Lucene search
K
WpexploitMost viewed

4359 matches found

wpexploit
wpexploit
added 2021/08/18 12:0 a.m.581 views

Jock on air now < 5.6.3 - Authenticated Stored Cross-Site Scripting

The plugin does not properly sanitise and escape some Show parameters before outputting them in pages, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed Vulnerable parameters: linkURL some validation is done and...

6.3AI score
Exploits0
wpexploit
wpexploit
added 2022/12/27 12:0 a.m.580 views

FluentAuth < 1.0.2 - Bypass blocks by IP Spoofing

The plugin prioritizes getting a visitor's IP address from certain HTTP headers over PHP's REMOTEADDR, which makes it possible to bypass the IP-based blocks set by the plugin. Set HTTPXREALIP, HTTPXFORWARDEDFOR, HTTPCFCONNECTINGIP or HTTPCLIENTIP to spoof the IP address...

7.5CVSS1.3AI score0.00727EPSS
Exploits2
wpexploit
wpexploit
added 2022/08/16 12:0 a.m.580 views

Affiliates Manager < 2.9.14 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. Put the following payload in the "Currency Symbol" settings of the plugin and save: " Other settings...

4.8CVSS0.8AI score0.00538EPSS
Exploits2
wpexploit
wpexploit
added 2021/08/25 12:0 a.m.581 views

Multiple Plugins - Reflected Cross-Site Scripting via PHPRelativePath Library

The plugins are using the PHPRelativePath library, which contain an example file affected a Reflected Cross-Site Scripting POST /wp-content/plugins/mpl-publisher/vendor/grandt/relativepath/RelativePath.Example1.php HTTP/1.1 Accept:...

1.7AI score
Exploits0
wpexploit
wpexploit
added 2021/08/02 12:0 a.m.580 views

Business Hours Indicator < 2.3.5 - Authenticated Stored XSS

The plugin does not sanitise or escape its 'Now closed message" setting when outputting it in the backend and frontend, leading to an Authenticated Stored Cross-Site Scripting issue Put the following payload in the "Now closed message" setting and save them: alert/XSS/ Then refresh the setting...

5.4CVSS0.1AI score0.0062EPSS
Exploits2
wpexploit
wpexploit
added 2021/05/26 12:0 a.m.580 views

Gallery From Files <= 1.6.0 - Reflected Cross-Site Scripting (XSS)

This plugin gives us the functionality of uploading images to the server. But filenames are not properly sanitized before being output in an error message when they have an invalid extension, leading to a reflected Cross-Site Scripting issue. Due to the lack of CSRF check, the attack could also b...

6.1CVSS6.1AI score0.00412EPSS
Exploits2
wpexploit
wpexploit
added 2022/11/28 12:0 a.m.579 views

Wholesale Market for WooCommerce < 1.0.8 - Admin+ Arbitrary File Download

The plugin does not validate user input used to generate system path, allowing high privilege users such as admin to download arbitrary file from the server even when they should not be able to for example in multisite First call...

4.9CVSS1.9AI score0.00798EPSS
Exploits2
wpexploit
wpexploit
added 2021/09/20 12:0 a.m.579 views

WordPress to Hootsuite (< 1.3.9) & Buffer (< 3.7.5) - Reflected Cross-Site Scripting

The plugins do not properly sanitise and escape user input before outputting it back in pages and attributes, which could lead to reflected Cross-Site Scripting issues https://example.com/wp-admin/admin.php?page=wp-to-buffer-log&s=alert/XSS/...

6.5AI score
Exploits0
wpexploit
wpexploit
added 2022/11/28 12:0 a.m.578 views

Pie Register < 3.8.1.3 - Unauthenticated Arbitrary User Deletion

The plugin does not have authorisation and CSRF when deleting users via an init action handler, allowing unauthenticated attackers to delete arbitrary users along with their posts Invoke the following curl command to delete the user user id 2 curl https://example.com/wp-admin/admin-ajax.php --dat...

6.5CVSS1.8AI score0.00334EPSS
Exploits2
wpexploit
wpexploit
added 2022/10/03 12:0 a.m.578 views

Anti-Spam by CleanTalk < 5.185.1 - Admin+ SQLi

The plugin does not validate ids before using them in a SQL statement, which could lead to SQL injection exploitable by high privilege users such as admin When deleting a scan logs /edit-comments.php?page=ctcheckspamlogs, intercept the request and change the spamids parameter to...

7.2CVSS1AI score0.01015EPSS
Exploits2
wpexploit
wpexploit
added 2021/10/11 12:0 a.m.578 views

Qwizcards < 3.62 - Admin+ Stored Cross Site Scripting

The plugin does not properly sanitize and escape some of its settings, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. Within Settings Qwizcards Qwizcardsa Option, put the following payload in the Qwizcards-content HTML...

4.8CVSS4.8AI score0.00598EPSS
Exploits2
wpexploit
wpexploit
added 2021/08/16 12:0 a.m.578 views

Email Artillery <= 4.1 - Arbitrary File Upload

The plugin does not properly check the uploaded files from the Import Emails feature, allowing arbitrary files to be uploaded. Furthermore, the plugin is also lacking any CSRF check, allowing such issue to be exploited via a CSRF attack as well. However, due to the presence of a .htaccess, denyin...

6.8CVSS6.6AI score0.0054EPSS
Exploits2
wpexploit
wpexploit
added 2022/10/03 12:0 a.m.578 views

Form Maker by 10Web < 1.15.6 - Admin+ SQLI

The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin Create/edit a form, go to the Settings MySQL Mapping i.e...

7.2CVSS0.5AI score0.01015EPSS
Exploits2
wpexploit
wpexploit
added 2021/08/05 12:0 a.m.577 views

WP Mapa Politico Espana < 3.7.0 - Authenticated Stored Cross-Site Scripting

The plugin does not sanitise or escape some of its settings before outputting them in attributes, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml is disallowed Put the following payload in any of the Maps Zona setting fields such as A Coruna:...

4.8CVSS0.5AI score0.00598EPSS
Exploits2
wpexploit
wpexploit
added 2023/04/24 12:0 a.m.576 views

Ninja Forms < 3.6.22 - Reflected XSS

The plugin does not properly escape user input before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin Make a logged in admin open...

6.1CVSS5.7AI score0.00925EPSS
Exploits2
wpexploit
wpexploit
added 2023/01/23 12:0 a.m.576 views

WP Google Review Slider < 11.8 - Subscriber+ SQLi

The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as subscriber. Run the following code in the browser console on any WP Admin page. fetch'/wp-admin/admin-ajax.php', method: 'POST',...

8.8CVSS9.2AI score0.00919EPSS
Exploits2
wpexploit
wpexploit
added 2022/07/26 12:0 a.m.576 views

Product Slider for WooCommerce < 2.5.7 - Subscriber+ Arbitrary Options Deletion

The plugin has flawed CSRF checks and lack authorisation in some of its AJAX actions, allowing any authenticated users, such as subscriber to call them. One in particular could allow them to delete arbitrary blog options. fetch"/wp-admin/admin-ajax.php", "headers": "content-type":...

4.3CVSS0.9AI score0.00308EPSS
Exploits2
wpexploit
wpexploit
added 2021/07/27 12:0 a.m.576 views

uListing < 2.0.6 - Multiple CSRF

The plugin is lacking proper CSRF checks in multiple protected actions within wp-admin pages, leaving them vulnerable to CSRF attacks. PoC | CSRF | Add/Edit Pricing Plans: POST /wp-admin/admin-ajax.php HTTP/2 Host: example.com Cookie: agent or admin cookies User-Agent: Mozilla/5.0 Content-Type:...

6.8CVSS0.5AI score0.00429EPSS
Exploits1
wpexploit
wpexploit
added 2022/12/23 12:0 a.m.574 views

Tickera < 3.5.1.0- Plugin Data Deletion via CSRF

The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged-in admin change them via a CSRF attack. 1. Navigate to Tickera Settings » Delete info 2. Delete info request intercept like that POST...

4.3CVSS1.3AI score0.00292EPSS
Exploits2
wpexploit
wpexploit
added 2021/09/06 12:0 a.m.574 views

Better Find and Replace < 1.2.9 - Reflected Cross-Site Scripting

The plugin does not escape the 's' GET parameter before outputting back in the All Masking Rules page, leading to a Reflected Cross-Site Scripting issue https://example.com/wp-admin/admin.php?page=cs-all-masking-rules&s=alert/XSS/...

6.1CVSS0.6AI score0.008EPSS
Exploits2
wpexploit
wpexploit
added 2020/12/19 12:0 a.m.574 views

Envira Gallery Lite < 1.8.3.3 - Authenticated Stored Cross-Site Scripting

The plugin does not properly sanitise the images metadata namely title before outputting them in the generated gallery. This allows privileged accounts such as editor+ to perform XSS attacks even without the unfilteredhtml capability against users visiting the gallery in the frontend. As an...

1.3AI score0.00661EPSS
Exploits2References1
wpexploit
wpexploit
added 2021/08/06 12:0 a.m.573 views

Pods < 2.7.29 - Multiple Authenticated Stored Cross-Site Scripting (XSS)

The plugin is vulnerable to an Authenticated Stored Cross-Site Scripting XSS security vulnerability in multiple parameters. 1. Go to /wp-admin/admin.php?page=pods 2. Edit one of the pods 3. Choose "Labels" menu 4. In "Label", "Singular Label", "Add New", or "All" input field, you can inject an XS...

0.5AI score
Exploits0
wpexploit
wpexploit
added 2021/07/23 12:0 a.m.573 views

Simple Post <= 1.1 - Authenticated Stored Cross-Site Scripting (XSS)

The plugin does not sanitize user input when an authenticated user Text value, then it does not escape these values when outputting to the browser leading to an Authenticated Stored XSS Cross-Site Scripting issue. 1. Install WordPress 5.7.2 2. Install and activate Simple Post 3. Navigate to...

5.2AI score0.00506EPSS
Exploits2References1
wpexploit
wpexploit
added 2021/03/03 12:0 a.m.573 views

Advanced Order Export For WooCommerce < 3.1.8 - Reflected Cross-Site Scripting (XSS)

This plugin helps you to easily export WooCommerce order data. The tab parameter in the Admin Panel is vulnerable to reflected XSS. wp-admin/admin.php?page=wc-order-export&tab=alert/XSS/...

4.3CVSS0.6AI score0.10348EPSS
Exploits5
wpexploit
wpexploit
added 2021/08/23 12:0 a.m.572 views

Fonts Plugin < 3.0.3 - Contributor+ Stored Cross-Site Scripting

The plugin does not escape and sanitise some of its block settings, allowing users with as role as low as Contributor to perform Stored Cross-Site Scripting attacks via blockType combined with content, align, color, variant and fontID argument of a Gutenberg block. As a contributor, put the...

5.4CVSS0.3AI score0.00604EPSS
Exploits2
wpexploit
wpexploit
added 2021/08/02 12:0 a.m.572 views

SMS Alert Order Notifications – WooCommerce < 3.4.7 Authenticated Cross Site Scripting

The plugin is affected by a cross site scripting XSS vulnerability in the plugin's setting page. Enter the payload below for the "SMS Alert Username" in the plugin's settings. "+onfocus="alert1"+autofocus=" You will observe that the JavaScript payload successfully got reflected is and we are...

6.1CVSS0.4AI score0.00827EPSS
Exploits2
wpexploit
wpexploit
added 2021/07/19 12:0 a.m.572 views

PhoneTrack Meu Site Manager <= 0.1 - Authenticated Stored XSS

The plugin does not sanitise or escape its "phpid" setting before outputting it back in an attribute in the page, leading to a stored Cross-Site Scripting issue. Put the following payload in the "phpid" field in the plugin's settings /wp-admin/options-general.php?page=phtmanager: "alert/XSS/...

3.5CVSS0.2AI score0.00624EPSS
Exploits2
wpexploit
wpexploit
added 2021/04/23 12:0 a.m.572 views

Select All Categories and Taxonomies < 1.3.2 - Reflected Cross-Site Scripting (XSS)

The settings page of the plugin did not properly sanitise the tab parameter before outputting it back, leading to a reflected Cross-Site Scripting issue https://example.com/wp-admin/options-general.php?page=moove-taxonomy-settings&tab=" onMouseOver="alert1;...

4.3CVSS0.6AI score0.10358EPSS
Exploits5
wpexploit
wpexploit
added 2021/01/29 12:0 a.m.572 views

Modern Events Calendar Lite < 5.16.5 - Unauthenticated Events Export

The plugin did not properly restrict access to the export files, allowing unauthenticated users to exports all events data in CSV or XML format for example. https://drive.google.com/file/d/1lLEXDyPp4LcKoCOqYS7A-0YgpIQD-ND/view?usp=sharing...

2.8AI score0.31043EPSS
Exploits5
wpexploit
wpexploit
added 2021/10/01 12:0 a.m.572 views

Ivory Search < 4.7 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape the post parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting issue. The data parameter was also affected, although it was not reported...

6.1CVSS0.6AI score0.00731EPSS
Exploits1
wpexploit
wpexploit
added 2021/08/24 12:0 a.m.571 views

Live Scores for SportsPress < 1.9.1 - Reflected Cross-Site Scripting

The plugin does not sanitise the lsfsmatchdate parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting issue https://example.com/wp-admin/edit.php?posttype=spevent&page=lsfs-live-matches&lsfsmatchdate="alert/XSS/...

0.5AI score
Exploits0
wpexploit
wpexploit
added 2021/08/18 12:0 a.m.571 views

Jock on air now < 5.6.2 - Reflected Cross-Site Scripting

The plugin does not escape the $SERVER'PHPSELF' before outputting it back in an attribute in its settings, leading to a Reflected Cross-Site Scripting issue https://example.com/wp-admin/admin.php/"alert/XSS//?page=joansettings...

0.4AI score
Exploits0
wpexploit
wpexploit
added 2021/08/18 12:0 a.m.571 views

Gutenslider < 5.2.0 - Contributor+ Stored XSS

The plugin does not escape the minWidth attribute of a Gutenburg block, which could allow users with a role as low as contributor to perform Cross-Site Scripting attacks As a contributor or above, create/edit a post, put the below code while in Code Editor mode, and view/preview the post The...

5.4CVSS0.00604EPSS
Exploits2
wpexploit
wpexploit
added 2022/07/11 12:0 a.m.570 views

YaySMTP < 2.2.1 - Subscriber+ Logs Disclosure

The plugin does not have capability check in an AJAX action, allowing any logged in users, such as subscriber to view the Logs of the plugin @author : 0xshdax Rafshanzani Suhada @usage : python3 script.py http://localhost import requests, sys, re, json Setup here url = sys.argv1 headers =...

4.3CVSS0.4AI score0.00585EPSS
Exploits2
wpexploit
wpexploit
added 2022/02/14 12:0 a.m.570 views

WP Visitor Statistics (Real Time Traffic) < 5.6 - Subscriber+ SQL Injection

The plugin does not sanitise and escape the id parameter before using it in a SQL statement via the refUrlDetails AJAX action, available to any authenticated user, leading to a SQL injection https://example.com/wp-admin/admin-ajax.php?action=refUrlDetails&id=sleep1%20--%20g...

8.8CVSS2.3AI score0.01297EPSS
Exploits2
wpexploit
wpexploit
added 2021/09/29 12:0 a.m.570 views

WPeMatico RSS Feed Fetcher < 2.6.12 - Admin+ Stored Cross-Site Scripting

The plugin does not escape the Feed URL added to a campaign before outputting it in an attribute, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. Create/edit a campaign and add the following feed URL:...

4.8CVSS0.7AI score0.00622EPSS
Exploits2
wpexploit
wpexploit
added 2021/05/17 12:0 a.m.570 views

Funnel Builder by CartFlows < 1.6.13 - Authenticated Stored XSS via FB Pixel ID and Google Analytics ID

The plugin did not sanitise its facebookpixelid and googleanalyticsid settings, allowing high privilege users to set XSS payload in them, which will either be executed on pages generated by the plugin, or the whole website depending on the settings used. -- Payloads: $ 'm0ze'; alertdocument.cooki...

4.8CVSS0.1AI score0.00652EPSS
Exploits2References1
wpexploit
wpexploit
added 2021/09/13 12:0 a.m.569 views

Simple Social Media Share Buttons < 3.2.4 - Authenticated Stored Cross-Site Scripting

The plugin does not escape the Share Title settings before outputting it in the frontend pages or posts depending on the settings used, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. Put the following payload in the Sha...

4.8CVSS4.8AI score0.00598EPSS
Exploits2
wpexploit
wpexploit
added 2021/08/09 12:0 a.m.569 views

WPFront Notification Bar < 2.1.0.08087 - Authenticated Stored XSS

The plugin does not properly sanitise and escape its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. To execute the XSS on all frontend pages and plugin's setting page, add the following payload in the...

5.4CVSS5.1AI score0.00624EPSS
Exploits2
wpexploit
wpexploit
added 2021/07/26 12:0 a.m.569 views

GiveWP < 2.12.0 - Authenticated Stored XSS

The plugin did not escape the Donation Level setting of its Donation Forms, allowing high privilege users to use Cross-Site Scripting payloads in them. Put the following payload in any Donation Level Text field of a Donation Form ie...

3.5CVSS0.5AI score0.00617EPSS
Exploits2
wpexploit
wpexploit
added 2021/10/19 12:0 a.m.568 views

Images to WebP < 1.9 - Authenticated Local File Inclusion

The plugin does not validate or sanitise the tab parameter before passing it to the include function, which could lead to a Local File Inclusion issue Assuming WordPress installed at C:\xampp\htdocs\wordpress,...

7.5CVSS0.5AI score0.05028EPSS
Exploits2
wpexploit
wpexploit
added 2021/09/10 12:0 a.m.568 views

Appointment Hour Booking – WordPress Booking Plugin < 1.3.17 - Authenticated Stored XSS

The plugin does not properly sanitize values used when creating new calendars. Open the Appointment Hour Booking Tab. Enter XSS payload like "alertdocument.location in new calendar name field. and click on "add new" button. Go back to the Appointment Hour Booking Tab and select "Publish" for any...

5.4CVSS5.5AI score0.00604EPSS
Exploits2
wpexploit
wpexploit
added 2021/08/06 12:0 a.m.568 views

Highlight < 0.9.3 - Authenticated Stored Cross-Site Scripting

The plugin does not sanitise its CustomCSS setting, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed Tick the "Enable Highlight" setting of the plugin, and put the following payload in the CustomCSS setting as well:...

5.4CVSS0.3AI score0.00624EPSS
Exploits2
wpexploit
wpexploit
added 2020/05/22 12:0 a.m.568 views

ThirstyAffiliates < 3.9.3 - Authenticated Stored XSS

The ThirstyAffiliates Affiliate Link Manager WordPress plugin was vulnerable to authenticated stored Cross-Site Scripting XSS. An authenticated attacker, such as an author, could attach an image with malicious JavaScript as its title, which would be executed once viewed by an administrator user...

3AI score0.00653EPSS
Exploits2References1
wpexploit
wpexploit
added 2021/09/15 12:0 a.m.567 views

PlanSo Forms <= 2.6.3 - Authenticated Stored Cross-Site Scripting

The plugin does not escape the title of its Form before outputting it in attributes, allowing high privilege users such as admin to set XSS payload in it, even when the unfilteredhtml is disallowed, leading to an Authenticated Stored Cross-Site Scripting issue. Timeline July 12th, 2021 - Vendor...

4.8CVSS0.4AI score0.00618EPSS
Exploits2
wpexploit
wpexploit
added 2021/07/21 12:0 a.m.567 views

Grid Gallery < 1.2.5 - Authenticated Stored Cross Site Scripting (XSS)

The plugin does not properly sanitize the title field for image galleries when adding them via the admin dashboard, resulting in an authenticated Stored Cross-Site Scripting vulnerability. Step 1: Install Grid Gallery - Photo Image Grid Gallery plugin in word press and activate the plugin. Step 2...

3.5CVSS0.0062EPSS
Exploits2
wpexploit
wpexploit
added 2021/07/17 12:0 a.m.567 views

VDZ Verification < 1.4 - Authenticated Stored XSS

The plugin does not sanitise its Meta Tag settings, allowing high privilege users such as admin to perform XSS attacks even when the unfilteredhtml capability is disallowed Put the following payload in any of the Meta Tag field in the plugin's Settings...

0.6AI score
Exploits0References1
wpexploit
wpexploit
added 2021/09/29 12:0 a.m.566 views

WordPress Download Manager < 3.2.16 - Admin+ Stored Cross-Site Scripting

The plugin does not escape some of the Download settings when outputting them, allowing high privilege users to perform XSS attacks even when the unfilteredhtml capability is disallowed - Create a new Download, add the following payload in the "Version" and "Link Label" fields from the 'Package...

4.8CVSS0.3AI score0.02774EPSS
Exploits2
wpexploit
wpexploit
added 2021/07/10 12:0 a.m.566 views

VDZ CallBack < 1.14.6 - Authenticated Stored XSS

The plugin does not properly sanitise or escape some of its settings, allowing high privilege users such as admin to perform XSS attacks even when the unfilteredhtml capability is disallowed Put the following payload in the Title setting of the plugin...

0.5AI score
Exploits0References1
wpexploit
wpexploit
added 2021/08/18 12:0 a.m.565 views

ThinkTwit < 1.7.1 - Authenticated Stored Cross-Site Scripting (XSS)

The plugin did not sanitise or escape its "Consumer key" setting before outputting it its settings page, leading to a Stored Cross-Site Scripting issue. Put the following payload in the "Consumer key" setting of the plugin /wp-admin/options-general.php?page=thinktwit: - v alert/XSS/ - v 1.7.1 : "...

5.4CVSS5.3AI score0.00604EPSS
Exploits2
Total number of security vulnerabilities4359