Lucene search
K
WpexploitMost viewed

4359 matches found

wpexploit
wpexploit
•added 2022/12/05 12:0 a.m.•111 views

Contest Gallery < 19.1.5 - Author+ SQL Injection

The plugins do not escape the addCountS POST parameter before concatenating it to an SQL query in 4activate.php. This may allow malicious users with at least author privilege to leak sensitive information from the site's database. POST /wp-admin/admin-ajax.php HTTP/1.1 Host: localhost:8080...

6.5CVSS0.2AI score0.00854EPSS
Exploits2References1
wpexploit
wpexploit
•added 2022/11/17 12:0 a.m.•111 views

WooSwipe WooCommerce Gallery <= 2.0.1 - Subscriber+ Settings Update

The plugin does not have any authorisation when updating its settings, which could allow any authenticated users, such as subscriber to update them POST /wp-admin/admin.php?page=wooswipe-options HTTP/1.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8...

8.8CVSS1.1AI score0.00631EPSS
Exploits1
wpexploit
wpexploit
•added 2022/09/28 12:0 a.m.•111 views

Easy Digital Downloads < 3.1.0.2 - Unauthenticated CSV Injection

The plugin does not validate data when its output in a CSV file, which could lead to CSV injection. - Submit an order using =5+5 as "first name" and empty "last name" the plugin allows that. - Export the data as CSV from Reports Export. - Open the CSV with a spreadsheet application Excel, Libre...

9.8CVSS1AI score0.01218EPSS
Exploits2
wpexploit
wpexploit
•added 2022/07/26 12:0 a.m.•111 views

Simple Banner < 2.12.0 - Admin+ Stored Cross Site Scripting

The plugin does not properly sanitize its "Simple Banner Text" Settings allowing high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. Put the following payloads in the "Simple Banner Text" settings of the plugin: Firefox...

4.8CVSS0.1AI score0.00444EPSS
Exploits1
wpexploit
wpexploit
•added 2022/05/09 12:0 a.m.•111 views

User Meta < 2.4.3 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape the Form Name, as well as Shared Field Labels before outputting them in the admin dashboard when editing a form, which could allow high privilege users to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed An an admin - Create/edit ...

4.8CVSS0.00565EPSS
Exploits2
wpexploit
wpexploit
•added 2022/01/31 12:0 a.m.•111 views

Post Snippets < 3.1.4 - CSRF to Stored Cross-Site Scripting

The plugin does not have CSRF check when importing files, allowing attacker to make a logged In admin import arbitrary snippets. Furthermore, imported snippers are not sanitised and escaped, which could lead to Stored Cross-Site Scripting issues function submitRequest var xhr = new XMLHttpRequest...

9.6CVSS0.00602EPSS
Exploits2
wpexploit
wpexploit
•added 2022/01/24 12:0 a.m.•111 views

Duplicate Page or Post < 1.5.1 - Arbitrary Settings Update to Stored XSS

The plugin does not have any authorisation and has a flawed CSRF check in the wpdevartduplicatepostparametrssaveindb AJAX action, allowing any authenticated users, such as subscriber to call it and change the plugin's settings, or perform such attack via CSRF. Furthermore, due to the lack of...

3.5CVSS0.4AI score0.01582EPSS
Exploits2
wpexploit
wpexploit
•added 2021/12/23 12:0 a.m.•111 views

Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblue < 3.1.25 - Reflected XSS

The plugin does not escape the sib-statistics-date parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting issue var form1 = document.getElementById'hack'; form1.submit;...

6.1CVSS6.1AI score0.0081EPSS
Exploits2
wpexploit
wpexploit
•added 2021/10/05 12:0 a.m.•111 views

Translate WordPress - Google Language Translator < 6.0.12 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its settings before outputting it in various pages, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. Put the following payload in the Floating Widget Settings Custom text fo...

4.8CVSS0.3AI score0.00654EPSS
Exploits2References1
wpexploit
wpexploit
•added 2021/08/22 12:0 a.m.•111 views

Display users <= 2.0.0 - Authenticated SQL Injection

The Edit Role functionality in the plugin had an id parameter which is not sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection. GET /wp-admin/admin.php?page=display-users&tab=manage-role&action=edit&id=-4476+UNION+ALL+SELECT+NULL%2Cuser%28%29%2CNULL--+-...

7.2CVSS1.5AI score0.01467EPSS
Exploits2References1
wpexploit
wpexploit
•added 2021/07/03 12:0 a.m.•111 views

Forms < 1.12.3 - Authenticated Stored Cross-Site Scripting (XSS)

The plugin did not sanitise its input fields, leading to Stored Cross-Site scripting issues. The plugin was vulnerable to an Authenticated Stored Cross-Site Scripting XSS vulnerability within the Forms "Add new" field. Step 1: Install and activate the plugin. Step 2: Go to the Forms-- Add New. St...

3.5CVSS0.5AI score0.0062EPSS
Exploits2References1
wpexploit
wpexploit
•added 2021/06/28 12:0 a.m.•111 views

Yada Wiki < 3.4.1 - Contributor+ Stored XSS

The plugin did not sanitise, validate or escape the anchor attribute of its shortcode, leading to a Stored Cross-Site Scripting issue - Create a wiki page. If there is already a page, you can skip. The page can be a draft. - Add this shortcode to a post/page, view it and move the mouse over the...

3.5CVSS0.2AI score0.00547EPSS
Exploits1
wpexploit
wpexploit
•added 2021/04/27 12:0 a.m.•111 views

404 SEO Redirection <= 1.3 - Reflected Cross-Site Scripting (XSS)

Description The tab parameter of the settings page of the plugin is vulnerable to a reflected Cross-Site Scripting XSS issue as user input is not properly sanitised or escaped before being output in an attribute. The PoC will be displayed once the issue has been remediated...

6.1CVSS6AI score0.00827EPSS
Exploits2
wpexploit
wpexploit
•added 2021/04/26 12:0 a.m.•111 views

Store Locator Plus <= 5.5.15 - Unauthenticated Stored Cross-Site Scripting (XSS)

There are several endpoints in the plugin that could allow unauthenticated attackers the ability to inject malicious JavaScript into pages. The PoC will be displayed once the issue has been remediated...

4.3CVSS1.3AI score0.00826EPSS
Exploits1References1
wpexploit
wpexploit
•added 2021/04/12 12:0 a.m.•111 views

Business Directory Plugin < 5.11.2 - Arbitrary Payment History Update

The plugin suffered from a Cross-Site Request Forgery issue, allowing an attacker to make a logged in administrator update arbitrary payment history, such as change their status from pending to completed to example Add a listing, don't complete payment status will be pending paymentcreatedatdate...

4.3CVSS0.6AI score0.00474EPSS
Exploits2
wpexploit
wpexploit
•added 2021/04/09 12:0 a.m.•111 views

Larsens Calender <= 1.2 - Stored Cross-Site Scripting (XSS)

The plugin does not sanitise or encode the Title of the calendar entries when outputting them in the admin dashboard, leading to Stored XSS issue. Due to the lack of CSRF check, this can be exploited by a CSRF attack, making logged in administrators create malicious entries The PoC will be...

3.5CVSS0.7AI score0.00798EPSS
Exploits2References1
wpexploit
wpexploit
•added 2020/09/22 12:0 a.m.•111 views

XCloner Backup and Restore 4.2.1 - 4.2.12 - Unprotected AJAX Action

"This flaw gave authenticated attackers, with subscriber-level or above capabilities, the ability to modify arbitrary files, including PHP files. Doing so would allow an attacker to achieve remote code execution on a vulnerable site’s server. Alternatively, an attacker could create an exploit cha...

6.5CVSS1.4AI score0.24937EPSS
Exploits5References1
wpexploit
wpexploit
•added 2020/01/14 12:0 a.m.•111 views

Real Estate 7 < 2.9.5 - Multiple Vulnerabilities

Multiple vulnerabilities was discovered in the 'Real Estate 7 WordPress', tested version — v2.9.4: - Unauthenticated Reflected XSS - Authenticated Persistent XSS - Authenticated Persistent Self-XSS - IDOR - Information Exposure Edit WPScanTeam: January 12th - Report Received & Envato Contacted...

6.6AI score
Exploits0References2
wpexploit
wpexploit
•added 2019/12/13 12:0 a.m.•111 views

WordPress <= 5.3 - Authenticated Stored XSS via Crafted Links

Description The function wptargetedlinkrel can be used in a particular way to result in a Stored Cross-Site Scripting XSS vulnerability. This is a PoC for a Stored XSS...

6.1CVSS7AI score0.02762EPSS
Exploits1References4
wpexploit
wpexploit
•added 2023/09/11 12:0 a.m.•110 views

Socialdriver <= 2021 - Prototype Pollution to XSS

Description The theme has a prototype pollution vulnerability that could allow an attacker to inject arbitrary properties resulting in a cross-site scripting XSS attack. Access the URL:...

6.2AI score
Exploits0References1
wpexploit
wpexploit
•added 2023/03/27 12:0 a.m.•110 views

TF Random Numbers < 2.0.1 - Subscriber+ Arbitrary Option Update

The plugin does not have authorisation and CSRF check in an AJAX action, and does not ensure that the options to be updated belong to the plugin. As a result, it could allow any authenticated users, such as subscriber, to update arbitrary blog options, such as enabling registration and set the...

6.5CVSS6.9AI score0.00301EPSS
Exploits2
wpexploit
wpexploit
•added 2023/01/11 12:0 a.m.•110 views

Naver Map <= 1.1.0 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. naver-map y='" onmouseover="alert1"...

5.4CVSS1.5AI score0.0051EPSS
Exploits2
wpexploit
wpexploit
•added 2022/12/05 12:0 a.m.•110 views

Contest Gallery Pro < 19.1.5 - Admin+ SQL Injection

The plugin does not escape the wpuserid GET parameter before concatenating it to an SQL query in management-show-user.php. This may allow malicious users with at administrator privileges i.e. on multisite WordPress configurations to leak sensitive information from the site's database. POST...

4.9CVSS0.8AI score0.00852EPSS
Exploits2References1
wpexploit
wpexploit
•added 2022/12/05 12:0 a.m.•110 views

Contest Gallery < 19.1.5 - Author+ SQL Injection

The plugins do not escape the cgrow POST parameter before concatenating it to an SQL query in 3row-order.php. This may allow malicious users with at least author privilege to leak sensitive information from the site's database. POST /wp-admin/admin-ajax.php HTTP/1.1 Host: localhost:8080 User-Agen...

6.5CVSS0.2AI score0.00854EPSS
Exploits2References1
wpexploit
wpexploit
•added 2022/12/05 12:0 a.m.•110 views

Contest Gallery < 19.1.5 - Author+ SQL Injection

The plugins do not escape the cgdeactivate and cgactivate POST parameters before concatenating it to an SQL query in 2deactivate.php and 4activate.php, respectively. This may allow malicious users with at least author privilege to leak sensitive information from the site's database. Exploit...

6.5CVSS0.1AI score0.00854EPSS
Exploits2References1
wpexploit
wpexploit
•added 2022/11/16 12:0 a.m.•110 views

Donation Button <= 4.0.0 - Contributor+ Stored XSS

The plugin does not sanitize and escapes some parameters, which could allow users with a role as low as Contributor to perform Cross-Site Scripting attacks. Put the following shortcode in a blog post: paypaldonationbutton align='center" onmouseover="alert1'...

5.4CVSS0.8AI score0.00534EPSS
Exploits2
wpexploit
wpexploit
•added 2022/11/16 12:0 a.m.•110 views

Donation Button <= 4.0.0 - Subscriber+ Broken Access Control leading to SMS Spam

The plugin does not properly check for privileges and nonce tokens in its "donationbuttontwiliosendtestsms" AJAX action, which may allow any users with an account on the affected site, like subscribers, to use the plugin's Twilio integration to send SMSes to arbitrary phone numbers. While logged...

4.3CVSS0.8AI score0.00486EPSS
Exploits2
wpexploit
wpexploit
•added 2022/05/23 12:0 a.m.•110 views

Change Uploaded File Permissions <= 4.0.0 - File Permission Update via CSRF

Due to missing checks the plugin is vulnerable to CSRF attacks. This can be used to change the file and folder permissions of any folder. This could be problematic when specific files like ini files are made readable for everyone due to this. document.getElementById"test".submit;...

6.5CVSS0.5AI score0.00736EPSS
Exploits2
wpexploit
wpexploit
•added 2022/03/29 12:0 a.m.•110 views

5 Stars Rating Funnel < 1.2.53 - Unauthenticated SQLi

Description The plugin does not properly sanitise, validate and escape lead ids before using them in a SQL statement via the rrtnggdeleteleads AJAX action, available to unauthenticated users, leading to an unauthenticated SQL injection issue. There is an attempt to sanitise the input, using...

9.8CVSS10AI score0.01743EPSS
Exploits2
wpexploit
wpexploit
•added 2022/03/21 12:0 a.m.•110 views

One Click Demo Import < 3.1.0 - Admin+ Arbitrary File Upload

The plugin does not validate the imported file, allowing high privilege users such as admin to upload arbitrary files such as PHP even when FILEMODS and FILEEDIT are disallowed Access Tools Import One Click Demo Import Run Importer and import dummy XML file can be empty Intercept the request made...

7.2CVSS0.5AI score0.01653EPSS
Exploits2References1
wpexploit
wpexploit
•added 2022/01/10 12:0 a.m.•110 views

Store Toolkit for WooCommerce < 2.3.2 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape the tab parameter before outputting it back in an admin page in an error message, leading to a Reflected Cross-Site Scripting https://example.com/wp-admin/admin.php?page=woost&tab=%3Cimg+src+onerror%3Dalert%281%29%3E...

6.1CVSS1AI score0.00876EPSS
Exploits2References1
wpexploit
wpexploit
•added 2022/01/10 12:0 a.m.•110 views

Cluevo < 1.8.1 - Admin+ Stored Cross Site Scripting

The plugin does not sanitise and escape Course's module, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed On the Learning Management page /wp-admin/admin.php?page=cluevo-lms, click Add Course, then put the followi...

4.8CVSS0.00598EPSS
Exploits2
wpexploit
wpexploit
•added 2022/01/03 12:0 a.m.•110 views

Asset CleanUp < 1.3.8.5 - Reflected Cross-Site Scripting via AJAX Action

The plugin does not sanitise and escape POSted parameters sent to the wpassetcleanupfetchactivepluginsicons AJAX action available to admin users, leading to a Reflected Cross-Site Scripting issue alert/XSS/" / var form1 = document.getElementById'hack'; form1.submit;...

6.1CVSS0.4AI score0.00956EPSS
Exploits2
wpexploit
wpexploit
•added 2022/01/03 12:0 a.m.•110 views

TrustMate.io integration for WooCommerce < 1.7.1 - Subscriber+ Arbitrary Blog Option Update

The plugin does not have any CSRF and authorisation checks in the savecheckbox AJAX action, available to any authenticated users, and do not validate the option key to ensure the option to update belongs to the plugin. As a result, any authenticated user, such as subscriber can update arbitrary...

Exploits0
wpexploit
wpexploit
•added 2021/12/28 12:0 a.m.•110 views

Insight Core <= 1.0 - Subscriber+ PHP Object Injection & Stored XSS

The plugin does not have any authorisation and CSRF checks in the insightcustomizeroptionsimport available to any authenticated user, does not validate user input before passing it to unserialize, nor sanitise and escape it before outputting it in the response. As a result, it could allow users...

5.4CVSS0.00516EPSS
Exploits2
wpexploit
wpexploit
•added 2021/12/20 12:0 a.m.•110 views

Profile Extra Fields < 1.2.4 - Reflected Cross-Site Scripting

The plugin does not escape the role parameter when outputting it back in an admin page, leading to a Reflected Cross-Site Scripting issue https://example.com/wp-admin/admin.php?page=profile-extra-fields.php&tab-action=userdata&role="alert/XSS/...

1.2AI score
Exploits0
wpexploit
wpexploit
•added 2021/05/27 12:0 a.m.•110 views

Stock in & out <= 1.0.4 - Reflected Cross-Site Scripting (XSS)

The plugin has a search functionality, the lowest accessible level to it being contributor. The srch POST parameter is not validated, sanitised or escaped before using it in the echo statement, leading to a reflected XSS issue POST /wp-admin/admin.php?page=stockin HTTP/1.1 Content-Length: 66...

5.4CVSS0.7AI score0.00675EPSS
Exploits2References1
wpexploit
wpexploit
•added 2021/05/07 12:0 a.m.•110 views

Ultimate Member < 2.1.20 - Authenticated Reflected Cross-Site Scripting (XSS)

The plugin did not properly sanitise, validate or encode the query string when generating a link to edit user's own profile, leading to an authenticated reflected Cross-Site Scripting issue. Knowledge of the targeted username is required to exploit this, and attackers would then need to make the...

5.4CVSS0.5AI score0.0062EPSS
Exploits2
wpexploit
wpexploit
•added 2021/04/16 12:0 a.m.•110 views

Easy Digital Downloads < 2.10.3 - Unauthorised Stripe Disconnect via CSRF

The plugin did not property check for CSRF when disconnecting Stripe, allowing attackers to make logged in users with the manageoptions capability disconnect the Stripe gateway via a CSRF attack. https://example.com/wp-admin/admin-post.php?page=edd-settings&edds-stripe-disconnect=1...

3.7AI score
Exploits0References1
wpexploit
wpexploit
•added 2021/02/27 12:0 a.m.•110 views

Under Construction, Coming Soon & Maintenance Mode < 1.1.2 - Reflected Cross-Site Scripting (XSS)

The includes/mc-getlists.php file decoded JSON data fetched from the URL provided and then displayed the HTML from the response without any HTML escaping, leading to a reflected cross-site scripting issue where the payload is on a different server controlled by the attacker for example. The issue...

6.3AI score
Exploits0References1
wpexploit
wpexploit
•added 2023/03/01 12:0 a.m.•109 views

menu shortcode <= 1.0 - Contributor+ Stored XSS via Shortcode

The plugin does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. Exploit shortcode: redirect duration="1"...

5.4CVSS5.6AI score0.00462EPSS
Exploits2
wpexploit
wpexploit
•added 2023/02/28 12:0 a.m.•109 views

HT Event < 1.4.6 - Arbitrary Plugin Activation via CSRF

The plugin does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack activate woocommerce plugin exploit: fetch'http://localhost/wp-admin/admin-ajax.php', method: 'POST', headers: new...

4.3CVSS5.6AI score0.00262EPSS
Exploits2
wpexploit
wpexploit
•added 2023/01/11 12:0 a.m.•109 views

WP Show Posts < 1.1.4 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. 1. Add a new...

5.4CVSS0.2AI score0.00695EPSS
Exploits2
wpexploit
wpexploit
•added 2023/01/04 12:0 a.m.•109 views

AAWP < 3.12.3 - Unsafe URL Handling

The plugin can be used to abuse trusted domains to load malware or other files through it Reflected File Download to bypass firewall rules in companies. wp-content/aawp/public/image.php?url=base64-url will load and download the file from the base64-decoded URL...

7.5CVSS0.9AI score0.00797EPSS
Exploits2
wpexploit
wpexploit
•added 2023/01/02 12:0 a.m.•109 views

Qubely < 1.8.5 - Contributor+ Stored XSS

The plugin does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. Add the following Additional CSS classes to the "Post...

0.5AI score0.00745EPSS
Exploits2
wpexploit
wpexploit
•added 2022/10/17 12:0 a.m.•109 views

WooCommerce Dropshipping < 4.4 - Unauthenticated SQLi

The plugin does not properly sanitise and escape a parameter before using it in a SQL statement via a REST endpoint available to unauthenticated users, leading to a SQL injection curl -isk -X 'POST' -H "Content-Type: application/json" --data '"sku":"a" AND SELECT 42 FROM SELECTSLEEP5wlHd-- pOeU"'...

9.8CVSS1.6AI score0.03686EPSS
Exploits2
wpexploit
wpexploit
•added 2022/09/26 12:0 a.m.•109 views

Drag and Drop Multiple File Upload < 1.3.6.5 - File Upload Size Limit Bypass

The plugin does not properly check for the upload size limit set in forms, taking the value from user input sent when submitting the form. As a result, attackers could control the file length limit and bypass the limit set by admins in the contact form. curl -X POST -F "sizelimit=10485760" -F...

4.3CVSS0.6AI score0.00543EPSS
Exploits2
wpexploit
wpexploit
•added 2022/06/16 12:0 a.m.•109 views

Comment License < 1.4.0 - Arbitrary Settings Update via CSRF

The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack document.getElementById"test".submit;...

4.3CVSS1.3AI score0.00368EPSS
Exploits2
wpexploit
wpexploit
•added 2022/05/09 12:0 a.m.•109 views

Simple Real Estate Pack <= 1.4.8 - Admin+ Stored Cross Site Scripting

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfilteredhtml capability is disallowed Put the following payload in the plugin's settings such as "Consumer Key": "...

4.8CVSS0.9AI score0.00565EPSS
Exploits2
wpexploit
wpexploit
•added 2022/03/21 12:0 a.m.•109 views

Easy Social Icons < 3.2.1 - Unauthenticated Arbitrary Icon Deletion

The plugin does not have authorisation and CSRF checks when deleting icons, allowing unauthenticated user to delete arbitrary icons https://example.com/?cnss-delete=&id=1...

3.4AI score
Exploits0
Total number of security vulnerabilities4359