Lucene search
K
WpexploitMost viewed

4359 matches found

wpexploit
wpexploit
added 2022/02/21 12:0 a.m.138 views

Team Circle Image Slider With Lightbox < 1.0.16 - Reflected Cross-Site Scripting

The plugin does not sanitize and escape the orderpos parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting. https://example.com/wp-admin/admin.php?page=circlethumbnailsliderwithlightboximagemanagement&orderpos=...

6.1CVSS0.6AI score0.00788EPSS
Exploits2
wpexploit
wpexploit
added 2021/11/15 12:0 a.m.138 views

Filter Portfolio Gallery <= 1.5 - Arbitrary Gallery Deletion via CSRF

The plugin is lacking Cross-Site Request Forgery CSRF check when deleting a Gallery, which could allow attackers to make a logged in admin delete arbitrary Gallery. https://example.com/wp-admin/admin.php?page=phoenfiltergallery&deleteid=1...

6.5CVSS6.4AI score0.00531EPSS
Exploits2
wpexploit
wpexploit
added 2021/06/30 12:0 a.m.138 views

Newspaper < 11 - Reflected Cross-Site Scripting (XSS)

Description The theme does not sanitise the tdatts.modulescategory parameter in its tdajaxsearch AJAX action, leading to a Reflected Cross-Site Scripting XSS vulnerability. POST /wp-admin/admin-ajax.php HTTP/1.1 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type...

6.1CVSS6AI score0.00828EPSS
Exploits1
wpexploit
wpexploit
added 2024/05/24 12:0 a.m.137 views

WordPress Jitsi Shortcode <= 0.1 - Contributor+ Stored XSS via Shortcode

Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks As a contributor, add a shortcod...

5.8AI score0.00357EPSS
Exploits2
wpexploit
wpexploit
added 2024/05/24 12:0 a.m.137 views

Social Pixel <= 2.1 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup 1. Go to:...

5.6AI score0.00419EPSS
Exploits2
wpexploit
wpexploit
added 2024/04/24 12:0 a.m.137 views

month name translation benaceur < 2.3.8 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup 1. Go to...

5.7AI score0.00352EPSS
Exploits2
wpexploit
wpexploit
added 2024/04/19 12:0 a.m.137 views

reCAPTCHA Jetpack <= 0.2.2 - Settings Update via CSRF

Description The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack Have an admin open an HTML page containing:...

6.7AI score0.00381EPSS
Exploits2
wpexploit
wpexploit
added 2024/04/05 12:0 a.m.137 views

ENL Newsletter <= 1.0.1 - Stored XSS via CSRF

Description The plugin does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack Make an admin open an HTML file containing: Name: alert1' / alert2' /...

5.9AI score0.00207EPSS
Exploits2
wpexploit
wpexploit
added 2024/04/04 12:0 a.m.137 views

AGCA – Custom Dashboard & Login Page < 7.2.2 - Admin+ Stored XSS via Image URL

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. 1. Navigate AGCA, and select the "Adm...

5.7AI score0.00548EPSS
Exploits2
wpexploit
wpexploit
added 2024/02/13 12:0 a.m.137 views

Enhanced Text Widget < 1.6.6 - Admin+ Stored XSS

Description The plugin does not validate and escape some of its Widget options before outputting them back in attributes, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in...

5.7AI score0.00497EPSS
Exploits2References1
wpexploit
wpexploit
added 2024/01/23 12:0 a.m.137 views

Travelpayouts < 1.1.14 - Reflected XSS

Description The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin Make a logged in admin open the URL below:...

6AI score0.00318EPSS
Exploits2
wpexploit
wpexploit
added 2023/09/25 12:0 a.m.137 views

ActivityPub for WordPress < 1.0.1 - Contributor+ Stored XSS

Description The plugin does not sanitize and escape some data from post content, which could allow contributor and above role to perform Stored Cross-Site Scripting attacks As a contributor, create or edit a post with the payload below while in code editor mode xyz The XSS will be triggered when...

5.4CVSS5.3AI score0.00403EPSS
Exploits2
wpexploit
wpexploit
added 2023/09/25 12:0 a.m.137 views

ActivityPub for WordPress < 1.0.0 - Contributor+ Stored XSS

Description The plugin does not escape user metadata before outputting them in mentions, which could allow users with a role of Contributor and above to perform Stored XSS attacks As a contributor, put the following payload in a post the payload will have to be updated accordingly to watch the...

5.4CVSS5.3AI score0.00419EPSS
Exploits2
wpexploit
wpexploit
added 2023/08/21 12:0 a.m.137 views

URL Shortify < 1.7.6 - Unauthenticated Stored XSS via referer header

Description The plugin does not properly escape the value of the referer header, thus allowing an unauthenticated attacker to inject malicious javascript that will trigger in the plugins admin panel with statistics of the created short link. 1. Add a new shortened link in the interface...

6.1CVSS6.4AI score0.00735EPSS
Exploits2
wpexploit
wpexploit
added 2023/07/27 12:0 a.m.137 views

Change WP Admin < 1.1.4 - Secret Login Page Disclosure

Description The plugin discloses the URL of the hidden login page when accessing a crafted URL, bypassing the protection offered. - Set custom Login URL under "Settings Permalinks". For example, login - As an unauthenticated visitor, open https://example.com/wp-admin/customize.php in a different...

7.5CVSS6.8AI score0.00692EPSS
Exploits2
wpexploit
wpexploit
added 2023/06/20 12:0 a.m.137 views

BookIt < 2.3.8 - Authentication Bypass

The plugin does not perform any authorisation check when a user book an appointment using an email from an existing account, allowing unauthenticated attackers to login as any user from the blog by providing their email address On a page where the bookit is embed, book an appointment using an ema...

9.8CVSS9.2AI score0.01914EPSS
Exploits3References1
wpexploit
wpexploit
added 2023/04/19 12:0 a.m.137 views

Active Directory Integration / LDAP Integration < 4.1.1 - Unauthenticated Data Disclosure

The plugin does not have proper authorization or nonce values for some POST requests, leading to unauthenticated data disclosure. In version 4.1.0 a nonce check was added to the request, but it still lacked authorization. The admininit hook calls MoLdapLocalLogin class loginwidgetsaveoptions meth...

7.5CVSS8.5AI score0.00819EPSS
Exploits2
wpexploit
wpexploit
added 2023/01/16 12:0 a.m.137 views

Stream < 3.9.2 - Subscriber+ Alert Creation

The plugin does not prevent users with little privileges on the site like subscribers from using its alert creation functionality, which may enable them to leak sensitive information. Step 1: Log in as a subscriber Step 2: Get a nonce from...

6.5CVSS6.3AI score0.0091EPSS
Exploits2
wpexploit
wpexploit
added 2023/01/10 12:0 a.m.137 views

WP-ShowHide < 1.05 - Contributor+ Stored XSS via Shortcode

The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. Exploit...

5.4CVSS1.6AI score0.00573EPSS
Exploits2
wpexploit
wpexploit
added 2022/12/23 12:0 a.m.137 views

Link Library < 7.4.1 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. 1. Install the plugin and go to:...

4.8CVSS0.6AI score0.0047EPSS
Exploits2
wpexploit
wpexploit
added 2022/06/20 12:0 a.m.137 views

Admin Management Xtended < 2.4.5 - Post Visibility/Date/Comment Status Update via CSRF

The plugin does not have CSRF checks in some of its AJAX actions, allowing attackers to make a logged users with the right capabilities to call them. This can lead to changes in post status draft, published, slug, post date, comment status enabled, disabled and more. The following PoC codes are f...

6.5CVSS0.4AI score0.00612EPSS
Exploits2
wpexploit
wpexploit
added 2022/05/26 12:0 a.m.137 views

underConstruction < 1.21 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise or escape the "Display a custom page using your own HTML" setting before outputting it, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiletredhtml capability is disallowed. In the plugin's settings, active Under Contraction...

4.8CVSS4.8AI score0.00552EPSS
Exploits2References1
wpexploit
wpexploit
added 2022/05/23 12:0 a.m.137 views

WP-chgFontSize <= 1.8 - Arbitrary Settings Update via CSRF to Stored XSS

The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and lead to Stored Cross-Site Scripting due to the lack of sanitisation and escaping ' document.getElementById"test".submit;...

5.4CVSS1AI score0.00292EPSS
Exploits2
wpexploit
wpexploit
added 2022/05/09 12:0 a.m.137 views

IMDB info box <= 2.0 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitize and escape some of its settings, which could allow high-privileged users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed As administrator, put the following payload in any of the plugin's settings and save: "alert/XSS/;...

4.8CVSS0.4AI score0.00565EPSS
Exploits2
wpexploit
wpexploit
added 2022/05/09 12:0 a.m.137 views

Realty Workstation < 1.0.15 - Agent SQLi

The plugin does not sanitise and escape the transedit parameter before using it in a SQL statement when an agent edit a transaction, leading to an SQL injection As a logged in agent:...

4.9CVSS0.8AI score0.00951EPSS
Exploits2References1
wpexploit
wpexploit
added 2022/04/25 12:0 a.m.137 views

ScrollReveal.js Effects <= 1.2 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed Put the following payload in any of the plugin's settings such as Opacity: "...

4.8CVSS1.2AI score0.00648EPSS
Exploits2References1
wpexploit
wpexploit
added 2022/04/11 12:0 a.m.137 views

SiteSuperCharger < 5.2.0 - Unauthenticated SQLi

The plugin does not validate, sanitise and escape various user inputs before using them in SQL statements via AJAX actions available to both unauthenticated and authenticated users, leading to Unauthenticated SQL Injections curl https://example.com/wp-admin/admin-ajax.php --data...

9.8CVSS1.9AI score0.01602EPSS
Exploits2
wpexploit
wpexploit
added 2022/03/29 12:0 a.m.137 views

Advanced Page Visit Counter < 6.1.6 - Subscriber+ Blind SQL injection

The plugin does not escape the artID parameter before using it in a SQL statement in the apvcresetcountart AJAX action, available to any authenticated user, leading to a SQL injection v = 5.0.8 - https://example.com/wp-admin/admin-ajax.php?action=apvcresetcountart&artID=sleep10 v 6.1.6 -...

8.8CVSS1.9AI score0.01341EPSS
Exploits2
wpexploit
wpexploit
added 2022/01/17 12:0 a.m.137 views

Popup | Custom Popup Builder < 1.3.1 - Unauthenticated Denial of Service

The plugin autoload data from its popup on every pages, as such data can be sent by unauthenticated user, and is not validated in length, this could cause a denial of service on the blog 1 Create a popup as admin and access the popup page as unauthenticated 2 Send data on the form and intercept t...

7.5CVSS0.2AI score0.01589EPSS
Exploits2
wpexploit
wpexploit
added 2021/12/24 12:0 a.m.137 views

Advanced Custom Fields: Extended < 0.8.8.7 - Admin+ SQL Injection

The plugin does not validate the order and orderby parameters before using them in a SQL statement, leading to a SQL Injection issue https://example.ocm/wp-admin/options-general.php?page=acfe-options&orderby=1%20and%20sleep0.02%23...

7.2CVSS3.1AI score0.01502EPSS
Exploits2References1
wpexploit
wpexploit
added 2021/09/24 12:0 a.m.137 views

WP DSGVO Tools (GDPR) < 3.1.24 - Unauthenticated Plugin's Settings Update to Stored Cross-Site Scripting

The plugin is lacking proper authorisation and CSRF checks, makes some functions available to unauthenticated as well as any authenticated users via AJAX hooks. As a result, unauthenticated users could update some of the plugin's settings, and set a Cross-Site Scripting payload in the Matomo Code...

Exploits0References2
wpexploit
wpexploit
added 2021/09/21 12:0 a.m.137 views

Special Text Boxes <= 5.9.109 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise or escape some of its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml is disallowed. Put the following payload in any of the field in the 'Basic Settings' section of the plugin's setting...

4.8CVSS1.2AI score0.00598EPSS
Exploits2
wpexploit
wpexploit
added 2021/06/28 12:0 a.m.137 views

DrawBlog <= 0.90 - Authenticated Stored Cross-Site Scripting (XSS)

The plugin does not sanitise or validate some of its settings before outputting them back in the page, leading to an authenticated stored Cross-Site Scripting issue As admin, put the following payload in the "Checkbox reminder" setting of the plugin: "alert/XSS/...

3.5CVSS0.2AI score0.00613EPSS
Exploits2
wpexploit
wpexploit
added 2021/06/16 12:0 a.m.137 views

WP YouTube Lyte < 1.7.16 - Authenticated Stored XSS

The plugin did not sanitise or escape its lyteytapikey and lytenotification settings before outputting them back in the page, allowing high privilege users to set XSS payload on them and leading to stored Cross-Site Scripting issues. PoC 1 | Authenticated Persistent XSS | Your YouTube API key: PO...

4.8CVSS0.3AI score0.00626EPSS
Exploits2References1
wpexploit
wpexploit
added 2024/03/25 12:0 a.m.136 views

NPS computy < 2.7.6 - Results Deletion via CSRF

Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks Make a logged in admin open the following: The result is that all existing poll responses are deleted...

9.5AI score0.00365EPSS
Exploits2
wpexploit
wpexploit
added 2024/03/04 12:0 a.m.136 views

CM Download and File Manager < 2.9.1 - Download Edit via CSRF

Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in admins edit downloads via a CSRF attack Make an admin open an HTML file containing the following:...

6.7AI score0.0047EPSS
Exploits2
wpexploit
wpexploit
added 2023/06/26 12:0 a.m.136 views

WooCommerce Pre-Orders < 2.0.2 - Reflected XSS

The plugin does not escape generated URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin When there is at least one pre-order, make a logged in admin open the URL below...

6.2AI score
Exploits0
wpexploit
wpexploit
added 2023/05/30 12:0 a.m.136 views

Feather Login Page < 1.1.2 - Cross-Site Request Forgery to Privilege Escalation

The plugin does not protect its ftlpp-ext-expirable-login-link action against CSRF attacks, allowing an unauthenticated attacker to add users of any role on their behalf by tricking a logged in administrator to submit a crafted request. POST...

8.8CVSS8.5AI score0.00331EPSS
Exploits1References1
wpexploit
wpexploit
added 2023/05/22 12:0 a.m.136 views

Qubotchat < 1.1.6 – Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. 1. Add a "button" to the chatbot 2. In the "Text...

4.8CVSS5.8AI score0.00442EPSS
Exploits2
wpexploit
wpexploit
added 2023/03/27 12:0 a.m.136 views

Gallery by BestWebSoft < 4.7.0 - Author+ SQL Injection

The plugin does not properly escape values used in SQL queries, leading to an Blind SQL Injection vulnerability. The attacker must have at least the privileges of an Author, and the vendor's Slider plugin https://wordpress.org/plugins/slider-bws/ must also be installed for this vulnerability to b...

8.8CVSS9.2AI score0.00873EPSS
Exploits2
wpexploit
wpexploit
added 2022/11/17 12:0 a.m.136 views

Buddybadges <= 1.0.0 - Admin+ SQLi

The plugin does not sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users https://example.com/wp-admin/options-general.php?page=buddybadge&wpedit=b2f9b59706&edit=1+AND+SELECT+7741+FROM+SELECTSLEEP10hlAf...

7.2CVSS1.4AI score0.00964EPSS
Exploits2References1
wpexploit
wpexploit
added 2022/10/21 12:0 a.m.136 views

OAuth Client by DigitialPixies <= 1.1.0 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitize and escapes some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example, in multisite setup. Put the following payload in any of the plugin'...

4.8CVSS0.7AI score0.00501EPSS
Exploits2
wpexploit
wpexploit
added 2022/08/01 12:0 a.m.136 views

Social Slider Feed < 2.0.5 - Subscriber+ Stored XSS via Feeds

The plugin does not have authorisation and CSRF check in place when adding and editing a Feed, and does not sanitise as well as escape user input. As a result, users with a role as low as subscriber could add arbitrary feeds, with Stored Cross-Site Scripting payloads in them. As any authenticated...

6.5AI score
Exploits0
wpexploit
wpexploit
added 2022/05/12 12:0 a.m.136 views

WP Simple Adsense Insertion < 2.1 - Inject ads and javascript via CSRF

The plugin does not perform CSRF checks on updates to its admin page, allowing an attacker to trick a logged in user to manipulate ads and inject arbitrary javascript via submitting a form. alert'boo!'" document.getElementById"test".submit;...

4.3CVSS0.8AI score0.00412EPSS
Exploits2
wpexploit
wpexploit
added 2022/05/09 12:0 a.m.136 views

BannerMan <= 0.2.4 - Multiple Admin+ Stored Cross-Site Scripting

The plugin does not sanitize or escape its settings, which could allow high-privileged users to perform Cross-Site Scripting attacks when the unfilteredhtml is disallowed such as in multisite As administrator, put the following payloads in the mentioned settings of the plugin...

4.8CVSS4.9AI score0.00565EPSS
Exploits2
wpexploit
wpexploit
added 2022/04/05 12:0 a.m.136 views

Tipsacarrier <= 1.4.4.2 - Unauthenticated Orders Disclosure

The plugin does not have any authorisation check in place some functions, which could allow unauthenticated users to access Orders data which could be used to retrieve the client full address, name and phone via tracking URL Vendor was notified on November 26th, 2021, did not reply nor fix the...

7.5CVSS0.3AI score0.0147EPSS
Exploits2
wpexploit
wpexploit
added 2022/03/01 12:0 a.m.137 views

Sermon Browser <= 0.45.22 - Arbitrary File Upload via CSRF

The plugin does not have CSRF checks in place when uploading Sermon files, and does not validate them in any way, allowing attackers to make a logged in admin upload arbitrary files such as PHP ones. function submitRequest var xhr = new XMLHttpRequest; xhr.open"POST",...

8.8CVSS1AI score0.00618EPSS
Exploits2
wpexploit
wpexploit
added 2022/02/02 12:0 a.m.136 views

Custom Content Shortcode < 4.0.2 - Authenticated Arbitrary File Access / LFI

The plugin does not validate the data passed to its load shortcode, which could allow Contributor+ v 4.0.1 or Admin+ v 4.0.2 users to display arbitrary files from the filesystem such as logs, .htaccess etc, as well as perform Local File Inclusion attacks as PHP files will be executed. Please note...

0.3AI score0.00435EPSS
Exploits2
wpexploit
wpexploit
added 2022/01/31 12:0 a.m.136 views

Use Any Font < 6.2.1 - Unauthenticated Arbitrary CSS Appending

The plugin does not have any authorisation checks when assigning a font, allowing unauthenticated users to sent arbitrary CSS which will then be processed by the frontend for all users. Due to the lack of sanitisation and escaping in the backend, it could also lead to Stored XSS issues...

6.1CVSS0.01469EPSS
Exploits2
wpexploit
wpexploit
added 2022/01/13 12:0 a.m.136 views

NewStatPress < 1.3.6 - Reflected Cross-Site Scripting

The plugin does not properly escape the whatX parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting issues https://example.com/wp-admin/admin.php?page=nspsearch&what1=%27+style%3Danimation-name%3Arotation+onanimationstart%3Dalert%28/XSS/%29+x...

6.1CVSS1.6AI score0.01446EPSS
Exploits2
Total number of security vulnerabilities4359