Lucene search
K
WpexploitRecent

4359 matches found

wpexploit
wpexploit
•added 2023/07/24 12:0 a.m.•159 views

IURNY by INDIGITALL < 3.2.3 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup 1. Go to the plugin's settings. 2...

7.5AI score0.00405EPSS
Exploits2
wpexploit
wpexploit
•added 2023/07/24 12:0 a.m.•206 views

Ultimate Addons for Contact Form 7 < 3.1.29 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup 1. Ensure Contact Form 7 is installed,...

4.8CVSS4.8AI score0.00402EPSS
Exploits2
wpexploit
wpexploit
•added 2023/07/24 12:0 a.m.•189 views

User Activity Log < 1.6.5 - Unauthenticated SQLi

Description The plugin does not correctly sanitise and escape several parameters before using it in a SQL statement as part of its exportation feature, allowing unauthenticated attackers to conduct SQL injection attacks. Version 1.6.4 mitigates the issue for unauthenticated users but it is still...

9.8CVSS10AI score0.00808EPSS
Exploits2
wpexploit
wpexploit
•added 2023/07/24 12:0 a.m.•176 views

WP-EMail < 2.69.1 - Admin+ Stored Cross-Site Scripting

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup 1. In the "Email Options" section of t...

4.8CVSS4.7AI score0.00402EPSS
Exploits2
wpexploit
wpexploit
•added 2023/07/24 12:0 a.m.•161 views

WP Brutal AI < 2.06 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. In the plugin settings, for a campaig...

4.8CVSS4.8AI score0.01973EPSS
Exploits3
wpexploit
wpexploit
•added 2023/07/24 12:0 a.m.•272 views

WordPress Database Administrator <= 1.0.3 - Unauthenticated SQL Injection

Description The plugin does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection. Run the command: curl -i -s -k -X POST --data-binary...

9.7AI score0.0084EPSS
Exploits2
wpexploit
wpexploit
•added 2023/07/24 12:0 a.m.•198 views

Contact Form Builder by Bit Form < 2.2.0 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup 1. Create a Blank form or select conta...

4.8CVSS4.9AI score0.00379EPSS
Exploits2
wpexploit
wpexploit
•added 2023/07/24 12:0 a.m.•145 views

Custom Field For WP Job Manager < 1.2 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup To test, you also need to have WP Job...

4.8CVSS6AI score0.00382EPSS
Exploits2
wpexploit
wpexploit
•added 2023/07/19 12:0 a.m.•386 views

Elementor < 3.5.5 - Iframe Injection

Description The plugin does not filter out user-controlled URLs from being loaded into the DOM. This could be used to inject rogue iframes that point to malicious URLs...

6.1CVSS6.2AI score0.02027EPSS
Exploits5References1
wpexploit
wpexploit
•added 2023/07/19 12:0 a.m.•155 views

T1 theme <= 19.0 - Open Redirect

Description The theme is vulnerable to unauthenticated open redirect with which any attacker and redirect users to arbitrary websites. https://www.example.com/wp-content/themes/t1/page-templates/applyredirection.php?file=240317005410&urlnow=http://google.com&urljs=https://www.evil.com?...

6.8AI score0.0046EPSS
Exploits2
wpexploit
wpexploit
•added 2023/07/17 12:0 a.m.•155 views

WP Shopping Pages <= 1.14 - Stored XSS via CSRF

Description The plugin does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack. Make a logged in admin access a page with the following code: ' input type...

6.8CVSS6.7AI score0.00327EPSS
Exploits2
wpexploit
wpexploit
•added 2023/07/17 12:0 a.m.•144 views

Qubely < 1.8.6 - Unauthenticated Arbitrary E-mail Sending

Description The plugin allows unauthenticated user to send arbitrary e-mails to arbitrary addresses via the qubelysendformdata AJAX action. Execute the below command in the web developer console, on the blog homepage as an unauthenticated user, replacing domain by the domain of the blog: Current...

7.5CVSS7.7AI score0.01535EPSS
Exploits2
wpexploit
wpexploit
•added 2023/07/17 12:0 a.m.•172 views

MultiParcels Shipping For WooCommerce < 1.14.15 - Subscriber+ SQLi

Description The plugin does not properly sanitize and escape a parameter before using it in an SQL statement, which could allow any authenticated users, such as subscribers, to perform SQL Injection attacks. Note WPScan: The issue was fixed in 1.14.13, however a better patch was done in 1.14.15 a...

8.8CVSS9AI score0.00693EPSS
Exploits2
wpexploit
wpexploit
•added 2023/07/17 12:0 a.m.•164 views

Bubble Menu < 3.0.5 - Admin+ Stored XSS

Description The plugin does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example, in multisite setup. 1. Click on the "Add new" tab. 2...

4.8CVSS4.8AI score0.00636EPSS
Exploits2
wpexploit
wpexploit
•added 2023/07/17 12:0 a.m.•156 views

WP Food Manager < 1.0.4 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup 1. Go to "Food manager Add Food" and a...

5.4CVSS5.3AI score0.00431EPSS
Exploits2
wpexploit
wpexploit
•added 2023/07/17 12:0 a.m.•311 views

WPCode < 2.0.13.1 - Reflected XSS

Description The plugin does not escape generated URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting Make a logged in admin open https://example.com/wp-admin/admin.php?page=wpcode&a"alert/XSS/=2...

6.1CVSS6.2AI score0.00452EPSS
Exploits2
wpexploit
wpexploit
•added 2023/07/17 12:0 a.m.•150 views

MultiParcels Shipping For WooCommerce < 1.14.14 - Subscriber+ Arbitrary Shipment Deletion

Description The plugin does not have authorisation when deleting shipment, allowing any authenticated users, such as subscriber to delete arbitrary shipment Login as a subscriber an open https://example.com/wp-admin/admin-post.php?action=multiparcelsdeleteshipping&id=1 to delete the shipment with...

8.1CVSS8.2AI score0.00592EPSS
Exploits2
wpexploit
wpexploit
•added 2023/07/17 12:0 a.m.•194 views

MultiParcels Shipping For WooCommerce < 1.15.4 - Reflected XSS

Description The plugin does not sanitise and escape various parameters before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin Note: The issue was fixed in 1.14.15 but re-introduced in 1.14.16 Make a logged ...

6.1CVSS6.2AI score0.00396EPSS
Exploits2
wpexploit
wpexploit
•added 2023/07/17 12:0 a.m.•157 views

Quiz And Survey Master < 8.1.11 - Contributor+ Stored XSS

Description The plugin does not properly sanitize and escape question titles, which could allow users with the Contributor role and above to perform Stored Cross-Site Scripting attacks As a Contributor, create or edit a Quiz with the default theme and put the following payload in a question title...

5.4CVSS5.3AI score0.00469EPSS
Exploits2References1
wpexploit
wpexploit
•added 2023/07/10 12:0 a.m.•153 views

Short URL < 1.6.5 - Admin+ Cross Site Scripting

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. In the plugin settings, add the POC alert1 to the...

6.1AI score0.00429EPSS
Exploits2
wpexploit
wpexploit
•added 2023/07/10 12:0 a.m.•157 views

Multiple Plugins from Addify - Multiple CSRF

The plugins have flawed CSRF checks in various places, which could allow attackers to make logged in users perform unwanted actions addify-order-approval-woocommerce - To make a logged in admin approve the order with ID 103...

6.9AI score0.00269EPSS
Exploits2
wpexploit
wpexploit
•added 2023/07/10 12:0 a.m.•175 views

Grid Kit Premium < 2.2.0 - Multiple Reflected Cross-Site Scripting

The plugin does not escape some parameters as well as generated URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin Make a logged in admin open one of the URL below...

6.4AI score0.00396EPSS
Exploits2
wpexploit
wpexploit
•added 2023/07/10 12:0 a.m.•169 views

Forminator < 1.24.4 - Reflected XSS

The plugin does not properly escape values that are being reflected inside form fields that use pre-populated query parameters, which could lead to reflected XSS attacks. 1. Create a "Contact Us" form from the plugin presets 2. Click on the Message field, go to the "Settings" tab and choose a nam...

6.5AI score0.0354EPSS
Exploits2
wpexploit
wpexploit
•added 2023/07/10 12:0 a.m.•146 views

WooCommerce Pre-Orders < 2.0.3 - Arbitrary Pre-Order Canceling via CSRF

The plugin has a flawed CSRF check when canceling pre-orders, which could allow attackers to make logged in admins cancel arbitrary pre-orders via a CSRF attack Make a logged in admin open the URL below 42 being a pre-order to be canceled...

6.9AI score0.00261EPSS
Exploits2
wpexploit
wpexploit
•added 2023/07/10 12:0 a.m.•239 views

LMS by Masteriyo < 1.6.8 - Information Exposure

The plugin does not properly safeguards sensitive user information, like other user's email addresses, making it possible for any students to leak them via some of the plugin's REST API endpoints. curl -i -s -k -X $'GET' \ -H $'Host: localhost:8000' -H $'sec-ch-ua: ' -H $'Accept: application/json...

9.1AI score0.01926EPSS
Exploits2
wpexploit
wpexploit
•added 2023/07/10 12:0 a.m.•163 views

WooCommerce Pre-Orders < 2.0.3 - Unauthorised Actions via CSRF

The plugin has a flawed CSRF check when processing its tab actions, which could allow attackers to make logged in admins email pre-orders customer, change the released date, mark all pre-orders of a specific product as complete or cancel via CSRF attacks Make a logged in admin open an HTML page...

6.8AI score0.00261EPSS
Exploits2
wpexploit
wpexploit
•added 2023/07/03 12:0 a.m.•162 views

User Activity Log < 1.6.3 - Admin+ SQL Injection

The plugin does not properly sanitise and escape the txtsearch parameter before using it in a SQL statement in some admin pages, leading to a SQL injection exploitable by high privilege users such as admin. As an admin, visit either of the following URL's. Note that it takes several seconds for t...

7.2CVSS7.3AI score0.00717EPSS
Exploits2
wpexploit
wpexploit
•added 2023/07/03 12:0 a.m.•143 views

Waitlist Woocommerce < 2.5.3 - Settings Reset via CSRF

The plugin does not have CSRF check when reseting its Settings, which could allow attackers to make logged in admins perform such action via a CSRF attack Make a logged in admin open https://example.com/wp-admin/admin.php?page=waitlist-woocommerce-settings&reset=yes...

6.8AI score
Exploits0
wpexploit
wpexploit
•added 2023/07/03 12:0 a.m.•152 views

Login/Signup Popup < 2.4 - Settings Reset via CSRF

The plugin does not have CSRF check when reseting its settings, which could allow attackers to make logged in admins perform such action via a CSRF attack Make a logged in admin open https://example.com/wp-admin/admin.php?page=easy-login-woocommerce-settings&reset=yes...

6.8AI score
Exploits0
wpexploit
wpexploit
•added 2023/06/29 12:0 a.m.•227 views

Ultimate Member < 2.6.7 - Unauthenticated Privilege Escalation

The plugin does not prevent visitors from creating user accounts with arbitrary capabilities, effectively allowing attackers to create administrator accounts at will. This is actively being exploited in the wild. POST /register/ HTTP/1.1 Host: wpscan-vulnerability-test-bench.ddev.site User-Agent:...

9.8CVSS9.1AI score0.72306EPSS
Exploits12References1
wpexploit
wpexploit
•added 2023/06/26 12:0 a.m.•489 views

POST SMTP Mailer < 2.5.7 - Arbitrary Log Deletion via CSRF

The plugin does not have proper CSRF checks in some AJAX actions, which could allow attackers to make logged in users with the managepostmansmtp capability delete arbitrary logs via a CSRF attack. Note: The AJAX actions are also affected by SQL injections, making the issue Make a logged in users...

7AI score0.00232EPSS
Exploits2
wpexploit
wpexploit
•added 2023/06/26 12:0 a.m.•172 views

NEX-Forms < 8.4.4 - Authenticated Stored XSS

The plugin does not escape its form name, which could lead to Stored Cross-Site Scripting issues. By default only SuperAdmins in multisite / admins in single site can create forms, however there is a settings allowing them to give lower roles access to such feature. Create a new form with the...

5.4CVSS5.6AI score0.00317EPSS
Exploits1
wpexploit
wpexploit
•added 2023/06/26 12:0 a.m.•136 views

WooCommerce Pre-Orders < 2.0.2 - Reflected XSS

The plugin does not escape generated URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin When there is at least one pre-order, make a logged in admin open the URL below...

6.2AI score
Exploits0
wpexploit
wpexploit
•added 2023/06/26 12:0 a.m.•508 views

POST SMTP Mailer < 2.5.7 - Account Takeover via CSRF

The plugin does not have proper CSRF checks in some AJAX actions, which could allow attackers to make logged in users with the managepostmansmtp capability resend an email to an arbitrary address for example a password reset email could be resent to an attacker controlled email, and allow them to...

8.8CVSS7.1AI score0.00321EPSS
Exploits2
wpexploit
wpexploit
•added 2023/06/26 12:0 a.m.•190 views

WooCommerce Google Sheet Connector <= 1.3.5 - Access Code Update via CSRF

The plugin does not have CSRF check when updating its Access Code, which could allow attackers to make logged in admin change the access code to an arbitrary one via a CSRF attack Make a logged in admin open https://example.com/wp-admin/admin.php?page=wc-gsheetconnector-config&code=attacker-code...

8.8CVSS6.6AI score0.00386EPSS
Exploits2
wpexploit
wpexploit
•added 2023/06/26 12:0 a.m.•177 views

Querlo Chatbot <= 1.2.4 - Stored Cross-Site Scripting

The plugin does not escape or sanitize chat messages, leading to a stored Cross-Site Scripting vulnerability. Submit the following in the chat message: """ See the XSS in Querlo...

8.7AI score
Exploits1
wpexploit
wpexploit
•added 2023/06/26 12:0 a.m.•226 views

WooCommerce Stripe Payment Gateway < 7.4.1 - Subscriber+ Order Intent Update

The plugin does not properly restrict users from making a certain set of changes to other customers' orders. TODO: ADD link to Patchstack's post instead of H1 Affected functions: createpaymentintentajax updatepaymentintentajax saveupeappearanceajax updateorderstatusajax updatefailedorderajax As a...

6.5AI score0.00614EPSS
Exploits1References2
wpexploit
wpexploit
•added 2023/06/26 12:0 a.m.•129 views

Lana Shortcodes < 1.2.0 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which allows users with the contributor role and above to perform Stored Cross-Site Scripting attacks. Insert any of the following shortcodes in a...

5.7AI score0.00485EPSS
Exploits2
wpexploit
wpexploit
•added 2023/06/26 12:0 a.m.•153 views

Login Configurator <= 2.1 - Reflected Cross-Site Scripting

The plugin does not properly escape a URL parameter before outputting it to the page, leading to a reflected cross-site scripting vulnerability targeting site administrators. Visit the following path:...

6.1CVSS8.5AI score0.00673EPSS
Exploits3
wpexploit
wpexploit
•added 2023/06/26 12:0 a.m.•220 views

Floating Chat Widget < 3.1.2 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup Steps to Reproduce: 1. Open Chaty Plugin Dashboard...

4.8CVSS5.5AI score0.00389EPSS
Exploits2
wpexploit
wpexploit
•added 2023/06/26 12:0 a.m.•154 views

Membership Plugin - Restrict Content < 3.2.3 - Reflected XSS

The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin Make a logged-in admin open a page containing the HTML code below. "/...

6.1CVSS5.8AI score0.0042EPSS
Exploits2
wpexploit
wpexploit
•added 2023/06/26 12:0 a.m.•131 views

AN_GradeBook <= 5.0.1 - Subscriber+ SQLi

The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as subscriber Access the following URL to demonstrate SQLi:...

8.8CVSS9.8AI score0.03246EPSS
Exploits5
wpexploit
wpexploit
•added 2023/06/23 12:0 a.m.•168 views

Enable SVG, WebP & ICO Upload <= 1.0.3 - Author+ Stored XSS

The plugin does not sanitize SVG file contents, leading to a Cross-Site Scripting vulnerability. 1. Upload an SVG file with the following contents. 2. View the SVG file on the frontend and see the alerts. alert/XSS2/...

5.4CVSS5.9AI score0.0032EPSS
Exploits1
wpexploit
wpexploit
•added 2023/06/23 12:0 a.m.•142 views

InventoryPress <= 1.7 - Author+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow users with the role of author and above to perform Stored Cross-Site Scripting attacks. 1. Create a "New Inventory Item" 2. In the "Description" field, add the value "alert"xss" 3. Edit the created item and see the XS...

5.4CVSS5.6AI score0.0112EPSS
Exploits3References1
wpexploit
wpexploit
•added 2023/06/23 12:0 a.m.•149 views

Supsystic Popup < 1.10.19 - Prototype Pollution

The plugin has a prototype pollution vulnerability that could allow an attacker to inject arbitrary properties into Object.prototype. 1 Create a pop-up that is set to load on any page 2 Go to http://example.com/?protopoc=polluted 3 Open browser console 4 Type poc and see polluted as the result...

9.8CVSS6.5AI score0.01442EPSS
Exploits2
wpexploit
wpexploit
•added 2023/06/21 12:0 a.m.•155 views

WooCommerce Product Vendors < 2.1.77 - Vendor Admin+ SQLi

The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as Admin Vendor and above As an Admin vendor, open the URL below...

7.5AI score0.00929EPSS
Exploits1References1
wpexploit
wpexploit
•added 2023/06/21 12:0 a.m.•145 views

WooCommerce Pre-Orders < 2.0.1 - Contributor+ Stored XSS

The plugin does not validate and escape its layout shortcode attribute before outputting it back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks woocommercepreordercountdown productid="64"...

5.6AI score0.00374EPSS
Exploits1References1
wpexploit
wpexploit
•added 2023/06/21 12:0 a.m.•247 views

WooCommerce Product Vendors < 2.1.77 - Reflected XSS

The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin Make a logged in admin open a page with the code below html alert/XSS/" /...

7.1CVSS5.9AI score0.00382EPSS
Exploits1References1
wpexploit
wpexploit
•added 2023/06/21 12:0 a.m.•473 views

Gravity Forms < 2.7.5 - Reflected XSS

The plugin does not escape generated URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting which could be used against high-privileged users such as admin. Make a logged in admin open the following URL:...

6.1CVSS8.7AI score0.00482EPSS
Exploits2
wpexploit
wpexploit
•added 2023/06/20 12:0 a.m.•158 views

WooCommerce Bulk Stock Management < 2.2.34 - Reflected XSS

The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin Make a logged in admin open the URL below...

7.1CVSS8.6AI score0.00424EPSS
Exploits1
Total number of security vulnerabilities4359