Lucene search
K
WpexploitRecent

4359 matches found

wpexploit
wpexploit
added 2023/10/26 12:0 a.m.142 views

Assistant < 1.4.4 - Editor+ SSRF

Description The plugin does not validate a parameter before making a request to it via wpremoteget, which could allow users with a role as low as Editor to perform SSRF attacks As an Editor or above, open http://example.com/index.php?flasstimageproxy&url=https://127.0.0.1...

8.8CVSS8.8AI score0.00694EPSS
Exploits2
wpexploit
wpexploit
added 2023/10/26 12:0 a.m.173 views

WP Hotel Booking < 2.0.8 - Unauthenticated SQLi

Description The plugin does not have authorisation and CSRF checks, as well as does not escape user input before using it in a SQL statement of a function hooked to admininit, allowing unauthenticated users to perform SQL injections Run the below command in the developer console of the web browse...

9.8CVSS9.8AI score0.63711EPSS
Exploits2
wpexploit
wpexploit
added 2023/10/26 12:0 a.m.121 views

WP Hotel Booking < 2.0.9 - Contributor+ Arbitrary Post Deletion

Description The plugin does not have proper authorisation when deleting a package, allowing Contributor and above roles to delete posts that do no belong to them Run the below command in the developer console of the web browser while being on the blog as a Contributor user. This will put the post...

5.4CVSS7AI score0.0052EPSS
Exploits2
wpexploit
wpexploit
added 2023/10/26 12:0 a.m.156 views

WP Hotel Booking < 2.0.8 - Subscriber+ Arbitrary Post Deletion

Description The plugin does not have authorisation and CSRF checks, as well as does not ensure that the package to be deleted is a package, allowing any authenticated users, such as subscriber to delete arbitrary posts Run the below command in the developer console of the web browser while being ...

5.4CVSS7.2AI score0.00271EPSS
Exploits2
wpexploit
wpexploit
added 2023/10/23 12:0 a.m.175 views

Royal Elementor Addons and Templates 1.4.78 - Unauthenticated Arbitrary File Upload

Description The plugin does not properly validate uploaded files, which could allow unauthenticated users to upload arbitrary files, such as PHP and achieve RCE. Note that this vulnerability is identical to https://wpscan.com/vulnerability/281518ff-7816-4007-b712-63aed7828b34/ as it was introduce...

9.8CVSS9.6AI score0.81695EPSS
Exploits18
wpexploit
wpexploit
added 2023/10/20 12:0 a.m.205 views

Slimstat Analytics < 5.0.10 - Contributor+ SQL Injection

Description The plugin is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 5.0.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers wit...

8.8CVSS6.5AI score0.00916EPSS
Exploits4
wpexploit
wpexploit
added 2023/10/16 12:0 a.m.113 views

History Log by click5 < 1.0.13 - Admin+ Time-Based Blind SQL Injection

Description The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by admin users when using the Smash Balloon Social Photo Feed plugin alongside it. 1 Navigate to Instagram Feed Settings Manage Sources, then click o...

7.2CVSS7.9AI score0.00676EPSS
Exploits2
wpexploit
wpexploit
added 2023/10/16 12:0 a.m.150 views

Responsive Pricing Table < 5.1.8 - Admin+ Stored Cross-Site Scriping

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup 1. Create a New Pricing Table and Add ...

4.8CVSS5.5AI score0.00436EPSS
Exploits2References1
wpexploit
wpexploit
added 2023/10/16 12:0 a.m.126 views

Awesome Support < 6.1.5 - Insufficient permission check in wpas_edit_reply

Description The plugin does not correctly authorize the wpaseditreply function, allowing users to edit posts for which they do not have permission. Log in as a subscriber and run the following code in the browser, setting the replyid to any post ID. fetch"/wp-admin/admin-ajax.php", "headers":...

4.3CVSS6.6AI score0.00405EPSS
Exploits2
wpexploit
wpexploit
added 2023/10/16 12:0 a.m.177 views

User Registration < 3.0.4.2 - Admin+ Stored XSS

Description The plugin does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. 1. Install and activate this plugin -...

4.8CVSS5.7AI score0.00562EPSS
Exploits2
wpexploit
wpexploit
added 2023/10/16 12:0 a.m.146 views

Awesome Support < 6.1.5 - Reflected Cross-Site Scripting

Description The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. Visit the following URL as an admin user, with any valid ticket ID. Press the access k...

6.1CVSS5.8AI score0.00398EPSS
Exploits2
wpexploit
wpexploit
added 2023/10/16 12:0 a.m.171 views

WP Simple Table Manager Plugin <= 1.5.6 - Admin+ Stored Cross-Site Scripting

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. 1. Click Simple Table Manager then...

4.8CVSS5.5AI score0.00405EPSS
Exploits2References1
wpexploit
wpexploit
added 2023/10/16 12:0 a.m.141 views

Front End PM < 11.4.3 - Sensitive Data Exposure via Directory Listing

Description The plugin does not block listing the contents of the directories where it stores attachments to private messages, allowing unauthenticated visitors to list and download private attachments if the autoindex feature of the web server is enabled...

6.5CVSS6.7AI score0.00409EPSS
Exploits2
wpexploit
wpexploit
added 2023/10/16 12:0 a.m.147 views

Templately < 2.2.6 - Unauthenticated Arbitrary Post Deletion

Description The plugin does not properly authorize the saved-templates/delete REST API call, allowing unauthenticated users to delete arbitrary posts. Ensure the Elementor plugin is installed so that the Elementor Template functionality is enabled. curl -X POST...

7.5CVSS7.8AI score0.00608EPSS
Exploits2
wpexploit
wpexploit
added 2023/10/16 12:0 a.m.133 views

WooCommerce Ninja Forms Product Add-ons < 1.7.1 - Unauthenticated Arbitrary File Upload

Description The plugin does not validate the file to be uploaded, allowing any unauthenticated users to upload arbitrary files to the server, leading to RCE. Make sure to have both WooCommerce and NinjaForms 3.4.34.2 NF's latest version on the 3.4 branch installed, then follow those instructions:...

9.8CVSS9.8AI score0.00877EPSS
Exploits2
wpexploit
wpexploit
added 2023/10/16 12:0 a.m.194 views

Awesome Support < 6.1.5 - Submitter+ Arbitrary File Deletion

Description The plugin does not sanitize file paths when deleting temporary attachment files, allowing a ticket submitter to delete arbitrary files on the server. 1. Visit Tickets Settings File Upload 2. Ensure "Enable File Upload", "Enable drag-n-drop uploader for ticket form", and "Check this t...

8.1CVSS6.7AI score0.0066EPSS
Exploits2
wpexploit
wpexploit
added 2023/10/16 12:0 a.m.150 views

URL Shortify < 1.7.9.1 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup Multiple parameters in the plugin's...

4.8CVSS5AI score0.00408EPSS
Exploits2
wpexploit
wpexploit
added 2023/10/16 12:0 a.m.121 views

WP Discord Invite < 2.5.2 - Admin+ Stored Cross Site Scripting

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup 1. Go to the WP Discord Invite plugin...

4.8CVSS5.7AI score0.00402EPSS
Exploits2
wpexploit
wpexploit
added 2023/10/16 12:0 a.m.161 views

Ninja Forms < 3.6.34 - Admin+ Stored XSS

Description The plugin does not sanitize and escape its label fields, which could allow high privilege users such as admin to perform Stored XSS attacks. Only users with the unfilteredhtml capability can perform this, and such users are already allowed to use JS in posts/comments etc however the...

4.8CVSS5.6AI score0.0062EPSS
Exploits2References1
wpexploit
wpexploit
added 2023/10/13 12:0 a.m.236 views

Gutenberg < 16.8.1 - Contributor+ Stored XSS

Description The plugin does not adequately escape the content of the footnotes within the paragraph block of the block editor, leading to a Contributor+ Cross-Site Scripting vulnerability. 1. Create a new post as a Contributor user. 2. Add a paragraph block and add a footnote to the paragraph. 3...

6.6AI score
Exploits0
wpexploit
wpexploit
added 2023/10/13 12:0 a.m.377 views

WP < 6.3.2 - Unauthenticated Post Author Email Disclosure

Description WordPress does not properly restrict which user fields are searchable via the REST API. from multiprocessing import Pool import requests import string import json import sys if lensys.argv != 2: printf'USAGE: sys.argv0 ' sys.exit url = sys.argv1.rstrip'/' + '/wp-json/wp/v2/users'...

5.3CVSS5.6AI score0.03862EPSS
Exploits4References2
wpexploit
wpexploit
added 2023/10/09 12:0 a.m.148 views

Fattura24 < 6.2.8 - Reflected Cross-Site Scripting

Description The plugin does not sanitize or escape the 'id' parameter before outputting it back in the page, leading to a reflected Cross-Site Scripting vulnerability. wp-admin/options-general.php?page=fatt-24-tax&id=12alert1%3B...

6.1CVSS6.2AI score0.00396EPSS
Exploits2
wpexploit
wpexploit
added 2023/10/09 12:0 a.m.213 views

Campaign Monitor Forms < 2.5.6 - Subscriber+ Arbitrary Options Update

Description The plugin does not prevent users with low privileges like subscribers from overwriting any options on a site with the string "true", which could lead to a variety of outcomes, including DoS. Once the site gets at least 25 conversions using the plugin, a notice will show up on the...

8.1CVSS7.1AI score0.0058EPSS
Exploits2
wpexploit
wpexploit
added 2023/10/09 12:0 a.m.132 views

Popup box < 3.7.2 - Admin+ Stored Cross-Site Scripting

Description The plugin does not sanitize and escape some Popup fields, which could allow high-privilege users such as an administrator to inject arbitrary web scripts even when the unfilteredhtml capability is disallowed for example in a multisite setup. 1. Create a new PopUp Box within the plugi...

4.8CVSS5.1AI score0.00402EPSS
Exploits2
wpexploit
wpexploit
added 2023/10/09 12:0 a.m.143 views

Memberlite Shortcodes < 1.3.9 - Contributor+ Stored XSS via Shortcode

Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admin...

5.4CVSS5.4AI score0.00449EPSS
Exploits2References1
wpexploit
wpexploit
added 2023/10/09 12:0 a.m.174 views

EventPrime < 3.2.0 - Booking Creation via CSRF

Description The plugin does not have CSRF checks when creating bookings, which could allow attackers to make logged in users create unwanted bookings via CSRF attacks. Create an Event, noting its ID. Add a ticket type to the Event the details don't matter. As a logged-in user, visit a page with t...

4.3CVSS4.7AI score0.00231EPSS
Exploits2
wpexploit
wpexploit
added 2023/10/09 12:0 a.m.176 views

EventPrime < 3.2.0 - Reflected XSS

Description The plugin does not sanitise and escape some parameters before outputting them back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. POC 1 - Visit any of the following pages created by the plugin: - Event Organize...

6.1CVSS6.1AI score0.0042EPSS
Exploits2
wpexploit
wpexploit
added 2023/10/09 12:0 a.m.169 views

WP Meta and Date Remover < 2.2.0 - Subscriber+ Stored XSS

Description The plugin provides an AJAX endpoint for configuring the plugin settings. This endpoint has no capability checks and does not sanitize the user input, which is then later output unescaped. Allowing any authenticated users, such as subscriber change them and perform Stored Cross-Site...

5.4CVSS5.1AI score0.00377EPSS
Exploits2
wpexploit
wpexploit
added 2023/10/09 12:0 a.m.190 views

WordPress File Sharing Plugin < 2.0.5 - Subscriber+ Sensitive Data and Files Exposure via IDOR

Description The plugin does not check authorization before displaying files and folders, allowing users to gain access to those filed by manipulating IDs which can easily be brute forced 1. Create a private folder that contains a file that you intend keep secret. 2. Add the plugin shortcode...

4.3CVSS4.9AI score0.00487EPSS
Exploits2References1
wpexploit
wpexploit
added 2023/10/09 12:0 a.m.132 views

Login screen manager <= 3.5.2 - Admin+ Stored XSS

Description The plugin does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. Put the following payload in the "Hov...

4.8CVSS4.8AI score0.00379EPSS
Exploits2
wpexploit
wpexploit
added 2023/10/09 12:0 a.m.248 views

Royal Elementor Addons and Templates < 1.3.79 - Unauthenticated Arbitrary File Upload

Description The plugin does not properly validate uploaded files, which could allow unauthenticated users to upload arbitrary files, such as PHP and achieve RCE. Make sure you have Elementor installed and a page or post edited with Elementor. Here's the python script that will execute the exploit...

9.8CVSS9.7AI score0.81695EPSS
Exploits18
wpexploit
wpexploit
added 2023/10/09 12:0 a.m.140 views

E2Pdf < 1.20.20 - Admin+ Stored Cross-Site Scriping

Description The plugin does not sanitize and escape some of its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed 1 Create a new template on...

4.8CVSS4.8AI score0.00402EPSS
Exploits2
wpexploit
wpexploit
added 2023/10/09 12:0 a.m.153 views

EventPrime < 3.2.0 - Reflected HTML Injection on keyword parameter

Description The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to an HTML Injection on the plugin in the search area of the website. Insert '"Clickme! on the keyword search field or directly on the link...

6.1CVSS6.5AI score0.0042EPSS
Exploits2
wpexploit
wpexploit
added 2023/10/09 12:0 a.m.166 views

Photos and Files Contest Gallery – Contact Form < 21.2.8.1 - Unauthenticated Stored XSS via HTTP Headers

Description The plugin does not sanitise and escape some parameters, which could allow unauthenticated users to perform Cross-Site Scripting attacks via certain headers. 1. Use a proxy such as BurpSuite to add the following header to all requests: X-Forwarded-For: 11.11.11.11 2. Create a gallery...

6.1CVSS6.1AI score0.00501EPSS
Exploits2References1
wpexploit
wpexploit
added 2023/10/09 12:0 a.m.170 views

CITS Support svg, webp Media and TTF,OTF File Upload < 3.0 - Author+ Stored XSS via SVG

Description The plugin does not sanitise uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads. As an author, upload an SVG with the payload: alert"xss"; View the SVG and see the XSS...

5.4CVSS5.4AI score0.0039EPSS
Exploits2
wpexploit
wpexploit
added 2023/10/05 12:0 a.m.153 views

Newsletter Lite < 4.9.3 - Admin+ Command Injection

Description The plugin does not properly escape user-controlled parameters when they are appended to SQL queries and shell commands, which could enable an administrator to run arbitrary commands on the server. 1 Navigate to "Newsletters Configuration History & Emails Configuration"...

7.2CVSS7.5AI score0.00963EPSS
Exploits2
wpexploit
wpexploit
added 2023/09/27 12:0 a.m.214 views

Collapse-O-Matic <= 1.8.5.5 - Contributor+ Stored XSS

Description The plugin does not validate and escape some parameters, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks As a Contributor user create a new post and add a shortcode containing the following payload: expand elwraptag="img...

6.5CVSS5.3AI score0.00328EPSS
Exploits1References1
wpexploit
wpexploit
added 2023/09/26 12:0 a.m.144 views

Track The Click < 0.3.12 - Author+ Time-Based Blind SQL Injection

Description The plugin does not properly sanitize query parameters to the stats REST endpoint before using them in a database query, allowing a logged in user with an author role or higher to perform time based blind SQLi attacks on the database. Version 0.3.11 changes the API endpoint to only be...

7.1AI score0.00882EPSS
Exploits2
wpexploit
wpexploit
added 2023/09/26 12:0 a.m.129 views

WP Discord Invite < 2.5.1 - Arbitrary Settings Update via CSRF

Description The plugin does not protect some of its actions against CSRF attacks, allowing an unauthenticated attacker to perform actions on their behalf by tricking a logged in administrator to submit a crafted request. alert1;'/...

7.3AI score0.00327EPSS
Exploits2
wpexploit
wpexploit
added 2023/09/25 12:0 a.m.142 views

Simple Posts Ticker < 1.1.6 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup 1. Go to "Settings Simple Posts Ticker...

4.8CVSS4.8AI score0.00402EPSS
Exploits2References1
wpexploit
wpexploit
added 2023/09/25 12:0 a.m.107 views

User Activity Log Pro < 2.3.4 - Unauthenticated Stored Cross-Site Scripting via User Agent

Description The plugin does not properly escape recorded User-Agents in the user activity logs dashboard, which may allow visitors to conduct Stored Cross-Site Scripting attacks. 1 Make sure the plugin's Enable User Agent For Log setting is set at /wp-admin/admin.php?page=ualpsettings 2 If you're...

5.4CVSS5.3AI score0.00394EPSS
Exploits2
wpexploit
wpexploit
added 2023/09/25 12:0 a.m.145 views

ActivityPub for WordPress < 1.0.0 - Subscriber+ Arbitrary Post Title Disclosure

Description The plugin does not ensure that post titles to be displayed are public and belong to the plugin, allowing any authenticated user, such as subscriber to retrieve the title of arbitrary post such as draft and private via an IDOR vector Run the below command in the developer console of t...

4.3CVSS4.5AI score0.00468EPSS
Exploits2
wpexploit
wpexploit
added 2023/09/25 12:0 a.m.167 views

WP Matterport Shortcode < 2.1.8 - Contributor+ Stored XSS via shortcode

Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks As a contributor, put the...

5.4CVSS5.4AI score0.00403EPSS
Exploits2References1
wpexploit
wpexploit
added 2023/09/25 12:0 a.m.163 views

ActivityPub for WordPress < 1.0.0 - Subscriber+ Arbitrary Post Content Disclosure

Description The plugin does not ensure that post contents to be displayed are public and belong to the plugin, allowing any authenticated user, such as subscriber to retrieve the content of arbitrary post such as draft and private via an IDOR vector. Password protected posts are not affected by...

4.3CVSS4.4AI score0.00468EPSS
Exploits2
wpexploit
wpexploit
added 2023/09/25 12:0 a.m.131 views

User Activity Log Pro < 2.3.4 - IP Spoofing

Description This plugin retrieves client IP addresses from potentially untrusted headers, allowing an attacker to manipulate its value. This may be used to hide the source of malicious traffic. 1. In User Activity Log Settings, enable the setting "Allow Ip Address of users to log." and save...

7.5CVSS7.6AI score0.0055EPSS
Exploits2
wpexploit
wpexploit
added 2023/09/25 12:0 a.m.184 views

WP Job Openings < 3.4.3 - Sensitive Data Exposure via Directory Listing

Description The plugin does not block listing the contents of the directories where it stores attachments to job applications, allowing unauthenticated visitors to list and download private attachments if the autoindex feature of the web server is enabled...

5.3CVSS5.4AI score0.00541EPSS
Exploits2References1
wpexploit
wpexploit
added 2023/09/25 12:0 a.m.137 views

ActivityPub for WordPress < 1.0.1 - Contributor+ Stored XSS

Description The plugin does not sanitize and escape some data from post content, which could allow contributor and above role to perform Stored Cross-Site Scripting attacks As a contributor, create or edit a post with the payload below while in code editor mode xyz The XSS will be triggered when...

5.4CVSS5.3AI score0.00403EPSS
Exploits2
wpexploit
wpexploit
added 2023/09/25 12:0 a.m.147 views

PageLayer < 1.7.7 - Unauthenticated Stored XSS

Description The plugin doesn't prevent unauthenticated attackers from updating a post's header or footer code on scheduled posts. Unauthenticated attacker Proof of Concept 1 As a legitimate administrator, schedule a post to be published in a few minutes. 2 Close every window to that site to preve...

6.1CVSS6.6AI score0.00455EPSS
Exploits2
wpexploit
wpexploit
added 2023/09/25 12:0 a.m.158 views

WP Matterport Shortcode < 2.1.7 - Reflected XSS

Description The plugin does not escape the PHPSELF server variable when outputting it in attributes, leading to Reflected Cross-Site Scripting issues which could be used against high privilege users such as admin Make a logged in admin open https://example.com/wp-admin/admin.php/"/?page=wpms-opti...

6.1CVSS6.1AI score0.0042EPSS
Exploits2
wpexploit
wpexploit
added 2023/09/25 12:0 a.m.151 views

PageLayer < 1.7.8 - Author+ Stored XSS

Description The plugin doesn't prevent attackers with author privileges and higher from inserting malicious JavaScript inside a post's header or footer code. - As a user with Author+ capabilities, create a new post draft - Save it, then edit it using the PageLayer page builder - Navigate to the...

5.4CVSS5.6AI score0.00415EPSS
Exploits2
Total number of security vulnerabilities4359