Lucene search
K
WpexploitMost viewed

4359 matches found

wpexploit
wpexploit
added 2016/04/12 12:0 a.m.20 views

Tidio Gallery <= 1.1 - Unauthenticated Reflected Cross-Site Scripting (XSS)

The tidio-gallery WordPress plugin was affected by a Unauthenticated Reflected Cross-Site Scripting XSS security vulnerability. http://www.example.com/wp-content/plugins/tidio-gallery/popup-insert-help.php?galleryId="alert1;"...

4.3CVSS1AI score0.04486EPSS
Exploits2References2
wpexploit
wpexploit
added 2016/04/12 12:0 a.m.20 views

defa-online-image-protector <= 3.3 - Unauthenticated Reflected Cross-Site Scripting (XSS)

The defa-online-image-protector WordPress plugin was affected by an Unauthenticated Reflected Cross-Site Scripting XSS security vulnerability. http://www.example.com/wp-content/plugins/defa-online-image-protector/redirect.php?r="alert1;"...

4.3CVSS0.9AI score0.03236EPSS
Exploits2References2
wpexploit
wpexploit
added 2016/04/12 12:0 a.m.20 views

AJAX Random Post <= 2.00 - Unauthenticated Reflected Cross-Site Scripting (XSS)

The ajax-random-post WordPress plugin was affected by an Unauthenticated Reflected Cross-Site Scripting XSS security vulnerability. http://www.example.com/wp-content/plugins/ajax-random-post/js.php?interval="alert1;"...

4.3CVSS0.9AI score0.03223EPSS
Exploits2References2
wpexploit
wpexploit
added 2016/04/01 12:0 a.m.20 views

Stop User Enumeration <= 1.3.3 - Username Enumeration Bypass

Using the plugin "Stop User Enumeration 1.3.3" is possible bypass it to get the usernames. Blocked: http://www.example.com/?author%00=%001 Passed: http://www.example.com/?bypass=1&author%00=1...

0.9AI score
Exploits0References2
wpexploit
wpexploit
added 2015/10/23 12:0 a.m.20 views

wp-championship <= 5.8 - Authenticated Blind SQL Injection

The wp-championship WordPress plugin was affected by an Authenticated Blind SQL Injection security vulnerability. $ sqlmap -u 'http://www.example.com/wp-admin/wp-championship/csadminusers.php&userid=' --data="isadmin=1&user" --cookie=AUTHCOOKIEHERE --level=5 --risk=3...

7.5CVSS2.1AI score0.02206EPSS
Exploits2References1
wpexploit
wpexploit
added 2015/09/14 12:0 a.m.20 views

Csv2WPeC Coupon <= 1.1 - Unauthenticated Remote File Upload

The code in csv2wpecCouponFileUpload.php does not properly sanitize user input, it checks the file mime-type for type x-php but this can be tricked when using the short code for "; $uploadfile="/var/www/s.pht"; $ch =...

5CVSS0.5AI score0.02043EPSS
Exploits2References1
wpexploit
wpexploit
added 2015/07/05 12:0 a.m.20 views

StageShow <= 5.0.8 - Open Redirect

The StageShow WordPress plugin was affected by an Open Redirect security vulnerability. http://www.example.com/wp-content/plugins/stageshow/stageshowredirect.php?url=http%3A%2F%2F2buntu.com...

6.4CVSS1.8AI score0.06283EPSS
Exploits2References3
wpexploit
wpexploit
added 2015/06/06 12:0 a.m.20 views

SE HTML5 Album Audio Player <= 1.1.0 - Local File Include

The se-html5-album-audio-player v1.1.0 plugin for wordpress has a local file include vulnerability. The downloadaudio.php file does not check to see if the user is authenticated, it only attempts to check if the path is in /wp-content/uploads which is easily defeated with ../...

5CVSS1.3AI score0.18958EPSS
Exploits4References4
wpexploit
wpexploit
added 2015/01/29 12:0 a.m.20 views

PowerPress Podcasting < 6.0.1 - Cross-Site Scripting (XSS)

The PowerPress Podcasting plugin by Blubrry WordPress plugin was affected by a Cross-Site Scripting XSS security vulnerability. /wp-admin/admin.php?page=powerpress/powerpressadmincategoryfeeds.php&action=powerpress-editcategoryfeed&cat=1';"--alert0x014068...

4.3CVSS1AI score0.02237EPSS
Exploits3References1
wpexploit
wpexploit
added 2014/08/01 12:0 a.m.20 views

slidedeck2 < 2.1.20130313 - XSS in ZeroClipboard

The SlideDeck 2 Lite Responsive Content Slider WordPress plugin was affected by a XSS in ZeroClipboard security vulnerability. /wp-content/plugins/slidedeck2/js/zeroclipboard/ZeroClipboard.swf?id="catcheif!self.aself.a=!alertdocument.cookie//&width&height...

4.3CVSS0.8AI score0.06316EPSS
Exploits4References2
wpexploit
wpexploit
added 2014/04/25 12:0 a.m.20 views

Infusionsoft Gravity Forms Add-on < 1.5.7 - Unauthenticated Reflected XSS

The Infusionsoft Gravity Forms Add-on WordPress plugin was affected by an Unauthenticated Reflected XSS security vulnerability...

4.3CVSS2.1AI score0.03902EPSS
Exploits2References1
wpexploit
wpexploit
added 2014/04/25 12:0 a.m.20 views

Shortcode Ninja <= 1.4 - Unauthenticated Reflected XSS

The last time it was checked the plugin was still affected and had been closed. http://www.example.com/wp-content/plugins/shortcode–ninja/preview-shortcode-external.php?shortcode=shortcode%27%3E%3Cscript%3Ealert%28document.cookie%29%3C/script%3E...

4.3CVSS1.9AI score0.03884EPSS
Exploits2References1
wpexploit
wpexploit
added 2020/11/14 12:0 a.m.19 views

WP DB Error Manager <= 2.1.6 - Reflected Cross-Site Scripting (XSS)

Reflected XSS in the file "admin/partials/wp-db-error-manager-login-display.php" in parameter "email" query string https://example.com/wp-content/plugins/wp-database-error-manager/admin/partials/wp-db-error-manager-login-display.php?email=%22%3E%3Cimg%20src%20onerror=alert/XSS/%3E...

1.6AI score
Exploits0References1
wpexploit
wpexploit
added 2020/11/12 12:0 a.m.19 views

Love Travel < 2.0 - Unauthenticated Reflected XSS & XFS

An Unauthenticated Reflected XSS & XFS vulnerabilities was discovered in the Love Travel theme for WordPress, affected versions: 1.0-1.9. Vulnerable parameters: ndtravelarchiveformkeyword, ndtraveltypologyslug. The issue was fixed due to a code rewrite of the theme. $ :: Payloads: " "...

1.9AI score
Exploits0References2
wpexploit
wpexploit
added 2020/08/31 12:0 a.m.19 views

Bulk Change <= 1.0 - Authenticated Reflected Cross-Site Scripting

The Bulk Change page under Tools Bulk Posts Change has an 's' GET parameter echoed to a text input tag value without being sanitised, leading to a cross-site scripting issue. /wp-admin/tools.php?page=bulk-change%2Fbulk-change.php&perpage=10&dosearch=Search+...&changeposttype&bctpaction&s="alertXS...

0.4AI score
Exploits0References1
wpexploit
wpexploit
added 2020/07/18 12:0 a.m.19 views

Careerfy < 4.3.0 - Unauthenticated Reflected Cross-Site Scripting

An Unauthenticated Reflected XSS vulnerability was discovered in the Careerfy Job Board theme v4.2.0 for WordPress. https://careerfy.net/careerbooster/jobs-listing/?jobtype=%3Cimg%20src=x%20onerror=alertXSS;%3E...

1.5AI score
Exploits0References2
wpexploit
wpexploit
added 2020/07/13 12:0 a.m.19 views

Workio – Job Board < 1.0.3 - Unauthenticated Reflected XSS

Unauthenticated Reflected XSS vulnerability was discovered in the «Workio – Job Board WordPress Theme», tested version — v1.0.1. https://www.demoapus-wp1.com/workio/jobs-grid-v1/?filter-title=%22%3E%3Cimg%20src=x%20onerror=alertXSS%3E...

2.1AI score
Exploits0References2
wpexploit
wpexploit
added 2020/06/07 12:0 a.m.19 views

SportsPress < 2.7.2 - Authenticated Stored Cross-Site Scripting

Any user with the role of administrator or League Manager is able to store XSS payloads in the custom delimiter setting of events pages. This will then execute on all events pages on the website. Video PoC: https://youtu.be/J8QZ8S6CiS8...

3.5CVSS0.6AI score0.00696EPSS
Exploits1
wpexploit
wpexploit
added 2020/06/05 12:0 a.m.19 views

Elementor Page Builder < 2.9.10 - Authenticated Stored XSS

The Elementor Page Builder plugin is susceptible to stored XSS. An author user can create custom links containing XSS payloads or apply custom attributes to widgets which results in XSS. javascript:alert1, JaVaScript:alert1, javas cript:alert1 @keyframes x...

3.5CVSS0.3AI score0.00761EPSS
Exploits3References1
wpexploit
wpexploit
added 2020/05/04 12:0 a.m.19 views

wpForo < 1.7.0 - Reflected Cross-Site Scripting (XSS) via s Parameter

The plugin did not escape, validate or escape the 's' GET parameter before outputting back in the page, leading to a reflected Cross-Site Scripting issue which will be executed in the context of a logged in admin https://example.com/wp-admin/admin.php?page=wpforo-phrases&s="alert/XSS/...

3.5CVSS1.1AI score0.00709EPSS
Exploits2References1
wpexploit
wpexploit
added 2020/04/27 12:0 a.m.19 views

Simple File List < 4.2.3 - Unauthenticated Arbitrary File Upload RCE

The Simple File List WordPress plugin was found to be vulnerable to an unauthenticated arbitrary file upload leading to remote code execution. The Python exploit first uploads a file containing PHP code but with a png image file extension. A second request is sent to move rename the png file to a...

0.1AI score
Exploits0References3
wpexploit
wpexploit
added 2020/04/11 12:0 a.m.19 views

Tickera WordPress Event Ticketing < 3.4.6.9 - Unauthenticated Sensitive Data Exposure

Due to missing authorization controls in the "admininit" hooks, all personal data from registered users of an event could be exported into a downloadable PDF file by every unauthenticated user. The event ID could be read from the page source and/or easily enumerated in sequence. According to the...

0.3AI score
Exploits0
wpexploit
wpexploit
added 2020/02/21 12:0 a.m.19 views

Chained Quiz < 1.1.9.1 - Authenticated Stored XSS

WordPress Plugin Plugin Chained Quiz latest 1.1.9 and before suffers from a Stored XSS vulnerability in the sendername, adminsubject and usersubject POST parameter when an admin completes the setting for plugin as a result, the severity is very low POST /wp-admin/admin.php?page=chainedquizoptions...

0.8AI score
Exploits0References1
wpexploit
wpexploit
added 2019/06/21 12:0 a.m.19 views

Seo By Rank Math <= 1.0.27 - Authenticated Settings Reset

Allows any authenticated user with a role as low as subscriber to reset Settings of the plugin. https://plugins.trac.wordpress.org/browser/seo-by-rank-math/tags/1.0.27/includes/admin/class-options.phpL91...

4CVSS2.1AI score0.01381EPSS
Exploits2References1
wpexploit
wpexploit
added 2019/05/28 12:0 a.m.19 views

Slick Popup <= 1.7.1 - Privilege Escalation

Subscriber users are able to create an administrator account with hardcoded login credentials. Hardcoded username "slickpopupteam" and its password is OmakPass13...

6.5CVSS1.9AI score0.02071EPSS
Exploits2References2
wpexploit
wpexploit
added 2019/05/20 12:0 a.m.19 views

FV Flowplayer Video Player <= 7.3.13.727 - Unauthenticated Stored XSS

The vulnerable function is exposed to unauthenticated users over wpajaxnoprivfvwpflowplayeremailsignup ajax hook. It saves anything that user provides in email POST parameter. Send POST request to wp-admin/admin-ajax.php with body content: "action=fvwpflowplayeremailsignup&list=1&[email protected]"...

4.3CVSS1AI score0.02022EPSS
Exploits2References2
wpexploit
wpexploit
added 2018/10/30 12:0 a.m.19 views

Calendar <= 1.3.10 - Authenticated Stored Cross-Site Scripting (XSS)

This WordPress plugin allows remote authenticated users, without the unfilteredhtml capability, to execute JavaScript code through stored XSS attack. The plugin by default is available to users with contributor or more privileges. POC 1 You can inject JavaScript code into the event title when...

3.5CVSS1AI score0.0073EPSS
Exploits2
wpexploit
wpexploit
added 2018/04/24 12:0 a.m.19 views

UK Cookie Consent <= 2.3.9 - Authenticated Stored Cross-Site Scripting (XSS)

A persistent cross-site scripting vulnerability has been identified in the web interface of the plugin that allows the execution of arbitrary HTML/script code to be executed in a victim's web browser. Tested on version 2.3.9 older versions may also be affected 1 Access WordPress control panel. 2...

3.5CVSS0.6AI score0.03892EPSS
Exploits5References1
wpexploit
wpexploit
added 2018/02/28 12:0 a.m.19 views

Category Order and Taxonomy Terms Order <= 1.5.2.2 - Authenticated PHP Object Injection

Usage of unserialize on user input in the saving request of the orders leads to PHP object injection vulnerability. Send POST request to "URL/wp-admin/admin-ajax.php" with parameters "action=update-taxonomy-order&order=SERIALIZED-OBJECT"...

1.6AI score
Exploits0References1
wpexploit
wpexploit
added 2017/05/05 12:0 a.m.19 views

Clean Login <= 1.7.12 - Change Redirect URL CSRF

The Clean Login WordPress plugin was affected by a Change Redirect URL CSRF security vulnerability...

4.3CVSS0.5AI score0.00618EPSS
Exploits2References1
wpexploit
wpexploit
added 2016/12/14 12:0 a.m.19 views

Xtreme Locator Dealer Locator Plugin 1.5 – Authenticated SQL Injection

Type user access: admins user. $GET‘id’ is not escaped. Is accessible for only admins user. 1 - logged with admin user; 2 - send resquest get; http://www.example.com/wp-admin/admin.php?page=xtreme-locator-settings&id=0+UNION+ALL+SELECT+1%2Cslug%2Cname%2C4%2C5+FROM+wpterms+WHERE+termid%3D1...

6.5CVSS1.3AI score0.01598EPSS
Exploits2References1
wpexploit
wpexploit
added 2016/12/12 12:0 a.m.19 views

ZX_CSV Upload 1 – Authenticated SQL Injection

Type user access: admin user. $GET‘id’ is not escaped. URL is accessible for every registered user. 1 – Login with admin user. 2 - Send request post:...

6.5CVSS1.1AI score0.01902EPSS
Exploits2References1
wpexploit
wpexploit
added 2016/08/29 12:0 a.m.19 views

404 to 301 <= 2.3.0 - Unauthenticated Stored Cross-Site Scripting (XSS)

Description There is a stored XSS in the 404-to-301 WP plugin alertdocument.cookie HTTP/1.1 Host: wordpress Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 Windows NT 6.1; WOW64 AppleWebKit/537.36 KHTML, like Gecko Chrome/51.0.2704.103 Safari/537.36 Accept:...

6.1AI score
Exploits0References4
wpexploit
wpexploit
added 2016/08/24 12:0 a.m.19 views

CYSTEME Finder <= 1.3 - Unauthenticated LFI and Unauthenticated File Upload

CYSTEME does not properly check SESSION Cookies allowing a remote attacker to upload, view, or delete files from any location on the remote file system. - Retrieve all data in the root wordpress directory. This will return JSON. Exploit:...

7.5CVSS0.4AI score0.02433EPSS
Exploits2References1
wpexploit
wpexploit
added 2016/05/11 12:0 a.m.19 views

Tera Charts 1.0 - Unauthenticated Cross-Site Scripting (XSS)

The tera-charts WordPress plugin was affected by an Unauthenticated Cross-Site Scripting XSS security vulnerability. http://www.example.com/tera-charts/charts/treemap.php?fn=";alert1;"&userid=1...

4.3CVSS1.1AI score0.02177EPSS
Exploits2References2
wpexploit
wpexploit
added 2016/04/12 12:0 a.m.19 views

anti-plagiarism <= 3.60 - Unauthenticated Reflected Cross-Site Scripting (XSS)

The anti-plagiarism WordPress plugin was affected by an Unauthenticated Reflected Cross-Site Scripting XSS security vulnerability. http://www.example.com/wp-content/plugins/anti-plagiarism/js.php?m="alert1;"...

4.3CVSS0.9AI score0.04195EPSS
Exploits2References2
wpexploit
wpexploit
added 2016/04/12 12:0 a.m.19 views

HDW WordPress Video Gallery <= 1.2 - Unauthenticated Reflected Cross-Site Scripting (XSS)

The hdw-tube WordPress plugin was affected by an Unauthenticated Reflected Cross-Site Scripting XSS security vulnerability. http://www.example.com/wp-content/plugins/hdw-tube/playlist.php?playlist="alert1;alert1;"...

4.3CVSS0.8AI score0.0465EPSS
Exploits3References3
wpexploit
wpexploit
added 2016/04/12 12:0 a.m.19 views

MW Font Changer <= 4.2.5 - Unauthenticated Reflected Cross-Site Scripting (XSS)

The MW Font Changer WordPress plugin was affected by an Unauthenticated Reflected Cross-Site Scripting XSS security vulnerability. http://www.example.com/wp-content/plugins/parsi-font/css.php?size="alert1;"...

4.3CVSS0.8AI score0.04448EPSS
Exploits2References2
wpexploit
wpexploit
added 2016/04/12 12:0 a.m.19 views

New Year Firework <= 1.1.9 - Unauthenticated Reflected Cross-Site Scripting (XSS)

The new-year-firework WordPress plugin was affected by an Unauthenticated Reflected Cross-Site Scripting XSS security vulnerability. http://www.example.com/wp-content/plugins/new-year-firework/firework/index.php?text="alert1;"...

4.3CVSS0.8AI score0.03432EPSS
Exploits2References2
wpexploit
wpexploit
added 2016/02/07 12:0 a.m.19 views

InstaLinker <= 1.1.1 - Reflected Cross-Site Scripting (XSS)

Due to a lack of input sanitization in the includes/instalinker-admin-preview.php file, it is possible to utilise a reflected XSS vector to run a script in the target user's browser and potentially compromise the WordPress installation...

4.3CVSS2.2AI score0.0102EPSS
Exploits2References1
wpexploit
wpexploit
added 2015/10/10 12:0 a.m.19 views

Ajax Load More <= 2.8.1.1 - Authenticated File Upload & Deletion

Authenticated file upload in file ajax-load-more/admin/admin.php file, in the function almsaverepeater. The variable $f is set to a predictable PHP file path, and then the content of the variable $c is written into that file. The following code proves that this second variable is also set from...

Exploits0References2
wpexploit
wpexploit
added 2015/09/15 12:0 a.m.19 views

MyPixs <= 0.3 - Unauthenticated Local File Inclusion (LFI)

Plugin is still affected and has been closed. Typical local file inclusion vulnerability: from downloadpage.php: I've tried to get RCE but didn't have success reading from /proc/self/environ or /var/log/apache2/access.log include: Failed opening '/proc/self/environ' for inclusion...

5CVSS1.3AI score0.09325EPSS
Exploits2References1
wpexploit
wpexploit
added 2015/09/06 12:0 a.m.19 views

WP Symposium <= 15.8.1 - Unauthenticated Reflected Cross-Site Scripting (XSS)

The wp-symposium WordPress plugin was affected by an Unauthenticated Reflected Cross-Site Scripting XSS security vulnerability. http://www.example.com/wp-content/plugins/wp-symposium/getalbumitem.php?size=alert/xss/...

4.3CVSS1.1AI score0.03605EPSS
Exploits2References1
wpexploit
wpexploit
added 2015/08/06 12:0 a.m.19 views

MP3-jPlayer <= 2.4.2 - Full Path Disclosure

The download.php code allows arbitrary users to disclose path information on WordPress sites with this plugin installed. 120 $info = " 121 Get: " . $mp3 . " 122 Sent: " . $sent . " 123 File: " . $file . " 124 Open: " . $SERVER'DOCUMENTROOT' . $fp . " 125 Root: " . $rooturl . " 126 pID: "...

5CVSS1.4AI score0.02093EPSS
Exploits1References1
wpexploit
wpexploit
added 2015/06/18 12:0 a.m.19 views

Ultimate Member 1.2.98-1.2.994 - Reflected Cross-Site Scripting (XSS)

The Ultimate Member plugin utilizes the Redux Framework. The Redux Framework includes a script named ‘class.p.php’, which acts as a HTTP proxy. Utilizing this script, it is possible to trigger a Reflected XSS attack, by loading data from a location controlled by the attacker. The data from this...

Exploits0References1
wpexploit
wpexploit
added 2015/05/06 12:0 a.m.19 views

Freshmail for WordPress <= 1.5.8 - shortcode.php SQL Injection

There is a SQL Injection vulnerability available for collaborators or higher privileged users for webs with freshmail plugin installed. The SQL Injection is located in the attribute "id" of the inserted shortcode FMform id="N". The shortcode attribute "id" is not sanitized before inserting it in ...

6.5CVSS1AI score0.02172EPSS
Exploits2References1
wpexploit
wpexploit
added 2015/04/14 12:0 a.m.19 views

Crayon Syntax Highlighter <= 2.6.10 - Local File Disclosure

The local file syntax highlighting feature of Crayon Syntax Highlighter doesn't check the path of the file to process. Also, by default, this feature is usable through public comments. This allows unauthenticated visitors to see the content of any file where the web server has read permissions,...

7.2AI score
Exploits0References1
wpexploit
wpexploit
added 2014/08/01 10:58 a.m.19 views

WordPress 2.1.1 - Command Execution Backdoor

http://www.example.com/wp-includes/feed.php?ix=phpinfo; http://www.example.com/wp-includes/theme.php?iz=cat /etc/passwd...

7.5CVSS2.2AI score0.27006EPSS
Exploits2References3
wpexploit
wpexploit
added 2014/04/25 12:0 a.m.19 views

Podcast Channels < 0.28 - Unauthenticated Reflected XSS

The Podcast Channels WordPress plugin was affected by an Unauthenticated Reflected XSS security vulnerability. http://127.0.0.1/wp-content/plugins/podcast–channels/getid3/demos/demo.write.php?Filename=Filename%27%3E%3Cscript%3Ealert%28document.cookie%29%3C/script%3E&...

4.3CVSS2AI score0.03779EPSS
Exploits1References1
wpexploit
wpexploit
added 2014/04/25 12:0 a.m.19 views

WP e-Commerce Swipe <= 3.1.0 - Multiple XSS Issues

The last time it was checked the plugin was still affected and had been closed...

4.3CVSS1.5AI score0.01163EPSS
Exploits2References1
Total number of security vulnerabilities4359