Lucene search
K
WpexploitMost viewed

4359 matches found

wpexploit
wpexploit
added 2023/08/17 12:0 a.m.126 views

wpDataTables < 2.1.66 - Admin+ PHP Object Injection

Description The plugin does not validate the "Serialized PHP array" input data before deserializing the data. This allows admins to deserialize arbitrary data which may lead to remote code execution if a suitable gadget chain is present on the server. This is impactful in environments where admin...

7.2CVSS8.2AI score0.01262EPSS
Exploits2
wpexploit
wpexploit
added 2023/02/28 12:0 a.m.126 views

Ever Compare < 1.2.4 - Arbitrary Plugin Activation via CSRF

The plugin does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack activate woocommerce plugin exploit: fetch'http://localhost/wp-admin/admin-ajax.php', method: 'POST', headers: new...

4.3CVSS5.2AI score0.00252EPSS
Exploits2
wpexploit
wpexploit
added 2023/01/12 12:0 a.m.126 views

Leaflet Maps Marker (Google Maps, OpenStreetMap, Bing Maps) < 3.12.7 - Contributor+ Stored XSS via Shortcode

The plugin does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack. mapsmarker lot='1' lat='1' mapwidth='" onmouseover="alert1"'...

5.4CVSS2.4AI score0.00562EPSS
Exploits2
wpexploit
wpexploit
added 2023/01/10 12:0 a.m.126 views

Easy Testimonials < 3.9.3 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. 1. Insert the...

5.4CVSS1.1AI score0.00649EPSS
Exploits2
wpexploit
wpexploit
added 2022/12/16 12:0 a.m.126 views

ImageLinks Interactive Image Builder for WordPress < 1.5.4 - Contributor+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow users such as contributor+ to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. 1. Create a new vision item with whatever role, even if it's an Administrator. 2. Connec...

5.4CVSS0.3AI score0.00471EPSS
Exploits2
wpexploit
wpexploit
added 2022/11/04 12:0 a.m.126 views

Donations via PayPal < 1.9.9 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. 1. Click the 'Settings' button of this plugin. 2...

4.8CVSS0.3AI score0.00532EPSS
Exploits2
wpexploit
wpexploit
added 2022/08/09 12:0 a.m.126 views

Social Slider Feed < 2.0.7 - Admin+ Stored XSS via Feeds

The plugin does not sanitise as well as escape user input in feeds, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup Put the following payload in a Instagram Fee...

0.5AI score
Exploits0
wpexploit
wpexploit
added 2022/08/08 12:0 a.m.126 views

Simply Schedule Appointments < 1.5.7.7 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup Navigate to style settings:...

4.8CVSS4.7AI score0.00559EPSS
Exploits2
wpexploit
wpexploit
added 2022/07/27 12:0 a.m.126 views

WordPress Team Members Showcase < 4.1.2 - Subscriber+ Arbitrary File Read and Deletion

The plugin contains a file which could allow any authenticated users to download arbitrary files from the server via a path traversal vector. Furthermore, the file will also be deleted after its content is returned to the user...

8.8CVSS3.2AI score0.0129EPSS
Exploits2
wpexploit
wpexploit
added 2022/07/19 12:0 a.m.126 views

Easy Student Results <= 2.2.8 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting https://example.com/wp-admin/admin.php?page=rpsresultbatch&edit=%3Cscript%3Ealert/XSS/%3C/script%3E...

6.1CVSS1AI score0.0051EPSS
Exploits2
wpexploit
wpexploit
added 2022/05/31 12:0 a.m.126 views

OpenBook Book Data <= 3.5.2 - Arbitrary Settings Update to Stored XSS via CSRF

The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and lead to Stored Cross-Site Scripting due to the lack of sanitisation and escaping as well " " " " " input type="text" name="action"...

4.3CVSS0.4AI score0.00412EPSS
Exploits2
wpexploit
wpexploit
added 2022/05/18 12:0 a.m.126 views

Carousel CK <= 1.1.0 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitize and escape Slide's descriptions, which could allow high-privileged users such as admin to perform Cross-Site Scripting attacks when unfilteredhtml is disallowed Create/edit a Carousel, add a Slide and put the following payload in the Description The XSS will be...

4.8CVSS1AI score0.00565EPSS
Exploits2
wpexploit
wpexploit
added 2022/01/06 12:0 a.m.126 views

Ultimate Product Catalog < 5.0.26 - Subscriber+ Arbitrary Product Creation & Settings Update

The plugin does not have authorisation and CSRF checks in some AJAX actions, which could allow any authenticated users, such as subscriber to call them and add arbitrary products, or change the plugin's settings for example To add a product: fetch"https://example.com/wp-admin/admin-ajax.php",...

6.5CVSS0.2AI score0.00469EPSS
Exploits2References1
wpexploit
wpexploit
added 2021/11/09 12:0 a.m.126 views

Get Custom Field Values < 4.0.1 - Contributor+ Stored Cross-Site Scripting

The plugin does not escape custom fields before outputting them in the page, which could allow users with a role as low as contributor to perform Cross-Site Scripting attacks As a contributor, create a custom field in a post, with the following payload: alert1 Then add the following shortcode to...

5.4CVSS5.3AI score0.00684EPSS
Exploits2
wpexploit
wpexploit
added 2021/11/08 12:0 a.m.126 views

PDF.js Viewer < 2.0.2 - Contributor+ Stored Cross-Site Scripting

The plugin does not escape some of its shortcode and Gutenberg Block attributes, which could allow users with a role as low as Contributor to to perform Cross-Site Scripting attacks pdfjs-viewer searchterm='" onload="alert/XSS/' pdfjs-viewer viewerwidth=0 viewerheight=800 url=undefined...

5.4CVSS5.3AI score0.00604EPSS
Exploits2
wpexploit
wpexploit
added 2021/06/30 12:0 a.m.126 views

WooCommerce Custom Registration Form <= 1.0.4 - Arbitrary Field Deletion and Form Modification via CSRF

The plugin does not properly check for CSRF in its delfield and savealldata AJAX actions, allowing attacker to make logged in user call them via a CSRF attack To delete a field from the Registration Form: To change the whole Registration Form: input type=...

1.3AI score
Exploits0
wpexploit
wpexploit
added 2021/06/22 12:0 a.m.126 views

Poll, Survey, Questionnaire and Voting system < 1.5.3 - Unauthenticated Blind SQL Injection

The plugin did not sanitise, escape or validate the dateanswers POST parameter before using it in a SQL statement when sending a Poll result, allowing unauthenticated users to perform SQL Injection attacks v 1.5.3 POST /wp-admin/admin-ajax.php?action=pollinsertvalues HTTP/1.1 Accept: /...

9.8CVSS0.6AI score0.46921EPSS
Exploits2References1
wpexploit
wpexploit
added 2021/05/09 12:0 a.m.126 views

ReDi Restaurant Reservations < 21.0426 - Unauthenticated Stored Cross-Site Scripting (XSS)

The ReDi Restaurant Reservations plugin provides the functionality to let users make restaurant reservations. These reservations are stored and can be listed on an 'Upcoming' page provided by the plugin. An unauthenticated user can fill in the form to make a restaurant reservation. The form to ma...

6.1CVSS0.05501EPSS
Exploits5References2
wpexploit
wpexploit
added 2021/01/28 12:0 a.m.126 views

Super Forms < 4.9.703 - Unauthenticated PHP File Upload to RCE

The plugin uses the jQuery File Upload library, but does not properly ensure that PHP files are forbidden. Note: Exploitation of the issue is not as easy as the original advisory in the references states. If a form from the plugin with an upload field is present on the blog, and is used to upload...

7.3AI score
Exploits0References1
wpexploit
wpexploit
added 2023/10/27 12:0 a.m.125 views

Five Star Restaurant Menu and Food Ordering < 2.4.11 - Unauthenticated PHP Object Injection

Description The plugin unserializes user input via an AJAX action available to unauthenticated users, allowing them to perform PHP Object Injection when a suitable gadget is present on the blog. Run the below command in the developer console of the web browser while being on the blog...

9.8CVSS7.1AI score0.01245EPSS
Exploits2
wpexploit
wpexploit
added 2023/08/21 12:0 a.m.125 views

Herd Effects < 5.2.4 - Effect Deletion via CSRF

Description The plugin does not have CSRF when deleting its items, which could allow attackers to make logged in admins delete arbitrary effects via a CSRF attack Make a logged in admin open https://example.com/wp-admin/admin.php?page=mwp-herd-effect&info=delete&did=1, this will make them delete...

4.3CVSS4.7AI score0.00218EPSS
Exploits2
wpexploit
wpexploit
added 2023/08/02 12:0 a.m.125 views

FormCraft < 1.2.7 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. There are two XSS issues: Example A: ...

4.8CVSS6AI score0.00399EPSS
Exploits2
wpexploit
wpexploit
added 2023/04/25 12:0 a.m.125 views

Tiempo.com <= 0.1.2 - Shortcode Deletion via CSRF

The plugin does not have CSRF check when deleting its shortcode, which could allow attackers to make logged in admins delete arbitrary shortcode via a CSRF attack Make a logged in admin open the URL below, this will make them delete the shortcode with ID 1...

6.9AI score0.00252EPSS
Exploits2
wpexploit
wpexploit
added 2023/04/12 12:0 a.m.125 views

Pickup | Delivery | Dine-in date time <= 1.0.9 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup Go to this page:...

4.8CVSS8.8AI score0.00442EPSS
Exploits2
wpexploit
wpexploit
added 2023/04/10 12:0 a.m.125 views

Limit Login Attempts < 1.7.2 - Subscriber+ Stored XSS

The plugin does not sanitize and escape usernames when outputting them back in the logs dashboard, which could allow any authenticated users, such as subscriber to perform Stored Cross-Site Scripting attacks import requests import sys import re if lensys.argv != 4: print'USAGE: python %s ' %...

5.4CVSS5.6AI score0.28799EPSS
Exploits2
wpexploit
wpexploit
added 2023/01/11 12:0 a.m.125 views

Send PDF for Contact Form 7 < 0.9.9.2 - Contributor+ Stored XSS via Shortcode

The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. Exploit...

5.4CVSS0.3AI score0.00562EPSS
Exploits2
wpexploit
wpexploit
added 2022/11/17 12:0 a.m.125 views

GetYourGuide Ticketing < 1.0.4 - Admin+ Stored XSS

The plugin does not sanitise and escape some parameters, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup 1. Navigate toward the GYG Ticketing and GYG Ticketing...

4.8CVSS0.9AI score0.00392EPSS
Exploits1
wpexploit
wpexploit
added 2022/09/26 12:0 a.m.125 views

Sabai Discuss < 1.4.14 - Reflected Cross Site Scripting

The plugin does not sanitise and escape some parameters before outputting them back in the page when number filters are enabled, leading to Reflected Cross-Site Scripting https://example.com/questions?category=77&filter=1&fieldnumbermin="...

0.7AI score
Exploits0References1
wpexploit
wpexploit
added 2022/09/08 12:0 a.m.125 views

Zephyr Project Manager < 3.2.55 - Unauthorised AJAX Calls To Stored XSS

The plugin does not have any authorisation as well as CSRF in all its AJAX actions, allowing unauthenticated users to call them either directly or via CSRF attacks. Furthermore, due to the lack of sanitisation and escaping, it could also allow them to perform Stored Cross-Site Scripting attacks...

5.4CVSS0.3AI score0.00381EPSS
Exploits2
wpexploit
wpexploit
added 2022/08/19 12:0 a.m.125 views

Craw Data <= 1.0.0 - Server Side Request Forgery

The plugin does not implement nonce checks, which could allow attackers to make a logged in admin change the url value performing unwanted crawls on third-party sites SSRF. When configuring the CrawData addon, the request is as follows GET...

4.3CVSS0.3AI score0.00552EPSS
Exploits2
wpexploit
wpexploit
added 2022/08/01 12:0 a.m.125 views

Better Search and Replace < 1.4.1 - Admin+ SQLi

The plugin does not properly sanitise and escape table data before inserting it into a SQL query, which could allow high privilege users to perform SQL Injection attacks POST /wp-admin/tools.php?page=better-search-replace&bsr-ajax=processsearchreplace HTTP/1.1 Accept: application/json,...

7.2CVSS0.4AI score0.01066EPSS
Exploits2
wpexploit
wpexploit
added 2022/06/02 12:0 a.m.125 views

HTML2WP <= 1.0.0 - Arbitrary Settings Update via CSRF

The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them input type=...

4.3CVSS1.8AI score0.00412EPSS
Exploits2
wpexploit
wpexploit
added 2022/05/30 12:0 a.m.125 views

Amazon Einzeltitellinks <= 1.3.3 - Arbitrary Settings Update to Stored XSS via CSRF

The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and lead to Stored Cross-Site Scripting due to the lack of sanitisation and escaping ' document.getElementById"test".submit;...

6.5CVSS1.2AI score0.00393EPSS
Exploits2
wpexploit
wpexploit
added 2022/05/30 12:0 a.m.125 views

Multi-page Toolkit <= 2.6 - Arbitrary Settings Update to Stored XSS via CSRF

The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and lead to Stored Cross-Site Scripting due to the lack of sanitisation and escaping as well ' input typ...

5.4CVSS0.3AI score0.00292EPSS
Exploits2
wpexploit
wpexploit
added 2022/05/16 12:0 a.m.125 views

Discy < 5.2 - Restore Default Settings via CSRF

The theme does not check for CSRF tokens in the AJAX action discyresetoptions, allowing an attacker to trick an admin into resetting the site settings back to defaults...

6.5CVSS1.6AI score0.00513EPSS
Exploits2
wpexploit
wpexploit
added 2022/05/09 12:0 a.m.125 views

Slideshow <= 2.3.1 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitize and escape some of its default slideshow settings, which could allow high-privileged users such as admin to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed As admin, put the following payload in the "Number of seconds the sli...

4.8CVSS0.3AI score0.00565EPSS
Exploits2
wpexploit
wpexploit
added 2022/04/11 12:0 a.m.125 views

Visual Form Builder < 3.0.8 - Entries Deletion/Restoration via CSRF

The plugin does not enforce nonce checks which could allow attackers to make a logged in admin or editor delete and restore arbitrary form entries via CSRF attacks Single entry trash: https://example.com/wp-admin/admin.php?page=vfb-entries&action=trash&entry=2 Since entry permanent deletion:...

8.1CVSS1.1AI score0.00453EPSS
Exploits1References1
wpexploit
wpexploit
added 2022/02/28 12:0 a.m.125 views

AP Pricing Tables Lite < 1.1.5 - Reflected Cross-Site Scripting

The plugin does not sanitize and escape the postid parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting. https://example.com/wp-admin/admin.php?page=ap-pricing-tables-lite-add-new&postid=1'...

6.1CVSS0.6AI score0.00853EPSS
Exploits2References1
wpexploit
wpexploit
added 2022/02/01 12:0 a.m.125 views

Product Feed PRO for WooCommerce < 11.2.3 - Reflected Cross-Site Scripting

The plugin does not escape the rowCount parameter before outputting it back in an attribute via the wooseacategoriesdropdown AJAX action available to any authenticated user, leading to a Reflected Cross-Site Scripting...

5.4CVSS0.3AI score0.00742EPSS
Exploits2References1
wpexploit
wpexploit
added 2022/01/11 12:0 a.m.125 views

Mortgage Calculators WP < 1.56 - Admin+ Stored Cross-Site Scripting

The plugin does not implement any sanitisation on the color setting of the background of a calculator, which could allow high privilege users to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. 1. Go to settings page available under the "Calculato...

4.8CVSS4.7AI score0.05063EPSS
Exploits5
wpexploit
wpexploit
added 2021/11/16 12:0 a.m.125 views

SportsPress < 2.7.9 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape its matchday parameter before outputting back in the Events backend page, leading to a Reflected Cross-Site Scripting issue https://example.com/wp-admin/edit.php?posttype=spevent&matchday=%22%3E%3Csvg%2Fonload%3Dalert%28%2FXSS%2F%29%3B%3E%3C%22...

6.1CVSS5.9AI score0.008EPSS
Exploits2
wpexploit
wpexploit
added 2021/08/26 12:0 a.m.125 views

Woffice < 4.0.2 - Unauthenticated Disclosure of Notification Titles

The theme lacks authentication checks before returning the titles of notifications between the site's users. Any request to the wofficeNotificationGet ajax endpoint will return titles of notifications sent between users. Example:...

0.8AI score
Exploits0
wpexploit
wpexploit
added 2021/07/23 12:0 a.m.125 views

Easy Testimonial Manager <= 1.2.0 - Authenticated SQL Injection

An id GET parameter of the plugin is not sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection GET /wp-admin/admin.php?page=easytestimonialupdate&id=page=easytestimonialupdate&id=1%20UNION%20ALL%20SELECT%20NULL,NULL,NULL,NULL,NULL,user,NULL,NULL-- HTTP/1.1...

6.5CVSS1.6AI score0.01547EPSS
Exploits2References1
wpexploit
wpexploit
added 2021/06/25 12:0 a.m.125 views

Event Espresso Core < 4.10.7.p - Reflected Cross-Site Scripting (XSS)

The adminpages/messages/templates/eemsgadminoverview.template.php file of the plugin did not escape user input before outputting back in an attribute in the page, leading to a reflected Cross-Site Scripting issue...

6.1CVSS0.1AI score0.03796EPSS
Exploits2References1
wpexploit
wpexploit
added 2021/01/19 12:0 a.m.125 views

e-signature < 1.5.6.8 - Unauthenticated Arbitrary File Upload leading to RCE

The AJAX sifuploadfile allowed the authorised extensions to be provided in the request, which result in unauthenticated arbitrary file upload and lead to RCE /wp-admin/admin-ajax.php?action=sifuploadfile...

3.6AI score
Exploits0References1
wpexploit
wpexploit
added 2024/05/31 12:0 a.m.124 views

WP Logs Book <= 1.0.1 - Log Clearing via CSRF

Description The plugin does not have CSRF check when clearing logs, which could allow attackers to make a logged in admin clear the logs them via a CSRF attack Make an admin open an HTML file containing: Note: The 404 Error Logs can also be cleared by modifying the PoC...

6.6AI score0.00183EPSS
Exploits2
wpexploit
wpexploit
added 2024/05/24 12:0 a.m.124 views

WP Prayer II <= 2.4.7 - Settings Update via CSRF

Description The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack Have an admin open an HTML file containing:...

6.6AI score0.00211EPSS
Exploits2
wpexploit
wpexploit
added 2024/05/24 12:0 a.m.124 views

Pray For Me <= 1.0.4 - Settings Update via CSRF

Description The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack Make a logged in admin open an HTML file containing:...

6.6AI score0.00198EPSS
Exploits2
wpexploit
wpexploit
added 2024/05/08 12:0 a.m.124 views

Playlist for Youtube <= 1.32 - Editor+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup 1. Go to...

5.6AI score0.00332EPSS
Exploits2
wpexploit
wpexploit
added 2024/02/20 12:0 a.m.124 views

Tabs Shortcode and Widget <= 1.17 - Contributor+ Stored Cross-Site Scripting

Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks otwshortcodetabslayout tabs="2"...

7.7AI score0.00431EPSS
Exploits2References1
Total number of security vulnerabilities4359