Lucene search
K
WpexploitMost viewed

4359 matches found

wpexploit
wpexploit
added 2022/06/14 12:0 a.m.134 views

Checkout Fields Manager for WooCommerce < 5.5.7 - Reflected Cross-Site Scripting

The plugin does not escape some URLs before outputting them back in attributes, leading to Reflected Cross-Site Scripting https://example.com/wp-admin/admin.php?page=wc-settings&tab=wooccm&section=advanced&"--alert/XSS/...

0.4AI score
Exploits0
wpexploit
wpexploit
added 2022/06/02 12:0 a.m.134 views

Ultimate WooCommerce CSV Importer <= 2.0 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape the imported data before outputting it back in the page, leading to a Reflected Cross-Site Scripting POST /wp-admin/admin.php?page=simple-woocommerce-csv-loader%2Fadmin%2FCSVLoader.php HTTP/1.1 Accept:...

6.1CVSS6.2AI score0.00739EPSS
Exploits2
wpexploit
wpexploit
added 2022/05/16 12:0 a.m.134 views

WP Born Babies <= 1.0 - Contributor+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its fields, which could allow users with a role as low as contributor to perform Cross-Site Scripting attacks As a contributor, create a new Baby item and put the following payload in any of the settings such as Birth Date, Time of Birth etc:...

5.4CVSS0.1AI score0.00571EPSS
Exploits2
wpexploit
wpexploit
added 2022/05/10 12:0 a.m.134 views

Easy FAQ with Expanding Text <= 3.2.8.3.1 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape its settings, allowing high privilege users to perform Cross-Site Scripting attacks when unfilteredhtml is disallowed Put the following payload in any of the plugin's settings such as Font size, Font Color and save: "...

4.8CVSS0.8AI score0.00565EPSS
Exploits2
wpexploit
wpexploit
added 2022/03/28 12:0 a.m.134 views

SearchIQ < 3.9 - Unauthenticated Stored XSS

The plugin contains a flag to disable the verification of CSRF nonces, granting unauthenticated attackers access to the siqajax AJAX action and allowing them to perform Cross-Site Scripting attacks due to the lack of sanitisation and escaping in the customCss parameter Once the plugin is configur...

6.1CVSS0.8AI score0.00852EPSS
Exploits2
wpexploit
wpexploit
added 2022/03/28 12:0 a.m.134 views

Easy Digital Downloads < 2.11.6 - Arbitrary Payment Note Insertion via CSRF

The plugin does not have CSRF check in place when inserting payment notes, which could allow attackers to make a logged admin insert arbitrary notes via a CSRF attack...

4.3CVSS1.3AI score0.00469EPSS
Exploits2References1
wpexploit
wpexploit
added 2022/01/12 12:0 a.m.134 views

Ibtana < 1.1.4.9 - Subscriber+ Settings Update to Stored XSS

The plugin does not have authorisation and CSRF checks in the ivesavegeneralsettings AJAX action, allowing any authenticated users, such as subscriber to call it and change the plugin's settings which could lead to Stored Cross-Site Scripting issue. Note: v1.1.4.7 added CSRF check, authorisation...

3.5CVSS0.6AI score0.00581EPSS
Exploits2
wpexploit
wpexploit
added 2021/11/23 12:0 a.m.134 views

WPFront User Role Editor < 3.2.1.11184 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape the changes-saved parameter before outputting it back in the admin dashboard, leading to a Reflected Cross-Site Scripting...

6.1CVSS0.7AI score0.008EPSS
Exploits2
wpexploit
wpexploit
added 2021/11/11 12:0 a.m.134 views

Like Button Rating < 2.6.38 - Unauthorised Vote Export to Email & IP Addresses Disclosure

The plugin does not have any authorisation and CSRF checks in the likebtnexportvotes AJAX action, which could allow any authenticated user, such as subscriber, to get a list of email and IP addresses of people who liked content from the blog. fetch"http://example.com/wp-admin/admin-ajax.php",...

8CVSS7.6AI score0.00557EPSS
Exploits2
wpexploit
wpexploit
added 2021/07/24 12:0 a.m.134 views

Edit Comments <= 0.3 - Reflected Cross-Site Scripting

The plugin does not sanitise, validate or escape the jaleditcomments GET parameter before outputting back in the page, leading to a reflected Cross-Site Scripting issue Post a comment on a page, then open https://example.com//?jaleditcomments=?jaleditcomments="alert/XSS/...

Exploits0
wpexploit
wpexploit
added 2021/06/28 12:0 a.m.134 views

ProfilePress 3.0 - 3.1.3 - Unauthenticated Privilege Escalation

The user registration functionality of the plugin allowed arbitrary user meta to be supplied, including wpcapabilities, during registration which made it possible for users to register as an administrator. 'Hax0r', 'regemail' = '[email protected]', 'regpassword' = 'password', 'regpasswordpresent' =...

9.8CVSS1.8AI score0.68862EPSS
Exploits8References1
wpexploit
wpexploit
added 2021/06/28 12:0 a.m.134 views

Any Hostname <= 1.0.6 - Authenticated Stored Cross-Site Scripting (XSS)

The plugin does not sanitise or escape its "Allowed hosts" setting, leading to an authenticated stored XSS issue as high privilege users are able to set XSS payloads in it As admin, put the following payload in the "Allowed host" setting of the plugin /wp-admin/options-general.phpany-hostname:...

3.5CVSS0.2AI score0.00613EPSS
Exploits2
wpexploit
wpexploit
added 2021/06/28 12:0 a.m.134 views

ProfilePress < 3.1.8 - Authenticated Stored XSS

The plugin did not sanitise or escape some of its settings before saving them and outputting them back in the page, allowing high privilege users such as admin to set JavaScript payloads in them even when the unfilteredhtml capability is disallowed, leading to an authenticated Stored Cross-Site...

3.5CVSS0.5AI score0.00652EPSS
Exploits2
wpexploit
wpexploit
added 2021/06/28 12:0 a.m.134 views

Steam Group Viewer <= 2.1 - Authenticated Stored Cross-Site Scripting (XSS)

The plugin does not sanitise or escape its "Steam Group Address" settings before outputting it in the page, leading to an authenticated Stored Cross-Site Scripting issue Enter the following payload in the "Steam Group Adrdess" setting of the plugin: "alert/XSS/...

3.5CVSS0.3AI score0.0062EPSS
Exploits2
wpexploit
wpexploit
added 2021/06/09 12:0 a.m.134 views

Advanced AJAX Product Filters < 1.5.4.7 - Unauthenticated Reflected Cross-Site Scripting (XSS)

The braapfgetchild AJAX action of the plugin, available to both unauthenticated and authenticated users does not sanitise the 'termid' POST parameter before outputting it in the page, leading to reflected Cross-Site Scripting issue. "' / POST /wp-admin/admin-ajax.php HTTP/1.1 Accept:...

6.1AI score0.00449EPSS
Exploits2
wpexploit
wpexploit
added 2021/06/08 12:0 a.m.134 views

WP Prayer < 1.6.7 - Arbitrary Plugin Settings Update via CSRF

The plugin did not properly check for CSRF in some of its module functions, allowing attacker to make logged in admin change all plugin's settings including the email settings for example. v1.6.6 fixed most of CSRF checks, but the one in model.emailsettings.php was improperly fixed bypass still...

Exploits0
wpexploit
wpexploit
added 2021/03/15 12:0 a.m.134 views

Tutor LMS < 1.7.7 - Unprotected AJAX including Privilege Escalation

Several AJAX endpoints in the plugin were unprotected, allowing students to modify course information and elevate their privileges among many other actions. Only one PoC provided for privilege escalation. $wpuser, 'pwd' = $wppass, 'rememberme' = 'forever', 'wp-submit' = 'Log+In', ; $output =...

6.5CVSS1.3AI score0.01439EPSS
Exploits2References1
wpexploit
wpexploit
added 2024/06/07 12:0 a.m.133 views

Widget4Call <= 1.0.7 - Reflected XSS

Description The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin Make an admin open the URL:...

6AI score0.00555EPSS
Exploits2
wpexploit
wpexploit
added 2024/05/02 12:0 a.m.133 views

Pet Manager <= 1.4 - Contributor+ Stored XSS

Description The plugin does not sanitise and escape some of its Pet settings, which could allow high privilege users such as Contributor to perform Stored Cross-Site Scripting attacks. 1. Go to "Pets Add Pet" 2. In the "Address" field add the payload " style=animation-name:rotation...

5.8AI score0.00351EPSS
Exploits2
wpexploit
wpexploit
added 2024/04/11 12:0 a.m.133 views

Button Generator < 3.0 - Button Deletion via CSRF

Description The plugin does not have CSRF check in place when bulk deleting, which could allow attackers to make a logged in admin delete buttons via a CSRF attack Make a logged in admin open an HTML file containing: action...

6.7AI score0.00229EPSS
Exploits2
wpexploit
wpexploit
added 2024/04/05 12:0 a.m.133 views

Fancy Product Designer < 6.1.8 - Reflected Cross Site Scripting

Description The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against unauthenticated and admin-level users Note: This requires WooCommerce to be installed. 1. Go to "Fancy Product Designer...

6.3AI score0.00462EPSS
Exploits2
wpexploit
wpexploit
added 2024/02/20 12:0 a.m.133 views

Error Log Viewer < 1.1.3 - Directory Listing to Sensitive Data Exposure

Description The plugin contains a vulnerability that allows you to read and download PHP logs without authorization 1 Admin should click on "Save as TXT file" in http://yoursite/wordpress/wp-admin/admin.php?page=rrrlgvwr-monitor.php 2 Then someone else can go to...

8.7AI score0.00587EPSS
Exploits2References1
wpexploit
wpexploit
added 2024/01/09 12:0 a.m.133 views

Contact Form 7 Connector < 1.2.3 - Reflected XSS

Description The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against administrators. http://vulnerable-site.tld/wp-admin/admin.php?page=ari-cf7connector-log&format=html&log=...

6.1CVSS6.1AI score0.00458EPSS
Exploits2
wpexploit
wpexploit
added 2023/12/21 12:0 a.m.133 views

Keap Official Opt-in Forms <= 1.0.11 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example, in multisite setup. 1. Store the script in non-sanitized...

4.8CVSS5.6AI score0.00402EPSS
Exploits2
wpexploit
wpexploit
added 2023/10/16 12:0 a.m.133 views

WooCommerce Ninja Forms Product Add-ons < 1.7.1 - Unauthenticated Arbitrary File Upload

Description The plugin does not validate the file to be uploaded, allowing any unauthenticated users to upload arbitrary files to the server, leading to RCE. Make sure to have both WooCommerce and NinjaForms 3.4.34.2 NF's latest version on the 3.4 branch installed, then follow those instructions:...

9.8CVSS9.8AI score0.00877EPSS
Exploits2
wpexploit
wpexploit
added 2023/07/31 12:0 a.m.133 views

MultiParcels Shipping For WooCommerce 1.15.2-1.15.3 - Reflected XSS

Description The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin Make a logged in admin open...

6.1CVSS6.1AI score0.00396EPSS
Exploits2
wpexploit
wpexploit
added 2023/04/25 12:0 a.m.133 views

REST API TO MiniProgram <= 4.6.1 - Subscriber+ Attachment Deletion

The plugin does not have authorisation and CSRF checks in an AJAX action, allowing ay authenticated users, such as subscriber to call and delete arbitrary attachments fetch'https://example.com/wp-admin/admin-ajax.php', method: 'POST', headers: new Headers 'Content-Type':...

7AI score0.0028EPSS
Exploits2
wpexploit
wpexploit
added 2023/04/03 12:0 a.m.133 views

Random Text <= 0.3.0 - Subscriber+ SQLi

The plugin does not properly sanitize and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by any authenticated users, such as subscribers. fetch'/wp-admin/admin-ajax.php', method: 'POST', headers: new Headers 'Content-Type':...

8.8CVSS9.2AI score0.0089EPSS
Exploits2
wpexploit
wpexploit
added 2023/03/29 12:0 a.m.133 views

Weaver Xtreme Theme Support < 6.2.7 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. Required theme:...

5.4CVSS5.2AI score0.00471EPSS
Exploits2
wpexploit
wpexploit
added 2023/03/27 12:0 a.m.134 views

Photo Gallery by 10Web < 1.8.15 - Admin+ Path Traversal

- The plugin did not ensure that uploaded files are kept inside its uploads folder, allowing high privilege users to put images anywhere in the filesystem via a path traversal vector. - Path Traversal Vulnerabillity also allows listing the entire folder & image file in the system. - The below...

4.9CVSS5.5AI score0.00783EPSS
Exploits2
wpexploit
wpexploit
added 2023/02/28 12:0 a.m.133 views

HT Portfolio < 1.1.6 - Arbitrary Plugin Activation via CSRF

The plugin does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack activate woocommerce plugin exploit: fetch'http://localhost/wp-admin/admin-ajax.php', method: 'POST', headers: new...

4.3CVSS5.6AI score0.00281EPSS
Exploits2
wpexploit
wpexploit
added 2023/01/11 12:0 a.m.133 views

Gallery Factory Lite <= 2.0.0 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. Note: First, you need to add an Album...

5.4CVSS1.6AI score0.00695EPSS
Exploits2
wpexploit
wpexploit
added 2022/12/12 12:0 a.m.133 views

Multimedial Images <= 1.0b - Admin+ SQLi

The plugin does not properly sanitize and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as Admin. https://example.com/wp-admin/options-general.php?page=mmi&a=delbg&id=33+AND+SELECT+5926+FROM+SELECTSLEEP5erUA...

7.2CVSS1.5AI score0.00983EPSS
Exploits2References1
wpexploit
wpexploit
added 2022/10/19 12:0 a.m.133 views

reSmush.it Image Optimizer < 0.4.7 - Multiple CSRF

The plugin does not perform CSRF checks for any of its AJAX actions, allowing an attackers to trick logged in users to perform various actions on their behalf on the site. input type="hidden" name="action" value="resmushit&...

6.5CVSS0.5AI score0.00326EPSS
Exploits2
wpexploit
wpexploit
added 2022/08/29 12:0 a.m.133 views

Visual Composer Website Builder < 45.0.1 - Authenticated Stored XSS via Title

The plugin does not sanitise and escape post/page Title, which could allow users with access to the plugin's editor to perform Cross-Site Scripting attacks Create a post using the plugin editor and add the following payload in the Title: " The XSS will be triggered when editing the post again...

6.4CVSS0.8AI score0.00489EPSS
Exploits1
wpexploit
wpexploit
added 2022/08/08 12:0 a.m.133 views

Stop Spam Comments <= 0.2.1.2 - Access Token Bypass

The plugin does not properly generate the Javascript access token for preventing abuse of comment section, allowing threat authors to easily collect the value and add it to the request. Collect the name and value of ssckey for the target post and use it on the request. curl...

6.5CVSS2AI score0.00546EPSS
Exploits2
wpexploit
wpexploit
added 2022/06/02 12:0 a.m.133 views

HTML2WP <= 1.0.0 - Unauthenticated Arbitrary File Upload

The plugin does not have authorisation and CSRF checks when importing files, and does not validate them, as a result, unauthenticated attackers can upload arbitrary files such as PHP on the remote server await fetch"https://example.com/wp-admin/admin.php?page=html2wp-settings", "headers":...

9.8CVSS0.8AI score0.11866EPSS
Exploits2
wpexploit
wpexploit
added 2022/06/01 12:0 a.m.133 views

Social Share Buttons by Supsystic < 2.2.4 - Multiple CSRF

The plugin does not perform CSRF checks in it's ajax endpoints and admin pages, allowing an attacker to trick any logged in user to manipulate or change the plugin settings, as well as create, delete and rename projects and networks. document.getElementById"test".submit;...

4.3CVSS0.5AI score0.00412EPSS
Exploits2
wpexploit
wpexploit
added 2022/05/16 12:0 a.m.133 views

User Meta < 2.4.4 - Subscriber+ Local File Enumeration via Path Traversal

The plugin does not validate the filepath parameter of its umshowuploadedfile AJAX action, which could allow low privileged users such as subscriber to enumerate the local files on the web server via path traversal payloads As a subscriber, submit a dummy image on a page/post with a File Upload...

6.5CVSS6.4AI score0.02233EPSS
Exploits5
wpexploit
wpexploit
added 2022/05/09 12:0 a.m.133 views

Logo Slider <= 1.4.8 - Admin+ SQLi

The plugin does not sanitise and escape the lspsliderid parameter before using it in a SQL statement via the Manage Slider Images admin page, leading to an SQL Injection https://example.com/wp-admin/admin.php?page=manageimages&lspsliderid=1+AND+SELECT+7741+FROM+SELECTSLEEP5hlAf...

4CVSS1.8AI score0.00764EPSS
Exploits2References1
wpexploit
wpexploit
added 2022/04/11 12:0 a.m.133 views

Fast Flow < 1.2.11 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape the page parameter before outputting back in an attribute in an admin dashboard, leading to a Reflected Cross-Site Scripting ' document.form1.submit;...

6.1CVSS0.4AI score0.00876EPSS
Exploits2
wpexploit
wpexploit
added 2022/03/01 12:0 a.m.133 views

Delete Old Orders <= 0.2 - Reflected Cross-Site Scripting

The plugin does not sanitize and escape the date parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting. https://example.com/wp-admin/admin.php?page=woo-delete-old-orders&step=3&date="...

6.1CVSS1.2AI score0.00788EPSS
Exploits2
wpexploit
wpexploit
added 2022/03/01 12:0 a.m.133 views

Database Peek <= 1.2 - Reflected Cross-Site Scripting

The plugin does not sanitize and escape the match parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting. https://example.com/wp-admin/admin.php?page=ab-database-peek&table=wpusers&match="...

6.1CVSS0.8AI score0.00788EPSS
Exploits2
wpexploit
wpexploit
added 2022/02/10 12:0 a.m.133 views

WP Statistics < 13.1.5 - Unauthenticated Blind SQL Injection

The plugin is vulnerable to unauthenticated SQL Injection via the exclusionreason parameter due to missing parameterization and escaping in the SQL query found on line 88 of the /includes/class-wp-statistics-exclusion.php file when the Record Exclusions feature is enabled. Step 1: Insert "aaaa"...

9.8CVSS0.8AI score0.5346EPSS
Exploits3References1
wpexploit
wpexploit
added 2022/01/25 12:0 a.m.133 views

AP Custom Testimonial < 1.4.8 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape the id parameter before outputting it back in an attribute, leading to a Reflected cross-Site Scripting https://example.com/wp-admin/admin.php?page=apcttestimonialedit&id=1"alert/XSS/...

6.1CVSS0.8AI score0.00853EPSS
Exploits2References1
wpexploit
wpexploit
added 2021/07/27 12:0 a.m.133 views

uListing < 2.0.6 - Authenticated IDOR

An Authenticated User IDOR vulnerability was discovered in the plugin. Important: userid and listingid values ​​are dependent on each other, that is, if the author ID == 4, the data can only be modified for those ADs and pages that relate to this particular ID. You can find out the author of the...

6.5CVSS0.4AI score0.01064EPSS
Exploits1
wpexploit
wpexploit
added 2021/07/24 12:0 a.m.133 views

Diary & Availability Calendar <= 1.0.3 - Authenticated (subscriber+) SQL Injection

The daacdeletebookingcallback function, hooked to the daacdeletebooking AJAX action, takes the id POST parameter which is passed into the SQL statement without proper sanitisation, validation or escaping, leading to a SQL Injection issue. Furthermore, the ajax action is lacking any CSRF and...

6.5CVSS0.3AI score0.00821EPSS
Exploits2References1
wpexploit
wpexploit
added 2021/07/06 12:0 a.m.133 views

Marmoset Viewer < 1.9.3 - Reflected Cross Site Scripting

The plugin does not property sanitize, validate or escape the 'id' parameter before outputting back in the page, leading to a reflected Cross-Site Scripting issue. https://example.com/wp-content/plugins/marmoset-viewer/mviewer.php?id=http://%3C/script%3E%3Csvg/onload=alert1%3E WPScanTeam Reporter...

4.3CVSS6.1AI score0.02897EPSS
Exploits2References1
wpexploit
wpexploit
added 2021/03/17 12:0 a.m.133 views

Elementor < 3.1.2 - Authenticated Stored Cross-Site Scripting (XSS) in Accordion Widget

In the plugin, the accordion widget includes/widgets/accordion.php accepts a ‘titlehtmltag’ parameter. Although the element control lists a fixed set of possible html tags, it is possible for a user with Contributor or above permissions to send a modified ‘savebuilder’ request containing JavaScri...

3.5CVSS5.5AI score0.00746EPSS
Exploits2References1
wpexploit
wpexploit
added 2021/02/02 12:0 a.m.133 views

Popup Builder < 3.74 - Authenticated Reflected Cross-Site Scripting (XSS)

The "All Subscribers" setting page of Popup Builder was vulnerable to reflected Cross-Site Scripting. http://example.com/wp-admin/edit.php?posttype=popupbuilder&page=sgpbSubscribers&sgpb-subscribers-date=%22%3E%3Cscript%3Ealert%28origin%29%3C%2Fscript%3E Video:...

0.9AI score0.00734EPSS
Exploits1
Total number of security vulnerabilities4359