Lucene search
K
WpexploitMost viewed

4359 matches found

wpexploit
wpexploit
added 2015/08/04 12:0 a.m.11 views

Admin Pack by SITE CASEIRO <= 1.1 - Authenticated Stored Cross-Site Scripting (XSS)

The admin-pack-by-site-caseiro WordPress plugin was affected by an Authenticated Stored Cross-Site Scripting XSS security vulnerability...

0.9AI score
Exploits0References1
wpexploit
wpexploit
added 2014/12/27 12:0 a.m.11 views

Frontend Uploader <= 0.9.2 - Unauthenticated Cross-Site Scripting (XSS)

The Frontend Uploader WordPress plugin was affected by an Unauthenticated Cross-Site Scripting XSS security vulnerability. http://localhost:8080/?pageid=0&&errorsfu-disallowed-mime-type0name=%3CSCRIPT%20SRC=http://ha.ckers.org/xss.js?%3C%20B%20%3E...

4.3CVSS0.9AI score0.06701EPSS
Exploits2References1
wpexploit
wpexploit
added 2014/12/02 12:0 a.m.11 views

Wordpress CodeArt Google MP3 Player - File Disclosure

The google-mp3-audio-player WordPress plugin was affected by a File Disclosure security vulnerability. http://www.example.com/wp-content/plugins/google-mp3-audio-player/directdownload.php?file=../../../wp-config.php...

0.9AI score
Exploits0References1
wpexploit
wpexploit
added 2014/08/01 12:0 a.m.11 views

Dailydeal by Templatic - CSRF File Upload

The dailydeal WordPress theme was affected by a Templatic Theme CSRF File Upload security vulnerability. File Access: https://example.com/wp-content/themes/dailydeal/images/tmp/yourshell.php...

0.1AI score
Exploits0References1
wpexploit
wpexploit
added 2014/08/01 12:0 a.m.11 views

Nightlife by Templatic - CSRF File Upload

The nightlife WordPress theme was affected by a Templatic Theme CSRF File Upload security vulnerability. File Access: https://example.com/wp-content/themes/nightlife/images/tmp/yourshell.php...

7.5AI score
Exploits0References1
wpexploit
wpexploit
added 2014/05/07 12:0 a.m.11 views

Prostore < 1.1.3 - Open Redirection

The prostore WordPress theme was affected by an Open Redirection security vulnerability. /wp-content/themes/prostore/go.php?https://example.com...

1.3AI score
Exploits0References2
wpexploit
wpexploit
added 2020/04/11 12:0 a.m.10 views

Support Ticket System By Phoeniixx <= 2.7 - Unauthenticated Reflected XSS

Bad user input sanitisation leads to unauthenticated reflected XSS. Edit WPScanTeam: January 27th, 2020 - Report received & WP Plugin team notified January 31st, 2020 - WP plugin team acknowledgement & plugin closed. April 11th, 2020 - No updates, disclosing...

0.9AI score
Exploits0
wpexploit
wpexploit
added 2019/12/02 12:0 a.m.10 views

Superlist <= 2.9.2 - Stored Cross-Site Scripting (XSS)

Persistent XSS was discovered in the 'Superlist - Directory WordPress Theme', the version tested was v2.9.2. Edit WPScanTeam: December 2nd, 2019 - Envato Contacted December 2nd, 2019 - Envato Investigating December 12th, 2019 - No updates, disclosing The PoC will be displayed once the issue has...

0.7AI score
Exploits0References1
wpexploit
wpexploit
added 2019/09/07 12:0 a.m.10 views

Qwiz Online Quizzes And Flashcards <= 3.36 - Unauthenticated Reflected Cross Site Scripting

The qname, iqwiz, sessionid and username parameters passed to the registrationcomplete.php file are affected by XSS issues. Plugin has been closed while the issue is being fixed. /wp-content/plugins/qwiz-online-quizzes-and-flashcards/registrationcomplete.php?&qname=alert"XSS"...

1.7AI score
Exploits0References1
wpexploit
wpexploit
added 2019/07/05 12:0 a.m.10 views

Gallery Photoblocks < 1.1.41 - Unauthenticated Reflected XSS

Also Full Path Disclosure depending on the configuration of the server https:///wp-content/plugins/photoblocks-grid-gallery/admin/partials/photoblocks-edit.php?id="...

1.1AI score
Exploits0References1
wpexploit
wpexploit
added 2019/05/18 12:0 a.m.10 views

Newsletter Manager < 1.5 - Unauthenticated Open Redirect

The plugin used base64 encoded user input in the appurl parameter without validation, to redirect users using the header PHP function, leading to an open redirect issue In the file '/newsletter-manager/confirmation.php': 33: $xyzemurl = base64decode$GET'appurl'; ... 179:...

0.5AI score
Exploits0References1
wpexploit
wpexploit
added 2019/03/29 12:0 a.m.10 views

Social Media & Share Icons <= 2.1.7 - Multiple Issues

The Social Media Share Buttons & Social Sharing Icons WordPress plugin was affected by a Multiple Issues security vulnerability. https://plugins.trac.wordpress.org/browser/ultimate-social-media-icons/tags/2.1.7/libs/controllers/sfsibuttonscontroller.phpL877...

2.1AI score
Exploits0References1
wpexploit
wpexploit
added 2018/11/07 12:0 a.m.10 views

Better WordPress reCAPTCHA <= 2.0.3 - Unauthenticated Cross-Site Scripting (XSS)

There is a reflected XSS vulnerability in Better WordPress reCAPTCHA plugin version 2.0.3, and possibly below. The parameter cerror value is reflected in the page when this plugin is enabled. Once plugin disabled, the "cerror" parameter's value is not reflected in the page anymore. This is the HT...

1AI score
Exploits0References1
wpexploit
wpexploit
added 2017/06/27 12:0 a.m.10 views

Ultimate Product Catalogue <= 4.2.2 - Authenticated SQL Injection

Type user access: subscriber upwards. $POST‘CatID’ is not escaped. File / Code: Path: /wp-content/plugins/ultimate-product-catalogue/Functions/ProcessAjax.php...

0.7AI score
Exploits0References1
wpexploit
wpexploit
added 2016/07/26 12:0 a.m.10 views

Woo Custom Checkout Field <= 1.3.4 - CSRF & Stored XSS

Due to a lack of CSRF mitigation and entity encoding in the ccfinsert function found on line 118 of include/ccf.php and in the output generated by template/datagrid.php, it is possible to store and execute scripts in the context of an admin user...

7.5AI score
Exploits0References3
wpexploit
wpexploit
added 2015/05/21 12:0 a.m.10 views

Simple Photo Gallery 1.7.8 - Blind SQL Injection

MySQL = 5.0.12 AND time-based blind SELECT sql injection in the galleryid parameter. ./sqlmap.py --dbms=MYSQL --technique T -u http://www.example.com/wordpress/index.php/wppgphotogallery/wppgphotodetails/?galleryid=1&imageid=14...

1.5AI score
Exploits0
wpexploit
wpexploit
added 2015/04/24 12:0 a.m.10 views

Premium SEO Pack 1.8.0 - Unauthenicated Arbitrary File Upload & LFD

This plugin is vulnerable to Local File Disclosure and Remote Code Execute via Arbitrary File Upload. BASE64 ENCODED SHELL...

0.7AI score
Exploits0References3
wpexploit
wpexploit
added 2015/04/06 12:0 a.m.10 views

QAEngine Theme - Privilege Escalation

QAEngine vulnerability allows an attacker to have an administrator account on the target's website. http://www.example.com/wp-admin/admin-ajax.php?action=ae-sync-user&method=create&userlogin=xADMIN&userpass=xPASS&role=administrator...

3.6AI score
Exploits0References2
wpexploit
wpexploit
added 2015/03/27 12:0 a.m.10 views

Aspose Cloud eBook Generator - File Download

The Aspose Cloud eBook Generator WordPress plugin was affected by a File Download security vulnerability. As seen in access logs: http://www.example.com/wp-content/plugins/aspose-cloud-ebook-generator/asposepostsexporterdownload.php?file=../../../wp-config.php...

0.8AI score
Exploits0References1
wpexploit
wpexploit
added 2015/02/22 12:0 a.m.10 views

Quasar Theme Rock Form Builder plugin - Privilege Escalation

The Rock Form Builder plugin 1.0 is used within the Quasar WooCommerce theme 1.9.1. Authenticated users can modify WordPress settings which can lead to full site compromise. It's unclear which exact version of the rock-form-builder fixed the issue, but it was something in between 1.0 and 2.5, so...

7AI score
Exploits0References3
wpexploit
wpexploit
added 2014/12/15 12:0 a.m.10 views

SEO Redirection < 2.3 - Unauthenticated Stored Cross-Site Scripting (XSS)

The plugin did not sanitise the referer link from requests before displaying them in the 'Settings SEO Redirection Redirection History' page. This result in a Store dCross-Site Scripting XSS issue This cURL request to a redirected page with a custom referer makes it possible: curl -H 'Referer:...

6.4AI score
Exploits0
wpexploit
wpexploit
added 2014/09/28 12:0 a.m.10 views

NativeChurch Theme - Arbitrary File Download

Description The NativeChurch WordPress theme was affected by an Arbitrary File Download security vulnerability. https://example.com/wp-content/themes/NativeChurch/download/download.php?file=../../../../wp-config.php...

7.2AI score
Exploits0References3
wpexploit
wpexploit
added 2014/08/01 10:58 a.m.10 views

wp-FileManager <= 1.3.0 - File Download

The wp-filemanager WordPress plugin was affected by a File Download security vulnerability. As seen in access logs: http://www.example.com/wp-content/plugins/wp-filemanager/incl/libfile.php?path=../../&filename=wp-config.php&action=download...

1.4AI score
Exploits0References1
wpexploit
wpexploit
added 2020/01/03 12:0 a.m.9 views

WooCommerce Conversion Tracking < 2.0.5 - CSRF to XSS

The settings page of the plugin is lacking CSRF checks as well as input sanitisation, leading to stored XSS. ' /...

1.2AI score
Exploits0References1
wpexploit
wpexploit
added 2019/07/08 12:0 a.m.9 views

WP Custom Body Class <= 0.7.0 - CSRF to Stored XSS and Settings Update

Lack of CSRF check and sanitisation when updating the plugin's settings could lead to unauthorised settings update as well as stored XSS issues XSS fixed in 0.7.0. CSRF still there - vendor contacted CSRF fixed in 0.7.1 /wp-admin/options-general.php?page=custombodyclass" method="POST" ' /...

0.3AI score
Exploits0References1
wpexploit
wpexploit
added 2019/05/01 12:0 a.m.9 views

Blog Designer <= 1.8.10 - Unauthenticated Stored Cross-Site Scripting (XSS)

The Blog Designer WordPress plugin was affected by an Unauthenticated Stored Cross-Site Scripting XSS security vulnerability. Send POST request to: /wp-admin/admin-ajax.php?action=save&updated=true With request body: customcss=confirm1...

1.2AI score
Exploits0References1
wpexploit
wpexploit
added 2018/02/22 12:0 a.m.9 views

Custom Permalinks <= 1.1 - Authenticated SQL Injection

Missing checking of user controllable input during Bulk Action in the Custom Permalinks backend page leads to SQL injection vulnerability. Send authenticated POST request to "URL/wp-admin/admin.php?page=custom-permalinks-post-permalinks" with parameters "action=delete&permalinks=1 PAYLOAD -- "...

1AI score
Exploits0
wpexploit
wpexploit
added 2017/07/19 12:0 a.m.9 views

WordPress Task Manager Pro <= 1.3.1 - Authenticated SQL Injection

Blind SQL Injection on task-details page task parameter. Logged as a follower: https://localhost/wp/wp-admin/admin.php?page=task-details&task=6+and+sleep1+and+1%3D1...

1.8AI score
Exploits0References2
wpexploit
wpexploit
added 2017/06/21 12:0 a.m.9 views

Email Before Download < 4.0 - SMTP Header Injection

Email Before Download https://wordpress.org/plugins/email-before-download/ before version 4.0 was vulnerable to an SMTP header injection which allows abuse of vulnerable website to send spam or phishing emails. In email-before-download.php, the "emailFrom" variable comes directly from the...

1.8AI score
Exploits0References1
wpexploit
wpexploit
added 2017/05/24 12:0 a.m.9 views

AffiliateWP <= 2.0.9 - Authenticated Cross-Site Scripting (XSS)

The AffiliateWP WordPress plugin was affected by an Authenticated Cross-Site Scripting XSS security vulnerability. http://vulnerablesite.com//wp-admin/admin.php?page=affiliate-wp-referrals&filterfrom=%27%3C%2Fscript%3E%3Cscript%3Ealert%2842%29%3C%2Fscript%3E...

1.7AI score
Exploits0References1
wpexploit
wpexploit
added 2017/04/27 12:0 a.m.9 views

Row Seats Core <= 2.66 - Unauthenticated PHP Object Injection

The plugin row-seats insecurely trusts serialized data submitted over HTTP requests. This opens up the site to a PHP object injection vulnerability potential exploit vector. This vulnerability was patched in version 2.68, information is being released now as a disclosure period has expired. Attac...

1AI score
Exploits0References1
wpexploit
wpexploit
added 2017/04/24 12:0 a.m.9 views

Answer My Question 1.3 - Cross-Site Scripting (XSS)

The answer-my-question WordPress plugin was affected by a Cross-Site Scripting XSS security vulnerability. Host: 10.194.0.44 URL: http://10.194.0.44/wp-content/plugins/answer-my-question/modal.php Parameter: Hidden Field id Payload: "alert1...

0.3AI score
Exploits0References1
wpexploit
wpexploit
added 2017/04/19 12:0 a.m.9 views

AccessPress Social Icons < 1.6.8 - Authenticated SQL Injections

During the security analysis, ThunderScan discovered SQL injection vulnerabilities in AccessPress Social Icons WordPress plugin. The easiest way to reproduce the vulnerability is to visit the provided URL while being logged in as administrator or another user that is authorized to access the plug...

3.9AI score
Exploits0References2
wpexploit
wpexploit
added 2016/12/31 12:0 a.m.9 views

XCloner - Backup and Restore < 3.1.5 - Authenticated Path Traversal

Authenticated users are able to perform directory listings at any location available to the Wordpress user, leaking filenames of previous backups. This was found in XCloner - Backup and Restore version 3.1.4, but may have been introduced in earlier versions. Attackers can leverage directory...

7.3AI score
Exploits0References2
wpexploit
wpexploit
added 2016/11/28 12:0 a.m.9 views

Product Catalog 8 1.2 - Unauthenticated SQL Injection

$POST ‘selectedCategory’ is not escaped. UpdateCategoryList is accessible for any user...

0.6AI score
Exploits0References2
wpexploit
wpexploit
added 2016/03/22 12:0 a.m.9 views

Memphis Document Library Plugin <= 3.1.5 - Arbitrary File Download

The function "mdocsimgpreview" is in charge of downloading image previews previously uploaded by the administrator, but it does not sanitize the file path being downloaded, thus, allowing to download arbitrary files in the file system. The vulnerable GET parameter is "mdocs-img-preview". The...

0.9AI score
Exploits0References1
wpexploit
wpexploit
added 2016/03/21 12:0 a.m.9 views

ABtest - File Inclusion

The abtest WordPress plugin was affected by a File Inclusion security vulnerability. http://www.example.com/wp-content/plugins/abtest/abtestadmin.php?action=../../../../../../../../../../../../../../../proc/self/environ%00...

2.4AI score
Exploits0References2
wpexploit
wpexploit
added 2015/12/04 12:0 a.m.9 views

Advanced uploader - Local File Inclusion

The Advanced uploader WordPress plugin was affected by a Local File Inclusion security vulnerability. http://www.example.com/wp-content/plugins/advanced-uploader/upload.php?destinations=../../../../../../../../../wp-config.php%00...

1.6AI score
Exploits0References1
wpexploit
wpexploit
added 2015/07/25 12:0 a.m.9 views

Music Store <= 1.0.14 - Referer Header Open Redirect

The Music Store – WordPress eCommerce WordPress plugin was affected by a Referer Header Open Redirect security vulnerability. GET /wp-content/plugins/music-store/ms-core/ms-submit.php HTTP/1.1 Host: localhost Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8 Accept-Language:...

0.4AI score
Exploits0References3
wpexploit
wpexploit
added 2015/05/05 12:0 a.m.9 views

WordPress prettyPhoto <= 1.1 - DOM Cross-Site Scripting (XSS)

The WordPress prettyPhoto WordPress plugin was affected by a DOM Cross-Site Scripting XSS security vulnerability. http://www.example.com/prettyPhotogallery/1,/...

0.7AI score
Exploits0References1
wpexploit
wpexploit
added 2015/04/23 12:0 a.m.9 views

Ultimate Product Catalogue <= 3.1.2 - Unauthenticated SQL Injection

Unauthenticated SQL injection in parameter "SingleProduct" when a web visitor explores a product published by the web administrator. This exploit needs magicquotesgpc turned off in the destination server. File Functions/Shortcodes.php line 779 http:///?SingleProduct=2'+and+'a'='a...

1.3AI score
Exploits0References3
wpexploit
wpexploit
added 2015/04/13 12:0 a.m.9 views

WordPress Video Gallery <= 2.8 - SQL Injection

Note: The vendor patched the issue but did not change the version number. Using fixed in version 2.8.1 for detection reasons although in reality this version does not exist at the time of writing. http://www.example.com/wp-admin/admin-ajax.php?action=googleadsense&vid=SQLi...

2.4AI score
Exploits0References3
wpexploit
wpexploit
added 2015/04/10 12:0 a.m.9 views

Duplicator <= 0.5.14 - SQL Injection & CSRF

An authorised user with "export" permission or a remote unauthenticated attacker could use this vulnerability to execute arbitrary SQL queries on the victim WordPress web site by enticing an authenticated admin CSRF. http://www.example.com/wp-admin/admin-ajax.php?action=duplicatorpackagedelete PO...

2.9AI score
Exploits0References3
wpexploit
wpexploit
added 2015/01/15 6:3 p.m.9 views

Feedweb 2.4.1-3.0.6 - SQL Injection

The feedweb WordPress plugin was affected by a SQL Injection security vulnerability. http://www.example.com/wp-content/plugins/feedweb/widgetcontainer.php?pid= Inject here &ishp=true...

1.8AI score
Exploits0References1
wpexploit
wpexploit
added 2015/01/15 10:8 a.m.9 views

GI-Media Library <= 2.2.2 - Arbitrary File Download

The gi-media-library WordPress plugin was affected by an Arbitrary File Download security vulnerability. /wp-content/plugins/gi-media-library/download.php?fileid=Li4vLi4vLi4vd3AtY29uZmlnLnBocA== Where "Li4vLi4vLi4vd3AtY29uZmlnLnBocA==" is "../../../wp-config.php" Base64 encoded...

2.4AI score
Exploits0References2
wpexploit
wpexploit
added 2012/08/28 12:0 a.m.9 views

Plugin HD Webplayer <= 1.1 - SQL Injections

The last time it was checked the plugin was still affected and had been closed. http://example.com/wp-content/plugins/hd-webplayer/config.php?id=INJECT HERE http://example.com/wp-content/plugins/hd-webplayer/playlist.php?videoid=INJECT HERE...

0.8AI score
Exploits0References1
wpexploit
wpexploit
added 2020/02/05 12:0 a.m.8 views

WP Fastest Cache < 0.9.0.3 - Cross-Site Request Forgery (CSRF) Arbitrary File Deletion

The plugin did not have a CSRF nonce check on the "wpfcdeletecurrentpagecache" action, allowing CSRF attacks against authenticated users to delete arbitrary files, including the wp-config.php file. document.form.submit;...

1.4AI score
Exploits0References2
wpexploit
wpexploit
added 2019/12/26 12:0 a.m.8 views

WP Accessibility < 1.7.0 - Minor Authenticated Stored XSS in custom CSS

A minor authenticated stored XSS vulnerability was found in the "Styles for Skiplinks when they have focus" section of the WP Accessibility plugin. 1 Navigate to the Settings page of the plugin https://example.com/wp-admin/options-general.php?page=wp-accessibility/wp-accessibility.php 2 Select th...

0.4AI score
Exploits0References1
wpexploit
wpexploit
added 2019/11/08 12:0 a.m.8 views

Safe SVG < 1.9.6 - XSS Protection Bypass

By using entities in payload XSS will success to bypass the protection of the Safe SVG Plugin Video POC for Video PoC for v1.9.5 : https://www.youtube.com/watch?v=hnQA2hc-4k...

0.9AI score
Exploits0References2
wpexploit
wpexploit
added 2019/01/09 12:0 a.m.8 views

User Registration <= 1.5.5 - Authenticated Cross-Site Scripting (XSS)

The User Registration – Custom Registration Form, Login And User Profile For WordPress WordPress plugin was affected by an Authenticated Cross-Site Scripting XSS security vulnerability...

1.2AI score
Exploits0References1
Total number of security vulnerabilities4359