Lucene search
K
WpexploitMost viewed

4359 matches found

wpexploit
wpexploit
•added 2022/12/21 12:0 a.m.•95 views

Images Optimize and Upload CF7 <= 2.1.4 - Unauthenticated Arbitrary File Deletion

The plugin does not validate the file to be deleted via an AJAX action available to unauthenticated users, which could allow them to delete arbitrary files on the server via path traversal attack. 1. Install contact-form-7 dependency 2. Install the vulnerable plugin images-optimize-and-upload-cf7...

9.1CVSS1AI score0.29369EPSS
Exploits2
wpexploit
wpexploit
•added 2022/12/19 12:0 a.m.•95 views

Jetpack CRM < 5.5 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins As a...

5.4CVSS0.5AI score0.00534EPSS
Exploits2
wpexploit
wpexploit
•added 2022/03/29 12:0 a.m.•95 views

Donations <= 1.8 - Unauthenticated SQLi

The plugin does not sanitise and escape the nddonationsid parameter before using it in a SQL statement via the nddonationssinglecauseformvalidatefieldsphpfunction AJAX action available to unauthenticated users, leading to an unauthenticated SQL Injection Create a new "Cause" and fill out the form...

9.8CVSS0.8AI score0.01743EPSS
Exploits2
wpexploit
wpexploit
•added 2022/01/24 12:0 a.m.•95 views

Ad Inserter < 2.7.10 - Reflected Cross-Site Scripting

The plugins do not sanitise and escape the htmlelementselection parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting "...

6.1CVSS6.2AI score0.02389EPSS
Exploits2
wpexploit
wpexploit
•added 2022/01/06 12:0 a.m.•95 views

IP2Location Country Blocker < 2.26.6 - Arbitrary Country Ban via CSRF

The plugin does not have CSRF check in the ip2locationcountryblockersaverules AJAX action, allowing attackers to make a logged in admin block arbitrary country, or block all of them at once, preventing users from accessing the frontend. Make an admin open a page with the following code in it, whi...

7.1CVSS0.5AI score0.00451EPSS
Exploits2References1
wpexploit
wpexploit
•added 2021/12/29 12:0 a.m.•95 views

Orange Form <= 1.0.1 - Unauthenticated Arbitrary Post Deletion

The plugin does not have any authorisation and CSRF checks in all of its AJAX calls, for example the ordeletefiled one which is available to both unauthenticated and authenticated users could allow attackers to delete arbitrary posts.The AJAX calls performing actions on posts also do not ensure...

4.3CVSS1.1AI score0.00426EPSS
Exploits2
wpexploit
wpexploit
•added 2021/05/05 12:0 a.m.•95 views

Target First Plugin 2.0 - Unauthenticated Stored XSS via Licence Key

The Target First WordPress Plugin, also previously known as Watcheezy, suffered from a critical unauthenticated stored XSS vulnerability. An attacker could change the licence key value through a POST on any URL with the "weeWzKey" parameter that will be save as the "weeID" option. The input value...

6.1CVSS0.9AI score0.01188EPSS
Exploits2References2
wpexploit
wpexploit
•added 2021/01/21 12:0 a.m.•95 views

Contact Form 7 Database Addon < 1.2.5.4 - Authenticated SQL Injections

The plugin did not properly sanitise the formids from the contactform POST array parameter before using them in a SQL statement in the processbulkaction function. This could allow high privilege users, such as admin to perform SQL Injection against the DBMS via the bulk actions: delete, read and...

1.8AI score
Exploits0References1
wpexploit
wpexploit
•added 2023/03/22 12:0 a.m.•94 views

Events Made Easy <= 2.3.14 - Subscriber+ SQLi

The plugin does not properly sanitise and escape the searchname parameter before using it in a SQL statement via the emerecurrenceslist AJAX action, leading to a SQL injection exploitable by any authenticated users, such as subscriber Open the URL below while being on the blog as subscriber user...

8.8CVSS9.2AI score0.00872EPSS
Exploits2References1
wpexploit
wpexploit
•added 2023/02/28 12:0 a.m.•94 views

Coupon Zen < 1.0.6 - Arbitrary Plugin Activation via CSRF

The plugin does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack fetch'https://example.com/wp-admin/admin-ajax.php', method: 'POST', headers: new Headers 'Content-Type':...

4.3CVSS5.2AI score0.00267EPSS
Exploits2
wpexploit
wpexploit
•added 2022/12/16 12:0 a.m.•94 views

ActiveCampaign for WooCommerce < 1.9.8 - Subscriber+ Error Log Cleanup

The plugin does not have authorisation check when cleaning up its error logs via an AJAX action, which could allow any authenticated users, such as subscriber to call it and remove error logs. Run the below command in the developer console of the web browser while being on the blog as a subscribe...

4.3CVSS1.5AI score0.00483EPSS
Exploits2
wpexploit
wpexploit
•added 2022/12/05 12:0 a.m.•94 views

Contest Gallery < 19.1.5 - Author+ SQL Injection

The plugins do not escape the optionid POST parameter before concatenating it to an SQL query in order-custom-fields-with-and-without-search.php. This may allow malicious users with at least author privilege to leak sensitive information from the site's database. POST...

6.5CVSS0.6AI score0.00854EPSS
Exploits2References1
wpexploit
wpexploit
•added 2022/10/31 12:0 a.m.•94 views

Event Monster < 1.2.0 - Visitors Deletion via CSRF

The plugin does not have CSRF check when deleting visitors, which could allow attackers to make logged in admin delete arbitrary visitors via a CSRF attack To delete the attendee/visitor with ID 1, make a logged in admin open a page with the HTML code below The statement deleting attendee is also...

4.3CVSS0.4AI score0.00274EPSS
Exploits2
wpexploit
wpexploit
•added 2022/10/18 12:0 a.m.•94 views

WP Attachments < 5.0.5 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitize and escapes some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example, in multisite setup. Inject an XSS payload in the title by going to...

4.8CVSS4.9AI score0.00532EPSS
Exploits2
wpexploit
wpexploit
•added 2022/10/10 12:0 a.m.•94 views

PublishPress Capabilities < 2.5.2 - Admin+ PHP Objection Injection

The plugin unserializes the content of imported files, which could lead to PHP object injection attacks by administrators, on multisite WordPress configurations. Successful exploitation in this case requires other plugins with a suitable gadget chain to be present on the site. To simulate a gadge...

7.2CVSS0.4AI score0.01126EPSS
Exploits2
wpexploit
wpexploit
•added 2022/01/05 12:0 a.m.•95 views

SupportCandy < 2.2.5 - Unauthenticated Arbitrary Ticket Deletion

The plugin does not have authorisation and CRSF checks in its wpsctickets AJAX action, which could allow unauthenticated users to call it and delete arbitrary tickets via the setdeletepermanentlybulkticket settingaction. Other actions may be affected as well. POST /wp-admin/admin-ajax.php HTTP/1....

7.5CVSS1.4AI score0.0124EPSS
Exploits2
wpexploit
wpexploit
•added 2022/01/05 12:0 a.m.•94 views

WPLegalPages < 2.7.1 - Subscriber+ Arbitrary Settings Update to Stored XSS

The plugin does not check for authorisation and has a flawed CSRF logic when saving its settings, allowing any authenticated users, such as subscriber, to update them. Furthermore, due to the lack of sanitisation and escaping, it could lead to Stored Cross-Site Scripting Run the below command in...

5.4CVSS5.4AI score0.006EPSS
Exploits2
wpexploit
wpexploit
•added 2021/03/26 12:0 a.m.•94 views

Quiz And Survey Master < 7.1.14 - Authenticated SQL injection via Rest API

While confirming https://wpscan.com/vulnerability/3b52b25c-82a1-41c7-83ac-92e244f7c5ab, another SQLi issue was identified and reported. The qsmrestgetbankquestions function in the php/rest-api.php file did not property sanitise and escape the category parameter before using it in SQL statements...

0.6AI score
Exploits0References1
wpexploit
wpexploit
•added 2023/02/13 12:0 a.m.•93 views

eVision Responsive Column Layout Shortcodes <= 2.3 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. bscolumns class='" onmouseover="alert1"...

5.4CVSS5.2AI score0.00471EPSS
Exploits2
wpexploit
wpexploit
•added 2023/01/16 12:0 a.m.•93 views

Restaurant Menu < 2.3.6 - Contributor+ Stored XSS via Shortcode

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks The exploit requires at least a contributor...

5.4CVSS5.2AI score0.00667EPSS
Exploits2
wpexploit
wpexploit
•added 2023/01/11 12:0 a.m.•93 views

EAN for WooCommerce < 4.4.3 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. algwceanproductimage productid='1'...

5.4CVSS1AI score0.00573EPSS
Exploits2
wpexploit
wpexploit
•added 2022/12/21 12:0 a.m.•93 views

Simple Membership < 4.2.2 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admin. 1. Exploit...

5.4CVSS0.3AI score0.00534EPSS
Exploits2
wpexploit
wpexploit
•added 2022/12/16 12:0 a.m.•93 views

Logo Slider < 3.6.0 - Contributor+ Stored XSS in Shortcode

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks Note: First, you need to add a Logo Slider...

5.4CVSS1.3AI score0.00578EPSS
Exploits2
wpexploit
wpexploit
•added 2022/12/09 12:0 a.m.•93 views

WP RSS By Publishers <= 0.1 - Admin+ SQLi

The plugin does not properly sanitize and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin https://example.com/wp-admin/admin.php?page=wsysadminfeeds&action=delete&id=0,1+AND+SELECT+5926+FROM+SELECTSLEEP5erUA...

7.2CVSS1.1AI score0.00983EPSS
Exploits2References1
wpexploit
wpexploit
•added 2022/12/05 12:0 a.m.•93 views

Contest Gallery < 19.1.5 - Admin+ SQL Injection

The plugins do not escape the cgoptionid POST parameter before concatenating it to an SQL query in export-votes-all.php. This may allow malicious users with administrator privileges i.e. on multisite WordPress configurations to leak sensitive information from the site's database. POST...

4.9CVSS0.4AI score0.00883EPSS
Exploits2References1
wpexploit
wpexploit
•added 2022/11/16 12:0 a.m.•93 views

WooCommerce Shipping - DPD baltic < 1.2.11 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. Put the following payload in the Name field of...

4.8CVSS4.7AI score0.0047EPSS
Exploits2
wpexploit
wpexploit
•added 2022/10/03 12:0 a.m.•93 views

Bricks Builder < 1.5.4 - Subscriber+ Arbitrary Post/Page Edition

The theme does not have authorisation in an AJAX action, which could allow any authenticated users such as subscriber to call it and edit any page, post, or template on the blog 1. Start with a clean Wordpress install 2. Install Bricks builder v1.5.3 3. Enable registrations on the website 4...

6.5CVSS0.8AI score0.00618EPSS
Exploits1
wpexploit
wpexploit
•added 2022/09/19 12:0 a.m.•93 views

Top Bar < 3.0.4 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its settings before outputting them in frontend pages, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup Put the...

4.8CVSS4.8AI score0.00506EPSS
Exploits2
wpexploit
wpexploit
•added 2022/01/03 12:0 a.m.•93 views

Asset CleanUp < 1.3.8.5 - Reflected Cross-Site Scripting

The plugin does not escape the wpacuselectedsubtabarea parameter before outputting it back in an attribute in an admin page, leading to a Reflected Cross-Site Scripting issue...

6.1CVSS1.2AI score0.008EPSS
Exploits2
wpexploit
wpexploit
•added 2021/12/28 12:0 a.m.•93 views

LabTools <= 1.0 - Subscriber+ Arbitrary Publication Deletion

The plugin does not have proper authorisation and CSRF check in place when deleting publications, allowing any authenticated users, such as subscriber to delete arbitrary publication The PoC will be displayed once the issue has been remediated...

6.5CVSS1.7AI score0.00382EPSS
Exploits1
wpexploit
wpexploit
•added 2021/12/23 12:0 a.m.•93 views

Product Feed PRO for WooCommerce < 11.0.7 - Subscriber+ Settings Update to Stored XSS

The plugin does not have authorisation and CSRF check in some of its AJAX actions, allowing any authenticated users to call then, which could lead to Stored Cross-Site Scripting issue which will be triggered in the admin dashboard due to the lack of escaping. v10.9.1 added a CSRF check, however...

5.4CVSS0.3AI score0.00607EPSS
Exploits2
wpexploit
wpexploit
•added 2021/12/20 12:0 a.m.•93 views

Event Calendar < 1.1.51 - Reflected Cross-Site Scripting

The plugin does not escape some user input before outputting it back in attributes, leading to Reflected Cross-SIte Scripting issues And move the mouse over the 'Untitled' text Firefox only:...

6.1CVSS6.1AI score0.0081EPSS
Exploits2
wpexploit
wpexploit
•added 2021/12/20 12:0 a.m.•93 views

Event Calendar < 1.1.51 - Subscriber+ Event Creation

The plugin does not have proper authorisation and CSRF checks in the addcalendarevent AJAX actions, allowing users with a role as low as subscriber to create events Adding calendar events: fetch"https://example.com/wp-admin/admin-ajax.php", "headers": "content-type":...

4.3CVSS0.8AI score0.00347EPSS
Exploits2
wpexploit
wpexploit
•added 2021/06/30 12:0 a.m.•93 views

MZ Mindbody API < 2.8.3 - Unauthorised AJAX Calls

The plugin did not properly check for CSRF and authorisation in various AJAX actions, allowing attacker to make users call them and perform unwanted actions, as well as allow low privilege users to call them As a low privilege user such as subscriber...

2.9AI score
Exploits0
wpexploit
wpexploit
•added 2021/06/07 12:0 a.m.•93 views

Recently < 3.0.5 - Authenticated Stored Cross-Site Scripting (XSS)

The plugin did not properly sanitise or escape its default Thumbnail setting before outputting back in the page, leading to a stored Cross-Site Scripting issue POST /wp-admin/options-general.php?page=recently&tab=tools HTTP/1.1 Accept:...

0.3AI score
Exploits0References1
wpexploit
wpexploit
•added 2021/05/10 12:0 a.m.•93 views

LifterLMS < 4.21.1 - Authenticated Stored XSS in Edit Profile

The 'State' field of the Edit profile page of the plugin is not properly sanitised when output in the About section of the profile page, leading to a stored Cross-Site Scripting issue. This could allow low privilege users such as students to elevate their privilege via an XSS attack when an admin...

5.4CVSS0.2AI score0.03249EPSS
Exploits5References1
wpexploit
wpexploit
•added 2021/04/05 12:0 a.m.•93 views

Simple Membership < 4.0.4 - Authenticated SQL Injections

The plugin did not properly sanitise user input before using it in SQL queries in the admin backend, leading to authenticated admin+ SQL injections GET /wp/wp-admin/admin.php?status=&membershiplevel=&s=hhhh%27%20OR%20SLEEP%281%29%20OR%20firstname%20LIKE%20%27%25i%0A&page=simplewpmembership HTTP/1...

1AI score
Exploits1References1
wpexploit
wpexploit
•added 2021/01/15 12:0 a.m.•93 views

Easy Contact Form Pro < 1.1.1.9 - Authenticated Stored Cross-Site Scripting (XSS)

The plugin did not properly sanitise the text fields such as Email Subject, Email Recipient, etc when creating or editing a form, leading to an authenticated author+ stored cross-site scripting issue. This could allow medium privilege accounts such as author and editor to perform XSS attacks...

5.8AI score
Exploits0References1
wpexploit
wpexploit
•added 2020/12/18 12:0 a.m.•93 views

Simple Social Buttons < 3.2.1 - Unauthenticated Reflected Cross-Site Scripting

The version 3.2.0 attempted to fix a reflected Cross-Site Scripting issue, by adding a CSRF check, which does not fully remediate it as unauthenticated users will all have the same nonce generated and valid for 12h to 24h, or 2 WP ticks. Only unauthenticated users can be attacked with this issue...

6.8AI score
Exploits0References1
wpexploit
wpexploit
•added 2020/11/30 12:0 a.m.•93 views

Canto <= 1.7.0 - Unauthenticated Blind SSRF

The plugin is affected by Blind SSRF issues via the domain parameter in three files: /includes/lib/tree.php, /includes/lib/detail.php and /includes/lib/get.php. All requests to the arbitrary domain/IP will be made with the HTTPS protocol The PoC will be displayed once the issue has been remediate...

5CVSS0.9AI score0.26037EPSS
Exploits3References1
wpexploit
wpexploit
•added 2023/03/20 12:0 a.m.•92 views

All-In-One Security (AIOS) < 5.1.5 - Admin+ Arbitrary File/Folder Access via Traversal

The plugin does not limit what log files to display in it's settings pages, allowing an authorized user admin+ to view the contents of arbitrary files and list directories anywhere on the server to which the web server has access. The plugin only displays the last 50 lines of the file. POST...

4.9CVSS5.7AI score0.19921EPSS
Exploits2
wpexploit
wpexploit
•added 2022/12/12 12:0 a.m.•92 views

Web Invoice <= 2.1.3 - Authenticated SQLi

The plugin does not properly sanitize and escape a parameter before using it in a SQL statement, leading to a SQL Injection exploitable by high privilege users such as admin by default. However, depending on the plugin configuration, other users, such as subscriber could exploit this as well When...

7.2CVSS0.5AI score0.00983EPSS
Exploits2References1
wpexploit
wpexploit
•added 2022/10/13 12:0 a.m.•92 views

Highlight FocusĀ <= 1.1 - Admin+ Stored Cross Site Scripting

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup Put the following payload in any of the plugins...

4.8CVSS0.2AI score0.00532EPSS
Exploits2
wpexploit
wpexploit
•added 2022/06/13 12:0 a.m.•92 views

Gallery < 2.0.0 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape a parameter before outputting it back in the response of an AJAX action available to both unauthenticated and authenticated users, leading to a Reflected Cross-Site Scripting issue...

6.1CVSS1AI score0.01626EPSS
Exploits2
wpexploit
wpexploit
•added 2022/04/05 12:0 a.m.•92 views

Tipsacarrier <= 1.4.4.2 - Unauthenticated SQLi

The plugin does not sanitise and escape various parameters before using them in SQL statements, and is lacking authorisation checks in some calls as well, leading to SQL Injection issues Vendor was notified on November 26th, 2021, did not reply nor fix the issue Affected files:...

1.2AI score
Exploits0
wpexploit
wpexploit
•added 2022/03/30 12:0 a.m.•92 views

Videos sync PDF <= 1.7.4 - Unauthenticated LFI

The plugin does not validate the p parameter before using it in an include statement, which could lead to Local File Inclusion issues https://example.com/wp-content/plugins/video-synchro-pdf/reglages/MenuPlugins/tout.php?p=LFI...

7.5CVSS1.6AI score0.11088EPSS
Exploits2References2
wpexploit
wpexploit
•added 2022/03/29 12:0 a.m.•92 views

Users Ultra <= 3.1.0 - Unauthenticated SQL Injection

The plugin fails to properly sanitize and escape the datatarget parameter before it is being interpolated in an SQL statement and then executed via the ratingvote AJAX action available to both unauthenticated and authenticated users, leading to an SQL Injection. curl...

9.8CVSS2.2AI score0.08415EPSS
Exploits2
wpexploit
wpexploit
•added 2022/01/24 12:0 a.m.•92 views

WP Dependency Installer < 4.3.1 - Arbitrary Plugin Installation from Dependency via CSRF

The wp-dependency-installer library, used in the plugins, does not have CSRF check in its dependencyinstaller AJAX action with the install method, which could allow attackers to make a logged in admin install plugins defined in the wp-dependencies.json via a CSRF attack. The slug has to be presen...

1.5AI score
Exploits0
wpexploit
wpexploit
•added 2022/01/13 12:0 a.m.•92 views

SpiderCalendar <= 1.5.65 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape the callback parameter before outputting it back in the page via the window AJAX action available to both unauthenticated and authenticated users, leading to a Reflected Cross-Site Scripting issue. Note: Vendor decided to close the plugin and it won't be...

6.1CVSS3.3AI score0.02291EPSS
Exploits2
wpexploit
wpexploit
•added 2021/11/30 12:0 a.m.•92 views

LiteSpeed Cache < 4.4.4 - Admin+ Reflected Cross-Site Scripting

The plugin does not escape the qcres parameter before outputting it back in the JS code of an admin page, leading to a Reflected Cross-Site Scripting As admin, enter the following payload in the Domain Key setting of the plugin: Then open...

4.8CVSS5.4AI score0.00654EPSS
Exploits2References1
Total number of security vulnerabilities4359