Lucene search
K
WpexploitMost viewed

4359 matches found

wpexploit
wpexploit
•added 2022/01/18 12:0 a.m.•142 views

Five Star Business Profile and Schema < 2.1.7 - Subscriber+ Page Creation & Settings Update to Stored XSS

The plugin does not have any authorisation and CSRF in its bpfwpwelcomeaddcontactpage and bpfwpwelcomesetcontactinformation AJAX action, allowing any authenticated users, such as subscribers, to call them. Furthermore, due to the lack of sanitisation, it also lead to Stored Cross-Site Scripting...

5.4CVSS0.4AI score0.00591EPSS
Exploits2
wpexploit
wpexploit
•added 2022/01/17 12:0 a.m.•142 views

Coming Soon & Maintenance Plugin by NiteoThemes < 4.0.19 - Unauthenticated Arbitrary CSS Update

The plugin allows any user, even not logged in, to arbitrarily change the coming soon page layout. wget 127.0.0.1:8001...

5.3CVSS2.8AI score0.02315EPSS
Exploits2References1
wpexploit
wpexploit
•added 2022/01/14 12:0 a.m.•142 views

Futurio Extra < 1.6.3 - Subscriber+ User Email Address Disclosure

The plugin allows any logged in user, such as subscriber, to extract any other user's email address. fetch"http://127.0.0.1:8001/wp-admin/admin-ajax.php", "headers": "content-type": "application/x-www-form-urlencoded" , "body": new URLSearchParams"action": "dilazmbqueryselect", "q": "@gma",...

4.3CVSS0.3AI score0.00897EPSS
Exploits2
wpexploit
wpexploit
•added 2021/11/22 12:0 a.m.•142 views

WP Guppy < 1.3 - Sensitive Information Disclosure

The plugin does not have any authorisation in some of the REST API endpoints, allowing any user to call them and could lead to sensitive information disclosure, such as usernames and chats between users, as well as be able to send messages as an arbitrary user !/bin/bash Exploit Title: Wordpress...

6.5CVSS6.4AI score0.02753EPSS
Exploits2References2
wpexploit
wpexploit
•added 2021/11/22 12:0 a.m.•142 views

WP Visitor Statistics (Real Time Traffic) < 4.8 - Subscriber+ SQL Injection

The plugin does not properly sanitise and escape the refUrl in the refDetails AJAX action, available to any authenticated user, which could allow users with a role as low as subscriber to perform SQL injection attacks...

8.8CVSS9.1AI score0.38298EPSS
Exploits5References2
wpexploit
wpexploit
•added 2021/11/15 12:0 a.m.•142 views

Inspirational Quote Rotator <= 1.0.0 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitize and escape some of its quote fields when adding/editing a quote as admin, leading to Stored Cross-Site scripting issues when the quote is output in the "Quotes list" even when the unfilteredhtml capability is disallowed Add/edit a quote...

4.8CVSS5.2AI score0.00598EPSS
Exploits2
wpexploit
wpexploit
•added 2021/10/07 12:0 a.m.•142 views

Schreikasten <= 0.14.18 - Author+ SQL Injections

The plugin does not sanitise or escape the id GET parameter before using it in SQL statements in the comments dashboard from various actions, leading to authenticated SQL Injections which can be exploited by users as low as author...

8.8CVSS1.8AI score0.01517EPSS
Exploits2References1
wpexploit
wpexploit
•added 2021/07/24 12:0 a.m.•142 views

Paytm - Donation Plugin <= 1.3.2 - Authenticated (admin+) SQL Injection

The plugin does not sanitise, validate or escape the id GET parameter before using it in a SQL statement when deleting donations, leading to an authenticated SQL injection issue GET /wp-admin/admin.php?page=wppaytmdonation&action=delete&id=1%20AND%20SELECT%205581%20FROM%20SELECTSLEEP5Pjwy HTTP/1....

6.5CVSS1.8AI score0.05691EPSS
Exploits2References1
wpexploit
wpexploit
•added 2021/05/27 12:0 a.m.•142 views

Xllentech English Islamic Calendar < 2.6.8 - Authenticated SQL Injection

When deleting a date in the plugin, the yearnumber and monthnumber POST parameters are not sanitised, escaped or validated before being used in a SQL statement, leading to SQL injection. POST /wp-admin/options-general.php?page=xllentechoptionstab4 HTTP/1.1 Content-Length: 220 Cache-Control:...

8.8CVSS1.2AI score0.01586EPSS
Exploits2References1
wpexploit
wpexploit
•added 2024/06/05 12:0 a.m.•141 views

Frontend Checklist <= 2.3.2 - Admin+ Stored XSS via Items

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup 1. Add a checklist and for an item,...

5.7AI score0.0033EPSS
Exploits2
wpexploit
wpexploit
•added 2024/06/04 12:0 a.m.•141 views

Mime Types Extended <= 0.11 - Author+ Stored XSS via SVG Upload

Description The plugin does not sanitise uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads. 1. As an admin, enable SVG uploads at https://example.com/wp-admin/options-general.php?page=mime-types-extended 2. As an author,...

6.1AI score0.0035EPSS
Exploits2
wpexploit
wpexploit
•added 2024/04/15 12:0 a.m.•141 views

LiveJournal Shortcode <= 1.1.1 - Contributor+ Stored XSS via Shortcode

Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks Add this shortcode to a page: lj...

5.9AI score
Exploits1
wpexploit
wpexploit
•added 2024/04/03 12:0 a.m.•141 views

Better Comments < 1.5.6 - Subscriber+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow low privilege users such as Subscribers to perform Stored Cross-Site Scripting attacks. 1. From the menu on the left, go into "Users" and edit Subscriber user. 2. Upload a new avatar image and click "Updat...

5.4CVSS5.8AI score0.00401EPSS
Exploits2
wpexploit
wpexploit
•added 2024/01/23 12:0 a.m.•141 views

illi Link Party! <= 1.0 - Unauthenticated Stored XSS

Description The plugin does not sanitise and escape some parameters, which could allow unauthenticated vistors to perform Cross-Site Scripting attacks. 1. Add a new link party and add its shortcode to a new post. 2. In a new private window, navigate to the post where you added the shortcode. 3...

8.9AI score0.00265EPSS
Exploits2
wpexploit
wpexploit
•added 2023/11/13 12:0 a.m.•141 views

Easy Newsletter Signups <= 1.0.4 - Admin+ SQLi

Description The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin 1. From the "Easy Newsletter Signups", select an email address and then click "Export to CSV" 2. Intercept the...

7.2CVSS7.9AI score0.00958EPSS
Exploits2
wpexploit
wpexploit
•added 2023/11/13 12:0 a.m.•141 views

Frontend File Manager < 22.7 - Editor+ Arbitrary File Download

Description The plugin has a vulnerability that allows an Editor+ user to bypass the file download logic and download files such as wp-config.php 1 Create new post with this shortcode - ffmwp 2 Go to new post and upload any file 3 After that go to main page of plugin for users...

6.5CVSS9.7AI score0.01048EPSS
Exploits2References1
wpexploit
wpexploit
•added 2023/11/06 12:0 a.m.•141 views

Martins Free & Easy SEO Link buildings < 1.2.30 - Reflected XSS

Description The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin Make a logged in amin open...

6.1CVSS6.2AI score0.00444EPSS
Exploits2
wpexploit
wpexploit
•added 2023/10/16 12:0 a.m.•141 views

Front End PM < 11.4.3 - Sensitive Data Exposure via Directory Listing

Description The plugin does not block listing the contents of the directories where it stores attachments to private messages, allowing unauthenticated visitors to list and download private attachments if the autoindex feature of the web server is enabled...

6.5CVSS6.7AI score0.00409EPSS
Exploits2
wpexploit
wpexploit
•added 2023/08/07 12:0 a.m.•141 views

User Activity Tracking and Log < 4.0.9 - License Update/Deactivation via CSRF

Description The plugin does not have proper CSRF checks when managing its license, which could allow attackers to make logged in admins update and deactivate the plugin's license via CSRF attacks Make a logged in admin open a page with the code below To make them deactivate the license To make th...

4.3CVSS4.7AI score0.00218EPSS
Exploits2
wpexploit
wpexploit
•added 2023/07/31 12:0 a.m.•141 views

MultiParcels Shipping For WooCommerce < 1.15.2 - Arbitrary Shipment Deletion via CSRF

Description The plugin does not have CRSF check when deleting a shipment, allowing attackers to make any logged in user, delete arbitrary shipment via a CSRF attack Make any logged in user open https://example.com/wp-admin/admin-post.php?action=multiparcelsdeleteshipping&id=1 to make them delete...

4.3CVSS4.7AI score0.00231EPSS
Exploits2
wpexploit
wpexploit
•added 2023/05/22 12:0 a.m.•141 views

AI ChatBot < 4.5.5 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitize and escape its settings, allowing high-privilege users such as admin to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. 1. Go to plugin settings under "WPBot Lite Simple Text Responses" 2. Enter the payload Test Query"...

4.8CVSS5.7AI score0.0047EPSS
Exploits2
wpexploit
wpexploit
•added 2023/04/18 12:0 a.m.•141 views

Thumbnail carousel slider < 1.1.10 - Reflected XSS

The plugin does not sanitise and escape some parameters before outputting them back in pages, leading to Reflected Cross-Site Scripting vulnerability which could be used against high privilege users such as admin. Make a logged in admin open: GET...

6.1CVSS8AI score0.00477EPSS
Exploits2
wpexploit
wpexploit
•added 2023/04/17 12:0 a.m.•141 views

Video List Manager <= 1.7 - Admin+ SQL Injection

The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin SELECT query: 1. Log in as admin. 2. Visit the following path on the site:...

7.2CVSS9.8AI score0.03229EPSS
Exploits2
wpexploit
wpexploit
•added 2023/03/29 12:0 a.m.•141 views

Easy Forms for MailChimp < 6.8.8 - Reflected XSS

The plugin does not sanitise and escape some parameters before outputting them back in the response, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin Make a logged in admin open a page with the following code this requires the attacker to...

6.1CVSS6.3AI score0.00559EPSS
Exploits2
wpexploit
wpexploit
•added 2023/02/28 12:0 a.m.•141 views

OAuth Single Sign On - SSO (OAuth Client) Enterprise < 48.4.9 - IdP Deletion via CSRF

The plugin does not have CSRF checks when deleting Identity Providers IdP, which could allow attackers to make logged in admins delete arbitrary IdP via a CSRF attack https://example.com/wp-admin/admin.php?page=mooauthsettings&tab=config&action=delete&app=wordpress...

6.5CVSS6.8AI score0.00442EPSS
Exploits5
wpexploit
wpexploit
•added 2023/02/23 12:0 a.m.•141 views

VK All in One Expansion Unit < 9.87.1.0 - Reflected XSS

The plugin does not escape the $SERVER'REQUESTURI' parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers Make a logged in admin open the below URL using web browser which does not encode characters...

6.1CVSS6.4AI score0.00519EPSS
Exploits2
wpexploit
wpexploit
•added 2022/10/17 12:0 a.m.•141 views

Product Stock Manager < 1.0.5 - Subscriber+ Unauthorised AJAX Calls

The plugin does not have authorisation and proper CSRF checks in multiple AJAX actions, allowing users with a role as low as subscriber to call them. One action in particular could allow to update arbitrary options To set the default role for new users to administrator, run the below command in t...

4.3CVSS0.7AI score0.00264EPSS
Exploits2
wpexploit
wpexploit
•added 2022/06/06 12:0 a.m.•141 views

Google Authenticator < 1.0.8 - Admin+ Stored Cross-Site Scripting

The plugin does not escape its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfilteredhtml is disallowed Put the following payload in the Account Name settings and click on the 'Change App name' button: " autofocus onfocus=alert/XSS//...

4.8CVSS1.6AI score0.00552EPSS
Exploits2
wpexploit
wpexploit
•added 2022/06/06 12:0 a.m.•141 views

Nested Pages < 3.1.21 - Admin+ Stored Cross Site Scripting

The plugin does not escape and sanitize the some of its settings, which could allow high privilege users to perform Stored Cross-Site Scripting attacks when the unfilteredhtml is disallowed Put the following payload on the "Menu Name" settings of the plugin: "onmouseover=alert"XSS"//...

4.8CVSS1.4AI score0.00625EPSS
Exploits2
wpexploit
wpexploit
•added 2022/06/03 12:0 a.m.•141 views

Image Gallery - Grid Gallery < 1.1.6 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitize and escape some of its Image fields, which could allow high-privileged users such as admin to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed Create a gallery with the "Gallery Theme" set to "Gallery Image 2", add an image and put the...

4.8CVSS0.2AI score0.00552EPSS
Exploits2
wpexploit
wpexploit
•added 2022/06/01 12:0 a.m.•141 views

Icegram < 2.1.8 - Contributor+ Stored Cross-Site Scripting

The plugin does not sanitize and escape some campaign parameters, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks Create/edit a campaign such as a Black Friday one, check the "Use Opt-in / Subscription / Lead capture form" settings and put...

5.4CVSS0.2AI score0.00558EPSS
Exploits2
wpexploit
wpexploit
•added 2022/05/27 12:0 a.m.•141 views

Plausible Analytics < 1.2.4 - Subscriber+ Arbitrary Settings Update

The plugin has a flawed logic when checking for authorisation and CSRF before updating its settings, allowing any authenticated users, such as subscriber, to update the plugin's settings. The attack is also possible via CSRF against any authenticated user. POST /wp-admin/admin-ajax.php HTTP/1.1...

0.5AI score
Exploits0
wpexploit
wpexploit
•added 2022/05/11 12:0 a.m.•141 views

WooCommerce Green Wallet Gateway < 1.0.2 - Reflected Cross Site Scripting in checkout page

The plugin does not escape the errorenvision query parameter before outputting it to the page, leading to a Reflected Cross-Site Scripting vulnerability. 1. Enable greenwallet-gateway as a woocommerce payment gateway 2. add something in your cart and visit the checkout page 3. visit...

6.1CVSS0.6AI score0.00757EPSS
Exploits2
wpexploit
wpexploit
•added 2022/01/31 12:0 a.m.•141 views

WP Email Users <= 1.7.6 - Subscriber+ SQL Injection

The plugin does not escape the dataraw parameter in the weuselectedusers1 AJAX action, available to any authenticated users, allowing them to perform SQL injection attacks. As any authenticated user such as subscriber, the request below will display all users email addresses...

8.8CVSS0.8AI score0.02214EPSS
Exploits3
wpexploit
wpexploit
•added 2021/11/15 12:0 a.m.•141 views

SEO Booster < 3.8 - Admin+ SQL Injection

The plugin allows for authenticated SQL injection via the "fnmyajaxifieddataloaderajax" AJAX request as the $REQUEST'order'0'dir' parameter is not properly escaped leading to blind and error-based SQL injections. Install SEO Booster, then click on the "Incoming Keywords" link in the Wordpress...

7.2CVSS7.7AI score0.01497EPSS
Exploits2References1
wpexploit
wpexploit
•added 2021/10/27 12:0 a.m.•141 views

WPS Hide Login < 1.9.1 - Protection Bypass with Referer-Header

The plugin has a bug which allows to get the secret login page by setting a random referer string and making a request to /wp-admin/options.php as an unauthenticated user. curl --referer "something" -sIXGET https://example.com/wp-admin/options.php HTTP/2 302 ... location:...

0.7AI score0.71532EPSS
Exploits5References1
wpexploit
wpexploit
•added 2021/08/09 12:0 a.m.•141 views

WP Fusion Lite < 3.37.31 - Reflected Cross-Site Scripting (XSS)

The plugin does not escape the startdate and enddate parameters before outputting them back in an admin page, leading to a Reflected Cross-Site Scripting issue. This is due to an incorrect fix of CVE-2021-34660 https://wpscan.com/vulnerability/4a4934d6-282d-4e8c-922a-6b1f12884191...

0.3AI score0.00819EPSS
Exploits2
wpexploit
wpexploit
•added 2024/06/12 12:0 a.m.•140 views

WPQA < 6.1.1 - Arbitrary Category and Tag Follow/Unfollow via CSRF

Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks The PoC will be displayed on June 26, 2024, to give users the time to update...

6.8AI score0.00372EPSS
Exploits2
wpexploit
wpexploit
•added 2024/04/25 12:0 a.m.•140 views

Newsletter Popup <= 1.2 - Unauthenticated Stored XSS

Description The plugin does not sanitise and escape some parameters, which could allow unauthenticated visitors to perform Cross-Site Scripting attacks against admins 1. Make sure there is a newsletter configured with the setting "Email Service Save to local database" 2. When not logged in, use a...

6.3AI score0.00386EPSS
Exploits2
wpexploit
wpexploit
•added 2024/04/24 12:0 a.m.•140 views

SP Project & Document Manager <= 4.71 - Data Update via IDOR

Description The plugin is missing validation in its upload function, allowing a user to manipulate the userid to make it appear that a file was uploaded by another user 1. Select to upload a file through the plugin 2. Intercept the request: Example: ------WebKitFormBoundaryX4YnPgSA4oPHlNjv...

6.7AI score0.00434EPSS
Exploits2
wpexploit
wpexploit
•added 2024/03/25 12:0 a.m.•140 views

WP Customer Reviews < 3.7.1 - Malicious Redirect via HTTP-EQUIV Injection

Description The plugin does not validate a parameter allowing contributor and above users to redirect a page to a malicious URL 1 Create a new post 2 In the "Bussness Name" field enter the payload: 0;http://smth.me/" HTTP-EQUIV="refresh" a="a 3 Save the post and view it. You will see that you are...

6.7AI score0.00495EPSS
Exploits2
wpexploit
wpexploit
•added 2024/03/19 12:0 a.m.•140 views

Combo Blocks < 2.2.76 - Unauthenticated Password Protected Posts Access

Description The plugin does not prevent password protected posts from being displayed in the result of some unauthenticated AJAX actions, allowing unauthenticated users to read such posts Open one of the below URL as an unauthenticated user and note that password protected posts are disclosed in ...

6.9AI score0.16906EPSS
Exploits2
wpexploit
wpexploit
•added 2024/02/16 12:0 a.m.•140 views

Paid Memberships Pro < 2.12.9 - Contributor+ Arbitrary User Custom Field Disclosure

Description The plugin does not prevent user with at least the contributor role from leaking other users' sensitive metadata. As a contributor, - Add shortcode to any post and specify/guess any user ID and meta key and save - Preview the post and see custom field value outputs from any user Examp...

6.7AI score0.00548EPSS
Exploits2
wpexploit
wpexploit
•added 2024/01/22 12:0 a.m.•140 views

Popup Box Pro < 20.9.0 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed Create/edit a new popup and add the following payload in the Custom Content: alert1; Save,...

5.9AI score0.0048EPSS
Exploits3
wpexploit
wpexploit
•added 2023/10/09 12:0 a.m.•140 views

E2Pdf < 1.20.20 - Admin+ Stored Cross-Site Scriping

Description The plugin does not sanitize and escape some of its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed 1 Create a new template on...

4.8CVSS4.8AI score0.00402EPSS
Exploits2
wpexploit
wpexploit
•added 2023/08/02 12:0 a.m.•140 views

Upload Media By URL < 1.0.8 - Stored XSS via CSRF

Description The plugin does not have CSRF check when uploading files, which could allow attackers to make logged in admins upload files including HTML containing JS code for users with the unfilteredhtml capability on their behalf. Have a logged in user with the unfilteredhtml capability open an...

6.5CVSS6.7AI score0.00261EPSS
Exploits2References1
wpexploit
wpexploit
•added 2023/04/18 12:0 a.m.•140 views

Pretty Url <= 1.5.4 - Admin+ Stored XSS in plugin settings

Plugin does not sanitize and escape the URL field in the plugin settings, which could allow high-privilege users to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. 1. In the "Enter the URL: field, add the XSS payloa...

4.8CVSS7.8AI score0.00824EPSS
Exploits2
wpexploit
wpexploit
•added 2023/01/13 12:0 a.m.•140 views

SiteGround Security < 1.3.1 - Admin+ SQLi

The plugin does not properly sanitize user input before using it in an SQL query, leading to an authenticated SQL injection issue. 1: POST /wordpress/index.php/wp-json/sg-security/v1/activity-registered HTTP/1.1 Host: YOUR HOST X-WP-Nonce: YOUR NONCE Cookie: Admin+ Content-Length: 155...

8.8CVSS0.6AI score0.17992EPSS
Exploits2References2
wpexploit
wpexploit
•added 2022/11/17 12:0 a.m.•140 views

Essential Real Estate < 3.9.6 - Reflected Cross-Site-Scripting

The plugin does not sanitize and escapes some parameters, which could allow users with a role as low as Admin to perform Cross-Site Scripting attacks. https://example.com/wp-admin/admin-ajax.php?action=erepropertygalleryfillterajax&columnsgap=%22%3E%3Cscript%3Ealert%22xss%22;%3C/script%3E%3C!--...

5.4CVSS2.7AI score0.00869EPSS
Exploits2
wpexploit
wpexploit
•added 2022/10/25 12:0 a.m.•140 views

Grid Kit Premium <= 1.8.53 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape some parameters before outputting them back in various pages, leading to Reflected Cross-Site Scripting https://example.com/wp-admin/admin.php?page=grid-kit&action=edit&id=...

0.8AI score
Exploits0
Total number of security vulnerabilities4359