1.7.9 - Authenticated Code Injection

The plugin does not limit some functionality during exports only to users with the Administrator role, allowing any logged in user which has been given privileges to perform exports to execute arbitrary code on the site. By default only administrators can run exports, but the privilege can be...

7.2CVSS0.7AI score0.01307EPSS
Exploits2
wpexploit
wpexploit
added 2022/05/30 12:0 a.m.145 views

Better Find and Replace < 1.3.6 - Admin+ SQLi

The plugin does not properly sanitise, validate and escape various parameters before using them in an SQL statement, leading to an SQL Injection...

7.2CVSS1.9AI score0.01214EPSS
Exploits2
wpexploit
wpexploit
added 2022/05/02 12:0 a.m.145 views

WP Subscribe < 1.2.13 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its widgets settings, which could allow high privilege users such as admin to perform Cross-Site Scripting even when unfilteredhtml is disallowed Add the widget of the plugin to a page, and put the following payload in settings such as "Title",...

4.8CVSS0.1AI score0.00533EPSS
Exploits1References1
wpexploit
wpexploit
added 2021/11/23 12:0 a.m.145 views

Gwolle Guestbook < 4.2.0 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape the gwollegbuseremail parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting issue in an admin page alert/XSS/;' / var form1 = document.getElementById'hack'; form1.submit;...

6.1CVSS0.2AI score0.008EPSS
Exploits2
wpexploit
wpexploit
added 2021/11/22 12:0 a.m.145 views

Logo Carousel < 3.4.2 - Unauthorised Private Post Access

The plugin allows users with a role as low as Contributor to duplicate and view arbitrary private posts made by other users via the Carousel Duplication feature 1 Go to Logo Carousel - Shortcode Generator. 2 If there is no carousel, create one. 3 Copy URL of the "Duplicate" link under the carouse...

8.1CVSS0.6AI score0.01006EPSS
Exploits2
wpexploit
wpexploit
added 2021/11/15 12:0 a.m.145 views

Modern Events Calendar Lite < 6.1.5 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape the currentmonthdivider parameter of its meclistloadmore AJAX call available to both unauthenticated and authenticated users before outputting it back in the response, leading to a Reflected Cross-Site Scripting issue...

6.1CVSS6AI score0.00795EPSS
Exploits2
wpexploit
wpexploit
added 2021/10/25 12:0 a.m.145 views

Duplicate Post < 1.2.0 - Authenticated SQL Injection

The plugin does not properly sanitise and escape the id parameter passed to the cdpactionhandling AJAX action, which could allow user having access to the plugin by default admins to perform SQL Injection attacks POST /wp-admin/admin-ajax.php HTTP/1.1 Content-Length: 229 Accept: / X-Requested-Wit...

9CVSS1AI score0.09509EPSS
Exploits3References1
wpexploit
wpexploit
added 2021/10/20 12:0 a.m.145 views

Sassy Social Share 3.3.23 - Missing Access Controls to PHP Object Injection

Version 3.3.23 of the Sassy Social Share WordPress plugin is vulnerable to PHP Object Injection via the wpajaxheateorsssimportconfig AJAX action due to a missing capability check in the importconfig function found in the /admin/class-sassy-social-share-admin.php file along with the implementation...

8.8CVSS1.1AI score0.01976EPSS
Exploits2References1
wpexploit
wpexploit
added 2021/10/07 12:0 a.m.145 views

Support Board < 3.3.5 - Agent+ Stored Cross-Site Scripting

The plugin allows Authenticated Agent+ users to perform Cross-Site Scripting attacks by placing a payload in the notes field, when an administrator or any authenticated user go to the chat the XSS will be automatically executed. POST /supportboard/include/ajax.php HTTP/1.1 Cookie: Agent+ Accept: ...

5.4CVSS0.9AI score0.01395EPSS
Exploits2References2
wpexploit
wpexploit
added 2021/09/22 12:0 a.m.145 views

Ninja Forms < 3.5.8 - Unprotected REST-API to Sensitive Information Disclosure

The plugin is vulnerable to sensitive information disclosure via the bulkexportsubmissions function found in the /includes/Routes/Submissions.php file, in versions up to and including 3.5.7. This allows authenticated attackers to export all Ninja Forms submissions data via the...

6.5CVSS0.7AI score0.01122EPSS
Exploits2References1
wpexploit
wpexploit
added 2021/08/25 12:0 a.m.145 views

WP Map Block < 1.2.3 - Contributor+ Stored Cross-Site Scripting

The plugin does not escape some attributes of the WP Map Block, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks - As a contributor, add a WP Map Block to a post/page - Click "Show more settings" - Scroll the sidebar and click "Map Marker" -...

5.4CVSS5.3AI score0.00604EPSS
Exploits2
wpexploit
wpexploit
added 2021/08/22 12:0 a.m.145 views

Create WooCommerce Product Feeds For 40+ Merchants < 3.3.1.0 - Authenticated SQL Injection

The fetchproductajax functionality in the plugin uses a productid POST parameter which is not properly sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection. POST /wp-admin/admin-ajax.php HTTP/1.1 Content-Length: 162 Accept: / X-Requested-With: XMLHttpReque...

6.5CVSS0.6AI score0.01484EPSS
Exploits2References1
wpexploit
wpexploit
added 2021/07/28 12:0 a.m.145 views

Post Index <= 0.7.5 - CSRF to Stored XSS

The Post Index WordPress plugin is vulnerable to Cross-Site Request Forgery via the OptionsPage function found in the /php/settings.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 0.7.5. CSRF PoC alert1;" / iframe src="x" width="1" height="1"...

6.8CVSS0.1AI score0.007EPSS
Exploits2References1
wpexploit
wpexploit
added 2024/06/12 12:0 a.m.144 views

Himer - Social Questions and Answers < 2.1.1 - Multiple CSRF on the Group Section

Description The theme does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks. These include declining and accepting group invitations or leaving a group The PoC will be displayed on June 26, 2024, to give users the...

6.8AI score0.00193EPSS
Exploits2
wpexploit
wpexploit
added 2024/06/12 12:0 a.m.144 views

Himer - Social Questions and Answers < 2.1.1 - Arbitrary Group Joining via CSRF

Description The theme does not have CSRF checks in some places, which could allow attackers to make users join private groups via a CSRF attack The PoC will be displayed on June 26, 2024, to give users the time to update...

6.7AI score0.00193EPSS
Exploits2
wpexploit
wpexploit
added 2024/04/24 12:0 a.m.144 views

Shortcodes Ultimate < 7.1.2 - Contributor+ Stored XSS

Description The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin Add the following shortcode to a post: sulightbox src='123"onmouseover="alert1"'Click...

6AI score0.00441EPSS
Exploits2References1
wpexploit
wpexploit
added 2024/04/11 12:0 a.m.144 views

Float menu < 6.0.1 - Menu Deletion via CSRF

Description The plugin does not have CSRF check in its bulk actions, which could allow attackers to make logged in admin delete arbitrary menu via a CSRF attack. Make a logged in admin open one a page with the code below, this will make them delete the menu with ID 1:...

6.8AI score0.0028EPSS
Exploits2
wpexploit
wpexploit
added 2023/11/24 12:0 a.m.144 views

Theme My Login 2FA < 1.2 - Lack of Rate Limiting

Description The plugin does not rate limit 2FA validation attempts, which may allow an attacker to brute-force all possibilities, which shouldn't be too long, as the 2FA codes are 6 digits. https://packetstormsecurity.com/2309-exploits/wpmylogin-bruteforce.txt...

9.8CVSS7.2AI score0.00892EPSS
Exploits2References1
wpexploit
wpexploit
added 2023/11/06 12:0 a.m.144 views

Bookly < 22.5 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup 1. As an admin user, visit the Bookly...

4.8CVSS4.8AI score0.00451EPSS
Exploits2
wpexploit
wpexploit
added 2023/10/31 12:0 a.m.144 views

Appointment booking addon for Gravity Forms <= 1.9.5.1 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup The "Translations" settings of the...

4.8CVSS4.8AI score0.00418EPSS
Exploits1
wpexploit
wpexploit
added 2023/09/26 12:0 a.m.144 views

Track The Click < 0.3.12 - Author+ Time-Based Blind SQL Injection

Description The plugin does not properly sanitize query parameters to the stats REST endpoint before using them in a database query, allowing a logged in user with an author role or higher to perform time based blind SQLi attacks on the database. Version 0.3.11 changes the API endpoint to only be...

7.1AI score0.00882EPSS
Exploits2
wpexploit
wpexploit
added 2023/09/25 12:0 a.m.144 views

Simple Posts Ticker < 1.1.6 - Contributor+ Stored XSS

Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. Add a post with the shortcode:...

5.4CVSS5.4AI score0.00394EPSS
Exploits2
wpexploit
wpexploit
added 2023/07/17 12:0 a.m.144 views

Qubely < 1.8.6 - Unauthenticated Arbitrary E-mail Sending

Description The plugin allows unauthenticated user to send arbitrary e-mails to arbitrary addresses via the qubelysendformdata AJAX action. Execute the below command in the web developer console, on the blog homepage as an unauthenticated user, replacing domain by the domain of the blog: Current...

7.5CVSS7.7AI score0.01535EPSS
Exploits2
wpexploit
wpexploit
added 2023/05/22 12:0 a.m.144 views

Easy Forms for Mailchimp < 6.8.9 - Reflected XSS

The plugin does not sanitise and escape a parameter before outputting it back in the page when the debug option is enabled, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. When the debug settings is enabled ie...

6.1CVSS5.8AI score0.01092EPSS
Exploits2
wpexploit
wpexploit
added 2023/05/16 12:0 a.m.144 views

File Away <= 3.9.9.0.1 - Contributor+ Stored XSS via Shortcode

The plugin does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack. fileup class='" onmouseover="alert1"'...

5.4CVSS8.6AI score0.0037EPSS
Exploits1
wpexploit
wpexploit
added 2023/05/15 12:0 a.m.144 views

Quiz Maker < 6.4.2.7 - Reflected XSS

The plugin does not escape some parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin Make a logged in admin open the URL below other URL are also affected...

6.1CVSS8.7AI score0.02138EPSS
Exploits2
wpexploit
wpexploit
added 2023/04/05 12:0 a.m.144 views

Slimstat Analytics < 4.9.4 - Subscriber+ SQL Injection

The plugin does not prevent subscribers from rendering certain shortcodes that concatenate attributes directly into an SQL query...

7.3AI score
Exploits0References1
wpexploit
wpexploit
added 2022/09/06 12:0 a.m.144 views

BackupBuddy < 8.7.5 - Unauthenticated Arbitrary File Access

The plugin is affected by a Directory Traversal attack, allowing unauthenticated attackers to access arbitrary files on the web server, starting in version 8.5.8.0. Install BackupBuddy v8.5.8.0 through v8.7.4.1. curl...

2.8AI score0.63761EPSS
Exploits2References1
wpexploit
wpexploit
added 2022/07/14 12:0 a.m.144 views

WP Comments Fields < 4.1 - Admin+ Stored Cross-Site Scripting

The plugin does not escape Field Error Message, which could allow high-privileged users to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed Create/edit a Comment Fields Comments Comment Fields and put the following payload in the Error Message setting: "autofocus...

4.8CVSS0.2AI score0.00493EPSS
Exploits2
wpexploit
wpexploit
added 2022/06/02 12:0 a.m.144 views

Co-Authors-Plus 3.5/3.5.1 - Guest Authors Email Address Disclosure

The plugin introduced an information disclosure vulnerability specifically, the e-mails of guest authors via a public REST endpoint accessible without any authentication https://example.com/wp-json/wp/v2/coauthors...

2.5AI score
Exploits0
wpexploit
wpexploit
added 2022/05/11 12:0 a.m.144 views

Five Minute Webshop <= 1.3.2 - Admin+ SQLi via orderby

The plugin does not properly validate and sanitise the orderby parameter before using it in a SQL statement via the Manage Products admin page, leading to an SQL Injection https://example.com/wp-admin/admin.php?page=fmwesproducts&orderby=id+AND+SELECT+7394+FROM+SELECTSLEEP5UrUZ...

4.9CVSS1.5AI score0.00951EPSS
Exploits2References1
wpexploit
wpexploit
added 2022/05/02 12:0 a.m.144 views

Check & Log email < 1.0.6 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape a parameter before outputting it back in an attribute in an admin page, leading to a Reflected Cross-Site Scripting https://example.com/wp-admin/admin.php?page=check-email-settings&tab="...

6.1CVSS0.4AI score0.00757EPSS
Exploits2
wpexploit
wpexploit
added 2022/03/08 12:0 a.m.144 views

Easy Social Icons < 3.1.4 - Admin+ SQL Injection

The plugin does not sanitize the selectedicons attribute to the cnsswidget before using it in an SQL statement, leading to a SQL injection vulnerability. Author : Qerogram import requests from bs4 import BeautifulSoup BASEURL = "http://localhost:8000" id = "wordpress" pw = "wordpress" def loginid...

7.2CVSS0.7AI score0.01265EPSS
Exploits2
wpexploit
wpexploit
added 2022/03/01 12:0 a.m.144 views

Folders Disclosure via Outdated jQueryFileTree Library

The plugins are using the admin-page-framework framework which is shipped with the outdated and no longer maintained library jQueryFileTree known to be affected by a path traversal issue, allowing unauthenticated attackers to disclose the folder structure of the web server curl...

7.5CVSS3AI score0.57608EPSS
Exploits7References1
wpexploit
wpexploit
added 2022/02/07 12:0 a.m.144 views

Multisite User Sync/Unsync < 2.1.2 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape the wmussourceblog and wmusrecordperpage parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting issues alert/XSS-sourceblog/' / alert/XSS-record/' /...

6.1CVSS0.00788EPSS
Exploits2
wpexploit
wpexploit
added 2021/06/28 12:0 a.m.144 views

Post Grid < 2.1.8 - Reflected Cross-Site Scripting (XSS)

The slider import search feature and tab parameter of the plugin settings are not properly sanitised before being output back in the pages, leading to Reflected Cross-Site Scripting issues https://example.com/wp-admin/edit.php?posttype=postgrid&page=post-grid-settings&tab="alert1...

4.3CVSS6.1AI score0.11241EPSS
Exploits5
wpexploit
wpexploit
added 2024/04/18 12:0 a.m.143 views

Save as PDF < 3.2.0 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup 1. On the "Settings Save as PDF Basic...

5.7AI score0.00454EPSS
Exploits2
wpexploit
wpexploit
added 2024/03/27 12:0 a.m.143 views

coreActivity < 2.1 - Unauthenticated IP Spoofing

Description The plugin retrieved IP addresses of requests via headers such X-FORWARDED to log them, allowing users to spoof them by providing an arbitrary value As unauthenticated: curl 'https://example.com/attacker' -H 'X-FORWARDED: 127.0.0.1' Then view the logs and note that the plugin display...

6.8AI score0.00482EPSS
Exploits2
wpexploit
wpexploit
added 2024/03/25 12:0 a.m.143 views

Smart Forms < 2.6.94 - Edit Entries via CSRF

Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged-in users perform unwanted actions via CSRF attacks, such as editing entries, and we consider it a medium risk. CSRF PoC CSRF PoC input type="hidden" name="elementOptions"...

6.8AI score0.00226EPSS
Exploits2
wpexploit
wpexploit
added 2024/03/21 12:0 a.m.143 views

Inline Related Posts < 3.6.0 - Subscriber+ Password Protected Post Read

Description The plugin does not ensure that post content displayed via an AJAX action are accessible to the user, allowing any authenticated user, such as subscriber to retrieve the content of password protected posts When logged in as a subscriber, open the following URL and note that the conten...

6.8AI score0.00427EPSS
Exploits2
Total number of security vulnerabilities4359