Lucene search
K
WpexploitMost viewed

4359 matches found

wpexploit
wpexploit
added 2019/08/09 12:0 a.m.23 views

Woody Ad Snippets < 2.2.6 - Arbitrary Post Deletion

The adminInit function of the admin/includes/class.actions.snippets.php file, registered as an admininit hook did not have any CSRF or capability checks for its close action, allowing unauthenticated users to delete arbitrary posts from the blog...

6.4CVSS3AI score0.0163EPSS
Exploits2
wpexploit
wpexploit
added 2019/07/11 12:0 a.m.23 views

One Click SSL <= 1.4.6 - Multiple Issues

Lack of CSRF and authorisation checks in the settings page, as well as AJAX methods such as ajaxenablessl, ajaxscan and so on could allow unauthorised settings change as well as call of the AJAX methods by a low privileged user. Additionally, it could also allow arbitrary site options update due ...

6.8CVSS0.6AI score0.00795EPSS
Exploits2References1
wpexploit
wpexploit
added 2019/07/02 12:0 a.m.23 views

Insert or Embed Articulate Content into WordPress <= 4.2999 - Authenticated Arbitrary Folder Deletion and Rename

The lack of CSRF, Authorisation and Path Traversal checks in wpajaxdeldir and wpajaxrenamedir AJAX methods in functions.php make it possible for an authenticated user with a role as low as subscriber to delete and rename arbitrary folders. CSRF attacks against such authenticated users is also...

5.5CVSS0.4AI score0.00625EPSS
Exploits2References1
wpexploit
wpexploit
added 2019/06/26 12:0 a.m.23 views

WebP Express <= 0.14.4 - Authenticated Stored XSS

Edit - WPScanTeam: The reported issue has been fixed in 0.14.5. Other sanitisation checks have been implemented in newest versions such as 0.14.6 and 0.14.8 while the plugin was closed, so the fixed in is set to 0.14.8 Video POC :...

3.5CVSS1.4AI score0.00787EPSS
Exploits2References1
wpexploit
wpexploit
added 2018/08/16 12:0 a.m.23 views

Chained Quiz <= 1.0.8 - Unauthenticated SQL Injection

WordPress Plugin Plugin Chained Quiz before 1.0.9 allows remote unauthenticated users to execute arbitrary SQL commands via the 'answer' and 'answers' parameters. Technical details: Chained Quiz appears to be vulnerable to time-based SQL-Injection. The issue lies on the "$answer" backend variable...

7.5CVSS1.4AI score0.02686EPSS
Exploits2References1
wpexploit
wpexploit
added 2018/07/20 12:0 a.m.23 views

Multi Step Form <= 1.2.5 - Multiple Unauthenticated Reflected XSS

WordPress Plugin Multi Step Form before 1.2.5 allows remote users to execute JavaScript code through Reflected XSS attacks. This issue can be exploited by unauthenticated attackers, by the use of CSRF, for example. The following parameters are vulnerable in fwsenddata function: fwdataid1 fwdataid...

4.3CVSS0.6AI score0.01255EPSS
Exploits2References2
wpexploit
wpexploit
added 2017/09/09 12:0 a.m.23 views

WPHRM <= 1.0 - Authenticated SQL Injection

The vulnerability allows an employee users to inject SQL commands. http://localhost/PATH/?hr-dashboard=user&page=message&tab=viewmessage&from=inbox&id=SQL-23+union+select 1,2,3,4,5,SELECT+GROUPCONCATtablename+SEPARATOR+0x3c62723e+FROM+INFORMATIONSCHEMA.TABLES+WHERE+TABLESCHEMA=DATABASE,7,8--%20-...

6.5CVSS3.2AI score0.03029EPSS
Exploits5References2
wpexploit
wpexploit
added 2017/08/07 12:0 a.m.23 views

Easy Modal <= 2.0.17 - Authenticated SQL Injection

This can only be exploited by a user who already has access to the admin with a valid nonce. During the security analysis, ThunderScan discovered SQL injection vulnerabilities in the Easy Modal WordPress Plugin. The easiest way to reproduce the vulnerability is to visit the provided URL while bei...

6.5CVSS2.8AI score0.01262EPSS
Exploits1References2
wpexploit
wpexploit
added 2017/07/20 12:0 a.m.23 views

Arabic Font - CSRF & Stored XSS

Due to a lack of CSRF mitigation and entity encoding in the output generated by arabic-font.php and /inc/panel.php, it is possible to store and execute scripts in the context of an admin user...

0.3AI score
Exploits0References1
wpexploit
wpexploit
added 2017/04/27 12:0 a.m.23 views

Gravitate QA Tracker <= 1.2.1 - Unauthenticated PHP Object Injection

The plugin gravitate-qa-tracker insecurely trusts serialized data submitted over HTTP requests. This opens up the site to a PHP object injection vulnerability potential exploit vector. Attack is exploitable over HTTP requests to sites with the gravitate-qa-tracker Plugin. The original researcher...

7.5CVSS0.8AI score0.02339EPSS
Exploits1References1
wpexploit
wpexploit
added 2016/03/07 12:0 a.m.23 views

Ocim MP3 Plugin - Unauthenticated Reflected Cross-Site Scripting (XSS)

Credits to : Soufiane Boussali http://www.example.com/wp-content/plugins/ocim-mp3/source/pages.php?id=XSSPayload...

4.3CVSS1.5AI score0.00943EPSS
Exploits2References1
wpexploit
wpexploit
added 2016/01/27 12:0 a.m.23 views

IMPress Listings <= 2.0.1 - Unauthenticated Reflected Cross-Site Scripting (XSS)

The IMPress Listings WordPress plugin was affected by an Unauthenticated Reflected Cross-Site Scripting XSS security vulnerability. IMPress Listings XSS Demo alertdocument.cookie;...

4.3CVSS0.4AI score0.00985EPSS
Exploits1References1
wpexploit
wpexploit
added 2015/10/29 12:0 a.m.23 views

WordPress File Upload <= 3.4.0 - Unauthenticated Malicious File Upload

The WordPress plugin wp-file-upload does not adequately check the filetype before allowing it to be uploaded. It also uploaded files with execute permissions, allowing malicious payloads to be uploaded. 1. Install wp-file-upload on a WordPress site and activate it. 2. Create an upload form on a...

5CVSS0.6AI score0.01389EPSS
Exploits1References1
wpexploit
wpexploit
added 2015/08/15 12:0 a.m.23 views

Google Adsense & Hotel Booking <= 1.0.5 - Open Proxy

Plugin is still affected and has been closed. The code in ./plugin/google-adsense-and-hotel-booking/proxy.php allows an arbitrary user to proxy POST requests though the host site. This may allow attackers to hide attacks, or DoS a site if the POST request is pointed back at itself causing a loop...

6.4CVSS1.8AI score0.02232EPSS
Exploits2References1
wpexploit
wpexploit
added 2015/08/02 12:0 a.m.23 views

simple-image-manipulator <= 1.0 - Remote File Download

Plugin is still affected and has been closed. In ./simple-image-manipulator/controller/download.php no checks are made to authenticate the user or sanitize input when determining file location. $ curl...

5CVSS1.6AI score0.07038EPSS
Exploits2References2
wpexploit
wpexploit
added 2015/06/10 12:0 a.m.23 views

RobotCPA Plugin V5 - Unauthenticated Local File Inclusion

The robotcpa WordPress plugin was affected by an Unauthenticated Local File Inclusion security vulnerability. This issue has been seen exploited in the wild with the following payload: http://www.example.com/wp-content/plugins/robotcpa/f.php?l=..%2F..%2F..%2Fwp-config.php...

5CVSS0.9AI score0.12574EPSS
Exploits2References1
wpexploit
wpexploit
added 2012/06/07 12:0 a.m.23 views

Omni Secure Files 0.1.13 - Unauthenticated Arbitrary File Upload

This plugin came with the vulnerable plupload library and has been seen exploited in the wild. The vulnerable file is: http://www.example.com/wp-content/plugins/omni-secure-files/plupload/examples/upload.php...

1.1AI score
Exploits0References2
wpexploit
wpexploit
added 2012/06/07 12:0 a.m.23 views

MM Forms & MM Forms Community 2.2.6 - Unauthenticated Arbitrary File Upload

Attackers have been seen probing for the "/wp-content/plugins/mm-forms/includes/doajaxfileupload.php" file. PostShell.php "@$uploadfile"; curlsetopt$ch, CURLOPTRETURNTRANSFER, 1; $postResult = curlexec$ch; curlclose$ch; print "$postResult"; ? Shell Access :...

7.5CVSS1.6AI score0.11748EPSS
Exploits2References1
wpexploit
wpexploit
added 2020/08/29 12:0 a.m.22 views

Real Estate 7 < 3.0.5 - Unauthenticated Reflected XSS

An Unauthenticated Reflected XSS vulnerability was discovered in the Real Estate 7 theme v3.0.4 for WordPress. Vulnerable parameters: ctsqftfrom, ctsqftto, ctlotsizefrom, ctlotsizeto, ctmls. Edit WPScanTeam: The issue has been hot-fixed in 3.0.4. So the fixed in has been set to 3.0.5 the next...

2.9AI score
Exploits0References3
wpexploit
wpexploit
added 2020/08/29 12:0 a.m.22 views

Quiz and Survey Master < 7.0.2 - Unauthenticated Arbitrary File Upload

Because the plugin doesn't validate the name of the uploaded file, an unauthenticated user could upload a PHP script with a double extension, e.g., script.php.jpg, and execute it on HTTP servers running a configuration such as Apache + PHP FastCGI. Edit WPScanTeam: This appears to be due to an...

0.8AI score
Exploits0References1
wpexploit
wpexploit
added 2020/08/21 12:0 a.m.22 views

WooCommerce - NAB Transact < 2.1.2 - Payment Bypass

The plugin does not validate the origin of payment processor status requests, allowing orders to be marked as fully paid by issuing a specially crafted GET request during the ordering workflow. When presented with a payment screen, instead of submitting payment information, issue the following GE...

5CVSS0.6AI score0.01152EPSS
Exploits4References2
wpexploit
wpexploit
added 2020/08/10 12:0 a.m.22 views

Cardoza WordPress Poll <= 36 - Authenticated SQL Injection

The Cardoza WordPress Poll plugin was vulnerable to authenticated SQL Injection in the "pollid" POST parameter when submitting a poll deletion request. action=deletepoll&pollid=SELECT 2822 FROM SELECTSLEEP5gsJu...

1.7AI score
Exploits0References1
wpexploit
wpexploit
added 2020/07/18 12:0 a.m.22 views

JobSearch < 1.5.5 - Unauthenticated Reflected Cross-Site Scripting

An Unauthenticated Reflected XSS vulnerability was discovered in the JobSearch plugin v1.5.4 for WordPress. https://eyecix.com/plugins/jobsearch/?jobtype=%3Cimg%20src%3Dx%20onerror%3Dalert%28%60XSS%60%29%3E...

0.8AI score
Exploits0References2
wpexploit
wpexploit
added 2020/05/29 12:0 a.m.22 views

Multi Scheduler <= 1.0.0 - Arbitrary Record Deletion via CSRF

The lack of CSRF check could allow attacker to delete arbitrary records from the plugin for example Professional ones via a CSRF attack. The issue is not patched, and has ben escalated to WP plugins team on May 29th, 2020 The PoC will be displayed once the issue has been remediated...

4.3CVSS6.4AI score0.01193EPSS
Exploits2References1
wpexploit
wpexploit
added 2020/03/24 12:0 a.m.22 views

Grimag < 1.1.1 - Open Redirection

Description The Grimag WordPress theme was affected by an Open Redirection security vulnerability. /wp-content/themes/Grimag/go.php?https://example.com...

7.4AI score
Exploits0References2
wpexploit
wpexploit
added 2020/03/18 12:0 a.m.22 views

Gutenberg & Elementor Templates Importer For Responsive < 2.2.6 - Unprotected AJAX Endpoints

These flaws allowed any authenticated user, regardless of privilege level, the ability to execute various AJAX actions 23 that could reset site data, inject malicious JavaScript in pages, modify theme customizer data, import .xml and .json files, and activate plugins, among many other actions. Al...

6.5CVSS0.5AI score0.01581EPSS
Exploits2References1
wpexploit
wpexploit
added 2020/02/26 12:0 a.m.22 views

Export Users to CSV <= 1.4.2 - CSV Injection

An attacker can register themselves as a subscriber in a WordPress website and provide malicious payloads formula into the user account details field. When an authenticated admin uses the Export Users to CSV plugin to export the details of all the users into a CSV file and open it, the payload ge...

5.8CVSS0.1AI score0.01318EPSS
Exploits1References2
wpexploit
wpexploit
added 2020/01/14 12:0 a.m.22 views

Backup and Staging by WP Time Capsule < 1.21.16 - Authentication Bypass

It is possible to login as an administrator on the site due to logical mistakes in the code. The issue resides in wptc-cron-functions.php line 12 where it parses the request. This parserequest function calls the function decodeserverrequestwptc which check if the raw POST payload contains a certa...

7.5CVSS0.9AI score0.46454EPSS
Exploits2References2
wpexploit
wpexploit
added 2020/01/06 12:0 a.m.22 views

Ultimate FAQ < 1.8.30 - Unauthenticated Reflected XSS

The HTML code generated by the FAQ shortcode does not sanitise the DisplayFAQ GET parameter, leading to an unauthenticated reflected Cross-Site Scripting issue on pages where such shortcode is used. Append the following payload on a page where a FAQ is embedded: ?DisplayFAQ=...

4.3CVSS0.3AI score0.02195EPSS
Exploits1References1
wpexploit
wpexploit
added 2019/09/16 12:0 a.m.22 views

Poll, Survey, Form & Quiz Maker by OpinionStage < 19.6.25 - Unauthenticated Cross-Site Scripting (XSS)

This vulnerability has been seen actively exploited in the wild. http://www.example.com/wp-admin/admin-post.php?page=opinionstage-content-login-callback-page&email="alert1...

1AI score
Exploits0References2
wpexploit
wpexploit
added 2019/09/05 12:0 a.m.22 views

ECPay Logistics for WooCommerce <= 1.2.181030 - Unauthenticated Reflected XSS

The CVSStoreName, CVSAddress, CVSTelephone and CVSStoreID from the getChangeResponse.php are affected by reflected XSS issues. The PoC will be displayed once the issue has been remediated...

1.3AI score
Exploits0References1
wpexploit
wpexploit
added 2019/06/24 12:0 a.m.22 views

Custom 404 Pro < 3.2.9 - Authenticated Reflected XSS

The Custom 404 Pro WordPress plugin was affected by an Authenticated Reflected XSS security vulnerability. Version...

4.3CVSS2.1AI score0.01919EPSS
Exploits2References1
wpexploit
wpexploit
added 2019/05/05 12:0 a.m.22 views

Travel Booking < 2.7.8.4 - Reflected & Stored XSS

Weak security measures like no input & textarea fields data filtering has been discovered in the 'Traveler - Travel Booking WordPress Theme'. Special Notes: 1 - 'Change Avatar' upload field works really strange. F.e., u can upload any .PHP file with extension .php.png and break profile page Serve...

6.6AI score
Exploits0References1
wpexploit
wpexploit
added 2019/03/27 12:0 a.m.22 views

Loco Translate < 2.2.2 - Authenticated LFI

WordPress plugin Loco Translate version appears to have an Authenticated LFI Vulnerability under the 'Edit Template' Functionality. The following vulnerability can be exploited by any user with access to the plugin access can range from Admin to Subscriber WPScanTeam Note: Was not able to reprodu...

0.2AI score
Exploits0References1
wpexploit
wpexploit
added 2019/02/26 12:0 a.m.22 views

Ultimate Membership Pro 7.4.2 <= 7.5 - Arbitrary media include

In addition to cropping/rotating/resizing an image of your choosing, you can abuse the imgUrl feature on versions that it's available on 7.4.2+ at least to make an HTTP request to any site you want. For example, by having it connect to a site you control, you can determine the IP address of the...

0.8AI score
Exploits0References2
wpexploit
wpexploit
added 2018/09/19 12:0 a.m.22 views

Localize My Post 1.0 - Unauthenticated Local File Inclusion (LFI)

The localize-my-post WordPress plugin was affected by an Unauthenticated Local File Inclusion LFI security vulnerability. http://www.example.com/wp-content/plugins/localize-my-post/ajax/include.php?file=../../../../../../../../../../etc/passwd...

5CVSS1.8AI score0.43722EPSS
Exploits2References3
wpexploit
wpexploit
added 2018/07/10 12:0 a.m.22 views

All In One Favicon <= 4.6 - Multiple Stored Authenticated XSS

Authenticated Stored Cross-Site Scripting XSS in 8 parameters: backendApple-Text backendGIF-Text backendICO-Text backendPNG-Text frontendApple-Text frontendGIF-Text frontendICO-Text frontendPNG-Text " "...

3.5CVSS2.5AI score0.02003EPSS
Exploits6References2
wpexploit
wpexploit
added 2018/01/24 12:0 a.m.22 views

Email Subscribers & Newsletters < 3.4.8 - Unauthenticated Subscriber Download

The Email Subscribers & Newsletters – Simple and Effective Email Marketing WordPress Plugin WordPress plugin was affected by an Unauthenticated Subscriber Download security vulnerability. POST /?es=export ... option=viewallsubscribers...

5CVSS3AI score0.03277EPSS
Exploits2References3
wpexploit
wpexploit
added 2017/11/21 12:0 a.m.22 views

Emag Marketplace Connector 1.0 - Unauthenticated Cross-Site Scripting (XSS)

The Emag Marketplace Connector WordPress plugin was affected by an Unauthenticated Cross-Site Scripting XSS security vulnerability. http://www.example.com/wp-content/plugins/emag-marketplace-connector/templates/order/awb-meta-box.php?post= "/alert"XSS"...

4.3CVSS1.3AI score0.05096EPSS
Exploits2References3
wpexploit
wpexploit
added 2017/11/03 12:0 a.m.22 views

Active Directory Integration <= 1.1.8 - Authenticated SQL Injection

Type user acces: administrator user. Target need have configured ldap and active. Path Request: /wp-content/plugins/active-directory-integration/syncback.php Line : 135 $result = $ADI-bulksyncback $GET'userid' ; $GET‘userid’ is not escaped. Path Method:...

2.2AI score
Exploits0References1
wpexploit
wpexploit
added 2017/10/20 12:0 a.m.22 views

Multiple Plugins - jQueryFileTree - Unauthenticated Path Traversal

Since no authentication or authorisation checks for direct access to the jqueryFileTree.php are made, the vulnerability allows for browsing the file system on a host out of an unauthenticated context. Even though no file content can be exfiltrated this way, "hidden" files e.g. in the web...

5CVSS1.9AI score0.57608EPSS
Exploits7References3
wpexploit
wpexploit
added 2017/07/07 12:0 a.m.22 views

WP Statistics <= 12.0.9 - Authenticated Cross-Site Scripting (XSS)

The WP Statistics WordPress plugin was affected by an Authenticated Cross-Site Scripting XSS security vulnerability. http://mywordpress.com/wp-admin/admin.php?page=wpsreferrerspage&rangeend=123123"alert1a a="...

4.3CVSS1AI score0.0076EPSS
Exploits1References2
wpexploit
wpexploit
added 2016/05/06 12:0 a.m.22 views

safe-editor <= 1.1 - Unauthenticated CSS/JS-injection

When saving JS/CSS in this plugin then both private and public ajax-hooks are being used. Because of this anyone can post JS/CSS that are saved to the db and printed to the head and footer portion of the page. In the file "index.php" in root folder on line 188 and 189 you can see that both privat...

4.3CVSS6.3AI score0.01506EPSS
Exploits2References1
wpexploit
wpexploit
added 2015/11/12 12:0 a.m.22 views

WP Fastest Cache <= 0.8.4.8 - Blind SQL Injection

According to the researcher, for this vulnerability to be present WP-Polls plugin also needs to be installed...

7.5CVSS0.5AI score0.02987EPSS
Exploits2References1
wpexploit
wpexploit
added 2015/09/14 12:0 a.m.22 views

PowerPress Podcasting < 6.0.5 - Authenticated Cross-Site Scripting (XSS)

By exploiting a Cross-site scripting vulnerability the attacker can hijack a logged in user’s session by stealing cookies. This means that the malicious hacker can change the logged in user’s password and invalidate the session of the victim while the hacker maintains access. 1. Logon into any...

3.5CVSS0.3AI score0.01183EPSS
Exploits2References2
wpexploit
wpexploit
added 2015/08/04 12:0 a.m.22 views

Ninja Forms <= 2.9.21 - Authenticated Reflected Cross-Site Scripting (XSS)

The Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress WordPress plugin was affected by an Authenticated Reflected Cross-Site Scripting XSS security vulnerability. http://www.example.com/wp-admin/admin.php?page=nf-processing&title=alert123;...

0.7AI score
Exploits0References2
wpexploit
wpexploit
added 2020/09/21 12:0 a.m.21 views

JobMonster < 4.6.6.1 - Directory Listing in Upload Folder

The JobMonster Theme was vulnerable to Directory Listing in the /wp-content/uploads/jobmonster/ folder, as it did not include a default PHP file, or .htaccess file. This could expose personal data such as people's resumes. Although Directory Listing can be prevented by securely configuring the we...

0.9AI score
Exploits0References1
wpexploit
wpexploit
added 2020/07/24 12:0 a.m.21 views

JobSearch < 1.5.6 - Unauthenticated Reflected XSS

An Unauthenticated Reflected XSS vulnerability was discovered in the JobSearch plugin v1.5.5 for WordPress. https://example.com/?%22%3E%3C%2Fa%3E%3C%2Fli%3E%3C%2Ful%3E%3Cscript%3Ealert%28%2FXSS%2F%29%3B%3C%2Fscript%3E=%3E...

1.2AI score
Exploits0References2
wpexploit
wpexploit
added 2020/07/08 12:0 a.m.21 views

Monalisa < 2.1.3 - Unauthenticated Reflected Cross-Site Scripting (XSS)

An Unauthenticated Reflected XSS vulnerability was discovered in the Monalisa theme through 2.1.2 for WordPress. https://example.com/reservation/?state=1%22--%3E%3Cimg%20src=x%20onerror=alertXSS;%3E...

1.4AI score
Exploits0References2
wpexploit
wpexploit
added 2020/06/03 12:0 a.m.21 views

JobSearch < 1.5.1 - Unauthenticated Reflected Cross-Site Scripting (XSS)

There is a Cross-Site Scripting vulnerability in the JobSearch plugin. https://eyecix.com/plugins/jobsearch/?searchtitle=%22%3E%3Cimg%20src%3Dx%20onerror%3Dalert%281%29%3E&ajaxfilter=true&posted=all&sort-by=recent...

1.1AI score
Exploits0References1
Total number of security vulnerabilities4359