Lucene search
K
WpexploitRecent

4359 matches found

wpexploit
wpexploit
added 2023/06/20 12:0 a.m.63 views

3DPrint < 3.5.6.9 - CSRF to arbitrary file downlad

Description The plugin does not protect against CSRF attacks in the modified version of Tiny File Manager included with the plugin, allowing an attacker to craft a malicious request that will create an archive of any files or directories on the target server by tricking a logged in admin into...

5.3CVSS7.1AI score0.003EPSS
Exploits2References1
wpexploit
wpexploit
added 2023/06/20 12:0 a.m.135 views

BookIt < 2.3.8 - Authentication Bypass

The plugin does not perform any authorisation check when a user book an appointment using an email from an existing account, allowing unauthenticated attackers to login as any user from the blog by providing their email address On a page where the bookit is embed, book an appointment using an ema...

9.8CVSS9.2AI score0.01914EPSS
Exploits3References1
wpexploit
wpexploit
added 2023/06/19 12:0 a.m.160 views

Multiple Plugins - Cross-Site Scripting From Third-party Library

The plugins use a third-party library that removes the escaping on some HTML characters, leading to a cross-site scripting vulnerability. WP-Optimize - Reflected Cross-Site Scripting 1. Go to the plugin settings and in the "Images" section check the box "Create WebP version of image". 2. Visit th...

6.1CVSS6AI score0.01099EPSS
Exploits2
wpexploit
wpexploit
added 2023/06/19 12:0 a.m.192 views

MStore API < 3.9.9 - Unauthenticated Privilege Escalation

The plugin does not prevent visitors from creating user accounts with the role of their choice via their wholesale REST API endpoint. This is only exploitable if the site owner paid to access the plugin's pro features. 1 Simulate the site has a valid Pro API key by running the following in WP CLI...

9.8CVSS9.1AI score0.01728EPSS
Exploits2
wpexploit
wpexploit
added 2023/06/19 12:0 a.m.167 views

TinyMCE Custom Styles < 1.1.4 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. 1. Go to "Settings" » "TinyMCE Custom Styles"...

4.8CVSS5.5AI score0.00451EPSS
Exploits2
wpexploit
wpexploit
added 2023/06/19 12:0 a.m.167 views

All In One Redirection < 2.2.0 - Admin+ SQLi

The plugin does not properly sanitise and escape multiple parameters before using them in an SQL statement, leading to a SQL injection exploitable by high privilege users such as admin. When adding a redirection, sourceurlinsert is vulnerable with the payload: sourceurlinsert...

7.2CVSS9.8AI score0.00831EPSS
Exploits2
wpexploit
wpexploit
added 2023/06/19 12:0 a.m.155 views

AI ChatBot < 4.6.1 - Admin+ Stored Cross-Site Scripting

The plugin does not adequately escape some settings, allowing high-privilege users such as admin to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. 1. Visit WPBot Lite Settings Language Center. 2. Within any of the tabs "General", "FAQ", or "ChatBot...

4.8CVSS5.9AI score0.00511EPSS
Exploits2
wpexploit
wpexploit
added 2023/06/19 12:0 a.m.157 views

Float menu < 5.0.3 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup 1. Add a new item in the plugin settings 2. Enter...

4.8CVSS5.8AI score0.00543EPSS
Exploits2
wpexploit
wpexploit
added 2023/06/19 12:0 a.m.181 views

Enable SVG Uploads <= 2.1.5 - Author+ Stored XSS via SVG

The plugin does not sanitise uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads. 1. Upload a malicious SVG: alert"XSS Test"; 2. Add to post and view SVG to see XSS...

5.4CVSS8.8AI score0.00523EPSS
Exploits2
wpexploit
wpexploit
added 2023/06/19 12:0 a.m.147 views

Companion Sitemap Generator < 4.5.3 - Reflected XSS

The plugin does not sanitise and escape some parameters before outputting them back in pages, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin. Make a logged-in admin open: https://example.com/wp-admin/tools.php?page=csg-sitemap&tabbed=...

6.1CVSS8.6AI score0.01019EPSS
Exploits2
wpexploit
wpexploit
added 2023/06/19 12:0 a.m.163 views

HTTP Headers < 1.18.11 - Admin+ Remote Code Execution

This plugin allows arbitrary data to be written to arbitrary files, leading to a Remote Code Execution vulnerability. --- " and Password as any value. 4. Navigate to Settings HTTP Headers Advanced settings and set the "Location of .hh-htpasswd" field to its previous value this is only required on...

7.2CVSS9.6AI score0.0132EPSS
Exploits2
wpexploit
wpexploit
added 2023/06/19 12:0 a.m.1067 views

Call Now Accessibility Button < 1.1 - Admin+ Stored Cross Site Scripting

Description The plugin does not properly sanitize some of its settings, which could allow high-privilege users to perform Stored Cross-Site Scripting XSS attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. 1. In the plugin's "Quick Start" field, add the...

4.8CVSS4.8AI score0.00423EPSS
Exploits2
wpexploit
wpexploit
added 2023/06/19 12:0 a.m.176 views

MStore API < 3.9.7 - Subscriber+ Unauthorized Settings Update

The plugin does not secure most of its AJAX actions by implementing privilege checks, nonce checks, or a combination of both. Make sure the site also has WooCommerce installed and activated, then, while logged-in as a subscriber, visit the following URLs: -...

4.3CVSS6.6AI score0.00507EPSS
Exploits3
wpexploit
wpexploit
added 2023/06/19 12:0 a.m.181 views

WooCommerce Product Vendors < 2.1.79 - ShopManager+ SQLi

The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as ShopManager As ShopManager, open the URL below...

7.5AI score0.00579EPSS
Exploits1References1
wpexploit
wpexploit
added 2023/06/19 12:0 a.m.244 views

EventON < 2.1.2 - Unauthenticated Post Access via IDOR

The plugin does not validate that the eventid parameter in its eventonicsdownload ajax action is a valid Event, allowing unauthenticated visitors to access any Post including unpublished or protected posts content via the ics export functionality by providing the numeric id of the post...

5.3CVSS9.2AI score0.06116EPSS
Exploits5
wpexploit
wpexploit
added 2023/06/19 12:0 a.m.255 views

tagDiv Cloud Library < 2.7 - Unauthenticated Arbitrary User Metadata Update to Privilege Escalation

The plugin does not have authorisation and CSRF in an AJAX action accessible to both unauthenticated and authenticated users, allowing unauthenticated users to change arbitrary user metadata, which could lead to privilege escalation by setting themselves as an admin of the blog. To set the user...

8.8CVSS9.4AI score0.00474EPSS
Exploits2
wpexploit
wpexploit
added 2023/06/19 12:0 a.m.189 views

Call Now Accessibility Button < 1.1 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup 1. Fields in the "Options" section of the plugin a...

4.8CVSS5.5AI score0.00451EPSS
Exploits2References1
wpexploit
wpexploit
added 2023/06/19 12:0 a.m.148 views

URL Shortify < 1.7.0 - Admin+ Cross Site Scripting

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup 1. Navigate to "URL Shortify Settings Links" 2. Ad...

4.8CVSS5.5AI score0.00469EPSS
Exploits2
wpexploit
wpexploit
added 2023/06/19 12:0 a.m.150 views

AN_GradeBook <= 5.0.1 - Admin+ XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. 1. When adding a new course in the plugin setting...

4.8CVSS8.4AI score0.00522EPSS
Exploits2
wpexploit
wpexploit
added 2023/06/19 12:0 a.m.159 views

MStore API < 3.9.8 - Unauthenticated Blind SQLi

The plugin does not sanitise and escape a parameter before using it in a SQL statement, leading to a Blind SQL injection exploitable by unauthenticated users. This is only exploitable if the site owner elected to pay to get access to the plugins' pro features, and uses the woocommerce-appointment...

9.8CVSS10AI score0.05304EPSS
Exploits2
wpexploit
wpexploit
added 2023/06/19 12:0 a.m.169 views

Simple Iframe < 1.2.0 - Contributor+ Stored XSS

The plugin does not properly validate one of its WordPress block attribute's content, which may allow users whose role is at least that of a contributor to conduct Stored Cross-Site Scripting attacks. POST /wp-json/wp/v2/posts/60?locale=user HTTP/1.1 Host: 127.0.0.1 Content-Length: 378 sec-ch-ua:...

5.4CVSS8.6AI score0.00452EPSS
Exploits2
wpexploit
wpexploit
added 2023/06/19 12:0 a.m.151 views

EventON < 2.1.2 - Unauthenticated Event Access

The plugin lacks authentication and authorization in its eventonicsdownload ajax action, allowing unauthenticated visitors to access private and password protected Events by guessing their numeric id. https://example.com/wp-admin/admin-ajax.php?action=eventonicsdownload&eventid=value...

5.3CVSS9.6AI score0.37468EPSS
Exploits5
wpexploit
wpexploit
added 2023/06/19 12:0 a.m.139 views

Image Protector <= 1.1 - Admin+ Stored Cross-Site Scripting

The plugin does not properly sanitize some of its settings, which could allow high-privilege users to perform Stored Cross-Site Scripting XSS attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. 1. Go to...

4.8CVSS8.3AI score0.00522EPSS
Exploits2
wpexploit
wpexploit
added 2023/06/19 12:0 a.m.161 views

Greeklish-permalink <= 3.3 - Unauthenticated Post Slug Update

The plugin does not implement correct authorization or nonce checks in the cyrtransajaxold AJAX action, allowing unauthenticated and low-privilege users to trigger the plugin's functionality to change Post slugs either directly or through CSRF. 1. Create a post with the name "Νέα ανάρτηση". 2...

4.3CVSS9.2AI score0.00265EPSS
Exploits2
wpexploit
wpexploit
added 2023/06/19 12:0 a.m.158 views

PrePost SEO <= 3.0 - Admin+ Stored Cross-Site Scripting

The plugin does not properly sanitize some of its settings, which could allow high-privilege users to perform Stored Cross-Site Scripting XSS attacks even when the unfilteredhtml capability is disallowed for example in multisite setup 1. Add XSS payload to plugin's "Account API key" setting: "" 2...

4.8CVSS5.3AI score0.0061EPSS
Exploits3
wpexploit
wpexploit
added 2023/06/15 12:0 a.m.168 views

Contact Form by WD <= 1.13.23 - Admin+ SQLi

The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin 1. When editing a form, go to "Settings MySQL Mapping". 2. Click "Add a Query" 3. When mapping the form to the database in...

9.2AI score0.00933EPSS
Exploits2
wpexploit
wpexploit
added 2023/06/13 12:0 a.m.155 views

WooCommerce Stripe Payment Gateway < 7.4.1 - Unauthenticated PII Disclosure via IDOR

The plugin does not ensure that the order details to be displayed belongs to the user making the request, allows unauthenticated users to access sensitive information about the reorder details such as first/last names, email and address As unauthenticated, see the source of...

7.5CVSS7.6AI score0.01214EPSS
Exploits2References1
wpexploit
wpexploit
added 2023/06/12 12:0 a.m.166 views

ND Shortcodes < 7.0 - Subscriber+ LFI

The plugin does not validate some shortcode attributes before using them to generate paths passed to include function/s, allowing any authenticated users such as subscriber to perform LFI attacks Run the below command in the developer console of the web browser while being on the blog as a...

8.8CVSS8.5AI score0.01683EPSS
Exploits2
wpexploit
wpexploit
added 2023/06/12 12:0 a.m.177 views

Tutor LMS < 2.2.1 - Unauthenticated Access to Tutor LMS Lesson Resources via REST API

The plugin does not implement adequate permission checks for REST API endpoints, allowing unauthenticated attackers to access information from Lessons that should not be publicly available. 1. Create a new Course, add a Topic, and add a Lesson to the Topic. 2. In Tutor LMS Settings Course, ensure...

7.5CVSS8.5AI score0.00984EPSS
Exploits2References2
wpexploit
wpexploit
added 2023/06/12 12:0 a.m.167 views

Forminator < 1.24.1 - Unauthenticated Race Condition on poll vote

The plugin does not use an atomic operation to check whether a user has already voted, and then update that information. This leads to a Race Condition that may allow a single user to vote multiple times on a poll. 1. Create a poll and publish a page with a poll. 2. Visit the page with the poll. ...

3.1CVSS8.5AI score0.00359EPSS
Exploits2
wpexploit
wpexploit
added 2023/06/12 12:0 a.m.166 views

CF7 Google Sheets Connector (Free < 5.0.2, Pro < 2.3.7) - Reflected XSS

The plugins do not escape a parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin Make a logged in admin open the URL below cf7-google-sheets-connector -...

6.1CVSS8.1AI score0.00458EPSS
Exploits2
wpexploit
wpexploit
added 2023/06/12 12:0 a.m.205 views

ND Shortcodes < 7.0 - Contributor+ Stored XSS via Shortcodes

The plugin does not validate and escape numerous of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks ndoptionsteam...

5.4CVSS8AI score0.00444EPSS
Exploits2
wpexploit
wpexploit
added 2023/06/08 12:0 a.m.195 views

Kanban Boards for WordPress < 2.5.21 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup 1. Go to...

4.8CVSS5.4AI score0.00548EPSS
Exploits2
wpexploit
wpexploit
added 2023/06/06 12:0 a.m.157 views

Getwid < 1.8.4 - Subscriber+ SSRF

The plugin does not validate a parameter via the getremotecontent REST API endpoint before making a request to it, which could allow any authenticated users, such as subscriber to perform SSRF attack. Note: We do not consider flushing of cache to be a security issue, therefore CVE-2023-1910 has n...

9.6CVSS10AI score0.00606EPSS
Exploits2References1
wpexploit
wpexploit
added 2023/06/05 12:0 a.m.161 views

Catalyst Connect Zoho CRM Client Portal < 2.1.0 - Reflected XSS

The plugin does not sanitize and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high-privilege users such as admin. Make a logged-in admin a page with the code below: Note: Make sure in Client Portal the company...

6.1CVSS8.7AI score0.00458EPSS
Exploits2
wpexploit
wpexploit
added 2023/06/05 12:0 a.m.157 views

KiviCare Management System < 3.2.1 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as administrator Make a logged in admin open...

6.1CVSS5.7AI score0.01156EPSS
Exploits4
wpexploit
wpexploit
added 2023/06/05 12:0 a.m.207 views

Accordion & FAQ < 1.9.9 - Reflected XSS

The plugin does not escape various generated URLs, before outputting them in attributes when some notices are displayed, leading to Reflected Cross-Site Scripting Make a logged-in admin open one of the URLs below when the feature notice has not been dismissed yet...

6.1CVSS6.3AI score0.00486EPSS
Exploits2
wpexploit
wpexploit
added 2023/06/05 12:0 a.m.163 views

CodeColorer < 0.10.1 – Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup 1. In the plugin's settings, add the payload "aler...

4.8CVSS8.4AI score0.00442EPSS
Exploits2
wpexploit
wpexploit
added 2023/06/05 12:0 a.m.161 views

Responsive CSS EDITOR <= 1.0 - Admin+ SQLi

The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high-privilege users such as admin. 1. Send a request with the payload:...

7.2CVSS9.8AI score0.0085EPSS
Exploits2
wpexploit
wpexploit
added 2023/06/05 12:0 a.m.167 views

Social Media Share Buttons & Social Sharing Icons < 2.8.2 - Admin+ Stored XSS

The plugin does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example, in multisite setup. Put the payload in any text field of the "8 Do y...

4.8CVSS8.5AI score0.00477EPSS
Exploits3
wpexploit
wpexploit
added 2023/06/05 12:0 a.m.112 views

WP Inventory Manager < 2.1.0.14 - Inventory Items Deletion via CSRF

The plugin does not have CSRF checks, which could allow attackers to make logged-in admins delete Inventory Items via a CSRF attack Send a payload to logged-in admins with a request to http://127.0.0.1/wordpress/wp-admin/admin.php?page=wpimmanageinventoryitems&action=delete&deleteid=2...

8.1CVSS9AI score0.00353EPSS
Exploits2
wpexploit
wpexploit
added 2023/06/05 12:0 a.m.210 views

FormCraft Premium < 3.9.7 - Admin+ SQLi

The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin. 1. View the plugin settings and intercept the request and add the payload sortOrder=ASC%2cselectfromselectsleep20a 2. See...

7.2CVSS9.8AI score0.0085EPSS
Exploits2
wpexploit
wpexploit
added 2023/06/05 12:0 a.m.279 views

KiviCare Management System < 3.2.1 - Multiple CSRF

The plugin does not have CSRF checks either flawed or missing completely in various AJAX actions, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks. This includes, but is not limited to: Delete arbitrary appointments/medical records/etc, create/update...

8.8CVSS9.2AI score0.00389EPSS
Exploits2
wpexploit
wpexploit
added 2023/06/05 12:0 a.m.154 views

WP ERP < 1.12.4 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape the employeename parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. As an admin user, visit the following URL on the site:...

6.1CVSS5.7AI score0.00486EPSS
Exploits2
wpexploit
wpexploit
added 2023/06/05 12:0 a.m.159 views

WP ERP < 1.12.4 - Admin+ SQL Injection

The plugin does not properly sanitise and escape the type parameter in the erp/v1/accounting/v1/people REST API endpoint before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin. Sign in as an admin. In WP Admin, run the following code in th...

7.2CVSS7.4AI score0.02632EPSS
Exploits5
wpexploit
wpexploit
added 2023/06/05 12:0 a.m.216 views

Ultimate Product Catalog < 5.2.6 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup 1. Navigate to the plugin setup page. 2. Go to the...

4.8CVSS8.4AI score0.00501EPSS
Exploits2
wpexploit
wpexploit
added 2023/06/05 12:0 a.m.153 views

KiviCare Management System < 3.2.1 - Subscriber+ Sensitive Information Disclosure

The plugin does not restrict the information returned in a response and returns all user data, allowing low privilege users such as subscriber to retrieve sensitive information such as the user email and hashed password of other users Run the below command in the developer console of the web...

6.5CVSS9AI score0.00754EPSS
Exploits2
wpexploit
wpexploit
added 2023/06/05 12:0 a.m.150 views

Aajoda Testimonials < 2.2.2 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. 1. In Aajoda » Optional Aajoda Style, insert the...

4.8CVSS8.4AI score0.00773EPSS
Exploits2
wpexploit
wpexploit
added 2023/06/05 12:0 a.m.470 views

Formidable Forms < 6.3.1 - Subscriber+ Remote Code Execution

The plugin does not adequately authorize the user or validate the plugin URL in its functionality for installing add-ons. This allows a user with a role as low as Subscriber to install and activate arbitrary plugins of arbitrary versions from the WordPress.org plugin repository onto the site,...

8.8CVSS6.8AI score0.22452EPSS
Exploits3
wpexploit
wpexploit
added 2023/06/05 12:0 a.m.201 views

KiviCare Management System < 3.2.1 - Subscriber+ Unauthorised AJAX Calls

The plugin does not have proper CSRF and authorisation checks in various AJAX actions, allowing any authenticated users, such as subscriber to call them. Attacks include but are not limited to: Add arbitrary Clinic Admin/Doctors/etc and update plugin's settings Run one of the below commands in th...

4.3CVSS9.3AI score0.00247EPSS
Exploits2
Total number of security vulnerabilities4359