Lucene search
K
WpexploitMost viewed

4359 matches found

wpexploit
wpexploit
added 2022/06/16 12:0 a.m.107 views

FoxyShop < 4.8.2 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape a parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting https://example.com/wp-admin/edit.php?posttype=foxyshopproduct&page=foxyshoptools&updatetemplate=error&error=...

6.1CVSS0.7AI score0.00661EPSS
Exploits2
wpexploit
wpexploit
added 2022/05/18 12:0 a.m.107 views

Webriti SMTP Mail <= 1.0 - Arbitrary Settings Update via CSRF

The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack document.getElementById"test".submit; document.getElementById"test".submit;...

6.5CVSS0.9AI score0.00513EPSS
Exploits2
wpexploit
wpexploit
added 2022/05/17 12:0 a.m.107 views

Hot Linked Image Cacher <= 1.16 - Image upload/cache abuse via CSRF

The plugin is vulnerable to CSRF. This can be used to store / cache images from external domains on the server, which could lead to legal risks due to copyright violations or licensing rules. document.getElementById"test".submit;...

8.8CVSS0.7AI score0.00609EPSS
Exploits2
wpexploit
wpexploit
added 2022/05/09 12:0 a.m.107 views

Five Minute Webshop <= 1.3.2 - Admin+ SQLi via id

The plugin does not sanitise and escape the id parameter before using it in a SQL statement when editing a product via the admin dashboard, leading to an SQL Injection https://example/wp-admin/admin.php?page=fmweseditproduct&id=1+AND+SELECT+6037+FROM+SELECTSLEEP5Uiuu...

4CVSS1.2AI score0.00764EPSS
Exploits2References1
wpexploit
wpexploit
added 2022/04/25 12:0 a.m.107 views

WP-Invoice <= 4.3.1 - Stored Cross-Site Scripting via CSRF

The plugin does not have CSRF check in place when updating its settings, and is lacking sanitisation as well as escaping in some of them, allowing attacker to make a logged in admin change them and add XSS payload in them ' /...

1AI score0.00266EPSS
Exploits2References1
wpexploit
wpexploit
added 2022/04/12 12:0 a.m.107 views

Themify - Post Type Builder Search Addon < 1.4.0 - Reflected Cross-Site Scripting

The plugin does not properly escape the current page URL before reusing it in a HTML attribute, leading to a reflected cross site scripting vulnerability. On a page or post with a search form, add the following url query parameter: ?%22%3E%3Cscript%3Ealert1%3C/script%3E...

6.1CVSS6.1AI score0.00773EPSS
Exploits2
wpexploit
wpexploit
added 2022/03/11 12:0 a.m.107 views

Material Design for Contact Form 7 <= 2.6.4 - Subscriber+ Arbitrary Settings Update leading to DoS

The plugin does not check authorization or that the option mentioned in the notice param belongs to the plugin when processing requests to the cf7mddismissnotice action, allowing any logged in user with roles as low as Subscriber to set arbitrary options to true, potentially leading to Denial of...

6.5CVSS0.4AI score0.01036EPSS
Exploits2
wpexploit
wpexploit
added 2022/02/21 12:0 a.m.107 views

Cookie Information < 2.0.8 - Reflected Cross-Site Scripting

The plugin does not escape user data before outputting it back in attributes in the admin dashboard, leading to a Reflected Cross-Site Scripting issue https://example.com/wp-admin/admin.php?page=wp-gdpr-compliance&x=%27+onanimationstart%3Dalert%28/XSS/%29+style%3Danimation-name%3Arotation+x...

6.1CVSS1.3AI score0.01601EPSS
Exploits2References1
wpexploit
wpexploit
added 2022/02/21 12:0 a.m.107 views

Master Addons for Elementor < 1.8.2 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape the errormessage parameter before outputting it back in the response of the jltmarestrictcontent AJAX action, available to unauthenticated and authenticated users, leading to a Reflected Cross-Site Scripting " name="errormessage"...

6.1CVSS0.5AI score0.00783EPSS
Exploits2
wpexploit
wpexploit
added 2021/09/20 12:0 a.m.107 views

WP Ticket < 5.10.4 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitize or escape form fields before outputting it in the List, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. Navigate to WP Ticket Forms edit layout of "Open a Ticket" or "Search Tickets"...

4.8CVSS4.8AI score0.00622EPSS
Exploits2
wpexploit
wpexploit
added 2021/08/10 12:0 a.m.107 views

Quiz And Survey Master < 7.1.14 - Reflected Cross-Site Scripting

The plugin does not sanitise or escape the 's' and paged GET parameter before outputting them in attributes, leading to Reflected Cross-Site Scripting issues https://example.com/wp-admin/admin.php?page=mlwquizlist&s="alert/XSS-s/&paged="alert/XSS-paged/...

6.1CVSS0.9AI score0.03515EPSS
Exploits1References1
wpexploit
wpexploit
added 2021/07/24 12:0 a.m.107 views

Email Subscriber <= 1.1 - Unauthenticated Stored Cross-Site Scripting (XSS)

The kentoemailsubscriberajax AJAX action of the plugin, does not properly sanitise, validate and escape the submitted subscribeemail and subscribename POST parameters, inserting them in the DB and then outputting them back in the Subscriber list...

4.3CVSS0.01344EPSS
Exploits2References1
wpexploit
wpexploit
added 2021/05/26 12:0 a.m.107 views

Multivendor Marketplace Solution for WooCommerce < 3.7.4 - Unauthenticated Arbitrary Product Comment

The plugin did not properly check for CSRF when saving a product comment, and took the user ID to link the comment to from user input. As a result, attackers can post arbitrary comment, as another user as well by manipulating the currentuserid parameter. POST / HTTP/1.1 Accept: application/json,...

1.5AI score
Exploits0
wpexploit
wpexploit
added 2021/05/07 12:0 a.m.107 views

DSGVO All in one for WP < 4.0 - Unauthenticated Stored Cross-Site Scripting (XSS)

The dsgvoaiowritelog AJAX action of the plugin did not sanitise or escape some POST parameter submitted before outputting them in the Log page in the administrator dashboard wp-admin/admin.php?page=dsgvoaiofree-show-log. This could allow unauthenticated attackers to gain unauthorised access by...

6.1CVSS0.7AI score0.01186EPSS
Exploits2References1
wpexploit
wpexploit
added 2023/03/20 12:0 a.m.106 views

Simple Giveaways < 2.45.1 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup As admin, add/edit a sharing method "Giveaways"...

4.8CVSS5.3AI score0.00442EPSS
Exploits2
wpexploit
wpexploit
added 2023/02/21 12:0 a.m.106 views

WP OAuth Server < 4.3.0 - Subscriber+ Arbitrary Client Deletion

The plugin has a flawed CSRF and authorisation check when deleting a client, which could allow any authenticated users, such as subscriber to delete arbitrary client. Run the below command in the developer console of the web browser while being on the blog as any authenticated users, such as...

4.3CVSS5.3AI score0.00262EPSS
Exploits2
wpexploit
wpexploit
added 2022/10/28 12:0 a.m.106 views

Spacer < 3.0.7 - Admin+ Stored XSS

The plugin does not sanitize and escapes some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example, in multisite setup. Add new Spacers and add payload "Gem to Setting...

4.8CVSS0.9AI score0.0047EPSS
Exploits2
wpexploit
wpexploit
added 2022/10/10 12:0 a.m.106 views

AWP Classifieds Plugin < 4.3 - Unauthenticated SQLi

The plugin does not properly sanitise and escape some parameters before using them in a SQL statement via an AJAX action available to unauthenticated users and when a specific premium module is active, leading to a SQL injection To read the userlogin and userpass columns from the wpusers table:...

9.8CVSS2.8AI score0.05103EPSS
Exploits2
wpexploit
wpexploit
added 2022/10/03 12:0 a.m.106 views

Bricks Builder < 1.5.4 - Subscriber+ Remote Code Execution

The theme allows website editors to include executable code blocks in their website, which can contain arbitrary PHP code. By default, code execution is intended to be disabled, with website administrators having to explicitly allow code execution for specific user roles. However, due to improper...

8.8CVSS0.5AI score0.01556EPSS
Exploits1
wpexploit
wpexploit
added 2022/09/19 12:0 a.m.106 views

Download Monitor < 4.5.98 - Admin+ Arbitrary File Download

The plugin does not ensure that files to be downloaded are inside the blog folders, and not sensitive, allowing high privilege users such as admin to download the wp-config.php or /etc/passwd even in an hardened environment or multisite setup. Create a new download on:...

4.9CVSS0.8AI score0.00859EPSS
Exploits2
wpexploit
wpexploit
added 2022/06/02 12:0 a.m.106 views

HTML2WP <= 1.0.0 - Subscriber+ Arbitrary File Deletion

The plugin does not have authorisation and CSRF checks in an AJAX action, available to any authenticated users such as subscriber, which could allow them to delete arbitrary file To delete the license.txt at the root of the blog: await...

8.1CVSS0.4AI score0.00532EPSS
Exploits2
wpexploit
wpexploit
added 2022/05/31 12:0 a.m.106 views

CURCY < 2.1.18 - Reflected Cross-Site Scripting

The plugin does not escape some generated URLs before outputting them back in attributes, leading to Reflected Cross-Site Scripting https://example.com/wp-admin/admin.php?page=wc-reports&a"alert/XSS/...

0.1AI score
Exploits0
wpexploit
wpexploit
added 2022/04/19 12:0 a.m.106 views

Advanced Uploader <= 4.2 - Subscriber+ Arbitrary File Upload

The plugin allows any authenticated users like subscriber to upload arbitrary files, such as PHP, which could lead to RCE As any authenticated user, upload a PHP file via /wp-admin/upload.php?page=adv-file-upload The file will be at https://example.com/wp-content/uploads/2022/03/.php...

8.8CVSS0.7AI score0.14977EPSS
Exploits5
wpexploit
wpexploit
added 2022/04/13 12:0 a.m.106 views

WP Social Buttons <= 2.2 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. Put the following payload in the Delay Time General Settings or Top Margin Advanced Settings of the...

4.8CVSS0.2AI score0.00577EPSS
Exploits2
wpexploit
wpexploit
added 2022/03/30 12:0 a.m.106 views

Clipr <= 1.2.3 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape its API Key settings before outputting it in an attribute, leading to a Stored Cross-Site Scripting issue even when the unfilteredhtml capability is disallowed Put the following payload in the API Key settings of the plugin: 'alert/XSS/ The XSS will be...

4.8CVSS4.8AI score0.00955EPSS
Exploits2References1
wpexploit
wpexploit
added 2021/12/30 12:0 a.m.106 views

Link Library < 7.2.8 - Unauthenticated Arbitrary Links Deletion

The plugin does not have authorisation in place when deleting links, allowing unauthenticated users to delete arbitrary links via a crafted request https://example.com/?posttype=linklibrarylinks&ll60reupdate=1...

7.5CVSS4.1AI score0.01196EPSS
Exploits2
wpexploit
wpexploit
added 2021/07/24 12:0 a.m.106 views

Simple Events Calendar <= 1.4.0 - Authenticated (admin+) SQL Injection

The plugin does not sanitise, validate or escape the eventid POST parameter before using it in a SQL statement when deleting events, leading to an authenticated SQL injection issue POST /wp-admin/admin.php?page=simple-events&tab=existingevents HTTP/1.1 Content-Length: 33 Cache-Control: max-age=0...

6.5CVSS1.5AI score0.01578EPSS
Exploits2References1
wpexploit
wpexploit
added 2021/03/29 12:0 a.m.106 views

Virtual Robots.txt < 1.10 - Authenticated Stored Cross-Site Scripting (XSS)

The plugin did not sanitise the content of the robots.txt, allowing high privilege users admin+ to use XSS payloads, which will be output back in the settings page of the plugin. Put the following directive in the plugin settings "User Agents and Directives for this site" Disallow:...

0.4AI score0.01669EPSS
Exploits1References1
wpexploit
wpexploit
added 2021/03/26 12:0 a.m.106 views

WP-Curricul Vitea Free <= 6.3 - Unauthenticated Arbitrary File Upload to RCE

The plugin suffers from an arbitrary file upload issue in page where the formCadastro is embed. The form allows unauthenticated user to register and submit files for their profile picture as well as resume, without any file extension restriction, leading to RCE. The PoC will be displayed once the...

7.5CVSS1.1AI score0.02426EPSS
Exploits2References1
wpexploit
wpexploit
added 2021/03/15 12:0 a.m.106 views

Tutor LMS < 1.8.3 - SQL Injection via tutor_quiz_builder_get_question_form

The tutorquizbuildergetquestionform AJAX action from the plugin was vulnerable to UNION based SQL injection that could be exploited by students. python3 sqlmap.py -r /tutorunion4.txt --dbms=mysql --technique=U -p questionid --dump Where tutorunion4.txt is POST /wp-admin/admin-ajax.php HTTP/1.1...

4CVSS1.2AI score0.01742EPSS
Exploits2References1
wpexploit
wpexploit
added 2021/03/15 12:0 a.m.106 views

Tutor LMS < 1.7.7 - SQL Injection via tutor_mark_answer_as_correct

The tutormarkanswerascorrect AJAX action from the plugin was vulnerable to blind and time based SQL injections that could be exploited by students. python3 sqlmap.py -r /tutortime.txt --dbms=mysql --technique=T -p answerid --dump Where tutortime.txt is POST /wp-admin/admin-ajax.php HTTP/1.1 Host:...

4CVSS1AI score0.01253EPSS
Exploits2References1
wpexploit
wpexploit
added 2023/04/12 12:0 a.m.105 views

ChatBot < 4.4.9 - Unauthenticated Stored XSS

The plugin does not have authorisation and CSRF in a function hooked to init, allowing unauthenticated users to update some settings, leading to Stored XSS due to the lack of escaping when outputting them in the admin dashboard curl -X POST --data 'qcbotstrweight=" style=animation-name:rotation...

6.1CVSS6AI score0.00269EPSS
Exploits2
wpexploit
wpexploit
added 2023/03/22 12:0 a.m.105 views

Woo Bulk Price Update < 2.2.2 - Reflected XSS

The plugin does not sanitize and escape escape the page parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin Make a logged in admin open...

5.4CVSS5.3AI score0.00887EPSS
Exploits2References1
wpexploit
wpexploit
added 2023/02/28 12:0 a.m.105 views

QuickSwish < 1.1.0 - Arbitrary Plugin Activation via CSRF

The plugin does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack activate woocommerce plugin exploit: fetch'/wp-admin/admin-ajax.php', method: 'POST', headers: new Headers...

4.3CVSS5.6AI score0.00252EPSS
Exploits2
wpexploit
wpexploit
added 2023/01/11 12:0 a.m.105 views

GamiPress – Vimeo integration < 1.0.9 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. gamipressvimeo url='https://vimeo.com/"...

5.4CVSS0.9AI score0.00695EPSS
Exploits2
wpexploit
wpexploit
added 2023/01/06 12:0 a.m.105 views

Posts List Designer by Category < 3.2 - Contributor+ Stored XSS via Shortcode

The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. Exploit...

5.4CVSS1.7AI score0.00471EPSS
Exploits2
wpexploit
wpexploit
added 2022/12/05 12:0 a.m.105 views

Contest Gallery < 19.1.5 - Author+ SQL Injection

The plugins do not escape the cgcopyid POST parameter before concatenating it to an SQL query in cg-copy-comments.php and cg-copy-rating.php. This may allow malicious users with at least author privilege to leak sensitive information from the site's database. POST...

6.5CVSS0.7AI score0.00911EPSS
Exploits2References1
wpexploit
wpexploit
added 2022/12/02 12:0 a.m.105 views

Workreap < 2.6.4 - Subscriber+ Arbitrary Posts Deletion via IDOR

The theme does not verify that an addon service belongs to the user issuing the request, or indeed that it is an addon service, when processing the workreapaddonsserviceremove action, allowing any user to delete any post by knowing or guessing the id. POST /testt/wp-admin/admin-ajax.php HTTP/2...

6.5CVSS2.4AI score0.00593EPSS
Exploits2
wpexploit
wpexploit
added 2022/10/17 12:0 a.m.105 views

FluentForm < 4.3.13 - CSV Injection

The plugin does not validate and escape fields when exporting form entries as CSV, leading to a CSV injection - As unauthenticated, submit a form using =5+5 as value in any field - As admin, export the data as CSV /wp-admin/admin.php?page=fluentforms&formid=1&route=entries - open the CSV with a...

9.8CVSS0.5AI score0.01231EPSS
Exploits2
wpexploit
wpexploit
added 2022/10/10 12:0 a.m.105 views

WP Contact Slider < 2.4.8 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitize and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. Create/edit a Contact slider and put the payload below in the "Text to display" option:...

4.8CVSS0.4AI score0.00532EPSS
Exploits2
wpexploit
wpexploit
added 2022/10/10 12:0 a.m.105 views

Official Integration for Billingo < 3.4.0 - ShopManager+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users with a role as low as Shop Manager to perform Stored Cross-Site Scripting attacks. Put the following payload in the WooCommerce Settings Billingo E-mail Beállítások Gomb szöveg field in the table:...

4.8CVSS0.3AI score0.0047EPSS
Exploits2
wpexploit
wpexploit
added 2022/05/09 12:0 a.m.105 views

Note Press <= 0.1.10 - Admin+ SQLi via Update

The plugin does not sanitise and escape the Update parameter before using it in a SQL statement when updating a note via the admin dashboard, leading to an SQL injection POST /wp-admin/admin.php?page=NotePress-Main-Menu&action=edit&id=17 HTTP/1.1 Accept:...

4CVSS0.8AI score0.00764EPSS
Exploits2References1
wpexploit
wpexploit
added 2022/03/14 12:0 a.m.105 views

Dropdown Menu Widget <= 1.9.7 - Subscriber+ Arbitrary Settings Update to Stored XSS

The plugin does not have authorisation and CSRF checks when saving its settings, allowing low privilege users such as subscriber to update them. Due to the lack of sanitisation and escaping, it could also lead to Stored Cross-Site Scripting issues Open the following URL as a subscriber:...

5.4CVSS0.3AI score0.00595EPSS
Exploits2
wpexploit
wpexploit
added 2022/01/25 12:0 a.m.105 views

Simple Membership < 4.0.9 - Arbitrary Member Deletion via CSRF

The plugin does not have CSRF check when deleting members in bulk, which could allow attackers to make a logged in admin delete them via a CSRF attack https://example.com/wp-admin/admin.php?page=simplewpmembership&action=bulkdelete&members%5B0%5D=1&members%5B1%5D=2...

4.7CVSS3.4AI score0.00464EPSS
Exploits2References1
wpexploit
wpexploit
added 2022/01/06 12:0 a.m.105 views

RVM - Responsive Vector Maps < 6.4.2 - Subscriber+ Arbitrary File Read

The plugin does not have proper authorisation, CSRF checks and validation of the rvmuploadregionsfilepath parameter in the rvmimportregions AJAX action, allowing any authenticated user, such as subscriber, to read arbitrary files on the web server As a subscriber, open...

6.5CVSS0.9AI score0.03005EPSS
Exploits2
wpexploit
wpexploit
added 2021/08/13 12:0 a.m.105 views

Skaut bazar < 1.3.3 - Reflected Cross-Site Scripting

The plugin is vulnerable to Reflected Cross-Site Scripting due to the use of $SERVER'PHPSELF' in the /skaut-bazar.php file which allows attackers to inject arbitrary web scripts https://example.com/wp-admin/options-general.php/"alert/XSS//?page=skatubazaroption...

6.1CVSS2.4AI score0.02446EPSS
Exploits2References1
wpexploit
wpexploit
added 2021/04/12 12:0 a.m.105 views

WP Login Security and History <= 1.0 - CSRF to Stored Cross-Site Scripting (XSS)

The plugin did not have CSRF check when saving its settings, not any sanitisation or validation on them. This could allow attackers to make logged in administrators change the plugin's settings to arbitrary values, and set XSS payloads on them as well -- Payloads: $ " $ " -- PoC 1 | Authenticated...

0.7AI score0.00614EPSS
Exploits2References3
wpexploit
wpexploit
added 2020/12/02 12:0 a.m.105 views

Profile Builder & Profile Builder Pro < 3.3.3 - Authenticated Blind SQL Injection

The orderby parameter of the wp-admin/users.php?page=unconfirmedemails=email=asc page, which is available when the "Email confirmation" setting of the plugin is activated default is off, is not properly sanitised and validated before being concatenated in a SQL statement, leading to an SQL...

0.4AI score
Exploits0References1
wpexploit
wpexploit
added 2023/03/28 12:0 a.m.104 views

MS-Reviews <= 1.5 - Subscriber+ Stored XSS

The plugin does not sanitise and escape reviews, which could allow users any authenticated users, such as Subscribers to perform Stored Cross-Site Scripting attacks As a subscriber, submit a review a page/post with msreviews embed with the following payload: alert/XSS/ The XSS will be triggered...

5.4CVSS5.6AI score0.00441EPSS
Exploits2
wpexploit
wpexploit
added 2023/02/28 12:0 a.m.104 views

WP Insurance < 2.1.4 - Arbitrary Plugin Activation via CSRF

The plugin does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack activate woocommerce plugin exploit: fetch'http://localhost/wp-admin/admin-ajax.php', method: 'POST', headers: new...

6.5CVSS6.9AI score0.00307EPSS
Exploits2
Total number of security vulnerabilities4359