Lucene search
K
WpexploitMost viewed

4359 matches found

wpexploit
wpexploit
added 2019/06/26 12:0 a.m.26 views

Live Chat Unlimited <= 2.8.3 - Stored Cross-Site Scripting (XSS)

Weak security measures like bad input field data filtering has been discovered in the 'Live Chat Unlimited'. Go to the demo website https://screets.com/try/lcx/night-bird/ and open chat window by clicking on «Open/close» link, then click on «Online mode» to go online. Use your payload inside inpu...

0.4AI score
Exploits0References2
wpexploit
wpexploit
added 2019/06/25 12:0 a.m.26 views

iLive <= 1.0.4 - Stored Cross-Site Scripting (XSS)

Info: Weak security measures like bad textarea data filtering has been discovered in the 'iLive - Intelligent WordPress Live Chat Support Plugin'. Current version of this premium WordPress plugin is 1.0.4. Demo Website: https://codecanyon.net/item/ilive-wordpress-live-chat-support-plugin/20496563...

7.2AI score
Exploits0References2
wpexploit
wpexploit
added 2019/03/25 12:0 a.m.26 views

Social Warfare <= 3.5.2 - Unauthenticated Remote Code Execution (RCE)

Unauthenticated remote code execution has been discovered in functionality that handles settings import. 1. Create payload file and host it on a location accessible by a targeted website. Payload content : "system'cat /etc/passwd'" 2. Visit...

0.7AI score
Exploits0References1
wpexploit
wpexploit
added 2018/02/08 12:0 a.m.26 views

Swape Theme - Authentication Bypass and Stored XSS

Similar to https://wpvulndb.com/vulnerabilities/8061, but with no authentication The theme suffers from a privilege escalation vulnerability, any user can trigger this vulnerability due to weak permissions checking. An attacker can update options, such as changing user's default role, registratio...

7.5CVSS0.8AI score0.01987EPSS
Exploits2References2
wpexploit
wpexploit
added 2016/04/12 12:0 a.m.26 views

S3 Video Plugin <= 0.983 - Unauthenticated Reflected Cross-Site Scripting (XSS)

The s3-video WordPress plugin was affected by an Unauthenticated Reflected Cross-Site Scripting XSS security vulnerability. http://www.example.com/wp-content/plugins/s3-video/views/video-management/previewvideo.php?media="alert1;"...

4.3CVSS1.4AI score0.03209EPSS
Exploits2References2
wpexploit
wpexploit
added 2016/04/01 12:0 a.m.26 views

Cerber Limit Login Attempts <= 2.0.1.6 - Unauthenticated Stored XSS

If the option "I'm behind a proxy" is enabled, the visitor IP is read from X-Forwarded-For header, stored & printed in the admin panel without any sanitization / validation. Set the X-Forwarded-For header to alert1, and perform an incorrect login...

4.3CVSS0.3AI score0.01418EPSS
Exploits2References1
wpexploit
wpexploit
added 2015/08/09 12:0 a.m.26 views

WP Symposium <= 15.5.1 - Unauthenticated SQL Injection

Wordpress plugin wp-symposium version 15.5.1 and probably all existing previous versions suffers from an unauthenticated SQL Injection in getalbumitem.php, parameter 'size'. The issue is exploitable even if the plugin is deactivated. PoC URL :...

7.5CVSS1.3AI score0.74127EPSS
Exploits5References2
wpexploit
wpexploit
added 2015/03/02 12:0 a.m.26 views

Photocrati Theme 4.x.x - SQL Injection

http://www.example.com/wp-content/themes/photocrati-theme-path/ecomm-sizes.php?prodid=SQL...

7.5CVSS1.5AI score0.04737EPSS
Exploits2References3
wpexploit
wpexploit
added 2020/09/11 12:0 a.m.25 views

10Web Social Post Feed < 1.1.27 - Authenticated SQL Injection

Authenticated SQL injection in the 10Web Social Post Feed WordPress Plugin 1.1.26 via the /wordpress/wp-admin/admin.php?page=infoffwd searchvalue parameter. https://drive.google.com/file/d/1Hndhdy3leYTzutx-DJvu1B-tW5Y5teBB/view...

3.1AI score
Exploits0References1
wpexploit
wpexploit
added 2020/08/24 12:0 a.m.25 views

Autoptimize < 2.7.7 - Authenticated Arbitrary File Upload

The aoccssimport AJAX call does not ensure that the file provided is a legitimate Zip file, allowing high privilege users to upload arbitrary files, such as PHP, leading to RCE. https://drive.google.com/file/d/1siZsDiJsYRCw58Ksram5zBJOVbs-Hio1/view?usp=sharing POST /wp-admin/admin-ajax.php HTTP/1...

6.5CVSS0.2AI score0.13139EPSS
Exploits6References1
wpexploit
wpexploit
added 2020/08/14 12:0 a.m.25 views

Sell Media < 2.4.2 - Unauthenticated Reflected Cross-Site Scripting (XSS)

A Cross-site scripting XSS vulnerability in /inc/class-search.php in the Sell Media plugin v2.4.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the keyword parameter aka $searchterm or the Search field. https://example.com/sell-media-search/?keyword="alert/XSS/...

4.3CVSS1.9AI score0.09221EPSS
Exploits1References1
wpexploit
wpexploit
added 2020/08/12 12:0 a.m.25 views

Ultimate Member < 2.1.7 - Unauthenticated Open Redirect

The Ultimate Member WordPress plugin was vulnerable to an Unauthenticated Open Redirect vulnerability, affecting the registration and login pages where the "redirectto" GET parameter was used. https://www.example.com/register/?redirectto=https://www.evil.com/...

2.2AI score
Exploits0References2
wpexploit
wpexploit
added 2020/06/19 12:0 a.m.25 views

TownHub < 1.3.0 - Unauthenticated Reflected XSS

Unauthenticated Reflected XSS vulnerability was discovered in the «TownHub - Directory & Listing WordPress Theme», tested version — v1.2.9. Edit WPScanTeam June 17th, 2020 - Confirmed & Escalated to Envato June 18th, 2020 - v1.3.0 released, fixing the issue...

2AI score
Exploits0References1
wpexploit
wpexploit
added 2020/05/25 12:0 a.m.25 views

Add-on SweetAlert Contact Form 7 < 1.0.8 - Authenticated Stored Cross-Site Scripting (XSS)

Stored XSS "post-auth" in "tittle" field of the "Error Alert" and "Success Alert" sections of the plugin's settings page due to poor sanitization of entered characters. When you enter the payload and save the changes, it is permanently embedded in the html code of the settings page, so all users...

6.4AI score
Exploits0
wpexploit
wpexploit
added 2020/05/13 12:0 a.m.25 views

Site Kit by Google < 1.8.0 - Privilege Escalation to gain Search Console Access

This flaw allows any authenticated user, regardless of capability, to become a Google Search Console owner for any site running the Site Kit by Google plugin. Steps to reproduce: 1. Log in as a subscriber on target WordPress site. 2. View the page source of /wp-admin and command+f to search for...

0.7AI score
Exploits0References1
wpexploit
wpexploit
added 2020/02/10 12:0 a.m.25 views

Profile Builder and Profile Builder Pro < 3.1.1 - User Registration With Administrator Role

The plugin is affected by a broken authentication vulnerability, allowing unauthenticated users to register or edit their account and gain the Administrator role using the plugin's forms. The vulnerability only exists in the Plugin's own generated Registration Form or Profile Edit Form. This mean...

Exploits0References1
wpexploit
wpexploit
added 2020/01/19 12:0 a.m.25 views

Batch-Move Posts <= 1.5 - Broken Authentication leading to Unauthenticated Stored XSS

An attacker can add a Cross-Site Scripting XSS payload remotely without any authentication. The Payload gets triggered when an Admin visits the settings page of the plugin. Edit WPScanTeam: The plugin is still affected and has been closed. Vulnerable code is from lines 68 to 84. The code gets the...

6.3AI score
Exploits0
wpexploit
wpexploit
added 2019/12/25 12:0 a.m.25 views

bbPress Login Register Links On Forum Topic Pages <= 2.7.5 - CSRF to Stored XSS

Lack of CSRF checks in the plugin's settings allow arbitrary change of the settings, which can also lead to stored XSS issues. The payload below will result in a stored XSS in the 'Style Customize' page. " /...

0.1AI score
Exploits0References1
wpexploit
wpexploit
added 2019/04/24 12:0 a.m.25 views

JobCareer < 2.5.1 - Authenticated Stored Cross-Site Scripting

Bad input fields data filtering has been discovered in the 'JobCareer | Job Board Responsive WordPress Theme'. http://jobcareer.chimpgroup.com/candidate/asdasdasdasdasd/ Register a new account on the demo website: http://jobcareer.chimpgroup.com/ , then go to the «Resume» profile tab:...

3.5CVSS0.3AI score0.00736EPSS
Exploits2References1
wpexploit
wpexploit
added 2018/10/24 12:0 a.m.25 views

Pie Register <= 3.0.17 - Unauthenticated Cross-Site Scripting (XSS)

The Pie Register – User Registration Forms. Invitation based registrations, Custom Login, Payments WordPress plugin was affected by an Unauthenticated Cross-Site Scripting XSS security vulnerability. ttp://www.website.com/wordpress/index.php/forgot-password/?"alert1...

0.8AI score
Exploits0References2
wpexploit
wpexploit
added 2018/09/05 12:0 a.m.25 views

Duplicator <= 1.2.40 - Unauthenticated Arbitrary Code Execution

If installer files, installer.php and installer-backup.php, are not removed by the administrators, a code injection during the database setup step allows to execute arbitrary code on the server. actionajax=3&actionstep=3&dbhost=nowhere&dbuser=test&dbpass=test&dbname=test';...

3.9AI score
Exploits0References2
wpexploit
wpexploit
added 2018/06/20 12:0 a.m.25 views

Open Graph for Facebook, Google+ and Twitter Card Tags <= 2.2.4 - Authenticated Reflected XSS

There is a reflected XSS vulnerability caused by "Open Graph for Facebook, Google+ and Twitter Card Tags" in the wdfbogerror parameter on a GET request when editing a post. This can be exploited by tricking an authenticated Wordpress administrator into clicking a malicious link. This vulnerabilit...

4.3CVSS0.7AI score0.01085EPSS
Exploits1References2
wpexploit
wpexploit
added 2018/03/03 12:0 a.m.25 views

Super Socializer <= 7.10.6 - Authentication Bypass

You can log in to the site with any user if you know the user's email address. // Steps: // Fill this 3 variable var url = 'http://my-site.com/wordpress/', //website url. Closing slash required email = '[email protected]', //The admin email address to exploit nonce = 'e86377d05a'; // View the...

Exploits0References2
wpexploit
wpexploit
added 2017/12/10 12:0 a.m.25 views

RegistrationMagic - Custom Registration Forms <= 3.8.0.4 - Authenticated SQL Injection

The RegistrationMagic – Custom Registration Forms and User Login WordPress plugin was affected by a Custom Registration Forms = 3.8.0.4 - Authenticated SQL Injection security vulnerability. GET...

2.3AI score
Exploits0References2
wpexploit
wpexploit
added 2017/04/27 12:0 a.m.25 views

Referrer Detector <= 4.2.1.0 - Unauthenticated PHP Object Injection

The plugin referrer-detector insecurely trusts serialized data submitted over HTTP requests. This opens up the site to a PHP object injection vulnerability potential exploit vector. The original researcher notified the WordPress Plugins team. Attack is exploitable over HTTP requests to sites with...

0.6AI score
Exploits0References1
wpexploit
wpexploit
added 2017/02/27 12:0 a.m.25 views

Kama Click Counter <= 3.4.9 - Authenticated Blind SQL Injection

The Kama Click Counter WordPress plugin was affected by an Authenticated Blind SQL Injection security vulnerability. http://www.example.com/wp-admin/admin.php?page=kama-clic-counter&orderby=linkname&order=ASC%2cselectfromselectsleep30a&paged=1...

9.3CVSS2AI score0.0201EPSS
Exploits2References1
wpexploit
wpexploit
added 2016/04/13 12:0 a.m.25 views

e-search <= 1.0 - Unauthenticated Reflected Cross-Site Scripting (XSS)

The e-search WordPress plugin was affected by an Unauthenticated Reflected Cross-Site Scripting XSS security vulnerability. http://www.example.com/wp-content/plugins/e-search/tmpl/dateselect.php?date-from="alert1;alert1;"...

4.3CVSS0.9AI score0.0465EPSS
Exploits3References3
wpexploit
wpexploit
added 2015/02/11 12:0 a.m.25 views

Wordpress Video Gallery <= 2.7 - SQL Injection

The contus-video-gallery WordPress plugin was affected by a SQL Injection security vulnerability. http://example.com/wp-admin/admin-ajax.php?action=rss&type=video&vid=SQLi...

7.5CVSS1.7AI score0.4107EPSS
Exploits4References2
wpexploit
wpexploit
added 2014/06/12 12:0 a.m.25 views

Ruven Toolkit <= 1.1 - tinymce/popup.php popup Parameter Reflected XSS

The ruven-toolkit WordPress plugin was affected by a tinymce/popup.php popup Parameter Reflected XSS security vulnerability. http://localhost/wp-content/plugins/ruven-toolkit/tinymce/popup.php?popup=popup'alertdocument.cookie&...

4.3CVSS1AI score0.01163EPSS
Exploits2References1
wpexploit
wpexploit
added 2021/06/30 12:0 a.m.24 views

YITH Request a Quote for WooCommerce < 1.6.4 - Unauthorised AJAX call via CSRF

The ajax method did not properly check for CSRF, allowing attackers to make users call the ajaxadditem, ajaxremoveitem or ajaxvariationexist actions, which will tamper with their session quote. POST /wp-admin/admin-ajax.php HTTP/1.1 Accept: application/json, text/javascript, /; q=0.01...

1.4AI score
Exploits0
wpexploit
wpexploit
added 2020/08/11 12:0 a.m.24 views

Add From Server <= 3.3.3 - Authenticated Path Traversal to Arbitrary File Access

An authenticated attacker with low permission can read arbitrary files on server using Path Traversal. The plugin author states that this is by design and that the plugin should not be used. Please refer to the references. http://example.com/wp-admin/upload.php?page=add-from-server&adirectory=/...

3.6AI score
Exploits0References2
wpexploit
wpexploit
added 2020/08/05 12:0 a.m.24 views

FoodBakery < 2.0 - Unauthenticated Reflected XSS

An Unauthenticated Reflected XSS vulnerability was discovered in the FoodBakery theme through 1.9 for WordPress. Note: The issue was hot patched in 1.9. As a result, there are two 1.9 versions out there, one vulnerable and one with the patch...

2.5AI score
Exploits0References2
wpexploit
wpexploit
added 2020/04/23 12:0 a.m.24 views

MapPress Maps Pro < 2.53.9 - Remote Code Execution (RCE) due to Incorrect Access Control in AJAX Actions

The pro version of this plugin registers several AJAX actions that call functions which lack capability checks and nonce checks, specifically the ‘ajaxget’, ‘ajaxsave’, and ‘ajaxdelete’ functions in mappresstemplate.php. As such, it is possible for a logged-in attacker with minimal permissions,...

6.5CVSS0.9AI score0.05606EPSS
Exploits3References1
wpexploit
wpexploit
added 2020/02/24 12:0 a.m.24 views

Ultimate Membership Pro < 8.6.2 - Multiple CSRF Issues via AJAX Calls, Insufficient Filename Entropy

Version 8.6.1 attempted fo fix multiple critical issues mainly lack of authorisation checks, allowing low privileges users to call the admin functions of the plugin, leading to PII disclosure and login bypasses. However, the fixes were not sufficient: - An indeedIsAdmin check was added to all AJA...

Exploits0References2
wpexploit
wpexploit
added 2018/11/05 12:0 a.m.24 views

Media File Manager <= 1.4.2 - Authenticated Multiple Vulnerabilities

Following the PoC you can combine the vulnerabilities to obtain PHP code execution and read sensitive file. By default the File Manager can only be used by Administrator users, however, any user role can be configured to use it. Diretory Trasversal: POST /wordpress/wp-admin/admin-ajax.php HTTP/1....

5CVSS0.2AI score0.12128EPSS
Exploits5References2
wpexploit
wpexploit
added 2017/11/12 12:0 a.m.24 views

WP Support Plus Responsive Ticket System < 8.0.8 - Remote Code Execution

WP Support Plus Responsive Ticket System Choose a file ending with .phtml: After doing this, an uploaded file can be accessed at, say: http://example.com/wp-content/uploads/wpsp/1510248571filename.phtml...

7.5AI score
Exploits0References1
wpexploit
wpexploit
added 2017/11/10 12:0 a.m.24 views

UserPro <= 4.9.17 - Authentication Bypass

The userpro plugin has the ability to bypass login authentication for the user 'admin'. If the site does not use the standard username 'admin' it is not affected. 1 - Google Dork inurl:/plugins/userpro 2 - Browse to a site that has the userpro plugin installed. 3 - Append ?upautolog=true to the...

7.5CVSS9.4AI score0.27369EPSS
Exploits3References2
wpexploit
wpexploit
added 2017/10/31 12:0 a.m.24 views

Shortcodes Ultimate <= 5.0.0 - Authenticated Contributor Code Execution

The Shortcodes Ultimate plugin does not sanitize the "filter" argument to the "sumeta", "suuser", and "supost" shortcodes, allowing the filter to be set to the "system" function which runs arbitrary code. This is being exploited in the wild; I discovered this though analysis of modsecurity audit...

7.5CVSS9.6AI score0.12092EPSS
Exploits1References2
wpexploit
wpexploit
added 2017/03/03 12:0 a.m.24 views

Adminer <= 1.4.5 - Security Bypass

The plugin is still affected and has been closed. https://example.com/wp-content/plugins/adminer/inc/editor/index.php...

2AI score
Exploits0References2
wpexploit
wpexploit
added 2016/09/14 12:0 a.m.24 views

WP Front End Profile <= 0.2.1 - Privilege Escalation & Stored Cross-Site Scripting (XSS)

It is possible to modify a POST request to overwrite user meta including 'wpcapabilities' and 'wpuserlevel' which results in a privilege escalation vulnerability. User input is not sanitised or escaped on output resulting in a stored XSS vulnerability. Timeline: 2016-09-12: Vulnerability found...

7.5CVSS0.4AI score0.02076EPSS
Exploits1References1
wpexploit
wpexploit
added 2016/04/13 12:0 a.m.24 views

Admin Font Editor <= 1.8 - Unauthenticated Reflected Cross-Site Scripting (XSS)

The admin-font-editor WordPress plugin was affected by an Unauthenticated Reflected Cross-Site Scripting XSS security vulnerability. http://www.example.com/wp-content/plugins/admin-font-editor/css.php?size="alert1;"...

4.3CVSS0.9AI score0.03223EPSS
Exploits2References2
wpexploit
wpexploit
added 2015/07/18 12:0 a.m.24 views

wptf-image-gallery 1.0.3 - Remote File Download

Plugin is still affected and has been closed. The ./wptf-image-gallery/lib-mbox/ajaxload.php code doesn't sanitize user input or check that a user is authorized to download files. This allows an unauthenticated user to download sensitive system files: 1 $ curl...

5CVSS1.2AI score0.02277EPSS
Exploits2References2
wpexploit
wpexploit
added 2015/06/10 12:0 a.m.24 views

Smart Website Tools by AddThis 4.0.6-5.0.2 - Stored XSS

The Smart Website Tools by AddThis plugin exposes an AJAX function called 'atasyncloading' in 'addthis/addthis-for-wordpress.php'. Access to this function is restricted to Registered users, however is not restricted to Administrative users, meaning that anyone with an account on the target site c...

0.1AI score
Exploits0References2
wpexploit
wpexploit
added 2015/06/08 12:0 a.m.24 views

Easy2Map Photos <= 1.0.9 - SQL Injection

The code in Functions.php is vulnerable to SQL Injection because they are not parameterising or sanitising user input. sqlmap -u 'http://www.example.com/wp-admin/admin-ajax.php' --data="mapID=11&mapName='+or+1%3D%3D1%3B&action=e2mimgsavemapname" --cookie=COOKIEHERE --level=5 --risk=3...

7.5CVSS2AI score0.02212EPSS
Exploits4References2
wpexploit
wpexploit
added 2020/08/31 12:0 a.m.23 views

Subscribe Sidebar <= 1.3.1 - Authenticated Reflected Cross-Site Scripting

The 'status' GET parameter in subscribesidebar.php, which is displayed in the plugin's option page, is vulnerable to reflected XSS attacks. /wp-admin/options-general.php?page=subscribesidebar.php&status=%3Cscript%3Ealert%28document.cookie%29%3C%2Fscript%3E...

4.3CVSS1.7AI score0.00977EPSS
Exploits1References1
wpexploit
wpexploit
added 2020/04/02 12:0 a.m.23 views

Woocommerce Subscriptions < 3.0.3 - CSRF to Cancel/Re-Activate Subscription

During a blog assessment, we identified a CSRF issue in the Woocommerce Subscriptions plugin, which could allow attackers to cancel and re-activate a logged in user's subscription. Even though the wpnonce parameter was needed in the request, its value was not verified, allowing an empty value to ...

1.4AI score
Exploits0References1
wpexploit
wpexploit
added 2020/02/25 12:0 a.m.23 views

Pricing Table by Supsystic < 1.8.1 - Cross-Site Request Forgery to XSS and Setting Changes

CSRF can be exploited against any of the functionalities in the Pricing Table by Supsystic WordPress plugin in vulnerable versions. One example:...

0.2AI score
Exploits1References1
wpexploit
wpexploit
added 2020/02/06 12:0 a.m.23 views

Ultimate Membership Pro < 8.6.1 - Multiple Critical Vulnerabilities

Multiple Critical Vulnerabilities found in Ultimate Membership Pro could leads to Authenticated using a low privilege account, such as subscriber Remote Code Execution on default Installation, as well as PII disclosure such as emails, IP addresses, hashed passwords, usernames, User-Agent and so o...

8.1AI score
Exploits0References2
wpexploit
wpexploit
added 2020/01/16 12:0 a.m.23 views

WP Database Reset < 3.15 - Privilege Escalation

This flaw "allowed any authenticated user, even those with minimal permissions, the ability to grant their account administrative privileges while dropping all other users from the table with a simple request." Login as a subscriber then send the following request:...

6.5CVSS1.9AI score0.02463EPSS
Exploits2References1
wpexploit
wpexploit
added 2020/01/06 12:0 a.m.23 views

WP Simple Spreadsheet Fetcher For Google < 0.3.7 - Arbitrary API Key update via CSRF

The lack of Cross-Site Request Forgery CSRF checks on the plugin's settings page could allow CSRF attacks to set an arbitrary API key...

1.2AI score
Exploits0References1
Total number of security vulnerabilities4359