Lucene search
K
WpexploitMost viewed

4359 matches found

wpexploit
wpexploit
added 2021/11/16 12:0 a.m.43 views

Mortgage Calculator / Loan Calculator < 1.5.17 - Contributor+ Stored Cross-Site Scripting

The plugin does not escape the some of the attributes of its mlcalc shortcode before outputting them, which could allow users with a role as low as contributor to perform Cross-Site Scripting attacks mlcalc schedule="month';alert/XSS///"...

5.4CVSS1.6AI score0.00604EPSS
Exploits2
wpexploit
wpexploit
added 2021/10/05 12:0 a.m.43 views

Perfect Survey < 1.5.2 - Unauthenticated Stored Cross-Site Scripting

The plugin does not validate and escape the X-Forwarded-For header value before outputting it in the statistic page when the Anonymize IP setting of a survey is turned off, leading to a Stored Cross-Site Scripting issue jQuery.postdata: psquestions:1:"1", action:"savequestiondata", ID:"765",...

0.1AI score0.01405EPSS
Exploits2
wpexploit
wpexploit
added 2020/02/25 12:0 a.m.43 views

Pricing Table by Supsystic < 1.8.2 - Unauthenticated Stored XSS

No permission check on the ImportJSONTable endpoint allows for malicious javascript to be injected by unauthenticated users...

4.9CVSS1.8AI score0.00778EPSS
Exploits1References1
wpexploit
wpexploit
added 2020/01/08 12:0 a.m.43 views

Minimal Coming Soon & Maintenance Mode < 2.15 - CSRF to Stored XSS and Setting Changes

This plugin had no nonce checks on any of the settings to verify that a request came from a legitimate source, such as a logged in administrative user. Therefore, creating a CSRF to stored XSS in addition to significant setting changes. alert1" /...

6.8CVSS0.4AI score0.00924EPSS
Exploits2References1
wpexploit
wpexploit
added 2021/10/19 12:0 a.m.42 views

Relevanssi - A Better Search < 4.14.3 - Unauthenticated Stored Cross-Site Scripting

The plugin does not sanitise and escape user searches before outputting them in the related admin dashboard when the feature is enabled Enable the logging of user query, then was unauthenticated user /?s= The XSS will be triggered when an admin will view the User Searches dashboard at...

7.1AI score
Exploits0References1
wpexploit
wpexploit
added 2021/09/27 12:0 a.m.42 views

WP Visited Countries Reloaded < 3.1.1 - Reflected Cross-Site Scripting

The plugin does not escape the page parameter in its Countries dashboard before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting issue alert/XSS/' /...

0.1AI score
Exploits0
wpexploit
wpexploit
added 2020/11/09 12:0 a.m.42 views

Ultimate Member < 2.1.12 - Unauthenticated Privilege Escalation via User Meta

An attacker could supply an array parameter for sensitive meta data such as the wpcapabilities user meta which defines a user’s role. During the registration process, submitted registration details were passed to the updateprofile function, and any respective metadata that was submitted, regardle...

7.5CVSS1.1AI score0.08975EPSS
Exploits2References1
wpexploit
wpexploit
added 2020/08/17 12:0 a.m.42 views

Home Villas <= 2.2 - Multiple Cross-Site Scripting Issues

An Unauthenticated Reflected & Authenticated Persistent XSS vulnerabilities were discovered in the Home Villas theme through 2.2 for WordPress. Edit WPScanTeam: July 27th, 2020 - Confirmed & Escalated to Envato July 28th, 2020 - Envato Investigating August 17th, 2020 - No updates, disclosing...

0.1AI score
Exploits0References2
wpexploit
wpexploit
added 2020/07/05 12:0 a.m.42 views

Careerfy < 4.1.0 - Multiple Cross-Site Scripting (XSS) Issues

An Unauthenticated Reflected & Multiple Authenticated Persistent XSS vulnerabilities was discovered in the Careerfy Job Board theme through 3.9.0 and 4.0.0 for WordPress. Authenticated Persistent XSS on the Candidate and Employer Profile pages. An Authenticated Persistent XSS @ Job Page will...

6.7AI score
Exploits0References3
wpexploit
wpexploit
added 2020/04/02 12:0 a.m.42 views

Contact Form 7 Datepicker <= 2.6.0 - Authenticated Stored Cross-Site Scripting (XSS)

Contact Form 7 Datepicker registers an AJAX action to save settings which calls a function that fails to perform a capability check or nonce check. As such, a logged-in attacker with minimal permissions such as a subscriber can send a crafted request which will store a malicious JavaScript in the...

3.5CVSS0.5AI score0.00712EPSS
Exploits2References1
wpexploit
wpexploit
added 2020/01/27 12:0 a.m.42 views

CarSpot < 2.2.3 - Multiple Vulnerabilities

Multiple vulnerabilities was discovered in the 'CarSpot – Dealership Wordpress Classified Theme', tested version — v2.2.0: - Authenticated Persistent XSS - Registration Form/User Profile - Authenticated Persistent XSS - Ad Post - IDOR leading to arbitrary deletion of ads Edit WPScanTeam: January...

Exploits0References1
wpexploit
wpexploit
added 2020/07/16 12:0 a.m.41 views

All in One SEO Pack < 3.6.2 - Authenticated Stored Cross-Site Scripting

This flaw allowed authenticated users with contributor level access or above the ability to inject malicious scripts that would be executed if a victim accessed the wp-admin panel’s ‘all posts’ page. "Exploit Post", "content" = "\nTest2\n", "status"="pending"; $postdata = jsonencode$data; //Get...

3.5CVSS5.3AI score0.00837EPSS
Exploits2References1
wpexploit
wpexploit
added 2020/07/12 12:0 a.m.41 views

Newsletter < 6.7.7 - Authenticated Stored Cross-Site Scripting

An Authenticated Stored Cross-Site Scripting XSS was discovered within the Company Info "Motto" field. When creating a new newsletter using an empty template with the header module, the XSS would execute. This was later fixed in version: 6.7.7...

2AI score
Exploits0References1
wpexploit
wpexploit
added 2018/11/14 12:0 a.m.41 views

Master Slider <= 3.7.0 - Authenticated Stored Cross-Site Scripting (XSS)

The plugin does not properly sanitise the slider name when creating or editing a slider, leading to an Authenticated editor+ Stored Cross-Site Scripting issue which will be triggered in the Slider table /wp-admin/admin.php?page=master-slider. Edit WPScanTeam: - The original report was from 2018,...

3.5CVSS5.4AI score0.00705EPSS
Exploits4References1
wpexploit
wpexploit
added 2015/07/23 12:0 a.m.41 views

WordPress <= 4.2.2 - Authenticated Stored Cross-Site Scripting (XSS)

Description Authenticated Cross-Site Scripting XSS in post/page text editor mode. Editor user and up. link...

4CVSS6AI score0.08814EPSS
Exploits1References3
wpexploit
wpexploit
added 2020/11/09 12:0 a.m.40 views

Ultimate Member < 2.1.12 - Authenticated Privilege Escalation via Profile Update

Due to the fact that Ultimate Member allowed the creation of new roles, this plugin also made it possible for site administrators to grant secondary Ultimate Member roles for all users upon a /wp-admin profile update. $wpuser, 'pwd' = $wppass, 'rememberme' = 'forever', 'wp-submit' = 'Log+In', ;...

6.5CVSS1.3AI score0.02032EPSS
Exploits2References1
wpexploit
wpexploit
added 2020/02/22 12:0 a.m.40 views

CardGate < 3.1.16 - Unauthorised Payments Hijacking and Order Status Spoofing

Lack of origin authentication CWE-346 at IPN callback processing function allow even unauthorized attacker to remotely replace critical plugin settings merchant id, secret key etc with known to him and therefore bypass payment process eg. spoof order status by manually sending IPN callback reques...

5.5CVSS0.04541EPSS
Exploits6References2
wpexploit
wpexploit
added 2020/01/10 12:0 a.m.40 views

EasyBook < 1.2.2 - Multiple Vulnerabilities

Multiple vulnerabilities was discovered in the 'EasyBook – Directory & Listing WordPress Theme', tested version — v1.2.1: - Unauthenticated Reflected XSS - Authenticated Persistent XSS - IDOR December 27th, 2019 - Envato Contacted January 6th, 2020 - Envato Investigating January ??th, 2020 -...

6.4CVSS6.5AI score0.03243EPSS
Exploits7References1
wpexploit
wpexploit
added 2019/01/07 12:0 a.m.40 views

JSmol2WP <= 1.07 - Unauthenticated Cross-Site Scripting (XSS)

The jsmol2wp WordPress plugin was affected by an Unauthenticated Cross-Site Scripting XSS security vulnerability. http://localhost:8080/wp-content/plugins/jsmol2wp/php/jsmol.php?isform=true&call=saveFile&data=%3Cscript%3Ealert/xss/%3C/script%3E&mimetype=text/html;%20charset=utf-8...

4.3CVSS1.6AI score0.0397EPSS
Exploits2References1
wpexploit
wpexploit
added 2018/10/26 12:0 a.m.40 views

Flow-Flow Social Stream <= 3.0.71 - Unauthenticated Cross-Site Scripting (XSS)

Cross-Site Scripting XSS vulnerability in the JSON output by modifying the hash parameter in admin-ajax.php using the fetchposts action. Response Content-Type set to html. http://www.example.com/wp-admin/admin-ajax.php?action=fetchposts&stream-id=1&hash=%3Cimg%20src=x%20onerror=alert1%3E...

0.3AI score
Exploits0References1
wpexploit
wpexploit
added 2017/12/14 12:0 a.m.40 views

Multiple Mediaburst/Clockwork Plugins - Cross-Site Scripting (XSS)

Reflected XSS via GET parameter "to". Vulnerable Plugins: ------------------------------------------ 1. Clockwork Free and Paid SMS Notifications URL: https://wordpress.org/plugins/mediaburst-email-to-sms/ Version 2.0.3 | By Clockwork 2. Two-Factor Authentication - Clockwork SMS URL:...

4.3CVSS0.00951EPSS
Exploits2References1
wpexploit
wpexploit
added 2015/07/07 12:0 a.m.40 views

NewStatPress <= 1.0.4 - SQL Injection

The Search functionality is susceptible to a SQL Injection attack due to usage of user input without sanitation. In particular, at line 98 of 'includes/nspsearch.php'. Utilising a specially crafted SQL query, we can trigger disclosure of user hashes through an IMG tag as the data channel. The...

7.5CVSS0.2AI score0.01815EPSS
Exploits1References1
wpexploit
wpexploit
added 2015/04/29 12:0 a.m.40 views

White Label CMS <= 1.5.2 - Stored XSS

Due to a lack of CSRF protection, and lack of sanitation of user input, it is possible to trigger a Persistent XSS attack via a CSRF attack. This attack targets in particular the Import functionality, which is located in the 'wlcmsImport' function, within the file...

0.3AI score
Exploits0References1
wpexploit
wpexploit
added 2020/10/30 12:0 a.m.39 views

SW Ajax WooCommerce Search < 1.2.8 - Unauthenticated Reflected XSS & XFS

An Unauthenticated Reflected XSS & XFS vulnerabilities were discovered in the SW Ajax WooCommerce Search plugin v1.2.6 for WordPress. The plugin comes with a number of commercial themes such as: OneMall, Revo, eMarket, Autusin, Market, MaxShop, ShoppyStore, Furnicom, EtroStore, HiTheme, StyleShop...

6.7AI score
Exploits0References2
wpexploit
wpexploit
added 2019/09/16 12:0 a.m.39 views

InJob < 3.3.8 - Reflected & Persistent XSS

Multiple XSS vulnerabilities have been founded in the 'InJob | Multi-purpose for recruitment WordPress Theme' theme v3.3.6. Edit WPScanTeam: September 16th, 2019 - Envato Contacted September 16th, 2019 - v3.3.7 released. XSS still present October 11th, 2019 - Envato contacted again for updates...

Exploits0References1
wpexploit
wpexploit
added 2020/07/12 12:0 a.m.38 views

Form Maker by 10Web < 1.13.40 - Authenticated Reflected XSS

The 'Form Maker by 10Web' WordPress plugin is vulnerable to XSS in the 'blockedipsfm' page. A logged-in site administrator who follows a crafted link will trigger arbitrary JavaScript code to be run in their browser in the context of their privileged account on the WordPress site...

1.3AI score
Exploits0References1
wpexploit
wpexploit
added 2020/01/15 12:0 a.m.38 views

LearnDash < 3.1.2 - Reflected Cross Site Scripting (XSS) issue on the [ld_profile] search field.

Reflected Cross Site Scripting XSS issue on the ldprofile search field. First reported to Learndash on January 14, 2020, and update 3.1.2 to fix it was released same day. This report is based on an email LearnDash sent out to their users on January 14, 2020. From the Original Researcher Jinson...

4.3CVSS0.03458EPSS
Exploits6References3
wpexploit
wpexploit
added 2018/06/22 12:0 a.m.38 views

iThemes Security <= 7.0.2 - Authenticated SQL Injection

The iThemes Security better-wp-security plugin before 7.0.3 for WordPress allows SQL Injection by attackers with Admin privileges via the logs page. Vulnerability description: iThemes Security appears to be vulnerable to time-based SQL-Injection. Parameter orderby is vulnerable because backend...

6.5CVSS1.5AI score0.30118EPSS
Exploits4References1
wpexploit
wpexploit
added 2017/04/12 12:0 a.m.38 views

Multiple BestWebSoft Plugins - Authenticated Cross-Site Scripting (XSS)

http://www.example.com/wp-admin/admin.php?page=bwspanel&category=%22%3E%3C%2Fscript%3E%3Cscript%3Ealert%2842%29%3C%2Fscript%3E...

4.3CVSS1.4AI score0.01757EPSS
Exploits1References2
wpexploit
wpexploit
added 2016/08/23 12:0 a.m.38 views

Mail Masta 1.0 - Unauthenticated Local File Inclusion (LFI)

Plugin is still affected and has been closed http://example.com/wp-content/plugins/mail-masta/inc/campaign/countofsend.php?pl=/etc/passwd...

5CVSS2.2AI score0.10582EPSS
Exploits2References2
wpexploit
wpexploit
added 2020/06/25 12:0 a.m.37 views

Coming Soon Page, Under Construction & Maintenance Mode by SeedProd < 5.1.2 - Authenticated Stored Cross Site Scripting (XSS)

Authenticated stored cross-site scripting issues in some of the plugin settings, requiring high privileges. Affected fields are in the settings of the plugin and will be triggered when the common soon page is displayed either the preview or normal one: Logo: x' onerror='alert/XSS/ Headlines:...

3.5CVSS0.3AI score0.03757EPSS
Exploits5References3
wpexploit
wpexploit
added 2020/05/28 12:0 a.m.37 views

Page Builder: PageLayer - Drag and Drop website builder < 1.1.2 - CSRF leading to XSS

A flaw allowed attackers to forge a request on behalf of a site’s administrator to modify the settings of the plugin which could allow for malicious Javascript injection...

6.8CVSS0.5AI score0.00773EPSS
Exploits2References1
wpexploit
wpexploit
added 2020/01/24 12:0 a.m.37 views

wpCentral < 1.4.8 - Privilege Escalation

There’s a vulnerability that allows anyone who is logged in with any user role to escalate their privilege, or alter/upload any file, or adjust any plugin and interact with the site in many other ways. In wpcentral.php, AJAX actions are registered. However, it's only checking whether or not the...

0.6AI score
Exploits0References1
wpexploit
wpexploit
added 2019/09/05 12:0 a.m.37 views

Advanced Access Manager < 5.9.9 - Arbitrary File Access/Download

Advanced Access Manager before Version 5.9.9 allows reading arbitrary files without checking whether a user is allowed to read the given file. This way one can download the wp-config.php file and get access to the database, which is publicly reachable on many servers...

4AI score
Exploits0
wpexploit
wpexploit
added 2019/05/06 12:0 a.m.37 views

W3 Total Cache <= 0.9.7.3 - Blind SSRF and RCE via phar

The implementation of opcacheflushfile calls fileexists with a parameter fully controlled by the user. curl 'http://x.x.x.x/wp-content/plugins/w3-total-cache/pub/opcache.php' --data 'nonce=974ca6ad15021a6668e7ae02e1be551c&command=flushfile&file=ftp://y.y.y.y:zzzz/' Note: The nonce value is given ...

1.6AI score
Exploits0References1
wpexploit
wpexploit
added 2015/07/07 12:0 a.m.37 views

NewStatPress <= 1.0.4 - Reflected Cross-Site Scripting (XSS)

The NewStatPress plugin utilizes on lines 28 and 31 of the file ‘includes/nspsearch.php’ several variables from the $GET scope, without sanitation. While WordPress automatically escapes quotes on this scope, the outputs on these lines are outside of quotes, and as such can be utilized to trigger ...

4.3CVSS0.5AI score0.01879EPSS
Exploits1References1
wpexploit
wpexploit
added 2014/11/20 7:52 p.m.37 views

WordPress 3.0-3.9.2 - Unauthenticated Stored Cross-Site Scripting (XSS)

" onmouseover="alert'hello';"...

4.3CVSS1AI score0.04978EPSS
Exploits1References3
wpexploit
wpexploit
added 2020/11/25 12:0 a.m.36 views

WPJobBoard < 5.7.0 - Unauthenticated Reflected XSS & XFS

Unauthenticated Reflected XSS & XFS vulnerabilities were discovered in the WPJobBoard plugin v5.6.4 for WordPress. Vulnerable parameters: query, location. Payloads: " " PoC Unauthenticated Reflected XSS:...

0.9AI score
Exploits0References1
wpexploit
wpexploit
added 2020/08/03 12:0 a.m.36 views

Product Input Fields for WooCommerce < 1.2.7 - Unauthenticated File Download

The lack of authorisation checks in the handledownloads function, hooked to admininit could allow unauthenticated users to download arbitrary files from the blog using a path traversal payload. /wp-admin/admin-post.php?algwcpifdownloadfile=../../../../../wp-config.php...

3.5AI score
Exploits0References1
wpexploit
wpexploit
added 2020/07/10 12:0 a.m.36 views

SRS Simple Hits Counter <= 1.0.4 - Unauthenticated Blind SQL Injection

Alex Peña from Tenable discovered a blind SQL injection which could allow unauthenticated remote attackers to retrieve data from the DBMS. Note: The vendor attempted a fix in v1.0.4, which is incomplete. The PoC will be displayed once the issue has been remediated...

5CVSS2.4AI score0.06052EPSS
Exploits3References1
wpexploit
wpexploit
added 2020/05/13 12:0 a.m.36 views

Easy Testimonials < 3.6 - Authenticated Stored Cross-Site Scripting (XSS)

Multiple cross-site scripting vulnerabilities in Easy Testimonials 3.5.2 and lower allow remote attackers to inject arbitrary web script or HTML via the Client Name, Position / Web Address / Other, Location Reviewed / Product Reviewed / Item Reviewed, Rating parameter. Successful exploitation of...

3.5CVSS0.2AI score0.00892EPSS
Exploits2
wpexploit
wpexploit
added 2020/02/04 12:0 a.m.36 views

Tutor LMS < 1.5.3 - Cross-Site Request Forgery (CSRF)

Tutor LMS WordPress plugin is vulnerable to Cross-Site Request Forgery CSRF attacks. As the requests for the approval and blocking of instructors are sent using the GET method, the CSRF attack to approve an attacker-controlled instructor account can be performed by having the admin visit...

2.6CVSS0.9AI score0.0883EPSS
Exploits6References2
wpexploit
wpexploit
added 2019/07/01 12:0 a.m.36 views

Server Status by Hostname/IP <= 4.6 - Authenticated SQL Injection

The last time it was checked the plugin was still affected and had been closed. http://www.example.com/wp-admin/admin.php?page=all-servers&id=2+UNION+SELECT+1%2C2%2C3%2C%40%40version+&action=edit...

6.5CVSS2.3AI score0.01733EPSS
Exploits2References1
wpexploit
wpexploit
added 2019/02/26 12:0 a.m.36 views

Ultimate Membership Pro <= 7.5 - Arbitrary media upload

The ajax-upload.php endpoint doesn't check for the current user's capabilities or that they are even logged in, so we can do a few things we shouldn't be able to do: Without any credentials, you can simply POST the image file in the field ihcfile and it'll store it for you: $ curl -F...

0.6AI score
Exploits0References2
wpexploit
wpexploit
added 2017/05/11 12:0 a.m.36 views

Delightful Downloads <= 1.6.6 - Unauthenticated Path Traversal

Since no authentication or authorisation checks for direct access to the jqueryFileTree.php are made, the vulnerability allows for browsing the file system on a host out of an unauthenticated context. Even though no file content can be exfiltrated this way, "hidden" files e.g. in the web...

5CVSS0.6AI score0.57608EPSS
Exploits7References1
wpexploit
wpexploit
added 2016/01/06 12:0 a.m.36 views

WordPress 3.7-4.4 - Authenticated Cross-Site Scripting (XSS)

http://www.example.com/wp-admin/customize.php?theme= source: https://twitter.com/brutelogic/status/685105483397619713...

4.3CVSS1AI score0.02694EPSS
Exploits2References2
wpexploit
wpexploit
added 2020/07/21 12:0 a.m.35 views

Elementor < 2.9.14 - Authenticated Stored Cross-Site Scripting

The template name is not properly sanitised when output back, leading to a stored XSS issue. Go to templates tab, click on "add new', and select page or section Then add XSS payload such as " on "name your template" field and hit create template...

3.5CVSS0.4AI score0.00691EPSS
Exploits2References1
wpexploit
wpexploit
added 2020/06/17 12:0 a.m.35 views

Testimonial Rotator < 3.0.3 - Authenticated Stored Cross-Site Scripting (XSS)

A Stored XSS vulnerability has been found in the 'Author Information' textarea in testimonials from the plugin, which could allow an authenticated medium-privileged user contributor+ to inject arbitrary JavaScript. The XSS will be triggered for anyone visiting public posts or testimonial page...

3.5CVSS5.3AI score0.00708EPSS
Exploits2
wpexploit
wpexploit
added 2020/05/04 12:0 a.m.35 views

Advanced Order Export For WooCommerce < 3.1.4 - Authenticated Cross-Site Scripting (XSS)

The Advanced Order Export plugin for WooCommerce versions 3.1.4 had a reflected XSS vulnerability due to lack of input sanitization on the woeposttype parameter. This allowed arbitrary HTML and JavaScript injection and execution in the context of the logged in user. On a WooCommerce installation...

4.3CVSS6.1AI score0.01955EPSS
Exploits4References2
wpexploit
wpexploit
added 2017/12/05 12:0 a.m.35 views

Smart Marketing SMS and Newsletters Forms <= 1.1.1 - Unauthenticated Cross-Site Scripting (XSS)

The Smart Marketing SMS and Newsletters Forms WordPress plugin was affected by an Unauthenticated Cross-Site Scripting XSS security vulnerability. POST /wordpress/wp-content/plugins/smart-marketing-for-wp/admin/partials/custom/egoi-for-wp-formegoi.php HTTP/1.1 Host: 127.0.0.1 Content-Type:...

4.3CVSS1.7AI score0.01374EPSS
Exploits2References1
Total number of security vulnerabilities4359