Lucene search
K
WpexploitMost viewed

4359 matches found

wpexploit
wpexploit
added 2019/10/14 12:0 a.m.133 views

Popup-Maker < 1.8.12 - Multiple Vulnerabilities

An attacker can partially control the arguments of the doaction, during the initialization of the PUMSite . Because of this, an attacker can call any method which contains an action starting from popmake or pum . This will lead to successful execution of functions which do not require arguments...

6.4CVSS1.6AI score0.09232EPSS
Exploits2References1
wpexploit
wpexploit
added 2017/08/26 12:0 a.m.133 views

Multiple Plugins - Unauthenticated RCE via PHPUnit

There was an Unauthenticated Remote Code Execution RCE vulnerability in PHPUnit, a widely used testing framework for PHP. This vulnerability has been seen exploited in the wild. curl -X POST --data ""...

7.5CVSS1.6AI score0.99999EPSS
Exploits19References2
wpexploit
wpexploit
added 2024/04/15 12:0 a.m.133 views

MF Gig Calendar <= 1.2.1 - Editor+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as editor to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup 1. Go to "MF Gig Calendar Settings" 2...

5.7AI score0.00425EPSS
Exploits2
wpexploit
wpexploit
added 2024/04/05 12:0 a.m.132 views

Salon booking system < 9.6.6 - Editor+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as Editor to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup 1. Go to "Salon Services Add New...

5.6AI score0.00418EPSS
Exploits2
wpexploit
wpexploit
added 2024/02/28 12:0 a.m.132 views

Booking Calendar < 1.3.83 - CSRF appointment scheduling

Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks such as adding a booking to the calendar without paying. input type="s...

6.7AI score0.00384EPSS
Exploits2
wpexploit
wpexploit
added 2024/02/27 12:0 a.m.132 views

Profile Box Shortcode And Widget < 1.2.1 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup When creating a new widget, insert the...

5.7AI score0.00416EPSS
Exploits2References1
wpexploit
wpexploit
added 2024/02/13 12:0 a.m.132 views

Ultimate Posts Widget < 2.3.1 - Admin+ Stored XSS

Description The plugin does not validate and escape some of its Widget options before outputting them back in attributes, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in...

7.9AI score0.00442EPSS
Exploits2References1
wpexploit
wpexploit
added 2024/01/26 12:0 a.m.132 views

wp-dashboard-notes < 1.0.11 - Contributor+ Arbitrary Private Notes Update via IDOR

Description The plugin does not validate that the user has access to the postid parameter in its wpdnupdatenote AJAX action. This allows users with a role of contributor and above to update notes created by other users. 1. Create a note as an admin. View the source of the page to get the Note ID...

9.5AI score0.00456EPSS
Exploits2
wpexploit
wpexploit
added 2023/10/09 12:0 a.m.132 views

Popup box < 3.7.2 - Admin+ Stored Cross-Site Scripting

Description The plugin does not sanitize and escape some Popup fields, which could allow high-privilege users such as an administrator to inject arbitrary web scripts even when the unfilteredhtml capability is disallowed for example in a multisite setup. 1. Create a new PopUp Box within the plugi...

4.8CVSS5.1AI score0.00402EPSS
Exploits2
wpexploit
wpexploit
added 2023/10/09 12:0 a.m.132 views

Login screen manager <= 3.5.2 - Admin+ Stored XSS

Description The plugin does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. Put the following payload in the "Hov...

4.8CVSS4.8AI score0.00379EPSS
Exploits2
wpexploit
wpexploit
added 2023/09/11 12:0 a.m.132 views

Booking Calendar < 9.7.3.1 - Unauthenticated Stored XSS

Description The plugin does not sanitize and escape some of its booking from data, allowing unauthenticated users to perform Stored Cross-Site Scripting attacks against administrators As an unauthenticated user, submit a booking form such form can be added via the Booking Calendar Block on a...

6.1CVSS6AI score0.00475EPSS
Exploits2
wpexploit
wpexploit
added 2023/05/22 12:0 a.m.132 views

qubotchat < 1.1.6 - Unauthenticated Stored XSS

The plugin doesn't filter user input on chat, leading to bad code inserted on it be reflected on the user dashboard. 1. Enter " as the malicious payload into the chatbot input. 2. See XSS vulnerability...

6.1CVSS6.6AI score0.00499EPSS
Exploits2
wpexploit
wpexploit
added 2023/05/01 12:0 a.m.132 views

WP EasyPay < 4.1 - Reflected Cross-Site Scripting

The plugin does not escape some generated URLs before outputting them back in pages, leading to Reflected Cross-Site Scripting issues which could be used against high privilege users such as admin When there is no account connected, make a logged in admin open...

8.7AI score0.00458EPSS
Exploits2
wpexploit
wpexploit
added 2023/03/08 12:0 a.m.132 views

Image Over Image For WPBakery Page Builder < 3.0 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. imageoverimagevc...

5.4CVSS5.2AI score0.00471EPSS
Exploits2
wpexploit
wpexploit
added 2022/06/20 12:0 a.m.132 views

WP Duplicate Page < 1.3 - Admin+ Stored Cross Site Scripting

The plugin does not sanitize and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed. 1. Navigate to Settings -Duplicate Page - Duplicate Page Settings and enter the XSS payload into the...

4.8CVSS0.00493EPSS
Exploits2
wpexploit
wpexploit
added 2022/06/01 12:0 a.m.132 views

Cimy Header Image Rotator <= 6.1.1 - Arbitrary Settings Update via CSRF

The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack document.getElementById"test".submit; input ty...

4.3CVSS1.4AI score0.00412EPSS
Exploits2
wpexploit
wpexploit
added 2022/05/23 12:0 a.m.132 views

WP Admin Style <= 0.1.2 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfilteredhtml capability is disallowed Put the following payload in the CSS settings of the plugin:...

4.8CVSS0.6AI score0.00565EPSS
Exploits2
wpexploit
wpexploit
added 2022/05/17 12:0 a.m.132 views

WP Athletics <= 1.1.7 - Subscriber+ Stored Cross-Site Scripting

The plugin does not sanitize parameters before storing them in the database, nor does it escape the values when outputting them back in the admin dashboard, leading to a Stored Cross-Site Scripting vulnerability. - Log on to the site using a subscriber account. - On the page the shortcode is...

5.4CVSS0.5AI score0.00571EPSS
Exploits2
wpexploit
wpexploit
added 2022/04/11 12:0 a.m.132 views

Photo Gallery < 1.6.3 - Unauthenticated SQL Injection

The plugin does not properly escape the $POST'filtertag' parameter, which is appended to an SQL query, making SQL Injection attacks possible. POST /wp-admin/admin-ajax.php?imageid=123 HTTP/1.1 Accept: application/json, text/javascript, /; q=0.01 Accept-Language: zh,en;q=0.5 Accept-Encoding: gzip,...

9.8CVSS1AI score0.23459EPSS
Exploits2References1
wpexploit
wpexploit
added 2022/03/09 12:0 a.m.132 views

Booking Package < 1.5.29 - Unauthenticated Sensitive Data Disclosure

The plugin requires a token for exporting the ical representation of it's booking calendar, but this token is returned in the json response to unauthenticated users performing a booking, leading to a sensitive data disclosure vulnerability. When a guest make a booking via sending "action:...

7.5CVSS7.5AI score0.01594EPSS
Exploits2
wpexploit
wpexploit
added 2022/03/01 12:0 a.m.132 views

Multilist Subscribe for Sendy <= 1.6.1 - Subscriber+ Arbitrary Options Update

The plugin is using an outdated version of the Freemius library 1.2.2.9, which is known to be affected by a security issue allowing any authenticated users, such as subscriber to set arbitrary blog options As any authenticated user: Enable new user registrations:...

0.4AI score
Exploits0
wpexploit
wpexploit
added 2022/02/01 12:0 a.m.132 views

Conversios.io < 4.6.2 - Subscriber+ SQL Injection

The plugin does not sanitise, validate and escape the syncprogressivedata parameter for the tvcajaxproductsyncbantchwise AJAX action before using it in a SQL statement, allowing any authenticated user to perform SQL injection attacks. Note: The vendor was notified multiple times since November 6t...

8.8CVSS0.5AI score0.01297EPSS
Exploits2
wpexploit
wpexploit
added 2021/11/29 12:0 a.m.132 views

Buttonizer - Smart Floating Action Button < 2.5.5 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some parameter before outputting them in attributes and page, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. Add/edit a new button, set its Button action to "Website URL"...

4.8CVSS0.3AI score0.00598EPSS
Exploits2
wpexploit
wpexploit
added 2021/11/15 12:0 a.m.132 views

Mediamatic < 2.8.1 - Subscriber+ SQL Injection

The mediamaticAjaxRenameCategory AJAX action of the plugin, available to any authenticated user, does not sanitise the categoryID parameter before using it in a SQL statement, leading to an SQL injection POST /wp-admin/admin-ajax.php HTTP/1.1 Accept:...

8.8CVSS8.8AI score0.01318EPSS
Exploits2
wpexploit
wpexploit
added 2021/11/15 12:0 a.m.132 views

User Meta Shortcodes <= 0.5 - Contributor+ Unauthorized Arbitrary User Metadata Access

The plugin registers a shortcode that allows any user with a role as low as contributor to access other users metadata by specifying the user login as a parameter. This makes the WP instance vulnerable to data extrafiltration, including password hashes As a contributor, put the following shortcod...

4.3CVSS5.3AI score0.00783EPSS
Exploits2
wpexploit
wpexploit
added 2021/11/15 12:0 a.m.132 views

Flex Local Fonts <= 1.0.0 - Admin+ Stored Cross-Site-Scripting

The plugin does not escape the Class Name field when adding a font, which could allow hight privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. Add a new font Tools -- Local Fonts -- Add Font, need to have at least one font for the 'Add...

4.8CVSS5AI score0.00598EPSS
Exploits2
wpexploit
wpexploit
added 2021/11/09 12:0 a.m.132 views

Get Custom Field Values < 4.0 - Contributors+ Arbitrary Post Metadata Access

The plugin allows users with a role as low as Contributor to access other posts metadata without validating the permissions. Eg. contributors can access admin posts metadata. customfield field="fieldname" postid="ID" e.g customfield field="ctctverifykey" postid="23"...

6.5CVSS6.4AI score0.00995EPSS
Exploits2
wpexploit
wpexploit
added 2021/10/28 12:0 a.m.132 views

Contact Form by Supsystic < 1.7.20 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape fields label, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml is disallowed Create/edit a field in a form, and put the following payload in the label:...

6AI score
Exploits0References1
wpexploit
wpexploit
added 2021/09/27 12:0 a.m.132 views

Wappointment < 2.2.5 - Unauthenticated Stored Cross-Site Scripting

The plugin does not sanitise the name parameter when booking an appointment, leading to a Stored Cross-Site Scripting issue which is triggered when an admin view the Calendar. POST /wp-json/wappointment/v1/services/booking HTTP/1.1 Content-Length: 205 Accept: application/json, text/plain, /...

0.4AI score
Exploits0References1
wpexploit
wpexploit
added 2021/05/26 12:0 a.m.132 views

Simple 301 Redirects by BetterLinks - 2.0.0 – 2.0.3 - Update and Retrieve Wildcard Value

In the plugin, the lack of capability checks and insufficient nonce check on the AJAX actions, simple301redirects/admin/getwildcard and simple301redirects/admin/wildcard, made it possible for authenticated users to retrieve and update the wildcard value for redirects. $wpuser, 'pwd' = $wppass,...

4.3CVSS1.9AI score0.0072EPSS
Exploits2References1
wpexploit
wpexploit
added 2024/06/11 12:0 a.m.131 views

Sitetweet <= 0.2 - Stored XSS via CSRF

Description The plugin does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack The PoC will be displayed on June 25, 2024, to give users the time to update...

5.9AI score0.00345EPSS
Exploits2
wpexploit
wpexploit
added 2024/05/22 12:0 a.m.131 views

Arforms < 6.4.1 - Reflected XSS

Description The plugin does not properly escape user-controlled input when it is reflected in some of its AJAX actions. https://www.example.com/wp-admin/admin-ajax.php?action=currentmodal&positionmodal=alertdocument.domain...

6.7AI score0.00358EPSS
Exploits2
wpexploit
wpexploit
added 2024/04/11 12:0 a.m.131 views

Side Menu Lite < 4.2.1 - Menu Deletion via CSRF

Description The plugin does not have CSRF checks in some bulk actions, which could allow attackers to make logged in admins perform unwanted actions, such as deleting buttons via CSRF attacks Make a logged in admin open an HTML file where ID is a valid ID: action...

6.8AI score0.0035EPSS
Exploits2
wpexploit
wpexploit
added 2024/04/05 12:0 a.m.131 views

MM-email2image <= 0.2.5 - Stored XSS via CSRF

Description The plugin does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack Make a logged in admin open a file containing the HTML: alert2' /...

9AI score0.00202EPSS
Exploits2
wpexploit
wpexploit
added 2024/02/17 12:0 a.m.131 views

404 Solution < 2.35.8 - Admin+ SQL Injection

Description The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admins. 1. navigate to logs "https://example.com/wp-admin/options-general.php?page=abj404solution&subpage=abj404logs"...

7.2CVSS7.2AI score0.00756EPSS
Exploits2
wpexploit
wpexploit
added 2023/11/13 12:0 a.m.131 views

Popup box < 3.8.6 - Admin+ Stored XSS in Categories

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup 1. Go to "Popup Box Categories" 2. Add...

4.8CVSS6AI score0.0045EPSS
Exploits2
wpexploit
wpexploit
added 2023/11/09 12:0 a.m.131 views

EventON < 2.2 - Admin + Stored HTML Injection

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored HTML Injection attacks even when the unfilteredhtml capability is disallowed. 1. Go to the Virtual Event - This is a virtual online event. 2. Configure...

4.8CVSS6.9AI score0.0043EPSS
Exploits2
wpexploit
wpexploit
added 2023/11/06 12:0 a.m.131 views

WordPress Backup & Migration < 1.4.4 - Subscriber+ Plugin Settings Update

Description The plugin does not authorize some AJAX requests, allowing users with a role as low as Subscriber to update some plugin settings. fetch"/wp-admin/admin-ajax.php", "headers": "content-type": "application/x-www-form-urlencoded; charset=UTF-8", , "body":...

4.3CVSS5.1AI score0.00454EPSS
Exploits2
wpexploit
wpexploit
added 2023/09/25 12:0 a.m.131 views

User Activity Log Pro < 2.3.4 - IP Spoofing

Description This plugin retrieves client IP addresses from potentially untrusted headers, allowing an attacker to manipulate its value. This may be used to hide the source of malicious traffic. 1. In User Activity Log Settings, enable the setting "Allow Ip Address of users to log." and save...

7.5CVSS7.6AI score0.0055EPSS
Exploits2
wpexploit
wpexploit
added 2023/06/26 12:0 a.m.131 views

AN_GradeBook <= 5.0.1 - Subscriber+ SQLi

The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as subscriber Access the following URL to demonstrate SQLi:...

8.8CVSS9.8AI score0.03246EPSS
Exploits5
wpexploit
wpexploit
added 2023/04/17 12:0 a.m.131 views

Product Slider For WooCommerce Lite <= 1.1.7 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks psfwlgutenblock headingtag='h2"...

5.4CVSS5.3AI score0.00503EPSS
Exploits2
wpexploit
wpexploit
added 2023/03/27 12:0 a.m.131 views

Responsive WordPress Slideshows 3.29.0 - Reflected XSS

The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin Make a logged in admin open a page with the code below '/...

6.1CVSS6.3AI score0.00458EPSS
Exploits2
wpexploit
wpexploit
added 2023/03/27 12:0 a.m.131 views

WP Meta SEO < 4.5.5 - Author+ PHAR Deserialization

The plugin does not validate image file paths before attempting to manipulate the image files, leading to a PHAR deserialization vulnerability. Furthermore, the plugin contains a gadget chain which may be used in certain configurations to achieve remote code execution. 1. Use a WordPress instance...

8.8CVSS8.9AI score0.01689EPSS
Exploits2References1
wpexploit
wpexploit
added 2022/12/05 12:0 a.m.131 views

Contest Gallery < 19.1.5.1 - Author+ SQL Injection

The plugins do not escape the upload POST parameter before concatenating it to an SQL query in get-data-create-upload-v10.php. This may allow malicious users with at least author privilege to leak sensitive information from the site's database. POST...

6.5CVSS0.5AI score0.00854EPSS
Exploits2References1
wpexploit
wpexploit
added 2022/08/01 12:0 a.m.131 views

Student Result or Employee Database < 1.7.5 - Stored Cross Site Scripting via CSRF

The plugin does not have CSRF in its AJAX actions, allowing attackers to make logged in user with a role as low as contributor to add/edit and delete students via CSRF attacks. Furthermore, due to the lack of sanitisation and escaping, it could also lead to Stored Cross-Site scripting alert/XSS/'...

5.4CVSS0.8AI score0.00254EPSS
Exploits2
wpexploit
wpexploit
added 2022/07/26 12:0 a.m.131 views

WPGraphQL WooCommerce <= 0.11.0 - Unauthenticated Coupon Codes Disclosure

The plugin does not prevent unauthenticated attackers from enumerating a shop's coupon codes and values via GraphQL. The vulnerability exists due to the plugin only preventing users from leaking coupons using the "coupons" aggregate field, and not the regular "coupon" field. Given a valid coupon...

0.5AI score0.00724EPSS
Exploits2References1
wpexploit
wpexploit
added 2022/06/27 12:0 a.m.131 views

Advanced Database Cleaner < 3.1.1 - Reflected Cross-Site Scripting

The plugin does not escape numerous generated URLs before outputting them back in href attributes of admin dashboard pages, leading to Reflected Cross-Site Scripting https://example.com/wp-admin/admin.php?page=advanceddbcleaner&aDBctab=cron&aDBccat=all&"alert/XSS/ Other pages are affected...

6.1CVSS0.3AI score0.00661EPSS
Exploits2
wpexploit
wpexploit
added 2022/06/20 12:0 a.m.131 views

Popup Builder < 4.1.11 - Admin+ Stored Cross-Site Scripting

The plugin does not escape and sanitize some settings, which could allow high privilege users to perform Stored Cross-Site Scripting attacks when the unfiltredhtml is disallowed Create/edit a subscription, enabled the GDPR options in it and add the following payload in the "confirmation text"...

4.8CVSS0.2AI score0.00493EPSS
Exploits2
wpexploit
wpexploit
added 2022/05/18 12:0 a.m.131 views

The School Management < 9.9.7 - Unauthenticated RCE via REST api

The plugin contains an obfuscated backdoor injected in it's license checking code that registers a REST API handler, allowing an unauthenticated attacker to execute arbitrary PHP code on the site. curl -d 'blowfish=1' -d "blowf=system'id';" 'https://examples.com/wp-json/am-member/license'...

4.5AI score0.64321EPSS
Exploits6
wpexploit
wpexploit
added 2022/05/09 12:0 a.m.131 views

Change wp-admin Login < 1.1.0 - Unauthenticated Arbitrary Settings Update

The plugin does not properly check for authorisation and is also missing CSRF check when updating its settings, which could allow unauthenticated users to change the settings. The attacked could also be performed via a CSRF vector curl --url...

7.5CVSS1.8AI score0.00578EPSS
Exploits2
Total number of security vulnerabilities4359