Lucene search
K
WpexploitMost viewed

4359 matches found

wpexploit
wpexploit
added 2022/06/21 12:0 a.m.123 views

CDI < 5.1.9 - Reflected Cross-Site-Scripting

The plugin does not sanitise and escape a parameter before outputting it back in the response of an AJAX action available to both unauthenticated and authenticated users, leading to a Reflected Cross-Site Scripting...

6.1CVSS0.5AI score0.01297EPSS
Exploits2
wpexploit
wpexploit
added 2022/05/31 12:0 a.m.122 views

MailPress <= 7.2.1 - Arbitrary Settings Update & Log Files Purge via CSRF

The plugin does not have CSRF checks in various places, which could allow attackers to make a logged in admin change the settings, purge log files and more via CSRF attacks document.getElementById"test".submit; input type="text" name="connectionsmtppasswo...

6.5CVSS1AI score0.00502EPSS
Exploits2
wpexploit
wpexploit
added 2022/05/23 12:0 a.m.122 views

Minimal Coming Soon – Coming Soon Page < 2.35 - Multiple Authenticated Stored XSS

The plugin does not sanitize or escape some of its settings, allowing high privilege users such as admin to se Cross-Site Scripting payload in them, which will be triggered in the backend. A As admin, put the following in the Custom CSS setting...

0.5AI score
Exploits0
wpexploit
wpexploit
added 2022/05/11 12:0 a.m.122 views

Database Backup for WordPress < 2.5.2 - Arbitrary Schedule Settings Update via CSRF

The plugin does not have CSRF check in place when updating the schedule backup settings, which could allow an attacker to make a logged in admin change them via a CSRF attack. This could lead to cases where attackers can send backup notification emails to themselves, which contain more details. O...

5.8CVSS1AI score0.00402EPSS
Exploits2
wpexploit
wpexploit
added 2022/05/02 12:0 a.m.122 views

StaffList < 3.1.6 - Arbitrary Staff Deletion via CSRF

The plugin does not have CSRF check in place when deleting staff members, which could allow attacker to make a logged in admin perform such action and delete arbitrary staff via a CSRF attack https://example.com/wp-admin/admin.php?page=stafflist&s=last&remove=1&p=1...

4.6AI score
Exploits0References1
wpexploit
wpexploit
added 2022/03/16 12:0 a.m.122 views

LearnPress < 4.1.6 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape the lp-dismiss-notice before outputting it back via the lpbackgroundsingleemail AJAX action, leading to a Reflected Cross-Site Scripting...

6.1CVSS1.7AI score0.02254EPSS
Exploits2
wpexploit
wpexploit
added 2022/01/04 12:0 a.m.122 views

Advanced Cron Manager - Subscriber+ Arbitrary Events/Schedules Creation/Deletion

The plugins do not have authorisation checks in some of their AJAX actions, allowing any authenticated users, such as subscriber to call them and add or remove events as well as schedules for example Execute the below command in the web developer console of the web browser when being logged in as...

4.3CVSS0.3AI score0.0065EPSS
Exploits2
wpexploit
wpexploit
added 2022/01/03 12:0 a.m.122 views

Contact Form 7 Skins < 2.5.1 - Reflected Cross-Site Scripting (XSS)

The plugin does not sanitise and escape the tab parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting https://example.com/wp-admin/admin.php?page=cf7skins&tab=%27%3E%3Cimg+src+onerror%3Dalert%281%29%3E requires the Contact Form 7 plugin to be installed...

6.1CVSS0.4AI score0.02412EPSS
Exploits2
wpexploit
wpexploit
added 2021/11/08 12:0 a.m.122 views

Backup and Restore <= 1.0.3 - Admin+ Arbitrary File Deletion

The plugin does not sanitise and validate the foldername parameter when deleting a report, which could allow high privilege users to delete arbitrary files on the web server, including those outside of the WordPress folder POST /wp-admin/admin-ajax.php HTTP/1.1 Accept: / Accept-Language:...

6.9AI score
Exploits0References1
wpexploit
wpexploit
added 2021/06/30 12:0 a.m.122 views

Fontsampler < 0.4.13 - CSRF to Authenticated Reflected Cross-Site Scripting (XSS)

The plugin did not properly check for CSRF and authorisation in its ajaxgetmockfontsampler AJAX action, which could lead to an authenticated reflected XSS issue as user input was then output without being sanitised first. POST /wp-admin/admin-ajax.php HTTP/1.1 Accept: / Accept-Language:...

0.2AI score
Exploits0
wpexploit
wpexploit
added 2021/06/29 12:0 a.m.122 views

Handsome Testimonials & Reviews < 2.1.1 - Authenticated (Subscriber+) SQL Injection

The hndtstactioninstancecallback AJAX call of the plugin, available to any authenticated users, does not sanitise, validate or escape the hndtstpreviewShortcodeInstanceId POST parameter before using it in a SQL statement, leading to an SQL Injection issue. curl -i -s -k -X $'POST' \ -H...

6.5CVSS0.8AI score0.01599EPSS
Exploits2References1
wpexploit
wpexploit
added 2021/06/14 12:0 a.m.122 views

Woocommerce Stock Manager < 2.6.0 - CSRF to Arbitrary File Upload

The plugin is vulnerable to CSRF leading to Arbitrary File Upload due to missing nonce and file validation in the /admin/views/import-export.php file. File will upload to: /wp-content/plugins/woocommerce-stock-manager/admin/views/upload/PoC.php history.pushState'', '', '/' function submitRequest...

6.8CVSS0.5AI score0.00719EPSS
Exploits2References1
wpexploit
wpexploit
added 2021/04/29 12:0 a.m.122 views

AcyMailing < 7.5.0 - Open Redirect

When subscribing using AcyMailing, the "redirect" parameter isn't properly sanitized. Turning the request from POST to GET, an attacker can craft a link containing a potentially malicious landing page and send it to the victim. When using acymailing to subscribe to a newsletter, you make a POST...

6.1CVSS0.2AI score0.01939EPSS
Exploits2
wpexploit
wpexploit
added 2021/04/26 12:0 a.m.122 views

Goto < 2.1 - Unauthenticated Blind SQL Injection

The theme did not sanitise, validate of escape the keywords GET parameter from its listing page before using it in a SQL statement, leading to an Unauthenticated SQL injection issue sqlmap --url="https://example.com/tour-list/?keywords=13&startdate=13" --random-agent -dbs --level=3 --threads=4...

9.8CVSS1.8AI score0.0195EPSS
Exploits2References1
wpexploit
wpexploit
added 2021/04/10 12:0 a.m.122 views

Event Banner <= 1.3 - Arbitrary File Upload to RCE

The plugin does not verify the uploaded image file, allowing admin accounts to upload arbitrary files, such as .exe, .php, or others executable, leading to RCE. Due to the lack of CSRF check, the issue can also be used via such vector to achieve the same result, or via a LFI as authorisation chec...

6.5CVSS0.7AI score0.01678EPSS
Exploits2References1
wpexploit
wpexploit
added 2017/01/11 12:0 a.m.122 views

WordPress 4.7 - User Information Disclosure via REST API

http://www.example.com/wp-json/wp/v2/users...

5CVSS7.7AI score0.87299EPSS
Exploits7References3
wpexploit
wpexploit
added 2023/11/28 12:0 a.m.121 views

WP Mail Log < 1.1.3 – Contributor+ SQL Injection in wml_logs endpoint

Description The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as Contributor. Run the following within a block editor page. Notice that the request is delayed by the SLEEP call in the...

8.8CVSS7.4AI score0.00721EPSS
Exploits2
wpexploit
wpexploit
added 2023/10/26 12:0 a.m.121 views

WP Hotel Booking < 2.0.9 - Contributor+ Arbitrary Post Deletion

Description The plugin does not have proper authorisation when deleting a package, allowing Contributor and above roles to delete posts that do no belong to them Run the below command in the developer console of the web browser while being on the blog as a Contributor user. This will put the post...

5.4CVSS7AI score0.0052EPSS
Exploits2
wpexploit
wpexploit
added 2023/10/16 12:0 a.m.121 views

WP Discord Invite < 2.5.2 - Admin+ Stored Cross Site Scripting

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup 1. Go to the WP Discord Invite plugin...

4.8CVSS5.7AI score0.00402EPSS
Exploits2
wpexploit
wpexploit
added 2023/08/30 12:0 a.m.121 views

Ditty < 3.1.25 - Reflected XSS

Description The plugin does not sanitise and escape some parameters and generated URLs before outputting them back in attributes, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

6.1CVSS6.1AI score0.00812EPSS
Exploits2
wpexploit
wpexploit
added 2023/03/06 12:0 a.m.121 views

WP Statistics < 14.0 - Authenticated SQLi

The plugin does not escape a parameter, which could allow authenticated users to perform SQL Injection attacks. By default, the affected feature is available to users with the manageoptions capability admin+, however the plugin has a settings to allow low privilege users to access it as well. Log...

8.8CVSS9.1AI score0.00898EPSS
Exploits2
wpexploit
wpexploit
added 2023/02/28 12:0 a.m.121 views

WC Sales Notification < 1.2.3 - Arbitrary Plugin Activation via CSRF

The plugin does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack fetch'https://example.com/wp-admin/admin-ajax.php', method: 'POST', headers: new Headers 'Content-Type':...

4.3CVSS5.6AI score0.00252EPSS
Exploits2
wpexploit
wpexploit
added 2023/02/28 12:0 a.m.121 views

WP Film Studio < 1.3.5 - Arbitrary Plugin Activation via CSRF

The plugin does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack activate woocommerce plugin exploit: fetch'http://localhost/wp-admin/admin-ajax.php', method: 'POST', headers: new...

6.5CVSS6.9AI score0.00307EPSS
Exploits2
wpexploit
wpexploit
added 2022/12/20 12:0 a.m.121 views

Download Manager < 3.2.62 - Contributor+ Stored XSS

The plugin does not validate and escapes some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as a contributor to perform Stored Cross-Site Scripting attacks against logged-in admins. 1. “Enable modal login form” option in the...

5.4CVSS0.2AI score0.00575EPSS
Exploits2
wpexploit
wpexploit
added 2022/12/05 12:0 a.m.121 views

Contest Gallery < 19.1.5 - Author+ SQL Injection

The plugins do not escape the cgcopystart POST parameter before concatenating it to an SQL query in copy-gallery-images.php. This may allow malicious users with at least author privilege to leak sensitive information from the site's database. POST...

6.5CVSS0.7AI score0.00854EPSS
Exploits2References1
wpexploit
wpexploit
added 2022/08/01 12:0 a.m.121 views

LinkWorth Plugin < 3.3.4 - Arbitrary Setting Update via CSRF

The plugin does not implement nonce checks, which could allow attackers to make a logged in admin change settings via a CSRF attack. document.getElementById"test".submit;...

4.3CVSS1.5AI score0.00317EPSS
Exploits2References1
wpexploit
wpexploit
added 2022/07/06 12:0 a.m.121 views

Simple Membership < 4.1.3 - Membership Privilege Escalation

The plugin does not properly validate the membershiplevel parameter when editing a profile, allowing members to escalate to a higher membership level by using a crafted POST request. Note: This only affects membership from the plugin, not the WordPress role To increase the level, the attacker nee...

8.8CVSS0.5AI score0.00935EPSS
Exploits2
wpexploit
wpexploit
added 2022/06/27 12:0 a.m.121 views

W-DALIL <= 2.0 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its fields, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfilteredhtml capability is disallowed for example in multisite setup Add/edit a Dali Item and put the following payload in one...

4.8CVSS4.7AI score0.00608EPSS
Exploits2References1
wpexploit
wpexploit
added 2022/06/21 12:0 a.m.121 views

Brizy Page Builder < 2.4.2 - Contributor+ Stored Cross-Site Scripting via Element URL

The plugin does not sanitise and escape some element URL, which could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks As a contributor or above, create a post using Brizy editor, add an Icon or Button element and put the following payload in the "Link...

5.4CVSS5.2AI score0.00644EPSS
Exploits2References1
wpexploit
wpexploit
added 2022/05/31 12:0 a.m.122 views

Easy Pricing Tables < 3.2.1 - Reflected Cross-Site-Scripting

The plugin does not sanitise and escape parameter before outputting it back in a page available to any user both authenticated and unauthenticated when a specific setting is enabled, leading to a Reflected Cross-Site Scripting With the "Compatibility Mode"...

6.1CVSS0.1AI score0.01388EPSS
Exploits2
wpexploit
wpexploit
added 2022/05/17 12:0 a.m.121 views

Google Places Review < 2.0.0 - Admin+ Stored Cross Site Scripting

The plugin does not properly escape its Google API key setting, which is reflected on the site's administration panel. A malicious administrator could abuse this bug, in a multisite WordPress configuration, to trick super-administrators into viewing the booby-trapped payload and taking over their...

4.8CVSS0.8AI score0.0071EPSS
Exploits2
wpexploit
wpexploit
added 2022/05/16 12:0 a.m.121 views

LiveSync for WordPress <= 1.0 - Arbitrary Settings Update via CSRF

The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack document.getElementById"test".submit; document.getElementById"test".submit; input...

4.3CVSS1.4AI score0.00412EPSS
Exploits2
wpexploit
wpexploit
added 2022/04/05 12:0 a.m.121 views

Documentor <= 1.5.3 - Unauthenticated SQLi

The plugin fails to sanitize and escape user input before it is being interpolated in an SQL statement and then executed, leading to an SQL Injection exploitable by unauthenticated users. curl https://example.com/wp-admin/admin-ajax.php --data 'action=docsearchresults&term=&docid=1 AND SELECT 628...

9.8CVSS1.4AI score0.42764EPSS
Exploits2
wpexploit
wpexploit
added 2022/03/07 12:0 a.m.121 views

Popup Builder < 4.1.1 - SQL Injection to Reflected Cross-Site Scripting

The plugin does not sanitise and escape the sgpb-subscription-popup-id parameter before using it in a SQL statement in the All Subscribers admin dashboard, leading to a SQL injection, which could also be used to perform Reflected Cross-Site Scripting attack against a logged in admin opening a...

9.8CVSS0.8AI score0.4408EPSS
Exploits2References1
wpexploit
wpexploit
added 2022/03/01 12:0 a.m.121 views

Amelia < 1.0.47 - Customer+ Arbitrary Appointments Update and Sensitive Data Disclosure

The plugin does not have proper authorisation when managing appointments, allowing any customer to update other's booking, as well as retrieve sensitive information about the bookings, such as the full name and phone number of the person who booked it. 1. Create a booking with user01 2. Create...

5.5CVSS0.00609EPSS
Exploits2
wpexploit
wpexploit
added 2022/02/14 12:0 a.m.121 views

WordPress File Upload < 4.16.3 - Contributor+ Stored Cross-Site Scripting via Malicious SVG

The plugin allows users with a role as low as Contributor to configure the upload form in a way that allows uploading of SVG files, which could be then be used for Cross-Site Scripting attacks 1. As a contributor or above add the following shortcode to a post: wordpressfileupload...

5.4CVSS0.5AI score0.0077EPSS
Exploits2References1
wpexploit
wpexploit
added 2021/07/21 12:0 a.m.121 views

NewsPlugin < 1.1.0 - CSRF to Stored Cross-Site Scripting

The NewsPlugin WordPress plugin is vulnerable to Cross-Site Request Forgery via the handlesavestyle function found in the /news-plugin.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.0.18. Note: v1.1.0 Added CSRF to the affected function, but see...

6.8CVSS2.6AI score0.0056EPSS
Exploits1References1
wpexploit
wpexploit
added 2021/05/04 12:0 a.m.121 views

Goto < 2.1 - Reflected Cross-Site Scripting (XSS)

The theme did not properly sanitize the formvalue JSON POST parameter in its tlfilter AJAX action, leading to an unauthenticated Reflected Cross-site Scripting XSS vulnerability. POST /wp-admin/admin-ajax.php HTTP/1.1 Accept: / Accept-Language: en-GB,en;q=0.5 Accept-Encoding: gzip, deflate...

6.1CVSS0.3AI score0.00822EPSS
Exploits2
wpexploit
wpexploit
added 2021/03/30 12:0 a.m.121 views

Ivory Search < 4.6.1 - Reflected Cross Site Scripting (XSS)

The Search Forms page of the plugin did not properly sanitise the tab parameter before output it in the page, leading to a reflected Cross-Site Scripting issue when opening a malicious crafted link as a high privilege user. Knowledge of a form id is required to conduct the attack...

4.3CVSS0.3AI score0.01173EPSS
Exploits2References2
wpexploit
wpexploit
added 2021/01/12 12:0 a.m.121 views

Orbit Fox by ThemeIsle < 2.10.3 - Authenticated Stored Cross Site Scripting

Orbit Fox by ThemeIsle has a feature to add custom scripts to the header and footer of a page or post. There were no checks to verify that a user had the unfilteredhtml capability prior to saving the script tags, thus allowing lower-level users to inject scripts that could potentially be maliciou...

5.5AI score0.00687EPSS
Exploits2References1
wpexploit
wpexploit
added 2021/01/12 12:0 a.m.121 views

Orbit Fox by ThemeIsle < 2.10.3 - Authenticated Privilege Escalation

Orbit Fox by ThemeIsle has a feature to add a registration form to both the Elementor and Beaver Builder page builders functionality. As part of the registration form, administrators can choose which role to set as the default for users upon registration. This field is hidden from view for...

6.5AI score0.009EPSS
Exploits2References1
wpexploit
wpexploit
added 2024/05/31 12:0 a.m.120 views

CB (legacy) <= 0.9.4.18 - Code/Timeframe/Booking Deletion via CSRF

Description The plugin does not have CSRF checks in some bulk actions, which could allow attackers to make logged in admins perform unwanted actions, such as deleting codes, timeframes, and bookings via CSRF attacks Codes:...

6.7AI score0.00209EPSS
Exploits2
wpexploit
wpexploit
added 2024/05/17 12:0 a.m.120 views

WP Stacker <= 1.8.5 - Stored XSS via CSRF

Description The plugin does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack Make an admin open an HTML document containing: alert888' / alert2' /...

5.9AI score0.00199EPSS
Exploits2
wpexploit
wpexploit
added 2023/09/11 12:0 a.m.120 views

Checkout Field Editor < 1.7.5 - Checkout Fields Update via CSRF

Description The plugin does not have CSRF check in place when updating checkout fields, which could allow attackers to make logged in users update them via a CSRF attack input type="hidden" name="fieldvalidation1" value="req...

7.1AI score
Exploits0References1
wpexploit
wpexploit
added 2023/04/03 12:0 a.m.120 views

Ajax Search Lite Pro < 4.26.2 - Multiple Reflected Cross-Site Scripting

The plugin does not sanitise and escape various parameters before outputting them back in pages, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin Make a logged in admin open a page with the code below...

6.1CVSS6.3AI score0.00458EPSS
Exploits2
wpexploit
wpexploit
added 2023/03/08 12:0 a.m.120 views

Drag and Drop Multiple File Upload PRO - Contact Form 7 Standard < 2.11.0 - Path Traversal

The plugin does not properly check the value of the input "uploaddir", which is modifiable by the user. As a result, by changing the value of this input, it's possible to upload a file anywhere writable in the webserver. 1. Create a contact form and add a "multiple file upload" field. 2. Add the...

9.8CVSS9.1AI score0.03004EPSS
Exploits3
wpexploit
wpexploit
added 2023/02/28 12:0 a.m.120 views

WoodMart < 7.1.2 - License Update/Deactivation via CSRF

The theme does not have CSRF checks when updating and deactivating the license, which could allow attackers to make logged in admins perform such actions via CSRF attacks To deactivate the license...

1.3AI score
Exploits0References1
wpexploit
wpexploit
added 2022/11/11 12:0 a.m.120 views

Broken Link Checker < 1.11.20 - Admin+ Cross-Site Scripting

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup Put the following payload in the Youtube API Key...

4.8CVSS0.1AI score0.00506EPSS
Exploits2
wpexploit
wpexploit
added 2022/07/18 12:0 a.m.120 views

Better Tag Cloud <= 0.99.5 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfilteredhtml capability is disallowed for example in multisite setup Put the following payload in any text field settings of...

4.8CVSS4.7AI score0.00493EPSS
Exploits2
wpexploit
wpexploit
added 2022/06/16 12:0 a.m.120 views

WooCommerce - Product Importer <= 1.5.2 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape the imported data before outputting it back in the page, leading to a Reflected Cross-Site Scripting POST /wp-admin/admin.php?page=woopi&tab=import HTTP/1.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8...

6.1CVSS0.2AI score0.00661EPSS
Exploits2
Total number of security vulnerabilities4359