Lucene search
K
WpexploitMost viewed

4359 matches found

wpexploit
wpexploit
added 2021/11/08 12:0 a.m.116 views

Bookly < 20.3.1 - Staff Member Stored Cross-Site Scripting

The plugin does not escape the Staff Full Name field before outputting it back in a page, which could lead to a Stored Cross-Site Scripting issue As a Staff Member, put the following payload in your Full Name Booklyn -- Profile -- Edit -- Full Name: alert/XSS/ The XSS will be triggered when an...

5.4CVSS5.2AI score0.00604EPSS
Exploits2
wpexploit
wpexploit
added 2020/12/26 12:0 a.m.116 views

LiteSpeed Cache < 3.6.1 - Authenticated Stored Cross-Site Scripting

The plugin does not sanitise invalid IPs given in its Toolbox page before displaying them in an error message. Submit a payload such as in the Admin IPs section of the Toolbox /wp-admin/admin.php?page=litespeed-toolbox...

4.3CVSS0.3AI score0.0093EPSS
Exploits1References1
wpexploit
wpexploit
added 2023/10/27 12:0 a.m.115 views

WooHoo Newspaper Magazine Theme <= 2.5.3 - Settings Update via CSRF

Description The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack Make an admin open an HTML page with the following HTML: document.forms0.submit; See that the plugin's "Header Options Toolbar...

8.8CVSS7.2AI score0.00379EPSS
Exploits2
wpexploit
wpexploit
added 2023/02/21 12:0 a.m.115 views

GetResponse for WordPress <= 5.5.31 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. grwebform center='on'...

5.4CVSS5.2AI score0.00534EPSS
Exploits2
wpexploit
wpexploit
added 2023/01/16 12:0 a.m.115 views

PDF Generator for WordPress < 1.1.2 - Reflected XSS

The plugin includes a vendored dompdf example file which is susceptible to Reflected Cross-Site Scripting and could be used against high privilege users such as admin Make a logged in admin open the following URL:...

6.1CVSS5.9AI score0.01193EPSS
Exploits2
wpexploit
wpexploit
added 2023/01/12 12:0 a.m.115 views

Tutor LMS < 2.0.10 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape the resetkey and userid parameters before outputting then back in attributes, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

6.1CVSS1.3AI score0.01347EPSS
Exploits2
wpexploit
wpexploit
added 2023/01/11 12:0 a.m.115 views

Cloak Front End Email < 1.9.2 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks email name='" onmouseover="alert1"...

5.4CVSS0.5AI score0.00649EPSS
Exploits2
wpexploit
wpexploit
added 2022/11/19 12:0 a.m.115 views

Quizlord <= 2.0 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. 1. Go to Quizlord » Add a quiz 2. In the input...

4.8CVSS0.3AI score0.00535EPSS
Exploits2
wpexploit
wpexploit
added 2022/10/27 12:0 a.m.115 views

Zoho CRM Lead Magnet < 1.7.6.2 - Subscriber+ Arbitrary Options Update

The plugin does not have authorisation and CSRF in some AJAX actions, and does not ensure that the option to be updated belong to the plugin. As a result, any authenticated users, such as subscriber could update arbitrary blog options such as defaultrole and userscanregister. v response.text...

8.8CVSS0.2AI score0.02971EPSS
Exploits1
wpexploit
wpexploit
added 2022/10/14 12:0 a.m.115 views

WP All Import < 3.6.9 - Admin+ Arbitrary File Upload to RCE

The plugin is not properly filtering which file extensions are allowed to be imported on the server, which could allow administrators in multi-site WordPress installations to upload arbitrary files 1 Create 'poc.zip' with 2 files like below 1-1 'exploit.php.txt' is as follows...

7.2CVSS0.9AI score0.01104EPSS
Exploits2
wpexploit
wpexploit
added 2022/10/10 12:0 a.m.115 views

Envira Gallery Lite < 1.8.4.7 - Reflected Cross-Site Scripting

The plugin does not escape the $SERVER'REQUESTURI' parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers https://example.com/wp-admin/edit.php?posttype=envira&page=envira-gallery-lite-addons&"alert1...

6.1CVSS1.3AI score0.00593EPSS
Exploits3
wpexploit
wpexploit
added 2022/08/01 12:0 a.m.115 views

Multiple Plugins from Puvox.software - Reflected Cross-Site Scripting

The plugins do not escape some URLs before outputting them back in attributes, leading to Reflected Cross-Site Scripting https://example.com/wp-admin/admin.php?page=wp-phpmyadmin-extension&tab=errors-logreset&a"alert/XSS/...

0.7AI score
Exploits0
wpexploit
wpexploit
added 2022/07/14 12:0 a.m.115 views

Slide Anything < 2.3.47 - Author+ Cross Site Scripting in slide title

The plugin does not properly sanitize or escape the slide title before outputting it in the admin pages, allowing a logged in user with roles as low as Author to inject a javascript payload into the slide title even when the unfilteredhtml capability is disabled. An incomplete fix was introduced ...

0.5AI score0.0053EPSS
Exploits2
wpexploit
wpexploit
added 2022/06/16 12:0 a.m.115 views

Rename wp-login.php <= 2.6.0 - Secret URL Update via CSRF

The plugin does not have CSRF check in place when updating the secret login URL, which could allow attackers to make a logged in admin change them via a CSRF attack document.getElementById"test".submit;...

6.5CVSS1.5AI score0.00475EPSS
Exploits2
wpexploit
wpexploit
added 2022/06/02 12:0 a.m.115 views

Browser and Operating System Finder <= 1.2 - Unauthenticated Settings Reset

The plugin does not have authorisation and CSRF check when resetting its settings, allowing unauthenticated users to reset them https://example.com/?type=reset-all...

3.4AI score
Exploits0
wpexploit
wpexploit
added 2022/05/23 12:0 a.m.115 views

Static Page eXtended <= 2.1 - Arbitrary Settings Update via CSRF to Stored XSS

Due to missing checks the plugin is vulnerable to CSRF attacks which allows changing the plugin settings, including required user levels for specific features. This could also lead to Stored Cross-Site Scripting due to the lack of escaping in some of the settings...

5.4CVSS5.3AI score0.00292EPSS
Exploits2
wpexploit
wpexploit
added 2022/05/23 12:0 a.m.115 views

Newsletter < 7.4.5 - Reflected Cross-Site Scripting

The plugin does not sanitize and escape the $SERVER'REQUESTURI' before echoing it back in admin pages. Although this uses addslashes, and most modern browsers automatically URLEncode requests, this is still vulnerable to Reflected XSS in older browsers such as Internet Explorer 9 or below...

6.1CVSS0.1AI score0.01785EPSS
Exploits2
wpexploit
wpexploit
added 2022/05/12 12:0 a.m.115 views

WordPress Forms by Pie Forms < 1.4.9.4 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its form fields, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks when unfilteredhtml is disallowed Create/edit a form, go to the Form Settings - General Settings and put the following payload in the "Form...

4.8CVSS0.1AI score0.00565EPSS
Exploits2
wpexploit
wpexploit
added 2022/05/09 12:0 a.m.115 views

amtyThumb <= 4.2.0 - Subscriber+ SQLi

The plugin does not sanitise and escape a parameter before using it in a SQL statement via its shortcode, leading to an SQL injection and is exploitable by any authenticated user and not just Author+ like the original advisory mention due to the fact that they can execute shortcodes via an AJAX...

8.8CVSS0.8AI score0.0151EPSS
Exploits2References1
wpexploit
wpexploit
added 2022/05/09 12:0 a.m.115 views

Amazon Link <= 3.2.10 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed. Put the following payload in settings such as the "AWS Public Key": "...

4.8CVSS0.6AI score0.00565EPSS
Exploits2
wpexploit
wpexploit
added 2022/04/19 12:0 a.m.115 views

BMI BMR Calculator <= 1.3 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape arbitrary POST data before outputting it back in the response, leading to a Reflected Cross-Site Scripting " document.form1.submit;...

6.1CVSS0.2AI score0.00813EPSS
Exploits2
wpexploit
wpexploit
added 2022/04/18 12:0 a.m.115 views

Personal Dictionary < 1.3.4 - Unauthenticated SQLi

The plugin fails to properly sanitize user supplied POST data before it is being interpolated in an SQL statement and then executed, leading to a blind SQL injection vulnerability. 1. Create a new page with the plugin's shortcode shortcode can be copied from...

9.8CVSS0.7AI score0.0677EPSS
Exploits2
wpexploit
wpexploit
added 2022/03/15 12:0 a.m.115 views

Post Grid < 2.1.16 - Reflected Cross-Site Scripting via post_types

The plugin does not sanitise and escape the posttypes parameter before outputting it back in the response of the postgridupdatetaxonomiestermsbyposttypes AJAX action, available to any authenticated users, leading to a Reflected Cross-Site Scripting " name="posttypes"...

6.4CVSS0.2AI score0.00632EPSS
Exploits2
wpexploit
wpexploit
added 2022/03/14 12:0 a.m.115 views

Mark Posts < 2.0.1 - Admin+ Stored Cross-Site Scripting

The plugin does not escape new markers, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed Put the following payload in the 'Add new markers' settings of the plugin: "autofocus onfocus=alert/XSS/ b=...

4.8CVSS0.8AI score0.00644EPSS
Exploits2References1
wpexploit
wpexploit
added 2022/03/14 12:0 a.m.115 views

MapPress Maps for WordPress < 2.73.13 - Admin+ File Upload to Remote Code Execution

The plugin allows a high privileged user to bypass the DISALLOWFILEEDIT and DISALLOWFILEMODS settings and upload arbitrary files to the site through the "ajaxsave" function. The file is written relative to the current theme's stylesheet directory, and a .php file extension is added. No validation...

7.2CVSS0.6AI score0.01484EPSS
Exploits2
wpexploit
wpexploit
added 2022/02/22 12:0 a.m.115 views

BulletProof Security < 5.8 - Admin+ Stored Cross-Site Scripting (XSS)

The plugin does not sanitise and escape some of its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. As admin, put the following payloads: - in the htaccess File Options htaccess File Editor...

0.4AI score0.00588EPSS
Exploits2
wpexploit
wpexploit
added 2022/02/14 12:0 a.m.115 views

WP Cerber Security, Anti-spam & Malware Scan < 8.9.6 - Unauthenticated Stored Cross-Site Scripting

The plugin does not sanitise the $url variable before using it in an attribute in the Activity tab in the plugins dashboard, leading to an unauthenticated stored Cross-Site Scripting vulnerability. POST /"/onmouseover=alert1;// HTTP/1.1 Host: 127.0.0.1 Content-Type:...

6.1CVSS0.1AI score0.01378EPSS
Exploits2
wpexploit
wpexploit
added 2022/01/26 12:0 a.m.115 views

WP Accessibility Helper (WAH) < 0.6.0.7 - Reflected Cross-Site Scripting (XSS)

The plugin does not sanitise and escape the wahi parameter before outputting back its base64 decode value in the page, leading to a Reflected Cross-Site Scripting issue https://example.com/?wahi=JzthbGVydCgxKTsvLw==...

6.1CVSS0.3AI score0.01718EPSS
Exploits2References1
wpexploit
wpexploit
added 2022/01/24 12:0 a.m.115 views

Float Menu < 4.3.1 - Arbitrary Menu Deletion via CSRF

The plugin does not have CSRF check in place when deleting menu, which could allow attackers to make a logged in admin delete them via a CSRF attack https://example.com/wp-admin/admin.php?page=float-menu&info=delete&did=1...

4.3CVSS4AI score0.00464EPSS
Exploits2References1
wpexploit
wpexploit
added 2021/07/05 12:0 a.m.115 views

Popular Brand SVG Icons - Simple Icons < 2.7.8 - Contributor+ Stored XSS

The plugin does not sanitise or validate some of its shortcode parameters, such as "color", "size" or "class", allowing users with a role as low as Contributor to set Cross-Site payload in them. A post made by a contributor would still have to be approved by an admin to have the XSS triggered in...

3.5CVSS0.4AI score0.00624EPSS
Exploits2
wpexploit
wpexploit
added 2021/06/21 12:0 a.m.115 views

myStickymenu < 2.5.2 - Authenticated Stored XSS

The plugin does not sanitise or escape its Bar Text settings, allowing hight privilege users to use malicious JavaScript in it, leading to a Stored Cross-Site Scripting issue, which will be triggered in the plugin's setting, as well as all front-page of the blog when the Welcome bar is active Put...

3.5CVSS4.9AI score0.00626EPSS
Exploits2References1
wpexploit
wpexploit
added 2021/03/31 12:0 a.m.115 views

Goto - Tour & Travel < 2.0 - Unauthenticated Reflected XSS

The theme does not sanitise the keywords and startdate GET parameter on its Tour List page, leading to an unauthenticated reflected Cross-Site Scripting issue. Payload:...

4.3CVSS1.2AI score0.02927EPSS
Exploits2References1
wpexploit
wpexploit
added 2021/03/17 12:0 a.m.115 views

Elementor < 3.1.2 - Authenticated Stored Cross-Site Scripting (XSS) in Heading Widget

In the plugin, the heading widget includes/widgets/heading.php accepts a ‘headersize’ parameter. Although the element control lists a fixed set of possible html tags, it is possible for a user with Contributor or above permissions to send a modified ‘savebuilder’ request with this parameter set t...

3.5CVSS5.5AI score0.00746EPSS
Exploits2References1
wpexploit
wpexploit
added 2021/03/03 12:0 a.m.115 views

User Profile Picture < 2.5.0 - Sensitive Information Disclosure

The REST API endpoint getusers in the plugin returned more information than was required for its functionality to users with the uploadfiles capability. This included password hashes, hashed user activation keys, usernames, emails, and other less sensitive information. Usage: php poc.php author...

7.5AI score0.04788EPSS
Exploits2References1
wpexploit
wpexploit
added 2024/01/30 12:0 a.m.114 views

Fatal Error Notify < 1.5.3 - Subscriber+ Test Error Email Sending

Description The plugin does not have authorisation and CSRF checks in its testerror AJAX action, allowing any authenticated users, such as subscriber to call it and spam the admin email address with error messages. The issue is also exploitable via CSRF As a subscriber, open...

6.4AI score0.00228EPSS
Exploits3References1
wpexploit
wpexploit
added 2023/03/03 12:0 a.m.114 views

Watu Quiz < 3.3.9.1 - Reflected XSS

The plugin does not sanitise and escape some parameters such as email, dn, date and points before outputting then back in a page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

6.1CVSS6.3AI score0.01252EPSS
Exploits3
wpexploit
wpexploit
added 2023/02/13 12:0 a.m.114 views

i2 Pros & Cons <= 1.3.1 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. i2prosandcons showbutton='true'...

5.4CVSS5.2AI score0.00471EPSS
Exploits2
wpexploit
wpexploit
added 2022/12/23 12:0 a.m.114 views

MashShare < 3.8.7 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. Exploit:...

5.4CVSS1AI score0.00534EPSS
Exploits2
wpexploit
wpexploit
added 2022/12/09 12:0 a.m.114 views

WP RSS By Publishers <= 0.1 - Admin+ SQLi

The plugin does not properly sanitize and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin https://example.com/wp-admin/admin.php?page=wsysadminrules&action=delete&id=0,1+AND+SELECT+5926+FROM+SELECTSLEEP5erUA...

7.2CVSS1.1AI score0.00983EPSS
Exploits2References1
wpexploit
wpexploit
added 2022/12/02 12:0 a.m.114 views

Plugin Logic < 1.0.8 - Admin+ SQLi

The plugin does not sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin POST /wp-admin/network/plugins.php?page=plugin-logic&tabid=options%20union%20SELECT%20SLEEP16%3b%23 HTTP/1.1 Content-Type:...

7.2CVSS2.1AI score0.01091EPSS
Exploits2References1
wpexploit
wpexploit
added 2022/10/14 12:0 a.m.114 views

WP All Import < 3.6.9 - Admin+ Directory traversal via file upload

The plugin is not validating the paths of files contained in uploaded zip archives, allowing highly privileged users, such as admins, to write arbitrary files to any part of the file system accessible by the web server via a path traversal vector. 1 Download 'poc.zip' via...

7.2CVSS0.7AI score0.03187EPSS
Exploits2
wpexploit
wpexploit
added 2022/06/21 12:0 a.m.114 views

OAuth 2.0 client for SSO < 1.11.4 - Authenticated Bypass

The plugin allows attackers to login as any user by just knowing their email address POST / HTTP/1.1 Content-Type: application/x-www-form-urlencoded option=mooauth&[email protected]...

9.8CVSS4.5AI score0.01344EPSS
Exploits2
wpexploit
wpexploit
added 2022/06/20 12:0 a.m.114 views

WP Event Manager < 3.1.28 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape its search before outputting it back in an attribute on the event dashboard, leading to a Reflected Cross-Site Scripting Against any authenticated user: https://example.com/event-dashboard/?searchkeywords=aaaa"...

6.1CVSS6.2AI score0.00712EPSS
Exploits2
wpexploit
wpexploit
added 2022/06/14 12:0 a.m.114 views

Easy Testimonials < 3.9 - Reflected Cross-Site Scripting

The plugin, when used along the Pro version, does not escape an URL before outputting it back in an attribute, leading to Reflected Cross-Site Scripting With the pro version installed and when consent hasn't been given yet:...

7.1AI score
Exploits0
wpexploit
wpexploit
added 2022/05/30 12:0 a.m.114 views

Print, PDF, Email by PrintFriendly < 5.2.3 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape the Custom Button Text settings, which could allow high privilege users such as admin to perform cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed In the plugin's settings, tick 'Custom Button' and put the following payload ...

4.8CVSS0.4AI score0.00552EPSS
Exploits2
wpexploit
wpexploit
added 2022/05/23 12:0 a.m.114 views

postTabs <= 2.10.6 - Arbitrary Settings Update via CSRF to Stored XSS

The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack, which also lead to Stored Cross-Site Scripting due to the lack of sanitisation and escaping ' document.getElementById"test".submit;...

5.4CVSS0.7AI score0.00292EPSS
Exploits2
wpexploit
wpexploit
added 2022/02/21 12:0 a.m.114 views

GD Mylist <= 1.1.1 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed Put the following payload in any of the text field settings of the plugin such as Add to Mylist...

4.8CVSS0.8AI score0.00612EPSS
Exploits2
wpexploit
wpexploit
added 2021/12/13 12:0 a.m.114 views

The Plus Addons for Elementor Pro < 5.0.7 - Unauthenticated SQL Injection

The "WP Search Filters" widget of the plugin does not sanitise and escape the option parameter before using it in a SQL statement, which could lead to SQL injection The request requires a nonce created with wpcreatenonce"theplus-searchfilter” which can be retrieved from a page where the widget is...

9.8CVSS0.2AI score0.01704EPSS
Exploits2References1
wpexploit
wpexploit
added 2021/05/26 12:0 a.m.114 views

Simple 301 Redirects by BetterLinks - 2.0.0 – 2.0.3 - Unauthenticated Redirect Export

The exportdata function of the plugin had no capability or nonce checks making it possible for unauthenticated users to export a site's redirects. curl -X POST --url "URL/wp-admin/admin-post.php?page=301options&export=true"...

8.8CVSS2.5AI score0.01169EPSS
Exploits2References1
wpexploit
wpexploit
added 2021/04/19 12:0 a.m.114 views

Photo Gallery < 1.5.69 - Multiple Reflected Cross-Site Scripting (XSS)

The plugin was vulnerable to Reflected Cross-Site Scripting XSS issues via the galleryid, tag, albumid and themeid GET parameters passed to the bwgfrontenddata AJAX action available to both unauthenticated and authenticated users...

4.3CVSS2.6AI score0.1445EPSS
Exploits2References1
Total number of security vulnerabilities4359