Lucene search
K
WpexploitMost viewed

4359 matches found

wpexploit
wpexploit
added 2022/12/15 12:0 a.m.88 views

404 to Start <= 1.6.1 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. 1. In the settings of the plugin, ent...

4.8CVSS4.8AI score0.00532EPSS
Exploits2
wpexploit
wpexploit
added 2022/12/15 12:0 a.m.88 views

WP CSV <= 1.8.0.0 - Reflected XSS via CSV Import

The plugin does not sanitize and escape a parameter before outputting it back in the page when importing a CSV, and doe snot have CSRF checks in place as well, leading to a Reflected Cross-Site Scripting. Create a .txt file and the below line there: $ echo "alert/XSS/" Make a logged in admin impo...

6.1CVSS6.3AI score0.00251EPSS
Exploits2
wpexploit
wpexploit
added 2022/12/08 12:0 a.m.89 views

Qe SEO Handyman <= 1.0 - Admin+ SQLi

The plugin does not properly sanitize and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin POST /wp-admin/admin-ajax.php HTTP/1.1 Host: localhost User-Agent: Mozilla/5.0 X11; Linux x8664; rv:91.0 Gecko/20100101...

7.2CVSS0.5AI score0.01096EPSS
Exploits2References1
wpexploit
wpexploit
added 2022/12/07 12:0 a.m.88 views

Panda Pods Repeater Field < 1.5.4 - Reflected XSS

The plugin does not sanitize and escapes a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against a user having at least Contributor permission. 1. Install Pods plugin dependency - https://wordpress.org/plugins/pods 2. Install the...

5.4CVSS0.1AI score0.00841EPSS
Exploits2
wpexploit
wpexploit
added 2022/11/02 12:0 a.m.88 views

Salat Times < 3.2.2 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitize and escapes its settings, allowing high-privilege users such as admin to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. Put the following payload in any text field of Settings Salat Times: " Save, and the XSS will be...

4.8CVSS5AI score0.00501EPSS
Exploits2
wpexploit
wpexploit
added 2022/10/28 12:0 a.m.88 views

My wpdb < 2.5 - Arbitrary SQL Query via CSRF

The plugin is missing CSRF check when running SQL queries, which could allow attacker to make a logged in admin run arbitrary SQL query via a CSRF attack document.getElementById"test".submit;...

8.8CVSS1.2AI score0.00425EPSS
Exploits2
wpexploit
wpexploit
added 2022/10/17 12:0 a.m.88 views

eCommerce Product Catalog Plugin for WordPress < 3.0.72 - Reflected XSS

The plugin does not sanitise and escape some parameter before outputting them back in attributes and JS code in admin dashboards, leading to Reflected Cross-Site Scripting Make a logged in admin open one of the URLs below...

0.4AI score
Exploits0
wpexploit
wpexploit
added 2022/10/10 12:0 a.m.88 views

Rock Convert < 2.11.0 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup Go to the plugin's settings Popup tab, click on "C...

4.8CVSS0.1AI score0.0047EPSS
Exploits2
wpexploit
wpexploit
added 2022/03/29 12:0 a.m.88 views

Books & Papers <= 0.20210223 - Admin+ Stored Cross-Site Scripting

The plugin does not escape its Custom DB prefix settings, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed Put the following payload in the Custom DB Prefix settings of the plugin: BooksnPapers" style=animation-name:rotati...

4.8CVSS0.7AI score0.00577EPSS
Exploits2
wpexploit
wpexploit
added 2022/03/28 12:0 a.m.88 views

Text Hover < 4.2 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitize and escape the text to hover, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. As admin, put the following in the plugin's settings: test = "alert/XSS/ Tick the "Enable text hover in...

4.8CVSS0.2AI score0.00802EPSS
Exploits2
wpexploit
wpexploit
added 2022/03/22 12:0 a.m.88 views

Loco Translate < 2.6.1 - Authenticated Stored Cross-Site Scripting

The plugin does not properly remove inline events from elements in the source translation strings before outputting them in the editor in the plugin admin panel, allowing any user with access to the plugin Translator and Administrator by default to add arbitrary javascript payloads to the source...

5.4CVSS0.1AI score0.03932EPSS
Exploits4
wpexploit
wpexploit
added 2022/02/16 12:0 a.m.88 views

hub2word <= 1.1.0 - Subscriber+ Arbitrary Options Update

The plugin does not have authorisation and CSRF checks in its Hub2Wordsavesettings AJAX action, and does not validate the option key to be updated. As a result, any authenticated user, such as subscriber could update arbitrary WordPress options POST /wp-admin/admin-ajax.php HTTP/1.1 Accept:...

0.8AI score
Exploits0
wpexploit
wpexploit
added 2022/01/26 12:0 a.m.88 views

Embed Swagger <= 1.0.0 - Reflected Cross-Site Scripting

The plugin is vulnerable to Reflected Cross-Site Scripting due to insufficient escaping/sanitization and validation via the url parameter found in the /swagger-iframe.php file which allows attackers to inject arbitrary web scripts onto the page, in versions up to and including 1.0.0...

6.1CVSS3.7AI score0.03865EPSS
Exploits2References1
wpexploit
wpexploit
added 2022/01/14 12:0 a.m.88 views

RSVP and Event Management < 2.7.5 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape various parameters before outputting them back in attributes in admin pages, leading to Reflected Cross-Site Scripting issues https://example.com/wp-admin/admin.php?page=rsvp-top-level&s="alert/XSS-s/&pagesize="alert/XSS-pagesize/...

0.7AI score
Exploits0References1
wpexploit
wpexploit
added 2022/01/13 12:0 a.m.88 views

XootiX Plugins - Various Versions CSRF to Arbitrary Options Update

The plugins Login/Signup Popup, Side Cart Woocommerce, and Waitlist Woocommerce are all vulnerable to cross-site request forgery due to a missing nonce check that would make it possible for attackers to update arbitrary options on a vulnerable WordPress site...

8.8CVSS0.9AI score0.0082EPSS
Exploits2References1
wpexploit
wpexploit
added 2022/01/05 12:0 a.m.88 views

Contact Form & Lead Form Elementor Builder < 1.7.0 - Multiple Admin+ Stored Cross-Site Scripting

The plugin does not escape some of its form fields before outputting them in attributes, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed Create/Edit a form and put the following payload in a Filed Name or Default...

0.9AI score0.0054EPSS
Exploits2
wpexploit
wpexploit
added 2021/05/17 12:0 a.m.88 views

Related Posts for WordPress < 2.0.5 - Authenticated Stored XSS & XFS

The plugin does not sanitise its headingtext and css settings, allowing high privilege users admin to set XSS payloads in them, leading to Stored Cross-Site Scripting issues. Payloads: $ m0ze"div x PoC 1 | Authenticated Persistent XSS & XFS | Heading text: ! POST /wp-admin/options.php HTTP/2 Host...

3.5CVSS0.1AI score0.00687EPSS
Exploits2References2
wpexploit
wpexploit
added 2021/01/06 12:0 a.m.88 views

WP24 Domain Check < 1.6.3 - Authenticated Stored Cross-Site Scripting (XSS)

The plugin version 1.6.2 and possibly below, was vulnerable to Stored Cross-Site Scripting XSS in the plugin's fieldnameDomain settings parameter. The form did require a valid CSRF nonce, limiting the exploitability of the vulnerability. In the plugin's advanced settings...

0.7AI score
Exploits0References1
wpexploit
wpexploit
added 2020/05/09 12:0 a.m.88 views

Chopslider <= 3.4 - Unauthenticated Blind SQL Injection

The id parameter of the getscript/index.php page is not sanitised when used in a SQL statement, leading to an unauthenticated blind SQL Injection issue. Vendor was contacted by researcher, on March 3rd, 2020 but no reply was received. The PoC will be displayed once the issue has been remediated...

7.5CVSS0.6AI score0.95657EPSS
Exploits8References1
wpexploit
wpexploit
added 2023/03/13 12:0 a.m.87 views

User Role by BestWebSoft < 1.6.7 - Privilege Escalation via CSRF

The plugin does not protect against CSRF in requests to update role capabilities, leading to arbitrary privilege escalation of any role. Make a logged in admin open a page with the code below. Then, log in as a subscriber and see that you have full admin access...

8.8CVSS8.9AI score0.00411EPSS
Exploits2
wpexploit
wpexploit
added 2023/01/11 12:0 a.m.87 views

WordPrezi < 0.9 - Contributor+ Strored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks prezi url="https://prezi.com/'...

5.4CVSS5.2AI score0.00695EPSS
Exploits2
wpexploit
wpexploit
added 2022/11/02 12:0 a.m.87 views

Jeeng Push Notifications < 2.0.4 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup Put the following payload in the "Account ID"...

4.8CVSS4.7AI score0.00501EPSS
Exploits2
wpexploit
wpexploit
added 2022/11/02 12:0 a.m.87 views

Video Thumbnails <= 2.12.3 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. Put the following payload in the "Custom Field...

4.8CVSS0.1AI score0.00495EPSS
Exploits2
wpexploit
wpexploit
added 2022/10/10 12:0 a.m.87 views

WP Total Hacks <= 4.7.2 - Subscriber+ Arbitrary Options Update to Stored XSS

The plugin does not prevent low privilege users from modifying the plugin's settings. This could allow users such as subscribers to perform Stored Cross-Site Scripting attacks against other users, like administrators, due to the lack of sanitisation and escaping as well. Run the below command in...

5.4CVSS0.3AI score0.00411EPSS
Exploits2
wpexploit
wpexploit
added 2022/10/10 12:0 a.m.87 views

JReviews <= 4.1.5 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting https://example.com/top-user-rated-listings?listview=2&q%22%3e%3cscript%3ealert1%3c%2fscript%3e=1...

0.9AI score
Exploits0References1
wpexploit
wpexploit
added 2022/04/02 12:0 a.m.87 views

ULeak Security & Monitoring <= 1.2.3 - Subscriber+ Stored Cross-Site Scripting

The plugin does not have authorisation and CSRF checks when updating its settings, and is also lacking sanitisation as well as escaping in some of them, which could allow any authenticated users such as subscriber to perform Stored Cross-Site Scripting attacks against admins viewing the settings ...

5.4CVSS0.01073EPSS
Exploits2References1
wpexploit
wpexploit
added 2022/03/21 12:0 a.m.87 views

Advanced Booking Calendar < 1.7.1 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape the room parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting issue...

6.1CVSS1AI score0.01618EPSS
Exploits2References1
wpexploit
wpexploit
added 2021/12/30 12:0 a.m.87 views

Link Library < 7.2.9 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape the settingscopy parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting...

6.1CVSS0.8AI score0.008EPSS
Exploits2
wpexploit
wpexploit
added 2021/12/27 12:0 a.m.87 views

WP Post Page Clone < 1.2 - Unauthorised Post Access

The plugin allows users with a role as low as Contributor to clone and view other users' draft and password-protected posts which they cannot view normally. Go to All Posts, find the post to clone, click "Click to Clone" then edit the cloned post to see its content...

4.3CVSS1.7AI score0.00783EPSS
Exploits2
wpexploit
wpexploit
added 2021/12/21 12:0 a.m.87 views

Backup and Staging by WP Time Capsule < 1.22.7 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape the error parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting Once the "Server Requirements" are passed in the initial setup process you can bypass the check for localhosts by editing the islocalhost function in...

6.1CVSS6.2AI score0.00887EPSS
Exploits2References1
wpexploit
wpexploit
added 2021/02/27 12:0 a.m.87 views

Under Construction, Coming Soon & Maintenance Mode < 1.1.2 - Server Side Request Forgery (SSRF)

The includes/mc-getlists.php file used the 'apiKey' POST parameter to create an https URL from it without sanitisation and called it with cURL, leading to a SSRF issue. The issue is exploitable via direct access to the affected file, and ucmmmcapi AJAX call available to both authenticated and...

0.3AI score
Exploits0References1
wpexploit
wpexploit
added 2021/01/05 12:0 a.m.87 views

WP Paginate < 2.1.4 - Authenticated Stored Cross-Site Scripting (XSS)

The WP Paginate WordPress plugin, version 2.1.3 and possibly below, was vulnerable to Stored Cross-Site Scripting XSS in the plugin's preset settings parameter. The form did require a valid CSRF nonce, limiting the exploitability of the vulnerability. POST...

0.2AI score
Exploits0References2
wpexploit
wpexploit
added 2023/01/04 12:0 a.m.86 views

Themify Shortcodes < 2.0.8 - Contributor+ Stored XSS via Shortcode

The plugin does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack. Exploit shortcode: themifybutton color='red" onmouseover="alert1"'XSS/themifybutton...

5.4CVSS2.1AI score0.00471EPSS
Exploits2
wpexploit
wpexploit
added 2022/12/15 12:0 a.m.86 views

Post Status Notifier Lite < 1.10.1 - Reflected XSS

The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which can be used against high privilege users such as admin. Make a logged in high privilege user such as admin open the URL below...

6.1CVSS0.1AI score0.00902EPSS
Exploits2
wpexploit
wpexploit
added 2022/12/05 12:0 a.m.86 views

Contest Gallery < 19.1.5.1 - Author+ SQL Injection

The plugins do not escape the cgid POST parameter before concatenating it to an SQL query in 0change-gallery.php. This may allow malicious users with at least author privilege to leak sensitive information from the site's database. POST /wp-admin/admin-ajax.php?page=/index.php&editgallery=1&wpmad...

6.5CVSS0.2AI score0.00854EPSS
Exploits2References1
wpexploit
wpexploit
added 2022/10/18 12:0 a.m.86 views

Grid Kit Premium <= 1.8.53 - Reflected Cross-Site Scripting

The plugin does not escape generated URLs before outputting them back in attributes, leading to a Reflected Cross-Site Scripting. PS: The original advisory mentions the issue being in photo-gallery, however it is not the case. On a page where there is a gallery embed, append a'-alert/XSS///=1 e.g...

0.2AI score
Exploits0References1
wpexploit
wpexploit
added 2022/10/17 12:0 a.m.86 views

Role Based Pricing for WooCommerce < 1.6.2 - Subscriber+ Arbitrary File Upload

The plugin does not have authorisation and proper CSRF checks, and does not validate files to be uploaded, allowing any authenticated users like subscriber to upload arbitrary files, such as PHP As a subscriber, open the HTML code below while being logged in as a subscriber, then choose a file to...

8.8CVSS0.4AI score0.00498EPSS
Exploits2
wpexploit
wpexploit
added 2022/05/09 12:0 a.m.86 views

Birthdays Widget <= 1.7.18 - Admin+ Stored Cross Site Scripting

The plugin does not sanitise and escape some of its fields, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfilteredhtml capability is disallowed As admin, create/edit a Birthday and add the following payload in the Name field:...

4.8CVSS1.1AI score0.00565EPSS
Exploits2
wpexploit
wpexploit
added 2022/01/05 12:0 a.m.86 views

SupportCandy < 2.2.7 - Arbitrary Ticket Deletion via CSRF

The plugin does not have CRSF check in its wpsctickets AJAX action, which could allow attackers to make a logged in admin call it and delete arbitrary tickets via the setdeletepermanentlybulkticket settingaction...

6.5CVSS1.7AI score0.00531EPSS
Exploits2
wpexploit
wpexploit
added 2020/03/31 12:0 a.m.86 views

WordPress SEO Plugin - Rank Math < 1.0.41 - Redirect Creation via Unprotected REST API Endpoint

The WordPress SEO Plugin – Rank Math plugin includes a number of optional modules, including a module that can be used to create redirects on a site. In order to add this feature, the plugin registered a REST-API endpoint, rankmath/v1/updateRedirection, which failed to include a permissioncallbac...

5.8CVSS6.5AI score0.02072EPSS
Exploits2References1
wpexploit
wpexploit
added 2023/02/13 12:0 a.m.85 views

Product GTIN (EAN, UPC, ISBN) for WooCommerce <= 1.1.1 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. wpmproductgtin id='1' wrapper='div...

5.4CVSS5.2AI score0.00471EPSS
Exploits2
wpexploit
wpexploit
added 2023/01/10 12:0 a.m.85 views

Clean Login < 1.13.7 - Contributor+ Stored XSS via Shortcode

The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. Note: 1. Firs...

5.4CVSS0.6AI score0.00573EPSS
Exploits2
wpexploit
wpexploit
added 2022/11/03 12:0 a.m.85 views

Fancier Author Box by ThematoSoup <= 1.4 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. 1. Open the setting page of this plugin. 2. There...

4.8CVSS4.7AI score0.00501EPSS
Exploits2
wpexploit
wpexploit
added 2022/11/03 12:0 a.m.85 views

Find and Replace All < 1.3 - Reflected Cross Site Scripting

The plugin does not sanitize and escape some parameters from its setting page before outputting them back to the user, leading to a Reflected Cross-Site Scripting issue...

6.1CVSS6.1AI score0.00486EPSS
Exploits2
wpexploit
wpexploit
added 2022/10/17 12:0 a.m.85 views

eCommerce Product Catalog Plugin for WordPress < 3.0.72 - Reflected XSS via AJAX

The plugin does not sanitise and escape a parameter before outputting it back in the response of an AJAX action available to any authenticated users, such as subscriber, leading to a Reflected Cross-Site Scripting Make a logged in user open a page containing the HTML code below alert/XSS/"...

6.8AI score
Exploits0
wpexploit
wpexploit
added 2022/06/14 12:0 a.m.85 views

404 to 301 < 3.1.2 - Reflected Cross-Site Scripting

Description The plugin does not escape some URLs before outputting them back in attributes, leading to Reflected Cross-Site Scripting https://example.com/wp-admin/admin.php?page=jj4t3-logs&a"alert/XSS/...

6.6AI score
Exploits0
wpexploit
wpexploit
added 2022/03/22 12:0 a.m.85 views

Woo Product Table < 3.1.2 - Unauthenticated Arbitrary Function Call

The plugin does not have authorisation and CSRF checks in the wptadminupdatenoticeoption AJAX action available to both unauthenticated and authenticated users, as well as does not validate the callback parameter, allowing unauthenticated attackers to call arbitrary functions with either none or o...

9.8CVSS3AI score0.26586EPSS
Exploits2
wpexploit
wpexploit
added 2022/01/17 12:0 a.m.85 views

Noptin < 1.6.5 - Open Redirect

The plugin does not validate the to parameter before redirecting the user to its given value, leading to an open redirect issue https://example.com/?noptinns=emailclick&to=https://wpscan.com...

6.1CVSS1.8AI score0.02682EPSS
Exploits2References1
wpexploit
wpexploit
added 2021/12/30 12:0 a.m.85 views

Link Library < 7.2.8 - Library Settings Reset via CSRF

The plugin does not have CSRF check when resetting library settings, allowing attackers to make a logged in admin reset arbitrary settings via a CSRF attack https://example.com/wp-admin/admin.php?page=link-library-settingssets&settings=1&reset=1...

6.5CVSS4.6AI score0.0048EPSS
Exploits1
wpexploit
wpexploit
added 2021/04/10 12:0 a.m.85 views

Classyfrieds <= 3.8 - Authenticated Arbitrary File Upload to RCE

The plugin does not properly check the uploaded file when an authenticated user adds a listing, only checking the content-type in the request. This allows any authenticated user to upload arbitrary PHP files via the Add Listing feature of the plugin, leading to RCE. POST /addalisting/ HTTP/1.1...

6.5CVSS0.1AI score0.01906EPSS
Exploits2References1
Total number of security vulnerabilities4359