Lucene search
K
WpexploitRecent

4359 matches found

wpexploit
wpexploit
added 2023/06/05 12:0 a.m.171 views

USM Premium < 16.3 - Admin+ Stored XSS

The plugin does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example, in multisite setup. Put the payload in any text field of the "8 Do y...

4.8CVSS8.5AI score0.00477EPSS
Exploits3
wpexploit
wpexploit
added 2023/06/04 12:0 a.m.171 views

WP User Switch < 1.0.3 - Subscriber+ Authentication Bypass

The plugin does not properly verify the 'wpuswhoswitch' cookie value, which allows attackers with low-privilege accounts like Subscribers to bypass authentication and login as any other existing user. Log-in as a subscriber onto the affected site. Run the following JS script in your browser's...

8.8CVSS10AI score0.01357EPSS
Exploits1
wpexploit
wpexploit
added 2023/06/02 12:0 a.m.142 views

Contact Form and Calls To Action by vcita <= 2.7.1 - Settings Update Via CSRF

The plugin does not protect its settings page against CSRF attacks, allowing an unauthenticated attacker to change the plugin's settings, and on older versions alert1;&uid=a”alert2;...

6.1CVSS7AI score0.00293EPSS
Exploits1References2
wpexploit
wpexploit
added 2023/06/02 12:0 a.m.190 views

Contact Form Builder by vcita < 4.10.2 - Contributor+ Stored Cross-Site Scripting

The plugin does not sanitize and escape the email parameter in the plugin settings, which could allow users with roles as low as contributor to inject arbitrary web scripts targeting higher privileged users, such as administrators, into the plugin settings...

6.4CVSS6.2AI score0.0051EPSS
Exploits1References2
wpexploit
wpexploit
added 2023/06/02 12:0 a.m.168 views

WooCommerce Box Office < 1.1.52 - Unauthenticated Ticket Barcode Update

The plugin does not have authorisation and CSRF when updating a ticket bar-code, allowing unauthenticated users to perform such action curl https://example.com/wp-admin/admin-ajax.php -d "action=saveticketbarcode&ticketbarcodeimage=xxx&ticketbarcodetext=xxxxx&ticketid=86"...

6.7AI score0.00348EPSS
Exploits1References1
wpexploit
wpexploit
added 2023/06/02 12:0 a.m.165 views

Multiple plugins by vcita - CSRF to Stored XSS in settings page

The plugin does not protect the live-site-parse-vcita-callback settings page against CSRF attacks, allowing an unauthenticated attacker to inject arbitrary web scripts by tricking a logged in user with contributor role or higher to click a link...

6.5CVSS7AI score0.00419EPSS
Exploits2References3
wpexploit
wpexploit
added 2023/06/02 12:0 a.m.151 views

CRM and Lead Management by vcita <= 2.7.1 - Settings Update Via CSRF

The plugin does not protect its settings page against CSRF attacks, allowing an unauthenticated attacker to inject arbitrary web scripts by tricking a user with the contributor role or higher to click a link. The plugin does not protect its settings page against CSRF attacks, allowing an...

6.5CVSS7AI score0.00335EPSS
Exploits2References2
wpexploit
wpexploit
added 2023/06/02 12:0 a.m.143 views

Contact Form Builder by vcita <= 4.10.2 - Settings Update Via CSRF

The plugin does not protect its settings page against CSRF attacks, allowing an unauthenticated attacker to change the plugin's settings, and on older versions alert1;...

6.1CVSS7AI score0.00295EPSS
Exploits1References2
wpexploit
wpexploit
added 2023/06/02 12:0 a.m.185 views

Online Booking & Scheduling Calendar for WordPress by vcita <= 4.3.3 - Missing authentication

The plugin does not validate authorization in its vcita-wordpress/v1/actions/auth REST route endpoint, allowing an unauthenticated attacker to set the connection parameters for the vcita account connection, including businessname and email address. Furthermore, the variables are stored in the...

5.3CVSS5.9AI score0.00645EPSS
Exploits1References1
wpexploit
wpexploit
added 2023/06/02 12:0 a.m.189 views

CRM and Lead Management by vcita < 2.7.0 - Contributor+ Stored Cross-Site Scripting

The plugin does not sanitize and escape the email and uid parameters in the plugin settings before rendering it on the page, which could allow users with roles as low as contributor to inject arbitrary web scripts targeting high privilege users such as administrators...

6.4CVSS9AI score0.00596EPSS
Exploits2References2
wpexploit
wpexploit
added 2023/06/02 12:0 a.m.169 views

Multiple plugins by vcita - Contributor+ Stored Cross-Site Scripting

The plugin does not sanitize and the email field in the plugin settings, which could allow users with roles as low as contributor to inject arbitrary web scripts in the plugin settings page, which could target high privilege users such as administrators...

6.4CVSS6.8AI score0.00755EPSS
Exploits2References3
wpexploit
wpexploit
added 2023/06/02 12:0 a.m.148 views

Online Booking & Scheduling Calendar for WordPress by vcita < 4.3.1 - Unauthenticated Stored Cross-Site Scripting

The plugin does not sanitize and escape the businessid parameter of an unprotected REST route endpoint before rendering it back in pages on the website, allowing an unauthenticated attacker to inject arbitrary web scripts, which could target authenticated users such as administrators. curl...

7.2CVSS6.9AI score0.00607EPSS
Exploits1References1
wpexploit
wpexploit
added 2023/06/02 12:0 a.m.152 views

Online Booking & Scheduling Calendar for WordPress by vcita <= 4.3.3 - Denial of Service via CSRF

The plugin does not protect its vcitalogout ajax action against CSRF attacks, allowing an unauthenticated attacker to log the site out from it's vcita account by tricking a logged in user to send a crafted request, causing a denial of service for the appointment scheduling functionality...

6.5CVSS6.8AI score0.00394EPSS
Exploits2References1
wpexploit
wpexploit
added 2023/06/02 12:0 a.m.149 views

Online Booking & Scheduling Calendar for WordPress by vcita < 4.3.0 - Subscriber+ Denial of Service by account logout

The plugin does not validate authorization in the vcitalogout ajax action, allowing any logged in user with roles as low as subscriber to log the site out from the cvita account, causing a denial of service for the appointment scheduling functionality...

5.4CVSS8.9AI score0.00698EPSS
Exploits2References1
wpexploit
wpexploit
added 2023/06/02 12:0 a.m.156 views

Contact Form and Calls To Action by vcita < 2.7.1 - Contributor+ Stored Cross-Site Scripting

The plugin does not sanitize and escape the email and uid parameters in the plugin settings, which could allow users with roles as low as contributor to inject arbitrary web scripts into the settings, targeting higher-privileged users such as administrators...

6.4CVSS6.2AI score0.00518EPSS
Exploits1References2
wpexploit
wpexploit
added 2023/06/02 12:0 a.m.139 views

WooCommerce Box Office < 1.1.51 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks tickets columns='111"...

5.6AI score0.00429EPSS
Exploits2References1
wpexploit
wpexploit
added 2023/05/31 12:0 a.m.191 views

File Manager Advanced Shortcode <= 2.3.2 - Unauthenticated Remote Code Execution through shortcode

The plugin does not adequately prevent uploading files with disallowed MIME types when using the shortcode. This leads to RCE in cases where the allowed MIME type list does not include PHP files. In the worst case, this is available to unauthenticated users. 1. Add the following shortcode to a...

9.8CVSS9.3AI score0.3962EPSS
Exploits8
wpexploit
wpexploit
added 2023/05/30 12:0 a.m.145 views

Feather Login Page < 1.1.2 - Missing Authorization to Non-Arbitrary User Deletion

The plugin does not check authorization when processing the ftlpp-ext-expirable-delete-user ajax action, which could allow users with roles as low as subscriber to delete temporary users generated by the plugin, furthermore it does not protect the action against CSRF attacks, allowing an...

5.4CVSS6.2AI score0.00442EPSS
Exploits1References1
wpexploit
wpexploit
added 2023/05/30 12:0 a.m.157 views

CRM Perks Forms < 1.1.2 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitize and escape the formid field in the plugin settings page, which could allow high-privilege users such as an administrator to inject arbitrary web scripts even when the unfilteredhtml capability is disallowed for example in a multisite setup...

4.8CVSS6AI score0.00604EPSS
Exploits2References1
wpexploit
wpexploit
added 2023/05/30 12:0 a.m.152 views

Feather Login Page < 1.1.2 - Missing Authorization to Authentication Bypass and Privilege Escalation

The plugin lacks authorization checks in the ftlpp-ext-expirable-get-users ajax action, allowing logged in users with roles as low as subscriber to access the login links for the temporary users created by the plugin, which can be used for privilege escalation. GET...

8.8CVSS8.6AI score0.00714EPSS
Exploits1References1
wpexploit
wpexploit
added 2023/05/30 12:0 a.m.136 views

Feather Login Page < 1.1.2 - Cross-Site Request Forgery to Privilege Escalation

The plugin does not protect its ftlpp-ext-expirable-login-link action against CSRF attacks, allowing an unauthenticated attacker to add users of any role on their behalf by tricking a logged in administrator to submit a crafted request. POST...

8.8CVSS8.5AI score0.00331EPSS
Exploits1References1
wpexploit
wpexploit
added 2023/05/30 12:0 a.m.152 views

AI-Engine < 1.6.83 - Admin+ Stored XSS

The plugin does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example, in multisite setup. Go to Meow Apps » AI Engine » Chatbot tab » Visu...

4.8CVSS5.5AI score0.0047EPSS
Exploits2
wpexploit
wpexploit
added 2023/05/30 12:0 a.m.301 views

Jetpack < 12.1.1 - Author+ Arbitrary File Manipulation via API

The plugin does not validate uploaded files, allowing users with author roles or above to manipulate existing files on the site, deleting arbitrary files, and in rare cases achieve Remote Code Execution via phar deserialization. curl --json ' "media": "tmpname": "/WPCONTENTPATH/wp-config.php",...

8.8CVSS9.6AI score0.04824EPSS
Exploits2References1
wpexploit
wpexploit
added 2023/05/26 12:0 a.m.148 views

QueryWall: Plug'n Play Firewall <= 1.1.1 - Admin+ SQLi

The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin. 1. Send GET /wp-admin/admin.php?page=querywall&orderby=datetimegmt&order=desc%2cselectfromselectsleep20a 2. See SQL execut...

7.2CVSS9.8AI score0.0089EPSS
Exploits2
wpexploit
wpexploit
added 2023/05/26 12:0 a.m.142 views

SlideOnline <= 1.2.1 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks The PoC will be displayed once the issue has...

5.4CVSS6AI score0.00444EPSS
Exploits2
wpexploit
wpexploit
added 2023/05/25 12:0 a.m.151 views

File Renaming on Upload < 2.5.2 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup Multiple inputs in the plugin's settings -- for...

4.8CVSS8.4AI score0.00442EPSS
Exploits2
wpexploit
wpexploit
added 2023/05/25 12:0 a.m.158 views

AI ChatBot < 4.5.6 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape numerous of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks to all admin when setting chatbot and all client when using chatbot 1. Go to "Settings Language Settings ChatBot Keywords" 2. Enter...

4.8CVSS8.5AI score0.00442EPSS
Exploits2
wpexploit
wpexploit
added 2023/05/25 12:0 a.m.145 views

Google Map Shortcode <= 3.1.2 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admin Note: The plugi...

5.4CVSS8.5AI score0.00444EPSS
Exploits2
wpexploit
wpexploit
added 2023/05/24 12:0 a.m.145 views

WP Custom Cursors < 3.2 - Admin+ SQLi

The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as Admin. 1. Add a new "WP Custom Cursor". 2. Return to the "WP Custom Cursors" page and click edit Cursor. 3.The WP Custom Cursors...

7.2CVSS7.3AI score0.00945EPSS
Exploits2
wpexploit
wpexploit
added 2023/05/24 12:0 a.m.174 views

Upload Resume <= 1.2.0 - Captcha Bypass

The plugin does not validate the captcha parameter when uploading a resume via the resumeuploadform shortcode, allowing unauthenticated visitors to upload arbitrary media files to the site. The PoC will be displayed once the issue has been remediated...

5.3CVSS7.3AI score0.0051EPSS
Exploits2
wpexploit
wpexploit
added 2023/05/24 12:0 a.m.158 views

Conditional Menus < 1.2.1 - Reflected XSS

The plugin does not escape a parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin Make a logged in admin open a page with the HTML code below '...

6.1CVSS8.6AI score0.00493EPSS
Exploits2
wpexploit
wpexploit
added 2023/05/23 12:0 a.m.154 views

Ultimate Dashboard < 3.7.6 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup 1. Go to "Ultimate Dashboard - Settings - General"...

4.8CVSS5.4AI score0.0047EPSS
Exploits2
wpexploit
wpexploit
added 2023/05/22 12:0 a.m.131 views

qubotchat < 1.1.6 - Unauthenticated Stored XSS

The plugin doesn't filter user input on chat, leading to bad code inserted on it be reflected on the user dashboard. 1. Enter " as the malicious payload into the chatbot input. 2. See XSS vulnerability...

6.1CVSS6.6AI score0.00499EPSS
Exploits2
wpexploit
wpexploit
added 2023/05/22 12:0 a.m.1097 views

Revolution Slider <= 6.6.12 - Author+ Remote Code Execution

The plugin does not check for valid image files upon import, leading to an arbitrary file upload which may be escalated to Remote Code Execution in some server configurations. By default, the import functionality is only available to Admin users. However, the plugin may be configured to allow...

8.8CVSS9.6AI score0.0254EPSS
Exploits2
wpexploit
wpexploit
added 2023/05/22 12:0 a.m.144 views

Easy Forms for Mailchimp < 6.8.9 - Reflected XSS

The plugin does not sanitise and escape a parameter before outputting it back in the page when the debug option is enabled, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. When the debug settings is enabled ie...

6.1CVSS5.8AI score0.01092EPSS
Exploits2
wpexploit
wpexploit
added 2023/05/22 12:0 a.m.136 views

Qubotchat < 1.1.6 – Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. 1. Add a "button" to the chatbot 2. In the "Text...

4.8CVSS5.8AI score0.00442EPSS
Exploits2
wpexploit
wpexploit
added 2023/05/22 12:0 a.m.152 views

WooCommerce Warranty Requests < 2.1.7 - Reflected XSS

The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin Make a logged in admin open the URL below v = 2.1.6...

5.8AI score0.00379EPSS
Exploits1References1
wpexploit
wpexploit
added 2023/05/22 12:0 a.m.145 views

Icegram Engage < 3.1.12 - Reflected XSS

The plugin does not escape a parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin Make a logged in admin open a page with the code below...

6.1CVSS5.7AI score0.00486EPSS
Exploits2
wpexploit
wpexploit
added 2023/05/22 12:0 a.m.163 views

Integration for Contact Form 7 and Zoho CRM, Bigin < 1.2.4 - Admin+ SQLi

The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin 1. Send a GET request with...

4.8CVSS9.8AI score0.0044EPSS
Exploits2
wpexploit
wpexploit
added 2023/05/22 12:0 a.m.148 views

Multiple Plugins from Wow-Company - Reflected XSS

The plugins do not escape the page parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin Make a logged in admin open a page with the code below ' / The XSS will be triggered when pressing...

6.1CVSS8.7AI score0.00458EPSS
Exploits2
wpexploit
wpexploit
added 2023/05/22 12:0 a.m.141 views

AI ChatBot < 4.5.5 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitize and escape its settings, allowing high-privilege users such as admin to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. 1. Go to plugin settings under "WPBot Lite Simple Text Responses" 2. Enter the payload Test Query"...

4.8CVSS5.7AI score0.0047EPSS
Exploits2
wpexploit
wpexploit
added 2023/05/22 12:0 a.m.139 views

Responsive Tabs For WPBakery Page Builder <= 1.1 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks Note: The plugin requires WPBakery Page...

5.4CVSS6AI score0.00444EPSS
Exploits2
wpexploit
wpexploit
added 2023/05/16 12:0 a.m.146 views

Photo Gallery by Ays < 5.1.7 - Reflected XSS

The plugin does not escape some parameters before outputting it back in attributes, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin Make a logged in admin open one of the URLs below v 5.1.7 -...

6.1CVSS8.7AI score0.00458EPSS
Exploits2
wpexploit
wpexploit
added 2023/05/16 12:0 a.m.144 views

File Away <= 3.9.9.0.1 - Contributor+ Stored XSS via Shortcode

The plugin does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack. fileup class='" onmouseover="alert1"'...

5.4CVSS8.6AI score0.0037EPSS
Exploits1
wpexploit
wpexploit
added 2023/05/16 12:0 a.m.151 views

Contact Form Email < 1.3.38 - Unauthenticated Stored Cross-Site Scripting

The plugin does not escape submitted values before displaying them in the HTML, leading to a Stored XSS vulnerability. 1. Publish the default form to a page by clicking on "Contact Form to Email" in the sidebar, and the "Publish" button beside the form name. 2. Visit the form on the frontend. Fil...

5.4CVSS5.8AI score0.00505EPSS
Exploits2
wpexploit
wpexploit
added 2023/05/15 12:0 a.m.144 views

Quiz Maker < 6.4.2.7 - Reflected XSS

The plugin does not escape some parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin Make a logged in admin open the URL below other URL are also affected...

6.1CVSS8.7AI score0.02138EPSS
Exploits2
wpexploit
wpexploit
added 2023/05/15 12:0 a.m.147 views

ConvertKit < 2.2.1 - Reflected XSS

The plugin does not escape a parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin Make a logged in admin open a page with the code below...

6.1CVSS8.6AI score0.00458EPSS
Exploits2
wpexploit
wpexploit
added 2023/05/15 12:0 a.m.151 views

WooCommerce Brands < 1.6.46 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks Add a Brand with an image, and assign it to ...

5.6AI score0.00374EPSS
Exploits1References1
wpexploit
wpexploit
added 2023/05/15 12:0 a.m.304 views

Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblue < 3.1.61 - Reflected XSS

The plugin does not sanitise and escape a parameter before outputting it back in the admin dashboard when the WPML plugin is also active and configured, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin Make a logged in admin open a page...

6.1CVSS5.7AI score0.00486EPSS
Exploits2
wpexploit
wpexploit
added 2023/05/15 12:0 a.m.145 views

Stop Spammers Security < 2023 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup Put the payload below in any of the "Challenge &...

4.8CVSS8.4AI score0.00442EPSS
Exploits2
Total number of security vulnerabilities4359