4359 matches found
Form Maker by 10Web < 1.13.36 - Authenticated SQL Injection
Authenticated admin+ SQL injection in the Form Maker by 10Web WordPress Plugin 1.13.35 exists via the /wordpress/wp-admin/admin.php?page=blockedipsfm=1" s parameter. Edit WPScanTeam: - Initial reported version 5.4.1 does not exist, confirmed to be 1.13.35 by researcher - May 25th, 2020 - details...
Iframe < 4.5 - Authenticated Stored Cross Site Scripting (XSS)
The iframe plugin before 4.5 does not sanitize a URL. iframe src="javascript:alertdocument.cookie" width="100%" height="500"...
Media Library Assistant < 2.82 - Unauthenticated Limited Local File Inclusion
The Media Library Assistant plugin before 2.82 for WordPress suffers from a Local File Inclusion vulnerability in mlagallery link=download. The LFI is restricted to the "wp-content" directory...
WP Last Modified Info < 1.6.6 - Authenticated Stored XSS
When saving a new campaign, a user with administrator capabilities can store scripts in the plugin's options. The code can then be executed on every page or post on the website. An administrator can store scripts in the "Custom Message to Display on Posts" text input field. Reason for this was...
Rencontre <= 3.2.2 - Multiple CSRF
The plugins is affected by multiple CSRF issues, allowing arbitrary changes of the plugin's settings. November 3rd, 2019 - WordPress Plugin Team Notified November 5th, 2019 - WP Plugins Team acknowledgments of the issue. December 2nd, 2019 - v3.2.2 released, none of the CSRF have been fixed as th...
Nexos - Real Estate < 1.6.1 - SQL Injection & Persistent XSS
----- SQL Injection: ----- Vulnerable 'id' parameter is https://listing-themes.com/nexos-wp/wp-admin/admin.php?page=ownlistingaddlisting=8 ----- Persistent XSS: ----- You need a new user account, then go to any property listing on the website and use «ENQUIRY FORM» on the right sidebar...
Appointment Hour Booking <= 1.1.45 - Stored Cross-Site Scripting (XSS)
It is possible for an unauthenticated user to inject malicious JavaScript into a booking form, which will then be executed when an authenticated user views the booking in the WordPress admin interface. POST /booking-form/ HTTP/1.1 Host: test.local User-Agent: Mozilla/5.0 Macintosh; Intel Mac OS X...
Blog2Social <= 5.0.2 - Authenticated Cross-Site Scripting (XSS)
The Blog2Social: Social Media Auto Post & Scheduler WordPress plugin was affected by an Authenticated Cross-Site Scripting XSS security vulnerability. http://example.com/wp-admin/admin.php?page=blog2social-ship&postId=70&b2saction=1&b2supdatepublishdate='"...
File Manager < 3.1 - CSRF to Stored Cross-Site Scripting
The plugin is lacking CSRF as well as sanitisation checks, allowing attackers to perform CSRF attacks against logged in administrators and set an XSS payload in the publicpath setting...
Gift Voucher <= 4.1.1 - Unauthenticated Blind SQL Injection
The wpgvdoajaxfronttemplate AJAX action both authenticated and unauthenticated, defined in the front.php does not sanitised, validate or escape the templateid parameter before using it in a SQL statement, leading to a SQL Injection issue. This has been present since at least 1.0.5 v4.1.0 tried to...
JTRT Responsive Tables <= 4.1 – Authenticated SQL Injection
Type user access: single user. $POST‘tableId’ is not escaped. File / Code: Path: /wp-content/plugins/jtrt-responsive-tables/admin/class-jtrt-responsive-tables-admin.php Line : 183 $getTableId = $POST'tableId'; ... $retrievedata = $wpdb-getresults "SELECT FROM $jtrttablesname WHERE jttableIDD = "...
Pressforward <= 5.2.3 - Reflected Cross-Site Scripting (XSS)
The plugin does not sanitise the $SERVER'QUERYSTRING' before outputting it back in the page, leading to a reflected Cross-Site Scripting issue. The issue was initially reported in v4.3.0 but was never fixed, and is still affecting v5.2.3...
WP Live Chat Support < 7.1.05 - Cross-Site Scripting (XSS)
WP Live Chat Support is vulnerable by sending XSS payloads through chat...
WordPress Plugin IBPS Online Exam <= 1.0 - Authenticated SQL Injection / Cross-Site Scripting
Exploit Author: 8bitsec Contact Author: https://twitter.com/8bitsec Stored XSS on exam input textfields and Blind SQL Injection on 'examappUserResult' page 'id' parameter. Authenticated Stored XSS: Logged as a student: Write the payload in the input textfields while attempting an exam. The payloa...
Slideshow Gallery <= 1.6.5 - Multiple Authenticated Cross-Site Scripting (XSS)
The Slideshow Gallery WordPress plugin was affected by a Multiple Authenticated Cross-Site Scripting XSS security vulnerability. http://vulnerablesite.com/wp-admin/admin.php?page=slideshowgalleries&method=view&id=1%5C%22%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E...
WordPress Ad Widget <= 2.11.0 - Authenticated Local File Inclusion (LFI)
The WordPress Ad Widget WordPress plugin was affected by an Authenticated Local File Inclusion LFI security vulnerability. http://www.example.com/wp-content/plugins/ad-widget/views/modal/index.php?step=php://filter/convert.base64-encode/resource=../wp-config...
Akal Theme - Reflected Cross-Site Scripting (XSS)
The premium theme, Akal, suffers from a Reflected Cross-Site Scripting XSS vulnerability in the preview.php file located in framework/brad-shortcodes/tinymce...
Nextend Facebook Connect <= 1.5.7 - Cross-Site Request Forgery (CSRF)
The Nextend Social Login and Register WordPress plugin was affected by a Cross-Site Request Forgery CSRF security vulnerability...
Altos Connect Widget <= 1.3.0 - Unauthenticated Cross-Site Scripting (XSS)
The altos-connect WordPress plugin was affected by an Unauthenticated Cross-Site Scripting XSS security vulnerability. http://www.example.com/wp-content/plugins/altos-connect/jquery-validate/demo/demo/captcha/index.php/"alert1...
Easy2Map <= 1.24 - SQL Injection
The Function.php file uses sprintf to format queries being sent to the database, this doesn't provide proper sanitisation of user input or properly parameterises the query. $ sqlmap -u 'http://www.example.com/wp-admin/admin-ajax.php'...
rtMedia for WordPress, BuddyPress & bbPress 3.7.39 - SQL Injection
When initialized, the rtMedia will include and instantiate certain classes if BuddyPress is installed. One of these classes is RTMediaActivityUpgrade, contained within the file ‘app/importers/RTMediaActivityUpgrade.php’. This class is instantiated in the file ‘admin/RTMediaAdmin.php,’ line 110, i...
Ultimate Product Catalogue <= 3.1.1 - Unauthenticated File Upload
By sending a specially-crafted HTTP POST request, a remote unauthenticated attacker can exploit this issue to upload arbitrary file and execute it in the context of the web server process. curl -v -k -X POST -F "ProductsSpreadsheet=@./backdoor.php"...
All In One WP Security & Firewall <= 3.9.0 - Blind SQL Injection
There are some pages which use the WordPress escsql function incorrectly. http://www.example.com/wp-admin/admin.php?page=aiowpsec&tab=tab3&orderby=userid,select from selectsleep30a&order=asc...
ChurcHope Theme <= 2.1 - Local File Inclusion (LFI)
The vulnerability is caused by improper filtration of user-supplied input passed via the 'file' HTTP GET parameter to the '/lib/downloadlink.php' script, which is publicly accessible. http://www.example.com/wp-content/themes/churchope/lib/downloadlink.php?file=../../../../wp-config.php...
Tera Charts 0.1 - Unauthenticated Remote Path Traversal File Disclosure
The tera-charts WordPress plugin was affected by an Unauthenticated Remote Path Traversal File Disclosure security vulnerability. http://www.example.com/wp-content/plugins/tera-charts/charts/treemap.php?fn=../../../../wp-config.php...
OptimizePress Theme < 1.6 - Unauthenticated Arbitrary File Upload
The OptimizePress premium WordPress theme was vulnerable to Unauthenticated Arbitrary File Upload, which could allow unauthenticated attackers to compromise a WordPress site. This vulnerability has been seen exploited in the wild. The affected file was:...
Real Estate 7 < 3.0.4 - Unauthenticated Reflected XSS
An Unauthenticated Reflected XSS vulnerability was discovered in the Real Estate 7 theme v3.0.2 and v3.0.3 for WordPress. 3.0.3 - https://example.com/?ctkeyword=%22%3E%3Cimg%20src%20onerror%3Dalert%28%2FXSS%2F%29%3E 3.0.4 -...
Email Subscribers & Newsletters < 4.5.1 - Authenticated SQL injection in es_newsletters_settings_callback()
An authenticated high privilege attacker could exploit this issue an gain access to the DBMS. import requests import time import sys def loginurl, username, password: wplogin = "%s/wp-login.php" % url wpadmin = "%s/wp-admin/" % url s = requests.Session headers = 'Cookie':'wordpresstestcookie=WP...
CareerUp < 2.3.1 - Unauthenticated Reflected Cross-Site Scripting
There are unauthenticated reflected Cross-Site Scripting XSS vulnerabilities in CareerUp theme, via the filter parameters. Edit WPScanTeam May 27th, 2020 - Vendor Contacted by Original Submitter. May 29th, 2020 - v2.3.0 Released. Unclear if issue fixed. June 18th, 2020 - Another submitter Vlad...
Travel Booking < 2.8.2 - Unauthenticated Reflected XSS
Unauthenticated Reflected XSS vulnerability was discovered in the «Travel Booking WordPress Theme», tested version — v2.8.1. Edit WPScanTeam June 17th, 2020 - Confirmed & Escalated to Envato. June 18th, 2020 - v2.8.2 released, fixing the issue...
CityBook < 2.4.4 - Unauthenticated Reflected XSS
Unauthenticated Reflected XSS vulnerability was discovered in the «CityBook - Directory & Listing WordPress Theme», tested version — v2.4.3. Edit WPScanTeam June 17th, 2020 - Confirmed & Escalated to Envato June 18th, 2020 - v2.4.4 released, fixing the issue...
Hero Maps Premium < 2.2.3 - Unauthenticated Reflected Cross-Site Scripting (XSS)
The hmapsprem WordPress plugin was affected by an Unauthenticated Reflected Cross-Site Scripting XSS security vulnerability...
Ultimate Membership Pro < 8.7 - Cross-Site Request Forgery allowing Arbitrary Account Deletion and Creation
While confirming the issues from https://wpvulndb.com/vulnerabilities/10086 have been remediated, two CSRF issues were identified, allowing attackers to make logged in administrator delete arbitrary accounts, as well as create a new administrator account. Other CSRF may be present but haven't bee...
ListingPro < 2.5.4 - Unauthenticated Reflected Cross-Site Scripting
Reflected XSS was discovered in the «ListingPro - WordPress Directory Theme», tested version — v2.5.3 Edit - WPScanTeam: January 13th, 2020 - Report Received & Envato Contacted January 13th, 2020 - Envato Investigating January 15th, 2020 - Theme updated, v2.5.4, fixing the issue ----- Info: -----...
301 Redirects - Easy Redirect Manager <= 2.40 - Authenticated Arbitrary Redirect Injection and Modification, XSS, and CSRF
The weaknesses allow for any authenticated user, even subscribers, to modify, delete, and inject redirect rules that could potentially result in a loss of site availability, in addition to XSS and CSRF. " /...
About Author <= 1.3.9 - Authenticated Stored Cross-Site Scripting (XSS)
Wordpress About Author plugin with a version lower or equal with 1.3.9 is affected by an authenticated Stored Cross-site scripting XSS vulnerability. Stored Cross-site scripting XSS: - Using an Wordpress user, access /wp-admin/post-new.php?posttype=aboutauthor About Author Add new - Insert in...
School Management < 57.0 - CSRF and Stored XSS
CSRF and Stored XSS Cross Site Scripting Edit WPScanTeam: June 17th - Issue Reported to Envato June 17th - Envato Support confirmed they are investigating the issue June 28th - New version released, fixing the XSS but not the CSRF. Envato notified July 5th - Demo fixed, new version to be released...
CarSpot Theme <= 2.1.6 - Authenticated Stored XSS
Bad input field data filtering has been discovered in the 'CarSpot – Automotive Car Dealer Wordpress Classified Theme'. Current version of this Premium Theme is 2.1.5. Authorize on the demo website for tests: https://carspot.scriptsbundle.com/, login is [email protected] and passowrd i...
wpForo Forum <= 1.4.11 - Unauthenticated Reflected Cross-Site Scripting (XSS)
Version 1.4.11, and below, of the wpForo Forum WordPress Plugin were found to be vulnerable to Reflected Cross-Site Scripting XSS. The vulnerability was due to the Plugin using the $SERVER'REQUESTURI' PHP variable to create a URL string that was later output within HTML without any output encodin...
BuddyBoss Media <= 3.2.3 - Stored XSS
The album description does not perform input / output validation. According to the researcher: No reply from vendor. Issue not patched. Vulnerability can be exploited by any user. Form not vulnerable to CSRF. '"alert"test";...
Smooth Slider <= 2.8.6 - Authenticated SQL Injection
During the security analysis, ThunderScan discovered SQL injection vulnerability in Smooth Slider WordPress plugin. The easiest way to reproduce the vulnerability is to visit the provided URL while being logged in as administrator or another user that is authorized to access the plugin settings...
Caldera Forms <= 1.5.4 - Authenticated Cross-Site Scripting (XSS)
Version 1.5.4 and earlier of Caldera Forms is vulnerable to a reflected cross-site scripting vulnerability in the "edit" parameter, which is not properly escaped before being printed in an HTML attribute. An attacker can use this to craft URLs that, when clicked, result in malicious JavaScript...
SQL Shortcode <= 1.1 - Authenticated SQL Execution
It's not an SQL injection actually, it's just executing SQL with an account as low-privileged as a subscriber. The plugin description says it all. This https://blog.sucuri.net/2016/08/sql-injection-vulnerability-ninja-forms.html great article will help understanding how to exploit shortcodes and...
WP No External Links <= 3.5.18 – Authenticated Cross-Site Scripting (XSS)
The wp-noexternallinks WordPress plugin was affected by security vulnerability. Cross-Site Scripting: Vulnerable Function: echo Vulnerable Variable: $REQUEST'date1', $REQUEST'date2' Vulnerable URLs:...
NextGEN Gallery geo <= 1.0 - Unauthenticated PHP Object Injection
The plugin nextgen-gallery-geo insecurely trusts serialized data submitted over AJAX requests. This opens up the site to a PHP object injection vulnerability potential exploit vector. The original researcher notified the WordPress Plugins team. Attack is exploitable over AJAX calls sites with the...
Mobile App Native <= 3.0 - Remote File Upload
The code in file ./zen-mobile-app-native/server/images.php doesn't require authentication or check that the user is allowed to upload content. It also doesn't sanitize the file upload against executable code. $ curl -F "file=@/var/www/shell.php"...
Sirv <= 1.3.1 - Authenticated SQL Injection
$POST ‘id’ is not escaped. sirvgetrowbyid is accessible for every registered user. $id = $POST'rowid'; $row = $wpdb-getrow"SELECT FROM $tablename WHERE id = $id", ARRAYA; $row'images' = unserialize$row'images'; echo jsonencode$row;...
iThemes Security <= 5.6.1 - Unauthenticated Stored Cross-Site Scripting (XSS)
The 404 detection module needs to be enabled. curl "http://ithemesprotected.target/index.php/2016/09/22/trigger-404/?x=String/YWxlcnQoInRlc3QiKQ==/;x=x.substring1,x.length-1;evalatobx;" -H 'Accept-Encoding: gzip, deflate, sdch' -H 'Accept-Language: en-US,en;q=0.8' -H 'Upgrade-Insecure-Requests: 1...
W3 Total Cache <= 0.9.4.1 – Unauthenticated Security Token Bypass
The /pub/apc.php file is used to empty the OPCache/APC. The script seems protected by a nonce aka security token: $nonce = W3Request::getstring'nonce'; $uri = $SERVER'REQUESTURI'; if wphash$uri == $nonce But the flaw stays in the == operator which is not the one to use when you want to compare...
brafton WordPress Plugin <=3.4.7 - Reflected XSS
Title -brafton WordPress Plugin XSS Exploit Title : Vulnerabilitie XSS in brafton WordPress Plugin Date: Fri May 20 2016 Reported Date : Fri May 20 2016 Vendor Homepage: http://www.brafton.com/support/wordpress/ Version: v3.3.10 – January2016 Software Link:...