Lucene search
K
WpexploitRecent

4359 matches found

wpexploit
wpexploit
•added 2023/08/30 12:0 a.m.•161 views

DoLogin Security < 3.7 - Unauthenticated Stored Cross-Site Scripting

Description The plugin does not properly sanitize IP addresses coming from the X-Forwarded-For header, which can be used by attackers to conduct Stored XSS attacks via WordPress' login form. 1. Put javascript payload on html.cafe. const url = 'https://s…t/wp-admin/user-new.php'; fetchurl...

6.1CVSS6AI score0.00627EPSS
Exploits2
wpexploit
wpexploit
•added 2023/08/30 12:0 a.m.•121 views

Ditty < 3.1.25 - Reflected XSS

Description The plugin does not sanitise and escape some parameters and generated URLs before outputting them back in attributes, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

6.1CVSS6.1AI score0.00812EPSS
Exploits2
wpexploit
wpexploit
•added 2023/08/23 12:0 a.m.•129 views

Serial Codes Generator and Validator with WooCommerce Support < 2.4.15 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup There are two fields affected by a...

4.8CVSS4.8AI score0.00402EPSS
Exploits2
wpexploit
wpexploit
•added 2023/08/23 12:0 a.m.•148 views

Leyka < 3.30.4 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup Note: The issue was reported to the...

4.8CVSS4.8AI score0.00379EPSS
Exploits2
wpexploit
wpexploit
•added 2023/08/21 12:0 a.m.•153 views

Min Max Control < 4.6 - Reflected XSS

Description The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. alert1'...

6.1CVSS6.1AI score0.00396EPSS
Exploits2
wpexploit
wpexploit
•added 2023/08/21 12:0 a.m.•149 views

FTP Access <= 1.0 - Subscriber+ Stored XSS

Description The plugin does not have authorisation and CSRF checks when updating its settings and is missing sanitisation as well as escaping in them, allowing any authenticated users, such as subscriber to update them with XSS payloads, which will be triggered when an admin will view the setting...

5.4CVSS5.4AI score0.00193EPSS
Exploits2
wpexploit
wpexploit
•added 2023/08/21 12:0 a.m.•137 views

URL Shortify < 1.7.6 - Unauthenticated Stored XSS via referer header

Description The plugin does not properly escape the value of the referer header, thus allowing an unauthenticated attacker to inject malicious javascript that will trigger in the plugins admin panel with statistics of the created short link. 1. Add a new shortened link in the interface...

6.1CVSS6.4AI score0.00735EPSS
Exploits2
wpexploit
wpexploit
•added 2023/08/21 12:0 a.m.•205 views

MasterStudy LMS < 3.0.18 - Unauthenticated Instructor Account Creation

Description The plugin does not have proper checks in place during registration allowing anyone to register on the site as an instructor. They can then add courses and/or posts. 1. Visit the Profiles Settings page for the plugin: MS LMS LMS Settings Profiles 2. Ensure that "Disable Instructor...

7.5CVSS7.5AI score0.03495EPSS
Exploits6
wpexploit
wpexploit
•added 2023/08/21 12:0 a.m.•147 views

Herd Effects < 5.2.3 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup In the plugin settings, add a new item...

4.8CVSS4.8AI score0.00402EPSS
Exploits2
wpexploit
wpexploit
•added 2023/08/21 12:0 a.m.•139 views

Lock User Account < 1.0.4- Arbitrary Account Lock/Unlock via CSRF

Description The plugin does not have CSRF check when bulk locking and unlocking accounts, which could allow attackers to make logged in admins lock and unlock arbitrary users via a CSRF attack Make a logged in admin open one of the links below, this will make them lock/unlock the user with ID 5...

4.3CVSS4.7AI score0.00218EPSS
Exploits2
wpexploit
wpexploit
•added 2023/08/21 12:0 a.m.•163 views

Appointment booking addon for Gravity Forms < 1.10.0 - Reflected Cross-Site Scripting

Description The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against admin 1. Create a "Service" and a "Provider" under the "gAppointments" sidebar menu. 2. Create a new form within Gravity...

6.1CVSS6.2AI score0.00396EPSS
Exploits2
wpexploit
wpexploit
•added 2023/08/21 12:0 a.m.•212 views

WP Adminify < 3.1.6 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup Several fields in the plugin are...

4.8CVSS4.8AI score0.00399EPSS
Exploits2
wpexploit
wpexploit
•added 2023/08/21 12:0 a.m.•125 views

Herd Effects < 5.2.4 - Effect Deletion via CSRF

Description The plugin does not have CSRF when deleting its items, which could allow attackers to make logged in admins delete arbitrary effects via a CSRF attack Make a logged in admin open https://example.com/wp-admin/admin.php?page=mwp-herd-effect&info=delete&did=1, this will make them delete...

4.3CVSS4.7AI score0.00218EPSS
Exploits2
wpexploit
wpexploit
•added 2023/08/17 12:0 a.m.•126 views

wpDataTables < 2.1.66 - Admin+ PHP Object Injection

Description The plugin does not validate the "Serialized PHP array" input data before deserializing the data. This allows admins to deserialize arbitrary data which may lead to remote code execution if a suitable gadget chain is present on the server. This is impactful in environments where admin...

7.2CVSS8.2AI score0.01262EPSS
Exploits2
wpexploit
wpexploit
•added 2023/08/17 12:0 a.m.•560 views

tagDiv Composer < 4.2 - Unauthenticated Stored XSS

Description The plugin, used as a companion by the Newspaper and Newsmag themes from tagDiv, does not have authorisation in a REST route and does not validate as well as escape some parameters when outputting them back, which could allow unauthenticated users to perform Stored Cross-Site Scriptin...

6.1CVSS6.2AI score0.01595EPSS
Exploits2
wpexploit
wpexploit
•added 2023/08/17 12:0 a.m.•212 views

tagDiv Composer < 4.2 - Admin+ Stored XSS

Description The plugin, used as a companion by the Newspaper and Newsmag themes from tagDiv, does not validate and escape some settings, which could allow users with Admin privileges to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example i...

4.8CVSS4.9AI score0.00377EPSS
Exploits2
wpexploit
wpexploit
•added 2023/08/14 12:0 a.m.•228 views

Multiple Themes - Reflected XSS

Description The themes suffer from the same issue about the search box reflecting the results causing XSS which allows an unauthenticated attacker to exploit against users if they click a malicious link. https://example.com/?s=katana/asd/...

6.1CVSS6.4AI score0.00972EPSS
Exploits2
wpexploit
wpexploit
•added 2023/08/14 12:0 a.m.•159 views

123.chat < 1.3.1 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup In the plugin's "User-ID" setting fiel...

4.8CVSS5AI score0.00399EPSS
Exploits2
wpexploit
wpexploit
•added 2023/08/14 12:0 a.m.•165 views

User Activity Log < 1.6.7 - IP Spoofing

Description This plugin retrieves client IP addresses from potentially untrusted headers, allowing an attacker to manipulate its value. This may be used to hide the source of malicious traffic. 1. In User Activity Log Settings, enable the setting "Allow Ip Address of users to log." and save...

7.5CVSS7.6AI score0.00853EPSS
Exploits2
wpexploit
wpexploit
•added 2023/08/14 12:0 a.m.•142 views

Advanced File Manager < 5.1.1 - Admin+ Arbitrary File/Folder Access

Description The plugin does not adequately authorize its usage on multisite installations, allowing site admin users to list and read arbitrary files and folders on the server. On a multisite installation, log in as a site admin. Notice that you are able to manage files on the server using this...

4.9CVSS5.2AI score0.00505EPSS
Exploits1
wpexploit
wpexploit
•added 2023/08/14 12:0 a.m.•160 views

Robo Gallery < 3.2.16 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup 1. Go to:...

4.8CVSS4.8AI score0.00402EPSS
Exploits2
wpexploit
wpexploit
•added 2023/08/14 12:0 a.m.•116 views

Media from FTP < 11.17 - Author+ Arbitrary File Access

Description The plugin does not properly limit who can use the plugin, which may allow users with author+ privileges to move files around, like wp-config.php, which may lead to RCE in some cases. In 11.16, the manageoptions capability was used, however is still insufficient in case of MultiSite...

8.8CVSS8.7AI score0.00654EPSS
Exploits2References1
wpexploit
wpexploit
•added 2023/08/14 12:0 a.m.•161 views

Orders Tracking for WooCommerce < 1.2.6 - Admin+ Arbitrary File Access/Read

Description The plugin doesn't validate the fileurl parameter when importing a CSV file, allowing high privilege users with the managewoocommerce capability to access any file on the web server via a Traversal attack. The content retrieved is however limited to the first line of the file. As an...

2.7CVSS3.9AI score0.00545EPSS
Exploits2
wpexploit
wpexploit
•added 2023/08/10 12:0 a.m.•203 views

Store Locator WordPress < 1.4.13 - Reflected XSS

Description The plugin does not sanitise and escape an invalid nonce before outputting it back in an AJAX response, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin Make a logged in admin open the URL below...

6.1CVSS6AI score0.00645EPSS
Exploits1
wpexploit
wpexploit
•added 2023/08/10 12:0 a.m.•180 views

Post Timeline < 2.2.6 - Reflected XSS

Description The plugin does not sanitise and escape an invalid nonce before outputting it back in an AJAX response, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin Make a logged in admin open the URL below...

6.1CVSS6.3AI score0.00709EPSS
Exploits1
wpexploit
wpexploit
•added 2023/08/09 12:0 a.m.•155 views

Profile Builder < 3.9.8 - Unauthenticated Plugin's Pages Creation

Description The plugin lacks authorisation and CSRF in its page creation function which allows unauthenticated users to create the register, log-in and edit-profile pages from the plugin on the blog 1. Access the URL:...

4.3CVSS7.4AI score0.002EPSS
Exploits1
wpexploit
wpexploit
•added 2023/08/09 12:0 a.m.•144 views

User Activity Log < 1.6.6 - Subscriber+ Log Export

Description The plugin lacks proper authorisation when exporting its activity logs, allowing any authenticated users, such as subscriber to perform such action and retrieve PII such as email addresses. As a subscriber, open the following URL...

4.3CVSS4.7AI score0.00427EPSS
Exploits2
wpexploit
wpexploit
•added 2023/08/08 12:0 a.m.•185 views

Chatbot < 4.7.8 - Admin+ Stored XSS in Language Settings

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup 1. In the plugin settings, select "WPB...

4.8CVSS4.8AI score0.00408EPSS
Exploits2
wpexploit
wpexploit
•added 2023/08/08 12:0 a.m.•111 views

Biometric Login for WooCommerce < 1.0.4 - Unauthenticated Privilege Escalation

Description The plugin does not validate that a user's WebAuthn authentication request succeeded before sending them authentication cookies, making it possible for unauthenticated attackers to take over any accounts having WebAuthn credentials set up on affected sites. While on the site not logge...

7.6AI score
Exploits0
wpexploit
wpexploit
•added 2023/08/08 12:0 a.m.•155 views

Chatbot < 4.7.8 - Admin+ Stored XSS in FAQ Builder

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup 1. Navigate to "WPBot Lite - Setting -...

4.8CVSS5.6AI score0.00416EPSS
Exploits2
wpexploit
wpexploit
•added 2023/08/07 12:0 a.m.•184 views

All Users Messenger <= 1.24 - Subscriber+ Message Deletion via IDOR

Description The plugin does not prevent non-administrator users from deleting messages from the all-users messenger. 1 Go to the messenger 2 Catch a request that is constantly running at intervals of 3 seconds 3 Change the message time argument to true 4 Set true for permission to delete a commen...

4.3CVSS4.8AI score0.00402EPSS
Exploits2References1
wpexploit
wpexploit
•added 2023/08/07 12:0 a.m.•111 views

POEditor < 0.9.8 - Settings Reset via CSRF

Description The plugin does not have CSRF checks in various places, which could allow attackers to make logged in admins perform unwanted actions, such as reset the plugin's settings and update its API key via CSRF attacks. document.forms0.submit;...

4.3CVSS7.3AI score0.00218EPSS
Exploits2References1
wpexploit
wpexploit
•added 2023/08/07 12:0 a.m.•135 views

Ninja Forms < 3.6.26 - Admin+ Stored HTML Injection

Description The plugin does not sanitize and escape its label fields, which could allow high privilege users such as admin to perform Stored HTML injection. Only users with the unfilteredhtml capability can perform this, and such users are already allowed to use JS in posts/comments etc however t...

4.8CVSS5.3AI score0.00379EPSS
Exploits2
wpexploit
wpexploit
•added 2023/08/07 12:0 a.m.•190 views

GDPR Cookie Compliance < 4.12.5 - License Update/Deactivation via CSRF

Description The plugin does not have proper CSRF checks when managing its license, which could allow attackers to make logged in admins update and deactivate the plugin's license via CSRF attacks Make a logged in admin open a page with the code below To make them deactivate the license To make th...

6.5CVSS7.3AI score0.00269EPSS
Exploits2
wpexploit
wpexploit
•added 2023/08/07 12:0 a.m.•151 views

Simple Blog Card < 1.32 - Subscriber+ Arbitrary Post Access

Description The plugin does not ensure that posts to be displayed via a shortcode are public, allowing any authenticated users, such as subscriber, to retrieve arbitrary post title and their content such as draft, private and password protected ones Run the below command in the developer console ...

4.3CVSS4.7AI score0.00453EPSS
Exploits2
wpexploit
wpexploit
•added 2023/08/07 12:0 a.m.•140 views

User Activity Tracking and Log < 4.0.9 - License Update/Deactivation via CSRF

Description The plugin does not have proper CSRF checks when managing its license, which could allow attackers to make logged in admins update and deactivate the plugin's license via CSRF attacks Make a logged in admin open a page with the code below To make them deactivate the license To make th...

4.3CVSS4.7AI score0.00218EPSS
Exploits2
wpexploit
wpexploit
•added 2023/08/04 12:0 a.m.•127 views

Subscribers Text Counter < 1.7.1 - Settings Update via CSRF to Stored XSS

Description The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack, which also lead to Stored Cross-Site Scripting due to the lack of sanitisation and escaping Create an HTML file with the...

4.3CVSS4.5AI score0.00218EPSS
Exploits2
wpexploit
wpexploit
•added 2023/08/04 12:0 a.m.•147 views

User Access Manager < 2.2.18 - IP Spoofing

Description The plugin prioritizes getting a visitor's IP from certain HTTP headers over PHP's REMOTEADDR, which makes it possible for attackers to access restricted content in certain situations. Set HTTPXREALIP which is used in checkUserGroupAccess to use an IP from the allowlist...

5.3CVSS5.3AI score0.00582EPSS
Exploits2
wpexploit
wpexploit
•added 2023/08/02 12:0 a.m.•140 views

Upload Media By URL < 1.0.8 - Stored XSS via CSRF

Description The plugin does not have CSRF check when uploading files, which could allow attackers to make logged in admins upload files including HTML containing JS code for users with the unfilteredhtml capability on their behalf. Have a logged in user with the unfilteredhtml capability open an...

6.5CVSS6.7AI score0.00261EPSS
Exploits2References1
wpexploit
wpexploit
•added 2023/08/02 12:0 a.m.•151 views

Front Editor <= 4.3.5 - Admin+ Stored XSS

Description The plugin does not sanitize and escape some of its form settings, which could allow high-privilege users to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup 1. Add a new form. 2. For the "Post Title", add...

4.8CVSS4.8AI score0.00379EPSS
Exploits2
wpexploit
wpexploit
•added 2023/08/02 12:0 a.m.•189 views

Simple Blog Card < 1.31 - Contributor+ Stored XSS via Shortcode

Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks As a contributor, put the...

5.4CVSS5.4AI score0.00371EPSS
Exploits2References1
wpexploit
wpexploit
•added 2023/08/02 12:0 a.m.•177 views

PostX - Gutenberg Post Grid Blocks < 3.0.6 - Reflected Cross-Site Scripting

Description The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin Make a logged in admin open the URL below the post value is the ID of a post/page creat...

6.1CVSS6.1AI score0.00427EPSS
Exploits2
wpexploit
wpexploit
•added 2023/08/02 12:0 a.m.•125 views

FormCraft < 1.2.7 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. There are two XSS issues: Example A: ...

4.8CVSS6AI score0.00399EPSS
Exploits2
wpexploit
wpexploit
•added 2023/07/31 12:0 a.m.•157 views

Blog2Social < 7.2.1 - Reflected XSS

Description The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin Make a logged in admin open the URL below...

6.1CVSS6.1AI score0.0093EPSS
Exploits2
wpexploit
wpexploit
•added 2023/07/31 12:0 a.m.•133 views

MultiParcels Shipping For WooCommerce 1.15.2-1.15.3 - Reflected XSS

Description The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin Make a logged in admin open...

6.1CVSS6.1AI score0.00396EPSS
Exploits2
wpexploit
wpexploit
•added 2023/07/31 12:0 a.m.•141 views

MultiParcels Shipping For WooCommerce < 1.15.2 - Arbitrary Shipment Deletion via CSRF

Description The plugin does not have CRSF check when deleting a shipment, allowing attackers to make any logged in user, delete arbitrary shipment via a CSRF attack Make any logged in user open https://example.com/wp-admin/admin-post.php?action=multiparcelsdeleteshipping&id=1 to make them delete...

4.3CVSS4.7AI score0.00231EPSS
Exploits2
wpexploit
wpexploit
•added 2023/07/27 12:0 a.m.•137 views

Change WP Admin < 1.1.4 - Secret Login Page Disclosure

Description The plugin discloses the URL of the hidden login page when accessing a crafted URL, bypassing the protection offered. - Set custom Login URL under "Settings Permalinks". For example, login - As an unauthenticated visitor, open https://example.com/wp-admin/customize.php in a different...

7.5CVSS6.8AI score0.00692EPSS
Exploits2
wpexploit
wpexploit
•added 2023/07/27 12:0 a.m.•161 views

Bit Assist < 1.1.9 - Admin+ Stored Cross-Site Scripting

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup 1. In the plugin's settings, click on...

4.8CVSS4.8AI score0.00379EPSS
Exploits2
wpexploit
wpexploit
•added 2023/07/24 12:0 a.m.•167 views

Ultimate Addons for Contact Form 7 < 3.1.29 - Reflected XSS

Description The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. 1. Ensure Contact Form 7 is installed, along with this plugin 2. Visit Contact Ultimat...

6.1CVSS6.1AI score0.00482EPSS
Exploits2
wpexploit
wpexploit
•added 2023/07/24 12:0 a.m.•152 views

Simple Author Box < 2.52 - Contributor+ Arbitrary User Information Disclosure via IDOR

Description The plugin does not verify a user ID before outputting information about that user, leading to arbitrary user information disclosure to users with a role as low as Contributor. 1. Create a new Post as a Contributor user. 2. Add the "Simple Author Box" block. 3. Intercept the request t...

4.3CVSS4.9AI score0.0043EPSS
Exploits2References1
Total number of security vulnerabilities4359