Lucene search
K
WpexploitMost viewed

4359 matches found

wpexploit
wpexploit
•added 2022/02/21 12:0 a.m.•109 views

SEO 301 Meta <= 1.9.1 - Admin+ Stored Cross-Site Scripting

The plugin does not escape its Request and Destination settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed Put the following payload in the Request or Destination settings of the plugin: "...

4.8CVSS1.5AI score0.00588EPSS
Exploits2
wpexploit
wpexploit
•added 2022/02/21 12:0 a.m.•109 views

Patreon WordPress < 1.8.2 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape the field "Custom Patreon Page name", which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed Put the following payload in the "Custom Patreon Page name" setting of the plugin and...

5.5CVSS0.3AI score0.00689EPSS
Exploits2References1
wpexploit
wpexploit
•added 2022/02/15 12:0 a.m.•109 views

Advanced Product Labels for WooCommerce < 1.2.3.7 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape the taxcolorsettype parameter before outputting it back in the berocketaplcolorlistener AJAX action's response, leading to a Reflected Cross-Site Scripting As any authenticated user: ' name="taxcolorsettype"...

6.1CVSS6.2AI score0.00863EPSS
Exploits2References1
wpexploit
wpexploit
•added 2021/10/04 12:0 a.m.•109 views

Easy PayPal Buy Now Button < 1.7.3 - CSRF to Stored Cross-Site Scripting

The plugin does not have CSRF check in place when saving its settings, and does not sanitise as well as escape them when output in the page. As a result, an attacker could make a logged in admin change them via. CSRF attack and perform Cross-Site Scripting attacks. The plugin also fixed a Reflect...

6AI score
Exploits0References1
wpexploit
wpexploit
•added 2021/06/30 12:0 a.m.•109 views

Woocommerce Tabs Plugin, Add Custom Product Tabs <= 1.0.1 - Arbitrary Tab Deletion/Edition via CSRF

The plugin does not properly check for CSRF in its tabsession, tabsessiondel, tabsessionedit and ptabsubmit AJAX actions, allowing attacker to make logged in user call them via a CSRF attack To delete a tab:...

0.9AI score
Exploits0
wpexploit
wpexploit
•added 2021/04/26 12:0 a.m.•109 views

Store Locator Plus <= 5.5.14 - Authenticated Privilege Escalation

There is functionality in the plugin that made it possible for authenticated users to update their user meta data to become an administrator on any site using the plugin. Partially unpatched because they added CSRF protection that technically blocks low-level users from using the endpoint, howeve...

6.5CVSS1.2AI score0.01149EPSS
Exploits1References1
wpexploit
wpexploit
•added 2021/04/12 12:0 a.m.•109 views

WP Super Cache < 1.7.3 - Authenticated Stored Cross-Site Scripting (XSS)

The plugin did not properly sanitise its wpcachelocation parameter in its settings, which could lead to a Stored Cross-Site Scripting issue. -- Payloads: $ ";' onmouseover=alertdocument.cookie; style=position:fixed;width:100%;height:100%;margin:0;padding:0;left:0;top:0; $ ";'...

0.1AI score0.03302EPSS
Exploits2References1
wpexploit
wpexploit
•added 2021/03/15 12:0 a.m.•109 views

Tutor LMS < 1.8.3 - SQL Injection via tutor_answering_quiz_question/get_answer_by_id

The tutoransweringquizquestion/getanswerbyid function pair from the plugin was vulnerable to UNION based SQL injection that could be exploited by students. POST /courses/first-class/tutorquiz/test/ HTTP/1.1 Host: URL Content-Length: 413 Cache-Control: max-age=0 Upgrade-Insecure-Requests: 1 Origin...

4CVSS1.1AI score0.01253EPSS
Exploits2References1
wpexploit
wpexploit
•added 2020/02/19 12:0 a.m.•109 views

Duplicator 1.3.24 & 1.3.26 - Unauthenticated Arbitrary File Download

The issue is being actively exploited, and allows attackers to download arbitrary files, such as the wp-config.php file. According to the vendor, the vulnerability was only in two versions v1.3.24 and v1.3.26, the vulnerability wasn't present in versions 1.3.22 and before...

5CVSS4.1AI score0.97822EPSS
Exploits11References5
wpexploit
wpexploit
•added 2023/09/25 12:0 a.m.•108 views

User Activity Log Pro < 2.3.4 - Unauthenticated Stored Cross-Site Scripting via User Agent

Description The plugin does not properly escape recorded User-Agents in the user activity logs dashboard, which may allow visitors to conduct Stored Cross-Site Scripting attacks. 1 Make sure the plugin's Enable User Agent For Log setting is set at /wp-admin/admin.php?page=ualpsettings 2 If you're...

5.4CVSS5.3AI score0.00394EPSS
Exploits2
wpexploit
wpexploit
•added 2023/04/17 12:0 a.m.•108 views

Post Shortcode <= 2.0.9 - Contributor+ Stored Cross-Site Scripting

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks pcs template='" onmouseover="alert1"...

5.4CVSS7.8AI score0.00448EPSS
Exploits2
wpexploit
wpexploit
•added 2023/02/28 12:0 a.m.•108 views

Free WooCommerce Theme 99fy Extension < 1.2.8 - Arbitrary Plugin Activation via CSRF

Description The plugin does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack activate woocommerce plugin exploit: fetch'http://localhost/wp-admin/admin-ajax.php', method: 'POST',...

4.3CVSS5.1AI score0.00252EPSS
Exploits2
wpexploit
wpexploit
•added 2023/02/28 12:0 a.m.•108 views

OAuth Single Sign On - SSO (OAuth Client) Premium < 38.4.9 - IdP Deletion via CSRF

The plugin does not have CSRF checks when deleting Identity Providers IdP, which could allow attackers to make logged in admins delete arbitrary IdP via a CSRF attack https://example.com/wp-admin/admin.php?page=mooauthsettings&tab=config&action=delete&app=wordpress...

6.5CVSS6.8AI score0.00442EPSS
Exploits5
wpexploit
wpexploit
•added 2023/01/10 12:0 a.m.•108 views

Strong Testimonials < 3.0.3 - Contributor+ Stored XSS via Shortcode

The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. Exploit:...

5.4CVSS2.2AI score0.00649EPSS
Exploits2
wpexploit
wpexploit
•added 2022/12/23 12:0 a.m.•108 views

Easy Accordion < 2.2.0 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. Exploit...

5.4CVSS0.5AI score0.00534EPSS
Exploits2
wpexploit
wpexploit
•added 2022/12/23 12:0 a.m.•108 views

Welcart e-Commerce < 2.8.9 - Contributor+ Stored XSS via Shortcode

The plugin does not validate and escapes one of its shortcode attributes, which could allow users with a role as low as a contributor to perform a Stored Cross-Site Scripting attack. 1. Add a product item to the plugin. The item name, for example, "first". You will also use this in the shortcode...

5.4CVSS0.9AI score0.00471EPSS
Exploits2
wpexploit
wpexploit
•added 2022/12/22 12:0 a.m.•108 views

Font Awesome < 4.3.2 - Contributor+ Stored XSS

The plugin does not validate and escapes some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as a contributor to perform Stored Cross-Site Scripting attacks against logged-in admins. Exploit shortcode: icon name='circle-exclamation'...

5.4CVSS1.2AI score0.00471EPSS
Exploits2
wpexploit
wpexploit
•added 2022/12/20 12:0 a.m.•108 views

Metricool < 1.18 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. 1. In the settings page of the plugin, add the...

4.8CVSS0.2AI score0.0047EPSS
Exploits2
wpexploit
wpexploit
•added 2022/12/19 12:0 a.m.•108 views

Mautic Integration For WooCommerce < 1.0.3 - Arbitrary Options Update via CSRF

The plugin does not have proper CSRF check when updating settings, and does not ensure that the options to be updated belong to the plugin, allowing attackers to make a logged in admin change arbitrary blog options via a CSRF attack. The attack could also be performed via a LFI if one is present ...

4.3CVSS0.5AI score0.00308EPSS
Exploits2
wpexploit
wpexploit
•added 2022/12/05 12:0 a.m.•108 views

Contest Gallery < 19.1.5 - Author+ SQL Injection

The plugins do not escape the cgorder POST parameter before concatenating it to an SQL query in order-custom-fields-with-and-without-search.php. This may allow malicious users with at least author privilege to leak sensitive information from the site's database. POST /wp-admin/admin-ajax.php...

6.5CVSS0.2AI score0.00854EPSS
Exploits2References1
wpexploit
wpexploit
•added 2022/12/05 12:0 a.m.•108 views

Contest Gallery < 19.1.5 - Author+ SQL Injection

The plugins do not escape the cgmultiplefilesforpost POST parameter before concatenating it to an SQL query in 0change-gallery.php. This may allow malicious users with at least author privilege to leak sensitive information from the site's database. POST /wp-admin/admin-ajax.php HTTP/1.1 Host:...

6.5CVSS0.1AI score0.00854EPSS
Exploits2References1
wpexploit
wpexploit
•added 2022/10/18 12:0 a.m.•108 views

Chat Bubble < 2.3 - Unauthenticated Stored Cross-Site Scripting

The plugin does not sanitise and escape some contact parameters, which could allow unauthenticated attackers to set Stored Cross-Site Scripting payloads in them, which will trigger when an admin view the related contact message Setup: - In the General Settings of the plugin, check the "Show Chat...

6.1CVSS0.1AI score0.00526EPSS
Exploits2
wpexploit
wpexploit
•added 2022/06/16 12:0 a.m.•108 views

Shortcut Macros <= 1.3 - Subscriber+ Arbitrary Settings Update

The plugin does not have authorisation and CSRF checks in place when updating its settings, which could allow any authenticated users, such as subscriber, to update them. Open the following HTML code while being logged in as a subscriber, or make any logged in user open it via a CSRF attack...

4.3CVSS0.4AI score0.00305EPSS
Exploits2
wpexploit
wpexploit
•added 2022/05/30 12:0 a.m.•108 views

WP-Email < 2.69.0 - Anti-Spam Protection Bypass via IP Spoofing

The plugin prioritizes getting a visitor's IP from certain HTTP headers over PHP's REMOTEADDR, which makes it possible to bypass IP-based anti-spamming restrictions. Set HTTPCLIENTIP, HTTPXFORWARDEDFOR or any of the other headers used in getipaddress. curl...

7.5CVSS1.5AI score0.01105EPSS
Exploits2
wpexploit
wpexploit
•added 2022/05/09 12:0 a.m.•108 views

Note Press <= 0.1.10 - Admin+ SQLi via Bulk Actions

The plugin does not sanitise and escape the ids from the bulk actions before using them in a SQL statement in an admin page, leading to an SQL injection...

4CVSS1.9AI score0.00764EPSS
Exploits2References1
wpexploit
wpexploit
•added 2022/04/18 12:0 a.m.•108 views

Popup by Supsystic < 1.10.9 - Unauthenticated Subscriber Email Addresses Disclosure

The plugin does not have any authentication and authorisation in an AJAX action, allowing unauthenticated attackers to call it and get the email addresses of subscribed users POST /wp-admin/admin-ajax.php HTTP/1.1 Content-Length: 104 Accept: application/json, text/javascript, /; q=0.01...

5.3CVSS0.7AI score0.02869EPSS
Exploits2
wpexploit
wpexploit
•added 2022/03/02 12:0 a.m.•108 views

Coupon Affiliates < 4.16.4.5 - Unauthenticated Stored XSS

The plugin does not have authorization and CSRF checks on a specific action handler, as well as does not sanitize its settings, which enables an unauthenticated attacker to inject malicious XSS payloads into the settings page of the plugin. curl https://example.com/wp-admin/admin-ajax.php --data...

6.1CVSS1.1AI score0.00852EPSS
Exploits2
wpexploit
wpexploit
•added 2022/02/01 12:0 a.m.•108 views

Cost Calculator <= 1.8 - Authenticated Local File Inclusion

The plugin allows authenticated users Contributor+ in versions 1.5, and Admin+ in versions = 1.8 to perform path traversal and local PHP file inclusion on Windows Web Servers via the Cost Calculator post's Layout As a contributor, create a Cost Calculator post, set the Layout to...

6.5CVSS0.2AI score0.03EPSS
Exploits2
wpexploit
wpexploit
•added 2022/01/19 12:0 a.m.•108 views

AnyComment < 0.2.18 - Comment Rating Increase/Decrease via Race Condition

The plugin is affected by a race condition when liking/disliking a comment/reply, which could allow any authenticated user to quickly raise their rating or lower the rating of other users https://www.youtube.com/watch?v=0IqZL-slt00 1. Make a new comment 2. Like your comment and intercept it using...

3.5CVSS0.4AI score0.00487EPSS
Exploits2
wpexploit
wpexploit
•added 2021/12/21 12:0 a.m.•108 views

Five Star Restaurant Reservations < 2.4.8 - Subscriber+ Stored Cross-Site Scripting

The plugin does not have capability and CSRF checks in the rtbwelcomesetschedule AJAX action, allowing any authenticated users to call it. Due to the lack of sanitisation and escaping, users with a role as low as subscriber could perform Cross-Site Scripting attacks against logged in admins As a...

5.4CVSS0.1AI score0.00607EPSS
Exploits2
wpexploit
wpexploit
•added 2021/12/20 12:0 a.m.•108 views

ACF Photo Gallery Field < 1.7.5 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape the post parameter in the includes/acfphotogallerymetaboxedit.php file before outputing back in an attribute, leading to a Reflected Cross-Site Scripting issue...

6.1CVSS1.8AI score0.008EPSS
Exploits2
wpexploit
wpexploit
•added 2021/06/29 12:0 a.m.•108 views

Multiple Plugins from AYS Pro - Reflected Cross-Site Scripting (XSS)

The plugins did not properly sanitise and escape some GET parameters before outputting them back in attributes, leading to reflected Cross-Site Scripting issues which will be executed in the context of a logged in administrator...

1.3AI score
Exploits0
wpexploit
wpexploit
•added 2021/04/30 12:0 a.m.•108 views

Download Manager < 3.1.23 - Unauthorised Asset Manager Usage

The majority of the AJAX actions related to the Asset Manager use the same nonce action ie the NONCEKEY constant, and are lacking any authorisation checks. Given that the nonce is available in other pages, accessible by low priviledge users such as author, or even subscribers depending on the...

7.2AI score
Exploits0
wpexploit
wpexploit
•added 2021/04/11 12:0 a.m.•108 views

Business Directory Plugin < 5.11.1 - Arbitrary Add/Edit/Delete Form Field to Stored XSS

The plugin suffered from Cross-Site Request Forgery issues, allowing an attacker to make a logged in administrator add, edit or delete form fields, which could also lead to Stored Cross-Site Scripting issues. Note WPScanTeam: The CSRF has ben fixed and proper capability checks have also been adde...

6.8CVSS8.1AI score0.00672EPSS
Exploits2
wpexploit
wpexploit
•added 2020/10/21 12:0 a.m.•108 views

Loginizer < 1.6.4 - Unauthenticated SQL Injection

The Loginizer WordPress plugin was found to be affected by an Unauthenticated SQL Injection vulnerability found by the security researcher mslavco. The vulnerability was triggered within the brute force protection functionality, which was enabled by default when the plugin was first installed. Wh...

7.5CVSS0.5AI score0.53619EPSS
Exploits4References4
wpexploit
wpexploit
•added 2023/05/15 12:0 a.m.•107 views

Stop Spammers Security < 2023 - Reflected XSS

The plugin does not sanitise and escape various parameters before outputting them back in admin dashboard pages, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin Make a logged in admin open a page containing the code below...

6.1CVSS5.7AI score0.00522EPSS
Exploits2
wpexploit
wpexploit
•added 2023/03/06 12:0 a.m.•107 views

Multiple e-plugins - Subscriber+ Privilege Escalation

The plugins, sold by the same developer e-plugins, do not implementing any security measures in some AJAX calls. For example in the file plugin.php, the function ivdirectoriesupdateprofilesetting uses updateusermeta with any data provided by the ajax call, which can be used to give the logged in...

8.8CVSS8.6AI score0.00905EPSS
Exploits2References1
wpexploit
wpexploit
•added 2023/01/06 12:0 a.m.•107 views

WP Social Widget < 2.2.4 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. wpsw facebook='" onmouseover="alert1"'...

5.4CVSS2AI score0.00534EPSS
Exploits2
wpexploit
wpexploit
•added 2023/01/06 12:0 a.m.•107 views

WP Extended Search < 2.1.2 - Contributor+ Stored XSS via Shortcode

The plugin does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack. Exploit shortcode: wpessearchform searchformcssclass='" onmouseover="alert1"'...

5.4CVSS1.9AI score0.00484EPSS
Exploits2
wpexploit
wpexploit
•added 2022/12/21 12:0 a.m.•107 views

JetWidgets For Elementor < 1.0.14 - Contributor+ Stored XSS via Shortcode

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks jw-posts showimage='yes'...

5.4CVSS1.5AI score0.00477EPSS
Exploits2
wpexploit
wpexploit
•added 2022/12/17 12:0 a.m.•107 views

Bg Bible References <= 3.8.14 - Reflected XSS

The plugin does not sanitize and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting. Steps to reproduce: 1. Install the vulnerable plugin bg-biblie-references 3.18.4 2. As an unauthenticated or authenticated user, visit the following URL which...

6.1CVSS0.00551EPSS
Exploits2
wpexploit
wpexploit
•added 2022/12/05 12:0 a.m.•107 views

Contest Gallery < 19.1.5.1 - Unauthenticated SQL Injection

The plugins do not escape the userid POST parameter before concatenating it to an SQL query in ajax-functions-backend.php. This may allow malicious users with at least author privilege to leak sensitive information from the site's database. POST /wp-admin/admin-ajax.php HTTP/1.1 Host:...

7.5CVSS0.6AI score0.0092EPSS
Exploits2References1
wpexploit
wpexploit
•added 2022/12/05 12:0 a.m.•107 views

Contest Gallery < 19.1.5 - Unauthenticated SQL Injection

The plugins do not escape the cgFields POST parameter before concatenating it to an SQL query in users-registry-check-registering-and-login.php. This may allow malicious visitors to leak sensitive information from the site's database. POST /wp-admin/admin-ajax.php HTTP/1.1 Host: localhost:8080...

7.5CVSS0.1AI score0.00882EPSS
Exploits2References1
wpexploit
wpexploit
•added 2022/11/03 12:0 a.m.•107 views

reCAPTCHA <= 1.6 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. 1. On the setting page of this plugin, enter the...

4.8CVSS0.6AI score0.00532EPSS
Exploits2
wpexploit
wpexploit
•added 2022/09/05 12:0 a.m.•107 views

Scripts Organizer < 3.0 - Unauthenticated Arbitrary File Upload

The plugin does not have capability and CSRF checks in the saveScript AJAX action, available to both unauthenticated and authenticated users, and does not validate user input in any way, which could allow unauthenticated users to put arbitrary PHP code in a file POST /wp-admin/admin-ajax.php...

8.8CVSS1.1AI score0.00457EPSS
Exploits2References1
wpexploit
wpexploit
•added 2022/08/08 12:0 a.m.•107 views

WP Hide & Security Enhancer < 1.8 - Reflected Cross-Site Scripting

The plugin does not escape a parameter before outputting it back in an attribute of a backend page, leading to a Reflected Cross-Site Scripting http://example.com/wp-admin/admin.php?page=wp-hide-cdn&component=%22+style%3Danimation-name%3Arotation+onanimationstart%3Dalert%28/XSS/%29+x...

6.1CVSS0.4AI score0.0055EPSS
Exploits2
wpexploit
wpexploit
•added 2022/08/01 12:0 a.m.•107 views

Social Slider Feed < 2.0.5 - Subscriber+ Arbitrary API Key Update to Stored XSS

The plugin does not have authorisation and CSRF check in place when saving the YouTube API Key, and does not sanitise as well as escape it. As a result, users with a role as low as subscriber could change it, including setting it with Stored Cross-Site Scripting payloads in it As any authenticate...

6.5AI score
Exploits0
wpexploit
wpexploit
•added 2022/07/04 12:0 a.m.•107 views

Name Directory < 1.25.4 - Arbitrary Directory/Name Deletion via CSRF

The plugin does not have CSRF checks in place when deleting Directories and Names, which could allow attackers to make a logged in admin delete them via a CSRF attack https://example.com/wp-admin/admin.php?page=name-directory&deletedir=2...

4.3AI score
Exploits0
wpexploit
wpexploit
•added 2022/07/04 12:0 a.m.•107 views

NextScripts: Social Networks Auto-Poster < 4.3.26 - Reflected Cross-Site Scripting

The plugin does not escape a generated URL before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting https://example.com/wp-admin/admin.php?page=nxssnap&a"alert/XSS/...

0.3AI score
Exploits0
wpexploit
wpexploit
•added 2022/06/21 12:0 a.m.•107 views

Brizy Page Builder < 2.4.2 - Contributor+ Stored Cross-Site Scripting via Element Content

The plugin does not sanitise and escape some element content, which could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks As a contributor or above, create a post using Brizy editor and: - Add a Text Element then put the following payload:...

5.4CVSS0.00644EPSS
Exploits2References1
Total number of security vulnerabilities4359