Lucene search
K
WpexploitMost viewed

4359 matches found

wpexploit
wpexploit
added 2019/06/29 12:0 a.m.14 views

Essential Real Estate <= 1.7.1 - XSS

Multiple XSS across the plugin Example: https:///wp-admin/edit.php?poststatus=all&posttype=userpackage&packageuser="&filteraction=Filter&paged=1 https:///wp-admin/edit.php?poststatus=all&posttype=property&propertyauthor="&propertyidentity&filteraction=Filter&paged=1...

1.4AI score
Exploits0References1
wpexploit
wpexploit
added 2018/08/16 12:0 a.m.14 views

Export Users to CSV <= 1.1.1 - CSV Injection

WordPress Export users to CSV plugin version 1.1.1. and before are affected by Remote Code Execution through the CSV injection vulnerability. This allows an application user to inject commands as part of the fields of his profile and these commands are executed when a user with greater privilege...

6.8CVSS1.1AI score0.01498EPSS
Exploits1References2
wpexploit
wpexploit
added 2018/02/22 12:0 a.m.14 views

Photo Gallery by WD <= 1.3.66 - Cross-Site Scripting (XSS)

User input gets first escaped with eschtml and then urldecoded. This leads to the possibility of reflected XSS with a double url encoded payload...

1.2AI score
Exploits0References1
wpexploit
wpexploit
added 2017/12/10 12:0 a.m.14 views

RegistrationMagic - Custom Registration Forms <= 3.8.0.4 - Authenticated Reflected XSS

The RegistrationMagic – Custom Registration Forms and User Login WordPress plugin was affected by a Custom Registration Forms = 3.8.0.4 - Authenticated Reflected XSS security vulnerability. GET...

2.1AI score
Exploits0References2
wpexploit
wpexploit
added 2017/10/12 12:0 a.m.14 views

Invite Anyone <= 1.3.18 - Unauthenticated PHP Object Injection

The plugin invite-anyone insecurely trusts serialized data submitted over HTTP requests. This opens up the site to a PHP object injection vulnerability potential exploit vector. Similar to previous attacks, you send a cookie named "invite-anyone" with serialized data for your target object...

0.5AI score
Exploits0References1
wpexploit
wpexploit
added 2017/07/19 12:0 a.m.14 views

Task Manager Pro <= 1.3.1 - Authenticated Cross-Site Scripting (XSS)

Multiple authenticated XSS vulnerabilities found logged as a low privileged user. Authenticated Stored XSS: Logged as a follower, the lowest privileged user. Write the payload in the 'Add a comment' section Authenticated Reflected XSS On task-edit, task-details, project-details pages:...

0.4AI score
Exploits0References2
wpexploit
wpexploit
added 2017/06/13 12:0 a.m.14 views

Viral Optins - Arbitrary File Upload

Affected versions and whether the issue has been remediated is unclear as the vendor website does not exist anymore. Upload!...

1.6AI score
Exploits0References1
wpexploit
wpexploit
added 2017/05/02 12:0 a.m.14 views

Photo Gallery by WD <= 1.3.35 - Authenticated SQL Injection

http://www.defensecode.com/advisories/DC-2017-02-011WordPressWebDoradoGalleryPluginAdvisory.pdf http://www.vulnerablesite.com/wp-admin/admin-ajax.php?action=addAlbumsGalleries&albumid=0%20AND%20SELECT%20%20FROM%20SELECTSLEEP5VvZV&width=700&height=550&bwgitemsperpage=20&bwgnonce=b939983df9&TBifram...

0.8AI score
Exploits0References1
wpexploit
wpexploit
added 2016/11/11 12:0 a.m.14 views

Mini Cart Plugin 1.00.1 - Authenticated SQL Injection

$REQUESTitem is not escaped. Url is accessible for user collaborator above. Url vulnerable : http://target/wp-admin/edit.php?page=mini-cart/itemform.php=0=edit...

0.7AI score
Exploits0References1
wpexploit
wpexploit
added 2016/09/26 12:0 a.m.14 views

W3 Total Cache <= 0.9.4.1 – Authenticated Arbitrary File Download

When you're creating a support ticket in the plugin page, you can add one or more of your your template themes. Then this file will be send to the author to help him resolving the issue. Now you select one, you send the form and same as for the files before, you will send it to the author to help...

0.5AI score
Exploits0References1
wpexploit
wpexploit
added 2016/04/29 12:0 a.m.14 views

Truemag Theme - Unauthenticated Reflected Cross-Site Scripting (XSS)

The truemag WordPress theme was affected by an Unauthenticated Reflected Cross-Site Scripting XSS security vulnerability. http://WP/?s="%20alertdocument.cookie...

4.3CVSS0.3AI score0.01252EPSS
Exploits2References3
wpexploit
wpexploit
added 2016/04/08 12:0 a.m.14 views

WP Multiple Meta Box 1.0 - Authenticated Blind SQL Injection

The multi-meta-box WordPress plugin was affected by an Authenticated Blind SQL Injection security vulnerability. http://www.example.com/wp-admin/admin.php?page=multimetaboxlisting&action=edit&id=1 AND SELECT FROM SELECTSLEEP5Etmx...

1.6AI score
Exploits0References2
wpexploit
wpexploit
added 2015/09/12 12:0 a.m.14 views

Royal Slider <= 3.2.6 - Authenticated Cross-Site Scripting (XSS)

The vulnerability exists due to insufficient sanitation of user-supplied data in "rstype" HTTP GET parameter when creating / editing a slider. A remote attacker can trick a logged-in administrator to open a specially crafted link and execute arbitrary HTML and script code in browser in context of...

4.3CVSS1.6AI score0.01156EPSS
Exploits2References1
wpexploit
wpexploit
added 2015/08/14 12:0 a.m.14 views

WP-Polls <= 2.70 - Stored Cross-Site Scripting (XSS)

The /wp-admin/admin.php?page=wp-polls%2Fpolls-add.php page is vulnerable to XSS within the pollqquestion and pollaanswers parameters. Add a new poll with the question or answer as...

1AI score
Exploits0References1
wpexploit
wpexploit
added 2015/07/05 12:0 a.m.14 views

Image Export <= 1.1.0 - Directory Traversal

The image-export WordPress plugin was affected by a Directory Traversal security vulnerability. $ curl http://www.example.com/wp-content/plugins/image-export/download.php?file=/etc/passwd...

2.2AI score
Exploits0References2
wpexploit
wpexploit
added 2015/06/26 12:0 a.m.14 views

Multiple Themes - Privilige Escalation

The themes suffer from a privilege escalation vulnerability, any authenticated user can trigger this vulnerability due to weak permissions checking. An attacker can update options, such as changing user's default role, registration state and others, which may lead to executing commands/code on th...

6.5CVSS1.1AI score0.01488EPSS
Exploits3References2
wpexploit
wpexploit
added 2015/06/23 12:0 a.m.14 views

wp-instance-rename <= 1.0 - Arbitrary File Download

The wp-instance-rename WordPress plugin was affected by an Arbitrary File Download security vulnerability. url --data "dbname=wp&dumpfname=/etc/passwd&backupfolder=." http://www.example.com/wp-instance-rename/mysqldumpdownload.php -o p.zip...

5CVSS1.6AI score0.02851EPSS
Exploits3References2
wpexploit
wpexploit
added 2015/06/12 12:0 a.m.14 views

Zip Attachments <= 1.1.4 - Arbitrary File Download

The zip-attachments plugin allows arbitrary file downloads because it does not check the download path of the requested file. http://www.example.com/wp-content/plugins/zip-attachments/download.php?zafile=../../../../../etc/passwd&zafilename=passwd...

5CVSS1.9AI score0.15646EPSS
Exploits2References1
wpexploit
wpexploit
added 2015/05/15 12:0 a.m.14 views

Visual Form Builder <= 2.8.2 - SQL Injection & Reflected XSS

The Visual Form Builder WordPress plugin was affected by a SQL Injection & Reflected XSS security vulnerability. SQL Injection ------------- http://www.example.com/wp-admin/admin.php?page=visual-form-builder&form-filter=1+or+1%3D2...

0.6AI score
Exploits0References1
wpexploit
wpexploit
added 2015/05/12 12:0 a.m.14 views

Modern Theme <= 1.4.1 - DOM Cross-Site Scripting (XSS)

The Modern WordPress theme was affected by a DOM Cross-Site Scripting XSS security vulnerability. http://www.example.com/wp-content/themes/modern/genericons/example.html...

4.3CVSS1AI score0.00907EPSS
Exploits1References1
wpexploit
wpexploit
added 2015/04/12 12:0 a.m.14 views

N-Media Website Contact Form with File Upload <= 1.3.4 - Arbitrary File Upload

The "uploadfile" ajax function is affected from unrestricted file upload vulnerability. curl -k -X POST -F "action=upload" -F "Filedata=@./backdoor.php" -F "action=nmwebcontactuploadfile" http://www.example.com/wp-admin/admin-ajax.php Response:...

1.1AI score
Exploits0References4
wpexploit
wpexploit
added 2015/01/29 12:0 a.m.14 views

WPtouch <= 3.6.6 - Unvalidated Open Redirect

The WPtouch WordPress plugin was affected by an Unvalidated Open Redirect security vulnerability. http://www.example.com/?wptouchswitch=mobile&redirect=http%3A%2F%2Fdomain.com...

1.1AI score
Exploits0References1
wpexploit
wpexploit
added 2014/08/01 12:0 a.m.14 views

5star by Templatic - CSRF File Upload

Description The 5star WordPress theme was affected by a Templatic Theme CSRF File Upload security vulnerability. File Access: https://example.com/wp-content/themes/5star/images/tmp/yourshell.php...

7.4AI score
Exploits0References1
wpexploit
wpexploit
added 2014/08/01 12:0 a.m.14 views

Video Posts Webcam Recorder < 1.55.5 - Unauthenticated Reflected Cross-Site Scripting (XSS)

The Video Posts Webcam Recorder WordPress plugin was affected by a Cross-Site Scripting XSS security vulnerability. https://example.com/wp-content/plugins/video-posts-webcam-recorder/posts/videowhisper/rlogout.php?message=message'//...

4.3CVSS1.4AI score0.01618EPSS
Exploits2References2
wpexploit
wpexploit
added 2014/03/05 12:0 a.m.14 views

Barclaycart - Unauthenticated Shell Upload

The Barclaycart WordPress plugin was found to be vulnerable to an Unauthenticated Shell Upload security vulnerability, due to using a vulnerable version of the third-party uploadify dependency. This issue has been seen exploited in the wild. "@$uploadfile",...

0.4AI score
Exploits0References1
wpexploit
wpexploit
added 2011/09/08 12:0 a.m.14 views

Community Events <= 1.2.1 - SQL Injection

The Community Events WordPress plugin was affected by a SQL Injection security vulnerability. curl --data "id=-1 AND EXTRACTVALUE1, CONCATCHAR58,@@version,CHAR58-- " http://www.site.com/wp-content/plugins/community-events/tracker.php...

1.3AI score
Exploits0References1
wpexploit
wpexploit
added 2020/10/14 12:0 a.m.13 views

Quick Chat <= 4.14 - Authenticated Stored Cross-Site Scripting

An Authenticated Persistent XSS vulnerability is present in the the plugin options page /wp-admin/options-general.php?page=quick-chat/quick-chat.php, vulnerable fields: «Chat name prefix for guest users», «Advertisement code for your AdSense». The PoC will be displayed once the issue has been...

0.8AI score
Exploits0References1
wpexploit
wpexploit
added 2020/10/14 12:0 a.m.13 views

Quick Chat <= 4.14 - Unauthenticated Stored Cross-Site Scripting

An Unauthenticated Persistent XSS vulnerability was discovered in the Quick Chat plugin v4.14 for WordPress. The PoC will be displayed once the issue has been remediated...

0.9AI score
Exploits0References1
wpexploit
wpexploit
added 2020/08/17 12:0 a.m.13 views

NextGEN Gallery Sell Photo <= 1.0.4 - Authenticated Stored Cross-Site Scripting

The Button Text/Image field in Settings page of Sell Photos Plugin was found to be vulnerable to stored XSS, as they did not sanitize user given input properly. It is triggered when a users loads a page where the plugin is used, and when an admin opens settings page of the plugin. The PoC will be...

0.2AI score
Exploits0References2
wpexploit
wpexploit
added 2020/08/06 12:0 a.m.13 views

Konzept < 2.5 - Unauthenticated Reflected XSS

An Unauthenticated Reflected XSS vulnerability was discovered in the Konzept theme through 2.3 for WordPress. /?s=%22%3E%3Cimg+src%3Dx+onerror%3Dalert%60XSS%60%3B%3E...

1.7AI score
Exploits0References2
wpexploit
wpexploit
added 2020/07/13 12:0 a.m.13 views

Kormosala – Job Board < 1.0.23 - Unauthenticated Reflected XSS

Unauthenticated Reflected XSS vulnerability was discovered in the «Kormosala – Job Board WordPress Theme», tested version — v1.0.22...

2.6AI score
Exploits0References2
wpexploit
wpexploit
added 2020/07/13 12:0 a.m.13 views

Jetapo < 1.1 - Unauthenticated Reflected Cross-Site Scripting (XSS)

An Unauthenticated Reflected XSS vulnerability was discovered in the Jetapo theme through 1.0.0 for WordPress. https://jetapo.inwavethemes.com/jobs/?location=%22%20autofocus%20onfocus=alertXSS;%20%22%3E...

1.3AI score
Exploits0References2
wpexploit
wpexploit
added 2020/07/08 12:0 a.m.13 views

Mailster Gravity Forms < 2.4.9 - Unauthenticated Stored Cross-Site Scripting (XSS)

Mailster 1 is a newsletter plugin for WordPress. It allows to create, send and track the newsletter campaigns. Compass Security identified a stored Cross-Site Scripting XSS vulnerability affecting the administration interface. Successful exploitation requires no authentication and can be performe...

6.1AI score
Exploits0References2
wpexploit
wpexploit
added 2020/03/05 12:0 a.m.13 views

Brizy - Page Builder < 1.0.114 - Unauthenticated Site Settings Update

Edit WPscanTeam The plugin fails to restrict access to the site settings page, allowing unauthenticated users to change them, such as site title, description as well as put XSS payload in the footer, leading to Unauthenticated Stored XSS issues. As we saw probes in the wild checking for the issue...

Exploits0
wpexploit
wpexploit
added 2020/01/29 12:0 a.m.13 views

Portfolio Filter Gallery < 1.1.3 - CSRF & Reflected XSS

Lack of CSRF checks on the Filters page could allow attackers to add/edit/update/delete categories and delete all categories, as well as perform reflected XSS attacks. v1.0.8 fixed the reflected XSS, however no CSRF check on delete and deleteallcategory actions v1.1.0 released, no additional fix...

0.3AI score
Exploits0References2
wpexploit
wpexploit
added 2019/12/26 12:0 a.m.13 views

bbPress Members Only <= 1.2.1 - CSRF on Optional Settings page

The plugin does not prevent Cross-Site Request Forgery attacks on its 'Optional Settings' page...

0.9AI score
Exploits0References1
wpexploit
wpexploit
added 2019/10/23 12:0 a.m.13 views

Groundhogg <= 1.3.11.3 - Authenticated SQL Injection

Wordpress Groundhogg plugin with a version lower than 1.3.11.3 is affected by an Authenticated SQL Injection vulnerability. Exploit Title: Wordpress Groundhogg /wp-admin/admin.php?page=ghbulkjobs&action=ghexportcontacts&optinstatus%5B0%5D=selectfromselectsleep20a&optinstatus%5B1%5D=0 - The respon...

0.8AI score
Exploits0References1
wpexploit
wpexploit
added 2018/09/05 12:0 a.m.13 views

Image Intense <= 3.2.5 - Authenticated SQL Injection in shortcodes

The vendor does not consider it to be a vulnerability, it remains unfixed. SQL Injection in handling of the "etpbimagen10s" shortcode. The last version at the time of the original advisory, 3.2.5, is known to be affected. etpbsection bbbuilt="1"etpbrowetpbcolumn type="44"etpbimagen10s...

3.3AI score
Exploits0References2
wpexploit
wpexploit
added 2018/08/19 12:0 a.m.13 views

Supreme Directory Theme <= 1.1.8 - Unauthenticated Cross-Site Scripting (XSS)

This theme has a parameter, s, that allows execute a xss payload: " 1. Install the theme 2. Access the web on another browser 3. Write this uri: website.com/?s="alert0...

1AI score
Exploits0References1
wpexploit
wpexploit
added 2017/12/28 12:0 a.m.13 views

Church Admin 0.33.2.1 - Unauthenticated Directory Traversal

The "key" parameter of download.php from plugins/church-admin/display/download.php is not sanitized and is vulnerable to a directory traversal type of attack. http:///wp-content/plugins/church-admin/display/download.php?key=../../../../../../../etc/passwd...

2.8AI score
Exploits0
wpexploit
wpexploit
added 2017/12/27 12:0 a.m.13 views

woocommerce-csvimport 3.3.6 – Authenticated Arbitrary File Deletion

Type user access: any user registered. $POST'filename' is not escaped. Code File: wp-content/plugins/woocommerce-csvimport/export/include/classes/woocsvExport.php Line:64 public function deleteexportfile if isset $POST'filename' @unlink $POST'filename' ; wpdie 0 ; Result: wp-config.php file delet...

0.3AI score
Exploits0References1
wpexploit
wpexploit
added 2017/11/10 12:0 a.m.13 views

Ultimate Instagram Feed <= 1.3.1 - Authenticated Cross-Site Scripting (XSS)

In regards to https://wpvulndb.com/vulnerabilities/8947, the XSS vulnerability remains in 1.3 and 1.3.1 as the author passes GET'accesstoken' to sanitizetextfield. However, the value is inserted into an attribute of an element, and sanitizetextfield does not filter for quotes single or double...

0.4AI score
Exploits0References1
wpexploit
wpexploit
added 2017/11/03 12:0 a.m.13 views

Simple Events Calendar <= 1.3.5 - Authenticated SQL Injection

Type user access: administrator user. $POST‘eventid’ is not escaped. File / Code: Path Request: /wp-content/plugins/simple-events-calendar/simple-events-calendar.php Line : 467 $editevent = $POST'eventid'; $update = $wpdb-getresults " SELECT FROM $tablename WHERE id = $editevent ", "ARRAYA" ;...

0.8AI score
Exploits0References1
wpexploit
wpexploit
added 2017/07/03 12:0 a.m.13 views

WP Statistics <= 12.0.8.1 - Authenticated Reflected Cross-Site Scripting (XSS)

Version 12.0.8.1 and below of the WP Statistics WordPress Plugin was found to be vulnerable to Authenticated Reflected Cross-Site Scripting XSS. The 'ip' GET parameter on the 'wpsvisitorspage' page is output to a page without first being validated, sanitised or output encoded. This leads to...

1.9AI score
Exploits0References2
wpexploit
wpexploit
added 2017/06/20 12:0 a.m.13 views

All-in-One WP Migration <= 6.45 - Reflected Cross-Site Scripting (XSS)

All-in-One WP Migration is vulnerable to Reflected Cross-Site Scripting on secretkey parameter. http://example.com/wp-admin/admin-ajax.php?action=ai1wmstatus&secretkey="!--...

1.4AI score
Exploits0References1
wpexploit
wpexploit
added 2017/02/10 12:0 a.m.13 views

Javo Spot Premium Theme - Unauthenticated Directory Traversal

Print out any file in the via an unauthenticated AJAX request. /wp-admin/admin-ajax.php? jvfrmspotgetjson&fn=../../wp-config.php&callback=jQuery...

4.7AI score
Exploits0References2
wpexploit
wpexploit
added 2016/12/12 12:0 a.m.13 views

WP Support Plus Responsive Ticket System < 8.0.0 – Authenticated SQL Injection

Type user access: any user. $POST‘catid’ is not escaped. Is accessible for any user...

0.7AI score
Exploits0References3
wpexploit
wpexploit
added 2016/12/05 12:0 a.m.13 views

Single Personal Message 1.0.3 – Authenticated SQL Injection

Type user access: any user. $GET‘message’ is not escaped. Is accessible for every registered user. http://www.example.com/wp-admin/admin.php?page=simple-personal-message-outbox&action=view&message=0%20UNION%20SELECT%201,2.3,name,5,slug,7,8,9,10,11,12%20FROM%20wpterms%20WHERE%20termid=1...

2.9AI score
Exploits0References2
wpexploit
wpexploit
added 2016/07/19 12:0 a.m.13 views

Form Lightbox - Arbitrary Option Update Leading to Admin Account

This is a plugin that is no longer in the WordPress repository, however, is still in use on some sites. With this vulnerability an attacker can update any option in the WordPress database. This includes gaining an admin access. Using the file ajax.php that contains the following line: updateoptio...

0.4AI score
Exploits0References2
wpexploit
wpexploit
added 2016/04/12 12:0 a.m.13 views

Indexisto WordPress Site Search <= 1.0.5 - Unauthenticated Reflected Cross-Site Scripting (XSS)

The indexisto WordPress plugin was affected by an Unauthenticated Reflected Cross-Site Scripting XSS security vulnerability. http://www.example.com/wp-content/plugins/indexisto/assets/js/indexisto-inject.php?indexistoindex="alert1;"...

4.3CVSS1.1AI score0.03432EPSS
Exploits2References2
Total number of security vulnerabilities4359