Lucene search
K
WpexploitMost viewed

4359 matches found

wpexploit
wpexploit
added 2022/03/29 12:0 a.m.98 views

Flo Launch < 2.4.1 - Missing Authentication Allow Full Site Takeover

The plugin injects code into wp-config.php when creating a cloned site, allowing any attacker to initiate a new site install by setting the flocustomtableprefix cookie to an arbitrary value. On any website where flo-launch is active create cookie "flocustomtableprefix" with any string value to...

9.8CVSS1.6AI score0.01698EPSS
Exploits2
wpexploit
wpexploit
added 2022/03/21 12:0 a.m.98 views

Favicon by RealFaviconGenerator < 1.3.23 - Reflected Cross-Site Scripting

The plugin does not properly sanitise and escape the jsonresulturl parameter before outputting it back in the Favicon admin dashboard, leading to a Reflected Cross-Site Scripting issue...

6.1CVSS1.1AI score0.00863EPSS
Exploits2References1
wpexploit
wpexploit
added 2022/03/14 12:0 a.m.98 views

Ad Inserter < 2.7.12 - Reflected Cross-Site Scripting

The plugins do not sanitise and escape the REQUESTURI before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting in browsers which do not encode characters In a browser which does not encode characters:...

6.1CVSS1AI score0.03541EPSS
Exploits4
wpexploit
wpexploit
added 2022/03/08 12:0 a.m.98 views

WP Block and Stop Bad Bots < 6.88 - Unauthenticated SQLi

The plugin does not properly sanitise and escape the User Agent before using it in a SQL statement to record logs, leading to an SQL Injection issue GET / HTTP/1.1 User-Agent: '+SLEEP5-- g Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language:...

9.8CVSS0.2AI score0.01583EPSS
Exploits2
wpexploit
wpexploit
added 2022/02/01 12:0 a.m.98 views

MasterStudy LMS < 2.7.6 - Unauthenticated Admin Account Creation

The plugin does to validate some parameters given when registering a new account, allowing unauthenticated users to register as an admin The nonce value of the stmlmsregister request must be retrieved from the ajax page. for this you should check the home page POST...

9.8CVSS0.9AI score0.84943EPSS
Exploits8References1
wpexploit
wpexploit
added 2022/01/03 12:0 a.m.98 views

Wicked Folders < 2.18.10 - Subscriber+ SQL Injection

The plugin does not sanitise and escape the folderid parameter before using it in a SQL statement in the wickedfolderssavesortorder AJAX action, available to any authenticated user. leading to an SQL injection As a subscriber:...

8.8CVSS1.5AI score0.01517EPSS
Exploits2References1
wpexploit
wpexploit
added 2021/05/12 12:0 a.m.98 views

Photo Gallery < 1.5.67 - Authenticated Stored Cross-Site Scripting via Gallery Title

The plugin did not properly sanitise the gallery title, allowing high privilege users to create one with XSS payload in it, which will be triggered when another user will view the gallery list or the affected gallery in the admin dashboard. This is due to an incomplete fix of CVE-2019-16117 Creat...

6.1CVSS1.4AI score0.04609EPSS
Exploits6
wpexploit
wpexploit
added 2021/04/12 12:0 a.m.98 views

Content Copy Protection & Prevent Image Save <= 1.3 - CSRF to Stored Cross-Site Scripting (XSS)

The plugin does not check for CSRF when saving its settings, not perform any validation and sanitisation on them, allowing attackers to make a logged in administrator set arbitrary XSS payloads in them. -- PoC 1 | Authenticated Persistent XSS & XFS | Image saving disabled message text: ! POST...

0.9AI score0.008EPSS
Exploits2References3
wpexploit
wpexploit
added 2021/04/12 12:0 a.m.98 views

Business Directory Plugin < 5.11.2 - Authenticated Stored Cross-Site Scripting

The plugin suffered from lack of sanitisation in the label of the Form Fields, leading to Authenticated Stored Cross-Site Scripting issues across various pages of the plugin. Log on as an admin, create or edit a Form Field wp-admin/admin.php?page=wpbdpadminformfields and set the Field Label input...

3.5CVSS0.3AI score0.00645EPSS
Exploits2
wpexploit
wpexploit
added 2021/01/22 12:0 a.m.99 views

Doneren met Mollie < 2.8.5 - Unauthorised CSV Export leading to Sensitive Data Disclosure

The plugin did not check for user capability in the dmmexportdonations function, allowing any authenticated user to export a CSV file containing all donors personal information. GET /wp-admin/admin-post.php?action=dmmexport...

2.5AI score
Exploits0References2
wpexploit
wpexploit
added 2023/03/22 12:0 a.m.97 views

InPost Gallery <= 2.1.4.1 - Reflected XSS

The plugin does not sanitise and escape the imgurl parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin Make a logged in admin open...

5.4CVSS5.7AI score0.00441EPSS
Exploits2References1
wpexploit
wpexploit
added 2023/02/28 12:0 a.m.97 views

HT Politic < 2.3.8 - Arbitrary Plugin Activation via CSRF

The plugin does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack activate woocommerce plugin exploit: fetch'http://localhost/wp-admin/admin-ajax.php', method: 'POST', headers: new...

4.3CVSS5.6AI score0.00252EPSS
Exploits2
wpexploit
wpexploit
added 2023/01/06 12:0 a.m.97 views

Post Grid, Post Carousel, & List Category Posts < 2.4.19 - Contributor+ Stored XSS

The plugin does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. Exploit Additional CSS classes for "Smart Post Show"...

5.4CVSS5.3AI score0.00471EPSS
Exploits2
wpexploit
wpexploit
added 2023/01/06 12:0 a.m.98 views

Custom User Profile Fields for User Registration & Member Frontend Profiles with Paid Memberships Pro < 1.8.1 - Contributor+ Stored XSS via Shortcode

The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. Exploit...

5.4CVSS0.3AI score0.00548EPSS
Exploits2
wpexploit
wpexploit
added 2022/09/19 12:0 a.m.97 views

Booster for WooCommerce - Subscriber+ Order Status Update

The plugins allow users to update their own order status via a settings defined by admins when the My Account module is enabled, however does not ensure that the status set is allowed. As a result, users could set arbitrary status to their own orders, making them paid without actually paying for...

0.4AI score
Exploits0
wpexploit
wpexploit
added 2022/05/09 12:0 a.m.97 views

No Future Posts <= 1.4 - Admin+ Stored Cross-Site Scripting

The plugin does not escape its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks when unfilteredhtml is disallowed Put the following payload in any of the plugin's settings such as Exclude posts IDs and save: " autofocus onfocus=alert/XSS///...

4.8CVSS0.8AI score0.00565EPSS
Exploits2
wpexploit
wpexploit
added 2022/03/22 12:0 a.m.97 views

WP Downgrade < 1.2.3 - Admin+ Stored Cross-Site Scripting

The plugin only perform client side validation of its "WordPress Target Version" settings, but does not sanitise and escape it server side, allowing high privilege users such as admin to perform Cross-Site attacks even when the unfilteredhtml capability is disallowed Access the settings of the...

4.8CVSS0.3AI score0.04782EPSS
Exploits4References1
wpexploit
wpexploit
added 2022/03/07 12:0 a.m.97 views

SpeakOut! Email Petitions < 2.14.15.1 - Unauthenticated SQLi

The plugin does not sanitise and escape the id parameter before using it in a SQL statement via the dkspeakoutsendmail AJAX action, leading to an SQL Injection exploitable by unauthenticated users Create a new email petition /wp-admin/admin.php?page=dkspeakoutaddnew, check x Do not send email onl...

9.8CVSS1.1AI score0.08785EPSS
Exploits2
wpexploit
wpexploit
added 2022/02/02 12:0 a.m.97 views

Advanced iFrame < 2022 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape the aiconfigid parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting issue alert/XSS/;" / var form1 = document.getElementById'hack'; form1.submit;...

6.1CVSS0.3AI score0.00788EPSS
Exploits2
wpexploit
wpexploit
added 2022/01/26 12:0 a.m.97 views

Add Subtitle <= 1.1.0 - Contributor+ Stored Cross-Site Scripting

The plugin does not sanitise or escape the sub-title field available only with classic editor when output in the page, which could allow users with a role as low as contributor to perform Cross-Site Scripting attacks The classic editor plugin is needed to see the sub-title field - Create a post a...

5.4CVSS0.1AI score0.00595EPSS
Exploits2
wpexploit
wpexploit
added 2022/01/18 12:0 a.m.97 views

The Buffer Button <= 1.0 - Authenticated Stored Cross Site Scripting (XSS)

The plugin was vulnerable to Authenticated Stored Cross Site Scripting XSS within the Twitter username to mention text field. 1. Insert below payload in the Twitter username to mention text field "alert44 2. Click on Save Changes...

5.4CVSS0.1AI score0.00591EPSS
Exploits2
wpexploit
wpexploit
added 2021/12/21 12:0 a.m.97 views

Easy Forms for Mailchimp < 6.8.6 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape the fieldname and fieldtype parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting issues alert/XSS-fieldname/' / alert/XSS-fieldtype/' / var form1 = document.getElementById'hack'; form1.submit;...

6.1CVSS6.1AI score0.01109EPSS
Exploits2References1
wpexploit
wpexploit
added 2021/05/09 12:0 a.m.97 views

Simple Giveaways < 2.36.2 - Unauthenticated Reflected Cross-Site Scripting (XSS)

The method and share GET parameters of the Giveaway pages were not sanitised, validated or escaped before being output back in the pages, thus leading to reflected XSS https://example.com/giveaway/mygiveaways/?share=%3Cscript%3Ealertdocument.domain%3C/script%3E...

6.1CVSS1.6AI score0.03451EPSS
Exploits2References1
wpexploit
wpexploit
added 2021/05/07 12:0 a.m.97 views

Autoptimize < 2.8.4 - Authenticated Stored Cross-Site Scripting (XSS)

The plugin was missing proper escaping and sanitisation in some of its settings, allowing high privilege users to set XSS payloads in them, leading to stored Cross-Site Scripting issues Adds the following payloads in the API Key settings /wp-admin/options-general.php?page=aocritcss "alert/XSS/ --...

4.8CVSS0.1AI score0.00626EPSS
Exploits2References2
wpexploit
wpexploit
added 2021/04/15 12:0 a.m.97 views

User Rights Access Manager < 1.0.4 - Improper Access Controls

The plugin did not properly restrict access to some paths, still allowing a restricted user to access them, and edit the Blog Options, create/edit posts and so on for example To reproduce it, install the plugin, create a new admin user and take all his privileges using the mentioned plugin block...

0.7AI score
Exploits0
wpexploit
wpexploit
added 2023/03/17 12:0 a.m.96 views

Article Directory <= 1.3 - Admin+ Stored XSS

The plugin does not properly sanitize the publishtermstext setting before displaying it in the administration panel, which may enable administrators to conduct Stored XSS attacks in multisite contexts. POST /wordpress/wp-admin/options.php HTTP/1.1 Host: 172.28.128.6 User-Agent: Mozilla/5.0 Window...

4.8CVSS5.1AI score0.0047EPSS
Exploits2
wpexploit
wpexploit
added 2023/01/10 12:0 a.m.96 views

Page View Count < 2.6.1 - Contributor+ Stored XSS

The plugin does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. Exploit Additional CSS classes for "Page Views"...

5.4CVSS0.2AI score0.00573EPSS
Exploits2
wpexploit
wpexploit
added 2023/01/06 12:0 a.m.96 views

Blog Designer – Post and Widget < 2.4.1 - Contributor+ Stored XSS via Shortcode

The plugin does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack. Exploit shortcode: wpspwrecentpostslider design='" onmouseover="alert1" style="background:red;"'...

6.8CVSS1.6AI score0.00627EPSS
Exploits2
wpexploit
wpexploit
added 2022/12/23 12:0 a.m.96 views

Real Cookie Banner < 3.4.10 - Contributor+ Stored XSS

The plugin does not validate and escapes some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as a contributor to perform Stored Cross-Site Scripting attacks against logged-in admins. Exploit shortcode: rcb-consent class='"...

5.4CVSS1.2AI score0.00534EPSS
Exploits2
wpexploit
wpexploit
added 2022/11/04 12:0 a.m.96 views

WP Admin UI Customize < 1.5.13 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. 1. Go to "WP Admin UI Customize" » "Login Form". ...

4.8CVSS4.7AI score0.00533EPSS
Exploits2
wpexploit
wpexploit
added 2022/06/15 12:0 a.m.96 views

Sharebar <= 1.4.1 - Arbitrary Settings Update to Stored XSS via CSRF

The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and also lead to Stored Cross-Site Scripting issue due to the lack of sanitisation and escaping in some of them test1" test2"...

5.4CVSS0.3AI score0.00261EPSS
Exploits2
wpexploit
wpexploit
added 2022/06/14 12:0 a.m.96 views

ShortPixel Image Optimizer < 4.22.10 - Reflected Cross-Site Scripting

The plugin does not escape a generated URLs before outputting them back in an attribute, leading to Reflected Cross-Site Scripting https://example.com/wp-admin/options-general.php?page=wp-shortpixel-settings&"alert/XSS/...

0.1AI score
Exploits0
wpexploit
wpexploit
added 2022/05/09 12:0 a.m.96 views

HPB Dashboard <= 1.3.1 - Admin+ Stored Cross Site Scripting

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed. Put the following payload in the plugin's settings: "...

4.8CVSS0.7AI score0.00565EPSS
Exploits2
wpexploit
wpexploit
added 2022/04/26 12:0 a.m.96 views

Turn off all comments <= 1.0 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape the rows parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting https://example.com/wp-admin/tools.php?page=toac&status=success&rows=%3Csvg%2Fonload%3Dalert%28%2Fxss%2F%29%3E...

6.1CVSS1.5AI score0.02953EPSS
Exploits2
wpexploit
wpexploit
added 2022/04/04 12:0 a.m.96 views

Social comments by WpDevArt < 2.5.0 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when unfilteredhtml is disallowed Put the following payload in any of the plugin's text field settings such as Title , Title font-size etc: "svg...

4.8CVSS0.2AI score0.00577EPSS
Exploits2
wpexploit
wpexploit
added 2022/04/01 12:0 a.m.96 views

Page Restriction WordPress < 1.2.7 - Admin+ Stored Cross-Site Scripting

The plugin allows bad actors with administrator privileges to the settings page to inject Javascript code to its settings leading to stored Cross-Site Scripting that will only affect administrator users. In Page/Post Access tab, Use XSS Payload as "alert'XSS' in any of the pages available. XSS wi...

4.8CVSS1.7AI score0.00577EPSS
Exploits2
wpexploit
wpexploit
added 2022/03/15 12:0 a.m.96 views

NS WooCommerce Watermark <= 2.11.3 - Abuse of Functionality

An unprivileged user could use the functionality of the plugin to load images that hide malware for example from passing malicious domains to hide their trace, by making them pass through the vulnerable domain. Search for a vulnerable domain with the dork:...

7.5CVSS1AI score0.01211EPSS
Exploits2
wpexploit
wpexploit
added 2022/02/17 12:0 a.m.96 views

Profile Builder < 3.6.2 - Reflected Cross-Site Scripting

The plugin does not properly sanitise and escape the siteurl parameter before outputting it back in an href attribute, leading to a Reflected Cross-Site Scripting issue...

6.1CVSS0.5AI score0.02703EPSS
Exploits3References1
wpexploit
wpexploit
added 2022/01/03 12:0 a.m.96 views

TrustMate.io integration for WooCommerce < 1.8.12 - Subscriber+ Arbitrary Plugin's Settings Update

The plugin does not have any CSRF and authorisation checks in the savecheckbox AJAX action, available to any authenticated users, allowing any authenticated user, such as subscriber to update arbitrary settings from the plugin. Due to the lack of escaping, it could lead to Stored Cross-Site...

0.1AI score
Exploits0
wpexploit
wpexploit
added 2021/12/22 12:0 a.m.96 views

Contact Form & Lead Form Elementor Builder < 1.6.8 - Subscriber+ Arbitrary Lead Deletion

The plugin does not have capability and CSRF checks in the deleteleadsbackend AJAX action, available to any authenticated users. As a result, users with a role as low as subscriber could delete arbitrary Leads. Attackers could also make any logged in users delete leads via a CSRF attack POST...

0.4AI score
Exploits0
wpexploit
wpexploit
added 2021/06/14 12:0 a.m.96 views

Vik Rent Car < 1.1.7 - CSRF to Stored XSS

In the plugin, there is a custom filed option by which we can manage all the fields that the users will have to fill in before saving the order. However, the field name is not sanitised or escaped before being output back in the page, leading to a stored Cross-Site Scripting issue. There is also ...

5.4CVSS5.4AI score0.00319EPSS
Exploits2
wpexploit
wpexploit
added 2021/05/24 12:0 a.m.96 views

WP LMS < 1.1.3 - Unauthenticated Stored Cross-Site Scripting (XSS)

The plugin does not properly sanitise or validate its User Field Titles, allowing XSS payload to be used in them. Furthermore, no CSRF and capability checks were in place, allowing such attack to be performed either via CSRF or as any user including unauthenticated v1.1.3 fixed the XSS by escapin...

4.3CVSS0.4AI score0.00762EPSS
Exploits2
wpexploit
wpexploit
added 2021/01/20 12:0 a.m.96 views

Advanced Custom Field Pro < 5.9.1 - Reflected Cross-Site Scripting (XSS)

The plugin did not properly escape the generated update URL when outputting it in an attribute, leading to a reflected Cross-Site Scripting issue in the update settings page. The PoC will be displayed on April 16, 2021, to give users the time to update...

0.3AI score0.01387EPSS
Exploits2References2
wpexploit
wpexploit
added 2020/05/26 12:0 a.m.96 views

Drag and Drop Multiple File Upload for Contact Form 7 < 1.3.3.3 - Unauthenticated File Upload Bypass

Due to the plugin not properly checking the file being uploaded via the dndcodedropzupload AJAX action, an attacker could bypass the checks in place and upload a PHP file. There was a working exploit provided along with this vulnerability. It also requires the Contact Form 7 plugin to be installe...

7.5CVSS0.4AI score0.78751EPSS
Exploits7References4
wpexploit
wpexploit
added 2023/02/28 12:0 a.m.95 views

HT Slider For Elementor < 1.4.0 - Arbitrary Plugin Activation via CSRF

The plugin does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack activate woocommerce plugin exploit: fetch'http://localhost/wp-admin/admin-ajax.php', method: 'POST', headers: new...

4.3CVSS1.3AI score0.00262EPSS
Exploits2
wpexploit
wpexploit
added 2023/02/21 12:0 a.m.95 views

WP OAuth Server < 4.2.5 - Arbitrary Post Deletion via CSRF

The plugin does not have CSRF check when deleting a client, and does not ensure that the object to be deleted is actually a client, which could allow attackers to make a logged in admin delete arbitrary client and post via a CSRF attack. fetch'/wp-admin/admin-ajax.php', method: 'POST', headers: n...

4.3CVSS5.7AI score0.00252EPSS
Exploits2
wpexploit
wpexploit
added 2023/01/12 12:0 a.m.95 views

WP Blog and Widget < 2.3.1 - Contributor+ Stored XSS via Shortcode

The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. Note: First,...

5.4CVSS0.8AI score0.00649EPSS
Exploits2
wpexploit
wpexploit
added 2023/01/05 12:0 a.m.95 views

CC Child Pages < 1.43 - Contributor+ Stored XSS via Shortcode

The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. Exploit:...

5.4CVSS1AI score0.00534EPSS
Exploits2
wpexploit
wpexploit
added 2023/01/04 12:0 a.m.95 views

WooCommerce Chained Products < 2.12.0 - Unauthenticated Arbitrary Options Update to 'no'

The plugin does not have authorisation and CSRF checks, as well as does not ensure that the option to be updated belong to the plugin, allowing unauthenticated attackers to set arbitrary options to 'no' As unauthenticated, open the following URL to set the Blog Name to 'no':...

4.3CVSS1.9AI score0.00281EPSS
Exploits2
wpexploit
wpexploit
added 2022/12/21 12:0 a.m.95 views

Seriously Simple Podcasting < 2.19.1 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. 1. Create a...

5.4CVSS0.4AI score0.00534EPSS
Exploits2
Total number of security vulnerabilities4359