Lucene search
K
WpexploitMost viewed

4359 matches found

wpexploit
wpexploit
added 2023/03/27 12:0 a.m.84 views

Gallery by BestWebSoft < 4.7.0 - Author+ Stored Cross-Site Scripting

The plugin does not perform proper sanitization of gallery information, leading to a Stored Cross-Site Scription vulnerability. The attacker must have at least the privileges of the Author role. 1. Go to Galleries Add New. 2. Click "Add Media" and choose or upload an image. 3. When publishing or...

5.4CVSS5.9AI score0.00444EPSS
Exploits2
wpexploit
wpexploit
added 2022/12/12 12:0 a.m.84 views

iubenda < 3.3.3 - Subscriber+ Privileges Escalation to Admin

The plugin does does not have authorisation and CSRF in an AJAX action, and does not ensure that the options to be updated belong to the plugin as long as they are arrays. As a result, any authenticated users, such as subscriber can grant themselves any privileges, such as editplugins etc Run the...

8.8CVSS1.9AI score0.00462EPSS
Exploits2
wpexploit
wpexploit
added 2022/10/29 12:0 a.m.84 views

Evaluate <= 1.0 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitize and escapes some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example, in multisite setup. 1. Go to Settings » Evaluate » Add New. 2. Add...

4.8CVSS0.4AI score0.00501EPSS
Exploits2
wpexploit
wpexploit
added 2022/10/10 12:0 a.m.84 views

Rock Convert < 2.6.0 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape an URL before outputting it back in an attribute when a specific widget is present on a page, leading to a Reflected Cross-Site Scripting On a page where the "Capture box | Rock Convert" widget is present, append ?"alert/XSS/, e.g:...

6.1CVSS6.2AI score0.00486EPSS
Exploits2
wpexploit
wpexploit
added 2022/01/18 12:0 a.m.84 views

Translation Exchange <= 1.0.14 - Authenticated Stored Cross-Site Scripting (XSS)

The plugin was vulnerable to Authenticated Stored Cross-Site Scripting XSS within the Project Key text field found in the plugin's settings. 1. Click on Use on translation exchange connector 2. In Basic Settings,insert following payload in Project Key text field. "alert55 3. Click Save Changes...

5.4CVSS0.3AI score0.00591EPSS
Exploits2
wpexploit
wpexploit
added 2022/01/06 12:0 a.m.84 views

IP2Location Country Blocker < 2.26.5 - Ban Bypass

The plugin bans can be bypassed by using a specific parameter in the URL https://example.com/?admin-ajax=hehe...

6.5CVSS1.8AI score0.01047EPSS
Exploits2References1
wpexploit
wpexploit
added 2021/12/29 12:0 a.m.84 views

Learning Courses < 5.0 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape the Email PDT identity token settings, which could allow high privilege users to perform cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed Visit to Paypal Setting Under Learning Plugin Enter the XSS payload " in Email PDT...

4.8CVSS0.6AI score0.00598EPSS
Exploits2
wpexploit
wpexploit
added 2021/03/25 12:0 a.m.84 views

Business Directory <= 1.2.0 - Unauthenticated Reflected Cross-Site Scripting (XSS)

This theme does not sanitise its search input, leading to a Reflected XSS issue when output back in the search result page. Note WPScanTeam: The theme has been removed from the WordPress marketplace listing on March 22nd, 2021 The PoC will be displayed once the issue has been remediated...

0.8AI score
Exploits0References1
wpexploit
wpexploit
added 2021/01/20 12:0 a.m.84 views

Under Construction < 3.86 - Authenticated Stored Cross-Site Scripting (XSS)

The Underconstruction plugin admin configuration is vulnerable to stored XSS issues which will be triggered in the main page of the site, even when the unfilteredhtml is disabled. Edit WPScanTeam A fix was attempted in v3.80, but was insufficient. In the meantime, more fields were found to be...

0.2AI score
Exploits0References2
wpexploit
wpexploit
added 2020/11/12 12:0 a.m.84 views

Good LMS < 2.1.5 - Unauthenticated SQL Injection

The Good LMS WordPress plugin was vulnerable to Unauthenticated SQL Injection in its 'id' parameter of the gdlrlmscancelbooking action. POST /wp-admin/admin-ajax.php HTTP/1.1 action=gdlrlmscancelbooking&id=SELECT 1337 FROM SELECTSLEEP10MrMV...

7.5CVSS2.7AI score0.1064EPSS
Exploits2References2
wpexploit
wpexploit
added 2023/02/22 12:0 a.m.83 views

GoToWP <= 5.1.1 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. registermeeting type='" onmouseover="alert1...

5.4CVSS5.6AI score0.00444EPSS
Exploits2
wpexploit
wpexploit
added 2022/11/29 12:0 a.m.83 views

Appointment Hour Booking < 1.3.73 - Unauthenticated iFrame Injection

The plugin does not sanitise and escape the email and general field parameters, which could allow unauthenticated users to perform iFrame injection attack As an unauthenticated user, submit a booking and put an iFrame payload in the email/general field parameter The iFrame will be executed when a...

7.2CVSS1.1AI score0.00687EPSS
Exploits1
wpexploit
wpexploit
added 2022/10/17 12:0 a.m.83 views

WP Hide <= 0.0.2 - Unauthenticated Settings Update

The plugin does not have authorisation and CSRF checks in place when updating the customwpadminslug settings, allowing unauthenticated attackers to update it with a crafted request curl -X POST --data "customwpadminslug=attacker-value" https://example.com/wp-admin/admin-post.php Settings is...

5.3CVSS2AI score0.00346EPSS
Exploits2
wpexploit
wpexploit
added 2022/06/14 12:0 a.m.83 views

Modula Image Gallery < 2.6.7 - Reflected Cross-Site Scripting

The plugin does not escape some URLs before outputting them back in attributes, leading to Reflected Cross-Site Scripting https://example.com/wp-admin/edit.php?posttype=modula-gallery&page=modula-addons&a"alert/XSS/ Other URLs are affected...

Exploits0
wpexploit
wpexploit
added 2022/06/14 12:0 a.m.83 views

WordPress Real Cookie Banner < 2.18.2 - Reflected Cross-Site Scripting

The plugin does not escape some URLs before outputting them back in attributes, leading to Reflected Cross-Site Scripting When there is the notice about the updated template: https://example.com/wp-admin/index.php?a"alert/XSS/...

0.3AI score
Exploits0
wpexploit
wpexploit
added 2022/04/25 12:0 a.m.83 views

Tracked Tweets <= 0.2.9 - Stored Cross-Site Scripting via CSRF

The plugin does not have SCRF check when updating its settings, as well as does not sanitise and escape them when outputting them back. This could allow attackers to make a logged in admin update them to arbitrary values, including XSS payloads, via a CSRF attack ' /...

0.5AI score
Exploits0
wpexploit
wpexploit
added 2022/03/23 12:0 a.m.83 views

Hummingbird < 3.3.2 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape the Config Name, which could allow high privilege users, such as admin to perform cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed Go to Hummingbird's Settings Configs edit the "Name and Description" and put the following...

4.8CVSS4.9AI score0.0282EPSS
Exploits4
wpexploit
wpexploit
added 2021/12/27 12:0 a.m.83 views

WebP Converter for Media < 4.0.3 - Unauthenticated Open redirect

The plugin contains a file passthru.php which does not validate the src parameter before redirecting the user to it, leading to an Open Redirect issue https://example.com/wp-content/plugins/webp-converter-for-media/includes/passthru.php?src=https://wpscan.com...

6.1CVSS2.1AI score0.02505EPSS
Exploits2
wpexploit
wpexploit
added 2021/12/24 12:0 a.m.83 views

Mobile Events Manager < 1.4.4 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape various of its settings, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed Payload used: alert/XSS/ - Put the payload in the TMEM Events Settings Events Event prefix field, then Creat...

4.8CVSS4.8AI score0.00654EPSS
Exploits2References1
wpexploit
wpexploit
added 2021/12/22 12:0 a.m.83 views

Event Tickets < 5.2.2 - Open Redirect

The plugin does not validate the tribeticketsredirectto parameter before redirecting the user to the given value, leading to an arbitrary redirect issue https://exampel.com/wp-admin/admin.php?page=wpajaxrsvp-form&tribeticketsredirectto=https://wpscan.com...

6.1CVSS2.1AI score0.0194EPSS
Exploits2
wpexploit
wpexploit
added 2021/04/30 12:0 a.m.83 views

Download Manager < 3.1.22 - Plugin Settings Change via CSRF

The wpdmsettings AJAX action, used the section POST parameter to call the associated settings handler methods dynamically. However, the pluginUpdate section=plugin-update and Privacy section=privacy were missing CSRF checks. Furthermore, the Privacy function did not ensure that the options to be...

0.2AI score
Exploits0
wpexploit
wpexploit
added 2023/03/20 12:0 a.m.82 views

Time Sheets < 1.29.3 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup 1. Login as Admin. 2. Go to...

4.8CVSS5.3AI score0.00442EPSS
Exploits2
wpexploit
wpexploit
added 2022/12/28 12:0 a.m.82 views

Structured Content < 1.5.1 - Contributor+ Stored XSS in Shortcode

The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. Exploit...

5.4CVSS0.6AI score0.00471EPSS
Exploits2
wpexploit
wpexploit
added 2022/12/22 12:0 a.m.82 views

Carousel, Slider, Gallery by WP Carousel < 2.5.3 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. Exploit...

5.4CVSS0.3AI score0.00471EPSS
Exploits2
wpexploit
wpexploit
added 2022/01/03 12:0 a.m.82 views

Visual CSS Style Editor < 7.5.4 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape the wyppagetype parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting issue...

6.1CVSS0.7AI score0.01397EPSS
Exploits2References1
wpexploit
wpexploit
added 2021/12/27 12:0 a.m.82 views

Code Snippets < 2.14.3 - Reflected Cross-Site Scripting

The plugin does not escape the snippets-safe-mode parameter before outputting it back in attributes, leading to a Reflected Cross-Site Scripting issue...

6.1CVSS1.2AI score0.02268EPSS
Exploits2
wpexploit
wpexploit
added 2021/12/24 12:0 a.m.82 views

Spreadsheet Integration < 3.6.0 - Reflected Cross-Site Scripting

The plugin does not sanitise or escape some parameters before outputting them back in the admin dashboard, leading to reflected Cross-Site Scripting issues https://example.com/wp-admin/admin.php?page=wpgsi&action=edit&id=1%22%3E%3Cimg+src+onerror%3Dalert%28%2FXSS%2F%29%3E POST...

0.9AI score
Exploits0References1
wpexploit
wpexploit
added 2020/12/14 12:0 a.m.82 views

Total Upkeep by BoldGrid < 1.14.10 - Unauthenticated Backup Download

The plugin does not restrict access to a file containing sensitive information, such as the internal path of backups, which may then allow unauthenticated users to download them. The filepath in /wp-content/plugins/boldgrid-backup/cron/restore-info.json will reveal the internal path of the backup...

0.8AI score
Exploits0References1
wpexploit
wpexploit
added 2023/03/22 12:0 a.m.81 views

MDTF < 1.3.1 - Reflected XSS

The plugin does not sanitise and escape the taxname parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin Make a logged in admin open...

5.4CVSS5.7AI score0.00441EPSS
Exploits2References1
wpexploit
wpexploit
added 2022/05/30 12:0 a.m.81 views

New User Approve < 2.4.1 - Reflected Cross-Site Scripting

The plugin does not escape some URLs before outputting them back in attributes, leading to Reflected Cross-Site Scripting With the Membership settings /wp-admin/options-general.php disabled: https://example.com/wp-admin/index.php?a"alert/XSS/...

Exploits0
wpexploit
wpexploit
added 2022/04/27 12:0 a.m.81 views

Coru LFMember <= 1.0.2 - Arbitrary Game Deletion/Activation via CSRF

The plugin does not have CSRF in place when deleting and activating games, which could allow attacker to make a logged in admin perform such actions...

1.8AI score
Exploits0
wpexploit
wpexploit
added 2022/01/10 12:0 a.m.81 views

WooCommerce – Store Exporter < 2.7.1 - Reflected Cross-Site Scripting (XSS)

The plugin was affected by a Reflected Cross-Site Scripting XSS vulnerability in the wooce admin page. http://127.0.0.1:8001/wp-admin/admin.php?page=wooce&failed=1&message=%3Cscript%3Ealert1;%3C/script%3E...

6.1CVSS1.7AI score0.02337EPSS
Exploits2References1
wpexploit
wpexploit
added 2021/12/27 12:0 a.m.81 views

WP User Frontend < 3.5.26 - SQL Injection to Reflected Cross-Site Scripting

The plugin does not validate and escape the status parameter before using it in a SQL statement in the Subscribers dashboard, leading to an SQL injection. Due to the lack of sanitisation and escaping, this could also lead to Reflected Cross-Site Scripting...

8.8CVSS1.2AI score0.1712EPSS
Exploits6References1
wpexploit
wpexploit
added 2021/03/24 12:0 a.m.81 views

MapifyLite < 4.0.0 - Authenticated Stored Cross-Site Scripting (XSS)

The plugin does not sanitise the Image URL either in the settings or in a location, allowing editor+ users to use a malicious payload, leading to Stored Cross-Site Scripting issues. Notes WPScanTeam: - The vendor has been notified on March 24th, 2021 - The pro version is very likely to be...

Exploits0References1
wpexploit
wpexploit
added 2020/12/14 12:0 a.m.81 views

Limit Login Attempts Reloaded < 2.16.0 - Authenticated Reflected Cross-Site Scripting

The plugin does not properly sanitise user input in its options page, which could allow attackers to perform XSS attacks against logged in administrator by making them open a malicious URL The issue was partially fixed in 2.15.1, and fully remediated in 2.16.0...

3.5CVSS3.4AI score0.00767EPSS
Exploits2References1
wpexploit
wpexploit
added 2023/03/22 12:0 a.m.80 views

Pricing Tables For WPBakery Page Builder < 3.0 - Subscriber+ LFI

The plugin does not validate some shortcode attributes before using them to generate paths passed to include function/s, allowing any authenticated users such as subscriber to perform LFI attacks Run the below command in the developer console of the web browser while being on the blog as a...

6.5CVSS6.9AI score0.009EPSS
Exploits2
wpexploit
wpexploit
added 2022/05/09 12:0 a.m.80 views

StaffList < 3.1.7 - Reflected Cross-Site Scripting

The plugin does to sanitise and escape a parameter before outputting it back in various places in an admin page, leading to a Reflected cross-Site Scripting v v 3.1.7 - https://example.com/wp-admin/admin.php?page=stafflist&search=aa' style=animation-name:rotation onanimationstart=alert/XSS///...

0.9AI score
Exploits0
wpexploit
wpexploit
added 2022/04/25 12:0 a.m.80 views

Tracked Tweets <= 0.2.9 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape some parameters before outputting them back in an admin page, leading to a Reflected Cross-Site Scripting issue All parameters from the settings page are affected ' /...

0.1AI score
Exploits0
wpexploit
wpexploit
added 2022/04/04 12:0 a.m.80 views

Menubar < 5.8 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape the command parameter before outputting it back in the response via the menubar AJAX action available to any authenticated users, leading to a Reflected Cross-Site Scripting " /...

5.4CVSS0.6AI score0.0058EPSS
Exploits2
wpexploit
wpexploit
added 2022/03/28 12:0 a.m.80 views

Page Security & Membership <= 1.5.15 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed Put the following payload in the "Force Public Pages" settings of the plugin...

4.8CVSS0.4AI score0.00577EPSS
Exploits2
wpexploit
wpexploit
added 2021/12/30 12:0 a.m.80 views

Custom Dashboard & Login Page < 7.0 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise some of its settings, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. Note: v6.9.5 made the settings only available to admin with the unfilteredhtml capability, however existing payloads were...

4.8CVSS0.2AI score0.00598EPSS
Exploits2
wpexploit
wpexploit
added 2021/03/30 12:0 a.m.80 views

Controlled Admin Access < 1.5.6 - Improper Access Control to Privilege Escalation

The plugin did not properly restrict access when checking user with limited access, allowing them to query pages they should not be able to, which could lead to privilege escalation by creating a new administrator with full, unrestricted access to the blog. Created a temporary admin account via t...

2AI score
Exploits0References1
wpexploit
wpexploit
added 2023/01/30 12:0 a.m.79 views

GS Products Slider for WooCommerce < 1.5.9 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks gswps theme='" onmouseover="alert1"...

5.4CVSS5.2AI score0.00457EPSS
Exploits2
wpexploit
wpexploit
added 2022/05/31 12:0 a.m.79 views

Visualizer < 3.7.7 - Reflected Cross-Site Scripting

The plugin does not escape some URLs before outputting them back in attributes, leading to Reflected Cross-Site Scripting https://example.com/wp-admin/admin-ajax.php?action=visualizer-edit-chart&library=yes&chart=6190&tab=visualizer&a"alert/XSS/...

0.5AI score
Exploits0
wpexploit
wpexploit
added 2022/02/16 12:0 a.m.79 views

WP Voting Contest <= 2.1 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape the postid parameter before outputting it back in the response via the wpvcsocialshareicons AJAX action available to both unauthenticated and authenticated users, leading to a Reflected Cross-Site Scripting issue alert/XSS/' /...

0.3AI score0.00783EPSS
Exploits2
wpexploit
wpexploit
added 2021/10/20 12:0 a.m.79 views

Download Monitor < 4.4.5 - Admin+ SQL Injection

The plugin does not properly validate and escape the "orderby" GET parameter before using it in a SQL statement when viewing the logs, leading to an SQL Injection issue There need to be at least one log for the payload to trigger...

7.2CVSS1.3AI score0.17484EPSS
Exploits5
wpexploit
wpexploit
added 2021/04/30 12:0 a.m.79 views

Give WP < 2.10.4 - Authenticated Stored Cross-Site Scripting (XSS)

The plugin did not sanitise or escape the Background Image field of its Stripe Checkout Setting and Logo field in its Email settings, leading to authenticated admin+ Stored XSS issues. Notes WPScanTeam - The original reporter mentioned the issue being fixed in 2.10.2, but we could still trigger i...

4.8CVSS0.1AI score0.00664EPSS
Exploits2References1
wpexploit
wpexploit
added 2020/10/21 12:0 a.m.79 views

SuperStoreFinder Plugins - Unauthenticated Arbitrary File Upload

The SuperStoreFinder premium WordPress plugins did not properly check file uploads, depending on the plugin, only checking for the mime type and/or the first extension of the file name. An attacker could set the Content-Type header to "Content-Type: text/csv", as well as use a double extension to...

7.5AI score
Exploits0References5
wpexploit
wpexploit
added 2023/03/20 12:0 a.m.78 views

Simple Giveaways < 2.45.1 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup Login with admin user and navigate to "Giveaways...

4.8CVSS5.3AI score0.00442EPSS
Exploits2
wpexploit
wpexploit
added 2022/12/22 12:0 a.m.78 views

Real Testimonials < 2.6.0 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. Exploit...

5.4CVSS1.1AI score0.00471EPSS
Exploits2
Total number of security vulnerabilities4359