Lucene search
K
WpexploitMost viewed

4359 matches found

wpexploit
wpexploit
•added 2023/11/13 12:0 a.m.•128 views

eCommerce Product Catalog Plugin for WordPress < 3.3.26 - Products Deletion via CSRF

Description The plugin does not have CSRF checks in some of its admin pages, which could allow attackers to make logged-in users perform unwanted actions via CSRF attacks, such as delete all products Make a logged in admin open the URL below...

6.5CVSS7.3AI score0.00283EPSS
Exploits1
wpexploit
wpexploit
•added 2023/10/27 12:0 a.m.•128 views

PubyDoc <= 2.0.6 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed 1 After the installing the plugin, create a new table at...

4.8CVSS5.2AI score0.00425EPSS
Exploits2
wpexploit
wpexploit
•added 2023/06/26 12:0 a.m.•129 views

Lana Shortcodes < 1.2.0 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which allows users with the contributor role and above to perform Stored Cross-Site Scripting attacks. Insert any of the following shortcodes in a...

5.7AI score0.00485EPSS
Exploits2
wpexploit
wpexploit
•added 2023/05/02 12:0 a.m.•128 views

Orbit Fox < 2.10.24 - Author+ Server-Side Request Forgery

The plugin does not limit URLs which may be used for the stock photo import feature, allowing the user to specify arbitrary URLs. This leads to a server-side request forgery as the user may force the server to access any URL of their choosing. 1. Install the Log HTTP Requests plugin to inspect th...

4.3CVSS6.6AI score0.00557EPSS
Exploits2
wpexploit
wpexploit
•added 2023/04/10 12:0 a.m.•128 views

WP Custom Author URL < 1.0.5 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. 1. Login as Admin. 2. Go to...

4.8CVSS5.3AI score0.00501EPSS
Exploits2
wpexploit
wpexploit
•added 2023/03/20 12:0 a.m.•128 views

Stylish Cost Calculator Premium < 7.9.0 - Unauthenticated Stored XSS

The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Stored Cross-Site Scripting which could be used against admins when viewing submissions submitted through the Email Quote Form. POST /wp-admin/admin-ajax.php HTTP/2 Host: hosthere Content-Lengt...

6.1CVSS6.6AI score0.00458EPSS
Exploits2
wpexploit
wpexploit
•added 2023/01/16 12:0 a.m.•128 views

Simple Tooltips < 2.1.4 - Contributor+ Stored XSS via Shortcode

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks simpletooltip...

5.4CVSS5.2AI score0.00605EPSS
Exploits2
wpexploit
wpexploit
•added 2023/01/12 12:0 a.m.•128 views

Html5 Audio Player < 2.1.12 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. h5apinlineplayer src="invalid'...

5.4CVSS2.3AI score0.00573EPSS
Exploits2
wpexploit
wpexploit
•added 2022/10/10 12:0 a.m.•128 views

Newspaper < 12 - Reflected Cross-Site Scripting

Description The theme does not sanitise a parameter before outputting it back in an HTML attribute via an AJAX action, leading to a Reflected Cross-Site Scripting Affected parameter: acts.tdatts.imagesize input type="hidden" name="atts"...

6.1CVSS6.1AI score0.00551EPSS
Exploits2
wpexploit
wpexploit
•added 2022/07/26 12:0 a.m.•128 views

Feed Them Social < 3.0.1 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting Against any authenticated user: https://example.com/wp-admin/admin-ajax.php?action=ftsencrypttokenajax&accesstoken=%3Cimg%20src=x%20onerror=alert/XSS/%3E...

6.1CVSS0.2AI score0.00634EPSS
Exploits2
wpexploit
wpexploit
•added 2022/07/18 12:0 a.m.•128 views

DW Promobar <= 1.0.4 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfilteredhtml capability is disallowed for example in multisite setup Put the following payload in any of the plugin settings...

4.8CVSS0.1AI score0.00493EPSS
Exploits2
wpexploit
wpexploit
•added 2022/07/18 12:0 a.m.•128 views

Thinkific Uploader <= 1.0.0 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks against other administrators. Put the following payload in any of the settings: "...

4.8CVSS1.7AI score0.00493EPSS
Exploits2
wpexploit
wpexploit
•added 2022/07/04 12:0 a.m.•128 views

Name Directory < 1.25.3 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting. Furthermore, as the payload is also saved into the database after the request, it leads to a Stored XSS as well alert/XSS/" /...

6.1CVSS6.1AI score0.00569EPSS
Exploits2
wpexploit
wpexploit
•added 2022/05/30 12:0 a.m.•128 views

Inline Google Maps <= 5.11 - Arbitrary Settings Update to Stored XSS via CSRF

The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack, and lead to Stored Cross-Site Scripting due to the lack of sanitisation and escaping ' document.getElementById"test".submit;...

6.5CVSS1AI score0.00513EPSS
Exploits2
wpexploit
wpexploit
•added 2022/05/17 12:0 a.m.•128 views

Useful Banner Manager <= 1.6.1 - Modify banners via CSRF

The plugin does not perform CSRF checks on POST requests to its admin page, allowing an attacker to trick a logged in admin to add, modify or delete banners from the plugin by submitting a form. document.getElementById"test".submit;...

6.5CVSS1.5AI score0.00513EPSS
Exploits2
wpexploit
wpexploit
•added 2022/05/16 12:0 a.m.•128 views

Video Slider - Slider Carousel < 1.4.8 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitize or escape some of its video settings, which could allow high-privileged users to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed Create/edit a video from a slider and put the following payload in the Description: , then save/update the vide...

4.8CVSS4.9AI score0.00565EPSS
Exploits2
wpexploit
wpexploit
•added 2022/05/10 12:0 a.m.•128 views

Quotes llama < 1.0.0 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape Quotes, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed. The attack could also be performed by tricking an admin to import a malicious CSV file Create/edit a quote and put t...

4.8CVSS0.4AI score0.0064EPSS
Exploits2
wpexploit
wpexploit
•added 2022/04/11 12:0 a.m.•129 views

HubSpot < 8.8.15 - Contributor+ Blind SSRF

The plugin does not validate the proxy URL given to the proxy REST endpoint, which could allow users with the editposts capability by default contributor and above to perform SSRF attacks As an authenticated user with the editposts capability, get REST nonce via...

8.8CVSS1.1AI score0.01413EPSS
Exploits2
wpexploit
wpexploit
•added 2021/11/22 12:0 a.m.•128 views

Blog2Social < 6.8.7 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape the b2sShowByDate parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting issue https://example.com/wp-admin/admin.php?page=blog2social&b2sShowByDate="alert/XSS/...

6.1CVSS0.7AI score0.01669EPSS
Exploits2
wpexploit
wpexploit
•added 2021/09/21 12:0 a.m.•128 views

Frontend Uploader <= 1.3.2 - Unauthenticated Stored Cross-Site Scripting

The plugin does not prevent HTML files from being uploaded via its form, allowing unauthenticated user to upload a malicious HTML file containing JavaScript for example, which will be triggered when someone access the file directly In a page/posts where the fu-upload-form shortcode is embed, simp...

6.1CVSS6.3AI score0.26379EPSS
Exploits6
wpexploit
wpexploit
•added 2021/08/22 12:0 a.m.•128 views

The Sorter <= 1.0 - Authenticated SQL Injection

The checkorder function of the plugin uses an areaid parameter which is not sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection. GET /wp-admin/admin.php?page=thesorterareas&areaid=1%20AND%20SELECT%207667%20FROM%20SELECTSLEEP5DWBj HTTP/1.1 Cache-Control:...

7.2CVSS1.4AI score0.01467EPSS
Exploits2References1
wpexploit
wpexploit
•added 2021/06/30 12:0 a.m.•128 views

SEO Wizard <= 4.0.2 - Unauthorised robots.txt & .htaccess Edit via CSRF

The plugin does not properly check for CSRF in its wswedithtaccessfile, wswcreaterobotstext and wswupdatecontentrobots AJAX actions, allowing attackers to make logged in admin write arbitrary data to the robots.txt and .htaccess files...

1.4AI score
Exploits0
wpexploit
wpexploit
•added 2021/06/30 12:0 a.m.•128 views

Adapta RGPD < 1.3.3 - Unauthorised Consent via CSRF

The acceptcookieconsent AJAX action did not properly check for CSRF, allowing attackers to make users consent via a CSRF attack. https://example.com/wp-admin/admin-ajax.php?action=acceptcookieconsent...

4.5AI score
Exploits0
wpexploit
wpexploit
•added 2021/06/13 12:0 a.m.•128 views

WP DoNotTrack <= 0.8.8 - Authenticated (admin+) Stored XSS

The plugin does not validate or escape its Blacklist and Whitelist settings, allowing high privilege users such as admin to set JavaScript payload in them, even when the unfilteredhtml capability is disallowed, leading to Stored Cross-Site Scripting issues Add the payload below in the Blacklist o...

0.8AI score
Exploits0References1
wpexploit
wpexploit
•added 2021/04/11 12:0 a.m.•128 views

College Publisher Import <= 0.1 - Arbitrary File Upload to RCE

The plugin does not check for the uploaded CSV file to import, allowing high privilege users to upload arbitrary files, such as PHP, leading to RCE. Due to the lack of CSRF check, the issue could also be exploited via a CSRF attack. The issue has been escalated to WordPress on April 12th, 2021 Th...

6.5CVSS1.2AI score0.01844EPSS
Exploits2References1
wpexploit
wpexploit
•added 2024/04/03 12:0 a.m.•127 views

Strong Testimonials < 3.1.12 - Contributor+ Stored XSS

Description The plugin does not validate and escape some of its Testimonial fields before outputting them back in a page/post, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. The attack requires a specific view to be performed Setup as...

5.9AI score0.00399EPSS
Exploits2References1
wpexploit
wpexploit
•added 2024/02/26 12:0 a.m.•127 views

Grid Shortcodes < 1.1.1 - Contributor+ Stored XSS

Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks GDCrow GDCcolumn size='"...

5.9AI score0.00379EPSS
Exploits2
wpexploit
wpexploit
•added 2024/02/20 12:0 a.m.•127 views

Advanced Social Feeds Widget & Shortcode <= 1.7 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup When creating a new widget, insert the...

7.3AI score0.00379EPSS
Exploits2References1
wpexploit
wpexploit
•added 2023/09/21 12:0 a.m.•127 views

Shared Files < 1.7.6 - Unauthenticated Stored Cross-Site Scripting

Description The plugin does not return the right Content-Type header for the specified uploaded file. Therefore, an attacker can upload an allowed file extension injected with malicious scripts. Upload an allowed WordPress extension such as JPG and inject it with a script such as: alert1;. To...

6.1CVSS7.3AI score0.0042EPSS
Exploits2
wpexploit
wpexploit
•added 2023/08/04 12:0 a.m.•127 views

Subscribers Text Counter < 1.7.1 - Settings Update via CSRF to Stored XSS

Description The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack, which also lead to Stored Cross-Site Scripting due to the lack of sanitisation and escaping Create an HTML file with the...

4.3CVSS4.5AI score0.00218EPSS
Exploits2
wpexploit
wpexploit
•added 2023/04/12 12:0 a.m.•127 views

Cloud Manager <= 1.0 - Reflected XSS

The plugin does not sanitise and escape the query param ricerca before outputting it in an admin panel, allowing unauthenticated attackers to trick a logged in admin to trigger a XSS payload by clicking a link...

6.1CVSS8.9AI score0.0051EPSS
Exploits2
wpexploit
wpexploit
•added 2023/01/11 12:0 a.m.•127 views

WC Vendors Marketplace < 2.4.5 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. wcvrecentproducts columns='1"...

5.4CVSS2.6AI score0.00685EPSS
Exploits2
wpexploit
wpexploit
•added 2022/12/16 12:0 a.m.•127 views

Starter Templates by Kadence WP < 1.2.17 - Admin+ PHP Object Injection

The plugin unserialises the content of an imported file, which could lead to PHP object injection issues when an admin import intentionally or not a malicious file and a suitable gadget chain is present on the blog. To simulate a gadget chain, put the following code in a plugin: class Evil public...

8.8CVSS0.3AI score0.00922EPSS
Exploits2
wpexploit
wpexploit
•added 2022/12/05 12:0 a.m.•127 views

Kwayy HTML Sitemap < 4.0 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. 1. Click the 'Settings' button of this plugin. 2...

4.8CVSS4.7AI score0.00532EPSS
Exploits2
wpexploit
wpexploit
•added 2022/06/20 12:0 a.m.•127 views

Bold Page Builder < 4.3.3 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed. 1. Navigate to Settings - Bold Builder - Bold Builder Settings and enter "alert'XSS'" into the "Color...

4.8CVSS4.8AI score0.00935EPSS
Exploits2
wpexploit
wpexploit
•added 2022/06/06 12:0 a.m.•127 views

Limit Login Attempts < 4.0.72 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its settings, leading to malicious users with administrator privileges to store malicious Javascript code leading to Cross-Site Scripting attacks when unfilteredhtml is disallowed for example in multisite setup Put the following payload in the...

4.8CVSS0.7AI score0.00848EPSS
Exploits2
wpexploit
wpexploit
•added 2022/04/04 12:0 a.m.•127 views

Amr Users < 4.59.4 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed Put the following payload in the "Name of list" field in the User Lists Overview ...

4.8CVSS0.6AI score0.00689EPSS
Exploits2
wpexploit
wpexploit
•added 2022/02/16 12:0 a.m.•127 views

Simple Quotation <= 1.3.2 - Quote Creation/Edition via CSRF to Stored Cross-Site Scripting

The plugin does not have CSRF check when creating or editing a quote and does not sanitise and escape Quotes. As a result, attacker could make a logged in admin create or edit arbitrary quote, and put Cross-Site Scripting payloads in them alert/XSS-image/" / alert/XSS-quote/" /...

6.1CVSS0.2AI score0.00788EPSS
Exploits2
wpexploit
wpexploit
•added 2021/12/28 12:0 a.m.•127 views

WOOF - Products Filter for WooCommerce < 1.2.6.3 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape the woofredrawelements before outputing back in an admin page, leading to a Reflected Cross-Site Scripting https://example.com/wp-admin/admin-ajax.php?action=woofdrawproducts&woofredrawelements=%3Cimg%20src%20onerror=alert/XSS/%3E...

6.1CVSS1.4AI score0.01651EPSS
Exploits2References1
wpexploit
wpexploit
•added 2021/11/15 12:0 a.m.•127 views

WP System Log < 1.0.21 - Unauthenticated Stored Cross-Site Scripting

The plugin does not sanitise, validate and escape the IP address retrieved from login requests before outputting them in the admin dashboard, which could allow unauthenticated attacker to perform Cross-Site Scripting attacks against admins viewing the logs. POST /wp-login.php HTTP/1.1 Accept:...

6.1CVSS6AI score0.01322EPSS
Exploits2
wpexploit
wpexploit
•added 2021/10/28 12:0 a.m.•127 views

URL Shortify < 1.5.1 - Arbitrary Link/Group Deletion via CSRF

The plugin does not have CSRF check in place when bulk-deleting links or groups, which could allow attackers to make a logged in admin delete arbitrary link and group via a CSRF attack. https://example.com/wp-admin/admin.php?page=uslinks&action=bulkdelete&linkids=1...

4.3CVSS5.2AI score0.00435EPSS
Exploits2
wpexploit
wpexploit
•added 2021/08/23 12:0 a.m.•127 views

WP Video Lightbox < 1.9.3 - Contributor+ Stored Cross-Site Scripting

The plugin does not escape the attributes of its shortcodes, allowing users with a role as low as contributor to perform Cross-Site Scripting attacks videolightboxvimeo5 videoid='"onmouseover=alert/XSS/ b="' width="640" height="480" anchor="Click here to open vimeo video" videolightboxvimeo5...

5.4CVSS1.8AI score0.00618EPSS
Exploits1References1
wpexploit
wpexploit
•added 2021/07/05 12:0 a.m.•127 views

Haxcan <= 1.0.0 - Arbitrary File Access

The plugin does not properly ensure that the file to be accessed is within the blog, allowing high privilege users to read any file on the web server. POST /wp-admin/admin-ajax.php HTTP/1.1 Accept: / Accept-Language: en-GB,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type:...

0.6AI score
Exploits0
wpexploit
wpexploit
•added 2021/06/16 12:0 a.m.•127 views

WP JobSearch < 1.7.4 - Authenticated Stored XSS

The plugin did not sanitise or escape multiple of its parameters from the my-resume page before outputting them in the page, allowing low privilege users to use JavaScript payloads in them and leading to a Stored Cross-Site Scripting issue Vulnerable parameters: &jobsearchfieldeducationtitle=,...

5.4CVSS0.2AI score0.00633EPSS
Exploits2References2
wpexploit
wpexploit
•added 2021/05/31 12:0 a.m.•127 views

Admin Columns Free (< 4.3.2) & Pro (< 5.5.2) - Authenticated Stored Cross-Site Scripting (XSS) in Custom Field

The Admin Columns WordPress plugin allowed to configure individual columns for tables. Each column had a type. The type "Custom Field" allowed to choose an arbitrary database column to display in the table. There was no escaping applied to the contents of "Custom Field" columns. When a "Custom...

5.4CVSS0.1AI score0.00932EPSS
Exploits4References1
wpexploit
wpexploit
•added 2024/06/05 12:0 a.m.•126 views

Frontend Checklist <= 2.3.2 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup 1. Go to frontend-checklist admin...

5.7AI score0.00329EPSS
Exploits2
wpexploit
wpexploit
•added 2024/04/02 12:0 a.m.•126 views

WooCommerce Customers Manager < 29.8 - Subscriber+ Email Disclosure

Description The plugin does not have authorisation and CSRF in an AJAX action, allowing any authenticated users, such as subscriber, to call it and retrieve the list of customer email addresses along with their id, first name and last name As a subscriber, open the following URL:...

7.2AI score0.00319EPSS
Exploits2
wpexploit
wpexploit
•added 2024/03/18 12:0 a.m.•126 views

WPB Show Core < 2.7 - Reflected XSS

Description The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin or unauthenticated users...

6.2AI score0.00458EPSS
Exploits2
wpexploit
wpexploit
•added 2024/02/14 12:0 a.m.•126 views

Photos and Files Contest Gallery < 21.3.1 - Author+ Stored Cross Site Scripting

Description The plugin does not sanitize and escape some parameters, which could allow users with a role as low as author to perform Cross-Site Scripting attacks. 1. Add a New gallery, and click on the "Add files" button to add content. 2. Now add a description for this content with the XSS paylo...

6.1AI score0.00398EPSS
Exploits1
wpexploit
wpexploit
•added 2023/10/16 12:0 a.m.•126 views

Awesome Support < 6.1.5 - Insufficient permission check in wpas_edit_reply

Description The plugin does not correctly authorize the wpaseditreply function, allowing users to edit posts for which they do not have permission. Log in as a subscriber and run the following code in the browser, setting the replyid to any post ID. fetch"/wp-admin/admin-ajax.php", "headers":...

4.3CVSS6.6AI score0.00405EPSS
Exploits2
Total number of security vulnerabilities4359