Lucene search
K
WpexploitMost viewed

4359 matches found

wpexploit
wpexploit
added 2022/10/31 12:0 a.m.101 views

Event Monster < 1.2.1 - Admin+ SQLi

The plugin does not validate and escape some parameters before using them in SQL statements, which could lead to SQL Injection exploitable by high privilege users...

7.2CVSS0.7AI score0.00962EPSS
Exploits2
wpexploit
wpexploit
added 2022/10/17 12:0 a.m.101 views

Role Based Pricing for WooCommerce < 1.6.3 - Subscriber+ PHAR Deserialization

The plugin does not have authorisation and proper CSRF checks, as well as does not validate path given via user input, allowing any authenticated users like subscriber to perform PHAR deserialization attacks when they can upload a file, and a suitable gadget chain is present on the blog As a...

8.8CVSS0.5AI score0.00511EPSS
Exploits2
wpexploit
wpexploit
added 2022/05/03 12:0 a.m.101 views

StaffList < 3.1.6 - Reflected Cross-Site Scripting

The plugin does to sanitise and escape a parameter before outputting it back in an admin page, leading to a Reflected cross-Site Scripting https://example.com/wp-admin/admin.php?page=stafflist&remove=1&p=1%27%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E...

1.3AI score
Exploits0References1
wpexploit
wpexploit
added 2022/03/08 12:0 a.m.101 views

FormBuilder <= 1.08 - Stored Cross-Site Scripting via CSRF

The plugin does not have CSRF checks in place when creating/updating and deleting forms, and does not sanitise as well as escape its form field values. As a result, attackers could make logged in admin update and delete arbitrary forms via a CSRF attack, and put Cross-Site Scripting payloads in...

6.5CVSS0.2AI score0.00534EPSS
Exploits2
wpexploit
wpexploit
added 2022/02/16 12:0 a.m.101 views

Simple Quotation <= 1.3.2 - Subscriber+ SQL injection

The plugin does not have authorisation and CSRF checks in various of its AJAX actions and is lacking escaping of user data when using it in SQL statements, allowing any authenticated users, such as subscriber to perform SQL injection attacks POST /wp-admin/admin-ajax.php HTTP/1.1 Accept: /...

8.8CVSS1.3AI score0.01297EPSS
Exploits2
wpexploit
wpexploit
added 2022/02/01 12:0 a.m.101 views

Cost Calculator < 1.6 - Contributor+ Stored Cross-Site Scripting

The plugin allows users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks via the Description fields of a Cost Calculator Price Settings which gets injected on the edit page as well as any page that embeds the calculator using the shortcode, as well as the Text...

5.4CVSS5.3AI score0.00595EPSS
Exploits2
wpexploit
wpexploit
added 2022/02/01 12:0 a.m.101 views

Contact Form & Lead Form Elementor Builder Plugin < 1.7.4 - Multiple Subscriber+ Settings Update

The plugin doesn't have authorisation and nonce checks, which could allow any authenticated users, such as subscriber to update and change various settings PoC POST Request ON/OFF Captcha: POST /wp-admin/admin-ajax.php HTTP/2 Cookie: any authenticated user User-Agent: Mozilla/5.0 Content-Type:...

0.7AI score0.0053EPSS
Exploits2References1
wpexploit
wpexploit
added 2021/12/27 12:0 a.m.101 views

Orders Tracking for WooCommerce < 1.1.10 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape the fileurl before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting https://example.com/wp-admin/admin.php?page=woo-orders-tracking-import-csv&fileurl=%3Cimg+src+onerror%3Dalert%281%29%3E&viwoterror=2...

6.1CVSS1.3AI score0.00887EPSS
Exploits2References1
wpexploit
wpexploit
added 2021/12/27 12:0 a.m.101 views

WP Cookie User Info < 1.0.9 - Admin+ SQL Injection

The plugin does not sanitise or escape the id GET parameter before using it in a SQL statement, when retrieving the setting to edit in the admin dashboard, leading to an authenticated SQL Injection...

7.2CVSS1.4AI score0.01316EPSS
Exploits2
wpexploit
wpexploit
added 2021/08/31 12:0 a.m.101 views

WooCommerce Dynamic Pricing & Discounts < 2.4.2 - Unauthenticated Settings Export

The plugin does not have authorisation check on its export feature, allowing unauthenticated users to export them. https://example.com/?rpwcdpdexportsettings=1...

2.8AI score
Exploits0References1
wpexploit
wpexploit
added 2023/03/21 12:0 a.m.100 views

Drag and Drop Multiple File Upload PRO - Contact Form 7 Standard < 2.11.1 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high-privilege users such as admins. Visit the following path on the site as an admin user:...

6.1CVSS5.9AI score0.00542EPSS
Exploits3
wpexploit
wpexploit
added 2023/03/13 12:0 a.m.100 views

Shopping Cart & eCommerce Store < 5.4.3 - Admin+ LFI

The plugin does not validate HTTP requests, allowing authenticated users with admin privileges to perform LFI attacks. 1. Login as Admin. 2. Go to wp-admin/admin.php?page=wp-easycart-products&subpage=products 3. Click on Import Products. Browse any file and click on import file. Intercept the...

7.2CVSS7.2AI score0.01084EPSS
Exploits2
wpexploit
wpexploit
added 2023/03/03 12:0 a.m.100 views

Schedulicity - Easy Online Scheduling <= 2.21 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. schedulenowbutton bizkey='"...

6.5CVSS5.2AI score0.0056EPSS
Exploits2
wpexploit
wpexploit
added 2022/12/14 12:0 a.m.100 views

WP Table Reloaded <= 1.9.4 - Contributor+ Stored XSS

The plugin does not validate and escapes some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as a contributor to perform Stored Cross-Site Scripting attacks, which could be used against high privilege users such as admins. Exploit...

5.4CVSS0.4AI score0.00471EPSS
Exploits2
wpexploit
wpexploit
added 2022/12/05 12:0 a.m.100 views

Contest Gallery < 19.1.5 - Author+ SQL Injection

The plugins do not escape the optionid POST parameter before concatenating it to an SQL query in edit-options.php. This may allow malicious users with at least author privilege to leak sensitive information from the site's database. POST...

6.5CVSS0.7AI score0.00854EPSS
Exploits2References1
wpexploit
wpexploit
added 2022/06/20 12:0 a.m.100 views

WP Opt-in <= 1.4.1 - Arbitrary Settings Update via CSRF

The plugin is vulnerable to CSRF which allows changed plugin settings and can be used for sending spam emails. Bad e-mail address." Failed sending to e-mail address." " " " document.getElementById"test".submit;...

4.3CVSS0.5AI score0.00368EPSS
Exploits2
wpexploit
wpexploit
added 2022/06/02 12:0 a.m.100 views

Dokan < 3.6.4 - Vendor Stored Cross-Site Scripting

The plugin allows vendors to inject arbitrary javascript in product reviews, which may allow them to run stored XSS attacks against other users like site administrators. As a vendor, add a review in any products with following payload: https://youtu.be/gGUNSG5s5JU...

1AI score0.00491EPSS
Exploits2
wpexploit
wpexploit
added 2022/05/23 12:0 a.m.100 views

Private Files <= 0.40 - Protection Disabling via CSRF

The plugin is missing CSRF check when disabling the protection, which could allow attackers to make a logged in admin perform such action via a CSRF attack and make the blog public document.getElementById"test".submit; That will also delete the .htaccess...

4.3CVSS0.9AI score0.00412EPSS
Exploits2
wpexploit
wpexploit
added 2022/05/18 12:0 a.m.100 views

MailerLite < 1.5.4 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting The first digit of the ID must be an existing form ID...

6.1CVSS0.3AI score0.00815EPSS
Exploits2
wpexploit
wpexploit
added 2022/04/27 12:0 a.m.100 views

WP-Invoice <= 4.3.1 - Arbitrary Settings Update via CSRF

The plugin does not have CSRF check in place when updating its settings, which could allow attacker to make a logged in admin update them and change the minimum role allowed to access the plugin's features to subscriber for example, which would make invoices available to any authenticated users...

1.5AI score
Exploits0
wpexploit
wpexploit
added 2022/02/07 12:0 a.m.100 views

Multisite Content Copier/Updater < 2.1.0 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape the wmcccontenttype, wmccsourceblog and wmccrecordperpage parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting issues alert/XSS-contenttype/' / alert/XSS-source/' / alert/XSS-record/' /...

6.1CVSS0.00788EPSS
Exploits2
wpexploit
wpexploit
added 2021/12/20 12:0 a.m.100 views

AnyComment <= 0.3.1 - Open Redirect

The plugin has an API endpoint which passes user input via the redirect parameter to the wpredirect function without being validated first, leading to an Open Redirect issue, which according to the vendor, is a feature...

6.1CVSS3.1AI score0.02208EPSS
Exploits2
wpexploit
wpexploit
added 2021/07/05 12:0 a.m.100 views

Magic Post Thumbnail < 3.3.7 - Reflected Cross-Site Scripting (XSS)

The plugin does not sanitise or escape its ids GET parameter before outputting it back in the bulk generation page, leading to a reflected Cross-Site Scripting issue https://example.com/wp-admin/admin.php?page=magicpostthumbnail%2Finc%2Fadmin%2Fbulkgeneration.php&ids=alert/XSS/...

0.5AI score
Exploits0
wpexploit
wpexploit
added 2021/06/15 12:0 a.m.100 views

Smooth Scroll Page Up/Down Buttons <= 1.4 - Authenticated Stored XSS via psb_positioning

The plugin does not properly sanitise and validate its psbpositioning settings, allowing high privilege users such as admin to set an XSS payload in it, which will be executed in all pages of the blog -- Payloads: $ m0ze"...

4.8CVSS1.4AI score0.00626EPSS
Exploits2References1
wpexploit
wpexploit
added 2021/04/16 12:0 a.m.100 views

SEO Redirection < 6.4 - Authenticated Stored Cross-Site Scripting (XSS)

The plugin did not sanitise the Redirect From and Redirect To fields when creating a new redirect in the dashboard, allowing high privilege users even with the unfilteredhtml disabled to set XSS payloads Create a new Custom redirect /wp-admin/options-general.php?page=seo-redirection.php and set a...

0.2AI score0.00617EPSS
Exploits2
wpexploit
wpexploit
added 2023/02/28 12:0 a.m.99 views

Contact Form 7 Widget For Elementor Page Builder & Gutenberg Blocks < 1.1.6 - Arbitrary Plugin Activation via CSRF

The plugin does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack activate woocommerce plugin exploit: fetch'http://localhost/wp-admin/admin-ajax.php', method: 'POST', headers: new...

4.3CVSS5.6AI score0.00278EPSS
Exploits2
wpexploit
wpexploit
added 2023/02/28 12:0 a.m.99 views

Real Estate 7 < 3.3.5 - Multiple CSRF

The theme does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks, for example create/delete arbitrary lead alerts, manipulate properties add/remove from favourite etc To be disclosed on March 6th...

2.9AI score
Exploits0References1
wpexploit
wpexploit
added 2023/02/28 12:0 a.m.99 views

WP News <= 1.1.9 - Arbitrary Plugin Activation via CSRF

The plugin does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack activate woocommerce plugin exploit: fetch'http://localhost/wp-admin/admin-ajax.php', method: 'POST', headers: new...

6.5CVSS6.9AI score0.00326EPSS
Exploits2
wpexploit
wpexploit
added 2023/02/28 12:0 a.m.99 views

OAuth Single Sign On - SSO (OAuth Client) Standard < 28.4.9 - IdP Deletion via CSRF

The plugin does not have CSRF checks when deleting Identity Providers IdP, which could allow attackers to make logged in admins delete arbitrary IdP via a CSRF attack https://example.com/wp-admin/admin.php?page=mooauthsettings&tab=config&action=delete&app=wordpress...

6.5CVSS6.8AI score0.00442EPSS
Exploits5
wpexploit
wpexploit
added 2023/02/02 12:0 a.m.99 views

Ocean Extra < 2.1.2 - Contributor+ Stored XSS

The plugin does not escape the class attribute of its oceanwpbreadcrumb shortcode before outputting it back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks oceanwpbreadcrumb class='"...

5.5CVSS5.6AI score0.00343EPSS
Exploits1
wpexploit
wpexploit
added 2022/12/21 12:0 a.m.99 views

Click to Chat < 3.18.1 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. Exploit...

5.4CVSS0.7AI score0.00534EPSS
Exploits2
wpexploit
wpexploit
added 2022/10/21 12:0 a.m.99 views

OAuth Client by DigitialPixies <= 1.1.0 - CSRF

The plugin does not have CSRF checks in some places, which could allow attackers to make logged-in users perform unwanted actions. Make a logged in user visit a page with the following code fetch'https://example.com/wp-admin/admin-ajax.php', method: 'POST', headers: new Headers 'Content-Type':...

6.5CVSS1.9AI score0.0034EPSS
Exploits2
wpexploit
wpexploit
added 2022/10/21 12:0 a.m.99 views

Contact Form Entries < 1.3.0 - CSV Injection

The plugin does not validate data when its output in a CSV file, which could lead to CSV injection. - Submit a form using Contact Form 7, Ninja Forms, Elementor Forms or WP Forms using =5+5 as the value - Export the data as CSV /wp-admin/admin.php?page=vxcfleads - Open the CSV with a spreadsheet...

0.5AI score0.00428EPSS
Exploits2
wpexploit
wpexploit
added 2022/10/19 12:0 a.m.99 views

reSmush.it Image Optimizer < 0.4.4 - Subscriber+ AJAX Calls

The plugin lacks authorization in various AJAX actions, allowing any logged-in users, such as subscribers to call them. Examples of actions where low-privileged users can directly ask - https://example.com/wp-admin/admin-ajax.php?action=resmushitbulkgetimages -...

4.3CVSS2AI score0.00486EPSS
Exploits2
wpexploit
wpexploit
added 2022/10/17 12:0 a.m.99 views

Import and export users and customers < 1.20.5 - Subscriber+ CSV Injection

The plugin does not properly escape data when exporting it via CSV files. 1 Edit your subscriber account's nickname to: ;=1+3 2 As an administrator, export your users data via http://vulnerable-site.tld/wp-admin/tools.php?page=acui&tab=export, and open the resulting CSV file in Excel or equivalen...

8CVSS1.2AI score0.0099EPSS
Exploits2References1
wpexploit
wpexploit
added 2022/09/26 12:0 a.m.99 views

Tutor LMS < 2.0.10 - Admin+ Stored Cross-Site Scripting

The plugin does not escape some course parameters, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup Create/Edit a Course, add a new Topic and put the following...

4.8CVSS4.7AI score0.00573EPSS
Exploits2
wpexploit
wpexploit
added 2022/09/20 12:0 a.m.99 views

Import all XML, CSV & TXT into WordPress < 6.5.8 - Admin+ SQLi

The plugin does not properly sanitise and escape imported data before using them back SQL statements, leading to SQL injection exploitable by high privilege users such as admin With the additional https://wordpress.org/plugins/polylang/ plugin installed, import a CSV with the following payload in...

7.2CVSS7.3AI score0.00992EPSS
Exploits2
wpexploit
wpexploit
added 2022/06/14 12:0 a.m.99 views

Clearfy Cache < 2.0.5 - Reflected Cross-Site Scripting

The plugin does not escape some generated URLs before outputting them back in attributes, leading to Reflected Cross-Site Scripting When Disable assets manager on back-end" is off: https://example.com/wp-admin/admin.php?page=gonzales-wbcrclearfy&action=index&wbcrassetsmanager=1&a"alert/XSS/...

0.1AI score
Exploits0
wpexploit
wpexploit
added 2022/03/21 12:0 a.m.99 views

Favicon by RealFaviconGenerator < 1.3.23 - Reflected Cross-Site Scripting

The plugin does not properly sanitise and escape the jsonresulturl parameter before outputting it back in the Favicon admin dashboard, leading to a Reflected Cross-Site Scripting issue...

6.1CVSS1.1AI score0.00863EPSS
Exploits2References1
wpexploit
wpexploit
added 2022/02/16 12:0 a.m.100 views

Login with phone number < 1.3.7 - Unauthenticated remote plugin deletion

The plugin includes a file delete.php with no form of authentication or authorization checks placed in the plugin directory, allowing unauthenticated user to remotely delete the plugin files leading to a potential Denial of Service situation...

6.5CVSS2.9AI score0.01419EPSS
Exploits2References1
wpexploit
wpexploit
added 2022/02/02 12:0 a.m.99 views

CP Blocks < 1.0.15 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape its "License ID" settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml is disallowed. Put the following payloads in the "License ID" setting of the plugin and save: "alert/XSS/...

4.8CVSS0.0632EPSS
Exploits5
wpexploit
wpexploit
added 2022/01/17 12:0 a.m.99 views

MapPress Maps for WordPress < 2.73.4 - Reflected Cross-Site scripting

The plugin does not sanitise and escape the mapid parameter before outputting it back in the "Bad mapid" error message, leading to a Reflected Cross-Site Scripting https://example.com/?mappiframe=1&mapid=--%3E%3Cimg%20src%20onerror=alert/XSS/%3E...

6.1CVSS0.8AI score0.02021EPSS
Exploits2
wpexploit
wpexploit
added 2022/01/12 12:0 a.m.99 views

Remove Footer Credit < 1.0.11 - Admin+ Stored Cross-Site Scripting

The plugin does properly sanitise its settings, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml is disallowed. In the plugin's settings, put the following values: - In "Step 1: Enter text/HTML to remove one per line" field: powered - In "Step 2:...

4.8CVSS0.3AI score0.00644EPSS
Exploits2References1
wpexploit
wpexploit
added 2021/12/29 12:0 a.m.99 views

Orange Form <= 1.0 - SQL Injection via CSRF

In the plugin, the processbulkaction function in "admin/orange-form-email.php" performs an unprepared SQL query with an unsanitized parameter $id. Only admin can access the page that invokes the function, but because of lack of CSRF protection, it is actually exploitable and could allow attackers...

8.8CVSS2.6AI score0.00609EPSS
Exploits2
wpexploit
wpexploit
added 2021/12/10 12:0 a.m.99 views

WP Booking System – Booking Calendar < 2.0.15 - Authenticated Reflected Cross-Site Scripting (XSS)

The plugin was affected by a reflected xss in wp-booking-system on the wpbs-calendars admin page. http://127.0.0.1:8001/wp-admin/admin.php?page=wpbs-calendars&s=%22+style%3Danimation-name%3Arotation+onanimationstart%3Dalert%281%29+x%3D or...

5.4CVSS1.6AI score0.00675EPSS
Exploits2References1
wpexploit
wpexploit
added 2021/07/02 12:0 a.m.100 views

Community Event < 1.4.8 - Reflected Cross-Site Scripting (XSS)

The plugin does not sanitise, validate or escape its importrowscount and successimportcount GET parameters before outputting them back in an admin page, leading to a reflected Cross-Site Scripting issue which will be executed in the context of a logged in administrator...

4.3CVSS2.4AI score0.00827EPSS
Exploits2
wpexploit
wpexploit
added 2021/05/13 12:0 a.m.99 views

External Media < 1.0.34 - Authenticated Arbitrary File Upload

The wpajaxupload-remote-file AJAX action of the plugin was vulnerable to arbitrary file uploads via any authenticated users. $wpuser, 'pwd' = $wppass, 'rememberme' = 'forever', 'wp-submit' = 'Log+In', ; $output = curlexec$ch; curlclose$ch; // Upload File $ch = curlinit; curlsetopt$ch, CURLOPTURL,...

6.5CVSS1.3AI score0.01775EPSS
Exploits2References1
wpexploit
wpexploit
added 2021/04/12 12:0 a.m.99 views

Business Directory Plugin < 5.11.2 - Arbitrary Listing Export

The plugin suffered from a Cross-Site Request Forgery issue, allowing an attacker to make a logged in administrator export files, which could then be downloaded by the attacker to get access to PII, such as email, home addresses etc The state is base64 encoded and will need to be adapted to the...

4.3CVSS6.4AI score0.00708EPSS
Exploits2
wpexploit
wpexploit
added 2021/03/27 12:0 a.m.99 views

Easy Form Builder <= 1.0 - Unauthorised AJAX calls

While confirming https://wpscan.com/vulnerability/ed0c054b-54bf-4df8-9015-c76704c93484, we noticed that all AJAX actions of the plugin, available to authenticated users, do not have any CSRF and authorisation checks in place, allowing low privilege users to call them and delete/edit arbitrary for...

1.2AI score
Exploits0
wpexploit
wpexploit
added 2023/03/06 12:0 a.m.98 views

Gallery Blocks with Lightbox < 3.0.8 - Subscriber+ Arbitrary Options Update

The plugin has an AJAX endpoint that can be accessed by any authenticated users, such as subscriber. The callback function allows numerous actions, the most serious one being reading and updating the WordPress options which could be used to enable registration with a default administrator user...

8.1CVSS7.8AI score0.00731EPSS
Exploits2
Total number of security vulnerabilities4359