Lucene search
K
WpexploitMost viewed

4359 matches found

wpexploit
wpexploit
added 2018/04/23 12:0 a.m.8 views

Outdated VRView Library Used, Leading to Reflected XSS

The vrview = 1.1.3 and wp-vr-view = 1.6 plugins are using an outdated version of the VRView library 2.0.2, which is affected by a reflected cross-site scripting issue. The PoC will be displayed once the issue has been remediated...

1.4AI score
Exploits0References1
wpexploit
wpexploit
added 2017/05/31 12:0 a.m.8 views

Simple Slideshow Manager <= 2.3 – Multiple Vulnerabilities

The Simple Slideshow Manager WordPress plugin was affected by security vulnerability. 3.1 Cross-Site Scripting Vulnerable Function: echo Vulnerable Variable: $GET'name' Vulnerable URL: http://www.vulnerablesite.com/wp-admin/admin.php?page=Acurax-Slideshow-AddImages&name="alert42 3.2 Cross-Site...

0.6AI score
Exploits0References1
wpexploit
wpexploit
added 2016/12/05 12:0 a.m.8 views

WA Form Builder 1.1 - Unauthenticated SQL Injection

$POST ‘waformsId’ is not escaped. WAFormBuilderuioutput is accessible to any user...

2AI score
Exploits0References1
wpexploit
wpexploit
added 2015/09/20 12:0 a.m.8 views

wordpress vertical image slider plugin < 1.2 - Cross-Site Scripting & CSRF

The lack of CSRF check and sanitisation could allow attackers to perform Cross-Site Scripting attack against logged in administrator, as well as upload arbitrary files XSS via CSRF: alert"XSS"' alert"XSS"' setTimeout'form1.submit', 1; Upload file via CSRF:...

0.7AI score
Exploits0References2
wpexploit
wpexploit
added 2015/05/08 12:0 a.m.8 views

Yet Another Related Posts Plugin (YARPP) 4.2.4 - CSRF / XSS / RCE

'Yet Another Related Posts Plugin' options can be updated with no token/nonce protection which an attacker may exploit via tricking website's administrator to enter a malformed page which will change YARPP options, and since some options allow html the attacker is able to inject malformed...

0.1AI score
Exploits0References3
wpexploit
wpexploit
added 2015/03/31 12:0 a.m.8 views

SP Project & Document Manager <= 2.5.3 - Blind SQL Injection

The SP Project & Document Manager WordPress plugin was affected by a Blind SQL Injection security vulnerability. http://www.example.com/wp-content/plugins/sp-client-document-manager/ajax.php?function=thumbnails&pid=SQLi...

1.2AI score
Exploits0References1
wpexploit
wpexploit
added 2014/08/01 12:0 a.m.8 views

Real Estate by Templatic - CSRF File Upload

Description The realestate WordPress theme was affected by a Templatic Theme CSRF File Upload security vulnerability. File Access: https://example.com/wp-content/themes/Realestate/images/tmp/yourshell.php...

7.4AI score
Exploits0References1
wpexploit
wpexploit
added 2019/03/01 12:0 a.m.7 views

Freemius Library < 2.2.4 - Subscriber+ Arbitrary Option Update

Description The library, used in numerous plugins, does not have proper authorisation when updating blog options, allowing any authenticated users, such as subscriber to update arbitrary options As any authenticated user: Enable new user registrations:...

7.2AI score
Exploits0References4
wpexploit
wpexploit
added 2015/04/15 12:0 a.m.7 views

Ajax Store Locator <= 1.2 - Remote SQL Injection

The ajax-store-locator WordPress plugin was affected by a Remote SQL Injection security vulnerability. http://www.example.com/wordpress/wp-admin/admin-ajax.php?action=sldalsearchlocation&funMethod=SearchStore&Location=Social&StoreLocation=11 AND SELECT FROM SELECTSLEEP10LCKZ...

1.8AI score
Exploits0References3
Total number of security vulnerabilities4359