Lucene search
K
WpexploitMost viewed

4359 matches found

wpexploit
wpexploit
added 2024/02/13 12:0 a.m.143 views

Starbox < 3.5.0 - Contributor+ Stored XSS

Description The plugin does not sanitise and escape some parameters, which could allow users with a role as low as Contributor to perform Cross-Site Scripting attacks http://132" onmouseover='alert1'...

6.1AI score0.00442EPSS
Exploits2References1
wpexploit
wpexploit
added 2024/01/23 12:0 a.m.143 views

WP-Reply Notify <= 1.1 - Settings Update via CSRF

Description The plugin does not have a CSRF check in place when updating its settings, which could allow attackers to make a logged-in admin change them via a CSRF attack. Make an admin open an HTML page containing the following: document.forms0.submit;...

9.4AI score0.00176EPSS
Exploits2References1
wpexploit
wpexploit
added 2024/01/03 12:0 a.m.143 views

WordPress Toolbar <= 2.2.6 - Open Redirect

Description The plugin redirects to any URL via the "wptbto" parameter. This makes it possible for unauthenticated attackers to redirect users to potentially malicious sites if they can successfully trick them into performing an action...

6.1CVSS6.8AI score0.25679EPSS
Exploits2References1
wpexploit
wpexploit
added 2023/12/08 12:0 a.m.143 views

Backup Migration Staging < 1.3.6 - Sensitive Data Exposure

Description The plugin stores in-progress backups information in easy to find, publicly-accessible files, which may allow attackers monitoring those to leak sensitive information from the site's backups. 1 Run a backup of the site 2 Notice the following files are all publicly available while the...

7.5CVSS9.2AI score0.00688EPSS
Exploits2References1
wpexploit
wpexploit
added 2023/10/26 12:0 a.m.143 views

Assistant < 1.4.4 - Editor+ SSRF

Description The plugin does not validate a parameter before making a request to it via wpremoteget, which could allow users with a role as low as Editor to perform SSRF attacks As an Editor or above, open http://example.com/index.php?flasstimageproxy&url=https://127.0.0.1...

8.8CVSS8.8AI score0.00694EPSS
Exploits2
wpexploit
wpexploit
added 2023/10/09 12:0 a.m.143 views

Memberlite Shortcodes < 1.3.9 - Contributor+ Stored XSS via Shortcode

Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admin...

5.4CVSS5.4AI score0.00449EPSS
Exploits2References1
wpexploit
wpexploit
added 2023/09/25 12:0 a.m.143 views

Simple Posts Ticker < 1.1.6 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup 1. Go to "Settings Simple Posts Ticker...

4.8CVSS4.8AI score0.00402EPSS
Exploits2References1
wpexploit
wpexploit
added 2023/08/14 12:0 a.m.143 views

Advanced File Manager < 5.1.1 - Admin+ Arbitrary File/Folder Access

Description The plugin does not adequately authorize its usage on multisite installations, allowing site admin users to list and read arbitrary files and folders on the server. On a multisite installation, log in as a site admin. Notice that you are able to manage files on the server using this...

4.9CVSS5.2AI score0.00505EPSS
Exploits1
wpexploit
wpexploit
added 2023/07/03 12:0 a.m.143 views

Waitlist Woocommerce < 2.5.3 - Settings Reset via CSRF

The plugin does not have CSRF check when reseting its Settings, which could allow attackers to make logged in admins perform such action via a CSRF attack Make a logged in admin open https://example.com/wp-admin/admin.php?page=waitlist-woocommerce-settings&reset=yes...

6.8AI score
Exploits0
wpexploit
wpexploit
added 2023/06/02 12:0 a.m.143 views

Contact Form Builder by vcita <= 4.10.2 - Settings Update Via CSRF

The plugin does not protect its settings page against CSRF attacks, allowing an unauthenticated attacker to change the plugin's settings, and on older versions alert1;...

6.1CVSS7AI score0.00295EPSS
Exploits1References2
wpexploit
wpexploit
added 2023/04/03 12:0 a.m.143 views

Steveas WP Live Chat Shoutbox <= 1.4.2 - Unauthenticated SQLi

The plugin does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection. Submit a message in the chatbox, intercept the request using Burp Suite for example. Edit the request to reflect this request:...

9.8CVSS9.6AI score0.0499EPSS
Exploits2
wpexploit
wpexploit
added 2022/12/21 12:0 a.m.143 views

WP Attachments < 5.0.6 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. Put the following payload in the "List Head" or...

4.8CVSS4.7AI score0.0047EPSS
Exploits2
wpexploit
wpexploit
added 2022/08/03 12:0 a.m.143 views

WooCommerce PDF Invoices & Packing Slips < 3.0.1 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape some parameters before outputting them back in an attributes of an admin page, leading to Reflected Cross-Site Scripting. This is a re-introduction of CVE-2021-24991 in 2.14.0...

6.1CVSS1.5AI score0.01188EPSS
Exploits4
wpexploit
wpexploit
added 2022/06/27 12:0 a.m.143 views

Simple Post Notes < 1.7.6 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. Put the following payload in the "Notes placeholder" settings of the plugin: alert/XSS/...

4.8CVSS0.4AI score0.00493EPSS
Exploits2
wpexploit
wpexploit
added 2022/06/13 12:0 a.m.143 views

WP Contact Slider < 2.4.7 - Editor+ Stored Cross-Site Scripting

The plugin does not sanitize and escape the Text to Display settings of sliders, which could allow high privileged users such as editor and above to perform Cross-Site Scripting attacks even when the unfilteredhtml is disallowed Create/edit a Slider, select the "text or HTML" for the " What would...

4.8CVSS4.7AI score0.00552EPSS
Exploits2
wpexploit
wpexploit
added 2022/06/03 12:0 a.m.143 views

Form - Contact Form <= 1.2.4 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitize and escape Custom text fields, which could allow high-privileged users such as admin to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed Create/edit a form, add a Custom Text field, put the following payload in it: alert/XSS/, save the field...

4.8CVSS0.1AI score0.00552EPSS
Exploits2
wpexploit
wpexploit
added 2022/05/30 12:0 a.m.143 views

PDF24 Articles To PDF <= 4.2.2 - Arbitrary Settings Update via CSRF

The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack input t...

6.5CVSS0.00513EPSS
Exploits2
wpexploit
wpexploit
added 2022/05/30 12:0 a.m.143 views

CaPa Protect <= 0.5.8.2 - Arbitrary Settings Update via CSRF

The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and disable the applied protection. HTMLFormElement.prototype.submit.call document.getElementById"test" ;...

6.5CVSS1AI score0.00513EPSS
Exploits2
wpexploit
wpexploit
added 2022/03/15 12:0 a.m.143 views

Post Grid < 2.1.16 - Reflected Cross-Site Scripting via keyword

The plugin does not escape the keyword parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting in pages containing a Post Grid with a search form Append the following payload on a page containing a Post Grid with a search form:...

6.1CVSS1AI score0.00788EPSS
Exploits2
wpexploit
wpexploit
added 2022/02/21 12:0 a.m.143 views

Event Manager for WooCommerce < 3.5.8 - Contributor+ SQL Injection

The plugin does not validate and escape the postauthorgutenberg parameter before using it in a SQL statement when creating/editing events, which could allow users with a role as low as contributor to perform SQL Injection attacks Create or edit an event as a contributor, intercept the request and...

8.8CVSS0.9AI score0.01511EPSS
Exploits2References1
wpexploit
wpexploit
added 2021/11/22 12:0 a.m.143 views

Ni WooCommerce Custom Order Status < 1.9.7 - Subscriber+ SQL Injection

The getquery function of the plugin, used by the niwoocosajax AJAX action, available to all authenticated users, does not properly sanitise the sort parameter before using it in a SQL statement, leading to an SQL injection, exploitable by any authenticated users, such as subscriber POST...

8.8CVSS0.4AI score0.01318EPSS
Exploits2
wpexploit
wpexploit
added 2021/11/15 12:0 a.m.143 views

Ultimate NoFollow <= 1.4.8 - Contributor+ Stored Cross-Site Scripting

The plugin does not sanitise and escape the href attribute of its shortcodes, allowing users with a role as low as contributor to perform Cross-Site Scripting attacks Affected shortcodes: nf, nofo, nofol, nofollow, relnofollow As a contributor, put the below shortcode in a post/page nf...

5.4CVSS5.3AI score0.00604EPSS
Exploits2
wpexploit
wpexploit
added 2021/11/15 12:0 a.m.143 views

Display Post Metadata < 1.5.0 - Contributor+ Stored Cross-Site Scripting

The plugin adds a shortcode to print out custom fields, however their content is not sanitised or escaped which could allow users with a role as low as Contributor to perform Cross-Site Scripting attacks - Login as contributor+ - Create a custom field containing XSS payload eg. alert1 - Add this...

5.4CVSS5.3AI score0.00604EPSS
Exploits2
wpexploit
wpexploit
added 2021/08/22 12:0 a.m.143 views

MicroCopy <= 1.1.0 - Authenticated SQL Injection

The edit functionality in the plugin makes a get request to fetch the related option. The id parameter used is not sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection. GET...

7.2CVSS1.2AI score0.01467EPSS
Exploits2References1
wpexploit
wpexploit
added 2021/07/20 12:0 a.m.143 views

KN Fix Your Title <= 1.0.1 - Authenticated Stored XSS

The plugin was vulnerable to Authenticated Stored XSS in the separator field. 1. Install WordPress 5.7.2 2. Install and activate KN Fix Your Title 3. Navigate to Fix Title under Settings Tab Click on I have done this and enter the XSS payload into the Separator input field. 4. Click Save Changes...

3.5CVSS0.0062EPSS
Exploits2References1
wpexploit
wpexploit
added 2021/02/08 12:0 a.m.143 views

Contact Form by Supsystic < 1.7.11 - Authenticated SQL Injections

The GET parameters sidx and sord were used in a SQL statement without being sanitised when searching for Forms in the dashboard, leading to an authenticated SQL Injection issues...

1.2AI score
Exploits0References1
wpexploit
wpexploit
added 2024/06/07 12:0 a.m.142 views

Animated AL List <= 1.0.6 - Reflected XSS

Description The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin 1. Add a new project 2. Access the URL...

6AI score0.00475EPSS
Exploits2
wpexploit
wpexploit
added 2024/06/05 12:0 a.m.142 views

Easy Table of Contents < 2.0.66 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as editors to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed You should create new post with two more heading. Go to the settings of the plugin and...

5.9AI score0.00329EPSS
Exploits2References1
wpexploit
wpexploit
added 2024/04/30 12:0 a.m.142 views

Sailthru Triggermail <= 1.1 - Reflected XSS

Description The plugin does not sanitise and escape various parameters before outputting them back in pages and attributes, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin The PoC will be displayed on May 14, 2024, to give users the time ...

8.5AI score0.00367EPSS
Exploits3
wpexploit
wpexploit
added 2024/04/30 12:0 a.m.142 views

Survey Maker < 4.2.9 - Admin+ Stored XSS via Plugin Settings

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup 1. Add New Survey 2. Choose any...

5.7AI score0.00422EPSS
Exploits2
wpexploit
wpexploit
added 2024/04/26 12:0 a.m.142 views

Nextgen Gallery < 3.59.1 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed 1. Add the "NextGEN Media RSS" Widget to the blog Appearance Widgets 2. Change the "Tooltip...

8.6AI score0.0039EPSS
Exploits2References1
wpexploit
wpexploit
added 2024/04/24 12:0 a.m.142 views

HL Twitter <= 2014.1.18 - Admin+ Stored XSS via Widget

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup 1. In the widget area, add the widget...

5.7AI score0.00331EPSS
Exploits2
wpexploit
wpexploit
added 2024/04/05 12:0 a.m.142 views

Bannerlid <= 1.1.0 - Reflected XSS

Description The plugin does not escape generated URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as administrators Have an admin open URLs: -...

8.7AI score0.00431EPSS
Exploits2
wpexploit
wpexploit
added 2024/04/03 12:0 a.m.142 views

WooCommerce Customers Manager < 29.8 - Reflected XSS

Description The plugin does not sanitise and escape various parameters before outputting them back in pages and attributes, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin Make a logged in admin open the HTML page/URLs below...

6AI score0.00315EPSS
Exploits2
wpexploit
wpexploit
added 2024/03/25 12:0 a.m.142 views

Meta Box < 5.9.4 - Contributor+ Arbitrary Posts' Custom Field Disclosure

Description The plugin does not prevent users with at least the contributor role from access arbitrary custom fields assigned to other user's posts. 1. ADMIN: Install Meta Box 2. ADMIN: Add Meta Box fields through code or the premium add-on...

6.8AI score0.00501EPSS
Exploits2References1
wpexploit
wpexploit
added 2024/03/25 12:0 a.m.142 views

NPS computy < 2.7.6 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup 1. Go to "Settings NPS Monitoring" 2...

7.9AI score0.0051EPSS
Exploits2
wpexploit
wpexploit
added 2024/03/04 12:0 a.m.142 views

Schema Pro < 2.7.16 - Contributor+ Custom Field Access

Description The plugin does not validate post access allowing a contributor user to access custom fields on any post regardless of post type or status via a shortcode As a contributor, add/edit a post and embed aiosrsprocustomfield postid="ANYPOSTID" fieldkey="ANYMETAKEY" and specify/guess any po...

9.5AI score0.00453EPSS
Exploits2
wpexploit
wpexploit
added 2024/01/31 12:0 a.m.142 views

Cookie Information < 2.0.23 - Subscriber+ Arbitrary Options Update

Description The plugin is vulnerable to arbitrary option updates due to a missing capability check on its AJAX request handler, allowing any authenticated users, such as subscriber to update arbitrary site options Run the below command in the developer console of the web browser while being on th...

6.5CVSS8.7AI score0.0147EPSS
Exploits2References1
wpexploit
wpexploit
added 2023/09/25 12:0 a.m.142 views

NextGEN Gallery < 3.39 - Admin+ PHAR Deserialization

Description The plugin is vulnerable to PHAR Deserialization due to a lack of input parameter validation in the galleryedit function, allowing an attacker to access arbitrary resources on the server. 1. Ensure your WordPress installation is using PHP version 7.4 or earlier. 2. Create a Gallery an...

7.5CVSS7.6AI score0.00701EPSS
Exploits2
wpexploit
wpexploit
added 2023/06/23 12:0 a.m.142 views

InventoryPress <= 1.7 - Author+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow users with the role of author and above to perform Stored Cross-Site Scripting attacks. 1. Create a "New Inventory Item" 2. In the "Description" field, add the value "alert"xss" 3. Edit the created item and see the XS...

5.4CVSS5.6AI score0.0112EPSS
Exploits3References1
wpexploit
wpexploit
added 2023/06/02 12:0 a.m.142 views

Contact Form and Calls To Action by vcita <= 2.7.1 - Settings Update Via CSRF

The plugin does not protect its settings page against CSRF attacks, allowing an unauthenticated attacker to change the plugin's settings, and on older versions alert1;&uid=a”alert2;...

6.1CVSS7AI score0.00293EPSS
Exploits1References2
wpexploit
wpexploit
added 2023/05/26 12:0 a.m.142 views

SlideOnline <= 1.2.1 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks The PoC will be displayed once the issue has...

5.4CVSS6AI score0.00444EPSS
Exploits2
wpexploit
wpexploit
added 2023/04/04 12:0 a.m.142 views

Amr Ical Events Lists <= 6.6 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup 1. Login as Admin. 2. Go to...

4.8CVSS8.8AI score0.00442EPSS
Exploits2
wpexploit
wpexploit
added 2023/02/21 12:0 a.m.142 views

Saan World Clock <= 1.8 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. wclock tz='" onmouseover="alert1"...

5.4CVSS5.2AI score0.00471EPSS
Exploits2
wpexploit
wpexploit
added 2022/11/07 12:0 a.m.142 views

HTML Forms < 1.3.25 - Admin+ SQLi

The plugin does not properly properly escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users Access the submission page on https://example.com/wp-admin/admin.php?page=html-forms&view=edit&formid=formID&tab=submissions Capture the...

7.2CVSS0.4AI score0.01786EPSS
Exploits2
wpexploit
wpexploit
added 2022/09/19 12:0 a.m.142 views

Simple File List < 4.4.13 - Page Creation via CSRF

The plugin does not implement nonce checks, which could allow attackers to make a logged in admin create new page and change it's content via a CSRF attack...

6.5CVSS0.5AI score0.00338EPSS
Exploits2
wpexploit
wpexploit
added 2022/05/23 12:0 a.m.142 views

Sideblog <= 6.0 - Arbitrary Settings Update via CSRF to Stored XSS

The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and lead to Stored Cross-Site Scripting due to the lack of sanitisation and escaping " document.getElementById"test".submit; The XSS will be...

5.4CVSS0.5AI score0.00292EPSS
Exploits2
wpexploit
wpexploit
added 2022/04/25 12:0 a.m.142 views

Gmedia Photo Gallery < 1.20.0 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape the Album's name before outputting it in pages/posts with a media embed, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered-html capability is disallowed https://youtu.be/kTMg65teTvU Create ...

4.8CVSS0.3AI score0.00854EPSS
Exploits2
wpexploit
wpexploit
added 2022/01/24 12:0 a.m.142 views

Popup Builder < 4.0.7 - LFI to RCE

The plugin does not validate and sanitise the sgpbtype parameter before using it in a require statement, leading to a Local File Inclusion issue. Furthermore, since the beginning of the string can be controlled, the issue can lead to RCE vulnerability via wrappers such as PHAR Create a zip archiv...

8.8CVSS0.3AI score0.05365EPSS
Exploits2References1
wpexploit
wpexploit
added 2022/01/19 12:0 a.m.142 views

AnyComment < 0.2.18 - Arbitrary HyperComments Import/Revert via CSRF

The plugin does not have CSRF checks in the Import and Revert HyperComments features, allowing attackers to make logged in admin perform such actions via a CSRF attack Go to https://example.com/wordpress/wp-admin/admin.php?r=import%2Fhypercomments&url=http://, and you will see a get request in yo...

8.8CVSS1.4AI score0.00635EPSS
Exploits2
Total number of security vulnerabilities4359