Lucene search
K
WpexploitMost viewed

4359 matches found

wpexploit
wpexploit
•added 2021/10/20 12:0 a.m.•703 views

Responsive Image Slider, Photo Gallery And Carousel < 1.3.6 - Subscriber+ Arbitrary Post Access

The plugin does not have proper authorisation check in the sfimageid AJAX action, which could allow any authenticated, such as subscriber, to view the content and title of arbitrary posts, for example private, draft and password protected ones. POST /wp-admin/admin-ajax.php HTTP/1.1 Accept: /...

0.1AI score
Exploits0
wpexploit
wpexploit
•added 2021/10/04 12:0 a.m.•703 views

Far Future Expiry Header < 1.5 - Plugin's Settings Update via CSRF

The plugin does not have CSRF check when saving its settings, which could allow attackers to make a logged in admin change them via a CSRF attack. csrf.submit...

4.3CVSS1.3AI score0.00453EPSS
Exploits2
wpexploit
wpexploit
•added 2021/09/28 12:0 a.m.•703 views

Flat Preloader < 1.5.4 - CSRF to Stored Cross-Site Scripting

The plugin does not enforce nonce checks when saving its settings, as well as does not sanitise and escape them, which could allow attackers to a make logged in admin change them with a Cross-Site Scripting payload triggered either in the frontend or backend depending on the payload The CSRF was...

5.4CVSS5.3AI score0.00491EPSS
Exploits2
wpexploit
wpexploit
•added 2021/07/12 12:0 a.m.•703 views

Advanced Menu Manager < 3.0 - Unauthorised Menu Edition via CSRF

The plugin does not properly check for CSRF in its ammsaveexistingmenu function, allowing attackers to make logged in high privilege users edit menus via a CSRF attack...

2AI score
Exploits0
wpexploit
wpexploit
•added 2021/06/30 12:0 a.m.•703 views

BuddyPress Customer.io Analytics Integration <= 1.1.6 - Arbitrary Plugin Settings Update via CSRF

The plugin does not properly perform the CSRF check when saving its settings, allowing attackers to make logged in admin change them to arbitrary values...

1.8AI score
Exploits0
wpexploit
wpexploit
•added 2021/03/30 12:0 a.m.•703 views

Woocommerce Customers Manager < 26.6 - Arbitrary Account Creation/Update via CSRF

The fixes for https://wpscan.com/vulnerability/126143e0-b0cc-4517-862e-3ac557db744f still allowed the issue to be performed via a CSRF attack. The uploadcsv AJAX action, available to authenticated users, did not have proper CRSF check, allowing attacker to make a logged in user with the...

1.5AI score
Exploits0References2
wpexploit
wpexploit
•added 2022/09/05 12:0 a.m.•702 views

Post SMTP < 2.1.7 - Admin+ Blind SSRF

The plugin does not have proper authorisation in some AJAX actions, which could allow high privilege users such as admin to perform blind SSRF on multisite installations for example. Navigate to https://example.com/wp-admin/admin.php?page=postman%2Fporttest Inside "Outgoing Mail Server Hostname"...

7.2CVSS1.2AI score0.01028EPSS
Exploits2
wpexploit
wpexploit
•added 2021/06/29 12:0 a.m.•702 views

Image Slider by Ays - Responsive Slider and Carousel < 2.5.0 - Authenticated Blind SQL Injection

The getsliders function in the plugin did not use whitelist or validate the orderby parameter before using it in SQL statements passed to the getresults DB calls, leading to SQL injection issues in the admin dashboard SQLMAP: python sqlmap.py -r r.txt -p orderby --level 5 --risk 3 --dbms MySQL...

6.5CVSS0.3AI score0.01362EPSS
Exploits2
wpexploit
wpexploit
•added 2021/10/11 12:0 a.m.•701 views

Coupon Affiliates for WooCommerce < 4.11.3.4 - Arbitrary Referral Visits Deletion via CSRF

The plugin does not have any CSRF in place when deleting Referral Visits, which could allow attackers to make a logged in admin delete them via a CSRF attack...

2.5AI score
Exploits0
wpexploit
wpexploit
•added 2022/10/17 12:0 a.m.•699 views

Complianz (Free < 6.3.4, Premium < 6.3.6) - Translator SQLi

The plugins allow a translators to inject arbitrary SQL through an unsanitized translation. SQL can be injected through an infected translation file, or by a user with a translator role through translation plugins such as Loco Translate or WPML. 1. Install Complianz and set the following options ...

8.8CVSS8.9AI score0.01196EPSS
Exploits2
wpexploit
wpexploit
•added 2022/09/26 12:0 a.m.•698 views

Helpful < 4.5.26 - Information Disclosure

The plugin puts the exported logs and feedbacks in a publicly accessible location and guessable names, which could allow attackers to download them and retrieve sensitive information such as IP, Names and Email Address depending on the plugin's settings After an admin export logs via...

5.3CVSS0.3AI score0.00769EPSS
Exploits2
wpexploit
wpexploit
•added 2021/08/24 12:0 a.m.•699 views

Podlove Podcast Publisher < 3.5.6 - Unauthenticated SQL Injection

The plugin contains a 'Social & Donations' module not activated by default, which adds the rest route '/services/contributor/?P\d+, takes an 'id' and 'category' parameters as arguments. Both parameters can be used for the SQLi. With the 'Social & Donations' module of the plugin activated. Permali...

9.8CVSS0.6AI score0.09404EPSS
Exploits2References1
wpexploit
wpexploit
•added 2021/07/26 12:0 a.m.•698 views

WP SMS < 5.4.13 - Authenticated Stored Cross-Site Scripting

The plugin does not sanitise the "wpgroupname" parameter before outputting it back in the "Groups" page, leading to an Authenticated Stored Cross-Site Scripting issue WPScanTeam: During the verification of the fixes with the vendor, other payloads and injection points were identified, reported an...

3.5CVSS0.1AI score0.00671EPSS
Exploits2References1
wpexploit
wpexploit
•added 2023/01/19 12:0 a.m.•697 views

GiveWP < 2.24.1 - Unauthenticated SQLi

The plugin does not properly escape user input before it reaches SQL queries, which could let unauthenticated attackers perform SQL Injection attacks 1 Create a post/page that contains the "Donor Wall" block. 2 Using the default donation form, send a test donation 3 In a terminal, edit and run th...

1.2AI score0.03742EPSS
Exploits2References1
wpexploit
wpexploit
•added 2021/10/05 12:0 a.m.•697 views

WP Survey Plus <= 1.0 - Subscriber+ AJAX Calls

The plugin does not have any authorisation and CSRF checks in place in its AJAX actions, allowing any user to call them and add/edit/delete Surveys. Furthermore, due to the lack of sanitization in the Surveys' Title, this could also lead to Stored Cross-Site Scripting issues To create a survey wi...

4.3CVSS0.1AI score0.00435EPSS
Exploits2
wpexploit
wpexploit
•added 2021/10/04 12:0 a.m.•695 views

Image Source Control < 2.3.1 - Contributor+ Arbitrary Post Meta Value Change

The plugin allows users with a role as low as Contributor to change arbitrary post meta fields of arbitrary posts even those they should not be able to edit Run while in the Post/Page editor as a contributor jQuery.postajaxurl, action: "iscsavemeta", nonce: iscData.nonce, id:781, key:...

4.3CVSS1.6AI score0.00768EPSS
Exploits2References1
wpexploit
wpexploit
•added 2021/08/24 12:0 a.m.•695 views

SMTP Mail < 1.2.2 - Authenticated SQL Injections

The plugin does not properly validate or escape the order and orderby parameters before using them in SQL statements, leading to SQL Injections in the admin dashboard...

1.9AI score
Exploits0
wpexploit
wpexploit
•added 2022/08/23 12:0 a.m.•694 views

BadgeOS < 3.7.1.3 - Subscriber+ SQLi

The plugin does not sanitise and escape parameters before using them in SQL statements via AJAX actions available to any authenticated users, leading to SQL Injections Open the following URL as any authenticated user such as subscriber:...

8.8CVSS0.8AI score0.00994EPSS
Exploits2
wpexploit
wpexploit
•added 2022/08/04 12:0 a.m.•694 views

Download Manager < 3.2.53 - Unauthenticated Reflected Cross-Site Scripting

The plugin does not escape the $SERVER'REQUESTURI' parameter before outputting it back in an attribute of the modal login page only available when users are not logged in, which could lead to Reflected Cross-Site Scripting in old web browsers. On the modal login page from the plugin and using an...

0.4AI score
Exploits0
wpexploit
wpexploit
•added 2022/06/27 12:0 a.m.•694 views

OAuth Single Sign On < 6.22.6 - Authentication Bypass

The plugin doesn't validate that OAuth access token requests are legitimate, which allows attackers to log onto the site with the only knowledge of a user's email address. POST / HTTP/1.1 Accept: / Accept-Language: en-GB,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type:...

5.3CVSS1.6AI score0.00988EPSS
Exploits2References1
wpexploit
wpexploit
•added 2020/09/29 12:0 a.m.•694 views

Slider by 10Web < 1.2.36 - Multiple Authenticated SQL Injection

The bulkaction, exportfull and savesliderdb functionalities of the plugin were vulnerable, allowing a high privileged user Admin, or medium one such as Contributor+ if "Role Options" is turn on for other users to perform a SQL Injection attacks. Vulnerable param: check Vulnerable function:...

1.7AI score0.02586EPSS
Exploits2References1
wpexploit
wpexploit
•added 2021/07/19 12:0 a.m.•693 views

RestroPress < 2.8.3 - Cart Manipulation via CSRF

The plugin does not properly check for CSRF in some of its AJAX calls, allowing attackers to make users do unwanted actions, such as add arbitrary products to their cart, or empty it completely To clear the cart of the current user authenticated or not:...

2.2AI score
Exploits0
wpexploit
wpexploit
•added 2021/05/08 12:0 a.m.•693 views

ThemeHigh WooCommerce Wishlist and Comparison < 1.0.5 - Unauthorised AJAX call

Some AJAX actions did not have proper CSRF and authorisation checks, allowing unauthorised call either via unauthenticated/low privilege users or CSRF, which could allow attackers to reset or change the settings of the plugin for example Reset arbitrary option in the plugin v 1.0.5 POST...

1.2AI score
Exploits0
wpexploit
wpexploit
•added 2020/09/06 12:0 a.m.•693 views

ActiveCampaign < 8.0.2 - Cross-Site Request Forgery in Settings

The ActiveCampaign 8.0.1 plugin is lacking CSRF check on its Settings form, which could allow attacker to make a logged-in administrator change API Credentials to attacker's account. When a logged-in administrator accesses an HTML page embedded below content, the plugin's setting will be changed...

1AI score0.00474EPSS
Exploits2References1
wpexploit
wpexploit
•added 2022/01/31 12:0 a.m.•691 views

Logo Showcase with Slick Slider < 2.0.1 - Arbitrary Media Title/Description/Alt Text/URL Update via CSRF

The plugin does not have CSRF check in the lswsssaveattachmentdata AJAX action, allowing attackers to make a logged in high privilege user, change title, description, alt text, and URL of arbitrary uploaded media. jQuery.postajaxurl, action: "lswsssaveattachmentdata", attachmentid: 564, formdata:...

4.3CVSS3.3AI score0.00464EPSS
Exploits2References1
wpexploit
wpexploit
•added 2021/10/11 12:0 a.m.•690 views

404 to 301 < 3.0.9 - Logs Deletion via CSRF

Description The plugin does not have CSRF check in place when cleaning the logs, which could allow attacker to make a logged in admin delete all of them via a CSRF attack https://example.com/wp-admin/admin.php?page=jj4t3-logs&action=bulkclean...

6.5CVSS6.3AI score0.00531EPSS
Exploits2
wpexploit
wpexploit
•added 2021/07/19 12:0 a.m.•690 views

Wonder Video Embed < 1.8 - Contributor+ Stored XSS

The plugin does not escape parameters of its wonderpluginvideo shortcode, which could allow users with a role as low as Contributor to perform Stored XSS attacks. wonderpluginvideo iframe='youtube.com?v=dQw4w9WgXcQ" onload="alert1' videocss='animation-name:twentytwentyone-close-button-transition"...

3.5CVSS2.1AI score0.00624EPSS
Exploits2
wpexploit
wpexploit
•added 2021/12/16 12:0 a.m.•689 views

Smash Balloon Social Post Feed < 4.1.1 - Authenticated Reflected Cross-Site Scripting (XSS)

The plugin was affected by a reflected XSS in custom-facebook-feed in cff-top admin page. http://127.0.0.1:8001/wp-admin/admin.php?page=cff-top&cffaccesstoken=xox%3C%2Fscript%3E%3Cimg+src+onerror%3Dalert%281%29%3E&cfffinalresponse=true...

5.4CVSS1.6AI score0.01217EPSS
Exploits2
wpexploit
wpexploit
•added 2021/10/18 12:0 a.m.•688 views

WP Performance Score Booster < 2.1 - Settings Change via CSRF

The plugin does not have CSRF check when saving its settings, which could allow attackers to make a logged in admin change them via a CSRF attack. csrf.submit...

4.3CVSS1.4AI score0.00435EPSS
Exploits2
wpexploit
wpexploit
•added 2022/01/31 12:0 a.m.•687 views

Better Notifications for WP < 1.8.7 - Email Address Disclosure

The plugin does not have authorisation and CSRF check in its bnfwsearchusers AJAX action, allowing any authenticated users to call it and query for user e-mail prefixes finding the first letter, then the second one, then the third one etc.. import sys import string import urllib.parse import...

4.3CVSS0.6AI score0.00423EPSS
Exploits2
wpexploit
wpexploit
•added 2022/01/07 12:0 a.m.•688 views

Paid Memberships Pro < 2.6.7 - Unauthenticated Blind SQL Injection

The plugin does not escape the discountcode in one of its REST route available to unauthenticated users before using it in a SQL statement, leading to a SQL injection https://example.com/?restroute=/pmpro/v1/checkoutlevel&levelid=3&discountcode=%27%20%20union%20select%20sleep1%20--%20g...

9.8CVSS1.8AI score0.82248EPSS
Exploits2References1
wpexploit
wpexploit
•added 2021/09/22 12:0 a.m.•687 views

WP User Manager < 2.6.3 - Arbitrary User Password Reset to Account Compromise

The plugin does not ensure that the user ID to reset the password of is related to the reset key given. As a result, any authenticated user can reset the password to an arbitrary value of any user knowing only their ID, and gain access to their account. User registration must be enabled or you mu...

5.4CVSS0.3AI score0.006EPSS
Exploits3
wpexploit
wpexploit
•added 2021/10/06 12:0 a.m.•686 views

Redirect 404 Error Page to Homepage or Custom Page with Logs < 1.7.9 - Log Deletion via CSRF

The plugin does not check for CSRF when deleting logs, which could allow attacker to make a logged in admin delete them via a CSRF attack csrf.submit...

6.5CVSS0.5AI score0.00531EPSS
Exploits2
wpexploit
wpexploit
•added 2021/08/31 12:0 a.m.•686 views

qTranslate X <= 3.4.6.8 - Multiple Admin+ Stored Cross-Site Scripting

The plugin does not escape some of its settings before outputting them in attributes, allowing high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. Affected POST Parameters: - Settings Languages Languages:...

0.4AI score
Exploits0
wpexploit
wpexploit
•added 2021/08/02 12:0 a.m.•685 views

VDZ Google Analytics or Google Tag Manager / GTM < 1.6.0 - Authenticated Stored XSS

The plugin does not escape its Google Analytics ID settings, allowing high privilege users such as admin to perform XSS attacks even when the unfilteredhtml capability is disallowed. The issue was introduced in v1.5.0, fixed in 1.5.4, then re-introduced in 1.5.5 and fixed in 1.6.0 Put the followi...

0.7AI score
Exploits0References2
wpexploit
wpexploit
•added 2022/06/20 12:0 a.m.•682 views

WooCommerce < 6.6.0 - Admin+ Stored HTML Injection

The plugin is vulnerable to stored HTML injection due to lack of escaping and sanitizing in the payment gateway titles Go to WooCommerce - Settings - Payments tab, enable BAC Bank Account Transfers and edit the title in the setup dialog. HTML can be injected there, and will be rendered both for...

4.8CVSS0.1AI score0.00559EPSS
Exploits2
wpexploit
wpexploit
•added 2021/10/11 12:0 a.m.•682 views

WCFM - Frontend Manager for WooCommerce < 6.5.12 - Customer/Subscriber+ SQL Injection

The plugin, when used in combination with another WCFM - WooCommerce Multivendor plugin such as WCFM - WooCommerce Multivendor Marketplace, does not escape the withdrawalvendor parameter before using it in a SQL statement, allowing low privilege users such as Subscribers to perform SQL injection...

8.8CVSS1.6AI score0.01292EPSS
Exploits2
wpexploit
wpexploit
•added 2021/10/18 12:0 a.m.•681 views

SEO Redirection < 8.2 - Subscriber+ SQL Injection

The importFromRedirection AJAX action of the plugin, available to any authenticated user, does not properly sanitise the offset parameter before using it in a SQL statement, leading an SQL injection when the redirection plugin is also installed POST /wp-admin/admin-ajax.php HTTP/1.1 Accept:...

8.8CVSS0.6AI score0.01318EPSS
Exploits2
wpexploit
wpexploit
•added 2021/10/11 12:0 a.m.•680 views

Pie Register < 3.7.1.6 - Unauthenticated SQL Injection

The plugin does not properly escape user data before using it in a SQL statement in the wp-json/pie/v1/login REST API endpoint, leading to an SQL injection. POST /wp-json/pie/v1/login HTTP/1.1 Accept: application/json, text/javascript, /; q=0.01 Accept-Language: en-GB,en;q=0.5 Accept-Encoding:...

9.8CVSS0.9AI score0.07542EPSS
Exploits2
wpexploit
wpexploit
•added 2020/10/11 12:0 a.m.•680 views

PowerPress < 8.3.8 - Authenticated Arbitrary File Upload leading to RCE

The plugin did not verify some of the uploaded feed images such as the ones from Podcast Artwork section, allowing high privilege accounts admin+ being able to upload arbitrary files, such as php, leading to RCE. https://drive.google.com/file/d/1fyf6blzeG3VX22BQX7hc1QJ20rCY5p43/view?usp=sharing -...

0.1AI score0.01647EPSS
Exploits2References1
wpexploit
wpexploit
•added 2021/10/18 12:0 a.m.•679 views

QR Redirector < 1.6 - Subscriber+ Arbitrary QR Redirect Response Status Update

The plugin does not have capability and CSRF checks when saving bulk QR Redirector settings via the qrsavebulk AJAX action, which could allow any authenticated user, such as subscriber to change the redirect response status code of arbitrary QR Redirects jQuery.postajaxurl, qrredirectresponse: 30...

4.3CVSS0.5AI score0.00433EPSS
Exploits2
wpexploit
wpexploit
•added 2021/09/04 12:0 a.m.•679 views

Media File Renamer - Auto & Manual Rename < 5.2.7 - Media Title/Filename/Locking State Update via CSRF

The plugin does not have CSRF in place, which could allow attacker to make a logged in admin change arbitrary uploaded media title, filename, as well as locking state via a CSRF attack Notes: - We were unable to reproduce the issue from an attacker point of view, the endpoints are expecting JSON...

5.4CVSS0.3AI score0.00423EPSS
Exploits1
wpexploit
wpexploit
•added 2021/10/26 12:0 a.m.•678 views

Bulk Datetime Change < 1.12 - Missing Authorisation

The plugin does not enforce capability checks which allows users with Contributor roles to 1 list private post titles of other users and 2 change the posted date of other users' posts. Run on "Bulk Datetime Change" page: jQuery.post"https://example.com/wp-admin/admin.php?page=bulkdatetimechange",...

5.5CVSS5.7AI score0.00699EPSS
Exploits2References1
wpexploit
wpexploit
•added 2021/06/29 12:0 a.m.•678 views

Secure Copy Content Protection and Content Locking < 2.6.7 - Authenticated Blind SQL Injections

The getreports function in the plugin did not use whitelist or validate the orderby parameter before using it in SQL statements passed to the getresults DB calls, leading to SQL injection issues in the admin dashboard SQLMAP: python sqlmap.py -r r.txt -p orderby --level 5 --risk 3 --dbms MySQL...

6.5CVSS0.3AI score0.01344EPSS
Exploits2
wpexploit
wpexploit
•added 2021/07/30 12:0 a.m.•677 views

JiangQie Official Website Mini Program < 1.1.1 - Authenticated SQL Injection

The plugin does not escape or validate the id GET parameter before using it in SQL statements, leading to SQL injection issues https://example.com/wp-admin/admin.php?page=jiangqieowfreefeedback&action=detail&id=1+AND+%28SELECT+%2A+FROM+%28SELECT%28SLEEP%285%29%29%29a%29 Could also make a logged i...

8.8CVSS1.1AI score0.01608EPSS
Exploits2References1
wpexploit
wpexploit
•added 2021/10/19 12:0 a.m.•675 views

Logo Showcase with Slick Slider < 1.2.4 - Author+ Stored Cross Site Scripting

The plugin does not sanitise the Grid Settings, which could allow users with a role as low as Author to perform stored Cross-Site Scripting attacks via post metadata of Grid logo showcase. 1 Create a Logo Showcase 2 Set display type to Logo Grid 3 Set number of grid to 1"...

5.4CVSS5.3AI score0.00604EPSS
Exploits2
wpexploit
wpexploit
•added 2021/08/09 12:0 a.m.•675 views

Clean Login 1.12.6.3 - Reflected Cross-Site Scripting

The plugin does not escape the url parameter in its login form page, leading to a Reflected Cross-Site Scripting issue Append the following payload on a page where the clean-login shortcode is embed: ?url="alert/XSS/ Example: https://example.com/clean-login/?url="alert/XSS/...

0.5AI score
Exploits0
wpexploit
wpexploit
•added 2021/08/30 12:0 a.m.•673 views

Multiple Plugins from miniorange - Reflected Cross-Site Scripting via appId

The plugins do not escape the appId parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting issue https://example.com/wp-admin/admin.php?page=mooauthsettings&tab=config&appId="alert/XSS/...

1.2AI score
Exploits0
wpexploit
wpexploit
•added 2022/09/05 12:0 a.m.•672 views

CM Download Manager < 2.8.6 - Admin+ Arbitrary File Upload

The plugin allows high privilege users such as admin to upload arbitrary files by setting the any extension via the plugin's setting, which could be used by admins of multisite blog to upload PHP files for example. Activate PHP extension: - Log in and go to "CM Downloads" "Settings" "General". -...

7.2CVSS0.3AI score0.01054EPSS
Exploits2
wpexploit
wpexploit
•added 2021/09/21 12:0 a.m.•672 views

St Daily Tip <= 4.7 - CSRF to Stored Cross-Site Scripting

The plugin does not have any CSRF check in place when saving its 'Default Text to Display if no tips' setting, and was also lacking sanitisation as well as escaping before outputting it the page. This could allow attacker to make logged in administrators set a malicious payload in it, leading to ...

8.8CVSS8AI score0.00618EPSS
Exploits2
Total number of security vulnerabilities4359