Lucene search
K
WpexploitMost viewed

4359 matches found

wpexploit
wpexploit
added 2022/07/18 12:0 a.m.140 views

Directorist - Business Directory Plugin < 7.2.3 - Admin+ Arbitrary File Upload

The plugin allows administrators to download other plugins from the same vendor directly to the site, but does not check the URL domain it gets the zip files from. This could allow administrators to run code on the server, which is a problem in multisite configurations. 1. Craft a custom zip file...

4.9CVSS0.2AI score0.00764EPSS
Exploits2References1
wpexploit
wpexploit
added 2022/07/18 12:0 a.m.140 views

Website File Changes Monitor < 1.8.3 - Admin+ SQLi

The plugin does not sanitise and escape user input before using it in a SQL statement via an action available to users with the manageoptions capability by default admins, leading to an SQL injection A user with manageoptions permission can exploit the vulnerability with the following request :...

9.8CVSS0.01026EPSS
Exploits2
wpexploit
wpexploit
added 2022/05/30 12:0 a.m.140 views

Google XML Sitemaps < 4.1.3 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape a settings before outputting it in the Debug page, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup Put the following payload in the "Try to...

4.8CVSS4.8AI score0.00552EPSS
Exploits2
wpexploit
wpexploit
added 2022/05/30 12:0 a.m.140 views

Very Simple Contact Form < 11.6 - Captcha bypass

The plugin exposes the solution to the captcha in the rendered contact form, both as hidden input fields and as plain text in the page, making it very easy for bots to bypass the captcha check, rendering the page a likely target for spam bots. import requests from requestshtml import HTMLSession...

7.5CVSS7.6AI score0.01163EPSS
Exploits2
wpexploit
wpexploit
added 2021/11/15 12:0 a.m.140 views

Pixel Cat Lite < 2.6.2 - CSRF to Stored Cross-Site Scripting

The plugin does not have CSRF check when saving its settings, and did not sanitise as well as escape some of them, which could allow attacker to make a logged in admin change them and perform Cross-Site Scripting attacks alertdocument.domain;" / var form1 = document.getElementById'hack';...

9CVSS8.5AI score0.00535EPSS
Exploits2
wpexploit
wpexploit
added 2021/10/25 12:0 a.m.140 views

Media-Tags <= 3.2.0.2 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape any of its Labels settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtnl capability is disallowed. https://drive.google.com/file/d/1ZXIS-q2fzZhRhTyHpHEzxcZ2Shl4Up2/view?usp=sharing Put the...

4.8CVSS1AI score0.00598EPSS
Exploits2References2
wpexploit
wpexploit
added 2021/06/30 12:0 a.m.140 views

Cognitive Content Analyzer < 2.3 - Unauthorised AJAX call via CSRF

The plugin did not properly check for CSRF in its blobinatoranalyze AJAX action, allowing attacker to make a logged in administrator call the blobinatorprocesstext method with arbitrary parameters and update the related post with the results. POST /wordpress/wp-admin/admin-ajax.php HTTP/1.1 Accep...

1.3AI score
Exploits0
wpexploit
wpexploit
added 2021/05/26 12:0 a.m.140 views

Simple 301 Redirects by BetterLinks - 2.0.0 – 2.0.3 - Arbitrary Plugin Activation

In the plugin, a lack of capability checks and insufficient nonce check on the AJAX action, simple301redirects/admin/activateplugin, made it possible for authenticated users to activate arbitrary plugins installed on vulnerable sites. $wpuser, 'pwd' = $wppass, 'rememberme' = 'forever', 'wp-submit...

8.8CVSS1.9AI score0.02997EPSS
Exploits3References1
wpexploit
wpexploit
added 2024/04/30 12:0 a.m.139 views

Sailthru Triggermail <= 1.1 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup 1. Go to...

7.8AI score0.00388EPSS
Exploits2
wpexploit
wpexploit
added 2024/04/24 12:0 a.m.139 views

Base64 Encoder/Decoder <= 0.9.2 - Settings Reset via CSRF

Description The plugin does not have CSRF check in place when resetting its settings, which could allow attackers to make a logged in admin reset them via a CSRF attack Make a logged in admin open an HTML file containing the following:...

6.7AI score0.00202EPSS
Exploits2
wpexploit
wpexploit
added 2024/04/15 12:0 a.m.139 views

MF Gig Calendar <= 1.2.1 - Arbitrary Event Deletion via CSRF

Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in Contributors and above delete arbitrary events via a CSRF attack Make a contributor or higher user open a link where is a valid event:...

6.8AI score0.00317EPSS
Exploits2
wpexploit
wpexploit
added 2024/02/08 12:0 a.m.139 views

Event Tickets Plus < 5.9.1 - Contributor+ Attendees Lists Disclosure

Description The plugin does not prevent users with at least the contributor role from leaking the attendees list on any post type regardless of status. e.g. draft, private, pending review, password-protected, and trashed posts. 1. ADMIN: Install Event Tickets 2. ADMIN: Install Event Tickets Plus ...

6.8AI score0.00456EPSS
Exploits2
wpexploit
wpexploit
added 2023/12/01 12:0 a.m.139 views

Hotel Booking Lite < 4.8.5 - Unauthenticated Arbitrary File Download & Deletion

Description The plugin does not validate file paths provided via user input, as well as does not have proper CSRF and authorisation checks, allowing unauthenticated users to download and delete arbitrary files on the server To download /etc/passwd: curl...

9.8CVSS7.1AI score0.03313EPSS
Exploits2
wpexploit
wpexploit
added 2023/09/08 12:0 a.m.139 views

Staff / Employee Business Directory for Active Directory < 1.2.3 - Improper escaping of LDAP entries

Description The plugin does not sanitize and escape data returned from the LDAP server before rendering it in the page, allowing users who can control their entries in the LDAP directory to inject malicious javascript which could be used against high-privilege users such as a site admin. Add a...

6.6AI score0.00395EPSS
Exploits2
wpexploit
wpexploit
added 2023/09/06 12:0 a.m.139 views

My Account Page Editor < 1.3.2 - Subscriber+ Arbitrary File Upload

Description The plugin does not validate the profile picture to be uploaded, allowing any authenticated users, such as subscriber to upload arbitrary files to the server, leading to RCE Prerequisite: This vulnerability requires the "Upload Profile Picture" option to be enabled, which isn't the...

6.6AI score0.00816EPSS
Exploits2
wpexploit
wpexploit
added 2023/08/21 12:0 a.m.139 views

Lock User Account < 1.0.4- Arbitrary Account Lock/Unlock via CSRF

Description The plugin does not have CSRF check when bulk locking and unlocking accounts, which could allow attackers to make logged in admins lock and unlock arbitrary users via a CSRF attack Make a logged in admin open one of the links below, this will make them lock/unlock the user with ID 5...

4.3CVSS4.7AI score0.00218EPSS
Exploits2
wpexploit
wpexploit
added 2023/06/19 12:0 a.m.139 views

Image Protector <= 1.1 - Admin+ Stored Cross-Site Scripting

The plugin does not properly sanitize some of its settings, which could allow high-privilege users to perform Stored Cross-Site Scripting XSS attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. 1. Go to...

4.8CVSS8.3AI score0.00522EPSS
Exploits2
wpexploit
wpexploit
added 2023/06/02 12:0 a.m.139 views

WooCommerce Box Office < 1.1.51 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks tickets columns='111"...

5.6AI score0.00429EPSS
Exploits2References1
wpexploit
wpexploit
added 2023/05/22 12:0 a.m.139 views

Responsive Tabs For WPBakery Page Builder <= 1.1 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks Note: The plugin requires WPBakery Page...

5.4CVSS6AI score0.00444EPSS
Exploits2
wpexploit
wpexploit
added 2023/04/19 12:0 a.m.139 views

BizLibrary <= 1.1 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup 1. Login as Admin. 2. Go to...

4.8CVSS7.8AI score0.00489EPSS
Exploits2
wpexploit
wpexploit
added 2023/04/18 12:0 a.m.139 views

Clock In Portal <= 2.1 - Holidays Deletion via CSRF

The plugin does not have CSRF check when deleting Holidays, which could allow attackers to make logged in admins delete arbitrary holidays via a CSRF attack Make a logged in admin open a page with the code below, this will make them delete the Holiday with ID 1...

4.3CVSS8.5AI score0.00278EPSS
Exploits2
wpexploit
wpexploit
added 2023/04/17 12:0 a.m.139 views

Mega Addons For WPBakery Page Builder < 4.3.0 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. vctestimonial link='target:"...

5.4CVSS5.6AI score0.00444EPSS
Exploits2
wpexploit
wpexploit
added 2023/03/03 12:0 a.m.139 views

WP Image Carousel <= 1.0.2 - Contributor+ Stored XSS

The plugin does not sanitise and escape some parameters, which could allow users with a role as low as contributor to perform Cross-Site Scripting attacks. 1. Go to the plugin settings and insert all the settings, then save. 2. Insert the following shortcode in a post/page: wpic speed='""; alert1...

5.4CVSS5.8AI score0.00444EPSS
Exploits2
wpexploit
wpexploit
added 2023/02/28 12:0 a.m.139 views

Smart Slider 3 < 3.5.1.14 - Contributor+ Stored XSS

The plugin does not properly validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks smartslider3 slider="'-alert/XSS/-'...

5.4CVSS5.6AI score0.00478EPSS
Exploits2
wpexploit
wpexploit
added 2022/12/16 12:0 a.m.139 views

iPanorama 360 WordPress Virtual Tour Builder < 1.6.30 - Contributor+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow users such as contributor+ to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. 1. Create a new panorama item with whatever role, even if it's an Administrator. 2...

5.4CVSS0.00471EPSS
Exploits2
wpexploit
wpexploit
added 2022/12/02 12:0 a.m.139 views

ImageInject <= 1.17 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. POST...

4.8CVSS0.6AI score0.00532EPSS
Exploits2
wpexploit
wpexploit
added 2022/08/01 12:0 a.m.139 views

Duplicator < 1.4.7 - Unauthenticated Backup Download

The plugin discloses the url of the a backup to unauthenticated visitors accessing the main installer endpoint of the plugin, if the installer script has been run once by an administrator, allowing download of the full site backup without authenticating. Find the URL of the actual installer scrip...

7.5CVSS1.3AI score0.12485EPSS
Exploits5References2
wpexploit
wpexploit
added 2022/07/26 12:0 a.m.139 views

Directorist < 7.3.0 - Subscriber+ Arbitrary E-mail Sending

The plugin does not have authorisation and CSRF checks in an AJAX action, allowing any authenticated users to send arbitrary emails on behalf of the blog fetch"/wp-admin/admin-ajax.php", "headers": "content-type": "application/x-www-form-urlencoded", , "method": "POST", "body":...

4.3CVSS1.7AI score0.00308EPSS
Exploits2
wpexploit
wpexploit
added 2022/06/16 12:0 a.m.139 views

Pricing Deals for WooCommerce < 2.0.3 - Unauthenticated SQLi

The plugin does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to an unauthenticated SQL injection...

9.8CVSS2.9AI score0.0666EPSS
Exploits2
wpexploit
wpexploit
added 2022/05/23 12:0 a.m.139 views

Quick Subscribe <= 1.7.1 - Arbitrary Settings Update via CSRF to Stored XSS

The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and leading to Stored XSS due to the lack of sanitisation and escaping in some of them ok' document.getElementById"test".submit;...

5.4CVSS1.4AI score0.00292EPSS
Exploits2
wpexploit
wpexploit
added 2022/03/22 12:0 a.m.139 views

Ninja Forms < 3.6.8 - Unauthenticated Email Address Disclosure

The plugin does not delete the temporary files created when exporting submissions, which could allow unauthenticated attackers to download them and get sensitive information such as the email address of users who submitted a form given that the file is publicly accessible, and with a guessable na...

7AI score
Exploits0
wpexploit
wpexploit
added 2022/02/21 12:0 a.m.139 views

CommonsBooking < 2.6.8 - Unauthenticated SQL Injection

The plugin does not sanitise and escape the location parameter of the calendardata AJAX action available to unauthenticated users before it is used in dynamically constructed SQL queries, leading to an unauthenticated SQL injection Create an "item" and a "location" via the newly added...

9.8CVSS0.5AI score0.08852EPSS
Exploits2
wpexploit
wpexploit
added 2022/02/02 12:0 a.m.139 views

Custom Content Shortcode < 4.0.2 - Authenticated Stored Cross-Site Scripting

The plugin does not escape custom fields before outputting them, which could allow Contributor+ v Preferences Panels and enable the Custom Fields, such as testxss with a value of alert/XSS/ Then add the following shortcode to the post field testxss and view/preview it to trigger the XSS...

0.1AI score0.00595EPSS
Exploits2
wpexploit
wpexploit
added 2021/08/13 12:0 a.m.139 views

Moova for WooCommerce < 3.8 - Reflected Cross-Site Scripting

The plugin does not escape the lat parameter of the moovacustomfields AJAA action available to both unauthenticated and authenticated users before outputting it back in the response, leading to a Reflected Cross-Site Scripting issue alert/XSS/" /...

6.1CVSS0.5AI score0.00938EPSS
Exploits2References1
wpexploit
wpexploit
added 2024/06/12 12:0 a.m.138 views

WPQA < 6.1.1 - Contributor+ Stored XSS

Description The plugin does not sanitise and escape some of its Slider settings, which could allow high privilege users such as contributor to perform Stored Cross-Site Scripting attacks The PoC will be displayed on June 26, 2024, to give users the time to update...

5.8AI score0.00329EPSS
Exploits2
wpexploit
wpexploit
added 2024/06/12 12:0 a.m.138 views

Himer - Social Questions and Answers < 2.1.1 - Subscriber+ Private Group Joining via IDOR

Description The plugin allows any authenticated user to join a private group due to a missing authorization check on a function The PoC will be displayed on June 26, 2024, to give users the time to update...

6.5AI score0.00374EPSS
Exploits1
wpexploit
wpexploit
added 2024/06/04 12:0 a.m.138 views

Logo Manager For Enamad <= 0.7.0 - Stored XSS via CSRF

Description The plugin does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack Make a logged in admin open an HTML file containing: alert/XSS: enamad-code/" alert/XSS:...

5.9AI score0.00464EPSS
Exploits2
wpexploit
wpexploit
added 2024/06/03 12:0 a.m.138 views

SEOPress < 7.8 - Contributor+ Open Redirect

Description The plugin does not validate and escape one of its Post settings, which could allow contributor and above role to perform Open redirect attacks against any user viewing a malicious post As a contributor, create a new Post, at the bottom of the page put the following payload in the...

6.6AI score0.00329EPSS
Exploits2References1
wpexploit
wpexploit
added 2024/04/18 12:0 a.m.138 views

LetterPress <= 1.2.2 - Subscriber Deletion via CSRF

Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks, such as delete arbitrary subscribers Make a logged in admin open an HTML file containing:...

6.9AI score0.00232EPSS
Exploits2
wpexploit
wpexploit
added 2024/04/11 12:0 a.m.138 views

Popup Box < 2.2.7 - Popup Deletion via CSRF

Description The plugin does not have CSRF checks in some bulk actions, which could allow attackers to make logged in admins perform unwanted actions, such as deleting popups via CSRF attacks Make a logged in admin open an HTML file where ID is a valid ID: action...

6.8AI score0.00277EPSS
Exploits2
wpexploit
wpexploit
added 2024/04/05 12:0 a.m.138 views

ENL Newsletter <= 1.0.1 - Campaign Deletion via CSRF

Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in admins delete arbitrary Campaigns via a CSRF attack Make an admin open a URL like where is a valid ID: http://example.com/wp-admin/admin.php?page=enl-campaigns&action=campaign-delete&id=...

6.8AI score0.00281EPSS
Exploits2
wpexploit
wpexploit
added 2024/01/26 12:0 a.m.138 views

coreActivity < 1.8.1 - Unauthenticated Stored XSS

Description The plugin does not escape some request data when outputting it back in the admin dashboard, allowing unauthenticated users to perform Stored XSS attack against high privilege users such as admin As unauthenticated: curl 'https://example.com/alertXSS' The XSS will be triggered when an...

9AI score0.00577EPSS
Exploits2
wpexploit
wpexploit
added 2023/08/30 12:0 a.m.138 views

Locatoraid Store Locator < 3.9.24 - Reflected XSS

Description The plugin does not sanitise and escape the lpr-search parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. Setup as admin: - Locatoraid Configuration Google Maps Enter "none" at...

6.1CVSS6.1AI score0.0042EPSS
Exploits2
wpexploit
wpexploit
added 2023/04/24 12:0 a.m.138 views

Tablesome < 1.0.9 - Reflected XSS

The plugin does not escape various generated URLs, before outputting them in attributes when some notices are displayed, leading to Reflected Cross-Site Scripting Make a logged in admin open one of the URL below when the feature/tracking notice has not been dismissed yet...

6.1CVSS6.1AI score0.01067EPSS
Exploits3
wpexploit
wpexploit
added 2023/03/06 12:0 a.m.138 views

WP Dark Mode < 4.0.8 - Subscriber+ Local File Inclusion

The plugin does not properly sanitize the style parameter in shortcodes before using it to load a PHP template. This leads to Local File Inclusion on servers where non-existent directories may be traversed, or when chained with another vulnerability allowing arbitrary directory creation. As a...

4.3CVSS5.8AI score0.00678EPSS
Exploits2
wpexploit
wpexploit
added 2023/02/28 12:0 a.m.138 views

Real Estate 7 < 3.3.5 - Reflected XSS

The theme does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

1AI score
Exploits0References1
wpexploit
wpexploit
added 2023/02/03 12:0 a.m.138 views

Metform Elementor Contact Form Builder < 3.2.0 - Unauthenticated Stored XSS

The plugin does not sanitize and escape some of its submitted entry data when outputting them back in the admin dashboard, which could allow unauthenticated attackers to perform Stored XSS attacks against an admin viewing the malicious entry Setup as admin: Create a new form using MetForm Element...

7.2CVSS6.5AI score0.28565EPSS
Exploits5References1
wpexploit
wpexploit
added 2022/07/18 12:0 a.m.138 views

Inspiro Premium < 7.2.3 - Contributor+ Stored Cross-Site Scripting

The plugin does not sanitize the portfolio slider description, allowing users with privileges as low as Contributor to inject JavaScript into the description. Steps to reproduce: 1 As a Contributor, go to portfolio on the dashboard and add new item. 2 on the editing page that comes up, scroll dow...

5.4CVSS0.5AI score0.00495EPSS
Exploits2
wpexploit
wpexploit
added 2022/07/01 12:0 a.m.138 views

Yellow Yard Searchbar <= 2.7.27 - Reflected Cross-Site Scripting

The plugin does not escape some URL parameters before outputting them back to the user, leading to Reflected Cross-Site Scripting /?searchjob="...

2.7AI score0.00486EPSS
Exploits2
wpexploit
wpexploit
added 2022/05/18 12:0 a.m.138 views

Log WP_Mail <= 0.1 - Email Logs Publicly Accessible

The plugin saves sent email in a publicly accessible directory using predictable filenames, allowing any unauthenticated visitor to obtain potentially sensitive information like generated passwords. curl https://example.com/wp-content/plugins/logwpmail/log/LWPMAIL-20220330-success.log...

7.5CVSS1.8AI score0.01394EPSS
Exploits2
Total number of security vulnerabilities4359