Lucene search
K
WpexploitMost viewed

4359 matches found

wpexploit
wpexploit
added 2024/01/22 12:0 a.m.124 views

Popup Box Pro < 7.9.0 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed Create/edit a new popup and add the following payload in the Custom Content: alert1; Save,...

5.9AI score0.0048EPSS
Exploits3
wpexploit
wpexploit
added 2023/11/28 12:0 a.m.124 views

WP Mail Log < 1.1.3 – Contributor+ LFI in wml_logs/send_mail endpoint

Description The plugin does not properly validate file path parameters when attaching files to emails, leading to local file inclusion, and allowing an attacker to leak the contents of arbitrary files. Run the following within any page on the site, ensuring that the id parameter is set to a valid...

6.5CVSS6.6AI score0.00707EPSS
Exploits2
wpexploit
wpexploit
added 2023/10/31 12:0 a.m.124 views

10Web Booster < 2.24.18 - Unauthenticated Arbitrary Option Deletion

Description The plugin does not validate the option name given to some AJAX actions, allowing unauthenticated users to delete arbitrary options from the database, leading to denial of service. fetch"http://127.0.0.1:8001/wp-admin/admin-ajax.php", "headers": "content-type":...

9.1CVSS6.8AI score0.02811EPSS
Exploits2
wpexploit
wpexploit
added 2023/01/30 12:0 a.m.124 views

BackupBuddy < 8.8.3 - Multiple Reflected Cross-Site Scripting

The plugin does not sanitise and escape some parameters before outputting them back in various places, leading to Reflected Cross-Site Scripting Make a logged in admin/SA open one of the URL below: v " "...

6.1CVSS6.7AI score0.00858EPSS
Exploits2
wpexploit
wpexploit
added 2022/12/16 12:0 a.m.124 views

iPages Flipbook For WordPress < 1.4.7 - Contributor+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow users such as contributor+ to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. 1. Create a new book item with whatever role, even if it's an Administrator. 2. Connect ...

5.4CVSS0.3AI score0.00471EPSS
Exploits2
wpexploit
wpexploit
added 2022/11/29 12:0 a.m.124 views

Menu Item Visibility Control <= 0.5 - Admin+ Arbitrary PHP Code Execution

The plugin doesn't sanitize and validate the "Visibility logic" option for WordPress menu items, which could allow highly privileged users to execute arbitrary PHP code even in a hardened environment. 1. As an admin, go to "Appearance - Menus" and create a menu with some items of your choice. 2. ...

7.2CVSS1.3AI score0.01225EPSS
Exploits2
wpexploit
wpexploit
added 2022/07/21 12:0 a.m.124 views

Digital Publications by Supsystic < 1.7.4 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. 1. Create new publication, name it whatever 2. Click the "Custom Page" tab to add a new page: - name it...

4.8CVSS0.2AI score0.00493EPSS
Exploits2
wpexploit
wpexploit
added 2022/07/18 12:0 a.m.124 views

WP DS Blog Map <= 3.1.3 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfilteredhtml capability is disallowed for example in multisite setup Put the following payload in any of the settings...

4.8CVSS4.7AI score0.00493EPSS
Exploits2
wpexploit
wpexploit
added 2022/07/05 12:0 a.m.124 views

Invitation Based Registrations <= 2.2.84 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfilteredhtml capability is disallowed for example in multisite setup Put the following payload in the "After Register Redire...

4.8CVSS0.3AI score0.00493EPSS
Exploits2
wpexploit
wpexploit
added 2022/06/20 12:0 a.m.124 views

Analytify < 4.2.1 - Reflected Cross-Site Scripting

The plugin does not escape the current URL before outputting it back in a 404 page when the 404 tracking feature is enabled, leading to Reflected Cross-Site Scripting When 404 tracking is enabled: https://example.com/aa404bb?aalert/XSS/...

Exploits0
wpexploit
wpexploit
added 2022/06/15 12:0 a.m.124 views

Pagebar < 2.70 - Arbitrary Settings Update via CSRF to Stored XSS

The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack. Furthermore, due to the lack of sanitisation in some of them, it could also lead to Stored XSS issues ' input type="text" name="postaftloop...

5.4CVSS1.1AI score0.00296EPSS
Exploits2
wpexploit
wpexploit
added 2022/06/06 12:0 a.m.124 views

Site Offline or Coming Soon <= 1.6.6 - Stored Cross-Site Scripting via CSRF

The plugin does not have CSRF check in place when updating its settings, and it also lacking sanitisation as well as escaping in some of them. As a result, attackers could make a logged in admin change them and put Cross-Site Scripting payloads in them via a CSRF attack "...

6.1CVSS1AI score0.00739EPSS
Exploits2
wpexploit
wpexploit
added 2022/05/31 12:0 a.m.124 views

Tiny Contact Form <= 0.7 - Arbitrary Settings Update via CSRF

The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack '' document.getElementById"test".submit;...

4.3CVSS1.4AI score0.00412EPSS
Exploits2
wpexploit
wpexploit
added 2022/05/23 12:0 a.m.124 views

Core Control <= 1.2.1 - Arbitrary Settings Update via CSRF

The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack document.getElementById"test".submit; document.getElementById"test".submit;...

1.4AI score0.00285EPSS
Exploits2
wpexploit
wpexploit
added 2022/04/25 12:0 a.m.124 views

WP Subtitle < 3.4.1 - Contributor+ Stored Cross-Site Scripting

The plugin adds a subtitle field and provides a shortcode to display it via wpsubtitle. The subtitle is stored as a custom post meta with the key: "wpssubtitle", which is sanitized upon post save/update, however is not sanitized when updating it directly from the post meta update button via AJAX ...

5.4CVSS0.00567EPSS
Exploits2
wpexploit
wpexploit
added 2022/04/11 12:0 a.m.124 views

Responsive Tabs < 4.0.6 - Author+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some parameters, which could allow users with a role as low as author to perform Cross-Site Scripting attacks As author or above, create/edit a new Tab and put the following payload as its content:...

4.8CVSS0.5AI score0.00576EPSS
Exploits1
wpexploit
wpexploit
added 2022/04/11 12:0 a.m.124 views

Adrotate < 5.8.23 - Admin+ XSS via Group Name

The plugin does not escape Group Names, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed Create/edit a group and put the following payload in the Name field: " style=animation-name:rotation...

4.8CVSS2.2AI score0.00577EPSS
Exploits2
wpexploit
wpexploit
added 2022/03/16 12:0 a.m.124 views

iQ Block Country < 1.2.13 - Admin+ Arbitrary File Deletion via Zip Slip

The settings of the plugin can be exported or imported using its backup functionality. An authorized user can import preconfigured settings of the plugin by uploading a zip file. After the uploading process, files in the uploaded zip file are extracted one by one. During the extraction process,...

4.9CVSS5.1AI score0.03315EPSS
Exploits5
wpexploit
wpexploit
added 2022/02/07 12:0 a.m.124 views

WordPress Real Cookie Banner < 2.14.2 - Settings Reset via CSRF

The plugin does not have CSRF checks in place when resetting its settings, allowing attackers to make a logged in admin reset them via a CSRF attack https://example.com/wp-admin/admin.php?page=real-cookie-banner-component&rcb-reset-all=1...

6.5CVSS4AI score0.00523EPSS
Exploits2
wpexploit
wpexploit
added 2021/06/30 12:0 a.m.124 views

Title Field Validation <= 1.1 - Unauthorised AJAX Calls

The plugin does not properly check for CSRF in its findposttype, savevalidation, editvalidation, updatevalidation and deletevalidation AJAX actions. Additionally, the actions were also missing any capability checks. As a result, any authenticated user such as subscriber could call them to create,...

Exploits0
wpexploit
wpexploit
added 2021/04/21 12:0 a.m.124 views

RSS for Yandex Turbo < 1.30 - Authenticated Stored Cross-Site Scripting (XSS)

The plugin did not properly sanitise the user inputs from its Счетчики settings tab before outputting them back in the page, leading to authenticated stored Cross-Site Scripting issues As admin, Navigate to Setting Яндекс.Турбо Счетчики and enter a payload such as " onmouseover="alert1 into all t...

3.5CVSS5.3AI score0.0062EPSS
Exploits2
wpexploit
wpexploit
added 2021/03/26 12:0 a.m.124 views

Vertical News Scroller < 1.17 - Authenticated Reflected Cross-Site Scripting (XSS)

The plugin attempted to fix a reflected Cross-Site Scripting in v1.10, however the changes were insufficient, as sanitizetextfield was used, but output in an attribute without being escaped. For versions 1.17:...

1AI score
Exploits0
wpexploit
wpexploit
added 2021/03/17 12:0 a.m.124 views

Elementor < 3.1.2 - Authenticated Stored Cross-Site Scripting (XSS) in Icon Box Widget

In the plugin, the icon box widget includes/widgets/icon-box.php accepts a ‘titlesize’ parameter. Although the element control lists a fixed set of possible html tags, it is possible for a user with Contributor or above permissions to send a modified ‘savebuilder’ request containing JavaScript in...

3.5CVSS5.5AI score0.00746EPSS
Exploits2References1
wpexploit
wpexploit
added 2020/03/25 12:0 a.m.124 views

Product Lister for Walmart <= 1.0.0 - Unauthenticated RCE via Outdated PHPUnit

The plugin uses an outdated PHPUnit library, which is known to be affected by an unauthenticated RCE issue. February 28th, 2020 - Ticket sent to vendor via https://support.cedcommerce.com/open.php March 6th, 2020 - Update requested to vendor also realised that the ticket was closed w/o reason giv...

7.5CVSS0.4AI score0.99999EPSS
Exploits19References1
wpexploit
wpexploit
added 2024/05/24 12:0 a.m.123 views

SVGator <= 1.2.6 - Stored XSS via SVG Upload

Description The plugin does not sanitize SVG file contents, which enables users with at least the author role to SVG with malicious JavaScript to conduct Stored XSS attacks. 1. Create a SVG file with the malicious payload within it; Example SVG file:...

5.8AI score0.00312EPSS
Exploits2
wpexploit
wpexploit
added 2023/10/27 12:0 a.m.123 views

Popup Box < 3.7.9 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed. 1 Create a new popup via /wp-admin/admin.php?page=ays-pb&action=add 2 Set its "Custom...

4.8CVSS4.8AI score0.00451EPSS
Exploits2
wpexploit
wpexploit
added 2023/05/15 12:0 a.m.123 views

WooCommerce Ship to Multiple Addresses < 3.8.4 - Subscriber+ Shipping Address Disclosure via IDOR

The plugin does not ensure that the order to display the shipping address from belong to the user making the request, allowing any authenticated users, such as subscriber to view other shipping addresses via an IDOR https://example.com/checkout/shipping-addresses/?orderid=106...

6.4AI score0.00545EPSS
Exploits1References1
wpexploit
wpexploit
added 2023/04/17 12:0 a.m.123 views

Sloth Logo Customizer <= 2.0.2 - Stored XSS via CSRF

The plugin does not have CSRF check when updating its settings, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack Make a logged in Admin open a page containing the HTML code below '...

8.8CVSS8AI score0.13871EPSS
Exploits2
wpexploit
wpexploit
added 2023/04/05 12:0 a.m.123 views

Stagtools < 2.3.7 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. 1. Create a Post and add a Shortcode. 2...

5.4CVSS8.8AI score0.00444EPSS
Exploits2
wpexploit
wpexploit
added 2023/03/20 12:0 a.m.123 views

All-In-One Security (AIOS) < 5.1.5 - Admin+ Stored XSS

The plugin does not escape the content of log files before outputting it to the plugin admin page, allowing an authorized user admin+ to plant bogus log files containing malicious JavaScript code that will be executed in the context of any administrator visiting this page. Just create a test.pdf...

4.8CVSS6.1AI score0.32462EPSS
Exploits2
wpexploit
wpexploit
added 2023/03/11 12:0 a.m.123 views

WH Testimonials <= 3.0.0 - Unauthenticated Stored XSS

The plugin does not sanitise and escape the whhomepage, whtextshort and whtextfull parameters of submitted Testimonials, which could allow unauthenticated attackers to perform Stored Cross-Site Scripting attacks curl -X POST 'http://example.com/add/' \ -H 'Content-Type: multipart/form-data;...

7.2CVSS6.3AI score0.00743EPSS
Exploits2References1
wpexploit
wpexploit
added 2023/02/21 12:0 a.m.123 views

Smart Logo Showcase Lite <= 1.1.9 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. smlsgutenblock heading='XSS' headingtag='h2...

5.4CVSS5.2AI score0.00471EPSS
Exploits2
wpexploit
wpexploit
added 2022/12/20 12:0 a.m.123 views

Ibtana – WordPress Website Builder < 1.1.8.8 - Contributor+ Stored XSS via Shortcode

The plugin does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack Exploit shortcode: ive t='2100-01-01' id='" onmouseover="alert1" style="background:red;"'...

5.4CVSS2AI score0.00555EPSS
Exploits2
wpexploit
wpexploit
added 2022/12/05 12:0 a.m.123 views

Welcart e-Commerce < 2.8.5 - Unauthenticated Arbitrary File Access

The plugin does not validate user input before using it to output the content of a file, which could allow unauthenticated attacker to read arbitrary files on the server This is a different issue than CVE-2022-41840...

9.8CVSS2.9AI score0.05116EPSS
Exploits3
wpexploit
wpexploit
added 2022/08/01 12:0 a.m.123 views

WP Edit Menu <= 1.5.0 - Arbitrary Post Deletion via CSRF

The plugin does not have CSRF in an AJAX action, which could allow attackers to make a logged in admin delete arbitrary posts/pages from the blog via a CSRF attack...

4.3CVSS1.8AI score0.00292EPSS
Exploits2
wpexploit
wpexploit
added 2022/07/18 12:0 a.m.123 views

Name Directory < 1.25.5 - Stored Cross-Site Scripting via CSRF

The plugin does not have CSRF check when adding/editing names, and is also lacking sanitisation as well as escaping in some of the fields, which could allow attackers to make a logged in admin edit arbitrary names and put XSS payloads in them. ' / " / ' /...

Exploits0
wpexploit
wpexploit
added 2022/06/27 12:0 a.m.123 views

miniOrange's Google Authenticator < 5.5.75 - Reflected Cross-Site Scripting

The plugin does not escape some URLs before outputting them back in attributes, leading to Reflected Cross-Site Scripting https://example.com/wp-admin/admin.php?page=mo2fatwofa&a"alert/XSS/...

0.4AI score
Exploits0
wpexploit
wpexploit
added 2022/06/01 12:0 a.m.123 views

Clean-Contact <= 1.6 - Arbitrary Settings Update to Stored XSS via CSRF

The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and lead to Stored XSS due to the lack of sanitisation and escaping as well ' document.getElementById"test".submit;...

4.3CVSS0.9AI score0.00412EPSS
Exploits2
wpexploit
wpexploit
added 2022/05/13 12:0 a.m.123 views

Files Download Delay < 1.0.7 - Subscriber+ Settings Reset

The plugin does not have authorisation and CSRF checks when reseting its settings, which could allow any authenticated users, such as subscriber to perform such action. https://example.com/wp-admin/admin-ajax.php?action=ddlayrestoredefaults...

6.5CVSS3AI score0.00406EPSS
Exploits2
wpexploit
wpexploit
added 2022/04/11 12:0 a.m.123 views

Photo Gallery < 1.6.3 - Reflected Cross-Site Scripting

The plugin does not properly sanitize the $GET'imageurl' variable, which is reflected back to the users when executing the editimagebwg AJAX action. var form1 = document.getElementById'hack'; form1.submit;...

6.1CVSS0.5AI score0.00847EPSS
Exploits2References1
wpexploit
wpexploit
added 2022/02/16 12:0 a.m.123 views

Better WordPress Google XML Sitemaps <= 1.4.1 - Unauthenticated Stored Cross-Site Scripting

The plugin does not sanitise and escape its logs when outputting them in the admin dashboard, which could allow unauthenticated users to perform Stored Cross-Site Scripting attacks against admins With the permalinks settings set to plain, as an unauthenticated user, open...

0.1AI score0.01496EPSS
Exploits2
wpexploit
wpexploit
added 2021/11/03 12:0 a.m.123 views

Event Manager for WooCommerce < 3.5.3 - Unauthenticated Arbitrary Elementor Template Import

The mepimportajaxtemplate AJAX action of the plugin, available to both unauthenticated and authenticated users, is lacking any authorisation and CSRF checks. As a result, unauthenticated user can import arbitrary Elementor template to the blog Legit template:...

7.2AI score
Exploits0
wpexploit
wpexploit
added 2021/05/26 12:0 a.m.123 views

Simple 301 Redirects by BetterLinks - 2.0.0 – 2.0.3 - Unauthenticated Redirect Import

The importdata function of the plugin had no capability or nonce checks making it possible for unauthenticated users to import a set of site redirects. curl -i -s -k -X $'POST' \ -H $'Host: URLHERE' -H $'Content-Length: 379' -H $'Cache-Control: max-age=0' -H $'Upgrade-Insecure-Requests: 1' -H...

8.8CVSS1.5AI score0.01107EPSS
Exploits2References1
wpexploit
wpexploit
added 2024/05/24 12:0 a.m.122 views

SVGMagic <= 1.1 - Stored XSS via SVG Upload

Description The plugin does not sanitize SVG file contents, which enables users with at least the author role to SVG with malicious JavaScript to conduct Stored XSS attacks. 1. Create a SVG file with the malicious payload within it; Example SVG file:...

5.8AI score0.00312EPSS
Exploits2
wpexploit
wpexploit
added 2024/01/09 12:0 a.m.122 views

Community by PeepSo < 6.3.1.2 - User Post Creation via CSRF

Description The plugin does not have CSRF check when creating a user post visible on their wall in their profile page, which could allow attackers to make logged in users perform such action via a CSRF attack 1. Log in as a normal user. 2. Save the content below as an HTML file...

4.3CVSS6.8AI score0.00237EPSS
Exploits2
wpexploit
wpexploit
added 2023/03/20 12:0 a.m.122 views

Scheduled Announcements Widget < 1.0 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. Note: First you need to add an Announcement...

5.4CVSS5.6AI score0.00444EPSS
Exploits2
wpexploit
wpexploit
added 2023/01/04 12:0 a.m.122 views

Revive Old Posts – Social Media Auto Post and Scheduling Plugin < 9.0.11 - PHP Object Injection

The plugin unserializes user input provided via the settings, which could allow high privilege users such as admin to perform PHP Object Injection when a suitable gadget is present. To simulate a gadget chain, put the following code in a plugin: class Evil public function wakeup : void...

7.2CVSS1.1AI score0.01046EPSS
Exploits2
wpexploit
wpexploit
added 2022/09/26 12:0 a.m.122 views

Meks Easy Social Share < 1.2.8 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup Intercept the request made when saving the setting...

4.8CVSS4.7AI score0.00532EPSS
Exploits2
wpexploit
wpexploit
added 2022/06/30 12:0 a.m.122 views

Gallery for Social Photo < 1.0.0.29 - Arbitrary Post Duplication via CSRF

The plugin does not have CSRF check in place when duplicating a post or page, which could allow attackers to make a logged in a admin duplicate them via a CSRF attack https://example.com/wp-admin/admin-ajax.php?action=gifeedduplicatefeed&post=12...

5.4CVSS4.2AI score0.00342EPSS
Exploits1
wpexploit
wpexploit
added 2022/06/23 12:0 a.m.122 views

Loading Page with Loading Screen < 1.0.83 - Admin+ Stored Cross-Site Scripting

The plugin does not escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. Go to Settings - Loading Page, in the "Display loading screen in" settings, select either "specific pages" or "specif...

4.8CVSS0.00493EPSS
Exploits2
Total number of security vulnerabilities4359