Lucene search
K
WpexploitMost viewed

4359 matches found

wpexploit
wpexploit
added 2022/12/28 12:0 a.m.606 views

BruteBank - WP Security & Firewall < 1.9 - Settings Update via CSRF

The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged-in admin change them via a CSRF attack. POST /wp-admin/admin.php?page=brutebank-settings HTTP/1.1 publickey=site.a%22%2522aaaa%3Daaa&secretkey=aaa&update=Update...

6.5CVSS3.9AI score0.00332EPSS
Exploits2
wpexploit
wpexploit
added 2021/07/29 12:0 a.m.606 views

Splash Header < 1.20.8 - Authenticated Stored Cross-Site Scripting (XSS)

The plugin doesn't sanitise and escape some of its settings while outputting them in the admin dashboard, leading to an authenticated Stored Cross-Site Scripting issue. Put the following payload in the "Note title" and "Note message" settings of the plugin: "alert/XSS-Title/ and alert/XSS-Msg/ Th...

3.5CVSS5.2AI score0.006EPSS
Exploits2
wpexploit
wpexploit
added 2023/04/25 12:0 a.m.605 views

YARPP - Yet Another Related Posts Plugin < 5.30.3 - Subscriber+ SQLi

The plugin does not validate and escape some of its shortcode attributes before using them in SQL statement/s, which could allow any authenticated users, such as subscribers to perform SQL Injection attacks. Run the below command in the developer console of the web browser while being on the blog...

7.5AI score0.0094EPSS
Exploits2
wpexploit
wpexploit
added 2021/12/15 12:0 a.m.605 views

Image Hover Effects Ultimate < 9.7.0 - Unauthenticated Arbitrary Option Update

The plugin does not have any authorisation in its REST API endpoint, one of them could allow unauthenticated attackers to update arbitrary blog options. The original report mentioned the issue being fixed in 9.6.2, however it was still possible for attackers to exploit it and proper remediation h...

9.8CVSS1.2AI score0.0674EPSS
Exploits1
wpexploit
wpexploit
added 2022/03/21 12:0 a.m.603 views

Podcast Importer SecondLine < 1.3.8 - Admin+ SQLi

The plugin does not sanitise and properly escape some imported data, which could allow SQL injection attacks to be performed by imported a malicious podcast file Put the XML below on a web server replacing the PAYLOAD with the correct one, then import a podcast...

7.2CVSS7.3AI score0.01461EPSS
Exploits2References1
wpexploit
wpexploit
added 2021/06/04 12:0 a.m.603 views

GeoDirectory Location Manager < 2.1.0.10 - Multiple Unauthenticated SQL Injections

In the plugin, the AJAX action gdpopularlocationlist did not properly sanitise or validate some of its POST parameters, which are then used in a SQL statement, leading to unauthenticated SQL Injection issues. The prerequisite to exploiting this vulnerability is finding a page on the vulnerable si...

9.8CVSS0.1AI score0.01832EPSS
Exploits2References1
wpexploit
wpexploit
added 2021/05/31 12:0 a.m.602 views

FooGallery < 2.0.35 - Authenticated Stored Cross-Site Scripting

In the plugin, the Custom CSS field of each gallery is not properly sanitised or validated before being being output in the page where the gallery is embed, leading to a stored Cross-Site Scripting issue. Create or edit a gallery and add the following payload in the Custom CSS field: Then, view t...

5.4CVSS0.2AI score0.00624EPSS
Exploits2
wpexploit
wpexploit
added 2021/04/19 12:0 a.m.602 views

Ultimate Maps by Supsystic < 1.2.5 - Reflected Cross-Site scripting (XSS)

The plugin did not sanitise the tab parameter of its options page before outputting it in an attribute, leading to a reflected Cross-Site Scripting issue /wp-admin/admin.php?page=ultimate-maps-supsystic&tab="onmouseover=alert1//...

4.3CVSS1.5AI score0.17638EPSS
Exploits5
wpexploit
wpexploit
added 2022/12/29 12:0 a.m.601 views

Passster < 3.5.5.9 - Protection Bypass & Arbitrary Post Access

The plugin does not properly check for password, as well as that the post to be viewed is public, allowing unauthenticated users to bypass the protection offered by the plugin, and access arbitrary posts such as private content, by sending a specifically crafted request. The nonce can be retrieve...

7.5CVSS0.8AI score0.00818EPSS
Exploits2
wpexploit
wpexploit
added 2021/10/19 12:0 a.m.599 views

Advanced Access Manager < 6.8.0 - Admin+ Stored Cross-Site Scripting

The plugin does not escape some of its settings when outputting them, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed Put the following payload in any of the plugin's settings with a text input: - v alert/XSS/ - v...

4.8CVSS0.1AI score0.00654EPSS
Exploits2References1
wpexploit
wpexploit
added 2021/09/13 12:0 a.m.599 views

Quiz And Survey Master < 7.3.2 - Admin+ Stored Cross-Site Scripting

The plugin does not escape the Quiz Url Slug setting before outputting it in some pages, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed Put the following payload in the Quiz Url Slug setting: "alert/XSS/ Create ...

4.8CVSS0.2AI score0.00603EPSS
Exploits2
wpexploit
wpexploit
added 2021/09/06 12:0 a.m.599 views

Appointment Hour Booking < 1.3.16 - Authenticated Stored Cross-Site Scripting

The plugin does not escape some of the Calendar Form settings, allowing high privilege users to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. Create a new Calendar Appointment Hour Booking Add new Put the following payload in the Form Settings...

4.8CVSS0.2AI score0.00598EPSS
Exploits2
wpexploit
wpexploit
added 2021/06/07 12:0 a.m.599 views

WP Google Maps < 8.1.12 - Authenticated Stored Cross-Site Scripting (XSS)

The plugin did not sanitise, validate of escape the Map Name when output in the Map List of the admin dashboard, leading to an authenticated Stored Cross-Site Scripting issue Note: The vendor attributed the issue in the changelog to the wrong reporter us, WPScan, as we reported it on behalf of th...

5.4CVSS5.2AI score0.02339EPSS
Exploits5
wpexploit
wpexploit
added 2022/12/12 12:0 a.m.598 views

WP Cerber < 9.3.3 - User Enumeration Bypass via Rest API

The plugin does not properly block access to the REST API users endpoint when the blog is in a subdirectory, which could allow attackers to bypass the restriction in place and list users When the "Block access to users' data via REST API" settings is enabled...

5.3CVSS1.5AI score0.00671EPSS
Exploits2
wpexploit
wpexploit
added 2021/08/25 12:0 a.m.598 views

Block and Stop Bad Bots < 6.62 - Reflected Cross-Site Scripting

The plugin does not escape the page parameter before outputting it back in attributes, leading to a Reflected Cross-Site Scripting issues POST /wp-admin/admin.php?page=sbbmy-custom-submenu-page HTTP/1.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/;q=0.8...

0.1AI score
Exploits0
wpexploit
wpexploit
added 2021/07/19 12:0 a.m.598 views

Vik Rent Car < 1.1.10 - Authenticated Stored Cross-Site Scripting (XSS)

The plugin does not sanitise the 'Text Next to Icon' field when adding or editing a Characteristic, allowing high privilege users such as admin to use XSS payload in it, leading to an authenticated Stored Cross-Site Scripting issue Add or Edit a Characteristic...

3.5CVSS0.6AI score0.00613EPSS
Exploits2
wpexploit
wpexploit
added 2021/05/26 12:0 a.m.598 views

Gallery From Files <= 1.6.0 - Unauthenticated RCE

The upload feature of the plugin does not properly check for the allowed extensions, allowing them to be set in the request and attempting to remove the dangerous ones such as .php and .js, but forgetting about .php4, .html etc. As a result, unauthenticated users could upload arbitrary .php4 file...

0.2AI score
Exploits0
wpexploit
wpexploit
added 2020/08/20 12:0 a.m.598 views

WP Customer Reviews < 3.4.3 - Multiple Unauthenticated and Low Priv Authenticated Stored XSS

Multiple stored cross-site scripting vulnerabilities in WP Customer Reviews 3.4.2 and lower allow remote attackers to inject arbitrary JavaScript code or HTML. If WP Customer Reviews is enabled on a page, an unauthenticated attacker can exploit XSS via review form's parameters: - Reviewer Name -...

0.3AI score0.01085EPSS
Exploits2
wpexploit
wpexploit
added 2021/08/24 12:0 a.m.597 views

SMTP Mail < 1.2 - Reflected Cross-Site Scripting (XSS)

The plugin does not escape its page parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting issue alert/XSS/' /...

Exploits0
wpexploit
wpexploit
added 2021/08/23 12:0 a.m.597 views

OMGF < 4.5.4 - Unauthenticated Path Traversal in REST API

The plugin does not escape or validate the handle parameter of the REST API, which allows unauthenticated users to perform path traversal and overwrite arbitrary CSS file with Google Fonts CSS, or download fonts uploaded on Google Fonts website. Access the URL below as unauthenticated...

9.1CVSS9.5AI score0.01762EPSS
Exploits2
wpexploit
wpexploit
added 2022/12/27 12:0 a.m.596 views

CBX Petition for WordPress <= 1.0.3 - Unauthenticated SQLi

The plugin does not properly sanitize and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection. 1. Create and publish a new petition. 2. Invoke the following curl command, with the nonce in place, to induce a...

9.8CVSS1.3AI score0.01037EPSS
Exploits2
wpexploit
wpexploit
added 2022/10/10 12:0 a.m.596 views

Ocean Extra < 2.0.5 - Admin+ PHP Objection Injection

The plugin unserialises the content of an imported file, which could lead to PHP object injections issues when a high privilege user import intentionally or not a malicious Customizer Styling file and a suitable gadget chain is present on the blog. To simulate a gadget chain, put the following co...

7.2CVSS0.4AI score0.01126EPSS
Exploits2
wpexploit
wpexploit
added 2022/12/28 12:0 a.m.594 views

Meteor Slides < 1.5.7 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. meteorslidesh...

5.4CVSS0.6AI score0.00534EPSS
Exploits2
wpexploit
wpexploit
added 2023/03/06 12:0 a.m.593 views

Formidable Forms < 6.1 - IP Spoofing

The plugin uses several potentially untrusted headers to determine the IP address of the client, leading to IP Address spoofing and bypass of anti-spam protections. 1. In WordPress's Settings Discussion page, add your IP address to the Disallowed Comment Keys field. This will block form submissio...

6.5CVSS7AI score0.00498EPSS
Exploits2
wpexploit
wpexploit
added 2021/07/19 12:0 a.m.593 views

My Site Audit <= 1.2.4 - Authenticated Stored Cross-Site Scripting (XSS)

The plugin does not sanitise or escape the Audit Name field when creating an audit, allowing high privilege users to set JavaScript payloads in them, even when he unfilteredhtml capability is disallowed, leading to an authenticated Stored Cross-Site Scripting issue Create an audit with the...

3.5CVSS0.1AI score0.00656EPSS
Exploits2
wpexploit
wpexploit
added 2022/12/12 12:0 a.m.592 views

Wholesale Market for WooCommerce < 2.0.0 - Admin+ Arbitrary Log Download

The plugin does not validate user input against path traversal attacks, allowing high privilege users such as admin to download arbitrary logs from the server even when they should not be able to for example in multisite First call...

2.7CVSS1.6AI score0.00705EPSS
Exploits2
wpexploit
wpexploit
added 2021/07/19 12:0 a.m.592 views

Photo Gallery < 1.5.79 - Stored XSS via Uploaded SVG in Zip

The plugin did not ensure that uploaded SVG files inside a Zipped archive added to a gallery do not contain malicious content. As a result, users allowed to add images to gallery can upload an SVG file containing JavaScript code, which will be executed when accessing the image directly ie in the...

0.3AI score
Exploits0
wpexploit
wpexploit
added 2022/08/22 12:0 a.m.591 views

WBW Currency Switcher for WooCommerce < 1.6.6 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup In the plugin's settings WooCommerce Settings...

4.8CVSS4.7AI score0.00475EPSS
Exploits2
wpexploit
wpexploit
added 2021/08/23 12:0 a.m.591 views

Limit Login Attempts < 4.0.50 - Unauthenticated Stored Cross-Site Scripting

The plugin does not escape the IP addresses which can be controlled by attacker via headers such as X-Forwarded-For of attempted logins before outputting them in the reports table, leading to an Unauthenticated Stored Cross-Site Scripting issue. POST /wp-login.php HTTP/1.1 Accept:...

6.1CVSS0.6AI score0.0157EPSS
Exploits2
wpexploit
wpexploit
added 2022/02/14 12:0 a.m.590 views

Video Conferencing with Zoom < 3.8.17 - E-mail Address Disclosure

The plugin does not have authorisation in its vczapigetwpusers AJAX action, allowing any authenticated users, such as subscriber to download the list of email addresses registered on the blog Open the following URL as a subscriber: https://example.com/wp-admin/admin-ajax.php?action=vczapigetwpuse...

4.3CVSS1.8AI score0.0099EPSS
Exploits2References1
wpexploit
wpexploit
added 2021/09/21 12:0 a.m.590 views

Game Server Status <= 1.0 - Admin+ SQL Injection

The plugin does not validate or escape the serverid parameter before using it in SQL statement, leading to an Authenticated SQL Injection in an admin page sqlmap -u "https://example.com/wp-admin/admin.php?page=grohsfabian-add-game-servers&serverid=1" -p serverid --dbms mysql --cookie your cookie...

7.2CVSS1.6AI score0.013EPSS
Exploits2
wpexploit
wpexploit
added 2021/08/16 12:0 a.m.589 views

Afterpay Gateway for WooCommerce < 3.2.1 - Reflected Cross-Site Scripting

The plugin has sample files form the https://github.com/afterpay/sdk-php library, which do not escape some parameters before outputting them in attributes, leading to Reflected Cross-Site Scripting issues...

0.8AI score
Exploits0
wpexploit
wpexploit
added 2021/03/31 12:0 a.m.589 views

Realteo < 1.2.4 - Unauthenticated Reflected Cross-Site Scripting (XSS)

The plugin, used by the Findeo Theme, did not properly sanitise the keywordsearch, searchradius. bedrooms and bathrooms GET parameters before outputting them in its properties page, leading to an unauthenticated reflected Cross-Site Scripting issue...

4.3CVSS1.4AI score0.06298EPSS
Exploits2References3
wpexploit
wpexploit
added 2021/01/29 12:0 a.m.589 views

Modern Events Calendar Lite < 5.16.5 - Authenticated Stored Cross-Site Scripting (XSS)

The plugin did not sanitise the miccomment field Notes on time when adding/editing an event, allowing users with privilege as low as author to add events with a Cross-Site Scripting payload in them, which will be triggered in the frontend when viewing the event. Edit WPScanTeam January 22nd, 2021...

0.1AI score0.00748EPSS
Exploits2
wpexploit
wpexploit
added 2022/09/26 12:0 a.m.588 views

Frontend File Manager < 21.4 - File Upload via CSRF

The plugin does not have CSRF check when uploading files, which could allow attackers to make logged in users upload files on their behalf The file won't show up via the frontend/backend, but will be uploaded in the user folder ie in wp-content/uploads/useruploads//payload.pdf...

4.3CVSS0.9AI score0.00267EPSS
Exploits2
wpexploit
wpexploit
added 2022/02/15 12:0 a.m.588 views

Photo Gallery by 10Web < 1.6.0 - Unauthenticated SQL Injection

The plugin does not validate and escape the bwgtagidbwgthumbnails0 parameter before using it in a SQL statement via the bwgfrontenddata AJAX action available to unauthenticated and authenticated users, leading to an unauthenticated SQL injection...

9.8CVSS3AI score0.74615EPSS
Exploits4References1
wpexploit
wpexploit
added 2021/10/05 12:0 a.m.588 views

Simple Download Monitor < 3.9.6 - Unauthenticated Log Access

The plugin saves logs in a predictable location, and does not have any authentication or authorisation in place to prevent unauthenticated users to download and read the logs containing Sensitive Information such as IP Addresses and Usernames...

7.5CVSS0.1AI score0.01625EPSS
Exploits2
wpexploit
wpexploit
added 2021/09/07 12:0 a.m.588 views

WP Sitemap Page < 1.7.0 - Admin+ Stored Cross Site Scripting

The plugin does not properly sanitise and escape some of its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. Put the following payloads in the mentioned settings of the plugin: - How to display the pos...

4.8CVSS4.7AI score0.00622EPSS
Exploits2References1
wpexploit
wpexploit
added 2022/11/10 12:0 a.m.587 views

Clerk < 4.0.0 - Authentication Bypass and API Keys Disclosure

The plugin is affected by time-based attacks in the validation function for all API requests due to the usage of comparison operators to verify API keys against the ones stored in the site options. - Install the plugin and set the API creds to: - Key:...

7.5CVSS1.7AI score0.00881EPSS
Exploits2
wpexploit
wpexploit
added 2022/09/26 12:0 a.m.586 views

Frontend File Manager < 21.4 - Arbitrary Settings Update via CSRF

The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack. As the plugin does not validate the allowed file type, this could lead to attackers making admins allowing PHP file to be uploaded by any...

2.2AI score
Exploits0
wpexploit
wpexploit
added 2022/08/22 12:0 a.m.586 views

Classima < 2.1.11 - Reflected Cross-Site Scripting

The theme and some of its required plugins do not escape a parameter before outputting it back in attributes, leading to Reflected Cross-Site Scripting https://example.com/all-ads/?q="+onmouseover%3Dalert%281%29+id%3Dx+tabindex%3D0+style%3Ddisplay%3Ablock The XSS will be triggered when the user...

6.1CVSS0.6AI score0.00491EPSS
Exploits2
wpexploit
wpexploit
added 2021/09/28 12:0 a.m.586 views

Cool Tag Cloud < 2.26 - Contributor+ Stored Cross-Site Scripting

The plugin does not escape the style attribute of the cooltagcloud shortcode, which could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks. cooltagcloud style='" style="animation-name:twentytwentyone-close-button-transition" onanimationend="alert/XSS/'...

5.4CVSS2.1AI score0.00629EPSS
Exploits2
wpexploit
wpexploit
added 2021/09/06 12:0 a.m.585 views

Bitcoin / AltCoin Payment Gateway for WooCommerce < 1.6.1 - Reflected Cross-Site Scripting

The plugin does not escape the 's' GET parameter before outputting back in the All Masking Rules page, leading to a Reflected Cross-Site Scripting issue https://example.com/wp-admin/admin.php?page=cs-woo-altcoin-all-coins&s="alert/XSS/...

6.1CVSS0.9AI score0.008EPSS
Exploits2
wpexploit
wpexploit
added 2021/07/01 12:0 a.m.585 views

Cooked < 1.7.9.1- Unauthenticated Reflected Cross-Site Scripting (XSS)

The plugin was vulnerable to Unauthenticated Reflected Cross-Site Scripting XSS. For clarification, this vulnerability is separate to the similar vulnerability CVE-2021-24233. The PoC will be displayed once the issue has been remediated...

0.6AI score0.01749EPSS
Exploits3References2
wpexploit
wpexploit
added 2022/01/12 12:0 a.m.584 views

WP Ultimate CSV Importer < 6.4.1 - Subscriber+ Arbitrary File Upload

The plugin does not have authorisation and CSRF checks when uploading zip files via the zipupload AJAX call, and does not perform any check on the files to be extracted. As a result, any authenticated user, such as subscriber could upload an archive with PHP files in it, leading to RCE As any...

7.2AI score
Exploits0References1
wpexploit
wpexploit
added 2021/04/03 12:0 a.m.584 views

WPBakery Page Builder Clipboard < 4.5.6 - Subscriber+ Stored Cross-Site Scripting (XSS)

An AJAX action registered by the plugin did not have capability checks nor sanitization, allowing low privilege users subscriber+ to call it and set XSS payloads, which will be triggered in all backend pages. Version 4.5.6 fixed the XSS issue with sanitization of the parameters, but did not fix t...

0.4AI score0.00703EPSS
Exploits2References1
wpexploit
wpexploit
added 2022/06/02 12:0 a.m.583 views

WP Ultimate CSV Importer < 6.5.3 - Admin+ Blind SSRF

The plugin does not fully validate the file to be imported via an URL before making an HTTP request to it, which could allow high privilege users such as admin to perform Blind SSRF attacks Put an internal/LAN URL such as below in the file upload by URL function https://127.0.0.1:8080...

7.2CVSS1.3AI score0.0126EPSS
Exploits2
wpexploit
wpexploit
added 2022/04/13 12:0 a.m.583 views

BadgeOS <= 3.7.0 - Unauthenticated SQLi

The plugin does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action, leading to an SQL Injection exploitable by unauthenticated users curl 'https://example.com/wp-admin/admin-ajax.php' --data 'action=get-achievements&totalonly=true&userid=11 AND SELECT 9628...

9.8CVSS2.2AI score0.11725EPSS
Exploits2
wpexploit
wpexploit
added 2021/12/20 12:0 a.m.583 views

Tabs < 3.6.0 - Unauthenticated Arbitrary Option Update

The plugin does not have any authorisation in its REST API endpoint, one of them could allow unauthenticated attackers to update arbitrary blog options...

2AI score
Exploits0References2
wpexploit
wpexploit
added 2021/08/24 12:0 a.m.581 views

Recipe Card Blocks < 2.8.3 - Contributor+ Stored Cross-Site Scripting

The plugin does not properly sanitise or escape some of the properties of the Recipe Card Block such as ingredientsLayout, iconSet, steps, ingredients, recipeTitle, or settings, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks. As a...

5.4CVSS5.3AI score0.00604EPSS
Exploits2
Total number of security vulnerabilities4359