Lucene search
K
WpexploitMost viewed

4359 matches found

wpexploit
wpexploit
added 2020/05/26 12:0 a.m.21 views

Form Maker by 10Web < 1.13.36 - Authenticated SQL Injection

Authenticated admin+ SQL injection in the Form Maker by 10Web WordPress Plugin 1.13.35 exists via the /wordpress/wp-admin/admin.php?page=blockedipsfm=1" s parameter. Edit WPScanTeam: - Initial reported version 5.4.1 does not exist, confirmed to be 1.13.35 by researcher - May 25th, 2020 - details...

1.3AI score
Exploits0References1
wpexploit
wpexploit
added 2020/05/07 12:0 a.m.21 views

Iframe < 4.5 - Authenticated Stored Cross Site Scripting (XSS)

The iframe plugin before 4.5 does not sanitize a URL. iframe src="javascript:alertdocument.cookie" width="100%" height="500"...

4.3CVSS0.9AI score0.02006EPSS
Exploits1
wpexploit
wpexploit
added 2020/04/13 12:0 a.m.21 views

Media Library Assistant < 2.82 - Unauthenticated Limited Local File Inclusion

The Media Library Assistant plugin before 2.82 for WordPress suffers from a Local File Inclusion vulnerability in mlagallery link=download. The LFI is restricted to the "wp-content" directory...

5CVSS2AI score0.04917EPSS
Exploits4References3
wpexploit
wpexploit
added 2020/04/03 12:0 a.m.21 views

WP Last Modified Info < 1.6.6 - Authenticated Stored XSS

When saving a new campaign, a user with administrator capabilities can store scripts in the plugin's options. The code can then be executed on every page or post on the website. An administrator can store scripts in the "Custom Message to Display on Posts" text input field. Reason for this was...

Exploits0References1
wpexploit
wpexploit
added 2019/12/22 12:0 a.m.21 views

Rencontre <= 3.2.2 - Multiple CSRF

The plugins is affected by multiple CSRF issues, allowing arbitrary changes of the plugin's settings. November 3rd, 2019 - WordPress Plugin Team Notified November 5th, 2019 - WP Plugins Team acknowledgments of the issue. December 2nd, 2019 - v3.2.2 released, none of the CSRF have been fixed as th...

0.7AI score
Exploits0References1
wpexploit
wpexploit
added 2019/09/08 12:0 a.m.21 views

Nexos - Real Estate < 1.6.1 - SQL Injection & Persistent XSS

----- SQL Injection: ----- Vulnerable 'id' parameter is https://listing-themes.com/nexos-wp/wp-admin/admin.php?page=ownlistingaddlisting=8 ----- Persistent XSS: ----- You need a new user account, then go to any property listing on the website and use «ENQUIRY FORM» on the right sidebar...

8.1AI score
Exploits0References1
wpexploit
wpexploit
added 2019/07/09 12:0 a.m.21 views

Appointment Hour Booking <= 1.1.45 - Stored Cross-Site Scripting (XSS)

It is possible for an unauthenticated user to inject malicious JavaScript into a booking form, which will then be executed when an authenticated user views the booking in the WordPress admin interface. POST /booking-form/ HTTP/1.1 Host: test.local User-Agent: Mozilla/5.0 Macintosh; Intel Mac OS X...

4.3CVSS6.2AI score0.01376EPSS
Exploits2References3
wpexploit
wpexploit
added 2019/02/05 12:0 a.m.21 views

Blog2Social <= 5.0.2 - Authenticated Cross-Site Scripting (XSS)

The Blog2Social: Social Media Auto Post & Scheduler WordPress plugin was affected by an Authenticated Cross-Site Scripting XSS security vulnerability. http://example.com/wp-admin/admin.php?page=blog2social-ship&postId=70&b2saction=1&b2supdatepublishdate='"...

4.3CVSS1.4AI score0.01408EPSS
Exploits2References3
wpexploit
wpexploit
added 2018/09/17 12:0 a.m.21 views

File Manager < 3.1 - CSRF to Stored Cross-Site Scripting

The plugin is lacking CSRF as well as sanitisation checks, allowing attackers to perform CSRF attacks against logged in administrators and set an XSS payload in the publicpath setting...

6.8CVSS1.1AI score0.01365EPSS
Exploits3References1
wpexploit
wpexploit
added 2018/08/26 12:0 a.m.21 views

Gift Voucher <= 4.1.1 - Unauthenticated Blind SQL Injection

The wpgvdoajaxfronttemplate AJAX action both authenticated and unauthenticated, defined in the front.php does not sanitised, validate or escape the templateid parameter before using it in a SQL statement, leading to a SQL Injection issue. This has been present since at least 1.0.5 v4.1.0 tried to...

7.5CVSS0.9AI score0.49918EPSS
Exploits2References1
wpexploit
wpexploit
added 2017/11/03 12:0 a.m.21 views

JTRT Responsive Tables <= 4.1 – Authenticated SQL Injection

Type user access: single user. $POST‘tableId’ is not escaped. File / Code: Path: /wp-content/plugins/jtrt-responsive-tables/admin/class-jtrt-responsive-tables-admin.php Line : 183 $getTableId = $POST'tableId'; ... $retrievedata = $wpdb-getresults "SELECT FROM $jtrttablesname WHERE jttableIDD = "...

6.5CVSS0.01911EPSS
Exploits2References1
wpexploit
wpexploit
added 2017/08/07 12:0 a.m.21 views

Pressforward <= 5.2.3 - Reflected Cross-Site Scripting (XSS)

The plugin does not sanitise the $SERVER'QUERYSTRING' before outputting it back in the page, leading to a reflected Cross-Site Scripting issue. The issue was initially reported in v4.3.0 but was never fixed, and is still affecting v5.2.3...

4.3CVSS0.7AI score0.00757EPSS
Exploits1References1
wpexploit
wpexploit
added 2017/07/30 12:0 a.m.21 views

WP Live Chat Support < 7.1.05 - Cross-Site Scripting (XSS)

WP Live Chat Support is vulnerable by sending XSS payloads through chat...

4.3CVSS0.6AI score0.00915EPSS
Exploits1References1
wpexploit
wpexploit
added 2017/07/21 12:0 a.m.21 views

WordPress Plugin IBPS Online Exam <= 1.0 - Authenticated SQL Injection / Cross-Site Scripting

Exploit Author: 8bitsec Contact Author: https://twitter.com/8bitsec Stored XSS on exam input textfields and Blind SQL Injection on 'examappUserResult' page 'id' parameter. Authenticated Stored XSS: Logged as a student: Write the payload in the input textfields while attempting an exam. The payloa...

6.5CVSS0.1AI score0.01576EPSS
Exploits3
wpexploit
wpexploit
added 2017/04/10 12:0 a.m.21 views

Slideshow Gallery <= 1.6.5 - Multiple Authenticated Cross-Site Scripting (XSS)

The Slideshow Gallery WordPress plugin was affected by a Multiple Authenticated Cross-Site Scripting XSS security vulnerability. http://vulnerablesite.com/wp-admin/admin.php?page=slideshowgalleries&method=view&id=1%5C%22%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E...

4.3CVSS1.7AI score0.00844EPSS
Exploits1References2
wpexploit
wpexploit
added 2017/04/04 12:0 a.m.21 views

WordPress Ad Widget <= 2.11.0 - Authenticated Local File Inclusion (LFI)

The WordPress Ad Widget WordPress plugin was affected by an Authenticated Local File Inclusion LFI security vulnerability. http://www.example.com/wp-content/plugins/ad-widget/views/modal/index.php?step=php://filter/convert.base64-encode/resource=../wp-config...

1.6AI score
Exploits0References1
wpexploit
wpexploit
added 2016/08/22 12:0 a.m.21 views

Akal Theme - Reflected Cross-Site Scripting (XSS)

The premium theme, Akal, suffers from a Reflected Cross-Site Scripting XSS vulnerability in the preview.php file located in framework/brad-shortcodes/tinymce...

4.3CVSS1.5AI score0.0102EPSS
Exploits2References1
wpexploit
wpexploit
added 2016/03/15 12:0 a.m.21 views

Nextend Facebook Connect <= 1.5.7 - Cross-Site Request Forgery (CSRF)

The Nextend Social Login and Register WordPress plugin was affected by a Cross-Site Request Forgery CSRF security vulnerability...

2.2AI score
Exploits0References1
wpexploit
wpexploit
added 2015/08/04 12:0 a.m.21 views

Altos Connect Widget <= 1.3.0 - Unauthenticated Cross-Site Scripting (XSS)

The altos-connect WordPress plugin was affected by an Unauthenticated Cross-Site Scripting XSS security vulnerability. http://www.example.com/wp-content/plugins/altos-connect/jquery-validate/demo/demo/captcha/index.php/"alert1...

4.3CVSS1AI score0.01103EPSS
Exploits2References1
wpexploit
wpexploit
added 2015/06/08 12:0 a.m.21 views

Easy2Map <= 1.24 - SQL Injection

The Function.php file uses sprintf to format queries being sent to the database, this doesn't provide proper sanitisation of user input or properly parameterises the query. $ sqlmap -u 'http://www.example.com/wp-admin/admin-ajax.php'...

7.5CVSS2.3AI score0.105EPSS
Exploits5References3
wpexploit
wpexploit
added 2015/04/28 12:0 a.m.21 views

rtMedia for WordPress, BuddyPress & bbPress 3.7.39 - SQL Injection

When initialized, the rtMedia will include and instantiate certain classes if BuddyPress is installed. One of these classes is RTMediaActivityUpgrade, contained within the file ‘app/importers/RTMediaActivityUpgrade.php’. This class is instantiated in the file ‘admin/RTMediaAdmin.php,’ line 110, i...

1.3AI score
Exploits0References1
wpexploit
wpexploit
added 2015/04/22 12:0 a.m.21 views

Ultimate Product Catalogue <= 3.1.1 - Unauthenticated File Upload

By sending a specially-crafted HTTP POST request, a remote unauthenticated attacker can exploit this issue to upload arbitrary file and execute it in the context of the web server process. curl -v -k -X POST -F "ProductsSpreadsheet=@./backdoor.php"...

2AI score
Exploits0References2
wpexploit
wpexploit
added 2015/04/07 12:0 a.m.21 views

All In One WP Security & Firewall <= 3.9.0 - Blind SQL Injection

There are some pages which use the WordPress escsql function incorrectly. http://www.example.com/wp-admin/admin.php?page=aiowpsec&tab=tab3&orderby=userid,select from selectsleep30a&order=asc...

7.5CVSS1.3AI score0.01869EPSS
Exploits1References3
wpexploit
wpexploit
added 2014/12/07 12:0 a.m.21 views

ChurcHope Theme <= 2.1 - Local File Inclusion (LFI)

The vulnerability is caused by improper filtration of user-supplied input passed via the 'file' HTTP GET parameter to the '/lib/downloadlink.php' script, which is publicly accessible. http://www.example.com/wp-content/themes/churchope/lib/downloadlink.php?file=../../../../wp-config.php...

0.8AI score
Exploits0References2
wpexploit
wpexploit
added 2014/08/01 12:0 a.m.21 views

Tera Charts 0.1 - Unauthenticated Remote Path Traversal File Disclosure

The tera-charts WordPress plugin was affected by an Unauthenticated Remote Path Traversal File Disclosure security vulnerability. http://www.example.com/wp-content/plugins/tera-charts/charts/treemap.php?fn=../../../../wp-config.php...

5CVSS2.1AI score0.18734EPSS
Exploits2References2
wpexploit
wpexploit
added 2013/11/29 12:0 a.m.21 views

OptimizePress Theme < 1.6 - Unauthenticated Arbitrary File Upload

The OptimizePress premium WordPress theme was vulnerable to Unauthenticated Arbitrary File Upload, which could allow unauthenticated attackers to compromise a WordPress site. This vulnerability has been seen exploited in the wild. The affected file was:...

6.8CVSS1.4AI score0.14802EPSS
Exploits3References2
wpexploit
wpexploit
added 2020/07/27 12:0 a.m.20 views

Real Estate 7 < 3.0.4 - Unauthenticated Reflected XSS

An Unauthenticated Reflected XSS vulnerability was discovered in the Real Estate 7 theme v3.0.2 and v3.0.3 for WordPress. 3.0.3 - https://example.com/?ctkeyword=%22%3E%3Cimg%20src%20onerror%3Dalert%28%2FXSS%2F%29%3E 3.0.4 -...

2AI score
Exploits0References2
wpexploit
wpexploit
added 2020/07/18 12:0 a.m.20 views

Email Subscribers & Newsletters < 4.5.1 - Authenticated SQL injection in es_newsletters_settings_callback()

An authenticated high privilege attacker could exploit this issue an gain access to the DBMS. import requests import time import sys def loginurl, username, password: wplogin = "%s/wp-login.php" % url wpadmin = "%s/wp-admin/" % url s = requests.Session headers = 'Cookie':'wordpresstestcookie=WP...

4CVSS2.2AI score0.01966EPSS
Exploits2References1
wpexploit
wpexploit
added 2020/07/03 12:0 a.m.20 views

CareerUp < 2.3.1 - Unauthenticated Reflected Cross-Site Scripting

There are unauthenticated reflected Cross-Site Scripting XSS vulnerabilities in CareerUp theme, via the filter parameters. Edit WPScanTeam May 27th, 2020 - Vendor Contacted by Original Submitter. May 29th, 2020 - v2.3.0 Released. Unclear if issue fixed. June 18th, 2020 - Another submitter Vlad...

1.1AI score
Exploits0References1
wpexploit
wpexploit
added 2020/06/19 12:0 a.m.20 views

Travel Booking < 2.8.2 - Unauthenticated Reflected XSS

Unauthenticated Reflected XSS vulnerability was discovered in the «Travel Booking WordPress Theme», tested version — v2.8.1. Edit WPScanTeam June 17th, 2020 - Confirmed & Escalated to Envato. June 18th, 2020 - v2.8.2 released, fixing the issue...

1.8AI score
Exploits0References2
wpexploit
wpexploit
added 2020/06/19 12:0 a.m.20 views

CityBook < 2.4.4 - Unauthenticated Reflected XSS

Unauthenticated Reflected XSS vulnerability was discovered in the «CityBook - Directory & Listing WordPress Theme», tested version — v2.4.3. Edit WPScanTeam June 17th, 2020 - Confirmed & Escalated to Envato June 18th, 2020 - v2.4.4 released, fixing the issue...

1.7AI score
Exploits0References1
wpexploit
wpexploit
added 2020/02/25 12:0 a.m.20 views

Hero Maps Premium < 2.2.3 - Unauthenticated Reflected Cross-Site Scripting (XSS)

The hmapsprem WordPress plugin was affected by an Unauthenticated Reflected Cross-Site Scripting XSS security vulnerability...

4.3CVSS0.9AI score0.05651EPSS
Exploits2References2
wpexploit
wpexploit
added 2020/02/24 12:0 a.m.20 views

Ultimate Membership Pro < 8.7 - Cross-Site Request Forgery allowing Arbitrary Account Deletion and Creation

While confirming the issues from https://wpvulndb.com/vulnerabilities/10086 have been remediated, two CSRF issues were identified, allowing attackers to make logged in administrator delete arbitrary accounts, as well as create a new administrator account. Other CSRF may be present but haven't bee...

0.5AI score
Exploits0References2
wpexploit
wpexploit
added 2020/01/15 12:0 a.m.20 views

ListingPro < 2.5.4 - Unauthenticated Reflected Cross-Site Scripting

Reflected XSS was discovered in the «ListingPro - WordPress Directory Theme», tested version — v2.5.3 Edit - WPScanTeam: January 13th, 2020 - Report Received & Envato Contacted January 13th, 2020 - Envato Investigating January 15th, 2020 - Theme updated, v2.5.4, fixing the issue ----- Info: -----...

0.6AI score
Exploits0References1
wpexploit
wpexploit
added 2019/12/19 12:0 a.m.20 views

301 Redirects - Easy Redirect Manager <= 2.40 - Authenticated Arbitrary Redirect Injection and Modification, XSS, and CSRF

The weaknesses allow for any authenticated user, even subscribers, to modify, delete, and inject redirect rules that could potentially result in a loss of site availability, in addition to XSS and CSRF. " /...

6CVSS1.6AI score0.00859EPSS
Exploits2References1
wpexploit
wpexploit
added 2019/10/25 12:0 a.m.20 views

About Author <= 1.3.9 - Authenticated Stored Cross-Site Scripting (XSS)

Wordpress About Author plugin with a version lower or equal with 1.3.9 is affected by an authenticated Stored Cross-site scripting XSS vulnerability. Stored Cross-site scripting XSS: - Using an Wordpress user, access /wp-admin/post-new.php?posttype=aboutauthor About Author Add new - Insert in...

0.1AI score
Exploits0References1
wpexploit
wpexploit
added 2019/07/11 12:0 a.m.20 views

School Management < 57.0 - CSRF and Stored XSS

CSRF and Stored XSS Cross Site Scripting Edit WPScanTeam: June 17th - Issue Reported to Envato June 17th - Envato Support confirmed they are investigating the issue June 28th - New version released, fixing the XSS but not the CSRF. Envato notified July 5th - Demo fixed, new version to be released...

1.1AI score
Exploits0References1
wpexploit
wpexploit
added 2019/04/18 12:0 a.m.20 views

CarSpot Theme <= 2.1.6 - Authenticated Stored XSS

Bad input field data filtering has been discovered in the 'CarSpot – Automotive Car Dealer Wordpress Classified Theme'. Current version of this Premium Theme is 2.1.5. Authorize on the demo website for tests: https://carspot.scriptsbundle.com/, login is [email protected] and passowrd i...

3.5CVSS0.6AI score0.00736EPSS
Exploits2References2
wpexploit
wpexploit
added 2018/06/01 12:0 a.m.20 views

wpForo Forum <= 1.4.11 - Unauthenticated Reflected Cross-Site Scripting (XSS)

Version 1.4.11, and below, of the wpForo Forum WordPress Plugin were found to be vulnerable to Reflected Cross-Site Scripting XSS. The vulnerability was due to the Plugin using the $SERVER'REQUESTURI' PHP variable to create a URL string that was later output within HTML without any output encodin...

4.3CVSS6.2AI score0.0363EPSS
Exploits1References1
wpexploit
wpexploit
added 2018/01/17 12:0 a.m.20 views

BuddyBoss Media <= 3.2.3 - Stored XSS

The album description does not perform input / output validation. According to the researcher: No reply from vendor. Issue not patched. Vulnerability can be exploited by any user. Form not vulnerable to CSRF. '"alert"test";...

3.5CVSS1AI score0.00723EPSS
Exploits2References1
wpexploit
wpexploit
added 2018/01/10 12:0 a.m.20 views

Smooth Slider <= 2.8.6 - Authenticated SQL Injection

During the security analysis, ThunderScan discovered SQL injection vulnerability in Smooth Slider WordPress plugin. The easiest way to reproduce the vulnerability is to visit the provided URL while being logged in as administrator or another user that is authorized to access the plugin settings...

6.5CVSS1.2AI score0.01202EPSS
Exploits2References3
wpexploit
wpexploit
added 2017/09/08 12:0 a.m.20 views

Caldera Forms <= 1.5.4 - Authenticated Cross-Site Scripting (XSS)

Version 1.5.4 and earlier of Caldera Forms is vulnerable to a reflected cross-site scripting vulnerability in the "edit" parameter, which is not properly escaped before being printed in an HTML attribute. An attacker can use this to craft URLs that, when clicked, result in malicious JavaScript...

1.1AI score
Exploits0References1
wpexploit
wpexploit
added 2017/09/02 12:0 a.m.20 views

SQL Shortcode <= 1.1 - Authenticated SQL Execution

It's not an SQL injection actually, it's just executing SQL with an account as low-privileged as a subscriber. The plugin description says it all. This https://blog.sucuri.net/2016/08/sql-injection-vulnerability-ninja-forms.html great article will help understanding how to exploit shortcodes and...

0.5AI score
Exploits0References1
wpexploit
wpexploit
added 2017/05/31 12:0 a.m.20 views

WP No External Links <= 3.5.18 – Authenticated Cross-Site Scripting (XSS)

The wp-noexternallinks WordPress plugin was affected by security vulnerability. Cross-Site Scripting: Vulnerable Function: echo Vulnerable Variable: $REQUEST'date1', $REQUEST'date2' Vulnerable URLs:...

4.3CVSS0.5AI score0.00954EPSS
Exploits2References1
wpexploit
wpexploit
added 2017/04/27 12:0 a.m.20 views

NextGEN Gallery geo <= 1.0 - Unauthenticated PHP Object Injection

The plugin nextgen-gallery-geo insecurely trusts serialized data submitted over AJAX requests. This opens up the site to a PHP object injection vulnerability potential exploit vector. The original researcher notified the WordPress Plugins team. Attack is exploitable over AJAX calls sites with the...

1.2AI score
Exploits0References1
wpexploit
wpexploit
added 2017/02/28 12:0 a.m.20 views

Mobile App Native <= 3.0 - Remote File Upload

The code in file ./zen-mobile-app-native/server/images.php doesn't require authentication or check that the user is allowed to upload content. It also doesn't sanitize the file upload against executable code. $ curl -F "file=@/var/www/shell.php"...

5CVSS1.5AI score0.07325EPSS
Exploits8References2
wpexploit
wpexploit
added 2016/11/10 12:0 a.m.20 views

Sirv <= 1.3.1 - Authenticated SQL Injection

$POST ‘id’ is not escaped. sirvgetrowbyid is accessible for every registered user. $id = $POST'rowid'; $row = $wpdb-getrow"SELECT FROM $tablename WHERE id = $id", ARRAYA; $row'images' = unserialize$row'images'; echo jsonencode$row;...

6.5CVSS0.4AI score0.01944EPSS
Exploits2References2
wpexploit
wpexploit
added 2016/10/06 12:0 a.m.20 views

iThemes Security <= 5.6.1 - Unauthenticated Stored Cross-Site Scripting (XSS)

The 404 detection module needs to be enabled. curl "http://ithemesprotected.target/index.php/2016/09/22/trigger-404/?x=String/YWxlcnQoInRlc3QiKQ==/;x=x.substring1,x.length-1;evalatobx;" -H 'Accept-Encoding: gzip, deflate, sdch' -H 'Accept-Language: en-US,en;q=0.8' -H 'Upgrade-Insecure-Requests: 1...

0.3AI score
Exploits0References1
wpexploit
wpexploit
added 2016/09/26 12:0 a.m.20 views

W3 Total Cache <= 0.9.4.1 – Unauthenticated Security Token Bypass

The /pub/apc.php file is used to empty the OPCache/APC. The script seems protected by a nonce aka security token: $nonce = W3Request::getstring'nonce'; $uri = $SERVER'REQUESTURI'; if wphash$uri == $nonce But the flaw stays in the == operator which is not the one to use when you want to compare...

7.2AI score
Exploits0References1
wpexploit
wpexploit
added 2016/05/20 12:0 a.m.20 views

brafton WordPress Plugin <=3.4.7 - Reflected XSS

Title -brafton WordPress Plugin XSS Exploit Title : Vulnerabilitie XSS in brafton WordPress Plugin Date: Fri May 20 2016 Reported Date : Fri May 20 2016 Vendor Homepage: http://www.brafton.com/support/wordpress/ Version: v3.3.10 – January2016 Software Link:...

4.3CVSS6.3AI score0.0197EPSS
Exploits2References5
Total number of security vulnerabilities4359