Lucene search
K
WpexploitMost viewed

4359 matches found

wpexploit
wpexploit
added 2021/10/18 12:0 a.m.671 views

Responsive Image Slider, Photo Gallery And Carousel < 1.3.2 - Slider Clone/Save/Delete via CSRF

The plugin has a logic flaw in its CSRF checks in the sfcloneslider, sfsaveslider and sfremoveslider AJAX actions, which could allow an attacker to make a logged in user call them via a CSRF attack. To delete a slider: To create a slider /bod...

1AI score
Exploits0
wpexploit
wpexploit
added 2021/10/25 12:0 a.m.670 views

MAZ Loader < 1.4.1 - Arbitrary Loader Deletion via CSRF

The plugin does not enforce nonce checks, which allows attackers to make administrators delete arbitrary loaders via a CSRF attack The vendor has been notified on August 24th, 2021, as well as escalated to the WP plugins team 3 times, no fix was made despite two new versions being released...

4.3CVSS3.6AI score0.00435EPSS
Exploits2
wpexploit
wpexploit
added 2021/06/07 12:0 a.m.670 views

WP Hardening < 1.2.2 - Reflected XSS via historyvalue

The plugin did not sanitise or escape the historyvalue GET parameter before outputting it in a Javascript block, leading to a reflected Cross-Site Scripting issue. https://example.com/wp-admin/admin.php?page=wphwpharden&historyvalue=alertdocument.domain//...

6.1CVSS0.2AI score0.00827EPSS
Exploits2
wpexploit
wpexploit
added 2021/10/24 12:0 a.m.669 views

Logo Showcase with Slick Slider < 1.2.5 - Subscriber+ Arbitrary Media Title/Description/Alt Text/URL Update

The plugin does not have CSRF and authorisation checks in the lswsssaveattachmentdata AJAX action, allowing any authenticated users, such as Subscriber, to change title, description, alt text, and URL of arbitrary uploaded media. jQuery.postajaxurl, action: "lswsssaveattachmentdata", attachmentid...

0.3AI score0.00339EPSS
Exploits2
wpexploit
wpexploit
added 2021/08/02 12:0 a.m.667 views

Bold Page Builder < 3.1.6 - PHP Object Injection

The btbbgetgrid AJAX action of the plugin passes user input into the unserialize function without any validation or sanitisation, which could lead to a PHP Object Injection. Even though the plugin did not contain a suitable gadget to fully exploit the issue, other installed plugins on the blog...

8.8CVSS9AI score0.08215EPSS
Exploits2
wpexploit
wpexploit
added 2021/10/21 12:0 a.m.666 views

Pie Register < 3.7.2.4 - Open Redirect

The plugin passes unvalidated user input to the wpredirect function, without validating it, leading to an Open redirect issue https://example.com/?piereglogouturl=true&redirectto=https://wpscan.com...

1.7AI score
Exploits0
wpexploit
wpexploit
added 2021/08/30 12:0 a.m.666 views

WP Statistic < 13.1 - Reflected Cross-Site Scripting (XSS)

The plugin does not sanitise and escape various user input before outputting it back in pages, which could lead to Cross-Site Scripting issues https://example.com/wp-admin/admin.php?page=wpsreferrerspage&referr="alert/XSS/...

0.4AI score
Exploits0
wpexploit
wpexploit
added 2021/08/16 12:0 a.m.666 views

WordPress Advanced Ticket System < 1.0.64 - Authenticated Stored Cross-Site Scripting (XSS)

The plugin does not sanitize or escape form values before saving to the database or when outputting, which allows high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. Navigate to Tickets Add New add all information on the title, post,...

4.8CVSS1AI score0.00598EPSS
Exploits2
wpexploit
wpexploit
added 2021/10/25 12:0 a.m.665 views

MainWP Child < 4.1.8 - Admin+ SQL Injection

The plugin does not validate the orderby and order parameter before using them in a SQL statement, leading to an SQL injection exploitable by high privilege users such as admin when the Backup and Staging by WP Time Capsule plugin is installed POST / HTTP/1.1 Accept:...

7.2CVSS1.5AI score0.01238EPSS
Exploits2
wpexploit
wpexploit
added 2021/09/27 12:0 a.m.663 views

NinjaForms < 3.5.8.2 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape the custom class name of the form field created, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. With the Form Builder "Dev Mode” setting enabled, create a form and a fiel...

4.8CVSS0.2AI score0.00598EPSS
Exploits2
wpexploit
wpexploit
added 2022/01/26 12:0 a.m.661 views

WP RSS Aggregator < 4.20 - Reflected Cross-Site Scripting (XSS)

The plugin does not sanitise and escape the id parameter in the wprssfetchitemsrowaction AJAX action before outputting it back in the response, leading to a Reflected Cross-Site Scripting Save the HTML below to a file with the .html extension, then open it in Firefox, while being authenticated in...

6.1CVSS0.1AI score0.02228EPSS
Exploits2References1
wpexploit
wpexploit
added 2021/09/15 12:0 a.m.661 views

SEO Redirection < 7.9 - Arbitrary Redirect Deletion via CSRF

The plugin does have CSRF in place, allowing attackers to make logged in admin delete arbitrary Custom and Post Redirects via a CSRF attack. v...

2.2AI score
Exploits0
wpexploit
wpexploit
added 2021/01/18 12:0 a.m.660 views

WP Shieldon 1.6.3 - Unauthenticated Cross-Site Scripting (XSS)

The WP Shieldon WordPress plugin, versions 1.6.3 and below, were vulnerable to Unauthenticated Reflected Cross-Site Scripting XSS when the CAPTCHA page is shown. This was due to $SERVER'REQUESTURI' being echoed to a page without any encoding. http://www.example.com/?alert1...

1.2AI score0.01148EPSS
Exploits2
wpexploit
wpexploit
added 2021/09/15 12:0 a.m.659 views

Find My Blocks < 3.4.0 - Private Post Titles Disclosure

The plugin does not have authorisation checks in its REST API, which could allow unauthenticated users to enumerate private posts' titles. Create a private post with at least one Gutenburg paragraph block and go to https://example.com/wp-json/find-my-blocks/blocks/?name=core/paragraph...

5.3CVSS0.7AI score0.01212EPSS
Exploits2
wpexploit
wpexploit
added 2020/11/20 12:0 a.m.659 views

Anti-Spam by CleanTalk < 5.149 - Multiple Authenticated SQL Injections

Multiple authenticated SQL injections in the Anti-Spam by CleanTalk plugin 5.148 exist, however, it requires high privilege user admin+. Vulnerable functions: removeLogs and removeSpam at: lib/Cleantalk/ApbctWP/FindSpam/ListTable/Users.php Sleep query: POST...

1.4AI score0.01444EPSS
Exploits2References1
wpexploit
wpexploit
added 2022/08/29 12:0 a.m.658 views

Site Offline < 1.5.3 - Access Bypass

The plugin prevents users from accessing a website but does not do so if the URL contained certain keywords. Adding those keywords to the URL's query string would bypass the plugin's main feature. https://example.com/?admin...

4.3CVSS2.2AI score0.01299EPSS
Exploits2
wpexploit
wpexploit
added 2022/05/20 12:0 a.m.658 views

Export any WordPress data to XML/CSV < 1.3.5 - Admin+ SQL Injection

The plugin does not sanitize the cpt POST parameter when exporting post data before using it in a database query, leading to an SQL injection vulnerability. 1. Go to the All Export New Export screen in the WordPress admin. 2. Now click on Specific Post Type Posts. 3. Click now on Migrate Posts an...

7.2CVSS0.6AI score0.01269EPSS
Exploits2References1
wpexploit
wpexploit
added 2021/06/14 12:0 a.m.658 views

WP SVG Images < 3.4 - Authenticated (author+) Stored XSS via SVG

The plugin did not sanitise the SVG files uploaded, which could allow low privilege users such as author+ to upload a malicious SVG and then perform XSS attacks by inducing another user to access the file directly. In v3.4, the plugin restricted such upload to editors and admin, with an option to...

5.4CVSS0.2AI score0.00659EPSS
Exploits2
wpexploit
wpexploit
added 2022/12/27 12:0 a.m.657 views

WP Statistics < 13.2.9 - Authenticated SQLi

The plugin does not escape a parameter, which could allow authenticated users to perform SQL Injection attacks. By default, the affected feature is available to users with the manageoptions capability admin+, however the plugin has a settings to allow low privilege users to access it as well. Log...

8.8CVSS0.7AI score0.34271EPSS
Exploits2
wpexploit
wpexploit
added 2021/10/06 12:0 a.m.657 views

Genie WP Favicon <= 0.5.2 - Arbitrary Favicon Change via CSRF

The plugin does not have CSRF in place when updating the favicon, which could allow attackers to make a logged in admin change it via a CSRF attack // 32x32 white png const buf =...

6.5CVSS0.9AI score0.00531EPSS
Exploits2
wpexploit
wpexploit
added 2021/10/04 12:0 a.m.657 views

Logo Slider and Showcase < 1.3.37 - Editor Plugin's Settings Update

The plugin allows Editor users to update the plugin's settings via the rtWLSSettings AJAX action because it uses a nonce for authorisation instead of a capability check. - As Editor, go to Logo Showcase - Shortcode Generator - Run...

6.5CVSS0.9AI score0.0083EPSS
Exploits2
wpexploit
wpexploit
added 2021/09/20 12:0 a.m.657 views

WP Cookie Choice <= 1.1.0 - CSRF to Stored Cross-Site Scripting

The plugin is lacking any CSRF check when saving its options, and do not escape them when outputting them in attributes. As a result, an attacker could make a logged in admin change them to arbitrary values including XSS payloads via a CSRF attack...

6.5CVSS0.8AI score0.00509EPSS
Exploits1
wpexploit
wpexploit
added 2021/08/10 12:0 a.m.657 views

miniOrange's Google Authenticator < 5.4.40 - Reflected Cross-Site Scripting

The plugin does not escape the user parameter before outputting it back in an attribute in the dashboard page to confirm the 2FA reset, leading to a Reflected Cross-Site Scripting issue https://example.com/wp-admin/users.php?page=reset&action=resetedit&user="alert/XSS/...

0.6AI score
Exploits0
wpexploit
wpexploit
added 2024/02/29 12:0 a.m.656 views

LiteSpeed Cache < 5.7.0.1 - Unauthenticated Stored XSS

Description The plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'nameservers' and 'msg' parameters due to insufficient input sanitization and output escaping, allowing unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user...

8.3CVSS8.3AI score0.54872EPSS
Exploits5References1
wpexploit
wpexploit
added 2022/08/16 12:0 a.m.656 views

Affiliates Manager < 2.9.14 - Affiliate CSV Injection

The plugin does not validate and sanitise the affiliate data, which could allow users registering as affiliate to perform CSV injection attacks against an admin exporting the data Register as an affiliate and put the following payload in the Firstname, Lastname or Company fields: =10+2+30 As admi...

8CVSS1.6AI score0.0095EPSS
Exploits2
wpexploit
wpexploit
added 2022/08/31 12:0 a.m.655 views

Restricted Site Access < 7.3.2 - Access Bypass via IP Spoofing

The plugin prioritizes getting a visitor's IP from certain HTTP headers over PHP's REMOTEADDR, which makes it possible to bypass IP-based limitations in certain situations. Set HTTPCFCONNECTINGIP or any of the other headers in getclientipaddress to spoof the IP address...

5.3CVSS2.1AI score0.00583EPSS
Exploits2
wpexploit
wpexploit
added 2021/10/11 12:0 a.m.654 views

Multiple Plugins from Avirtum - Reflected Cross-Site Scripting

Most plugins both free and premium from the Avirtum author do not escape a page parameter before outputting it back in attributes, leading to Reflected Cross-Site Scripting issues. The issues were reported to the vendor on August 4th, 2021 Example in ipanorama-360-virtual-tour-builder-lite plugin...

0.3AI score
Exploits0
wpexploit
wpexploit
added 2021/08/23 12:0 a.m.655 views

Post Views Counter < 1.3.5 - Authenticated Stored XSS

The plugin does not sanitise or escape its Post Views Label settings, which could allow high privilege users to perform Cross-Site Scripting attacks in the frontend even when the unfilteredhtml capability is disallowed Put the following payload in the Post Views Label settings of the plugin...

4.8CVSS0.4AI score0.00598EPSS
Exploits2
wpexploit
wpexploit
added 2022/03/28 12:0 a.m.653 views

Tatsu < 3.3.12 - Unauthenticated RCE

The plugin addcustomfont action can be used without prior authentication to upload a rogue zip file which is uncompressed under the WordPress's upload directory. By adding a PHP shell with a filename starting with a dot ".", this can bypass extension control implemented in the plugin. Moreover,...

8.1CVSS8.3AI score0.83535EPSS
Exploits9References1
wpexploit
wpexploit
added 2022/12/06 12:0 a.m.652 views

Build App Online < 1.0.19 - Unauthenticated SQL Injection

The plugin does not properly sanitise and escape some parameters before using them in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection Additional plugins required: https://wordpress.org/plugins/wc-multivendor-marketplace/...

0.6AI score0.01037EPSS
Exploits2
wpexploit
wpexploit
added 2021/11/08 12:0 a.m.651 views

WP Data Access < 5.0.0 - Admin+ SQL Injection

The plugin does not properly sanitise and escape the backupdate parameter before using it a SQL statement, leading to a SQL injection issue and could allow arbitrary table deletion POST /wp-admin/admin.php?page=wpdataaccess&tab=repository HTTP/1.1 Accept:...

9.8CVSS9.9AI score0.01575EPSS
Exploits2
wpexploit
wpexploit
added 2022/08/16 12:0 a.m.648 views

Calendar Event Multi View < 1.4.07 - Unauthenticated Arbitrary Event Creation to Stored XSS

The plugin does not have any authorisation and CSRF checks in place when creating an event, and is also lacking sanitisation as well as escaping in some of the event fields. This could allow unauthenticated attackers to create arbitrary events and put Cross-Site Scripting payloads in it. As an...

4.3CVSS4.6AI score0.02179EPSS
Exploits5
wpexploit
wpexploit
added 2022/06/15 12:0 a.m.648 views

eaSYNC < 1.1.16 - Unauthenticated Arbitrary File Upload

The plugin suffers from insufficient input validation which leads to arbitrary file upload and subsequently to remote code execution. An AJAX action accessible to unauthenticated users is affected by this issue. An allowlist of valid file extensions is defined but is not used during the validatio...

9.8CVSS1.2AI score0.17572EPSS
Exploits2
wpexploit
wpexploit
added 2021/06/30 12:0 a.m.648 views

TaxoPress < 3.0.7.2 - Authenticated Stored Cross-Site Scripting (XSS)

The plugin does not sanitise its Taxonomy description field, allowing high privilege users to set JavaScript payload in them even when the unfilteredhtml capability is disallowed, leading to an authenticated Stored Cross-Site Scripting issue. Add or edit a Taximony...

3.5CVSS0.4AI score0.02315EPSS
Exploits5
wpexploit
wpexploit
added 2021/11/01 12:0 a.m.647 views

myCred < 2.3 - Subscriber+ SQL Injection

The plugin does not validate or escape the fields parameter before using it in a SQL statement, leading to an SQL injection exploitable by any authenticated user any authenticated user...

8.8CVSS9.2AI score0.01318EPSS
Exploits2
wpexploit
wpexploit
added 2021/07/27 12:0 a.m.647 views

Favicon by RealFaviconGenerator < 1.3.22 - Reflected Cross-Site Scripting (XSS)

The plugin does not sanitise or escape one of its parameter before outputting it back in the response, leading to a Reflected Cross-Site Scripting XSS which is executed in the context of a logged administrator. Timeline WPScanTeam: June 28th, 2021 - Details sent to vendor July 9th, 2021 - Escalat...

4.3CVSS0.00827EPSS
Exploits2References1
wpexploit
wpexploit
added 2022/09/05 12:0 a.m.646 views

OAuth client Single Sign On for WordPress < 3.0.4 - Unauthenticated Settings Update to Authentication Bypass

The plugin does not have authorisation and CSRF when updating its settings, which could allow unauthenticated attackers to update them and change the OAuth endpoints to ones they controls, allowing them to then be authenticated as admin if they know the correct email address POST / HTTP/1.1...

7.5CVSS1AI score0.00364EPSS
Exploits2
wpexploit
wpexploit
added 2021/04/08 12:0 a.m.646 views

Stop Spammers < 2021.9 - Reflected Cross-Site Scripting (XSS)

The plugin did not escape user input when blocking requests such as matching a spam word, outputting it in an attribute after sanitising it to remove HTML tags, which is not sufficient and lead to a reflected Cross-Site Scripting issue. From an IP not in the Allow List...

4.3CVSS0.2AI score0.05721EPSS
Exploits5References1
wpexploit
wpexploit
added 2021/11/01 12:0 a.m.645 views

Contest Gallery < 13.1.0.7 - Subscriber+ Email Address Disclosure

The plugin does not have any proper access controls when exporting users from a gallery, which could allow any authenticated users such as subscriber to list all users from the blog, disclosing their username and email address POST...

6.8AI score
Exploits0
wpexploit
wpexploit
added 2020/05/16 12:0 a.m.645 views

Team Members < 5.0.4 - Authenticated Stored Cross-Site Scripting (XSS)

Cross-site scripting vulnerabilities in Team Members version 5.0.3 and lower allow medium-privileged authenticated attacker contributor+ to inject arbitrary web script or HTML via the 'Description/biography' of a member. https://drive.google.com/file/d/1w5AmyBEOxAmtQ0T3uGKAB3o9w3ihNRAj/view Add a...

1.1AI score0.00656EPSS
Exploits2
wpexploit
wpexploit
added 2022/12/28 12:0 a.m.644 views

User Verification < 1.0.94 - Authentication Bypass

The plugin was affected by an Auth Bypass security vulnerability. To bypass authentication, we only need to know the user’s username. Depending on whose username we know, which can be easily queried because it is usually public data, we may even be given an administrative role on the website...

9.8CVSS1.4AI score0.01598EPSS
Exploits2References1
wpexploit
wpexploit
added 2021/11/01 12:0 a.m.644 views

BSK PDF Manager < 3.1.2 - Admin+ SQL Injection

The plugin does not validate and escape the orderby and order parameters before using them in a SQL statement, leading to a SQL injection issue With at least one BSK PDF Category: https://example.com/wp-admin/admin.php?page=bsk-pdf-manager&order=and+sleep5...

7.2CVSS7.6AI score0.01275EPSS
Exploits2
wpexploit
wpexploit
added 2021/09/01 12:0 a.m.644 views

XO Event Calendar < 2.3.7 - Reflected Cross-Site Scripting

The plugin does not escape the selected-name parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting issue https://example.com/wp-admin/edit.php?posttype=xoevent&page=xo-event-holiday-settings&selected-name="alert/XSS/...

0.7AI score
Exploits0
wpexploit
wpexploit
added 2022/12/12 12:0 a.m.643 views

WP AutoComplete Search <= 1.0.4 - Unauthenticated SQLi

The plugin does not sanitise and escape a parameter before using it in a SQL statement via an AJAX available to unauthenticated users, leading to an unauthenticated SQL injection Extract the nonce from the index page search for "wpautosearchconfig", look for the "nonce" field Invoke the following...

9.8CVSS1.9AI score0.03595EPSS
Exploits5
wpexploit
wpexploit
added 2020/12/17 12:0 a.m.643 views

Contact Form 7 < 5.3.2 - Unrestricted File Upload

The popular WordPress plugin, Contact Form 7 was found to be vulnerable to Unrestricted File Upload. Append a unicode special character from U+0000 null to U+001F us to a filename and upload it via the ContactForm7 upload feature...

10CVSS1.2AI score0.89626EPSS
Exploits4References3
wpexploit
wpexploit
added 2022/08/31 12:0 a.m.643 views

Bitcoin / Altcoin Faucet <= 1.6.0 - Settings Update to Stored XSS via CSRF

The plugin does not have any CSRF check when saving its settings, allowing attacker to make a logged in admin change them via a CSRF attack. Furthermore, due to the lack of sanitisation and escaping, it could also lead to Stored Cross-Site Scripting issues Make a logged in admin open a page...

5.4CVSS0.3AI score0.00244EPSS
Exploits2
wpexploit
wpexploit
added 2021/02/14 12:0 a.m.642 views

Zebra_Form Library <= 2.9.8 - Reflected Cross-Site Scripting (XSS)

The ZebraForm PHP library v2.9.8 latest and below, used by some WordPress plugins, is affected by reflected Cross-Site Scripting issues in its process.php file. There is currently no patch available and the removal of this library is recommended. Via $GET'form': &control=upload" method="post"...

0.3AI score
Exploits0References2
wpexploit
wpexploit
added 2021/01/29 12:0 a.m.642 views

Modern Events Calendar Lite < 5.16.5 - Authenticated Arbitrary File Upload leading to RCE

The plugin did not properly check the imported file, allowing PHP ones to be uploaded by administrator by using the 'text/csv' content-type in the request. The issue could also be exploited via a CRSF attack, as such check was also missing...

1AI score0.88158EPSS
Exploits9
wpexploit
wpexploit
added 2021/05/31 12:0 a.m.641 views

The Plus Addons for Elementor < 4.1.12 - Reflected Cross-Site Scripting (XSS)

The theplusmorepost AJAX action of the plugin did not properly sanitise some of its fields, leading to a reflected Cross-Site Scripting exploitable on both unauthenticated and authenticated users POST /wp-admin/admin-ajax.php HTTP/1.1 Accept: application/json, text/javascript, /; q=0.01...

6.1CVSS0.1AI score0.02483EPSS
Exploits2References1
wpexploit
wpexploit
added 2022/12/27 12:0 a.m.640 views

Google Analyticator < 6.5.6 - Admin+ PHP Object Injection

The plugin unserializes user input provided via the settings, which could allow high-privilege users such as admin to perform PHP Object Injection when a suitable gadget is present. To simulate a gadget chain, put the following code in the plugin: class Evil public function wakeup : void...

7.2CVSS0.5AI score0.01046EPSS
Exploits2
Total number of security vulnerabilities4359