Lucene search
K
WpexploitMost viewed

4359 matches found

wpexploit
wpexploit
•added 2022/01/04 12:0 a.m.•131 views

Futurio Extra < 1.6.3 - Authenticated SQL Injection

The plugin is affected by a SQL Injection vulnerability that could be used by high privilege users to extract data from the database as well as used to perform Cross-Site Scripting XSS against logged in admins by making send open a malicious link Using SQLi to extract database variables:...

4CVSS0.2AI score0.00832EPSS
Exploits2
wpexploit
wpexploit
•added 2021/10/09 12:0 a.m.•131 views

Inline Related Posts < 3.0.5 - Admin+ Cross-Site Scripting

Multiple parameters are vulnerable to stored Cross-site Scripting. The vulnerabilities require admin privileges to exploit. In each case the script will execute for every user viewing a post that contains one of the inline references. POST /wp-admin/options-general.php?page=intelly-related-posts...

2.7AI score
Exploits1References1
wpexploit
wpexploit
•added 2021/10/07 12:0 a.m.•131 views

G Auto-Hyperlink <= 1.0.1 - Admin+ SQL Injection

The plugin does not sanitise or escape an 'id' GET parameter before using it in a SQL statement, to select data to be displayed in the admin dashboard, leading to an authenticated SQL injection https://plugins.trac.wordpress.org/browser/g-auto-hyperlink/trunk/g-auto-hyperlink.phpL271 Open the...

7.2CVSS0.9AI score0.06561EPSS
Exploits2References1
wpexploit
wpexploit
•added 2021/08/22 12:0 a.m.•131 views

GSEOR <= 1.3 - Authenticated SQL Injection

A pageid GET parameter of the plugin is not sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection. GET /wp-admin/admin.php?page=gseor.php&search=1&pageid=1%20AND%20SELECT%206449%20FROM%20SELECTSLEEP5wwdQ HTTP/1.1 Cache-Control: max-age=0...

7.2CVSS1.2AI score0.01467EPSS
Exploits2References1
wpexploit
wpexploit
•added 2024/06/06 12:0 a.m.•130 views

WP Chat App < 3.6.5 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admins to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed. 1. Navigate to http://vulnerable-site.tld/wp-admin/admin.php?page=ntawhatsappfloatingwidg...

6AI score0.00373EPSS
Exploits2
wpexploit
wpexploit
•added 2024/05/24 12:0 a.m.•130 views

AZAN Plugin <= 0.6 - Stored XSS via CSRF

Description The plugin does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack Make a logged in admin open an HTML file containing: alert999,2,2,3' / If the widget is...

5.9AI score0.00192EPSS
Exploits2
wpexploit
wpexploit
•added 2024/01/30 12:0 a.m.•130 views

Persian Fonts <= 1.6 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. 1. Navigate to:...

7.9AI score0.00396EPSS
Exploits2
wpexploit
wpexploit
•added 2023/05/02 12:0 a.m.•130 views

Newsletter Popup <= 1.2 - Record Deletion via CSRF

The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks as the wpnewslettershowlocalrecord page is not protected with a nonce...

8.8CVSS9AI score0.00389EPSS
Exploits2
wpexploit
wpexploit
•added 2023/04/10 12:0 a.m.•130 views

Product Catalog Feed by PixelYourSite < 2.1.1 - Reflected XSS

The plugin does not sanitise and escape the page parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin Make a logged in admin open a page with the code below ' /...

6.1CVSS8.9AI score0.00458EPSS
Exploits2
wpexploit
wpexploit
•added 2023/03/22 12:0 a.m.•130 views

Pricing Tables For WPBakery Page Builder < 3.0 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks Note: The plugin requires WPBakery Page...

5.4CVSS5.6AI score0.00444EPSS
Exploits2
wpexploit
wpexploit
•added 2023/02/28 12:0 a.m.•130 views

WP Education < 1.2.7 - Arbitrary Plugin Activation via CSRF

The plugin does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack activate woocommerce plugin exploit: fetch'http://localhost/wp-admin/admin-ajax.php', method: 'POST', headers: new...

4.3CVSS5.6AI score0.00252EPSS
Exploits2
wpexploit
wpexploit
•added 2022/11/03 12:0 a.m.•130 views

Beautiful Cookie Consent Banner < 2.9.1 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. The PoC will be displayed once the issue has been...

4.8CVSS0.6AI score0.00459EPSS
Exploits1
wpexploit
wpexploit
•added 2022/06/20 12:0 a.m.•130 views

Cache Images < 3.2.1 - Image Upload / Import via CSRF

The plugin does not implement nonce checks, which could allow attackers to make any logged user upload images via a CSRF attack. Allows import of any images with any user level. document.getElementById"test".submit; document.getElementById"test".submit; document.getElementById"test".submit;...

6.5CVSS0.9AI score0.00449EPSS
Exploits2
wpexploit
wpexploit
•added 2022/05/09 12:0 a.m.•130 views

Note Press <= 0.1.10 - Admin+ SQLi via id

The plugin does not sanitise and escape the id parameter before using it in various SQL statement via the admin dashboard, leading to SQL Injections https://example.com/wp-admin/admin.php?page=NotePress-Main-Menu&action=view&id=17+AND+SELECT+3630+FROM+SELECTSLEEP5KdTt...

4CVSS2.2AI score0.00764EPSS
Exploits2References1
wpexploit
wpexploit
•added 2022/02/28 12:0 a.m.•130 views

Advanced Booking Calendar < 1.7.0 - Unauthenticated SQL Injection

The plugin does not validate and escape the calendar parameter before using it in a SQL statement via the abcbookinggetSingleCalendar AJAX action available to both unauthenticated and authenticated users, leading to an unauthenticated SQL injection 1. Install the vulnerable plugin...

9.8CVSS0.4AI score0.01821EPSS
Exploits2References1
wpexploit
wpexploit
•added 2022/02/21 12:0 a.m.•130 views

Petfinder Listings < 1.1 - Admin+ Stored Cross-Site Scripting

The plugin does not escape its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed Put the following payload in any of the text field settings of the plugin such as 'Your Petfinder API Key v1.0': "...

4.8CVSS0.8AI score0.00612EPSS
Exploits2
wpexploit
wpexploit
•added 2021/08/23 12:0 a.m.•130 views

Gallery Blocks with Lightbox < 2.2.1- Authenticated Stored Cross-Site Scripting

A stored cross-site scripting vulnerability has been discovered in : Simply Gallery Blocks with Lightbox Version – 2.2.0 & below . The vulnerability exists in the Lightbox functionality where a user with low privileges is allowed to execute arbitrary script code within the context of the...

5.4CVSS2.4AI score0.00618EPSS
Exploits1References1
wpexploit
wpexploit
•added 2021/06/01 12:0 a.m.•130 views

MC4WP: Mailchimp for WordPress < 4.8.5 - Authenticated Arbitrary Redirect

The plugin did not properly check for CSRF in some of its actions handled by the listenforactions method hooked as admininit, allowing attackers to make logged in users with the manageoptions capability do unwanted actions and redirect them to an arbitrary website after...

3.3AI score
Exploits0
wpexploit
wpexploit
•added 2021/03/08 12:0 a.m.•130 views

SuperStoreFinder & SuperInteractiveMaps - Unauthenticated SQL Injections

The ssf-social-action.php and sim-wp-data.php files from the respective superstorefinder-wp = 5.0.12 AND time-based blind query SLEEP Payload: action=select&ssfwpid=1 AND SELECT 7900 FROM SELECTSLEEP5gxXh Type: UNION query Title: Generic UNION query NULL - 7 columns Payload: action=select&ssfwpid...

0.6AI score
Exploits0References3
wpexploit
wpexploit
•added 2024/06/07 12:0 a.m.•129 views

Simple AL Slider <= 1.2.10 - Reflected XSS

Description The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin 1. Add a new project 2. As an admin, access the URL:...

6AI score0.00475EPSS
Exploits4
wpexploit
wpexploit
•added 2024/05/31 12:0 a.m.•129 views

Widget Bundle <= 2.0.0 - Widget Disable/Enable via CSRF

Description The plugin does not have CSRF checks when logging Widgets, which could allow attackers to make logged in admin enable/disable widgets via a CSRF attack This PoC disables the User Registration widget. To do so, make a logged in admin open an HTML file containing:...

6.6AI score0.00199EPSS
Exploits2
wpexploit
wpexploit
•added 2024/05/31 12:0 a.m.•129 views

CB (legacy) <= 0.9.4.18 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup 1. Go to...

5.6AI score0.00332EPSS
Exploits2
wpexploit
wpexploit
•added 2024/05/24 12:0 a.m.•129 views

Pray For Me <= 1.0.4 - Unauthenticated Stored XSS

Description The plugin does not sanitise and escape some parameters, which could unauthenticated visitors to perform Cross-Site Scripting attacks that trigger when an admin visits the Prayer Requests in the WP Admin 1. Configure the plugin to add the first name and last name fields to the form:...

6.2AI score0.00323EPSS
Exploits2
wpexploit
wpexploit
•added 2024/04/24 12:0 a.m.•129 views

HL Twitter <= 2014.1.18 - Settings Update via CSRF

Description The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack Have a logged in admin open an HTML page containing:...

6.7AI score0.00204EPSS
Exploits2
wpexploit
wpexploit
•added 2024/04/23 12:0 a.m.•129 views

Ultimate Blocks < 3.1.7 - Contributor+ Stored XSS

Description The plugin does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks As a contributor, put the below code in a...

8.3AI score0.00353EPSS
Exploits2References1
wpexploit
wpexploit
•added 2024/02/20 12:0 a.m.•129 views

Fancy Product Designer < 6.1.5 - Admin+ SQL Injection

Description The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by adminstrators. - Log in as an administrator, and visit /wp-admin/. - Add a Catalog Product in /wp-admin/admin.php?page=fancyproductdesigner - Sear...

7.4AI score0.00641EPSS
Exploits2
wpexploit
wpexploit
•added 2024/01/09 12:0 a.m.•129 views

Community by PeepSo < 6.3.1.2 - Reflected XSS

Description The plugin does not sanitise and escape various parameters and generated URLs before outputting them back attributes, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin Make a logged in admin open When the register your copy noti...

6.1CVSS6AI score0.00515EPSS
Exploits2
wpexploit
wpexploit
•added 2024/01/05 12:0 a.m.•129 views

Restrict Usernames Emails Characters Plugin < 3.1.4 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed 1. Access the "Restrict Usernames Emails Characters" settings 2. For the field "The name of...

4.8CVSS6AI score0.00405EPSS
Exploits2References1
wpexploit
wpexploit
•added 2023/09/26 12:0 a.m.•129 views

WP Discord Invite < 2.5.1 - Arbitrary Settings Update via CSRF

Description The plugin does not protect some of its actions against CSRF attacks, allowing an unauthenticated attacker to perform actions on their behalf by tricking a logged in administrator to submit a crafted request. alert1;'/...

7.3AI score0.00327EPSS
Exploits2
wpexploit
wpexploit
•added 2023/08/23 12:0 a.m.•129 views

Serial Codes Generator and Validator with WooCommerce Support < 2.4.15 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup There are two fields affected by a...

4.8CVSS4.8AI score0.00402EPSS
Exploits2
wpexploit
wpexploit
•added 2022/10/27 12:0 a.m.•129 views

Contact Form 7 Database Addon < 1.2.6.5 - CSV Injection

The plugin does not validate data when output it back in a CSV file, which could lead to CSV injection Use a Contact Form 7 form and submit an Excel formula in the message field, such as "=5+5" without quotes. Export the entry as CSV using the plugin and import it into Excel...

9.8CVSS0.1AI score0.03617EPSS
Exploits2
wpexploit
wpexploit
•added 2022/08/01 12:0 a.m.•129 views

WP Edit Menu < 1.5.0 - Unauthenticated Arbitrary Post Deletion

The plugin does not have authorisation and CSRF in an AJAX action, which could allow unauthenticated attackers to delete arbitrary posts/pages from the blog https://example.com/wp-admin/admin-ajax.php?action=filtermenu&val=post-id...

4.3CVSS4.4AI score0.00336EPSS
Exploits2References1
wpexploit
wpexploit
•added 2022/05/26 12:0 a.m.•129 views

underConstruction < 1.20 - Construction Mode Deactivation via CSRF

The plugin does not have CSRF check in place when deactivating the construction mode, which could allow attackers to make a logged in admin perform such action via a CSRF attack...

4.3CVSS2.8AI score0.00412EPSS
Exploits2
wpexploit
wpexploit
•added 2022/05/09 12:0 a.m.•129 views

Slideshow <= 2.3.1 - Author+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its Slideshow settings, which could allow users with a role as low as Author to perform Cross-Site Scripting attacks As author and above, create/edit a slideshow and put the following payload in the "Number of seconds the slide takes to slide in",...

0.6AI score
Exploits0
wpexploit
wpexploit
•added 2022/02/01 12:0 a.m.•129 views

Easy Pricing Tables < 3.1.3 - Arbitrary Post Removal via CSRF

The plugin does not verify the CSRF nonce when removing posts, allowing attackers to make a logged in admin remove arbitrary posts from the blog via a CSRF attack, which will be put in the trash https://example.com/wp-admin/edit.php?posttype=easy-pricing-table&page=ept3-list&action=trash&post=1...

6.5CVSS4.7AI score0.00523EPSS
Exploits2
wpexploit
wpexploit
•added 2021/11/15 12:0 a.m.•129 views

ProfilePress < 3.2.3 - Reflected Cross-Site Scripting

The plugin does not escape the data parameter of the ppgetformsbybuildertype AJAX action before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting issue var form1 = document.getElementById'hack'; form1.submit;...

6.1CVSS5.9AI score0.00968EPSS
Exploits2References1
wpexploit
wpexploit
•added 2021/10/05 12:0 a.m.•129 views

TheCartPress eCommerce Shopping Cart <= 1.5.3.6 - Unauthenticated Arbitrary Admin Account Creation

The tcpregisterandloginajax AJAX action of the plugin allows unauthenticated users to create accounts with an arbitrary role such as admin POST /wp-admin/admin-ajax.php HTTP/1.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/;q=0.8 Accept-Language: en-GB,en;q=0.5...

2.9AI score
Exploits0References1
wpexploit
wpexploit
•added 2021/06/28 12:0 a.m.•129 views

ProfilePress 3.0 - 3.1.3 - Arbitrary File Upload in Image Uploader Component

The cover photo and profile photo upload functionalities of the plugin were vulnerable to arbitrary file uploads due to the use of exifimagetype for filetype checking. 'Hax0r2', 'regemail' = '[email protected]', 'regpassword' = 'password', 'regpasswordpresent' = 'true', 'regfirstname' = 'Hax0r2',...

9.8CVSS0.7AI score0.02101EPSS
Exploits2References1
wpexploit
wpexploit
•added 2021/04/23 12:0 a.m.•129 views

Redirect 404 to Parent < 1.3.1 - Reflected Cross-Site Scripting (XSS)

The settings page of the plugin did not properly sanitise the tab parameter before outputting it back, leading to a reflected Cross-Site Scripting issue https://example.com/wp-admin/options-general.php?page=moove-redirect-settings&tab=" onMouseOver="alert1;...

4.3CVSS0.2AI score0.13942EPSS
Exploits5
wpexploit
wpexploit
•added 2021/04/08 12:0 a.m.•129 views

WorkScout Core < 1.3.4 - Authenticated Stored XSS & XFS

The plugin, used by the WorkScout Theme did not sanitise the chat messages sent via the workscoutsendmessagechat AJAX action, leading to Stored Cross-Site Scripting and Cross-Frame Scripting issues Payloads: " " POST /wp-admin/admin-ajax.php HTTP/1.1 Content-Type: application/x-www-form-urlencode...

3.5CVSS0.4AI score0.00659EPSS
Exploits2References1
wpexploit
wpexploit
•added 2021/03/01 12:0 a.m.•129 views

WP GDPR Compliance < 1.5.6 - Unauthenticated Stored Cross-Site Scripting (XSS)

The GDPR Compliance action=wpgdprcprocessaction&security=cccf5a60ec&data="type":"accessrequest","email":"[email protected]","consent":true...

1.7AI score
Exploits0References1
wpexploit
wpexploit
•added 2024/06/12 12:0 a.m.•128 views

Himer - Social Questions and Answers < 2.1.1 - Bypass Poll Voting Restrictions via CSRF

Description The theme does not have CSRF checks in some places, which could allow attackers to make users vote on any polls, including those they don't have access to via a CSRF attack The PoC will be displayed on June 26, 2024, to give users the time to update...

6.7AI score0.00193EPSS
Exploits2
wpexploit
wpexploit
•added 2024/05/31 12:0 a.m.•128 views

WP Logs Book <= 1.0.1 - Disable Logging via CSRF

Description The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack Make an admin open an HTML file containing:...

6.6AI score0.05957EPSS
Exploits2
wpexploit
wpexploit
•added 2024/05/24 12:0 a.m.•128 views

Amen <= 3.3.1 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup 1. Go to...

5.6AI score0.00374EPSS
Exploits2
wpexploit
wpexploit
•added 2024/04/22 12:0 a.m.•128 views

PostX < 4.0.2 - Contributor+ Stored XSS

Description The plugin does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks 1. Create a new Post and add "Ultimate post...

8.3AI score0.00416EPSS
Exploits2References1
wpexploit
wpexploit
•added 2024/02/20 12:0 a.m.•128 views

Enjoy Social Feed <= 6.2.2 - Subscriber+ Plugin Database Reset

Description The plugin does not have authorisation when resetting its database, allowing any authenticated users, such as subscriber to perform such action Log in as a subscriber, access the Diagnostic tab of the plugin /wp-admin/admin.php?page=enjoyinstagrampluginoptions&tab=diagnostic and click...

6.6AI score0.0077EPSS
Exploits2
wpexploit
wpexploit
•added 2024/01/23 12:0 a.m.•128 views

illi Link Party! <= 1.0 - Admin+ Stored Cross-Site Scripting

Description The plugin does not sanitize and escape some parameters, which could allow users with a role as low as admin to perform Cross-Site Scripting attacks. 1. Go to "Settings Link Party!". 2. Under "Add a New Party", enter the payload for either the "Party Name" or "Party Description":...

8.8AI score0.00319EPSS
Exploits2
wpexploit
wpexploit
•added 2024/01/23 12:0 a.m.•128 views

Ultimate Noindex Nofollow Tool <= 1.1.2 - Settings Update via CSRF

Description The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack Have an admin open an HTML file containing the following: document.forms0.submit;...

9.4AI score0.00176EPSS
Exploits2References1
wpexploit
wpexploit
•added 2024/01/23 12:0 a.m.•128 views

illi Link Party! <= 1.0 - Unauthenticated Arbitrary Link Deletion

Description The plugin lacks proper access controls, allowing unauthenticated visitors to delete links. http://example.com/?page=illi3/includes/functions.php&action=deletesubmission&id=INSERTID Replace "INSERTID" with an ID of a link and hit enter. The link will be deleted...

9.6AI score0.00374EPSS
Exploits3
wpexploit
wpexploit
•added 2023/12/14 12:0 a.m.•128 views

WP VR < 8.3.15 - Unauthenticated Plugin Downgrade leading to XSS

Description The plugin does not authorisation and CSRF in a function hooked to admininit, allowing unauthenticated users to downgrade the plugin, thus leading to Reflected or Stored XSS, as previous versions have such vulnerabilities. v3.8.15 partially fixed the issue as the wrong capability chec...

6.1CVSS6.9AI score0.00219EPSS
Exploits1
Total number of security vulnerabilities4359