Lucene search
K
WpexploitMost viewed

4359 matches found

wpexploit
wpexploit
added 2020/05/04 12:0 a.m.29 views

wpForo < 1.7.0 - Reflected Cross-Site Scripting (XSS) via langid Parameter

The plugin did not escape, validate or escape the 'langid' GET parameter before outputting back in the page, leading to a reflected Cross-Site Scripting issue which will be executed in the context of a logged in admin...

4.3CVSS1AI score0.00934EPSS
Exploits2References1
wpexploit
wpexploit
added 2020/04/07 12:0 a.m.29 views

WP Lead Plus X < 0.99 - Authenticated Stored Cross-Site Scripting (XSS)

WP Lead Plus X is a WordPress plugin that allows site owners to create custom landing and "squeeze" pages, complete with its own page builder interface capable of inserting custom JavaScript. Unfortunately, this page builder interface also relied on an unprotected AJAX action core37lpsavepage whi...

3.5CVSS5.4AI score0.00784EPSS
Exploits2References1
wpexploit
wpexploit
added 2020/01/11 12:0 a.m.29 views

Video on Admin Dashboard < 1.1.4 - Authenticated Stored XSS

Video on Admin Dashboard is vulnerable to stored XSS. When a user has admin capabilities, malicious code can be submitted through the plugin's options. A user can insert a simple script in the Widget Title text field, e.g. "alert'XSS';. Every specified user role by the plugin will now be targeted...

0.6AI score
Exploits0References1
wpexploit
wpexploit
added 2019/09/07 12:0 a.m.29 views

Ellipsis Human Presence Technology <= 2.0.8 - Unauthenticated Reflected Cross Site Scripting (XSS)

The 'page' GET parameter of the inc/protected-forms-table.php file was affected by a reflected XSS vulnerability. http://www.example.com/wp-content/plugins/ellipsis-human-presence-technology/inc/protected-forms-table.php?&page="%20alert"XSS"...

0.4AI score
Exploits0References2
wpexploit
wpexploit
added 2017/11/08 12:0 a.m.29 views

Ultimate Instagram Feed <= 1.3 - Authenticated Cross-Site Scripting (XSS)

Author: OmarK The vulnerability lies in the "accesstoken" parameter and can cause reflected XSS vulnerability. The issue is on the file ultimate-instagram-feed/admin/partials/uif-access-token-display.php line 19: the vulnerable code is the following: echo $GET'accesstoken'; There is an echo of th...

3.5CVSS5.1AI score0.01028EPSS
Exploits2References2
wpexploit
wpexploit
added 2017/09/21 12:0 a.m.29 views

Student Result or Employee Database <= 1.6.3 - Auth Bypass

The Student Result or Employee Database WordPress plugin was affected by an Auth Bypass security vulnerability. curl -i -s -k -X 'POST' -H 'User-Agent: Mozilla/5.0' -H 'Content-Type: application/x-www-form-urlencoded; charset=UTF-8' -H 'X-Requested-With: XMLHttpRequest' -H 'Referer:...

6.4CVSS1.3AI score0.01801EPSS
Exploits2References2
wpexploit
wpexploit
added 2017/02/18 12:0 a.m.29 views

Mail Masta 1.0 - Multiple SQL Injection

Multiple SQL Injection vulnerabilities in Mail Masta Plugin version 1.0 for WordPress. The plugin is still affected and has been closed. Please refer to: https://github.com/hamkovic/Mail-Masta-Wordpress-Plugin...

7.5CVSS2.5AI score0.05643EPSS
Exploits19References2
wpexploit
wpexploit
added 2016/07/18 12:0 a.m.29 views

Dwnldr 1.0 - Unauthenticated Stored Cross-Site Scripting (XSS)

User agent strings are logged when requesting downloads that are processed by dwnldr and displayed back to the admin with no encoding, allowing for scripts to be stored and executed. curl -A "User-Agent: alertdocument.cookie;" -O http:///?attachmentid=...

4.3CVSS0.4AI score0.0102EPSS
Exploits2References1
wpexploit
wpexploit
added 2015/06/12 12:0 a.m.29 views

Yoast SEO <= 2.1.1 - Authenticated Stored DOM XSS

The "snippet preview" functionality of the Yoast WordPress SEO plugin was susceptible to cross-site scripting in versions before 2.2. Vulnerable URL: /wp-admin/post-new.php?posttitle= Vulnerable Code wordpress-seo/js/wp-seo-metabox.js: function ystcleanstr if str == '' || str == undefined return...

4.3CVSS0.5AI score0.03206EPSS
Exploits2References1
wpexploit
wpexploit
added 2014/11/20 12:0 a.m.29 views

CM Download Manager <= 2.0.0 - Unauthenticated Code Injection

The plugin does not validate and sanitise the CMDsearch parameter which used to create a custom function. This allows attacker to run arbitrary command on the remote server GET /cmdownloads/?CMDsearch=".phpinfo." HTTP/1.1 Host: example.com User-Agent: Mozilla/5.0 Windows NT 6.3; WOW64; rv:33.0...

10CVSS2.3AI score0.14804EPSS
Exploits6References3
wpexploit
wpexploit
added 2020/11/24 12:0 a.m.28 views

Media Library Assistant < 2.90 - Authenticated Blind SQL Injection

The Media Library Assistant WordPress plugin was affected by an authenticated admin+ blind SQL injection vulnerability when there is at least one Custom Field Rule set in the plugin's options. There need to be at least one Custom Field Rule in the plugin Custom Fields settings...

0.9AI score
Exploits0References1
wpexploit
wpexploit
added 2020/11/12 12:0 a.m.28 views

Love Travel 2.0-3.8 - Unauthenticated Reflected XSS & XFS

An Unauthenticated Reflected XSS & XFS vulnerabilities was discovered in the Love Travel theme for WordPress, affected versions: 2.0-3.8. Vulnerable parameters: keyword, datefrom, dateto, pricefromto, nicdarkpricefrom, nicdarkpriceto The PoC will be displayed once the issue has been remediated...

1.6AI score
Exploits0References2
wpexploit
wpexploit
added 2020/09/10 12:0 a.m.28 views

Email Subscribers & Newsletters < 4.5.6 - Unauthenticated email forgery/spoofing

It allows a remote unauthenticated attacker to send forged emails to all recipients from the available lists of contacts or subscribers, with complete control over the content and subject of the email. POST /wp-admin/admin-ajax.php HTTP/1.1 Host: example.com Content-Type:...

5CVSS2.4AI score0.01634EPSS
Exploits2References2
wpexploit
wpexploit
added 2020/08/10 12:0 a.m.28 views

RSS Feed Widget < 2.8.1 - Authenticated Cross-Site Scripting (XSS)

The RSS Feed Widget WordPress plugin version 2.8.0 and below was vulnerable to Authenticated Cross-Site Scripting XSS within the "t" GET parameter. http://www.example.com/wp-admin/admin.php?page=rfwoptions&t=1"alert"xss"...

4.3CVSS1.2AI score0.00866EPSS
Exploits2References2
wpexploit
wpexploit
added 2020/07/13 12:0 a.m.28 views

SendPress Newsletter < 1.20.7.13 - Authenticated Stored Cross-Site Scripting (XSS)

Multiple Stored Cross-Site Scripting within SendPress Newsletter Settings due to improper input sanitation. The vulnerable fields are: - From Name - From Email - Where to send Test Email https://www.dropbox.com/s/slnc6oj1ryssvuz/sendpress-xss.mp4?dl=0 Payloads - v alert1337/// - v 1.20.7.13: "...

0.1AI score
Exploits0References1
wpexploit
wpexploit
added 2020/04/07 12:0 a.m.28 views

WP Lead Plus X < 0.99 - Unauthenticated Stored Cross-Site Scripting (XSS)

One of the features available to users who have paid for a license key for WP Lead Plus X is the ability to create and use "template" pages, which can be imported as a starting point when creating new pages. Although this feature is not visible if the plugin does not have a license key, it was...

4.3CVSS6.3AI score0.01876EPSS
Exploits2References1
wpexploit
wpexploit
added 2019/09/28 12:0 a.m.28 views

Visualizer < 3.3.1 - Stored Cross-Site Scripting (XSS)

By abusing a lack of access controls on the /wp-json/visualizer/v1/update-chart WP-JSON API endpoint, an attacker can arbitrarily modify meta data of an existing chart, and inject a XSS payload to be stored and later executed when an admin goes to edit the chart. curl -i -s -k -X $'POST' \ -H...

4.3CVSS1.8AI score0.03342EPSS
Exploits2References1
wpexploit
wpexploit
added 2019/07/01 12:0 a.m.28 views

Newsletter Lite < 4.6.19 - Multiple Issues

- Lack of CSRF, Authorisation and sanitisation checks in the ajaxloadneweditor function, registered as an AJAX method, can lead to an authenticated reflected XSS issue. - Authenticated Directory Traversal leading to RCE XSS: As an authenticated user with a role as low as a Subscriber, open...

6.5CVSS0.5AI score0.03711EPSS
Exploits3
wpexploit
wpexploit
added 2019/06/23 12:0 a.m.28 views

CP Contact Form with Paypal <= 1.3.01 - Multiple XSS

The CP Contact Form with PayPal WordPress plugin was affected by a Multiple XSS security vulnerability. Version &r=1 fixed in 1.2.98...

4.3CVSS1.3AI score0.0094EPSS
Exploits2References1
wpexploit
wpexploit
added 2018/04/06 12:0 a.m.28 views

WP Background Takeover <= 4.1.4 - Directory Traversal

Allows for an attacker to browse files via the download.php file http://target.com/wp-content/plugins/wpsite-background-takeover/exports/download.php?filename=../../../../wp-config.php...

5CVSS4AI score0.48158EPSS
Exploits4References2
wpexploit
wpexploit
added 2015/09/14 12:0 a.m.28 views

EZ SQL Reports <= 4.11.33 - Authenticated Arbitrary Code Execution

There are several calls to "passtthru" in the code, one of them is receiving the username, password, database name and host from the $POST arguments, so you can inject in every of this parameter the ";" character or others like "&&" or "||" to execute other distinct commands to "/usr/bin/mysql"...

2.1AI score
Exploits0References1
wpexploit
wpexploit
added 2020/04/27 12:0 a.m.27 views

Real-Time Find and Replace < 4.0.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting

This flaw could allow any user to inject malicious Javascript anywhere on a site if they could trick a site’s administrator into performing an action, like clicking on a link in a comment or email...

6.8CVSS0.1AI score0.00809EPSS
Exploits2References2
wpexploit
wpexploit
added 2020/01/29 12:0 a.m.27 views

Elementor Page Builder < 2.8.5 - Authenticated Reflected XSS

The Elementor Website Builder WordPress plugin was affected by an Authenticated Reflected XSS security vulnerability. /wp-admin/admin.php?page=elementor-system-info&lndan%22%3e%3cscript%0csrc%3d//0x7f000001%3e%3c/script%3e=1...

3.5CVSS2.1AI score0.01288EPSS
Exploits2References1
wpexploit
wpexploit
added 2020/01/16 12:0 a.m.27 views

Chained Quiz < 1.1.8.2 - Unauthenticated Reflected XSS

WordPress Plugin Plugin Chained Quiz before 1.1.8.2 suffers from a Reflected XSS vulnerability in the 'totalquestions' POST parameter when a user completes a quiz. The code in question accepts the 'totalquestions' parameter without escaping the special characters: models/quiz.php $output =...

4.3CVSS0.2AI score0.01607EPSS
Exploits2References2
wpexploit
wpexploit
added 2019/07/15 12:0 a.m.27 views

Ad Inserter <= 2.4.21 - Authenticated Remote Code Execution

The Ad Inserter – Ad Manager & AdSense Ads WordPress plugin was affected by an Authenticated Remote Code Execution security vulnerability. The nonce aicheck in the final request can be obtained by querying the homepage with the AIWPDEBUGGING cookie set to 2. Then, use an account with a role as lo...

6.5CVSS0.7AI score0.03635EPSS
Exploits2References2
wpexploit
wpexploit
added 2019/06/24 12:0 a.m.27 views

Ultimate Member < 2.0.52 - CSRF and Stored XSS issues

A CSRF vulnerability in adding/editing user roles in Ultimate Member 2.0.49. It also lead to stored XSS. Edit WPScanTeam: July 9th, 2019 - v2.0.50 released and still affected. Escalated to WP Plugins Team July 9th, 2019 - v2.0.51 released, fixing the CSRF but not the XSS July 11th, 2019 - Escalat...

3.5CVSS5.3AI score0.00886EPSS
Exploits3
wpexploit
wpexploit
added 2019/04/17 12:0 a.m.27 views

Download Manager <= 2.9.93 - Authenticated Cross-Site Scripting (XSS)

In the pro features of the WordPress download manager plugin, there is a Category Short-code feature witch can use to sort categories with order by a function which will be used as ?orderby=title,publishdate . By adding parameter " and add any XSS payload , the xss payload will execute. To...

4.3CVSS1.3AI score0.12531EPSS
Exploits6References3
wpexploit
wpexploit
added 2018/09/19 12:0 a.m.27 views

Wechat Broadcast <= 1.2.0 - Local/Remote File Inclusion

This bug was found in the file: /wechat-broadcast/wechat/Image.php echo filegetcontentsisset$GET"url" ? $GET"url" : ''; The parameter "url" it is not sanitized allowing include local or remote files To exploit the vulnerability only is needed use the version 1.0 of the HTTP protocol to interact...

7.5CVSS0.1AI score0.6307EPSS
Exploits4References2
wpexploit
wpexploit
added 2018/05/27 12:0 a.m.27 views

wpForo Forum <= 1.4.9 - Unauthenticated SQL Injection

The wpForo Forum WordPress plugin was affected by an Unauthenticated SQL Injection security vulnerability. http://www.example.com/index.php/community/?wpfd=0&wpfob=relevancy&wpfo=desc%2cselectfromselectsleep20a&wpfs=fff&wpfin=entire-posts...

5CVSS2.4AI score0.0165EPSS
Exploits2References3
wpexploit
wpexploit
added 2016/04/12 12:0 a.m.27 views

WPSOLR <= 8.6 - Unauthenticated Reflected Cross-Site Scripting (XSS)

The WPSOLR - Elasticsearch and Solr search WordPress plugin was affected by an Unauthenticated Reflected Cross-Site Scripting XSS security vulnerability...

4.3CVSS0.4AI score0.04486EPSS
Exploits2References2
wpexploit
wpexploit
added 2015/05/14 12:0 a.m.27 views

Multiple Plugins - jQuery prettyPhoto DOM Cross-Site Scripting (XSS)

The jQuery prettyPhoto library bundled with many plugins was found to be vulnerable to DOM Cross-Site Scripting XSS. http://www.example.com/prettyPhotogallery/1,/...

1.4AI score
Exploits0References3
wpexploit
wpexploit
added 2020/11/08 12:0 a.m.26 views

Abandoned Cart Lite for WooCommerce < 5.8.3 - Unauthenticated SQL Injection

The plugin is affected by an unauthenticated SQL injection via the billingfirstname parameter of the savedata AJAX call. From the original researcher: ./sqlmap.py -u https://example.com/wp-admin/admin-ajax.php --cookie='cookies content here' --method='POST'...

2.2AI score
Exploits0References2
wpexploit
wpexploit
added 2020/10/12 12:0 a.m.26 views

LocalWeb All In One plugin < 1.6.5 - Unauthenticated Stored Cross-Site Scripting (XSS)

An Unauthenticated Stored XSS vulnerability was discovered in the LocalWeb All In One plugin v1.6.3 for WordPress. There is an older version of this plugin called Web Instant Messenger, latest version is v1.1.1. The specificity of this plugin is that it interacts with the remote host...

0.3AI score
Exploits0References1
wpexploit
wpexploit
added 2020/09/22 12:0 a.m.26 views

Coditor <= 1.1 - Arbitrary File Edition, Deletion and Internal Directory Listing in wp-content

The coditorprocessajax AJAX call is missing any CSRF and authorisation checks, allowing low privilege users subscriber+ to read and edit any files in the wp-content folder, as well as list its content. The PoC will be displayed once the issue has been remediated...

1.9AI score
Exploits0References1
wpexploit
wpexploit
added 2020/08/31 12:0 a.m.26 views

Chamber Dashboard Business Directory < 3.3.1 - Authenticated Stored Cross-Site Scripting

The plugin does not sanitise user input when creating or editing a business in the dashboard, allowing high privilege users Editor+ to set XSS payloads in various fields. Login as an editor or admin, then add/edit a business and set the phone number as " The payload will then be executed in the...

4.3CVSS0.01011EPSS
Exploits2References1
wpexploit
wpexploit
added 2020/08/13 12:0 a.m.26 views

Quiz and Survey Master < 7.0.1 - Unauthenticated Arbitrary File Deletion

This flaw allows users to delete arbitrary files like a site’s wp-config.php file which could effectively take a site offline and allow an attacker to take over the vulnerable site. history.pushState'', '', '/'...

6.4CVSS1.1AI score0.76328EPSS
Exploits2References1
wpexploit
wpexploit
added 2020/08/13 12:0 a.m.26 views

Quiz and Survey Master < 7.0.1 - Arbitrary File Upload

This flaw made it possible for unauthenticated attackers to upload arbitrary files and achieve remote code execution. Set-up quiz that accepts file uploads, then upload file and change content-type to one set as approved. history.pushState'', '', '/' function submitRequest var xhr = new...

7.5CVSS1.8AI score0.04934EPSS
Exploits2References1
wpexploit
wpexploit
added 2020/07/31 12:0 a.m.26 views

JobCareer < 3.5 - Multiple Cross-Site Scripting (XSS)

An Unauthenticated Reflected & Authenticated Persistent XSS vulnerabilities were discovered in the JobCareer theme through 3.4 for WordPress. Unauthenticated Reflected XSS - Vulnerable parameters: jobtitle, specialisms, location Authenticated Persistent XSS on Employer Profile - «Complete Address...

Exploits0References2
wpexploit
wpexploit
added 2020/07/27 12:0 a.m.26 views

CarePlus <= 1.2 - Unauthenticated Reflected Cross-Site Scripting (XSS)

An Unauthenticated Reflected XSS vulnerability was discovered in the CarePlus theme through 1.2 for WordPress. https://example.com/?s=%22%20autofocus%20onfocus=alertXSS;%20%22%3E...

1.3AI score
Exploits0References2
wpexploit
wpexploit
added 2020/07/24 12:0 a.m.26 views

Careerfy < 4.4.0 - Unauthenticated Reflected XSS

An Unauthenticated Reflected XSS vulnerability was discovered in the Careerfy Job Board theme v4.3.0 for WordPress. https://example.com/jobs-listing/?%22%3E%3C%2Fa%3E%3C%2Fli%3E%3C%2Ful%3E%3Cscript%3Ealert%28%2FXSS%2F%29%3B%3C%2Fscript%3E=%3E...

1.9AI score
Exploits0References2
wpexploit
wpexploit
added 2020/04/05 12:0 a.m.26 views

Car Rental System <= 1.3 - Unauthenticated Stored Cross-Site Scripting (XSS)

An unauthenticated user can inject malicious JavaScript via the booking form, specifically in the new user details. The XSS payload is then executed when an authenticated administrator user views the booking on the booking-list and cust-lookup pages. Inject XSS via most fields in the booking form...

4.3CVSS0.9AI score0.01167EPSS
Exploits2References2
wpexploit
wpexploit
added 2020/03/11 12:0 a.m.26 views

Import Export WordPress Users < 1.3.9 - Authenticated Arbitrary User Creation

"The flaw allowed anybody with subscriber-level access or above to import new users via a CSV file, including administrative-level users" providing subscriber-level users and above with the ability to escalate their privileges. POST /wp-admin/admin-ajax.php?importpage=wordpresshfusercsv&step=3...

6.5CVSS0.1AI score0.01727EPSS
Exploits2References2
wpexploit
wpexploit
added 2020/01/29 12:0 a.m.26 views

Code Snippets < 2.14.0 - CSRF to RCE

This "flaw allowed anybody to forge a request on behalf of an administrator and inject executable code on a vulnerable site." function submitRequest var xhr = new XMLHttpRequest; xhr.open"POST", "http://waftesting.vhx.cloud:8080/wp-admin/admin.php?page=import-snippets", true;...

6.8CVSS0.6AI score0.11905EPSS
Exploits2References1
wpexploit
wpexploit
added 2020/01/22 12:0 a.m.26 views

Contact Form Clean and Simple < 4.7.1 - Authenticated Stored XSS

The Contact Form Clean and Simple WordPress plugin was vulnerable to Authenticated stored XSS. When a user has admin capabilities, malicious code can be submitted through the plugin's options. This code will then be executed on every page with the contact form on the front-end. By checking the...

0.5AI score
Exploits0References2
wpexploit
wpexploit
added 2020/01/16 12:0 a.m.26 views

Reality < 2.5.3 - Unauthenticated Reflected XSS

Reflected XSS was discovered in the «Reality | Estate Multipurpose WordPress Theme», tested version — v2.5.1 Edit WPScanTeam: January 16th, 2020 - Report Received & Envato Contacted January 17th, 2020 - Envato Investigating February 6th, 2020 - Envato Contacted Again for Updates February 7th, 202...

0.4AI score
Exploits0References1
wpexploit
wpexploit
added 2020/01/16 12:0 a.m.26 views

WP Database Reset < 3.15 - Unauthenticated Database Reset

This flaw "allowed any unauthenticated user to reset any table from the database to the initial WordPress set-up state." URL/wp-admin/admin-post.php?db-reset-tables%5B%5D=comments&db-reset-code=11111&db-reset-code-confirm=11111 Where you can set db-reset-tables%5B%5D to any database table you wan...

6.4CVSS1.6AI score0.22928EPSS
Exploits2References1
wpexploit
wpexploit
added 2020/01/08 12:0 a.m.26 views

Minimal Coming Soon & Maintenance Mode < 2.17 - Insecure permissions: Export Settings/Theme Change

There was a flaw that would allow any user logged in as a subscriber or above to export the plugin settings as a .txt file or modify the theme of the maintenance page on a vulnerable site. Login with subscriber or above permissions and send the following request to export the plugin settings:...

5.5CVSS5.4AI score0.0107EPSS
Exploits2References1
wpexploit
wpexploit
added 2019/11/13 12:0 a.m.26 views

Quiz And Survey Master < 6.3.5 - Authenticated Reflected XSS

The Quiz And Survey Master – Best Quiz, Exam and Survey Plugin for WordPress WordPress plugin was affected by an Authenticated Reflected XSS security vulnerability. https://domain.tld/wp-admin/admin.php?page=mlwquizoptions&quizid=...

4.3CVSS1.9AI score0.01663EPSS
Exploits2References1
wpexploit
wpexploit
added 2019/09/27 12:0 a.m.26 views

Zoner < 4.2 - Persistent XSS & IDOR

----- Persistent XSS: ----- 'Address' input field on the 'Local information' block is vulnerable so you can use your payload to steal admin cookies or do some redirects etc. ----- IDOR: ----- POST request https://zoner.fruitfulcode.com/wp-admin/admin-ajax.php?action=deletepropertyactid=XXX=YYY...

7.3AI score
Exploits0References2
wpexploit
wpexploit
added 2019/07/04 12:0 a.m.26 views

Appointment Booking Calendar < 1.3.19 - Unauthenticated Stored XSS

Lack of authorisation check in the cpabcappointmentssaveedition function can lead to stored XSS via the editionarea parameter when cfwppedit is set to 'js' or 'css' /wp-admin/admin-ajax.php" method="POST" "/ /wp-admin/admin-ajax.php" method="POST" "/ The payload will be triggered in all pages wit...

4.3CVSS1.2AI score0.01389EPSS
Exploits2References1
Total number of security vulnerabilities4359