Lucene search
K
WpexploitMost viewed

4359 matches found

wpexploit
wpexploit
added 2020/10/07 12:0 a.m.57 views

WPBakery Page Builder < 6.4.1 - Authenticated Stored Cross-Site Scripting (XSS)

Wordfence discovered an Authenticated Stored Cross-Site Scripting XSS security vulnerability within the WPBakery Page Builder WordPress plugin. The vulnerability could allow a low privileged user, such as contributor, to inject malicious JavaScript into posts. "Exploit Post", "content" =...

3.5CVSS0.3AI score0.00691EPSS
Exploits2References1
wpexploit
wpexploit
added 2016/06/22 12:0 a.m.57 views

Cherry Plugin < 1.2.7 - Unauthenticated Arbitrary File Upload and Download

The cherry plugin WordPress plugin was affected by an unauthenticated file upload and download vulnerability, allowing attackers to upload and download arbitrary files. This could result in attacker uploading backdoor shell scripts or downloading the wp-config.php file. Upload: The following file...

1.8AI score
Exploits0References3
wpexploit
wpexploit
added 2021/12/06 12:0 a.m.56 views

WooCommerce PDF Invoices & Packing Slips < 2.10.5 - Reflected Cross-Site Scripting

The plugin does not escape the tab and section parameters before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting in the admin dashboard...

4.8CVSS1.8AI score0.01188EPSS
Exploits3
wpexploit
wpexploit
added 2021/12/06 12:0 a.m.56 views

Tab - Accordion, FAQ < 1.3.2 - Unauthenticated AJAX Calls

All AJAX actions of the plugin are available to both unauthenticated and authenticated users, allowing unauthenticated attackers to modify various data in the plugin, such as add/edit/delete arbitrary tabs. v1.3.0 added CSRF checks, however authorisation was still missing and has been added in...

7.5CVSS1.4AI score0.01196EPSS
Exploits2
wpexploit
wpexploit
added 2021/12/03 12:0 a.m.56 views

Modern Events Calendar Lite < 6.2.0 - Subscriber+ Category Add Leading to Stored XSS

The plugin alloed any logged-in user, even a subscriber user, may add a category whose parameters are incorrectly escaped in the admin panel, leading to stored XSS. 1. Run the following JavaScript in the browser's web console as a subscriber user. 2. Authenticate in a separate browser as an admin...

5.4CVSS5.4AI score0.00611EPSS
Exploits2
wpexploit
wpexploit
added 2021/11/03 12:0 a.m.56 views

Cost Calculator <= 1.4 - Contributor+ Local File Inclusion

The plugin allows users with a role as low as Contributor to perform path traversal and local PHP file inclusion on Windows Web Servers via the Cost Calculator post's Layout As a contributor, create a Cost Calculator post, set the Layout to /../../../../../../../../../../file assuming the file to...

0.3AI score0.03EPSS
Exploits2
wpexploit
wpexploit
added 2020/11/25 12:0 a.m.56 views

WPJobBoard < 5.7.0 - Unauthenticated SQL Injection

An Unauthenticated SQL Injection vulnerability was discovered in the WPJobBoard plugin v5.6.4 for WordPress. Vulnerable parameters: type, category. $ :: Payloads Boolean-based blind: /advanced-search/?query=4325&location=4325&type=7 AND 2392=SELECT CASE WHEN 2392=2392 THEN 2392 ELSE SELECT 8365...

0.8AI score
Exploits0References1
wpexploit
wpexploit
added 2020/05/07 12:0 a.m.56 views

Elementor Pro < 2.9.4 - Authenticated Arbitrary File Upload

According to Jerome Bruandet, from NintechNet, the vulnerability, currently exploited by attackers, allows any logged-in user to upload and execute PHP scripts on the blog. Chloe Chamberland from Wordfence also confirmed the issue and added that "This vulnerability is being used in conjunction wi...

6.5CVSS0.1AI score0.08565EPSS
Exploits1References2
wpexploit
wpexploit
added 2021/12/06 12:0 a.m.55 views

Multivendor Marketplace Solution for WooCommerce < 3.8.4 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape user input before outputting it back in HTML attributes, leading to Reflected Cross-Site Scripting issues https://example.com/wp-admin/admin.php?page=wcmp-setting-admin&tab=vendor'alert/XSS/...

0.5AI score
Exploits0
wpexploit
wpexploit
added 2020/11/12 12:0 a.m.55 views

BA Book Everything < 1.3.25 - Unauthenticated Reflected XSS & XFS

An Unauthenticated Reflected XSS & XFS vulnerabilities was discovered in the BA Book Everything plugin v1.3.24 for WordPress. Vulnerable parameters: datefrom, dateto. $ :: Payloads: " " ! :: PoC:...

1.3AI score
Exploits0References1
wpexploit
wpexploit
added 2020/06/28 12:0 a.m.55 views

Nexos - Real Estate < 1.8 - Unauthenticated Reflected XSS & SQL Injection

Unauthenticated Reflected XSS and SQL Injection vulnerabilities were discovered in the «Nexos - Real Estate WordPress Theme», tested version — v1.7. June 17th, 2020 - Confirmed & Escalated to Envato. June 19th, 2020 - v1.8 released. Fixing the issues. PoC Unauthenticated Reflected XSS:...

5CVSS0.4AI score0.05901EPSS
Exploits7References1
wpexploit
wpexploit
added 2020/04/14 12:0 a.m.55 views

Accordion < 2.2.9 - Unprotected AJAX Action to Stored/Reflected XSS

This flaw allowed any authenticated user with subscriber-level and above permissions the ability to import a new accordion and inject malicious Javascript as part of the accordion. POST /wp-admin/admin-ajax.php HTTP/1.1 Host: URL Accept: / X-Requested-With: XMLHttpRequest User-Agent: Mozilla/5.0...

3.5CVSS0.5AI score0.00766EPSS
Exploits2References1
wpexploit
wpexploit
added 2020/08/04 12:0 a.m.54 views

The Official WordPress Facebook Chat Plugin < 1.6 - Authenticated Options Change to Chat Takeover

This flaw made it possible for low-level authenticated attackers to connect their own Facebook Messenger account to any site running the vulnerable plugin and engage in chats with site visitors on affected sites. Obtain PageID from a test Facebook Page found under page - about - pageID. Use this...

0.9AI score
Exploits0References1
wpexploit
wpexploit
added 2015/05/06 12:0 a.m.54 views

Jetpack <= 3.5.2 - Unauthenticated DOM Cross-Site Scripting (XSS)

Genericons...

1.1AI score
Exploits0References1
wpexploit
wpexploit
added 2022/02/03 12:0 a.m.53 views

EasyJobs < 1.4.8 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape the job-id parameter before outputting it back in a page, leading to a Reflected Cross-Site Scripting https://example.com/wp-content/plugins/easyjobs/admin/partials/easyjobs-candidates-display.php?job-id=%22%3E%3Cimg/src/onerror=alert/XSS/%3E...

0.9AI score
Exploits0References1
wpexploit
wpexploit
added 2021/02/08 12:0 a.m.53 views

Extra Charges To Payment Gateway For WooCommerce <= 2.0.2.1 - Unauthorised Arbitrary Plugin Settings Change to Stored XSS

The addformfields method, hooked to the adminhead action is lacking any CSRF and capability checks, allowing low privilege users to arbitrary update those settings, and set XSS payloads in them as well, which could lead to privilege escalation. Unauthenticated users could also make a logged in us...

0.6AI score
Exploits0References2
wpexploit
wpexploit
added 2020/10/09 12:0 a.m.53 views

Autoptimize < 2.7.8 - Race Condition leading to RCE

The plugin attempts to remove potential malicious files from the extracted archive uploaded via the 'Import Settings' feature, however this is not sufficient to protect against RCE as a race condition can be achieved in between the moment the file is extracted on the disk but not yet removed. It ...

0.5AI score0.13139EPSS
Exploits7
wpexploit
wpexploit
added 2018/10/15 12:0 a.m.53 views

Tajer - Unauthenticated Arbitrary File Upload

The tajer WordPress plugin was affected by an Unauthenticated Arbitrary File Upload security vulnerability. curl -F "[email protected]" http://www.example.com/wp-content/plugins/tajer/lib/jQuery-File-Upload-master/server/php/index.php Shell is uploaded to:...

7.5CVSS1.5AI score0.97107EPSS
Exploits15References1
wpexploit
wpexploit
added 2021/12/06 12:0 a.m.52 views

Events Made Easy < 2.2.36 - Subscriber+ SQL Injection

The plugin does not sanitise and escape the searchtext parameter before using it in a SQL statement via the emesearchmail AJAX action, available to any authenticated users. As a result, users with a role as low as subscriber can call it and perform SQL injection attacks...

8.8CVSS0.5AI score0.01562EPSS
Exploits2
wpexploit
wpexploit
added 2021/12/01 12:0 a.m.52 views

WP Travel Engine < 5.3.1 - Editor+ Stored Cross-Site Scripting

The plugin does not escape the Description field in the Trip Destination/Activities/Trip Type and Pricing Category pages, allowing users with a role as low as editor to perform Stored Cross-Site Scripting attacks, even when the unfilteredhtml capability is disallowed As an editor or admin, add or...

5.4CVSS0.00604EPSS
Exploits2
wpexploit
wpexploit
added 2018/11/08 12:0 a.m.52 views

WP GDPR Compliance <= 1.4.2 - Unauthenticated Call Any Action or Update Any Option

The plugin WP GDPR Compliance allows unauthenticated users to execute any action and to update any database value. If the request data form is available for unauthenticated users, even unauthenticated users are able to do this. See references for discussion of the issue. The problem is in the fil...

7.5CVSS0.5AI score0.87294EPSS
Exploits4References3
wpexploit
wpexploit
added 2020/10/21 12:0 a.m.51 views

Helios Solutions Brand Logo Slider <= 2.1 - Authenticated Arbitrary File Upload

An Authenticated user admin+ can bypass the security check of the plugin and upload arbitrary files via the Brand Logo. The PoC will be displayed once the issue has been remediated...

1AI score
Exploits0References1
wpexploit
wpexploit
added 2019/05/06 12:0 a.m.51 views

W3 Total Cache <= 0.9.7.3 - Cross-Site Scripting (XSS)

The W3 Total Cache WordPress plugin was affected by a Cross-Site Scripting XSS security vulnerability. alert1"...

0.2AI score
Exploits0References1
wpexploit
wpexploit
added 2021/12/08 12:0 a.m.50 views

WP Google Map < 1.8.1 - Subscriber+ Arbitrary Post Deletion and Plugin's Settings Update

The plugin does not have proper authorisation and CSRF in most of its AJAX actions, which could allow any authenticated users, such as subscriber to delete arbitrary posts and update the plugin's settings. v1.8.1 added authorisation checks, however CSRF was still missing and a separate advisory h...

5.7CVSS0.8AI score0.0042EPSS
Exploits2References1
wpexploit
wpexploit
added 2021/11/14 12:0 a.m.50 views

Contact Form Entries < 1.2.4 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape various parameters, such as formid, status, enddate, order, orderby and search before outputting them back in the admin page...

6.1CVSS1.5AI score0.0682EPSS
Exploits4References1
wpexploit
wpexploit
added 2020/12/14 12:0 a.m.50 views

Total Upkeep by BoldGrid < 1.14.10 - Sensitive Data Disclosure (Server IP Address, UID etc)

The plugin does not restrict access to a file containing sensitive information, such as the real server IP address, UID and so on, which may help attackers in further attacks. GET /wp-content/plugins/boldgrid-backup/cli/env-info.php ..., "phpuname":"Linux wordpress-server X.X.X-XX-generic XX-Ubun...

1.3AI score
Exploits0References1
wpexploit
wpexploit
added 2020/10/15 12:0 a.m.50 views

Comment Press < 2.7.2 - Unauthenticated Cross-Frame Scripting

An Unauthenticated Cross-Frame Scripting vulnerability was discovered in the Comment Press plugin v2.7.0 for WordPress. ! :: PoC Burp Suite: POST /wp-comments-post.php HTTP/1.1 Host: example.com Content-Type: application/x-www-form-urlencoded; charset=UTF-8 X-Requested-With: XMLHttpRequest...

0.8AI score
Exploits0References2
wpexploit
wpexploit
added 2020/09/22 12:0 a.m.50 views

Ninja Forms < 3.4.27.1 - CSRF leading to Arbitrary Plugin Installation

The plugin is affected by a Cross-Site Request Forgery CSRF which could allow attackers to make a logged administrator install an arbitrary plugin from the WordPress repository. http://example.com/wp-admin/admin-ajax.php?action=nfservicesinstall&plugin=wpscan&installpath=wpscan/wpscan.php...

4.3CVSS4.3AI score0.00593EPSS
Exploits1References1
wpexploit
wpexploit
added 2020/08/10 12:0 a.m.50 views

File Manager < 6.5 - Backup File Directory Listing

The File Manager WordPress plugin could expose backup files if the web server had Directory Listing enabled. The File Manager WordPress plugin, version 6.4 and lower, failed to restrict external access to the fmbackups directory with a .htaccess file. This resulted in the ability for...

5CVSS1AI score0.16327EPSS
Exploits2References2
wpexploit
wpexploit
added 2020/05/28 12:0 a.m.50 views

Page Builder: PageLayer - Drag and Drop website builder < 1.1.2 - Unprotected AJAX's leading to XSS

Nearly all of the AJAX action endpoints in this plugin failed to include permission checks allowing these actions to be executed by anyone authenticated on the site. The greatest impact was the pagelayersavecontent function that allowed pages to be modified and XSS to occur. $wpuser, 'pwd' =...

6.5CVSS0.4AI score0.01089EPSS
Exploits2References1
wpexploit
wpexploit
added 2020/03/24 12:0 a.m.50 views

Multiple plugins - Unauthenticated Dompdf Local File Inclusion (LFI)

Multiple plugins were found to be vulnerable to the Dompdf unauthenticated Local File Inclusion LFI vulnerability CVE-2014-2383...

4.3CVSS1.9AI score0.39374EPSS
Exploits6References1
wpexploit
wpexploit
added 2007/04/29 12:0 a.m.50 views

myGallery <= 1.4b4 - Unauthenticated File Inclusion

The MySliderGallery WordPress plugin was affected by an Unauthenticated File Inclusion security vulnerability. This vulnerability has been seen exploited in the wild with the following payload:...

7.5CVSS1.2AI score0.62871EPSS
Exploits2References2
wpexploit
wpexploit
added 2022/01/12 12:0 a.m.49 views

Mitsol Social Post Feed <= 1.10 - Admin+ Stored Cross-Site Scripting

The plugin does not escape some of its settings before outputting them back in attributes, which could allow high privilege users such as admin to perform cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed Put the following payload in the Access Token User access...

0.5AI score
Exploits0References1
wpexploit
wpexploit
added 2021/12/06 12:0 a.m.49 views

PowerPack Addons for Elementor < 2.6.2 - Reflected Cross-Site Scripting

The plugin does not escape the tab parameter before outputting it back in an attribute in the admin dashboard, leading to a Reflected Cross-Site Scripting issue...

6.1CVSS2.1AI score0.00876EPSS
Exploits2References1
wpexploit
wpexploit
added 2021/12/01 12:0 a.m.49 views

CAOS < 4.1.9 - Admin+ Arbitrary Folder Deletion via Path Traversal

The plugin does not validate the cache directory setting, allowing high privilege users to use a path traversal vector and delete arbitrary folders when uninstalling the plugin As admin, put the following payload in the "Cache directory for analytics.js" setting of the plugin: ../wp-includes, tic...

4.9CVSS1.6AI score0.01021EPSS
Exploits2
wpexploit
wpexploit
added 2021/12/01 12:0 a.m.49 views

OMGF < 4.5.12 - Admin+ Arbitrary Folder Deletion via Path Traversal

The plugin does not validate the cache directory setting, allowing high privilege users to use a path traversal vector and delete arbitrary folders when uninstalling the plugin As admin, put the following payload in the "Fonts Cache Directory" setting of the plugin: ../wp-includes, tick the "Remo...

4.9CVSS1.7AI score0.01021EPSS
Exploits2
wpexploit
wpexploit
added 2020/04/08 12:0 a.m.49 views

Klarna Checkout for WooCommerce < 2.0.10 - Authenticated Arbitrary Plugin Deactivation, Activation and Installation

The plugin registers one AJAX action intended for installing addon plugins from WordPress.org. The callback method to this action does not have a capability nor nonce check. This enables any logged in user to post a request to the endpoint and install, activate or deactivate any plugin. Since the...

0.7AI score
Exploits0References1
wpexploit
wpexploit
added 2020/01/14 12:0 a.m.49 views

InfiniteWP Client < 1.9.4.5 - Authentication Bypass

As per agreement between the researcher and developer, details will be released on January 14th. It is possible to login as any administrator on the site due to logical mistakes in the code. The issue resides in the function iwpmmbsetrequest which is located in the init.php file. This checks if t...

7.5CVSS0.4AI score0.8787EPSS
Exploits2References3
wpexploit
wpexploit
added 2020/11/13 12:0 a.m.48 views

[0day] AIT CSV Import / Export <= 3.0.3 - Unauthenticated Arbitrary File Upload

The WPScan research team discovered an active exploitation attempt against a 0day vulnerability within the premium AIT CSV Import / Export WordPress plugin within our honeypot logs. The honeypot log showed a GET request to the following file:...

7.1AI score
Exploits0References1
wpexploit
wpexploit
added 2019/11/19 12:0 a.m.48 views

WP Maintenance <= 5.0.5 - Cross-Site Request Forgery to Stored Cross-Site Scripting

No nonce protection on form submissions leading to CSRF and no input/output sanitization allowing for XSS when CSRF is exploited. input type="hidden" name="wpmaintenancesocialop...

6.8CVSS0.1AI score0.0063EPSS
Exploits2References2
wpexploit
wpexploit
added 2021/11/15 12:0 a.m.47 views

Security Audit <= 1.0.0 - Admin+ Stored Cross Site Scripting

The plugin does not sanitise and escape the Data Id setting, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. Put the following payload in the Data ID setting of the plugin...

4.8CVSS1.3AI score0.05063EPSS
Exploits5
wpexploit
wpexploit
added 2020/10/09 12:0 a.m.47 views

Autoptimize < 2.7.8 - Authenticated Stored XSS via File Upload

The plugin does not check for malicious files such as .html in the archive uploaded via the 'Import Settings' feature. As a result, it is possible for a high privilege user to upload a malicious file containing JavaScript code inside an archive which will execute when a victim visits index.html...

0.5AI score0.00617EPSS
Exploits2
wpexploit
wpexploit
added 2020/07/05 12:0 a.m.47 views

JobSearch < 1.5.3 - Multiple Cross-Site Scripting Issues

An Unauthenticated Reflected & Multiple Authenticated Persistent XSS vulnerabilities was discovered in the JobSearch plugin through 1.5.1 and 1.5.2 for WordPress. Authenticated Persistent XSS on the Candidate and Employer Profile pages. An Authenticated Persistent XSS @ Job Page will trigger on t...

0.1AI score
Exploits0References3
wpexploit
wpexploit
added 2021/11/18 12:0 a.m.46 views

Child Theme Generator <= 2.2.7 - Reflected Cross-Site Scripting

The plugin does not sanitise escape the parade parameter before outputting it back, leading to a Reflected Cross-Site Scripting in the admin dashboard alert/XSS/;" / var form1 = document.getElementById'hack'; form1.submit;...

0.00636EPSS
Exploits2
wpexploit
wpexploit
added 2021/11/10 12:0 a.m.46 views

Meks Easy Photo Feed Widget < 1.2.4 - Subscriber+ Settings Update to Stored XSS

The plugin does not have capability and CSRF checks in the mekssavebusinessselectedaccount AJAX action, available to any authenticated user, and does not escape some of the settings. As a result, any authenticated user, such as subscriber could update the plugin's settings and put Cross-Site...

0.2AI score0.00591EPSS
Exploits2
wpexploit
wpexploit
added 2021/11/03 12:0 a.m.46 views

WooRockets Nitro <= 1.7.9 - Unauthenticated Arbitrary Plugin Installation

The theme does not have authorisation in some of its AJAX actions, and relied on CSRF checks for it. As one of the action allowed for nonces to be disclosed under a specific circumstance, unauthenticated users could then use them to install and active arbitrary plugins via a zip file, as well as...

2.5AI score
Exploits0
wpexploit
wpexploit
added 2020/03/17 12:0 a.m.46 views

Custom Post Type UI < 1.7.4 - CSRF to Stored XSS

The Custom Post Type UI WordPress plugin was vulnerable to Cross-Site Request Forgery CSRF and Stored Cross-Site Scripting XSS within the "Import Post Types" functionality in the "Tools" tab. This functionality allows users to import "Post Types" from other websites, or from backup, as JSON. This...

6.1AI score
Exploits0References1
wpexploit
wpexploit
added 2019/06/11 12:0 a.m.46 views

Support Board - Chat And Help Desk | Support & Chat <= 1.2.8 Stored XSS

Info: Weak security measures like bad textarea data filtering has been discovered in the «Support Board - Chat And Help Desk | Support & Chat». Demo Website: https://codecanyon.net/item/support-board-chat-and-help-desk/20752085 Backend: https://board.support/desk-demo/?login=true Login / Password...

7.3AI score
Exploits0References1
wpexploit
wpexploit
added 2020/01/09 12:0 a.m.45 views

CityBook < 2.3.4 - Multiple Vulnerabilities

Multiple vulnerabilities was discovered in the 'CityBook - Directory & Listing WordPress Theme', tested version — v2.3.3: - Unauthenticated Reflected XSS - Authenticated Persistent XSS - IDOR Edit WPScanTeam: December 27h, 2019 - Envato Contacted January 6th, 2020 - Envato Investigating January...

6.4CVSS6.5AI score0.03243EPSS
Exploits7References1
wpexploit
wpexploit
added 2022/02/16 12:0 a.m.44 views

WP Statistic < 13.1.6 - Reflected Cross-Site Scripting

The plugin does not escape various generated links before outputting them back in attributes, leading to Reflected Cross-Site Scripting https://example.com/wp-admin/admin.php?page=wpsvisitorspage&"alert/XSS/ https://example.com/wp-admin/admin.php?page=wpsreferrerspage&"alert/XSS/...

0.8AI score
Exploits0
Total number of security vulnerabilities4359