Lucene search
K
WpexploitMost viewed

4359 matches found

wpexploit
wpexploit
added 2022/12/09 12:0 a.m.91 views

WP RSS By Publishers <= 0.1 - Admin+ SQLi

The plugin does not properly sanitize and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin https://example.com/wp-admin/admin.php?page=wsysadminpublishers&action=delete&id=0,1+AND+SELECT+5926+FROM+SELECTSLEEP5erUA...

7.2CVSS1.1AI score0.01096EPSS
Exploits2References1
wpexploit
wpexploit
added 2022/12/09 12:0 a.m.91 views

Superio - Job Board < 1.2.33 - Subscriber+ Stored Cross-Site Scripting

The theme does not sanitise and escape some parameters, which could allow users with a role as low as a subscriber to perform Stored Cross-Site Scripting attacks. As a candidate, add the following payload on the Social Network option: javascript:alert1 As a recruiter, access the candidate page an...

5.4CVSS0.3AI score0.00484EPSS
Exploits2References1
wpexploit
wpexploit
added 2022/12/08 12:0 a.m.91 views

Qe SEO Handyman <= 1.0 - Admin+ SQLi

The plugin does not properly sanitize and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin POST /wp-admin/admin-post.php HTTP/1.1 Host: localhost User-Agent: Mozilla/5.0 X11; Linux x8664; rv:91.0 Gecko/20100101...

7.2CVSS0.4AI score0.00983EPSS
Exploits2References1
wpexploit
wpexploit
added 2022/11/03 12:0 a.m.91 views

Analytics for WP <= 1.5.1 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. 1. In the Settings page of this plugin, in the bo...

4.8CVSS4.7AI score0.00519EPSS
Exploits2
wpexploit
wpexploit
added 2022/10/28 12:0 a.m.91 views

WP Best Quiz <= 1.0 - Author+ Stored XSS

The plugin does not sanitize and escape some parameters, which could allow users with a role as low as Author to perform Cross-Site Scripting attacks. 1. Go to Quiz » Add Categories. 2. Inset a category with the payload as name: alert1. 3. The XSS will be trigged when accessing the Add Categories...

0.6AI score0.00677EPSS
Exploits2
wpexploit
wpexploit
added 2022/06/13 12:0 a.m.91 views

Gallery < 2.0.0 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape a parameter before outputting it back in the response of an AJAX action available to both unauthenticated and authenticated users, leading to a Reflected Cross-Site Scripting issue...

6.1CVSS1AI score0.01626EPSS
Exploits2
wpexploit
wpexploit
added 2022/04/26 12:0 a.m.91 views

Donate Extra <= 2.02 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape a parameter before outputting it back in the response, leading to a Reflected cross-Site Scripting ' document.form1.submit;...

6.1CVSS0.1AI score0.00757EPSS
Exploits2
wpexploit
wpexploit
added 2022/04/26 12:0 a.m.91 views

Coru LFMember <= 1.0.2 - Stored Cross-Site Scripting via CSRF

The plugin does not have CSRF check in place when adding a new game, and is lacking sanitisation as well as escaping in their settings, allowing attacker to make a logged in admin add an arbitrary game with XSS payloads ' / ' / ' / " / ' /...

0.9AI score0.00266EPSS
Exploits2References1
wpexploit
wpexploit
added 2022/03/31 12:0 a.m.91 views

ThirstyAffiliates < 3.10.5 - Subscriber+ unauthorized image upload + CSRF

The plugin lacks authorization checks in the tainsertexternalimage action, allowing a low-privilege user with a role as low as Subscriber to add an image from an external URL to an affiliate link. Further the plugin lacks csrf checks, allowing an attacker to trick a logged in user to perform the...

4.3CVSS3.8AI score0.00335EPSS
Exploits2
wpexploit
wpexploit
added 2022/02/04 12:0 a.m.91 views

IP2Location Country Blocker < 2.26.9 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its settings, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. As admin, enable Frontend Blocking and put the following payload in the Display page when visitor is blocked U...

0.4AI score
Exploits0References2
wpexploit
wpexploit
added 2021/12/29 12:0 a.m.91 views

Error Log Viewer < 1.1.2 - Arbitrary Text File Deletion via CSRF

The plugin does not perform nonce check when deleting a log file and does not have path traversal prevention, which could allow attackers to make a logged in admin delete arbitrary text files on the web server. On Web Servers other than Windows, the /wp-content/plugins/error-log-viewer/savedlogs/...

6.5CVSS0.9AI score0.00599EPSS
Exploits2
wpexploit
wpexploit
added 2023/03/22 12:0 a.m.90 views

WP Popup Banners <= 1.2.5 - Subscriber+ SQLi

The plugin does not properly sanitise and escape the value parameter before using it in a SQL statement via the getpopupdata AJAX action, leading to a SQL injection exploitable by any authenticated users, such as subscriber Run the below command in the developer console of the web browser while...

8.8CVSS9.2AI score0.00872EPSS
Exploits2References1
wpexploit
wpexploit
added 2023/03/21 12:0 a.m.90 views

Drag and Drop Multiple File Upload PRO - Contact Form 7 with Remote Storage Integrations < 5.0.6.4 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high-privilege users such as admins. Visit the following path on the site as an admin user:...

6.1CVSS5.9AI score0.00542EPSS
Exploits3
wpexploit
wpexploit
added 2023/03/20 12:0 a.m.90 views

WordPress Amazon S3 Plugin < 1.6 - Reflected XSS

The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

4.8CVSS5.5AI score0.00442EPSS
Exploits2
wpexploit
wpexploit
added 2023/03/20 12:0 a.m.90 views

Simple Giveaways < 2.45.1 - Editor+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its Giveaways options, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup Login with an editor user and add/edit a...

4.8CVSS5.3AI score0.00446EPSS
Exploits2
wpexploit
wpexploit
added 2023/02/13 12:0 a.m.90 views

Cost Calculator <= 1.8 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. ndcostcalculator id='" onmouseover="alert1"...

5.4CVSS5.2AI score0.00471EPSS
Exploits2
wpexploit
wpexploit
added 2023/01/13 12:0 a.m.90 views

Materialis Companion < 1.3.40 - Contributor+ Stored XSS via Shortcode

The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. Required them...

5.4CVSS1.5AI score0.00605EPSS
Exploits2
wpexploit
wpexploit
added 2023/01/12 12:0 a.m.90 views

Giveaways and Contests by RafflePress < 1.11.3 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. rafflepress id='1' minheight="'; alert1; '"...

5.4CVSS1.9AI score0.00573EPSS
Exploits2
wpexploit
wpexploit
added 2022/11/03 12:0 a.m.90 views

Image Hover Effects Css3 <= 4.5 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. 1. Go to Hover Effects » Hover Effects » Add New...

4.8CVSS0.1AI score0.0047EPSS
Exploits2
wpexploit
wpexploit
added 2022/10/17 12:0 a.m.90 views

Easy Digital Downloads < 3.0 - Arbitrary Post Deletion via CSRF

The plugin does not have CSRF check in place when deleting payment history, and does not ensure that the post to be deleted is actually a payment history. As a result, attackers could make a logged in admin delete arbitrary post via a CSRF attack...

4.3CVSS2.6AI score0.00286EPSS
Exploits2
wpexploit
wpexploit
added 2022/08/01 12:0 a.m.90 views

Student Result or Employee Database < 1.8.0 - Unauthorised REST Calls

The plugin has a flawed permission callback in its REST endpoints, allowing unauthenticated attackers to call them and add/edit/delete arbitrary student for example POST /wp-json/v2/ssradddata HTTP/1.1 Accept: / Accept-Language: en-GB,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type:...

1AI score
Exploits0
wpexploit
wpexploit
added 2022/06/14 12:0 a.m.90 views

Gravity PDF < 6.3.1 - Reflected Cross-Site Scripting

The plugin does not escape some URLs before outputting them back in attributes, leading to Reflected Cross-Site Scripting https://example.com/wp-admin/admin.php?page=gfeditforms&view=settings&subview=pdf&id=1&a'alert/XSS/...

0.4AI score
Exploits0
wpexploit
wpexploit
added 2022/06/14 12:0 a.m.90 views

WooCommerce Menu Cart < 2.12.0 - Reflected Cross-Site Scripting

The plugin does not escape some URLs before outputting them back in attributes, leading to Reflected Cross-Site Scripting When there is no shop active yet: https://example.com/wp-admin/index.php?a"alert/XSS/...

0.2AI score
Exploits0
wpexploit
wpexploit
added 2022/05/09 12:0 a.m.90 views

External Links in New Window / New Tab < 1.43 - Unauthenticated Stored Cross-Site Scripting

The plugin does not properly escape URLs it concatenates to onclick event handlers, which makes Stored Cross-Site Scripting attacks possible. On any post on the affected site, add the following link to a comment: Click here for XSS Click on the link, you should be getting an alert box...

6.1CVSS6AI score0.00757EPSS
Exploits2
wpexploit
wpexploit
added 2022/04/19 12:0 a.m.90 views

Videos sync PDF <= 1.7.4 - Stored Cross-Site Scripting via CSRF

The plugin does not have CSRF check in place when editing a video, and does not escape some of its fields, which could allow attackers to make a logged in admin change them and lead to Stored Cross-Site Scripting issues 2, 00:00:10-3, 00:00:15-4, 00:00:20-5" /...

0.2AI score
Exploits0References1
wpexploit
wpexploit
added 2022/03/22 12:0 a.m.90 views

Ad Injection <= 1.2.0.19 - Admin+ Stored Cross-Site Scripting & RCE

The plugin does not properly sanitize the body of the adverts injected into the pages, allowing a high privileged user Admin+ to inject arbitrary HTML or javascript even with unfilteredhtml disallowed, leading to a stored cross-site scripting XSS vulnerability. Further it is also possible to inje...

7.2CVSS0.2AI score0.40237EPSS
Exploits2
wpexploit
wpexploit
added 2022/03/21 12:0 a.m.90 views

Easy Smooth Scroll Links < 2.23.1 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed Put the following payload in any text field settings of the plugin for example Scroll Speed and...

4.8CVSS0.5AI score0.00588EPSS
Exploits2
wpexploit
wpexploit
added 2022/01/31 12:0 a.m.90 views

WP User < 7.0 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape some parameters in pages where the wpuser shortcode is used, leading to Reflected Cross-Site Scripting issues PAGEWITHSHORTCODE is a page with the wpuser shortcode embed https://example.com/?pageid=PAGEWITHSHORTCODE&formid="alert/XSS/...

0.2AI score0.00788EPSS
Exploits2
wpexploit
wpexploit
added 2022/01/14 12:0 a.m.90 views

Ad Invalid Click Protector (AICP) < 1.2.6 - Authenticated SQL Injection

The plugin is affected by a SQL Injection in the id parameter of the delete action. http://127.0.0.1:8001/wp-admin/admin.php?page=aicpbanneduserdetails&action=delete&id=0%20OR%201=1%20--%20k...

8.8CVSS2.7AI score0.01272EPSS
Exploits2
wpexploit
wpexploit
added 2022/01/04 12:0 a.m.90 views

Amazon Affiliate < 3.17.1 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape the tab parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting issue https://example.com/wp-admin/admin.php?page=aawp-settings&tab=%22onclick%3Dprompt%288%29%3E%3Csvg%2Fonload%3Dprompt%288%29%3E%22%40x.y...

2AI score
Exploits0References1
wpexploit
wpexploit
added 2021/12/28 12:0 a.m.90 views

Domain Check < 1.0.17 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape the domain parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting issue https://example.com/wp-admin/admin.php?page=domain-check-profile&domain=alert/XSS/...

6.1CVSS0.4AI score0.12857EPSS
Exploits5
wpexploit
wpexploit
added 2021/12/27 12:0 a.m.90 views

Qubely < 1.7.8 - Subscriber+ Arbitrary Post Deletion

The plugin does not have authorisation and CSRF check on the qubelydeletesavedblock AJAX action, and does not ensure that the block to be deleted belong to the plugin, as a result, any authenticated users, such as subscriber can delete arbitrary posts Note: v1.7.7 added capability check, CSRF che...

6.5CVSS1AI score0.00429EPSS
Exploits2
wpexploit
wpexploit
added 2021/06/29 12:0 a.m.90 views

Super Progressive Web Apps < 2.1.12 - Authenticated (Low Privileged) Arbitrary File Upload to RCE

When the Apple Touch Icons & Splash Screen add-on is active, its superpwasplashscreenuploader AJAX action, does not properly check for CSRF, authorisation and the content of the uploaded archive file. This allows attackers to upload an archive with a PHP file, leading to RCE by either using a low...

Exploits0
wpexploit
wpexploit
added 2021/04/16 12:0 a.m.90 views

All 404 Redirect to Homepage < 1.21 - Authenticated Reflected Cross-Site Scripting (XSS)

The tab parameter of the settings page of the plugin was vulnerable to an authenticated reflected Cross-Site Scripting XSS issue as user input was not properly sanitised before being output in an attribute...

0.2AI score0.0062EPSS
Exploits2
wpexploit
wpexploit
added 2023/04/03 12:0 a.m.89 views

WP FEvents Book <= 0.46 - Subscriber+ Arbitrary Booking Manipulation via IDOR

The plugin does not ensures that bookings to be updated belong to the user making the request, allowing any authenticated user to book, add notes, or cancel booking on behalf of other users. 1. Book or cancel booking an event using an authenticated user. 2. Intercept the request using an HTTP Pro...

6.5CVSS6.9AI score0.00555EPSS
Exploits2
wpexploit
wpexploit
added 2023/02/13 12:0 a.m.89 views

Resume Builder <= 3.1.1 - Subscriber+ Stored XSS

The plugin does not sanitize and escape some parameters related to Resume, which could allow users with a role as low as subscriber to perform Stored XSS attacks against higher privilege users Run the below command in the developer console of the web browser while being on the blog as subscriber...

5.4CVSS5.8AI score0.00444EPSS
Exploits2
wpexploit
wpexploit
added 2023/02/03 12:0 a.m.89 views

User Activity <= 1.0.1 - IP Spoofing

The plugin checks headers such as the X-Forwarded-For to retrieve the IP address of the request, which could lead to IP spoofing 1. Send login request with x-forwarded-for: REDACTEDIP 2. Show spoofed IP address in the dashboard OWASP A09:2021 – Security Logging and Monitoring Failures...

7.5CVSS7.7AI score0.00658EPSS
Exploits2
wpexploit
wpexploit
added 2022/12/20 12:0 a.m.89 views

WOOCS < 1.3.9.3 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins...

5.4CVSS1.5AI score0.00503EPSS
Exploits3
wpexploit
wpexploit
added 2022/11/03 12:0 a.m.89 views

Find and Replace All <= 1.3 - Arbitrary Replacement via CSRF

The plugin does not have CSRF check when replacing string, which could allow attackers to make a logged admin replace arbitrary string in database tables via a CSRF attack Make a logged in admin open a page with the below code...

4.3CVSS1AI score0.00267EPSS
Exploits2
wpexploit
wpexploit
added 2022/10/28 12:0 a.m.89 views

Login Block IPs <= 1.0.0 - IP Spoofing Bypass

The function checkisloginpage uses headers for the IP check, which can be easily spoofed. Set HTTPCLIENTIP to bypass blocks / use allowed IP addresses...

7.5CVSS0.7AI score0.00664EPSS
Exploits2
wpexploit
wpexploit
added 2022/03/23 12:0 a.m.89 views

Amministrazione Aperta < 3.8 - Admin+ LFI

The plugin does not validate the open parameter before using it in an include statement, leading to a Local File Inclusion issue. The original advisory mentions that unauthenticated users can exploit this, however the affected file generates a fatal error when accessed directly and the affected...

6.5CVSS1.8AI score0.02179EPSS
Exploits2References1
wpexploit
wpexploit
added 2022/02/14 12:0 a.m.89 views

Multiple Themes - Reflected Cross-Site Scripting via Customizer Notify

The qualitycustomizernotifydismissaction and ticustomizernotifydismissrecommendedplugins AJAX actions names can differ depending on the theme, available to authenticated users in multiple themes do not validate or escape the id parameter before outputting it back in the response, leading to...

0.4AI score
Exploits0
wpexploit
wpexploit
added 2022/01/05 12:0 a.m.89 views

SupportCandy < 2.2.7 - Contributor+ Stored Cross-Site Scripting

The plugin does not validate and escape the page attribute of its shortcode, which could allow users with a role as low as Contributor to perform Cross-Site Scripting attacks supportcandy page="init';alert/XSS///"...

5.4CVSS1.5AI score0.00604EPSS
Exploits2
wpexploit
wpexploit
added 2022/01/03 12:0 a.m.89 views

Document Embedder < 1.7.5 - Unauthenticated Arbitrary Private/Draft Post Title Disclosure

The plugin contains a REST endpoint, which could allow unauthenticated users to enumerate the title of arbitrary private and draft posts. https://example.com/wp-json/doc/v1/single/509 509 being the ID of a private/draft Post...

5.3CVSS2AI score0.01327EPSS
Exploits2
wpexploit
wpexploit
added 2023/02/21 12:0 a.m.88 views

real.Kit < 5.1.1 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. modal open='1' class='" onmouseover="alert1...

5.4CVSS5.2AI score0.00471EPSS
Exploits2
wpexploit
wpexploit
added 2023/02/20 12:0 a.m.88 views

Companion Sitemap Generator <= 4.5.2 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. html-sitemap columns='1"...

5.4CVSS5.6AI score0.00444EPSS
Exploits2
wpexploit
wpexploit
added 2023/02/03 12:0 a.m.88 views

GS Insever Portfolio < 1.4.5 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. gsinstagram id='" onmouseover="alert1"...

5.4CVSS5.2AI score0.00528EPSS
Exploits2
wpexploit
wpexploit
added 2023/01/12 12:0 a.m.88 views

Annual Archive < 1.6.0 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. archives tag='ul onmouseover="alert1"'...

5.4CVSS2.1AI score0.00573EPSS
Exploits2
wpexploit
wpexploit
added 2023/01/09 12:0 a.m.88 views

ChatBot < 4.2.9 - Unauthenticated Settings Reset

The plugin does not have authorisation and CSRF checks when reseting its settings via an AJAX action available to unauthenticated users, which could allow unauthenticated attackers to reset the plugin's settings https://example.com/wp-admin/admin-ajax.php?action=qcldwbchatbootdeletealloptions...

3.9AI score
Exploits0
wpexploit
wpexploit
added 2023/01/06 12:0 a.m.88 views

CPO Companion < 1.1.0 - Contributor+ Stored XSS via Shortcode

The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. Exploit...

5.4CVSS1.1AI score0.00534EPSS
Exploits2
Total number of security vulnerabilities4359