Lucene search
K
WpexploitMost viewed

4359 matches found

wpexploit
wpexploit
added 2022/05/23 12:0 a.m.120 views

Simple Membership < 4.1.1 - Reflected Cross-Site Scripting

The plugin does not properly sanitise and escape parameters before outputting them back in AJAX actions, leading to Reflected Cross-Site Scripting https://example.com/wp-admin/admin-ajax.php?action=swpmvalidateemail&fieldId=%22%3Cscript%3Ealert%22XSS%22;%3C/script%3E...

6.1CVSS1.5AI score0.01693EPSS
Exploits2
wpexploit
wpexploit
added 2022/05/02 12:0 a.m.120 views

Tabs Responsive < 2.2.8 - Editor+ Stored Cross-Site Scripting

The plugin does not sanitise and escape Tab descriptions, which could allow high privileged users with a role as low as editor to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed Create/edit a Tab via the plugin, and put the following payload in a Tab...

4.8CVSS0.5AI score0.00565EPSS
Exploits2
wpexploit
wpexploit
added 2022/04/11 12:0 a.m.120 views

Import and export users and customers < 1.19.2.1 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escaped imported CSV data, which could allow high privilege users to import malicious javascript code and lead to Stored Cross-Site Scripting issues As admin, import the below CSV file via Tools Import and export users and customers /wp-admin/tools.php?page=acui...

4.8CVSS0.4AI score0.00689EPSS
Exploits2
wpexploit
wpexploit
added 2022/04/11 12:0 a.m.120 views

Wbcom Designs Plugins - Subscriber+ Arbitrary Plugin Installation, Activation and Deactivation

Multiple Plugins from Wbcom Designs have an AJAX action without authorisation and CSRF checks, allowing any logged in user to install, activate or deactivate a plugin on the site. fetch"/wp-admin/admin-ajax.php", "headers": "content-type": "application/x-www-form-urlencoded", , "body":...

1.5AI score
Exploits0
wpexploit
wpexploit
added 2022/03/28 12:0 a.m.120 views

Modern Events Calendar Lite < 6.4.7 - Reflected Cross-Site Scripting

The plugin does not escape some generated URLs before outputting them back in attributes, leading to Reflected Cross-Site Scripting On a page where the Total Booking widget is displayed, append the following payload: &a"alert/XSS/...

0.5AI score
Exploits0
wpexploit
wpexploit
added 2022/03/25 12:0 a.m.120 views

Safe SVG < 1.9.10 - SVG Sanitisation Bypass

The sanitisation step of the plugin can be bypassed by spoofing the content-type in the POST request to upload a file. Exploiting this vulnerability, an attacker will be able to perform the kinds of attacks that this plugin should prevent mainly XSS, but depending on further use of uploaded SVG...

6.1CVSS0.2AI score0.01183EPSS
Exploits2References1
wpexploit
wpexploit
added 2022/03/07 12:0 a.m.120 views

Interactive Medical Drawing of Human Body < 2.6 - Admin+ Stored XSS

The plugin does not sanitise and escape the Link field, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. Put the following payload in the Link settings of a body party and save the change: "alert/XSS-link/...

4.8CVSS0.6AI score0.00588EPSS
Exploits2
wpexploit
wpexploit
added 2022/03/07 12:0 a.m.120 views

Title Experiments Free < 9.0.1 - Unauthenticated SQLi

The plugin does not sanitise and escape the id parameter before using it in a SQL statement via the wpextitles AJAX action available to unauthenticated users, leading to an unauthenticated SQL injection curl 'https://example.com/wp-admin/admin-ajax.php' --data 'action=wpextitles&id=1 AND SELECT 3...

9.8CVSS2.7AI score0.10352EPSS
Exploits2
wpexploit
wpexploit
added 2022/03/04 12:0 a.m.120 views

Conference Scheduler < 2.4.3 - Reflected Cross-Site Scripting

The plugin does not sanitize and escape the tab parameter before outputting back in an admin page, leading to a Reflected Cross-Site Scripting. https://example.com/wp-admin/edit.php?posttype=confworkshop&page=confscheduleroptions&tab="...

6.1CVSS1.1AI score0.00788EPSS
Exploits2
wpexploit
wpexploit
added 2022/02/21 12:0 a.m.120 views

WP Home Page Menu < 3.1 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed Put the following payload in any of text field settings of the plugin such as 'Home Page Menu Label': "...

4.8CVSS0.5AI score0.0067EPSS
Exploits2References1
wpexploit
wpexploit
added 2022/01/17 12:0 a.m.120 views

Form Store to DB < 1.1.1 - Unauthenticated Stored Cross-Site Scripting

The plugin does not sanitise and escape parameter keys before outputting it back in the created entry, allowing unauthenticated attacker to perform Cross-Site Scripting attacks against admin POST /wp-json/contact-form-7/v1/contact-forms/1337/feedback HTTP/2 Content-Type: multipart/form-data;...

6.1CVSS0.7AI score0.01505EPSS
Exploits2References1
wpexploit
wpexploit
added 2021/12/28 12:0 a.m.120 views

Dynamic Widgets <= 1.5.16 - Reflected Cross-Site Scripting

The plugin does not escape the prefix parameter before outputting it back in an attribute when using the termtree AJAX action available to any authenticated users, leading to a Reflected Cross-Site Scripting issue var form1 = document.getElementById'hack'; form1.submit;...

5.3AI score0.00591EPSS
Exploits2
wpexploit
wpexploit
added 2021/06/30 12:0 a.m.120 views

SEO Wizard <= 4.0.2 - Unauthorised AJAX Calls

The plugin does not properly check for CSRF in its ajaxsaveglobalsettings and ajaxsavepostsettings AJAX actions, as well as other AJAX actions. Furthermore, capability checks were also missing, resulting in any authenticated users as low as subscriber being able to call those actions and modify t...

1.3AI score
Exploits0
wpexploit
wpexploit
added 2021/06/29 12:0 a.m.120 views

Super Progressive Web Apps < 2.1.13 - Authenticated (High Privileged) Arbitrary File Upload to RCE

When the Apple Touch Icons & Splash Screen add-on is active, its superpwasplashscreenuploader AJAX action, did not properly check for authorisation and the content of the uploaded archive file. This allows high privilege users admin+ to upload an archive with a PHP file, leading to RCE. v2.1.12...

0.1AI score
Exploits0
wpexploit
wpexploit
added 2021/03/23 12:0 a.m.120 views

Mapplic and Mapplic Lite - SSRF to Stored Cross-Site Scripting (XSS)

The Mapplic Lite alert/XSS/...

6.5AI score
Exploits0References2
wpexploit
wpexploit
added 2021/01/21 12:0 a.m.120 views

Digital Climate Strike WP <= 1.0.0 - Redirect to Malicious Website due to Compromised JS Asset

The plugin loads a JavaScript asset from a remote website which seems to have been compromised. The widget.js file, loaded from https://assets.digitalclimatestrike.net/widget.js, redirects users to gladdiatordotio and is being flagged as malicious. I've reported this to the plugin authors but hav...

0.5AI score
Exploits0References1
wpexploit
wpexploit
added 2024/01/30 12:0 a.m.119 views

Fatal Error Notify < 1.5.3 - Subscriber+ Test Error Email Sending

Description The plugin does not have authorisation and CSRF checks in its testerror AJAX action, allowing any authenticated users, such as subscriber to call it and spam the admin email address with error messages. The issue is also exploitable via CSRF As a subscriber, open...

9.3AI score0.00228EPSS
Exploits3References1
wpexploit
wpexploit
added 2024/01/03 12:0 a.m.119 views

Wp-Adv-Quiz <= 1.0.4 - Admin+ Stored XSS in Quiz Overview

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. 1. Under "WP Adv Quiz - WP Adv Quiz"...

4.8CVSS4.7AI score0.00402EPSS
Exploits2
wpexploit
wpexploit
added 2023/04/17 12:0 a.m.119 views

Wp-D3 <= 2.4.1 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. d3-source canvas='" onmouseover="alert1"...

5.4CVSS8.5AI score0.00444EPSS
Exploits2
wpexploit
wpexploit
added 2023/04/12 12:0 a.m.119 views

ChatBot < 4.5.1 - Admin+ Stored XSS

The plugin does not sanitise and escape numerous of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup Put the following payload in the Your Company ...

4.8CVSS5.3AI score0.00442EPSS
Exploits2
wpexploit
wpexploit
added 2022/12/19 12:0 a.m.119 views

WP Recipe Maker < 8.6.1 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admin. Exploit...

5.4CVSS1.1AI score0.00534EPSS
Exploits2
wpexploit
wpexploit
added 2022/10/10 12:0 a.m.119 views

Easy WP SMTP < 1.5.0 - Admin+ PHP Objection Injection

The plugin unserialises the content of an imported file, which could lead to PHP object injection issue when an admin import intentionally or not a malicious file and a suitable gadget chain is present on the blog. To simulate a gadget chain, put the following code in a plugin class Evil public...

7.2CVSS0.1AI score0.01126EPSS
Exploits2
wpexploit
wpexploit
added 2022/08/03 12:0 a.m.119 views

Anti-Malware Security and Brute-Force Firewall < 4.21.83 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape some parameters before outputting them back in an admin dashboard, leading to Reflected Cross-Site Scripting https://example.com/wp-admin/admin.php?page=GOTMLS-settings&GOTMLSdebug=%3C%2Fscript%3E%3Cimg+src+onerror%3Dalert%281%29%3B%3E Also possible with th...

6.1CVSS0.2AI score0.0102EPSS
Exploits2
wpexploit
wpexploit
added 2022/06/15 12:0 a.m.119 views

Core Plugin for Kitestudio Themes < 2.3.1 - Reflected Cross-Site-Scripting

The plugin does not sanitise and escape some parameters before outputting them back in a response of an AJAX action, available to both unauthenticated and authenticated users when a premium theme from the vendor is active, leading to a Reflected Cross-Site Scripting. Install and active the...

6.1CVSS0.4AI score0.00657EPSS
Exploits2
wpexploit
wpexploit
added 2022/06/14 12:0 a.m.119 views

WooCommerce PDF Invoices & Packing Slips < 2.15.0 - Reflected Cross-Site Scripting

The plugin does not escape some URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting https://example.com/wp-admin/admin.php?page=wpowcpdfoptionspage&tab=documents&section=invoice&"alert/XSS/...

1AI score
Exploits0
wpexploit
wpexploit
added 2022/04/18 12:0 a.m.119 views

Ubigeo de Peru < 3.6.4 - Unauthenticated SQLi

The plugin does not properly sanitise and escape some parameters before using them in SQL statements via various AJAX actions, some of which are available to unauthenticated users, leading to SQL Injections curl https://example.com/wp-admin/admin-ajax.php \ --data...

9.8CVSS1.4AI score0.09495EPSS
Exploits2
wpexploit
wpexploit
added 2022/04/13 12:0 a.m.119 views

IgniteUp <= 3.4.1 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some fields when high privilege users don't have the unfilteredhtml capability, which could lead to Stored Cross-Site Scripting issues Customise a template from the plugin /wp-admin/admin.php?page=cscstemplates and put the following payload in the Paragraph...

5.4CVSS0.00584EPSS
Exploits2
wpexploit
wpexploit
added 2022/04/11 12:0 a.m.119 views

Import WP < 2.4.6 - Admin+ Arbitrary File Upload to RCE

The plugin does not validate the imported file in some cases, allowing high privilege users such as admin to upload arbitrary files such as PHP, leading to RCE Import a PHP file via an URL Tools Import WP Add Importer put any name, and post template Create Importer Remote File select any file typ...

7.2CVSS0.2AI score0.01467EPSS
Exploits2
wpexploit
wpexploit
added 2022/04/04 12:0 a.m.119 views

LifterLMS PayPal < 1.4.0 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape some parameters from the payment confirmation page before outputting them back in the page, leading to a Reflected Cross-Site Scripting issue https://example.com/purchase/confirm-payment/?order=order-xxxxxxx&PayerID=aa"...

6.1CVSS1.1AI score0.00918EPSS
Exploits2References1
wpexploit
wpexploit
added 2022/03/07 12:0 a.m.119 views

Wow Countdowns <= 3.1.2 - Admin+ SQLi

The plugin does not sanitize user input into the 'did' parameter and uses it in a SQL statement, leading to an authenticated SQL Injection. https://example.com/wp-admin/admin.php?page=mwp-countdown&info=del&did=1+AND+SELECT+5382+FROM+SELECTSLEEP5PpNt...

7.2CVSS1.8AI score0.01306EPSS
Exploits2
wpexploit
wpexploit
added 2022/02/17 12:0 a.m.119 views

UpdraftPlus Free < 1.22.3 & Premium < 2.22.3 - Subscriber+ Backup Download

The plugins do not properly validate a user has the required privileges to access a backup's nonce identifier, which may allow any users with an account on the site such as subscriber to download the most recent site & database backup. from io import StringIO import requests import gzip import js...

6.5CVSS1AI score0.01979EPSS
Exploits3References2
wpexploit
wpexploit
added 2022/02/02 12:0 a.m.119 views

Custom Content Shortcode < 4.0.1 - Unauthorised Arbitrary Post Metadata Access

The field shortcode included with the plugin, allows authenticated users with a role as low as contributor, to access arbitrary post metadata. This could lead to sensitive data disclosure, for example when used in combination with WooCommerce, the email address of orders can be retrieved With the...

1.2AI score0.00782EPSS
Exploits2
wpexploit
wpexploit
added 2022/01/24 12:0 a.m.119 views

Coming soon and Maintenance mode < 3.6.7 - Subscriber+ Arbitrary Email Sending to Subscribed Users

The plugin does not have authorisation and CSRF checks in its comingsoonsendmail AJAX action, allowing any authenticated users, with a role as low as subscriber to send arbitrary emails to all subscribed users fetch"https://example.com/wp-admin/admin-ajax.php", "headers": "content-type":...

4.3CVSS1AI score0.00344EPSS
Exploits2References1
wpexploit
wpexploit
added 2022/01/03 12:0 a.m.119 views

Document Embedder < 1.7.9 - Subscriber+ Arbitrary Private/Draft Post Title Disclosure

The plugin contains a AJAX action endpoint, which could allow any authenticated user, such as subscriber to enumerate the title of arbitrary private and draft posts. As any authenticated user 1764 being the ID of a private/draft post...

4.3CVSS0.6AI score0.00891EPSS
Exploits2
wpexploit
wpexploit
added 2021/12/22 12:0 a.m.119 views

Smart SEO Tool < 3.0.6 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape the search parameter before outputting it back in an attribute when the TDK optimisation setting is enabled, leading to a Reflected Cross-Site Scripting With the "TDK optimization" setting enabled 7th page, first one: https://example.com/?s=123456"alert/XSS...

6.1CVSS6.2AI score0.00917EPSS
Exploits2References1
wpexploit
wpexploit
added 2021/06/28 12:0 a.m.119 views

Bookshelf <= 2.0.4 - Authenticated Stored Cross-Site Scripting (XSS)

The plugin does not sanitise or escape its "Paypal email address" setting before outputting it in the page, leading to an authenticated Stored Cross-Site Scripting issue Add the following payload in the "Paypal email address" setting of the plugin /wp-admin/admin.php?page=bookshelf-settings:...

3.5CVSS0.2AI score0.0062EPSS
Exploits2
wpexploit
wpexploit
added 2021/04/20 12:0 a.m.119 views

Redirection for Contact Form 7 < 2.3.4 - Authenticated Arbitrary Post Deletion

In the plugin, any authenticated user, such as a subscriber, could use the deleteactionpost AJAX action to delete any post on a target site. $wpuser, 'pwd' = $wppass, 'rememberme' = 'forever', 'wp-submit' = 'Log+In', ; $output = curlexec$ch; curlclose$ch; // Set redirect url $ch = curlinit;...

4CVSS0.9AI score0.00663EPSS
Exploits2References1
wpexploit
wpexploit
added 2021/01/20 12:0 a.m.119 views

Stockdio Historical Chart < 2.8.1 - Reflected Cross-Site Scripting (XSS)

The plugin was affected by a Reflected Cross-Site Scripting issue via the postMessage event. Use the following code on another website var popup = window.open'https://VULNERABLE.PAGE/'; var msg = ; msg.method = "alertdocument.domain"; function postpopup.postMessagemsg,'' setIntervalpost,1000;...

4.3CVSS0.8AI score0.0135EPSS
Exploits2References1
wpexploit
wpexploit
added 2023/05/11 12:0 a.m.118 views

Frontend Post WordPress Plugin <= 2.8.4 - Contributor+ Arbitrary Redirect

The plugin does not validate an attribute of one of its shortcode, which could allow users with a role as low as contributor to add a malicious shortcode to a page/post, which will redirect users to an arbitrary domain. ap-form-message redirect="https://wpscan.com"...

5.4CVSS9.1AI score0.00433EPSS
Exploits2
wpexploit
wpexploit
added 2023/04/03 12:0 a.m.118 views

WP FEvents Book <= 0.46 - Subscriber+ Stored XSS

The plugin does not sanitise and escape some parameters, which could allow any authenticated users, such as subscriber to perform Cross-Site Scripting attacks 1. Create an event page using the plugin. 2. Access the page using an account with Subscriber role. 3. In the 'User notes' section, inject...

5.4CVSS5.8AI score0.00441EPSS
Exploits2
wpexploit
wpexploit
added 2023/03/06 12:0 a.m.118 views

Cookie Notice & Compliance for GDPR / CCPA < 2.4.7 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks As a contributor, put the below shortcode in...

5.4CVSS5.6AI score0.00457EPSS
Exploits2
wpexploit
wpexploit
added 2023/02/06 12:0 a.m.118 views

Pie Register < 3.8.2.3 - Open Redirect

The plugin does not properly validate the redirection URL when logging in and login out, leading to an Open Redirect vulnerability Log In: 1. Visit /login?redirectto=//example.com 2. Log in as a user with lower privileges than Administrator. 3. See that the browser is redirected to example.com Lo...

5.4CVSS6.2AI score0.24263EPSS
Exploits2
wpexploit
wpexploit
added 2022/10/10 12:0 a.m.118 views

eCommerce Product Catalog Plugin for WordPress < 3.0.71 - Reflected XSS

The plugin does not sanitise and escape an URL before outputting it back in an attribute of product category pages, leading to a Reflected Cross-Site Scripting https://example.com/products-category/cat/?productcategory=1&a%2522%253e%253cscript%253ealert%2528/XSS/%2529%253c%252fscript%253e=1...

0.6AI score
Exploits0References1
wpexploit
wpexploit
added 2022/06/06 12:0 a.m.118 views

Qubely < 1.8.1 - Authenticated Arbitrary Settings Update

The plugin does not have proper authorisation when saving its settings, allowing users with a role as low as subscriber in versions 1.7.9 or contributor in v 1.8.1 to update them As a subscriber Nonce can be taken from the qubelylocalscript-js-extra script on the homepage...

1AI score
Exploits0
wpexploit
wpexploit
added 2022/05/23 12:0 a.m.118 views

Like Button Rating < 2.6.45 - Arbitrary e-mail Sending

The plugin allows any logged-in user, such as subscriber, to send arbitrary e-mails to any recipient, with any subject and body As a subscriber, run the below command in the web developer console of the browser fetch"/wp-admin/admin-ajax.php?action=likebtntestvotenotification", "headers":...

6.5CVSS0.4AI score0.0077EPSS
Exploits2
wpexploit
wpexploit
added 2022/05/18 12:0 a.m.118 views

HC Custom WP-Admin URL <= 1.4 - Arbitrary Settings Update via CSRF

The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack, allowing them to change the login URL document.getElementById"test".submit;...

4.3CVSS1.6AI score0.00412EPSS
Exploits2
wpexploit
wpexploit
added 2022/05/06 12:0 a.m.118 views

WP 2FA < 2.2.1 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape a parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting https://example.com/wp-admin/admin.php?page=wp-2fa-settings&settingserror=...

6.1CVSS0.9AI score0.00815EPSS
Exploits2
wpexploit
wpexploit
added 2022/05/04 12:0 a.m.118 views

Poll Maker < 4.0.2 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some settings, which could allow high privilege users such as admin to perform Store Cross-Site Scripting attack even when unfilteredhtml is disallowed Put the following payload in any of the Mailchimp integration settings...

4.8CVSS0.7AI score0.00565EPSS
Exploits2
wpexploit
wpexploit
added 2022/03/29 12:0 a.m.118 views

Nimble Page Builder < 3.2.2 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape the preview-level-guid parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting v ' v...

6.1CVSS0.00788EPSS
Exploits2
wpexploit
wpexploit
added 2022/03/28 12:0 a.m.118 views

Good & Bad Comments <= 1.0.0 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed Put the following payload in any of the plugin's settings: "...

4.8CVSS0.8AI score0.00588EPSS
Exploits2
Total number of security vulnerabilities4359