Lucene search
K
WpexploitMost viewed

4359 matches found

wpexploit
wpexploit
added 2015/09/15 12:0 a.m.35 views

WordPress <= 4.3 - Authenticated Shortcode Tags Cross-Site Scripting (XSS)

The following payload placed in a page or post does not work in comments: TEST!!!caption width="1" caption='Click me...

4.3CVSS0.5AI score0.06389EPSS
Exploits2References3
wpexploit
wpexploit
added 2020/08/31 12:0 a.m.34 views

Recall Products <= 0.8 - Authenticated SQL Injection

The Manufacturer POST parameter is vulnerable to SQL injection when submitting a deletion request. The PoC will be displayed once the issue has been remediated...

6.5CVSS1.5AI score0.01928EPSS
Exploits2References1
wpexploit
wpexploit
added 2020/07/12 12:0 a.m.34 views

WP-Live Chat by 3CX < 8.2.0 - Authenticated Stored Cross-Site Scripting

There is a Stored Cross-Site Scripting XSS in WP-Live Chat by 3CX v. 8.1.9 By 3CX within the Quick Response function. Due to the nature of this vulnerability, a malicious attack with access to a WordPress multisite and permissions to this plugin can craft a malformed JavaScript payload...

1.2AI score
Exploits0References1
wpexploit
wpexploit
added 2020/07/10 12:0 a.m.34 views

InJob < 3.4.1 - Authenticated Reflected Cross-Site Scripting (XSS)

An Authenticated subscriber+ Reflected XSS vulnerability was discovered in the InJob theme through 3.4.0 for WordPress. https://example.com/dashboard/?iwjtab=%22%3E%3Cimg%20src=x%20onerror=alertXSS;%3E...

1.7AI score
Exploits0References2
wpexploit
wpexploit
added 2020/02/10 12:0 a.m.34 views

Participants Database < 1.9.5.6 - Authenticated Time Based SQL Injection

Authenticated time-based SQL injection via the ascdesc, listfiltercount, and sortBy parameters. Form the original advisory see references: POST /wp-admin/admin.php?page=participants-database HTTP/1.1 Host: redacted....cause User-Agent: Mozilla/5.0 X11; Linux x8664; rv:68.0 Gecko/20100101...

6CVSS1.6AI score0.01624EPSS
Exploits1References1
wpexploit
wpexploit
added 2020/01/13 12:0 a.m.34 views

Travel Booking < 2.7.8.6 - Reflected & Persistent XSS Issues

Reflected & Persistent XSS vulnerability was discovered in the 'Travel Booking WordPress Theme', tested version — v2.7.8.5 Edit WPScanTeam: January 11th, 2020 - Report received & Envato contacted January 12th, 2020 - Report updated with Reflected XSS, Envato notified again. January 12th, 2020 -...

0.1AI score
Exploits0References2
wpexploit
wpexploit
added 2019/02/05 12:0 a.m.34 views

Quiz And Survey Master < 6.2.2 - Authenticated Cross-Site Scripting (XSS)

The Quiz And Survey Master – Best Quiz, Exam and Survey Plugin for WordPress WordPress plugin was affected by an Authenticated Cross-Site Scripting XSS security vulnerability. http://example.com/wp-admin/admin.php?page=mlwquizresults&quizid=%27%22%3E%3Cimg+src%3Dx+onerror%3Dalert%281%29%3E...

4.3CVSS1.6AI score0.01608EPSS
Exploits2References2
wpexploit
wpexploit
added 2018/06/27 12:0 a.m.34 views

Open Graph for Facebook, Google+ and Twitter Card Tags <= 2.2.4.1 - Unauthenticated Cross-Site Scripting (XSS)

The Open Graph and Twitter Card Tags WordPress plugin was affected by an Unauthenticated Cross-Site Scripting XSS security vulnerability...

1.2AI score
Exploits0References2
wpexploit
wpexploit
added 2015/06/18 12:0 a.m.34 views

Erident Custom Login & Dashboard 3.4-3.4.1 - Stored Cross-Site Scripting (XSS)

The Erident Custom Login and Dashboard plugin exposes a call to the updateoption method, when a specific POST field is posted to the plugins setting screen. No CSRF token is used, and as such if an Administrative user can be tricked into visiting a site with a malicious form, it is possible to...

6.8CVSS0.1AI score0.00674EPSS
Exploits1References1
wpexploit
wpexploit
added 2015/01/28 12:0 a.m.34 views

Photo Gallery <= 1.2.8 - Multiple Authenticated Reflected XSS

The Photo Gallery by 10Web – Mobile-Friendly Image Gallery WordPress plugin was affected by a Multiple Authenticated Reflected XSS security vulnerability. /wp-admin/admin-ajax.php?action=addImages&width=700&height=550&extensions=jpg,jpeg,png,gif&callback=bwgaddpreviewimage&sortby=name";alert1...

3.5CVSS1.8AI score0.02331EPSS
Exploits4References1
wpexploit
wpexploit
added 2014/04/25 12:0 a.m.34 views

Import Legacy Media <= 0.1 - Unauthenticated Reflected Cross-Site Scripting (XSS)

The last time it was checked the plugin was still affected and had been closed. http://www.example.com/wp-content/plugins/import–legacy–media/getid3/demos/demo.mimeonly.php?filename=filename%27%3E%3Cscript%3Ealert%28document.cookie%29%3C/script%3E...

4.3CVSS1.4AI score0.03983EPSS
Exploits2References1
wpexploit
wpexploit
added 2020/08/31 12:0 a.m.33 views

WP Floating Menu < 1.4.1 - Authenticated Reflected Cross-Site Scripting

The id GET parameter used by WP Floating menu does not correctly sanitise user input before reflecting the parameter back to the user, resulting in a reflected XSS vulnerability. Other sanitisation have been added to prevent other XSS issues as well as potential SQL injections...

4.3CVSS1.1AI score0.00934EPSS
Exploits2References2
wpexploit
wpexploit
added 2020/08/17 12:0 a.m.33 views

Geo Magazine <= 2.0 - Unauthenticated Reflected XSS

An Unauthenticated Reflected XSS vulnerability was discovered in the Geo Magazine theme through 2.0 for WordPress. Edit WPScanTeam: July 27th, 2020 - Confirmed & Escalated to Envato July 28th, 2020 - Envato Investigating August 17th, 2020 - No updates, disclosing The PoC will be displayed once th...

0.8AI score
Exploits0References2
wpexploit
wpexploit
added 2020/06/22 12:0 a.m.33 views

WP-Pro-Quiz <= 0.37 - CSRF Leading to Arbitrary Quiz Deletion

Abusing this Cross-Site Request Forgery CSRF issue, an unauthenticated attacker could make a logged in admin delete any quiz on vulnerable website. The PoC will be displayed once the issue has been remediated...

1.8AI score
Exploits0References1
wpexploit
wpexploit
added 2020/05/04 12:0 a.m.34 views

wpForo < 1.7.0 - New Users Set as Admin via CSRF

The plugin did not have CSRF in place in a page, allowing attacker to make a logged in admin set all new users as admins directly https://example.com/wp-admin/admin.php?page=wpforo-usergroups&default=1...

6.8CVSS3.5AI score0.0071EPSS
Exploits2References1
wpexploit
wpexploit
added 2020/01/11 12:0 a.m.33 views

Houzez < 1.8.4 - Unauthenticated Cross-Site Scripting (XSS)

Two Reflected XSS vulnerability were discovered in the «Houzez - Real Estate WordPress Theme», tested version — v1.8.3.1 Edit WPScanTeam: January 11th, 2020 - Report received & Envato Contacted January 12th, 2020 - Envato Investigating January 27th, 2020 - v1.8.4 released, fixing the issue. -Demo...

0.2AI score
Exploits0References2
wpexploit
wpexploit
added 2017/10/11 12:0 a.m.33 views

Qards - Server Side Request Forgery (SSRF)

Google Dork: inurl:"plugins/qards" Qards provides you easy option to drag and edit every part and element of your site in the front-end, you will never have to write any code to change the layout or to change any part of the site like the traditional WordPress way. The vulnerable script...

Exploits0References2
wpexploit
wpexploit
added 2015/07/05 12:0 a.m.33 views

WP e-Commerce Shop Styling <= 2.5 - Local File Inclusion

The code in ./wp-ecommerce-shop-styling/includes/download.php does not sanitise user input to prevent sensitive system files from being downloaded. You'll have to rename the download file via mv -- -..-..-..-..-..-..-..-..-etc-passwd passwd as the filename is set to the download filename with pat...

5CVSS0.7AI score0.24093EPSS
Exploits2References5
wpexploit
wpexploit
added 2021/05/03 12:0 a.m.32 views

Activity Log < 2.7.0 - Authenticated SQL Injection

The plugin was vulnerable to SQL Injection in the order column of the past events table. time curl 'http://www.example.com/wp-admin/admin.php?page=activitylogpage&orderby=histtime%20AND%20SLEEP%280%29' -H 'Cookie: ...'...

2.2AI score
Exploits0References1
wpexploit
wpexploit
added 2020/10/22 12:0 a.m.32 views

CM Download Manager < 2.8.0 - Authenticated Cross-Site Scripting

The plugin does not properly validate and sanitise the uploaded filename, which could result in a Cross-Site Scripting issue. Vulnerable page - 'cmdownload/add/' Vulnerable parameter - 'filename' in 'Content-Disposition' Header POST /cmdownload/add/ HTTP/1.1 Host: localhost:8081 User-Agent:...

4.3CVSS0.1AI score0.00999EPSS
Exploits2References1
wpexploit
wpexploit
added 2020/10/14 12:0 a.m.32 views

Child Theme Creator by Orbisius < 1.5.2 - CSRF to Arbitrary File Modification/Creation

This flaw gave attackers the ability to forge requests on behalf of an administrator in order to modify arbitrary theme files and create new PHP files, which could allow an attacker to achieve remote code execution RCE on a vulnerable site’s server. The following will create hello.php in the...

6.8CVSS1.4AI score0.00765EPSS
Exploits2References1
wpexploit
wpexploit
added 2020/09/21 12:0 a.m.32 views

Drag and Drop Multiple File Upload – Contact Form 7 < 1.3.5.5 - Unauthenticated Remote Code Execution

The Drag and Drop Multiple File Upload – Contact Form 7 WordPress plugin was vulnerable to Remote Code Execution via file upload. The plugin used a blacklist of dangerous file extensions that it did not allow to be uploaded, however, the extensions .phar and .phpt were not within the blacklist,...

1.7AI score
Exploits1References2
wpexploit
wpexploit
added 2020/06/21 12:0 a.m.32 views

All in One Support Button < 1.8.8 - Authenticated Stored Cross-Site Scripting

The lack of CSRF and Capability checks on AJAX calls, such as arcontactussavemenuitem, could allow low-privilege users to perform stored XSS attacks. The payloads will then be triggered in frontend pages. The Vendor attempted a fix with v1.8.1, by adding capability and some sanitisation checks...

6.2AI score
Exploits0References1
wpexploit
wpexploit
added 2019/11/29 12:0 a.m.32 views

ListingPro < 2.0.14.5 - Reflected & Persistent Cross-Site Scripting

Reflected & Persistent XSS was discovered in the 'ListingPro - WordPress Directory Theme'. Current version is 2.0.14.2 August 9th 2019. Edit WPScanTeam: November 29th, 2019 - Envato Informed November 29th, 2019 - Envato Investigating December 4th, 2019 - v2.0.14.3 Released, fixing the reflected X...

4.3CVSS0.00934EPSS
Exploits4References1
wpexploit
wpexploit
added 2019/11/05 12:0 a.m.32 views

Tidio Live Chat <= 4.1.0 - CSRF to Stored XSS

A CSRF vulnerability in the Tidio Live Chat WordPress Plugin var xhr = new XMLHttpRequest; xhr.open"POST", "https://wordpress.local/wp-admin/admin-ajax.php?action=tidiochatsavekeys", true; xhr.setRequestHeader"Accept", "text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8";...

1.5AI score
Exploits0References2
wpexploit
wpexploit
added 2017/04/27 12:0 a.m.32 views

SiteBuilder Dynamic Components <= 1.0 - Unauthenticated PHP Object Injection

The plugin sitebuilder-dynamic-components insecurely trusts serialized data submitted over AJAX requests. This opens up the site to a PHP object injection vulnerability potential exploit vector. Attack is exploitable over AJAX calls sites with the sitebuilder-dynamic-components Plugin...

5CVSS1.3AI score0.01637EPSS
Exploits2References1
wpexploit
wpexploit
added 2020/11/22 12:0 a.m.31 views

WooCommerce Anti-Fraud <= 3.2 - Unauthenticated Order Status Manipulation

The WooCommerce Anti-Fraud WordPress plugin was affected by an issue where an unauthenticated user could change the order status of any order, as there were no checks when changing the order status. The orderid was also predictable. On an individual level, if you have already received your order,...

0.5AI score
Exploits0References2
wpexploit
wpexploit
added 2020/08/13 12:0 a.m.31 views

Nova Lite < 1.3.9 - Unauthenticated Reflected Cross-Site Scripting (XSS)

The theme did not properly sanitise the search query, leading to an unauthenticated reflected Cross-Site Scripting issue /?s=%3Cimg%20src%20onerror=alert/XSS/%3E...

4.3CVSS1.9AI score0.02873EPSS
Exploits1
wpexploit
wpexploit
added 2020/04/28 12:0 a.m.31 views

LearnPress < 3.2.6.9 - Privilege Escalation to "LP Instructor"

The LearnPress plugin through 3.2.6.8 for WordPress allows remote attackers to escalate the privileges of any user to LP Instructor via the accept-to-be-teacher action parameter. The "LP Instructor" role grants the "unfilteredhtml" capability, allowing an escalated user to insert posts containing...

1.7AI score0.03209EPSS
Exploits5References1
wpexploit
wpexploit
added 2020/04/04 12:0 a.m.31 views

Online Hotel Booking System Pro <= 1.1 - Unauthenticated Stored Cross-Site Scripting (XSS)

An unauthenticated user can inject malicious JavaScript via the booking form, specifically in the new user details.. The XSS payload is then executed when an authenticated administrator user views the booking on the Customer-booking page. Inject XSS via most fields in the booking form, which will...

4.3CVSS0.7AI score0.01167EPSS
Exploits2References2
wpexploit
wpexploit
added 2020/01/08 12:0 a.m.31 views

Minimal Coming Soon & Maintenance Mode < 2.15 - Insecure Permissions: Enable and Disable Maintenance Mode

There was a flaw that allowed any authenticated user with subscriber permissions or above the ability to enable and disable maintenance mode on a vulnerable site by sending a simple request. Login as a user with subscriber or above permissions and send the following request to enable maintenance...

6.5CVSS0.5AI score0.01953EPSS
Exploits2References1
wpexploit
wpexploit
added 2017/09/06 12:0 a.m.31 views

Participants Database <= 1.7.5.9 - Cross-Site Scripting

Cross site scripting XSS vulnerability in the Wordpress Participants Database plugin 1.7.59 allows attackers to inject arbitrary javascript via the Name parameter. curl -k -F action=signup -F subsource=participants-database -F shortcodepage=/?pageid=1 -F thankspage=/?pageid=1 -F instanceindex=2 -...

4.3CVSS2.1AI score0.02302EPSS
Exploits4References1
wpexploit
wpexploit
added 2015/08/31 12:0 a.m.31 views

Thumbnail Carousel Slider < 1.0.1 - Authenticated Shell Upload & CSRF

The original advisory states that this vulnerability is exploitable with editor and author roles but this is incorrect. Only the administrator role by default can trigger this vulnerability. However, CSRF on the image upload form makes this exploitable by a malicious actor. Create a file named...

0.4AI score
Exploits0References1
wpexploit
wpexploit
added 2020/10/22 12:0 a.m.30 views

Advanced Booking Calendar < 1.6.2 - Unauthenticated SQL Injection

The AJAX action abcbookinggetBookingResult, available to both authenticated and Unauthenticated users did not sanitise the calendarId parameter which was then concatenated to a SQL statement, leading an unauthenticated SQL injection issue. This could be used to retrieve information from the...

2AI score
Exploits0References1
wpexploit
wpexploit
added 2020/10/08 12:0 a.m.30 views

Dynamic Content for Elementor < 1.9.6 - Authenticated RCE

The PHP Raw Widget https://www.dynamic.ooo/widget/php-raw/ of the Dynamic Content for Elementor plugin before 1.9.6 did not properly check for user permissions, allowing accounts with a role as low as editor to perform RCE attacks. POST /wp-admin/admin-ajax.php HTTP/1.1 Host: example.com...

9CVSS8.9AI score0.05648EPSS
Exploits2References1
wpexploit
wpexploit
added 2020/08/19 12:0 a.m.30 views

Elegant Testimonial <= 1.1.6 - Multiple Authenticated Stored Cross-Site Scripting

The name, company and text fields used while adding a testimonial to a page was found to be vulnerable to stored XSS, as they did not sanitize user given input properly before publishing the post. It is triggered when a user loads a page where the plugin shortcode is used. All WordPress websites...

0.5AI score
Exploits0References2
wpexploit
wpexploit
added 2020/07/09 12:0 a.m.30 views

Travel Booking < 2.8.4 - Unauthenticated SQL Injection

Unauthenticated SQL Injection via the locationid parameter sqlmap --url="https://example.com/search-rental-full-map/?locationid=1" -dbs --random-agent --time-sec=8 03:13:37 INFO resuming back-end DBMS 'mysql' sqlmap resumed the following injection points from stored session: --- Parameter:...

1.6AI score
Exploits0References3
wpexploit
wpexploit
added 2020/04/22 12:0 a.m.30 views

Catch Breadcrumb < 1.5.7 - Unauthenticated Reflected XSS

=== DESCRIPTION - REFLECTED XSS ======================================== Catch Breadcrumb 1.5.4 plugin for WordPress allow Reflected XSS via a search query when used with one of the theme from the same author: Alchemist & Alchemist PRO, Izabel & Izabel PRO, Chique & Chique PRO, Clean Enterprise &...

4.3CVSS6.2AI score0.03611EPSS
Exploits2References2
wpexploit
wpexploit
added 2020/02/25 12:0 a.m.30 views

Pricing Table by Supsystic < 1.8.2 - Insecure Permissions on AJAX Actions

An issue was discovered in the pricing-table-by-supsystic plugin before 1.8.2 for WordPress. Because there is no permission check on the ImportJSONTable, createFromTpl, and getJSONExportTable endpoints, unauthenticated users can retrieve pricing table information, create new tables, or...

7.5CVSS1.8AI score0.01677EPSS
Exploits2References1
wpexploit
wpexploit
added 2020/02/01 12:0 a.m.30 views

Htaccess by BestWebSoft < 1.8.2 - CSRF to edit .htaccess

The Htaccess by BestWebSoft WordPress plugin was affected by a CSRF to edit .htaccess security vulnerability...

6.8CVSS0.6AI score0.09918EPSS
Exploits2References1
wpexploit
wpexploit
added 2019/10/08 12:0 a.m.30 views

All In One WP Security & Firewall <= 4.4.1 - Open Redirect & Hidden Login Page Exposure

The All In One WP Security & Firewall plugin suffers from open redirect and exposure of the actual URL of the "hidden login page" feature. Edit WPScanTeam October 3rd, 2019 - Email sent to dev via https://wpsolutions-hq.com/contact/ October 8th - Dev ACK & investigating it October 8th - v4.4.2...

7.3AI score
Exploits0
wpexploit
wpexploit
added 2019/09/08 12:0 a.m.30 views

Reality < 2.4.0 - Multiple Persistent XSS

----- Persistent XSS on any property page: ----- Vulnerable input fields: 1 - Description & Price - 'PRICE POSTFIX TEXT' and 'SECOND PRICE POSTFIX TEXT'; 2 - Additional Information - 'TITLE' and 'VALUE'; 3 - Location & Map - 'ADDRESS '. Payload Sample: ----- Persistent XSS on user profile page:...

6.5AI score
Exploits0References1
wpexploit
wpexploit
added 2019/06/13 12:0 a.m.30 views

WP-Members <= 3.2.7 - Cross-Site Request Forgery (CSRF)

No CSRF Protection on Add new Fields. Can also Edit and Delete fields the same way. 1.Download csrfwp-members.html 2.Change URL in html file.FORM ACTION. 3.Submit Request. Video POC : https://drive.google.com/file/d/1TuJK0NjxznjTDmoJF5wbGu2vMAXXikw/view?usp=sharing HTMLFILE :...

6.8CVSS0.8AI score0.0068EPSS
Exploits1References1
wpexploit
wpexploit
added 2019/02/05 12:0 a.m.30 views

Contact Form Email <= 1.2.65 - Multiple Cross-Site Scripting (XSS) & CSRF

The Contact Form Email WordPress plugin was affected by a Multiple Cross-Site Scripting XSS & CSRF security vulnerability. http://www.example.com/wp-admin/admin.php?page=cpcontactformtoemail&edit=1&cal=1&item='"...

6.8CVSS1.7AI score0.01389EPSS
Exploits2References2
wpexploit
wpexploit
added 2017/09/26 12:0 a.m.30 views

Content Timeline <= 4.4.2 - Multiple Blind SQL Injection

Multiple Blind SQL injections in the premium 'Content Timeline' Plugin. One unauthenticated and two authenticated injections. Contacted the author twice without any response. History: 09-16-2017 Contacted the author 09-16-2017 Requested CVE-ID 09-18-2017 CVE-ID Received 09-18-2017 Contacted the...

7.5CVSS0.3AI score0.05248EPSS
Exploits4References2
wpexploit
wpexploit
added 2016/12/08 12:0 a.m.30 views

WooCommerce Email Test 1.5 - Order Information Disclosure

When this plugin is installed, any anonymous user can open this url https://www.domainname.de/?woocommerceemailtest=WCEmailCustomerCompletedOrder ..which shows the last most recent order along with all customer details, email address and cart content. This is a severe security/data privacy breach...

7.2AI score
Exploits0References1
wpexploit
wpexploit
added 2015/07/10 12:0 a.m.30 views

IBS Mappro <= 0.6 - Directory Traversal

The ibs-mappro WordPress plugin was affected by a Directory Traversal security vulnerability. http://www.example.com/wp-content/plugins/ibs-mappro/lib/download.php?file=/etc/passwd...

7.8CVSS2.8AI score0.03263EPSS
Exploits2References2
wpexploit
wpexploit
added 2020/10/29 12:0 a.m.29 views

Greenmart < 2.5.2 - Unauthenticated Reflected Cross-Site Scripting (XSS)

Due to an incomplete fix of CVE-2020-16140 see https://wpscan.com/vulnerability/10444, the reflected XSS attack is still possible on unauthenticated users, by extracting the searchnonce from the source of the homepage and adding it to the original payload. This is possible because WP nonces are...

6.4AI score0.00923EPSS
Exploits3References1
wpexploit
wpexploit
added 2020/10/28 12:0 a.m.29 views

Greenmart < 2.4.3 - Reflected Cross-Site Scripting (XSS)

The greenmartautocompletesearch AJAX action, available to both authenticated and unauthenticated users does not properly sanitise the callback parameter passed to it, resulting in a reflected Cross-Site Scripting issue. Edit WPScanTeam: The vendor 'fixed' the issue for authenticated users by addi...

4.3CVSS1.3AI score0.00923EPSS
Exploits3References2
wpexploit
wpexploit
added 2020/08/22 12:0 a.m.29 views

RSVPMaker < 7.8.2 - Unauthenticated SQL Injection

The plugin does not sanitise user input before using it in a SQL statement in the signedupajax AJAX action. Note: Even though the reported SQL Injection was fixed in v7.8.2, other additional sanitisation was implemented in v7.8.3 to 7.8.6. sqlmap -u "https://localhost/?action=signedup&eventcount=...

1.6AI score
Exploits0References1
Total number of security vulnerabilities4359