Lucene search
K
WpexploitMost viewed

4359 matches found

wpexploit
wpexploit
added 2022/03/16 12:0 a.m.118 views

WP Block and Stop Bad Bots < 6.930 - Unauthenticated SQLi

The plugin does not properly sanitise and escape the fingerprint parameter before using it in a SQL statement via the stopbadbotsgravafingerprint AJAX action, available to unauthenticated users, leading to a SQL injection curl -i 'https://example.com/wp-admin/admin-ajax.php' --data...

9.8CVSS1.9AI score0.07867EPSS
Exploits2
wpexploit
wpexploit
added 2022/03/01 12:0 a.m.118 views

Bulk Creator <= 1.0.1 - Reflected Cross-Site Scripting

The plugin does not sanitize and escape the posttype parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting. https://example.com/wp-admin/admin.php?page=bulk-creator&posttype="...

1.1AI score0.00788EPSS
Exploits2
wpexploit
wpexploit
added 2022/01/18 12:0 a.m.118 views

Image Photo Gallery Final Tiles Grid < 3.5.3 - Contributor+ Stored Cross-Site Scripting

The plugin does not sanitise and escape the Description field when editing a gallery, allowing users with a role as low as contributor to perform Cross-Site Scripting attacks against other users having access to the gallery dashboard As a contributor, create/edit a gallery and add the following...

5.4CVSS0.00595EPSS
Exploits2
wpexploit
wpexploit
added 2021/12/21 12:0 a.m.118 views

Simple Download Monitor < 3.9.9 - Multiple CSRF

The plugin does not enforce nonce checks, which could allow attackers to perform CSRF attacks to 1 make admins export logs to exploit a separate log disclosure vulnerability fixed in 3.9.6, 2 delete logs fixed in 3.9.9, 3 remove thumbnail image from downloads To export logs which could then be...

8.8CVSS8.6AI score0.0063EPSS
Exploits2
wpexploit
wpexploit
added 2021/08/22 12:0 a.m.118 views

WP iCommerce <= 1.1.1 - Authenticated (contributor+) SQL Injection

The Orders functionality in the plugin has an orderid parameter which is not sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection. The feature is available to low privilege users such as contributors GET...

7.2CVSS2.1AI score0.04501EPSS
Exploits2References1
wpexploit
wpexploit
added 2021/08/22 12:0 a.m.118 views

WP Domain Redirect <= 1.0 - Authenticated SQL Injection

The Edit domain functionality in the plugin has an editid parameter which is not sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection. POST /wp-admin/admin.php?page=add&action=edit&id=1 HTTP/1.1 Content-Length: 102 Cache-Control: max-age=0...

7.2CVSS0.7AI score0.04501EPSS
Exploits2References1
wpexploit
wpexploit
added 2021/08/06 12:0 a.m.118 views

Welcart e-Commerce < 2.2.8 - Authenticated System Information Disclosure

The uscesdownloadsysteminformation AJAX action of the plugin did not have capability check in place, allowing any authenticated user such as subscriber to can export data including WordPress settings, theme and plugins active/inactive along with their version, Welcart general settings and payment...

2.9AI score
Exploits0References1
wpexploit
wpexploit
added 2021/05/16 12:0 a.m.118 views

Listeo < 1.6.11 - Multiple Authenticated IDOR Vulnerabilities

The theme did not ensure that the Post/Page and Booking to delete belong to the user making the request, allowing any authenticated users to delete arbitrary page/post and booking via an IDOR vector. -- PoC 1 | Authenticated IDOR | Permanent post/page deletion: !...

6.5CVSS0.7AI score0.00986EPSS
Exploits2References1
wpexploit
wpexploit
added 2021/03/23 12:0 a.m.118 views

GiveWP < 2.10.0 - Reflected Cross Site Scripting (XSS)

The plugin was affected by a reflected Cross-Site Scripting vulnerability inside of the administration panel, via the 's' GET parameter on the Donors page...

4.3CVSS1.8AI score0.0137EPSS
Exploits4References1
wpexploit
wpexploit
added 2024/01/19 12:0 a.m.117 views

Splashscreen <= 0.20 - Settings Update via CSRF

Description The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack document.forms0.submit;...

9.4AI score0.00221EPSS
Exploits2References1
wpexploit
wpexploit
added 2023/04/26 12:0 a.m.117 views

WP Inventory Manager < 2.1.0.13 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting. 1. Go to WP Inventory Inventory Items and create a new Inventory Item. 2. Create a page and add the wpinventory shortcode. 3. View the new page on the frontend,...

6.2AI score0.01161EPSS
Exploits3References1
wpexploit
wpexploit
added 2023/04/18 12:0 a.m.117 views

Clock In Portal <= 2.1 - Designation Deletion via CSRF

The plugin does not have CSRF check when deleting designations, which could allow attackers to make logged in admins delete arbitrary designations via a CSRF attack Make a logged in admin open a page with the code below, this will make them delete the Designation with ID 2...

4.3CVSS8.5AI score0.00278EPSS
Exploits2
wpexploit
wpexploit
added 2023/03/27 12:0 a.m.117 views

Easy Forms for MailChimp < 6.8.7 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks As a contributor, put the below shortcodes i...

5.4CVSS5.6AI score0.00529EPSS
Exploits2
wpexploit
wpexploit
added 2023/02/20 12:0 a.m.117 views

Juicer < 1.11 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks juicer name='" onmouseover=alert/XSS/...

5.4CVSS5.2AI score0.00471EPSS
Exploits2
wpexploit
wpexploit
added 2022/11/14 12:0 a.m.117 views

Advanced Import < 1.3.8 - Arbitrary Plugin Installation & Activation via CSRF

The plugin does not have CSRF check when installing and activating plugins, which could allow attackers to make a logged in admin install arbitrary plugins from WordPress.org, and activate arbitrary ones from the blog via CSRF attacks Make a logged in admin open a page containing the HTML code be...

6.5CVSS1.5AI score0.00356EPSS
Exploits2
wpexploit
wpexploit
added 2022/09/19 12:0 a.m.117 views

Social Rocket < 1.3.3 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup Logged in the backend of Wordpress as Administrato...

4.8CVSS4.7AI score0.0047EPSS
Exploits2
wpexploit
wpexploit
added 2022/06/13 12:0 a.m.117 views

Ninja Forms < 3.6.10 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape field labels, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. As admin, put the following payload in a field label: The XSS will be triggered when editing the form, as well as in...

4.8CVSS1.2AI score0.00552EPSS
Exploits2
wpexploit
wpexploit
added 2022/05/31 12:0 a.m.117 views

Age Gate < 2.20.4 - Reflected Cross-Site Scripting

The plugin does not escape some URLs before outputting them back in attributes, leading to Reflected Cross-Site Scripting With the "Age Gate User Registration" addon installed: https://example.com/wp-admin/admin.php?page=age-gate&a"alert/XSS/ With any addon installed:...

0.1AI score
Exploits0
wpexploit
wpexploit
added 2022/05/30 12:0 a.m.117 views

WP-Email < 2.69.0 - Log Deletion via CSRF

The plugin does not protect its log deletion functionality with nonce checks, allowing attacker to make a logged in admin delete logs via a CSRF attack document.getElementById"test".submit;...

6.5CVSS1.3AI score0.00513EPSS
Exploits2
wpexploit
wpexploit
added 2022/05/23 12:0 a.m.117 views

RB Internal Links <= 2.0.16 - Stored Cross-Site Scripting via CSRF

The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack, as well as perform Stored Cross-Site Scripting attacks due to the lack of sanitisation and escaping ' document.getElementById"test".submit;...

5.4CVSS0.8AI score0.00292EPSS
Exploits2
wpexploit
wpexploit
added 2022/05/16 12:0 a.m.117 views

Throws SPAM Away < 3.3.1 - Comment Deletion via CSRF

The plugin does not have CSRF checks in place when deleting comments either all, spam, or pending, allowing attackers to make a logged in admin delete comments via a CSRF attack To delete all comments document.getElementById"test".submit; document.getElementById"test".submit;...

4.3CVSS0.7AI score0.00412EPSS
Exploits2
wpexploit
wpexploit
added 2022/05/03 12:0 a.m.117 views

Enable SVG < 1.4.0 - Author+ Stored Cross Site Scripting via SVG

The plugin does not sanitise uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads As an author or above, upload the below SVG file via the Media library: alert/XSS/; The XSS will be triggered when accessing the file directly, e...

5.4CVSS5.3AI score0.00571EPSS
Exploits2
wpexploit
wpexploit
added 2022/04/20 12:0 a.m.117 views

Country Selector < 1.6.6 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape the country and lang parameters before outputting them back in the response, leading to a Reflected Cross-Site Scripting " / " /...

6.1CVSS6.2AI score0.01409EPSS
Exploits2References1
wpexploit
wpexploit
added 2022/03/15 12:0 a.m.117 views

GridKit Portfolio < 2.1.0 - Subscriber+ Stored Cross-Site Scripting

The plugin does not have authorisation and CSRF checks in various functions related to AJAX actions, allowing any authenticated users, such as subscriber, to call them. Due to the lack of sanitisation and escaping, it could also allows attackers to perform Cross-Site Scripting attacks on pages...

5.4CVSS0.3AI score0.00591EPSS
Exploits2
wpexploit
wpexploit
added 2022/03/07 12:0 a.m.117 views

Akismet Privacy Policies <= 2.0.1- Reflected Cross-Site Scripting

The plugin does not sanitise and escape the translation parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting...

6.1CVSS1.4AI score0.00788EPSS
Exploits2
wpexploit
wpexploit
added 2022/02/18 12:0 a.m.117 views

Zero Spam < 5.2.11 - Admin+ SQL Injection

The plugin does not properly sanitise and escape the order and orderby parameters before using them in a SQL statement in the admin dashboard, leading to a SQL injection With at least one IP in the “Blocked IPs” list:...

9.8CVSS1.4AI score0.01997EPSS
Exploits2References2
wpexploit
wpexploit
added 2022/02/09 12:0 a.m.117 views

E2Pdf < 1.16.45 - Admin+ Stored Cross-Site Scripting (XSS)

The plugin does not sanitise and escape some of its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed Refer to https://mikadmin.fr/tech/XSS-Stored-E2Pdf-798ef69b0e13c36acf5446358d57c965Dx90666bNvCw98.pdf...

4.8CVSS1.8AI score0.01262EPSS
Exploits2References1
wpexploit
wpexploit
added 2022/01/27 12:0 a.m.117 views

WHMCS Bridge < 6.4b - Reflected Cross-Site Scripting (XSS)

The plugin does not sanitise and escape the error parameter before outputting it back in admin dashboard, leading to a Reflected Cross-Site Scripting http://example.com/wp-admin/options-general.php?page=cc-ce-bridge-cp&error=%3Cimg%20src%20onerror=alert1%3E...

6.1CVSS0.6AI score0.02187EPSS
Exploits2References1
wpexploit
wpexploit
added 2022/01/24 12:0 a.m.117 views

Advanced Database Cleaner < 3.0.4 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape $GET keys and values before outputting them back in attributes, leading to Reflected Cross-Site Scripting issues https://example.com/wp-admin/admin.php?page=advanceddbcleaner&aDBctab=options&aDBccat=all&'alert/XSS-key/=alert/XSS-value/...

6.1CVSS0.7AI score0.00788EPSS
Exploits2
wpexploit
wpexploit
added 2021/12/27 12:0 a.m.117 views

AF Companion 1.1.0 - 1.1.2 - Arbitrary Plugin Installation & Activation via CSRF

The plugin has a flawed CSRF check, allowing attackers to make logged in admin installs and activate arbitrary plugins from the WP repository...

1.7AI score
Exploits0References1
wpexploit
wpexploit
added 2021/12/21 12:0 a.m.117 views

Simple Download Monitor < 3.9.11 - Contributor+ Stored Cross-Site Scripting via Shortcodes

The plugin could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attack via 1 "color" or "cssclass" argument of sdmdownload shortcode, 2 "class" or "placeholder" argument of sdmsearchform shortcode. // all spaces must be replaced with a slash sdmdownload...

5.4CVSS1.6AI score0.00611EPSS
Exploits2
wpexploit
wpexploit
added 2021/11/08 12:0 a.m.117 views

LoginWP < 3.0.0.5 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape the rulloginurl and rullogouturl parameter before outputting them back in attributes in an admin page, leading to a Reflected Cross-Site Scripting issue var form1 = document.getElementById'hack'; form1.submit;...

6.1CVSS5.9AI score0.008EPSS
Exploits2
wpexploit
wpexploit
added 2021/07/23 12:0 a.m.117 views

Embed Youtube Video <= 1.0 - Authenticated SQL Injection

The editid GET parameter of the plugin is not sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection. GET /wp-admin/admin.php?page=embed-youtube-video-add&editid=-6425+UNION+ALL+SELECT+NULL%2Cuser%28%29%2CNULL%2CNULL%2CNULL-- HTTP/1.1 Cache-Control: max-age=...

6.5CVSS1AI score0.01547EPSS
Exploits2References1
wpexploit
wpexploit
added 2021/01/11 12:0 a.m.117 views

Custom Global Variables <= 1.0.5 - Stored Cross-Site Scripting (XSS)

The plugin does not sanitise the 'name' field of the variable added in its settings, leading to a Stored Cross-Site Scripting issue. Attackers could also used the lack of CSRF nonce and check to make a logged in administrator add the payload and make them perform further unwanted actions. The PoC...

0.7AI score
Exploits0References1
wpexploit
wpexploit
added 2020/12/24 12:0 a.m.117 views

WP Postratings < 1.86.1 - Authenticated Stored Cross-Site Scripting

The plugin does not sanitise the postratingsimage parameter from its options page wp-admin/admin.php?page=wp-postratings/postratings-options.php. Even though the page is only accessible to administrators, and protected against CSRF attacks, the issue is still exploitable when the unfilteredhtml...

1.3AI score
Exploits0References1
wpexploit
wpexploit
added 2020/12/18 12:0 a.m.117 views

Simple Social Buttons < 3.2.0 - Reflected Cross-Site Scripting

Simple Social Buttons version 3.1.1 has a reflected Cross-Site Scripting vulnerability in the POST parameter "sharecounts". Both unauthenticated and authenticated attacks are possible Edit WPScanTeam The original report stated the issue as being fixed in 3.2.0, however a CSRF nonce has been added...

6.6AI score
Exploits0References2
wpexploit
wpexploit
added 2023/10/27 12:0 a.m.116 views

Bonus for Woo < 5.8.3 - Reflected Cross-Site Scripting

Description The plugin does not sanitise and escape some parameters before outputting them back in pages, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin. Make a logged in admin open one of the URL below...

6.1CVSS5.8AI score0.00444EPSS
Exploits2
wpexploit
wpexploit
added 2023/08/14 12:0 a.m.116 views

Media from FTP < 11.17 - Author+ Arbitrary File Access

Description The plugin does not properly limit who can use the plugin, which may allow users with author+ privileges to move files around, like wp-config.php, which may lead to RCE in some cases. In 11.16, the manageoptions capability was used, however is still insufficient in case of MultiSite...

8.8CVSS8.7AI score0.00654EPSS
Exploits2References1
wpexploit
wpexploit
added 2022/12/22 12:0 a.m.116 views

3D FlipBook < 1.13.3 - Contributor+ Stored XSS

The plugin does not validate or escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks against high privilege users like administrators. 1. As an administrator, creat...

6.1CVSS0.6AI score0.00534EPSS
Exploits2
wpexploit
wpexploit
added 2022/12/17 12:0 a.m.116 views

Multi Step Form < 1.7.8 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its form fields, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. 1. Create/edit a Form via the plugin. 2. Put t...

4.8CVSS4.7AI score0.0047EPSS
Exploits2
wpexploit
wpexploit
added 2022/11/03 12:0 a.m.116 views

Showing URL in QR Code <= 0.0.1 - Stored XSS via CSRF

The plugin does not have CSRF check when updating its settings, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin or editor add Stored XSS payloads via a CSRF attack Make a logged in editor or admin open a page with the below payload...

6.1CVSS0.4AI score0.00268EPSS
Exploits2References1
wpexploit
wpexploit
added 2022/08/10 12:0 a.m.116 views

Best Payments Plugin for WP < 4.2.1 - Reflected Cross-Site Scripting

The plugin does not escape an URL before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting Append the following payload on a page where the is a form from the plugin: a"alert/XSS/ e.g: https://example.com/contact-form/?a"alert/XSS/...

7.1AI score
Exploits0
wpexploit
wpexploit
added 2022/05/18 12:0 a.m.116 views

Slideshow CK < 1.4.10 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitize and escape Slide's descriptions, which could allow high-privileged users such as admin to perform Cross-Site Scripting attacks when unfilteredhtml is disallowed Create/edit a Slideshow, add a Slide and put the following payload in the Description The XSS will be...

4.8CVSS0.9AI score0.00565EPSS
Exploits2
wpexploit
wpexploit
added 2022/05/16 12:0 a.m.116 views

Discy < 5.2 - Settings Update via CSRF

The theme lacks CSRF checks in some AJAX actions, allowing an attacker to make a logged in admin change arbitrary plugin's settings including payment methods via a CSRF attack...

4.3CVSS1.5AI score0.01244EPSS
Exploits2
wpexploit
wpexploit
added 2022/05/09 12:0 a.m.116 views

Form Maker By 10Web < 1.14.12 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitize and escape the Custom Text settings, which could allow high privilege user such as admin to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed In a form settings, put the following payload in the Actions after submission Action Type Custom Tex...

4.8CVSS0.00995EPSS
Exploits2
wpexploit
wpexploit
added 2022/04/05 12:0 a.m.116 views

Ad Invalid Click Protector (AICP) < 1.2.7 - Arbitrary Ban Deletion via CSRF

The plugin does not have CSRF check deleting banned users, which could allow attackers to make a logged in admin remove arbitrary bans https://example.com/wp-admin/admin.php?page=aicpbanneduserdetails&action=delete&id=1...

6.5CVSS4.2AI score0.00562EPSS
Exploits2References1
wpexploit
wpexploit
added 2022/03/14 12:0 a.m.116 views

Amelia < 1.0.49 - Customer+ Arbitrary Appointments Status Update

The plugin does not have proper authorisation when managing appointments, allowing any customer to update other's booking status, as well as retrieve sensitive information about the bookings, such as the full name and phone number of the person who booked it. 1. Make a booking to become customer ...

5.5CVSS0.5AI score0.00788EPSS
Exploits2References1
wpexploit
wpexploit
added 2022/03/01 12:0 a.m.116 views

dTabs <= 1.4 - Reflected Cross-Site Scripting

The plugin does not sanitize and escape the tab parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting. https://example.com/wp-admin/options-general.php?page=dtabs.php&action=edit&tab="...

6.1CVSS0.8AI score0.00788EPSS
Exploits2
wpexploit
wpexploit
added 2022/03/01 12:0 a.m.117 views

Mapping Multiple URLs Redirect Same Page <= 5.8 - Reflected Cross-Site Scripting

The plugin does not sanitize and escape the mmurspid parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting. https://example.com/wp-admin/admin.php?page=mmursp-list&view=edit&mmurspid="...

6.1CVSS0.8AI score0.01713EPSS
Exploits2
wpexploit
wpexploit
added 2022/01/05 12:0 a.m.116 views

SupportCandy < 2.2.7 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape the query string before outputting it back in pages with the wpsccreateticket shortcode embed, leading to a Reflected Cross-Site Scripting issue Note: the ticket-creation page is the one with the wpsccreateticket shortcode embed...

6.1CVSS0.1AI score0.01165EPSS
Exploits2
Total number of security vulnerabilities4359