Lucene search
K
WpexploitMost viewed

4359 matches found

wpexploit
wpexploit
added 2016/04/12 12:0 a.m.16 views

MiniMax <= 2.0.2 - Unauthenticated Reflected Cross-Site Scripting (XSS)

The page-layout-builder WordPress plugin was affected by an Unauthenticated Reflected Cross-Site Scripting XSS security vulnerability. http://www.example.com/wp-content/plugins/page-layout-builder/includes/layout-settings.php?layoutsettingsid="alert1;"...

4.3CVSS0.9AI score0.03462EPSS
Exploits2References1
wpexploit
wpexploit
added 2015/09/14 12:0 a.m.16 views

EZ SQL Reports <= 4.11.33 - Authenticated Arbitrary File Download

The plugin allows a WordPress site administrator or collaborator to download arbitrary files from the host file system though the plugin functionality of downloading .sql, .sql.zip or .sql.gz files created by the WordPress administrator. The file name to download is not sanitized and path travers...

0.3AI score
Exploits0References1
wpexploit
wpexploit
added 2015/08/13 12:0 a.m.16 views

Hide My WP <= 4.53 - Stored-Cross Site Scripting (XSS)

An attacker can make a fake attack attempt which will be logged, and can inject JavaScript. curl --referer 'you are using bad filtering for input ript alert"XSS here" ript; :; ;' http://example.com...

0.6AI score
Exploits0References1
wpexploit
wpexploit
added 2015/07/12 12:0 a.m.16 views

Candidate Application Form <= 1.3 - Unauthenticated Arbitrary File Download

Plugin is still affected and has been closed. The code in downloadpdffile.php does not do any sanity checks, allowing a remote attacker to download sensitive system files. $ curl...

5CVSS2.5AI score0.08833EPSS
Exploits1References3
wpexploit
wpexploit
added 2015/07/03 12:0 a.m.16 views

Swim Team <= v1.44.10777 - Local File Inclusion

The code in ./wp-swimteam/include/user/download.php doesn't sanitize user input from downloading sensitive system files. $ curl...

5CVSS0.9AI score0.32714EPSS
Exploits2References3
wpexploit
wpexploit
added 2015/06/25 12:0 a.m.16 views

WP Mobile Detector <= 3.2 - Stored Cross-Site Scripting (XSS)

The WP Mobile Detector plugin exposes the AJAX action ‘websitezoptions’ to all registered users on line 78 of wp-mobile-detector/websitez-wp-mobile-detector.php. Providing specially crafted form values will result in a Persistent XSS attack on Mobile visitors. import requests s = requests.session...

0.8AI score
Exploits0References1
wpexploit
wpexploit
added 2015/06/02 12:0 a.m.16 views

Simple Share Buttons Adder <= 6.0.0 - Reflected Cross-Site Scripting (XSS)

A reflected XSS in "Simple Share Buttons Adder" before version 6.0.1 lead to a reflected cross-site scripting vulnerability on all pages where the "Simple Share Buttons Adder" was added usually all blog posts. Exploitation required that the browser did not encode the parameters sent to the server...

4.3CVSS0.5AI score0.00958EPSS
Exploits1References1
wpexploit
wpexploit
added 2015/05/25 12:0 a.m.16 views

NextScripts: Social Networks Auto-Poster < 3.4.18 - CSRF to Stored XSS

The NextScripts: Social Networks Auto-Poster plugin for WordPress is vulnerable to a Persistent XSS attack on the settings screen, due to a lack of sanitation of user input, and lack of Cross-Site Request Forgery token nonce. If a page with the following FORM in is visited by an administrative...

0.2AI score
Exploits0References1
wpexploit
wpexploit
added 2015/05/12 12:0 a.m.16 views

Auberge Theme <= 1.4.4 - DOM Cross-Site Scripting (XSS)

The Auberge WordPress theme was affected by a DOM Cross-Site Scripting XSS security vulnerability. http://www.example.com/wp-content/themes/auberge/genericons/example.html...

4.3CVSS1.2AI score0.00907EPSS
Exploits1References1
wpexploit
wpexploit
added 2015/04/26 12:0 a.m.16 views

Exquisite Ultimate Newspaper Theme <= 1.3.3 - DOM Cross-Site Scripting (XSS)

The exquisite-wp WordPress theme was affected by a DOM Cross-Site Scripting XSS security vulnerability. http://www.example.com/...

4.3CVSS1.4AI score0.01078EPSS
Exploits2References2
wpexploit
wpexploit
added 2015/04/17 12:0 a.m.16 views

Mashshare <= 2.3.0 - Information Disclosure

The Mashshare plugin exposes a few AJAX commands via its own custom hook, which can be found in the file ‘includes/admin/admin-actions.php’, and the function ‘mashsbprocessactions’. This function is called upon the ‘admininit’ action being fired, which can be triggered by anyone when visiting the...

0.2AI score
Exploits0References2
wpexploit
wpexploit
added 2015/04/14 12:0 a.m.16 views

Tune Library <= 1.5.4 - SQL Injection

The Tune Library WordPress plugin was affected by a SQL Injection security vulnerability. http://www.example.com/?pageid=2&artistletter=G' UNION ALL SELECT CONCATWSCHAR59,version,currentuser,database,2--%20...

6.8CVSS1.3AI score0.04868EPSS
Exploits6References4
wpexploit
wpexploit
added 2015/04/13 12:0 a.m.16 views

WP Mobile Edition <= 2.2.7 - Remote File Disclosure

The plugin is not filtering data in GET parameter 'files' in file 'themes/mTheme-Unus/css/css.php' http://www.example.com/wp-content/themes/mTheme-Unus/css/css.php?files=../../../../wp-config.php...

1.5AI score
Exploits0References1
wpexploit
wpexploit
added 2015/03/16 12:0 a.m.16 views

MiwoFTP - File & Folder Manager <= 1.0.4 - Arbitrary File Disclosure

A hook is added to ‘init’ in the file ‘miwoftp/miwoftp.php’. This hook is triggered whenever a user visits the front end of the site. The function specified in this hook will proceed to allow the user to download a file within the scope of the home directory of the site. Various values from the G...

0.1AI score
Exploits0References1
wpexploit
wpexploit
added 2014/08/01 12:0 a.m.16 views

Specialist by Templatic - CSRF File Upload

The specialist WordPress theme was affected by a Templatic Theme CSRF File Upload security vulnerability. File Access: https://example.com/wp-content/themes/specialist/images/tmp/yourshell.php...

0.1AI score
Exploits0References1
wpexploit
wpexploit
added 2014/08/01 12:0 a.m.16 views

BSK PDF Manager < 1.5 - Multiple Authenticated SQL Injections

The plugin did not use prepared statement with the categoryid and pdfid parameter when viewing the /wp-admin/admin.php?page=bsk-pdf-manager and /wp-admin/admin.php?page=bsk-pdf-manager-pdfs page leading to Authenticated SQL Injection issues...

6.5CVSS2.2AI score0.03553EPSS
Exploits3References2
wpexploit
wpexploit
added 2014/04/25 12:0 a.m.16 views

WP eBay Product Feeds < 1.2 - Cross-Site Scripting via rss_url Parameter

The WP eBay Product Feeds WordPress plugin was affected by a Cross-Site Scripting via rssurl Parameter security vulnerability. http://localhost/wordpress/wp-content/plugins/ebay–feeds–for–wordpress/magpie/scripts/magpieslashbox.php?rssurl=%3Cscript%3Ealert%281%29%3C/script%3E...

4.3CVSS1.7AI score0.0118EPSS
Exploits2References1
wpexploit
wpexploit
added 2020/09/14 12:0 a.m.15 views

Affiliate Manager < 2.7.8 - Unauthenticated Stored Cross-Site Scripting (XSS)

The plugin does not properly validate and sanitise data passed to the affiliate-register form, allowing unauthenticated user to set XSS payloads in some of its fields. The payloads will then be triggered when privileged users, such as admin, will view the created affiliate in the backend. As an...

1.2AI score
Exploits0References1
wpexploit
wpexploit
added 2020/08/19 12:0 a.m.15 views

Click to Top < 1.2.8 - Authenticated Stored Cross-Site Scripting

The Type scroll text field in the plugin settings page was found to be vulnerable to stored XSS, as they did not sanitize user given input properly before publishing the changes. It is triggered when a user loads any page on the website. All WordPress websites using Click to top WordPress Plugin...

6.8AI score
Exploits0References2
wpexploit
wpexploit
added 2019/07/29 12:0 a.m.15 views

Real Estate 7 < 2.9.1 - Stored XSS & IDOR

The 'Real Estate 7' premium WordPress theme is vulnerable to persistent XSS injection that allows an attacker to inject JavaScript or HTML code into the website front-end. There is also an Insecure Direct Object Reference issue, allowing unauthorized users to edit listings they should not have...

6.7AI score
Exploits0References3
wpexploit
wpexploit
added 2018/01/10 12:0 a.m.15 views

Service Finder Booking < 3.2 - Unauthenticated Local File Disclosure

The premium Service Finder Booking WordPress plugin was vulnerable to a Local File Disclosure vulnerability that could allow unauthenticated users to include arbitrary files on the server. http://victim.com/wp-content/plugins/sf-booking/lib/downloads.php?file=/index.php...

2.3AI score
Exploits0References2
wpexploit
wpexploit
added 2017/11/11 12:0 a.m.15 views

WP Support Plus Responsive Ticket System < 8.0.8 - Remote Code Execution (RCE)

WP Support Plus Responsive Ticket System Choose a file ending with .phtml: After doing this, an uploaded file can be accessed at, say: http://example.com/wp-content/uploads/wpsp/1510248571filename.phtml...

7.5AI score
Exploits0References1
wpexploit
wpexploit
added 2017/11/03 12:0 a.m.15 views

Events <= 2.3.4 - Authenticated SQL Injection

Type user access: administrator user. $GET‘editevent’ is not escaped. File / Code: Path Request: /wp-content/plugins/wp-events/wp-events.php Line : 450 – 468 if isset $GET'editevent' $eventeditid = escattr $GET'editevent' ; ... $editevent = $wpdb-getrow "SELECT FROM $wpdb-prefixevents WHERE id =...

2AI score
Exploits0References1
wpexploit
wpexploit
added 2017/09/08 12:0 a.m.15 views

MailChimp for WordPress <= 4.1.6 - Authenticated Cross-Site Scripting (XSS)

Usage of the output of addqueryarg without escaping in various places in the WordPress Backend leads to reflected XSS vulnerability. URL/wp-admin/admin.php?page=mailchimp-for-wp-integrations&"alert1...

0.7AI score
Exploits0References2
wpexploit
wpexploit
added 2016/12/09 12:0 a.m.15 views

BP Profile Search <= 4.5.3 - PHP Object Injection

The plugin bp-profile-search insecurely trusts serialized data submitted over HTTP requests. This opens up the site to a PHP object injection vulnerability potential exploit vector. This vulnerability was patched in version 4.6, information is being released now as a disclosure period has expired...

0.5AI score
Exploits0References1
wpexploit
wpexploit
added 2016/08/24 12:0 a.m.15 views

WordPress Zero Spam <= 2.1.1 - Unauthenticated Blind SQL Injection

The WordPress Zero Spam WordPress plugin was affected by an Unauthenticated Blind SQL Injection security vulnerability. HTTP request header: Client-IP: '+select0fromselectsleep10v+'...

1.4AI score
Exploits0References3
wpexploit
wpexploit
added 2016/06/22 12:0 a.m.15 views

Contus Video Comments - Unauthenticated Remote JPG File Upload

The contus-video-comments WordPress plugin was affected by an Unauthenticated Remote JPG File Upload security vulnerability. curl --data @image.jpg "http://www.example.com/wp-content/plugins/contus-video-comments/save.php?id=../image"...

1.7AI score
Exploits0References1
wpexploit
wpexploit
added 2016/04/12 12:0 a.m.15 views

Easy Contact Form Builder <= 1.0 - Unauthenticated Reflected Cross-Site Scripting (XSS)

The tidio-form WordPress plugin was affected by an Unauthenticated Reflected Cross-Site Scripting XSS security vulnerability. http://www.example.com/wp-content/plugins/tidio-form/popup-insert-help.php?formId="alert1;"...

4.3CVSS1AI score0.04173EPSS
Exploits2References2
wpexploit
wpexploit
added 2015/12/09 12:0 a.m.15 views

YAWPP <= 1.2.2 - Unauthenticated Stored Cross-Site Scripting (XSS)

The yawpp WordPress plugin was affected by an Unauthenticated Stored Cross-Site Scripting XSS security vulnerability. POST /wordpress-4.3/?p=4 HTTP/1.1 Host: wp.lab User-Agent: Mozilla/5.0 Macintosh; Intel Mac OS X 10.10; rv:42.0 Gecko/20100101 Firefox/42.0 Accept:...

4.3CVSS0.4AI score0.01321EPSS
Exploits1References1
wpexploit
wpexploit
added 2015/11/26 12:0 a.m.15 views

Auto ThickBox Plus <= 1.9 - Reflected Cross-Site Scripting (XSS)

The auto-thickbox-plus WordPress plugin was affected by a Reflected Cross-Site Scripting XSS security vulnerability. http://www.example.com/wp-content/plugins/auto-thickbox-plus/download.min.php?file=%3Cscript%3Ealert%281%29%3C/script%3E...

4.3CVSS1.1AI score0.00985EPSS
Exploits1References1
wpexploit
wpexploit
added 2015/07/07 12:0 a.m.15 views

Floating Social Bar <= 1.1.5 - Cross-Site Scripting (XSS)

The Floating Social Bar WordPress plugin was affected by a Cross-Site Scripting XSS security vulnerability. http://www.example.com/wp-admin/admin-ajax.php?action=fsbsaveorder&items1="alert"XSS";...

4.3CVSS0.5AI score0.02067EPSS
Exploits2References2
wpexploit
wpexploit
added 2015/05/25 12:0 a.m.15 views

Anti-Malware & Brute-Force Security by ELI <= 4.15.22 - Stored XSS

The Anti-Malware and Brute-Force Security by ELI has two issues which we will cover in this report. The first is that no nonce CSRF token is utilized on the settings screen. This could potentially result in resource utilization by performing a large number of scans simultaneously, should an...

6.4AI score
Exploits0References1
wpexploit
wpexploit
added 2015/05/15 12:0 a.m.15 views

My Calendar <= 2.3.29 - Arbitrary File Override & Reflected XSS

The file override vulnerability allows an admin to override any file on the web server, ignoring settings such as DISALLOWFILEEDIT. Arbitrary File Override ----------------------- POST http://localhost/wordpress/wp-admin/admin.php?page=my-calendar-styles Post Data: wpnonceavalidnonce...

0.4AI score
Exploits0References1
wpexploit
wpexploit
added 2015/05/13 12:0 a.m.15 views

Indieweb Post Kinds <= 1.3.1 - DOM Cross-Site Scripting (XSS)

The Post Kinds WordPress plugin was affected by a DOM Cross-Site Scripting XSS security vulnerability. http://www.example.com/wp-content/plugins/indieweb-post-kinds/genericons/example.html...

4.3CVSS0.6AI score0.00934EPSS
Exploits2References2
wpexploit
wpexploit
added 2015/05/13 12:0 a.m.15 views

Media File Manager Advanced <= 1.1.5 - Multiple Vulnerabilites

Media File Manager Advanced suffers from executing administrator actions by any authenticated user due to weak permissions checking. An attacker is able to delete/update posts, Creating/Removing/Listing Directories, Moving/Renaming/Deleting Files, Blind SQL Injection and Cross-Site Scripting. Pos...

0.8AI score
Exploits0References2
wpexploit
wpexploit
added 2015/05/11 12:0 a.m.15 views

WordPress 4.1-4.2.1 - Unauthenticated Genericons Cross-Site Scripting (XSS)

Description WordPress 4.1.5 and 4.2.2 removes the Genericons example file which came bundled with the twentyfifteen theme which is vulnerable to DOM based Cross-Site Scripting XSS. http://www.example.com/wp-content/themes/twentyfifteen/genericons/example.html1...

6.7AI score
Exploits0References1
wpexploit
wpexploit
added 2015/05/06 12:0 a.m.15 views

Facebook Page Photo Gallery <= 2.0.9 - DOM Cross-Site Scripting (XSS)

The facebook-page-photo-gallery WordPress plugin was affected by a DOM Cross-Site Scripting XSS security vulnerability. http://www.example.com/prettyPhotormsg0d/2,/...

0.8AI score
Exploits0References1
wpexploit
wpexploit
added 2015/05/04 12:0 a.m.15 views

Pie Register 2.0.14-2.0.15 - Privilege Escalation

User input is not validated correctly when accepting a login request via the Pie Register plugin. It is possible to manipulate posted variables in order to login using an arbitrary User ID such as 1, for the default Administrative account. import requests target="http://localhost" payload =...

1.9AI score
Exploits0References1
wpexploit
wpexploit
added 2015/03/25 12:0 a.m.15 views

Ptengine <= 1.0.1 - Reflected Cross-Site Scripting (XSS)

The ptengine-real-time-web-analytics-and-heatmap WordPress plugin was affected by a Reflected Cross-Site Scripting XSS security vulnerability...

0.5AI score
Exploits0References1
wpexploit
wpexploit
added 2015/02/11 12:0 a.m.15 views

WordPress Uninstall <= 1.1 - WordPress Deletion via CSRF

Any registered user can delete all WordPress database tables and files. This request makes it possible: http://wp.dev/wp-admin/admin-ajax.php?action=uninstall...

5.8CVSS1.1AI score0.0061EPSS
Exploits1
wpexploit
wpexploit
added 2014/08/01 12:0 a.m.15 views

Tinymce Thumbnail Gallery <= 1.0.7 - download-image.php Local File Inclusion

The Tinymce Thumbnail Gallery WordPress plugin was affected by a download-image.php Local File Inclusion security vulnerability. As seen in access logs: http://www.example.com/wp-content/plugins/tinymce-thumbnail-gallery/php/download-image.php?href=../../../../wp-config.php...

1.2AI score
Exploits0References3
wpexploit
wpexploit
added 2014/05/28 12:0 a.m.15 views

WooCommerce Swipe <= 2.7.1 - Unauthenticated Reflected XSS

The last time it was checked the plugin was still affected and had been closed. http://www.example.com/wp-content/plugins/swipehq–payment–gateway–woocommerce/test-plugin.php?apiurl=apiurl%27%3E%3Cscript%3Ealert%284%29%3C/script%3E...

4.3CVSS1.8AI score0.04055EPSS
Exploits2References1
wpexploit
wpexploit
added 2014/04/25 12:0 a.m.15 views

Ultimate Weather Plugin <= 1.0 - Unauthenticated Reflected XSS

The last time it was checked the plugin was still affected and had been closed. http://www.example.com/wp-content/plugins/ultimate–weather–plugin/magpierss/scripts/magpiedebug.php?url=%22%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E...

4.3CVSS1.8AI score0.03686EPSS
Exploits2References1
wpexploit
wpexploit
added 2020/11/19 12:0 a.m.14 views

Contextual Related Posts < 2.9.4 - CSRF Nonce Validation Bypass

The plugin does not properly check for the CSRF nonce in the export and import features, which could allow attackers to make authenticated logged in administrators perform those actions via a CSRF attack. To bypass the nonce validation, just don't send the crpexportsettingsnonce or...

1.5AI score
Exploits0References2
wpexploit
wpexploit
added 2020/08/17 12:0 a.m.14 views

Sell Photo <= 1.0.5 - Authenticated Stored Cross-Site Scripting

The Button Text/Image field in Settings page of Sell Photos Plugin was found to be vulnerable to stored XSS, as they did not sanitize user given input properly. It is triggered when a users loads a page where the plugin is used, and when an admin opens settings page of the plugin. The PoC will be...

0.3AI score
Exploits0References2
wpexploit
wpexploit
added 2020/08/17 12:0 a.m.14 views

Colorbox Lightbox <= 1.1.2 - Authenticated Stored Cross-Site Scripting

The ‘hyperlink’ field in used while linking an image from a URL was found to be vulnerable to stored XSS, as they did not sanitize user given input properly before publishing the post. It is triggered when a users loads a page where the plugin shortcode is used. All WordPress websites using...

6.9AI score
Exploits0References3
wpexploit
wpexploit
added 2020/07/13 12:0 a.m.14 views

Prolisting - Directory Listing < 1.27 - Unauthenticated Reflected XSS

Unauthenticated Reflected XSS vulnerability was discovered in the «Prolisting - Directory Listing WordPress Theme», tested version — v1.2. https://demoapus.com/prolisting/listings/?searchdistance=%22%3E%3Cimg%20src=x%20onerror=alertXSS%3E...

2.3AI score
Exploits0References2
wpexploit
wpexploit
added 2020/02/17 12:0 a.m.14 views

Fruitful Theme < 3.8.1 - Unauthenticated Reflected Cross-Site Scripting (XSS)

The Fruitful WordPress theme, version 3.8 and possibly below, was affected by an unauthenticated Reflected Cross-Site Scripting XSS vulnerability. The vulnerability was patched in version 3.8.1 of the Theme, although the changelog file only mentions: "Bug fix: Fixed issues on comment form" Add a...

0.1AI score
Exploits0References3
wpexploit
wpexploit
added 2019/11/17 12:0 a.m.14 views

Sassy Social Share <= 3.3.3 - Cross-Site Scripting (XSS)

AJAX endpoints which returns JSON data has no Content-Type header set, and uses default text/html. Any JSON that has HTML will be rendered as such. PoC URL uses unauthenticated action "heateorssssharingcount": http://WORDPRESSDOMAINHERE/wp-admin/admin-ajax.php?action=heateorssssharingcount&urls=...

Exploits0
wpexploit
wpexploit
added 2019/07/03 12:0 a.m.14 views

Simple Mail Address Encoder <= 1.6.1 - Reflected Authenticated XSS

Reflected XSS in the base64 encoded fwurl parameter when the plugin has been used for 30 days and shows a donation notice https:///wp-admin/options-general.php?page=smae&smaeaction=remind&fwurl=Iyc7YWxlcnQoL1hTUy8pOy8v...

4.3CVSS1.9AI score0.00985EPSS
Exploits1References1
Total number of security vulnerabilities4359