Lucene search
K
WpexploitMost viewed

4359 matches found

wpexploit
wpexploit
•added 2023/10/16 12:0 a.m.•113 views

History Log by click5 < 1.0.13 - Admin+ Time-Based Blind SQL Injection

Description The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by admin users when using the Smash Balloon Social Photo Feed plugin alongside it. 1 Navigate to Instagram Feed Settings Manage Sources, then click o...

7.2CVSS7.9AI score0.00676EPSS
Exploits2
wpexploit
wpexploit
•added 2023/04/06 12:0 a.m.•113 views

Limit Login Attempts < 1.7.2 - Unauthenticated Stored XSS

The plugin does not sanitize and escape the IP address retrieved from headers such as X-Forwarded-For when the "Site Connection" settings is set to "From behind a reversy proxy", which could allow unauthenticated attackers to perform Stored Cross-Site Scripting attacks Setup: As admin, set the...

7.2CVSS6.3AI score0.00789EPSS
Exploits3
wpexploit
wpexploit
•added 2023/03/28 12:0 a.m.•113 views

Video Central for WordPress <= 1.3.0 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks video-central-subtitle src="'...

5.4CVSS5.6AI score0.00444EPSS
Exploits2
wpexploit
wpexploit
•added 2023/03/09 12:0 a.m.•113 views

Easy Forms for MailChimp < 6.8.9 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its from parameters, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup Edit a form and put the following payload i...

4.8CVSS5.4AI score0.00444EPSS
Exploits1
wpexploit
wpexploit
•added 2023/02/02 12:0 a.m.•113 views

Print Invoice & Delivery Notes for WooCommerce < 4.7.2 - Reflected XSS

The plugin is vulnerable to reflected XSS by echoing a GET value in an admin note within the WooCommerce orders page. This means that this vulnerability can be exploited for users with the editothersshoporders capability. WooCommerce must be installed and active. This vulnerability is caused by a...

2.7AI score0.00516EPSS
Exploits2
wpexploit
wpexploit
•added 2022/12/05 12:0 a.m.•113 views

Return Refund and Exchange For WooCommerce < 4.0.9 - Unauthenticated Arbitrary File Upload

The plugin does not validate attachment files to be uploaded via an AJAX action available to unauthenticated users, which could allow them to upload arbitrary files such as PHP and lead to RCE 1. Install and activate woocommerce dependency, no setup required 2. Install and activate the vulnerable...

9.8CVSS9.8AI score0.06152EPSS
Exploits3
wpexploit
wpexploit
•added 2022/09/19 12:0 a.m.•113 views

reSmush.it Image Optimizer < 0.4.6 - Admin+ Cross-Site Scripting

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when unfilteredhtml is disallowed. POST /wp-admin/options.php HTTP/1.1 Accept:...

4.8CVSS1.1AI score0.00506EPSS
Exploits2
wpexploit
wpexploit
•added 2022/09/15 12:0 a.m.•113 views

TaskBuilder < 1.0.8 - Subscriber+ Stored XSS via SVG file upload

The plugin does not validate and sanitise task's attachments, which could allow any authenticated user such as subscriber creating a task to perform Stored Cross-Site Scripting by attaching a malicious SVG file Create a SVG with the following content: alertdocument.cookie; As any authenticated...

5.4CVSS5.2AI score0.00468EPSS
Exploits2
wpexploit
wpexploit
•added 2022/06/29 12:0 a.m.•113 views

WordPress Popular Posts < 6.0.0 - Reflected Cross-Site Scripting

The plugin does not escape some URLs before outputting them back in attributes, leading to Reflected Cross-Site Scripting When the plugin displays a performance notice: https://example.com/wp-admin/plugins.php?"alert/XSS/...

7.1AI score
Exploits0
wpexploit
wpexploit
•added 2022/05/23 12:0 a.m.•113 views

Genki Pre-Publish Reminder <= 1.4.1 - Stored XSS & RCE via CSRF

The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and lead to Stored XSS as well as RCE when custom code is added via the plugin settings. document.getElementById"test".submit;...

8.8CVSS0.7AI score0.00597EPSS
Exploits2
wpexploit
wpexploit
•added 2022/03/29 12:0 a.m.•113 views

Master Elements <= 8.0 - Unauthenticated SQLi

The plugin does not validate and escape the metaids parameter of its removepostmetacondition AJAX action available to both unauthenticated and authenticated users before using it in a SQL statement, leading to an unauthenticated SQL Injection As unauthenticated:...

9.8CVSS1.8AI score0.07184EPSS
Exploits2
wpexploit
wpexploit
•added 2022/02/21 12:0 a.m.•113 views

Countdown & Clock < 2.2.9 - Reflected Cross-Site Scripting

The plugin does not sanitize and escape the post parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting. https://example.com/wp-admin/post-new.php?posttype=ycdcountdown&post="...

6.1CVSS1AI score0.00863EPSS
Exploits2References1
wpexploit
wpexploit
•added 2022/02/14 12:0 a.m.•113 views

WP Event Manager < 3.1.23 - Admin+ Stored Cross-Site Scripting

The plugin does not escape some of its Field Editor settings when outputting them, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed Go to "Field Editor" page. Put the following XSS payload into the "Placeholder / Options"...

4.8CVSS0.1AI score0.00588EPSS
Exploits2
wpexploit
wpexploit
•added 2021/12/27 12:0 a.m.•113 views

Ultimate FAQ < 2.1.2 - Subscriber+ Arbitrary FAQ Creation

The plugin does not have capability and CSRF checks in the ewdufaqwelcomeaddfaq and ewdufaqwelcomeaddfaqpage AJAX actions, available to any authenticated users. As a result, any users, with a role as low as Subscriber could create FAQ and FAQ questions...

5.7CVSS0.00426EPSS
Exploits2References1
wpexploit
wpexploit
•added 2021/07/12 12:0 a.m.•113 views

WOWRestro < 1.1 - CSRF Bypass

The plugin does not properly check for CSRF in numerous of its AJAX actions, allowing attacker to make logged in users call them and perform unwanted actions, such as add/remove an item from their basket and empty it as well. To empty a user basket:...

2.6AI score
Exploits0
wpexploit
wpexploit
•added 2021/06/30 12:0 a.m.•113 views

Strong Testimonials < 2.51.3 - Unauthorised AJAX Call

The plugin did not propely check for CSRF and authorisation in all the wpmtstaddfieldfunction functions, allowing unauthorised call of the associated AJAX actions either via low privilege users or CSRF attack https://example.com/wp-admin/admin-ajax.php?action=wpmtstgetcatcount...

4.9AI score
Exploits0
wpexploit
wpexploit
•added 2021/06/28 12:0 a.m.•113 views

Migrate Users <= 1.0.1 - CSRF to Stored Cross-Site Scripting (XSS)

The plugin does not sanitise or escape its Delimiter option before outputting in a page, leading to a Stored Cross-Site Scripting issue. Furthermore, the plugin does not have CSRF check in place when saving its options, allowing the issue to be exploited via a CSRF attack. Add the following paylo...

4.3CVSS0.1AI score0.00412EPSS
Exploits2
wpexploit
wpexploit
•added 2021/06/13 12:0 a.m.•113 views

Async JavaScript < 2.21.06.29 - Authenticated (admin+) Stored XSS

The plugin does not validate or escape its Username and API Key from the Wizard tab of its settings, allowing high privilege users such as admin to set JavaScript payload in them, even when the unfilteredhtml capability is disallowed, leading to Stored Cross-Site Scripting issues Set the payload...

0.1AI score
Exploits0References1
wpexploit
wpexploit
•added 2021/05/26 12:0 a.m.•113 views

Simple 301 Redirects by BetterLinks - 2.0.0 – 2.0.3 - Arbitrary Plugin Installation

A lack of capability checks and insufficient nonce check on the AJAX action in the plugin, made it possible for authenticated users to install arbitrary plugins on vulnerable sites. $wpuser, 'pwd' = $wppass, 'rememberme' = 'forever', 'wp-submit' = 'Log+In', ; $output = curlexec$ch; curlclose$ch;...

8.8CVSS1.7AI score0.0148EPSS
Exploits2References1
wpexploit
wpexploit
•added 2021/05/25 12:0 a.m.•113 views

Cookie Law Bar <= 1.2.1 - Authenticated Stored Cross-Site Scripting (XSS)

The plugin does not properly sanitise its Bar Message setting, allowing high privilege users to set an XSS payload in it, which will be triggered in all frontend page of the blog. As admin, go the plugin settings /wp-admin/options-general.php?page=clb and set a payload such as alert/XSS/ in the B...

6.2AI score
Exploits0References2
wpexploit
wpexploit
•added 2021/03/15 12:0 a.m.•113 views

Tutor LMS < 1.8.3 - SQL Injection via tutor_quiz_builder_get_answers_by_question

The tutorquizbuildergetanswersbyquestion AJAX action from the plugin was vulnerable to UNION based SQL injection that could be exploited by students. python3 sqlmap.py -r /tutorunion.txt --dbms=mysql --technique=U -p questionid --dump Where tutorunion.txt is POST /wp-admin/admin-ajax.php HTTP/1.1...

4CVSS1.2AI score0.01742EPSS
Exploits2References1
wpexploit
wpexploit
•added 2021/01/13 12:0 a.m.•113 views

Elementor Contact Form DB < 1.6 - Unauthenticated & Unauthorised Form Submissions Export

The sbelemcfddownloadcsv function, registered as an admininit hook does not have capability and CSRF checks, allowing unauthenticated attackers to download arbitrary form submissions as a CSV. The data will include PII such as email addresses. A CSRF check was added, but no capability one, so the...

2.9AI score
Exploits0References1
wpexploit
wpexploit
•added 2021/01/03 12:0 a.m.•113 views

Contact Form Submissions <= 1.6.4 - Authenticated Double Query SQL injection

The plugin is affected by a double query SQL injection, which could allow high privileged users to access data from the DBMS. Edit WPScanTeam October 26th, 2020 - Confirmed & Escalated to WP October 27th, 2020 - WP Investigating January 3rd, 2021 - No updates, disclosing The PoC will be displayed...

0.9AI score
Exploits0
wpexploit
wpexploit
•added 2020/08/04 12:0 a.m.•113 views

Elegant Themes (Divi 3.0 - 4.5.2, Extra 2.0 - 4.5.2, Divi Builder 2.0 - 4.5.2) - Authenticated Arbitrary File Upload

Description This flaw gave authenticated attackers, with contributor-level or above capabilities, the ability to upload arbitrary files, including PHP files, and achieve remote code execution on a vulnerable site’s server. Usage: php poc.php url username password filetoupload Once the file is...

9.9CVSS9.4AI score0.02422EPSS
Exploits2References2
wpexploit
wpexploit
•added 2023/09/25 12:0 a.m.•112 views

Active Directory Integration < 4.1.10 - Unauthenticated Log Disclosure

Description The plugin stores sensitive LDAP logs in a buffer file when an administrator wants to export said logs. Unfortunately, this log file is never removed, and remains accessible to any users knowing the URL to do so. This requires the plugin's Log Authentication Requests setting to be set...

7.5CVSS7.7AI score0.25855EPSS
Exploits2
wpexploit
wpexploit
•added 2023/06/05 12:0 a.m.•112 views

WP Inventory Manager < 2.1.0.14 - Inventory Items Deletion via CSRF

The plugin does not have CSRF checks, which could allow attackers to make logged-in admins delete Inventory Items via a CSRF attack Send a payload to logged-in admins with a request to http://127.0.0.1/wordpress/wp-admin/admin.php?page=wpimmanageinventoryitems&action=delete&deleteid=2...

8.1CVSS9AI score0.00353EPSS
Exploits2
wpexploit
wpexploit
•added 2023/02/21 12:0 a.m.•112 views

Japanized For WooCommerce < 2.5.5 - Reflected XSS

The plugin does not sanitise and escape the tab parameter before outputting it back in a page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin https://example.com/wp-admin/admin.php?page=wc4jp-options&tab=a...

6.1CVSS6.3AI score0.01213EPSS
Exploits3
wpexploit
wpexploit
•added 2023/02/20 12:0 a.m.•112 views

Video Background < 2.7.5 - Contributor+ Stored XSS via Shortcode

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks v 2.7.5 vidbg loop="1;alert/XSS-loop/;...

5.4CVSS5.2AI score0.00534EPSS
Exploits2
wpexploit
wpexploit
•added 2023/01/06 12:0 a.m.•112 views

WP Tabs < 2.1.17 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. trtabs id='"; alert1; "' trtabs id='"...

5.4CVSS1.2AI score0.00534EPSS
Exploits2
wpexploit
wpexploit
•added 2023/01/06 12:0 a.m.•112 views

News & Blog Designer Pack < 3.3 - Contributor+ Stored XSS via Shortcode

The plugin does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack. Exploit shortcode: bdpmasonry grid='1" onmouseover="alert1" style="background:red;"'...

5.4CVSS1.7AI score0.00438EPSS
Exploits2
wpexploit
wpexploit
•added 2022/06/28 12:0 a.m.•112 views

Request a Quote <= 2.3.7 - CSV Injection

The plugin does not validate uploaded CSV files, allowing unauthenticated users to attach a malicious CSV file to a quote, which could lead to a CSV injection once an admin download and open it On a page with a Quote Request form, upload the following CSV as an attachment: "First Name","Last...

8.8CVSS0.5AI score0.01184EPSS
Exploits2
wpexploit
wpexploit
•added 2022/05/31 12:0 a.m.•112 views

WP Post Styling < 1.3.1 - Multiple CSRF

The plugin does not have CSRF checks in various actions, which could allow attackers to make a logged in admin delete plugin's data, update the settings, add new entries and more via CSRF attacks HTMLFormElement.prototype.submit.call document.getElementById"test" ;...

4.3CVSS0.7AI score0.00412EPSS
Exploits2
wpexploit
wpexploit
•added 2022/05/17 12:0 a.m.•112 views

Enqueue Anything <= 1.0.1 - Subscriber+ Arbitrary Asset/Post Deletion

The plugin does not have authorisation and CSRF checks in the removeasset AJAX action, and does not ensure that the item to be deleted is actually an asset. As a result, low privilege users such as subscriber could delete arbitrary assets, as well as put arbitrary posts in the trash. v1.0.1 added...

6.5CVSS0.4AI score0.00408EPSS
Exploits2
wpexploit
wpexploit
•added 2022/05/16 12:0 a.m.•112 views

FormCraft Basic < 1.2.6 - Admin+ Stored Cross Site Scripting

The plugin does not sanitise and escape Field Labels, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. Put the following payload into a Field Label and save: The XSS will be triggered when accessing the form...

4.8CVSS0.8AI score0.00565EPSS
Exploits2
wpexploit
wpexploit
•added 2022/03/29 12:0 a.m.•112 views

Anti-Malware Security and Brute-Force Firewall < 4.20.96 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape the QUERYSTRING before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting in browsers which do not encode characters GET /wp-admin/admin.php?page=GOTMLSViewQuarantine&a=" HTTP/1.1 Cache-Control: max-age=0...

6.1CVSS1.6AI score0.03089EPSS
Exploits4
wpexploit
wpexploit
•added 2022/01/27 12:0 a.m.•112 views

WP Google Map < 1.8.4 - Arbitrary Post Deletion and Plugin's Settings Update via CSRF

The plugin does not have CSRF checks in most of its AJAX actions, which could allow attackers to make logged in admins delete arbitrary posts and update the plugin's settings via a CSRF attack Removing post: fetch"https://example.com/wp-admin/admin-ajax.php", "headers": "content-type":...

6.5CVSS1.4AI score0.00566EPSS
Exploits2References1
wpexploit
wpexploit
•added 2022/01/26 12:0 a.m.•112 views

WordPress GDPR & CCPA < 1.9.27 - Unauthenticated Reflected Cross-Site Scripting

The checkprivacysettings AJAX action of the plugin, available to both unauthenticated and authenticated users, responds with JSON data without an "application/json" content-type. Since an HTML payload isn't properly escaped, it may be interpreted by a web browser led to this endpoint. Javascript...

6.1CVSS6.2AI score0.0231EPSS
Exploits2
wpexploit
wpexploit
•added 2022/01/24 12:0 a.m.•112 views

Database Backup for WordPress < 2.5.1 - Admin+ SQL Injection

The plugin does not properly sanitise and escape the fragment parameter before using it in a SQL statement in the admin dashboard, leading to a SQL injection issue https://example.com/wp-admin/?fragment=select%20updatexml1,concat0x7e,select%20user,0::2.txt&wpnonce=7347278aca The nonce can be...

7.2CVSS0.7AI score0.01265EPSS
Exploits2
wpexploit
wpexploit
•added 2022/01/18 12:0 a.m.•112 views

FeedWordPress < 2022.0123 - Reflected Cross-Site Scripting (XSS)

The plugin is affected by a Reflected Cross-Site Scripting XSS within the "visibility" parameter. https://example.com/wp-admin/admin.php?page=feedwordpress%2Fsyndication.php&visibility=%22%3E%3Cimg+src%3D2+onerror%3Dalert%28origin%29%3E...

6.1CVSS1.9AI score0.02342EPSS
Exploits2References1
wpexploit
wpexploit
•added 2022/01/10 12:0 a.m.•112 views

GTranslate < 2.9.7 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape the body parameter in the urladdon/gtranslate-email.php file before outputting it back in the page, leading to a Reflected Cross-Site Scripting issue. Note: exploitation of the issue requires knowledge of the NONCESALT and NONCEKEY alert/XSS/" / var form1 =...

4.7CVSS0.1AI score0.00752EPSS
Exploits2
wpexploit
wpexploit
•added 2021/10/13 12:0 a.m.•112 views

WP Cloudy < 4.4.9 - Admin+ SQL Injection

The plugin does not escape the postid parameter before using it in a SQL statement in the admin dashboard, leading to a SQL Injection issue The first digits of the post parameter must be a valid Post ID Weather post or not...

0.8AI score0.01202EPSS
Exploits1References1
wpexploit
wpexploit
•added 2021/04/20 12:0 a.m.•112 views

Redirection for Contact Form 7 < 2.3.4 - Authenticated PHP Object Injection

In the plugin, any authenticated user, such as a subscriber, could use the importfromdebug AJAX action to inject PHP objects. $wpuser, 'pwd' = $wppass, 'rememberme' = 'forever', 'wp-submit' = 'Log+In', ; $output = curlexec$ch; curlclose$ch; // OBJI $ch = curlinit; curlsetopt$ch, CURLOPTURL, $wpur...

6.5CVSS0.7AI score0.01967EPSS
Exploits2References1
wpexploit
wpexploit
•added 2023/08/08 12:0 a.m.•111 views

Biometric Login for WooCommerce < 1.0.4 - Unauthenticated Privilege Escalation

Description The plugin does not validate that a user's WebAuthn authentication request succeeded before sending them authentication cookies, making it possible for unauthenticated attackers to take over any accounts having WebAuthn credentials set up on affected sites. While on the site not logge...

7.6AI score
Exploits0
wpexploit
wpexploit
•added 2023/08/07 12:0 a.m.•111 views

POEditor < 0.9.8 - Settings Reset via CSRF

Description The plugin does not have CSRF checks in various places, which could allow attackers to make logged in admins perform unwanted actions, such as reset the plugin's settings and update its API key via CSRF attacks. document.forms0.submit;...

4.3CVSS7.3AI score0.00218EPSS
Exploits2References1
wpexploit
wpexploit
•added 2023/02/14 12:0 a.m.•111 views

Ocean Extra < 2.1.3 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks Note: This requires the OceanWP theme to be...

0.5AI score
Exploits0
wpexploit
wpexploit
•added 2023/02/03 12:0 a.m.•111 views

VK All in One Expansion Unit < 9.86.0.0 - Contributor+ Stored XSS

The plugin does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. Setup: The CTA Expansion...

5.4CVSS5.6AI score0.0056EPSS
Exploits2
wpexploit
wpexploit
•added 2023/01/30 12:0 a.m.•111 views

WP Private Message < 1.0.6 - Private Message Disclosure via IDOR

The plugin bundled with the Superio theme as a required plugin does not ensure that private messages to be accessed belong to the user making the requests. This allowing any authenticated users to access private messages belonging to other users by tampering the ID. - Install the Superio theme an...

4.3CVSS5.5AI score0.00551EPSS
Exploits2References1
wpexploit
wpexploit
•added 2023/01/11 12:0 a.m.•111 views

Flexible Captcha <= 4.1 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks FCcaptchafields width='" onmouseover="alert1...

5.4CVSS1.6AI score0.00613EPSS
Exploits2
wpexploit
wpexploit
•added 2022/12/21 12:0 a.m.•113 views

WCK < 2.3.3 - Admin+ Stored XSS

The plugin does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example, in multisite setup. 1. Create/edit a Post Type via the plugin...

4.8CVSS4.8AI score0.0047EPSS
Exploits2
wpexploit
wpexploit
•added 2022/12/12 12:0 a.m.•111 views

Web Invoice <= 2.1.3 - Authenticated SQLi

The plugin does not properly sanitize and escape a parameter before using it in a SQL statement, leading to a SQL Injection exploitable by high privilege users such as admin by default. However, depending on the plugin configuration, other users, such as subscriber could exploit this as well When...

7.2CVSS0.4AI score0.00983EPSS
Exploits2References1
Total number of security vulnerabilities4359