Lucene search
K
WpexploitMost viewed

4359 matches found

wpexploit
wpexploit
added 2021/02/24 12:0 a.m.640 views

Woocommerce Customers Manager < 26.5 - Arbitrary Account Creation/Update by Low Privilege Users

The uploadcsv AJAX action, available to authenticated users, did not have proper capability checks. allowing any authenticated users, such as a subscriber, to call it and import arbitrary users. They could either update their own account, to make themselves administrator, or create new...

1.9AI score
Exploits0References2
wpexploit
wpexploit
added 2022/01/03 12:0 a.m.639 views

NextScripts: Social Networks Auto-Poster < 4.3.25 - Arbitrary Post Deletion via CSRF

The plugin does not have CSRF check in place when deleting items, allowing attacker to make a logged in admin delete arbitrary posts via a CSRF attack https://example.com/wp-admin/admin.php?page=nxssnap-reposter&item=1&action=delete...

6.5CVSS3.3AI score0.00531EPSS
Exploits2
wpexploit
wpexploit
added 2021/08/10 12:0 a.m.639 views

AddToAny Share Buttons < 1.7.48 - Admin+ Stored Cross-Site Scripting

The plugin does not escape its Image URL button setting, which could lead allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. Add the following payload in the Universal Button Image URL settings: " onerror=alert/XSS/ " The XSS...

4.8CVSS0.3AI score0.00654EPSS
Exploits2References1
wpexploit
wpexploit
added 2021/07/27 12:0 a.m.639 views

uListing < 2.0.6 - Unauthenticated Privilege Escalation

An Unauthenticated Privilege Escalation vulnerability was discovered in the uListing plugin through v2.0.5 for WordPress. User registration must be allowed on the target website. PoC | Unauthenticated Privilege Escalation | Request: POST /wp-admin/admin-ajax.php?action=stmlistingregister HTTP/2...

7.5CVSS0.6AI score0.02109EPSS
Exploits2
wpexploit
wpexploit
added 2021/07/21 12:0 a.m.639 views

Maintenance < 4.03 - Authenticated Stored XSS

The plugin does not sanitise or escape some of its settings, allowing high privilege users such as admin to se Cross-Site Scripting payload in them even when the unfilteredhtml capability is disallowed, which will be triggered in the frontend POST /wp-admin/admin.php?page=maintenance HTTP/1.1...

3.5CVSS0.4AI score0.00617EPSS
Exploits2
wpexploit
wpexploit
added 2021/02/01 12:0 a.m.639 views

Ivory Search < 4.5.11 - Authenticated Reflected Cross-Site Scripting (XSS)

The setting page of Ivory Search 4.5.10 is vulnerable to reflected XSS when a logged in administrator visit a malicious link or page, as it does not sanitise or escape the GET post parameter before outputting it in a tag attribute As an admin user, open:...

0.2AI score
Exploits0
wpexploit
wpexploit
added 2022/08/29 12:0 a.m.637 views

Zephyr Project Manager < 3.2.5 - Multiple Unauthenticated SQLi

The plugin does not sanitise and escape various parameters before using them in SQL statements via various AJAX actions available to both unauthenticated and authenticated users, leading to SQL injections POST /wp-admin/admin-ajax.php HTTP/1.1 Accept:...

9.8CVSS1.6AI score0.09675EPSS
Exploits5
wpexploit
wpexploit
added 2021/11/01 12:0 a.m.637 views

Contest Gallery < 13.1.0.6 - Missing Access Controls to Unauthenticated SQL injection / Email Address Disclosure

The plugin does not have capability checks and does not sanitise or escape the cg-search-user-name-original parameter before using it in a SQL statement when exporting users from a gallery, which could allow unauthenticated to perform SQL injections attacks, as well as get the list of all users...

9.8CVSS9.5AI score0.127EPSS
Exploits2References1
wpexploit
wpexploit
added 2021/07/26 12:0 a.m.634 views

WPFront Scroll Top < 2.0.6.07225 - Authenticated Stored XSS

The plugin does not sanitise or escape its Image ALT setting before outputting it attributes, leading to an Authenticated Stored Cross-Site Scripting issues even when the unfilteredhtml capability is disallowed. Put the one of the payload below in the Image ALT setting of the plugin: The XSS will...

3.5CVSS5.3AI score0.0062EPSS
Exploits2
wpexploit
wpexploit
added 2021/09/15 12:0 a.m.633 views

Dflip Lite < 1.7.10 - Contributor+ Stored Cross-Site Scripting

Description The plugin does not escape the class attribute of its shortcode before outputting it back in an attribute, which could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks dflip class='"...

5.4CVSS5.4AI score0.00629EPSS
Exploits2
wpexploit
wpexploit
added 2022/03/07 12:0 a.m.632 views

Drag and Drop Multiple File Upload - Contact Form 7 < 1.3.6.3 - Unauthenticated Stored XSS

The plugin allows SVG files to be uploaded by default via the dndcodedropzupload AJAX action, which could lead to Stored Cross-Site Scripting issue POST /wp-admin/admin-ajax.php HTTP/1.1 Accept: application/json, text/javascript, /; q=0.01 Accept-Language: en-GB,en;q=0.5 Accept-Encoding: gzip,...

5.4CVSS0.2AI score0.13575EPSS
Exploits2References1
wpexploit
wpexploit
added 2021/04/21 12:0 a.m.632 views

Accordion < 2.2.30 - Authenticated Reflected Cross-Site Scripting (XSS)

The tab GET parameter of the settings page is not sanitised or escaped when being output back in an HTML attribute, leading to a reflected XSS issue. v 2.2.29 https://example.com/wp-admin/edit.php?posttype=accordions&page=settings&tab=a%22%3E%3Csvg%2Fonload%3Dalert%28123%29%3B%2F%2F%3E%3C%22 v...

3.5CVSS0.3AI score0.00624EPSS
Exploits2
wpexploit
wpexploit
added 2022/09/05 12:0 a.m.631 views

Login Block IPs <= 1.0.0 - Arbitrary Setting Update via CSRF

The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack Make a logged in admin open a page containing the HTML code below input type="text" name="ip11" value="...

4.3CVSS1.2AI score0.00267EPSS
Exploits2
wpexploit
wpexploit
added 2022/03/23 12:0 a.m.630 views

Daily Prayer Time < 2022.03.01 - Unauthenticated SQLi

The plugin does not sanitise and escape the month parameter before using it in a SQL statement via the getmonthlytimetable AJAX action available to unauthenticated users, leading to an unauthenticated SQL injection curl 'https://example.com/wp-admin/admin-ajax.php' --data...

9.8CVSS2.6AI score0.09214EPSS
Exploits2
wpexploit
wpexploit
added 2021/03/30 12:0 a.m.629 views

Cooked Pro < 1.7.5.6 - Unauthenticated Reflected Cross Site Scripting (XSS)

The plugin was affected by unauthenticated reflected Cross-Site Scripting issues, due to improper sanitisation of user input while being output back in pages as an arbitrary attribute. https://cooked.pro/demo/trial/5snjx6louabhdpg/profile/?t8osi%22%3e%3cscript%3ealert1%3c%2fscript%3edr7ag=1...

4.3CVSS1.6AI score0.01749EPSS
Exploits3References2
wpexploit
wpexploit
added 2021/06/21 12:0 a.m.628 views

Sign-up Sheets < 1.0.14 - Authenticated Stored Cross-Site Scripting (XSS)

The plugin did not sanitise or escape some of its fields when creating a new sheet, allowing high privilege users to add JavaScript in them, leading to a Stored Cross-Site Scripting issue. The payloads will be triggered when viewing the 'All Sheets' page in the admin dashboard As admin, add a new...

4.8CVSS0.5AI score0.00617EPSS
Exploits2
wpexploit
wpexploit
added 2022/09/29 12:0 a.m.627 views

AdminPad < 2.2 - Note Update via CSRF

The plugin does not have CSRF check when updating admin's note, allowing attackers to make a logged in admin update their notes via a CSRF attack Notes are displayed in the Dashboard /wp-admin/index.php...

6.5CVSS1.4AI score0.00337EPSS
Exploits2
wpexploit
wpexploit
added 2021/10/11 12:0 a.m.625 views

MAZ Loader < 1.3.3 - Contributor+ SQL Injection

The plugin does not validate or escape the loaderid parameter of the mzldr shortcode, which allows users with a role as low as Contributor to perform SQL injection. As a user with a role as low as Contributor, put the following shortcode in a page/post and view/preview it to get the login...

8.8CVSS0.8AI score0.01292EPSS
Exploits2
wpexploit
wpexploit
added 2021/09/15 12:0 a.m.625 views

Shared Files < 1.6.57 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its settings before outputting them in attributes, which could lead to Stored Cross-Site Scripting issues. Put the following payload in the "Folder for new files" and "Maximum size of uploaded file" settings of the plugin: "alert/XSS/...

4.8CVSS4.9AI score0.00622EPSS
Exploits2
wpexploit
wpexploit
added 2021/08/23 12:0 a.m.625 views

Shortcodes Ultimate < 5.10.2 - Contributor+ Stored XSS

The plugin allows users with Contributor roles to perform stored XSS via shortcode attributes. Note: the plugin is inconsistent in its handling of shortcode attributes; some do escape, most don't, and there are even some attributes that are insecure by design like subutton's onclick attribute...

5.4CVSS3.7AI score0.00604EPSS
Exploits2
wpexploit
wpexploit
added 2023/01/17 12:0 a.m.624 views

WP FullCalendar < 1.5 - Unauthenticated Arbitrary Post Access

The plugin does not ensure that the post retrieved via an AJAX action is public and can be accessed by the user making the request, allowing unauthenticated attackers to get the content of arbitrary posts, including draft/private as well as password-protected ones. Open the below URL as an...

5.3CVSS1.7AI score0.00694EPSS
Exploits2
wpexploit
wpexploit
added 2021/06/02 12:0 a.m.623 views

GetPaid < 2.3.4 - Authenticated Stored XSS

In the plugin, users with the contributor role and above can create a new Payment Form, however the Label and Help Text input fields were not getting sanitized properly. So it was possible to inject malicious content such as img tags, leading to a Stored Cross-Site Scripting issue which is...

5.4CVSS0.00624EPSS
Exploits2
wpexploit
wpexploit
added 2023/08/30 12:0 a.m.622 views

Import XML and RSS Feeds < 2.1.5 - Unauthenticated RCE

Description The plugin contains a web shell, allowing unauthenticated attackers to perform RCE. The plugin/vendor was not compromised and the files are the result of running a PoC for a previously reported issue https://wpscan.com/vulnerability/d4220025-2272-4d5f-9703-4b2ac4a51c42 and not deletin...

9.8CVSS9.7AI score0.39554EPSS
Exploits2
wpexploit
wpexploit
added 2022/08/31 12:0 a.m.622 views

Simple Bitcoin Faucets <= 1.7.0 - Unauthorised AJAX Call to Stored XSS

The plugin does not have any authorisation and CSRF in an AJAX action, allowing any authenticated users, such as subscribers to call it and add/delete/edit Bonds. Furthermore, due to the lack of sanitisation and escaping, it could also lead to Stored Cross-Site Scripting issues Open a page...

5.4CVSS0.00231EPSS
Exploits2
wpexploit
wpexploit
added 2022/01/17 12:0 a.m.622 views

WP Ultimate CSV Importer < 6.4.2 - Subscriber+ Arbitrary Option Deletion

The plugin does not have authorisation and CSRF checks when deleting options via the disablemainmode AJAX action, and does not ensure that the option to be delete belong to the plugin. As a result, any authenticated user, such as subscriber, could delete arbitrary options from the blog POST...

0.2AI score
Exploits0
wpexploit
wpexploit
added 2021/06/11 12:0 a.m.621 views

Easy Cookie Policy <= 1.6.2 - Broken Access Control to Stored Cross-Site Scripting

The plugin is lacking any capability and CSRF check when saving it's settings, allowing any authenticated users such as subscriber to change them. If users can't register, this can be done through CSRF. Furthermore, the cookie banner setting is not sanitised or validated before being output in al...

6.5CVSS6AI score0.10993EPSS
Exploits5
wpexploit
wpexploit
added 2022/11/14 12:0 a.m.620 views

Comic Book Management System < 2.2.0 - Admin+ SQLi

The plugin does not sanitize and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as Admin. https://example.com/wp-admin/admin.php?page=cbmsweeklypicksadmin&action=updatepicks&id=1+AND+SELECT+7741+FROM+SELECTSLEEP3hlAf POST...

7.2CVSS0.4AI score0.00964EPSS
Exploits2References1
wpexploit
wpexploit
added 2022/08/31 12:0 a.m.620 views

Generate PDF using Contact Form 7 < 3.6 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. 1 - Install and activate "Generate PDF using Contact Form 7 Version 3.5" 2 - Click on "Contact - Add new...

4.8CVSS0.5AI score0.00538EPSS
Exploits2
wpexploit
wpexploit
added 2022/09/29 12:0 a.m.619 views

LBStopAttack < 1.1.3 - Arbitrary Settings Update via CSRF

The plugin does not use nonces when saving its settings, making it possible for attackers to conduct CSRF attacks. This could allow attackers to disable the plugin's protections. document.getElementById"test".submit;...

6.5CVSS1.1AI score0.00346EPSS
Exploits2
wpexploit
wpexploit
added 2021/08/31 12:0 a.m.618 views

CF Geo Plugin < 7.13.12 - Reflected Cross-Site Scripting

The plugin does not escape the some parameter before outputting them back in admin pages, leading to a Reflected Cross-Site Scripting issue POST /wp-admin/admin.php?page=cf-geoplugin-activate HTTP/1.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/;q=0.8 Accept-Language...

0.5AI score
Exploits0
wpexploit
wpexploit
added 2022/09/26 12:0 a.m.617 views

miniOrange Discord Integration < 2.1.6 - Subscriber+ App Disabling

The plugin does not have authorisation and CSRF in some of its AJAX actions, allowing any logged in users, such as subscriber to call them, and disable the app for example Run the below command in the developer console of the web browser while being on the blog as any user, such as subscriber...

6.5CVSS1AI score0.00411EPSS
Exploits2
wpexploit
wpexploit
added 2021/08/25 12:0 a.m.617 views

MX Time Zone Clocks < 3.4.1 - Contributor+ Cross-Site Scripting

The plugin does not escape the timezone attribute of the mxmtzctimezoneclocks shortcode, allowing users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks mxmtzctimezoneclocks timezone='"+alertXSS-timezone+"'...

5.4CVSS3.2AI score0.00604EPSS
Exploits2
wpexploit
wpexploit
added 2021/08/06 12:0 a.m.617 views

Cookie Notice & Consent Banner for GDPR & CCPA Compliance < 1.7.2 - Authenticated Stored XSS

The plugin does not properly sanitize inputs to prevent injection of arbitrary HTML within the plugin's design customization options. Go to the plugin's Customize Design page and open the "Wizard menu". Now scroll down and you will find an "Info Text" field where you can inject an XSS payload lik...

5.4CVSS0.4AI score0.00624EPSS
Exploits2
wpexploit
wpexploit
added 2021/06/30 12:0 a.m.617 views

WP SMS < 5.4.9.1 - Reflected Cross-Site Scripting (XSS)

The plugin does not sanitise or escape some of its parameter before outputting them back in the pages, leading to reflected Cross-Site Scripting issues which will be executed in the context of a logged in admin. alert/XSS/' / alert/XSS/' / alert/XSS/' /...

Exploits0
wpexploit
wpexploit
added 2021/05/05 12:0 a.m.617 views

Hana Flv Player <= 3.1.3 - Authenticated Stored Cross-Site Scripting (XSS)

The plugin was vulnerable to an Authenticated Stored Cross-Site Scripting XSS vulnerability within the "Default Skin" field. Step1: Install and activate the plugin. Step2: Go to the plugin setting. Step3: Enter the following payload in the field "Default Skin" xss"alert1input type='text'...

5.4CVSS5.2AI score0.0062EPSS
Exploits2
wpexploit
wpexploit
added 2021/04/07 12:0 a.m.617 views

OpenID Connect Generic Client 3.8.0-3.8.1 - Reflected Cross Site Scripting (XSS) via Login Error

The plugin did not sanitise the login error when output back in the login form, leading to a reflected Cross-Site Scripting issue. This issue does not require authentication and can be exploited with the default configuration...

4.3CVSS0.9AI score0.0163EPSS
Exploits2References1
wpexploit
wpexploit
added 2021/03/28 12:0 a.m.616 views

Advanced Booking Calendar < 1.6.7 - Authenticated Reflected Cross-Site Scripting (XSS)

The plugin did not sanitise the calId GET parameter in the "Seasons & Calendars" page before outputing it in an A tag, leading to a reflected XSS issue Payloads: - Original reporter:...

3.5CVSS0.6AI score0.00691EPSS
Exploits2References1
wpexploit
wpexploit
added 2021/08/24 12:0 a.m.615 views

Coupon Affiliates for WooCommerce < 4.11.0.2 - Reflected Cross-Site Scripting

The plugin does not escape the page parameter in its Referral Visits dashboard before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting issue alert/XSS/' /...

0.5AI score
Exploits0
wpexploit
wpexploit
added 2021/07/29 12:0 a.m.615 views

FluentSMTP < 2.0.1 - Authenticated Stored XSS

The plugin does not sanitize parameters before storing the settings in the database, nor does the plugin escape the values before outputting them when viewing the SMTP settings set by this plugin, leading to a stored cross site scripting XSS vulnerability. Only users with roles capable of managin...

3.5CVSS0.00624EPSS
Exploits2
wpexploit
wpexploit
added 2021/07/26 12:0 a.m.615 views

HD Quiz < 1.8.4 - Authenticated Stored XSS

The plugin does not escape some of its Answers before outputting them in attribute when generating the Quiz, which could lead to Stored Cross-Site Scripting issues Create or edit a Quiz, and put the following payload as an Answers of a "Multiple Choice: Text" Question: " autofocus...

3.5CVSS0.4AI score0.00624EPSS
Exploits2
wpexploit
wpexploit
added 2022/02/14 12:0 a.m.615 views

UsersWP < 1.2.3.1 - Subscriber+ User Avatar Override

The plugin is missing access controls when updating a user avatar, and does not make sure file names for user avatars are unique, allowing a logged in user to overwrite another users avatar. - Right click the thumbnail of another user and copy the image URL. It will be something like:...

4.3CVSS0.4AI score0.00644EPSS
Exploits2
wpexploit
wpexploit
added 2021/08/24 12:0 a.m.613 views

Recipe Card Blocks < 2.8.1 - Reflected Cross-Site Scripting

The plugin does not escape the message parameter before outputting it back in the admin dashboard, leading to a Reflected Cross-Site Scripting issue https://example.com/wp-admin/index.php?slactivation=false&message=%3Cscript%3Ealertorigin%3C%2Fscript%3E...

6.1CVSS0.5AI score0.008EPSS
Exploits2
wpexploit
wpexploit
added 2022/10/24 12:0 a.m.612 views

tagDiv Composer < 3.5 - Unauthenticated Account Takeover

Description The plugin, required by the themes, does not properly implement the Facebook login feature, allowing unauthenticated attackers to login as any user by just knowing their email address Run the below command in the developer console of the web browser while being on the blog as an...

9.8CVSS9.7AI score0.03546EPSS
Exploits2
wpexploit
wpexploit
added 2021/09/28 12:0 a.m.612 views

Restaurant Menu by MotoPress < 2.4.2 - Admin+ Stored Cross Site Scripting

The plugin does not properly sanitize or escape inputs when creating new menu items, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed Click on "Add New" under Restaurant Menu Plugin. Give any random title like...

4.8CVSS0.4AI score0.00622EPSS
Exploits2
wpexploit
wpexploit
added 2021/01/29 12:0 a.m.612 views

Modern Events Calendar Lite < 5.16.6 - Authenticated SQL Injection

The plugin did not sanitise the mecpostid POST parameter in the mecfesform AJAX action when logged in as an author+, leading to an authenticated SQL Injection issue. If the Frontend Event Submission form is embed in a public page, then it could lead to any authenticated user, like subscribers to...

0.01505EPSS
Exploits2
wpexploit
wpexploit
added 2022/11/08 12:0 a.m.611 views

3DPrint < 3.5.6.9 - Arbitrary File and Directory Deletion via CSRF

Description The plugin does not protect against CSRF attacks in the modified version of Tiny File Manager included with the plugin, allowing an attacker to craft a malicious request that will delete any number of files or directories on the target server by tricking a logged in admin into...

8.1CVSS8.1AI score0.00404EPSS
Exploits2
wpexploit
wpexploit
added 2021/08/19 12:0 a.m.611 views

Donate With QRCode < 1.4.5 - Stored Cross-Site Scripting

The plugin does not sanitise or escape its QRCode Image setting, which result into a Stored Cross-Site Scripting XSS. Furthermore, the plugin also does not have any CSRF and capability checks in place when saving such setting, allowing any authenticated user as low as subscriber, or unauthenticat...

5.4CVSS5.3AI score0.00374EPSS
Exploits2
wpexploit
wpexploit
added 2021/08/02 12:0 a.m.611 views

ShareThis Dashboard for Google Analytics < 2.5.2 - Reflected Cross-Site Scripting (XSS)

The plugin does not sanitise or escape the 'gaaction' parameter in the stats view before outputting it back in an attribute when the plugin is connected to a Google Analytics account, leading to a reflected Cross-Site Scripting issue which will be executed in the context of a logged in...

6.1CVSS0.4AI score0.00827EPSS
Exploits2
wpexploit
wpexploit
added 2022/09/27 12:0 a.m.609 views

3dady Real Time Web Stats <= 1.0 - Stored Cross-Site Scripting via CSRF

Description The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack. Furthermore, due to the lack of escaping, it could also lead to Stored Cross-Site Scripting issue Make a logged in admin open a...

6.4AI score
Exploits0References1
wpexploit
wpexploit
added 2023/01/04 12:0 a.m.608 views

Membership For WooCommerce < 2.1.7 - Unauthenticated Arbitrary File Upload

The plugin does not validate uploaded files, which could allow unauthenticated users to upload arbitrary files, such as malicious PHP code, and achieve RCE. 1. Install and activate WooCommerce dependency, no setup required 2. Create a local file containing the payload on /tmp/payload.php 3. Execu...

9.8CVSS0.9AI score0.17569EPSS
Exploits2
Total number of security vulnerabilities4359