Lucene search
K
WpexploitMost viewed

4359 matches found

wpexploit
wpexploit
added 2021/11/15 12:0 a.m.136 views

ProfilePress < 3.2.3 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape the ppressccdata parameter before outputting it back in an attribute of an admin dashboard page, leading to a Reflected Cross-Site Scripting issue alert/XSS/' / var form1 = document.getElementById'hack'; form1.submit;...

6.1CVSS5.9AI score0.00968EPSS
Exploits2References1
wpexploit
wpexploit
added 2021/09/22 12:0 a.m.136 views

Ninja Forms < 3.5.8 - Unprotected REST-API to Email Injection

The plugin is vulnerable to arbitrary email sending via the triggeremailaction function found in the /includes/Routes/Submissions.php file, in versions up to and including 3.5.7. This allows authenticated attackers to send arbitrary emails from the affected server via the...

6.4CVSS0.4AI score0.00636EPSS
Exploits2References1
wpexploit
wpexploit
added 2021/08/16 12:0 a.m.136 views

SP Project & Document Manager < 4.26 - Reflected Cross-Site Scripting

The plugin is vulnerable to attribute-based Reflected Cross-Site Scripting via the from and to parameters in the /functions.php file which allows attackers to inject arbitrary web scripts https://example.com/wp-admin/admin.php?page=sp-client-document-manager&from=" style=animation-name:rotation...

6.1CVSS2.7AI score0.00938EPSS
Exploits2References1
wpexploit
wpexploit
added 2021/07/05 12:0 a.m.136 views

CRM: Contact Management Simplified – UkuuPeople <= 1.6.3 - Unauthorised Favourite Addition/Deletion

The plugin does not properly check for CSRF in its ukuuaddtofav AJAX action, allowing attacker to make logged in users call them them and add or delete arbitrary favourite post. To delete a favourite To Add a favourite...

0.7AI score
Exploits0
wpexploit
wpexploit
added 2021/06/14 12:0 a.m.136 views

FoodBakery < 2.2 - Reflected Cross-Site Scripting (XSS)

The plugin, used in the theme did not properly sanitize the foodbakeryradius parameter before outputting it back in the response, leading to an unauthenticated Reflected Cross-Site Scripting XSS vulnerability...

6.1CVSS1AI score0.04348EPSS
Exploits2
wpexploit
wpexploit
added 2021/04/22 12:0 a.m.136 views

Multiple WP-Buy Plugins - Arbitrary Plugin Installation/Activation via CSRF

The "cppluginsdobuttonjoblatercallback" AJAX action, from multiple plugins of the WP-Buy vendor, was lacking CSRF check, allowing attackers to make a logged in administrator install and active arbitrary plugins including specific version from the WordPress repository which could lead to more...

1.5AI score
Exploits0
wpexploit
wpexploit
added 2024/06/05 12:0 a.m.135 views

Spotify Play Button <= 1.0 - Contributor+ Stored XSS

Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. spotify-play...

5.9AI score0.00356EPSS
Exploits2
wpexploit
wpexploit
added 2024/05/08 12:0 a.m.135 views

Gianism <= 5.1.0 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup 1. Go to...

5.7AI score0.00372EPSS
Exploits2
wpexploit
wpexploit
added 2024/05/01 12:0 a.m.135 views

Carousel Slider < 2.2.11 - Editor+ Stored XSS

Description The plugin does not sanitise and escape some parameters, which could allow users with a role as low as editor to perform Cross-Site Scripting attacks 1. Create a new slider and inset: 1212"onmouseover='alert1' to "URL View" field...

6.1AI score0.00399EPSS
Exploits2References1
wpexploit
wpexploit
added 2024/04/11 12:0 a.m.135 views

Modal Window < 5.3.10 - Modal Deletion via CSRF

Description The plugin does not have CSRF check in place when bulk deleting modals, which could allow attackers to make a logged in admin delete them via a CSRF attack Have a logged in admin open an HTML file containing where ID is an existing modal: action...

6.7AI score0.00204EPSS
Exploits2
wpexploit
wpexploit
added 2024/03/15 12:0 a.m.135 views

Gutenberg Blocks by Kadence Blocks < 3.2.26 - Contributor+ Stored XSS

Description The plugin does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks As a contributor or above, edit a post in...

5.9AI score0.00427EPSS
Exploits3References1
wpexploit
wpexploit
added 2023/11/06 12:0 a.m.135 views

WassUp Real Time Analytics <= 1.9.4.5 - Unauthenticated Stored XSS

Description The plugin does not escape IP address provided via some headers before outputting them back in an admin page, allowing unauthenticated users to perform Stored XSS attacks against logged in admins wget --header="X-Forwarded-For: " https://example.com -q -O- The XSS will be triggered wh...

6.1CVSS6.1AI score0.0051EPSS
Exploits2
wpexploit
wpexploit
added 2023/09/11 12:0 a.m.135 views

WooCommerce Payments < 4.9.0 - Subscription Suspension/Activation via CSRF

Description The plugin does not have CSRF check when suspending and activating subscriptions, which could allow attackers to make a logged in admin suspend or activate arbitrary subscription via a CSRF attack Deactivate subscription with ID 53:...

7.3AI score
Exploits0References1
wpexploit
wpexploit
added 2023/08/07 12:0 a.m.135 views

Ninja Forms < 3.6.26 - Admin+ Stored HTML Injection

Description The plugin does not sanitize and escape its label fields, which could allow high privilege users such as admin to perform Stored HTML injection. Only users with the unfilteredhtml capability can perform this, and such users are already allowed to use JS in posts/comments etc however t...

4.8CVSS5.3AI score0.00379EPSS
Exploits2
wpexploit
wpexploit
added 2023/05/02 12:0 a.m.135 views

Loginizer 1.7.8 - Reflected XSS

The plugin does not escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin Make a logged in admin open a page with the code below...

6.1CVSS8.6AI score0.00493EPSS
Exploits2
wpexploit
wpexploit
added 2023/04/25 12:0 a.m.135 views

URL Params < 2.5 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. urlparam htmltag='h1' attr='a'...

6.3AI score0.00503EPSS
Exploits2
wpexploit
wpexploit
added 2023/04/19 12:0 a.m.135 views

Help Desk WP <= 1.2.0 - Editor+ Stored XSS

The plugin does not sanitise and escape some parameters, which could allow users with a role as low as Editor to perform Cross-Site Scripting attacks. 1. Using a user with Editor Role privileges, go to the support page assigned for the Help Desk WP Plugin. 2. Click on "Add New Ticket", and fill t...

5.4CVSS8.7AI score0.00462EPSS
Exploits2
wpexploit
wpexploit
added 2023/04/17 12:0 a.m.135 views

WP Login Box <= 2.0.2 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup Set “Greeting Text” option to: alert1 Set “Enable...

4.8CVSS7.8AI score0.00442EPSS
Exploits2
wpexploit
wpexploit
added 2023/04/05 12:0 a.m.135 views

WP SMTP Mailing Queue < 2.0.1 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup 1. Navigate to "Settings SMTP Mailing Queue Tools"...

4.8CVSS8.8AI score0.00535EPSS
Exploits2References1
wpexploit
wpexploit
added 2023/02/27 12:0 a.m.135 views

WooCommerce Multiple Customer Addresses & Shipping < 21.7 - Arbitrary Address Creation/Deletion/Access/Update via IDOR

The plugin does not ensure that the address to add/update/retrieve/delete and duplicate belong to the user making the request, or is from a high privilege users, allowing any authenticated users, such as subscriber to add/update/duplicate/delete as well as retrieve addresses of other users. Run t...

8.8CVSS8.5AI score0.01196EPSS
Exploits2
wpexploit
wpexploit
added 2023/02/21 12:0 a.m.135 views

React Webcam <= 1.2.0 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. reactwebcam dir='" onmouseover="alert1"...

5.4CVSS5.2AI score0.00471EPSS
Exploits2
wpexploit
wpexploit
added 2023/01/10 12:0 a.m.135 views

PPWP – WordPress Password Protect Page < 1.8.6 - Contributor+ Stored XSS in Shortcode

The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. Exploit...

5.4CVSS0.6AI score0.00649EPSS
Exploits2
wpexploit
wpexploit
added 2022/09/19 12:0 a.m.135 views

Memberpress Downloads < 1.2.6 - Subscriber+ Arbitrary File Upload

The plugin does not properly check user capabilities in its file uploading AJAX endpoint, relying on WordPress nonces to do so. Unfortunately, the nonce can be leaked by any logged-in users, like subscribers. Since the Uploader library they use does not check file extensions at all, this may lead...

1.3AI score
Exploits0
wpexploit
wpexploit
added 2022/06/27 12:0 a.m.135 views

Insights from Google PageSpeed < 4.0.7 - Multiple CSRF

The plugin does not verify for CSRF before doing various actions such as deleting Custom URLs, which could allow attackers to make a logged in admin perform such actions via CSRF attacks...

8.8CVSS2.8AI score0.00512EPSS
Exploits2
wpexploit
wpexploit
added 2022/06/21 12:0 a.m.135 views

Very Simple Breadcrumb <= 1.0 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. Put the following payload in the "Breadcrumb css class name" settings of the plugin: "alert/XSS/...

4.8CVSS0.5AI score0.00493EPSS
Exploits2
wpexploit
wpexploit
added 2022/06/21 12:0 a.m.135 views

LinkedIn Company Updates <= 1.5.3 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. Put the following payload in the "Client ID" settings: "/...

4.8CVSS1.2AI score0.00493EPSS
Exploits2
wpexploit
wpexploit
added 2022/05/18 12:0 a.m.135 views

Email Users <= 4.8.8 - Arbitrary Settings Update via CSRF

The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and change the notification settings of arbitrary users...

6.5CVSS3.9AI score0.00513EPSS
Exploits2
wpexploit
wpexploit
added 2022/05/09 12:0 a.m.135 views

CP Image Store with Slideshow < 1.0.68 - Unauthenticated SQLi

The plugin does not sanitise and escape the orderingby query parameter before using it in a SQL statement in pages where the codepeople-image-store is embed, allowing unauthenticated users to perform an SQL injection attack On a page where the codepeople-image-store is embed, append the following...

9.8CVSS1.6AI score0.1036EPSS
Exploits2References1
wpexploit
wpexploit
added 2022/04/25 12:0 a.m.135 views

WPC Smart Wishlist for WooCommerce < 2.9.9 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape a parameter before outputting it back in an attribute via an AJAX action, leading to a Reflected Cross-Site Scripting issue. Against any authenticated user: ' /...

6.1CVSS0.00815EPSS
Exploits2
wpexploit
wpexploit
added 2022/04/06 12:0 a.m.135 views

Content Egg < 5.3.0 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape the page parameter before outputting back in an attribute in the Autoblogging admin dashboard, leading to a Reflected Cross-Site Scripting alert/XSS/;'...

6.1CVSS6.2AI score0.00897EPSS
Exploits2
wpexploit
wpexploit
added 2022/02/14 12:0 a.m.135 views

WP-Matomo Integration (WP-Piwik) < 1.0.27 - Plugin Settings Reset via CSRF

The plugin does not have CSRF when resetting its settings, which could allow attackers to make a logged in admin reset them via a CSRF attack https://example.com/wp-admin/options-general.php?page=wp-piwik%2Fclasses%2FWPPiwik.php&clear=2...

6.8AI score
Exploits0References1
wpexploit
wpexploit
added 2022/02/14 12:0 a.m.135 views

LoginPress < 1.5.12 - Reflected Cross-Site Scripting

The plugin does not escape the redirect-page parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting...

6.1CVSS1.4AI score0.00788EPSS
Exploits2
wpexploit
wpexploit
added 2021/11/08 12:0 a.m.135 views

Secure Copy Content Protection and Content Locking < 2.8.2 - Unauthenticated SQL Injection

The plugin does not escape the sccpid parameter of the ayssccpresultsexportfile AJAX action available to both unauthenticated and authenticated users before using it in a SQL statement, leading to an SQL injection...

9.8CVSS9.5AI score0.78812EPSS
Exploits7
wpexploit
wpexploit
added 2021/07/05 12:0 a.m.135 views

Haxcan <= 1.0.0 - CSRF Bypass

The plugin does not properly check for CSRF in its getajaxresponse AJAX action, allowing attacker to make logged in admin call them it via CSRF attack and add arbitrary files in quarantine for example. Add an arbitrary file to quarantine...

0.8AI score
Exploits0
wpexploit
wpexploit
added 2021/05/16 12:0 a.m.135 views

Bello < 1.6.0 - Unauthenticated Blind SQL Injection

The theme did not sanitise the btbblistingfieldpricerangeto, btbblistingfieldnowopen, btbblistingfieldmylng, listinglistview and btbblistingfieldmylat parameters before using them in a SQL statement, leading to SQL Injection issues -- Payload: $ -4034 OR 4877=4877 AND 2369=2369 -- PoC 1 |...

9.8CVSS9.8AI score0.66576EPSS
Exploits2References1
wpexploit
wpexploit
added 2021/04/20 12:0 a.m.135 views

Redirection for Contact Form 7 < 2.3.4 - Authenticated Arbitrary Plugin Installation

In the plugin, low level users, such as subscribers, could use the importfromdebug AJAX action to install any plugin from the WordPress repository. $wpuser, 'pwd' = $wppass, 'rememberme' = 'forever', 'wp-submit' = 'Log+In', ; $output = curlexec$ch; curlclose$ch; // Install some plugins $ch =...

4CVSS1.4AI score0.00831EPSS
Exploits2References1
wpexploit
wpexploit
added 2021/02/04 12:0 a.m.135 views

wpDataTables < 3.4.1 - Unauthenticated SQL Injection

In the default configuration, a simple table can be published in a page that does not require authentication. The table can be searched, and is vulnerable to SQL Injection via the order parameter. An unauthenticated user visiting the page where the table is published can perform a SQL injection...

10CVSS1AI score0.04615EPSS
Exploits2References1
wpexploit
wpexploit
added 2026/01/08 12:0 a.m.134 views

Notification Bar for WordPress <= 1.1.8 – Unauthenticated Subscriber Data Disclosure

Description The plugin exposes an unauthenticated CSV export script that discloses all stored subscriber emails. https://example.com/wp-content/plugins/8-degree-notification-bar/inc/backend/blocks/export-csv.php...

5.4AI score
Exploits1
wpexploit
wpexploit
added 2024/05/24 12:0 a.m.134 views

WP Prayer II <= 2.4.7 - Email Settings Update via CSRF

Description The plugin does not have CSRF check in place when updating its email settings, which could allow attackers to make a logged in admin change them via a CSRF attack Have an admin open an HTML file containing:...

6.6AI score0.00197EPSS
Exploits2
wpexploit
wpexploit
added 2024/04/08 12:0 a.m.134 views

Smart Forms < 2.6.96 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup 1. Add a new form or edit an existing...

5.7AI score0.0047EPSS
Exploits2
wpexploit
wpexploit
added 2024/02/21 12:0 a.m.134 views

Jobs for WordPress < 2.7.4 - Contributor+ Stored XSS

Description The plugin does not sanitise and escape some parameters, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks 1. As a Contributor, navigate to "Add new position" 2. On the page to create a post, in the "Working Hours" add: 3. When a...

5.9AI score0.00457EPSS
Exploits2
wpexploit
wpexploit
added 2024/01/01 12:0 a.m.134 views

Meris <= 1.1.2 - Reflected XSS

Description The theme does not sanitise and escape some parameters before outputting them back in the page, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin alert/XSS-areaname/" / alert/XSS-num/' /...

6.1CVSS8.7AI score0.00331EPSS
Exploits1
wpexploit
wpexploit
added 2023/11/27 12:0 a.m.134 views

Swift Performance Lite <= 2.3.6.14 - Unauthenticated Configuration Export

Description The plugin does not prevent users from exporting the plugin's settings, which may include sensitive information such as Cloudflare API tokens. curl --url 'http://vulnerable-site.tld/wp-admin/admin-post.php?luv-action=export'...

4.3CVSS8.6AI score0.00916EPSS
Exploits3
wpexploit
wpexploit
added 2023/05/02 12:0 a.m.134 views

Add to Feedly <= 1.2.11 - Admin+ Stored XSS

The plugin does not sanitize and escape its settings, allowing high-privilege users such as admin to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. Install the plugin and insert the following payload in the field "Feed URL http://...": 1"alert1 Save th...

4.8CVSS8.7AI score0.00472EPSS
Exploits2
wpexploit
wpexploit
added 2023/04/12 12:0 a.m.134 views

ChatBot < 4.4.9 - Subscriber+ OpenAI Settings Update to Stored XSS

The plugin does not have authorisation and CSRF in the AJAX action responsible to update the OpenAI settings, allowing any authenticated users, such as subscriber to update them. Furthermore, due to the lack of escaping of the settings, this could also lead to Stored XSS Run the below command in...

5.4CVSS5.6AI score0.00242EPSS
Exploits2
wpexploit
wpexploit
added 2023/04/03 12:0 a.m.134 views

Steveas WP Live Chat Shoutbox <= 1.4.2 - Unauthenticated Stored XSS

The plugin does not sanitise and escape a parameter before outputting it back in the Shoutbox, leading to Stored Cross-Site Scripting which could be used against high privilege users such as admins. On a clean Wordpress on localhost: 1. Modify the Shoutboxalias cookie with a value such as 2. Send...

6.1CVSS6.1AI score0.00458EPSS
Exploits2
wpexploit
wpexploit
added 2023/02/28 12:0 a.m.134 views

OoohBoi Steroids for Elementor < 2.1.5 - Subscriber+ Attachment Deletion

The plugin has CSRF and broken access control vulnerabilities which leads user with role as low as subscriber to delete attachment. Exploit 1 attachment id delete: fetch'/wp-admin/admin-ajax.php', method: 'POST', headers: new Headers 'Content-Type': 'application/x-www-form-urlencoded', , body:...

6.5CVSS7.2AI score0.01003EPSS
Exploits2
wpexploit
wpexploit
added 2023/02/14 12:0 a.m.134 views

Client Logo Carousel <= 3.0.0 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. Note: 1. First, you need to add a Carousel...

5.4CVSS5.2AI score0.00471EPSS
Exploits2
wpexploit
wpexploit
added 2022/12/21 12:0 a.m.134 views

Page Scroll To ID < 1.7.6 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. Put the...

5.4CVSS0.5AI score0.00471EPSS
Exploits2
wpexploit
wpexploit
added 2022/06/21 12:0 a.m.134 views

Import CSV Files <= 1.0 - Reflected Cross-Site Scripting

The plugin does not sanitise and escaped imported data before outputting them back in a page, and is lacking CSRF check when performing such action as well, resulting in a Reflected Cross-Site Scripting history.pushState'', '', '/' function submitRequest var xhr = new XMLHttpRequest;...

6.1CVSS0.00337EPSS
Exploits2
Total number of security vulnerabilities4359