Lucene search
K
WpexploitMost viewed

4359 matches found

wpexploit
wpexploit
added 2023/02/06 12:0 a.m.104 views

GigPress <= 2.3.28 - Subscriber+ SQLi

The plugin does not validate and escape some of its shortcode attributes before using them in SQL statement/s, which could allow any authenticated users, such as subscriber to perform SQL Injection attacks Run the below commands in the developer console of the web browser while being on the blog ...

8.8CVSS9.2AI score0.01301EPSS
Exploits2
wpexploit
wpexploit
added 2023/01/13 12:0 a.m.104 views

Happyforms < 1.22.0 - Contributor+ Stored XSS

The plugin does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. Exploit Additional CSS classes for "Forms" Gutenberg...

5.4CVSS0.3AI score0.00496EPSS
Exploits2
wpexploit
wpexploit
added 2023/01/11 12:0 a.m.104 views

Vimeo Video Autoplay Automute <= 1.0 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. vimeo clipid="1" color="'...

5.4CVSS2.6AI score0.0055EPSS
Exploits2
wpexploit
wpexploit
added 2022/12/05 12:0 a.m.104 views

Welcart e-Commerce < 2.8.6 - Subscriber+ PHAR Deserialisation

The plugin does not validate user input before using it in fileexist functions via various AJAX actions available to any authenticated users, which could allow users with a role as low as subscriber to perform PHAR deserialisation when they can upload a file and a suitable gadget chain is present...

8.8CVSS0.01073EPSS
Exploits2
wpexploit
wpexploit
added 2022/09/19 12:0 a.m.104 views

Simple File List < 4.4.12 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup First Stored XSS - HTTP Request POST...

4.8CVSS0.0047EPSS
Exploits2
wpexploit
wpexploit
added 2022/05/17 12:0 a.m.104 views

WP Athletics <= 1.1.7 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape a parameter before outputting back in an admin page, leading to a Reflected Cross-Site Scripting...

6.1CVSS0.8AI score0.00757EPSS
Exploits2
wpexploit
wpexploit
added 2022/01/31 12:0 a.m.104 views

Blackhole for Bad Bots < 3.3.2 - Arbitrary IP Address Blocking via IP Spoofing

The plugin uses headers such as CF-CONNECTING-IP, CLIENT-IP etc to determine the IP address of requests hitting the blackhole URL, which allows them to be spoofed. This could result in blocking arbitrary IP addresses, such as legitimate/good search engine crawlers / bots. This could also be abuse...

9.1CVSS0.2AI score0.01645EPSS
Exploits2References1
wpexploit
wpexploit
added 2022/01/26 12:0 a.m.104 views

StatCounter < 2.0.7 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape the Project ID and Secure Code settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed Put the following payload in the Project ID or Secure Code settings...

4.8CVSS0.8AI score0.00637EPSS
Exploits2References1
wpexploit
wpexploit
added 2022/01/05 12:0 a.m.104 views

Rearrange Woocommerce Products < 3.0.8 - Subscriber+ SQL Injection

The plugin does not have proper access controls in the saveallorder AJAX action, nor validation and escaping when inserting user data in SQL statement, leading to an SQL injection, and allowing any authenticated user, such as subscriber, to modify arbitrary post content for example with an XSS...

6.5CVSS1.1AI score0.00889EPSS
Exploits2
wpexploit
wpexploit
added 2021/12/23 12:0 a.m.104 views

Protect WP Admin < 3.6.2 - Unauthenticated Plugin Deactivation

The plugin does not check for authorisation in the lib/pwa-deactivate.php file, which could allow unauthenticated users to disable the plugin and therefore the protection offered via a crafted request v 3.6 - https:/example.com/wp-content/plugins/protect-wp-admin/lib/pwa-deactivate.php?disablepwa...

7.5CVSS3.4AI score0.01489EPSS
Exploits2
wpexploit
wpexploit
added 2021/08/22 12:0 a.m.104 views

WP-Board <= 1.1 (beta) - Unauthenticated SQL Injection

The options.php file of the plugin accepts a postid parameter which is not sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection. This is a time based SQLI and in the same function vulnerable parameter is passed twice so if we pass time as 5 seconds it take...

8.8CVSS0.8AI score0.04561EPSS
Exploits2References1
wpexploit
wpexploit
added 2021/05/16 12:0 a.m.105 views

Bello < 1.6.0 - Unauthenticated Reflected XSS & XFS

The theme did not properly sanitise and escape its listinglistview, btbblistingfieldmylat, btbblistingfieldmylng, btbblistingfielddistancevalue, btbblistingfieldmylatdefault, btbblistingfieldkeyword, btbblistingfieldlocationautocomplete, btbblistingfieldpricerangefrom and...

6.1CVSS0.4AI score0.10769EPSS
Exploits2References1
wpexploit
wpexploit
added 2021/04/23 12:0 a.m.104 views

Software License Manager < 4.4.6 - CSRF to Stored XSS

The plugin did not have CSRF check on its settings page, nor sanitisation when outputting user input back. Attackers could make a logged in administrator change the plugin's settings, and put XSS payload in them. alert/XSS-1/' / alert/XSS-2/' / alert/XSS-3/' / alert/XSS-4/' /...

0.3AI score
Exploits0References1
wpexploit
wpexploit
added 2022/12/23 12:0 a.m.103 views

WP Spell Check < 9.13 - Ignored Word Deletion via CSRF

The plugin does not have CSRF check in place when deleting ignored words, allowing attacker to make a logged in admin delete them via a CSRF attack Make a logged in admin open https://example.com/wp-admin/admin.php?page=wp-spellcheck-ignore.php&delete=4...

2AI score
Exploits0
wpexploit
wpexploit
added 2022/10/19 12:0 a.m.103 views

Webmaster Tools Verification <= 1.2 - Unauthenticated Arbitrary Plugin Deactivation

The plugin does not have authorisation and CSRF checks when disabling plugins, allowing unauthenticated users to disable arbitrary plugins curl -X POST --data "wmtvuninstall=1&wmtvuninstallconfirm=1&plugin=akismet/akismet.php" https://example.com...

6.5CVSS2.7AI score0.00349EPSS
Exploits2
wpexploit
wpexploit
added 2022/08/02 12:0 a.m.103 views

Social Slider Feed < 2.0.6 - Admin+ Stored XSS via API Key

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup Put the following payload in the YT API Key settin...

1.1AI score
Exploits0
wpexploit
wpexploit
added 2022/06/15 12:0 a.m.103 views

Photo Gallery by Supsystic < 1.15.6 - Arbitrary Settings Update via CSRF

The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

5.4CVSS1.9AI score0.00366EPSS
Exploits1
wpexploit
wpexploit
added 2022/05/18 12:0 a.m.103 views

OnePress Social Locker <= 5.6.2 - Arbitrary Settings Update via CSRF

The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack document.getElementById"test".submit; form id="test"...

6.5CVSS0.9AI score0.00513EPSS
Exploits2
wpexploit
wpexploit
added 2022/05/03 12:0 a.m.103 views

Content Mask < 1.8.4.1 - Subscriber+ Arbitrary Options Update

The plugin does not have authorisation and CSRF checks in various AJAX actions, as well as does not validate the option to be updated to ensure it belongs to the plugin. As a result, any authenticated user, such as subscriber could modify arbitrary blog options POST /wp-admin/admin-ajax.php...

4.3CVSS0.6AI score0.01052EPSS
Exploits3
wpexploit
wpexploit
added 2022/04/26 12:0 a.m.103 views

Sliderby10Web < 1.2.52 - Admin+ Stored Cross-Site Scripting

The plugin does not properly sanitize and escape some of its settings, which could allow high-privileged users such as admin to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed Create/edit a slider, put the following payload in the CSS settings and save: The XSS will be...

4.8CVSS0.8AI score0.00995EPSS
Exploits2
wpexploit
wpexploit
added 2022/04/12 12:0 a.m.103 views

Order Listener for WooCommerce < 3.2.2 - Unauthenticated SQLi

The plugin does not sanitise and escape the id parameter before using it in a SQL statement via a REST route available to unauthenticated users, leading to an SQL injection curl 'http://example.com/?restroute=/olistener/new' --data '"id":" SELECT SLEEP3"' -H 'content-type: application/json'...

9.8CVSS2.5AI score0.09999EPSS
Exploits2References1
wpexploit
wpexploit
added 2022/04/07 12:0 a.m.103 views

Visual Form Builder < 3.0.7 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape the form's 'Email to' field , which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed Create/edit a form and put the following payload in the 'E-mail To' field: " The XSS will be...

4.8CVSS0.6AI score0.00577EPSS
Exploits2
wpexploit
wpexploit
added 2022/02/02 12:0 a.m.103 views

WP Time Slots Booking Form < 1.1.63 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape Calendar names, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. Create a new calendar with the following Name: alert'XSS' The XSS will be triggered when editing or publishing the...

0.4AI score0.00588EPSS
Exploits2
wpexploit
wpexploit
added 2022/01/26 12:0 a.m.103 views

WordPress GDPR & CCPA < 1.9.26 - Authenticated Reflected Cross-Site Scripting

The checkprivacysettings AJAX action of the plugin, available to both unauthenticated and authenticated users, responds with JSON data without an "application/json" content-type. Since an HTML payload isn't properly escaped, it may be interpreted by a web browser led to this endpoint. Javascript...

9.6CVSS9.2AI score0.02085EPSS
Exploits2
wpexploit
wpexploit
added 2021/11/03 12:0 a.m.103 views

Email Tracker < 5.2.6 - Reflected Cross-Site Scripting

The plugin does not escape user input before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting issue alert/XSS/' /...

6.2AI score
Exploits0
wpexploit
wpexploit
added 2021/11/03 12:0 a.m.103 views

Event Manager for WooCommerce < 3.5.3 - Unauthenticated Arbitrary Options Reset

The plugin has two AJAX actions, mepwlajaxlicenseactivate and mepwlajaxlicensedeactivate, which are available to both unauthenticated and authenticated users, and are lacking any authorisation, CSRF as well as checks to ensure that the options to be updated belong to the plugin. As a result,...

7.2AI score
Exploits0
wpexploit
wpexploit
added 2021/03/26 12:0 a.m.103 views

Easy Form Builder <= 1.0 - Authenticated Arbitrary File Upload

The EFBPverifyuploadfile AJAX action of the plugin, available to authenticated users, does not have any security in place to verify uploaded files, allowing low privilege users to upload arbitrary files, leading to RCE. The PoC will be displayed once the issue has been remediated...

6.5CVSS1.9AI score0.01906EPSS
Exploits2References1
wpexploit
wpexploit
added 2023/03/22 12:0 a.m.102 views

Formidable PRO2PDF < 3.11 - Subscriber+ SQLi

The plugin does not properly sanitise and escape the fieldmap parameter before using it in a SQL statement via the fpropdfexportfile AJAX action, leading to a SQL injection exploitable by any authenticated users, such as subscriber Run the below command in the developer console of the web browser...

8.8CVSS9.2AI score0.00926EPSS
Exploits2References1
wpexploit
wpexploit
added 2023/02/27 12:0 a.m.102 views

WP Meta SEO < 4.5.3 - Subscriber+ Improper Authorization causing Arbitrary Redirect

The plugin does not authorize several ajax actions, allowing low-privilege users to make updates to certain data and leading to an arbitrary redirect vulnerability. Visit, for example, the page ?p=99999. This should create the first auto redirect entry in the wpwpmslinks table with ID 1. Now log ...

6.1CVSS6.4AI score0.00713EPSS
Exploits2
wpexploit
wpexploit
added 2022/11/12 12:0 a.m.102 views

Workreap - Freelance Marketplace and Directory < 2.6.3 - Subscriber+ Private Message Disclosure via IDOR

The theme has a vulnerability with the notifications feature as it's possible to read any user's notification employer or freelancer as the notification ID is brute-forceable. POST /testt/wp-admin/admin-ajax.php HTTP/2 Host: host Cookie: Content-Type: application/x-www-form-urlencoded;...

7.5CVSS1.2AI score0.00783EPSS
Exploits2
wpexploit
wpexploit
added 2022/09/12 12:0 a.m.102 views

DSGVO All in one for WP < 4.2 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup Go the DSGVO AIO Settings Cookie Notice settings a...

4.8CVSS4.7AI score0.00548EPSS
Exploits2
wpexploit
wpexploit
added 2022/06/27 12:0 a.m.102 views

Download Manager < 3.2.44 - Unauthenticated Reflected Cross-Site Scripting

The plugin does not escape a generated URL before outputting it back in an attribute of the login page made by the plugin, leading to Reflected Cross-Site Scripting, which is only exploitable against unauthenticated users On the login page from the plugin ie where the wpdmloginform is embed, appe...

0.4AI score
Exploits0
wpexploit
wpexploit
added 2022/04/26 12:0 a.m.102 views

Domain Replace <= 1.3.8 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape a parameter before outputting it back in an attribute in an admin page, leading to a Reflected Cross-Site Scripting https://example.com/wp-admin/admin.php?page=dr-convert&msg=%3Csvg%2Fonload%3Dalert%28%2Fxss%2F%29%3E...

6.1CVSS1.2AI score0.00757EPSS
Exploits2
wpexploit
wpexploit
added 2022/04/05 12:0 a.m.102 views

Event List < 0.8.8 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks against other admin even when the unfilteredhtml is disallowed Put the following payload in the "iCal link text" Feed Settings of the plugin...

4.8CVSS4.8AI score0.00577EPSS
Exploits2
wpexploit
wpexploit
added 2022/03/27 12:0 a.m.102 views

Admin Word Count Column <= 2.2 - Unauthenticated Arbitrary File Read

The plugin does not validate the path parameter given to readfile, which could allow unauthenticated attackers to read arbitrary files on server running old version of PHP susceptible to the null byte technique. This could also lead to RCE by using a Phar Deserialization technique...

9.8CVSS3.2AI score0.22133EPSS
Exploits2References2
wpexploit
wpexploit
added 2022/03/21 12:0 a.m.102 views

Easy Social Icons < 3.2.1 - Admin+ Stored Cross-Site Scripting in add icon

The plugin does not properly escape the imagefile field when adding a new social icon, allowing high privileged users to inject arbitrary javascript even when the unfilteredhtml capability is disallowed. Version 3.2.0 adressed some of the issues, but was still vulnerable when clicking to edit the...

4.8CVSS1.1AI score0.00588EPSS
Exploits2
wpexploit
wpexploit
added 2022/02/14 12:0 a.m.102 views

YOP Poll < 6.3.5 - Author+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of the settings available to users with a role as low as author before outputting them, leading to a Stored Cross-Site Scripting issue As author, put the following payload in the Settings Integration Use Google reCaptcha Yes Site Key: v v 6.3.5 - "...

5.4CVSS5.3AI score0.00595EPSS
Exploits2
wpexploit
wpexploit
added 2022/01/10 12:0 a.m.102 views

SEUR Oficial < 1.7.2 - Admin+ Arbitrary File Download

The plugin creates a PHP file with a random name when installed, even though it is used for support purposes, it allows to download any file from the web server without restriction after knowing the URL and a password than an administrator can see in the plugin settings page. Navigate to...

4.9CVSS5.3AI score0.01156EPSS
Exploits2
wpexploit
wpexploit
added 2021/12/20 12:0 a.m.102 views

SEUR Oficial < 1.7.0 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitize and escape some of its settings allowing high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed Put the following payload in one of the plugin's settings: "alert'XSS'; Affected files:...

4.8CVSS0.3AI score0.00605EPSS
Exploits2
wpexploit
wpexploit
added 2021/06/14 12:0 a.m.102 views

10Web Map Builder for Google Maps < 1.0.70 - Authenticated Stored XSS

The plugin does not validate or escape its MAP API Key, Center Address, Center Lat, Center Lng and Zoom Level settings in the admin dashboard, allowing high privilege users such as admin to use JavaScript payload in them, leading to Stored Cross-Site Scripting issues even when the unfilteredhtml...

6.2AI score
Exploits0References1
wpexploit
wpexploit
added 2021/04/27 12:0 a.m.102 views

404 SEO Redirection <= 1.3 - CSRF to Stored Cross-Site Scripting (XSS)

Description The plugin is lacking CSRF checks in all its settings, allowing attackers to make a logged in user change the plugin's settings. Due to the lack of sanitisation and escaping in some fields, it could also lead to Stored Cross-Site Scripting issues The PoC will be displayed once the iss...

6.5CVSS6.1AI score0.0056EPSS
Exploits2
wpexploit
wpexploit
added 2021/01/08 12:0 a.m.102 views

Modal Survey < 2.0.1.8.2 - Authenticated Reflected Cross-Site Scripting (XSS)

The plugin did not sanitise the msuid parameter from the survey participants page in the admin Dashboard, leading to a reflected Cross-Site Scripting issue https://example.com/wp-admin/admin.php?page=modalsurveyparticipants&msuid=%27%3E%3Cscript%3Ealert%28123%29%3B%3C%2Fscript%3E...

1AI score
Exploits0References1
wpexploit
wpexploit
added 2023/02/28 12:0 a.m.101 views

Preview Link Generator < 1.0.4 - Arbitrary Plugin Activation via CSRF

The plugin does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack fetch'https://example.com/wp-admin/admin-ajax.php', method: 'POST', headers: new Headers 'Content-Type':...

4.3CVSS5.6AI score0.00337EPSS
Exploits2
wpexploit
wpexploit
added 2023/02/28 12:0 a.m.101 views

Simple File List < 6.0.10 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. 1. Go to...

4.8CVSS5.3AI score0.00442EPSS
Exploits2
wpexploit
wpexploit
added 2023/02/27 12:0 a.m.101 views

WP Meta SEO < 4.5.3 - Subscriber+ SQLi

The plugin does not properly sanitize and escape inputs into SQL queries, leading to a blind SQL Injection vulnerability that can be exploited by subscriber+ users. Run the following js code in your web console on the dashboard as a subscriber: fetch 'admin-ajax.php', method: 'POST', headers:...

8.8CVSS9.2AI score0.00907EPSS
Exploits2
wpexploit
wpexploit
added 2023/02/13 12:0 a.m.101 views

Download Attachments <= 1.2.24 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. download-attachments containerclass='"...

5.4CVSS5.2AI score0.00482EPSS
Exploits1
wpexploit
wpexploit
added 2023/02/13 12:0 a.m.101 views

Advanced Recent Posts <= 0.6.14 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. lptwrecentposts colorscheme='"...

5.4CVSS5.2AI score0.00471EPSS
Exploits2
wpexploit
wpexploit
added 2022/12/23 12:0 a.m.101 views

WP Spell Check < 9.13 - Admin+ Stored Cross-Site Scripting

The plugin does not escape ignored words, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup Add a word to ignore via...

4.8CVSS0.7AI score0.0047EPSS
Exploits2
wpexploit
wpexploit
added 2022/12/20 12:0 a.m.101 views

WordPress Events Calendar Plugin < 1.4.5 - Multiple Reflected XSS

The plugin does not sanitize and escapes a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against both unauthenticated and authenticated users such as high-privilege ones like admin. 1. Create a new calendar in the plugin's setting...

6.1CVSS6.1AI score0.00891EPSS
Exploits2
wpexploit
wpexploit
added 2022/12/05 12:0 a.m.101 views

Contest Gallery < 19.1.5 - Admin+ SQL Injection

The plugins do not escape the optionid GET parameter before concatenating it to an SQL query in export-images-data.php. This may allow malicious users with at least author privilege to leak sensitive information from the site's database. POST...

6.5CVSS0.7AI score0.00854EPSS
Exploits2References1
Total number of security vulnerabilities4359