Lucene search
K
WpexploitRecent

4359 matches found

wpexploit
wpexploit
added 2023/05/15 12:0 a.m.158 views

WooCommerce Composite Products < 8.7.6 - Reflected XSS

The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin On a page where a Component Product is displayed, append...

5.8AI score0.00396EPSS
Exploits1References1
wpexploit
wpexploit
added 2023/05/15 12:0 a.m.107 views

Stop Spammers Security < 2023 - Reflected XSS

The plugin does not sanitise and escape various parameters before outputting them back in admin dashboard pages, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin Make a logged in admin open a page containing the code below...

6.1CVSS5.7AI score0.00522EPSS
Exploits2
wpexploit
wpexploit
added 2023/05/15 12:0 a.m.123 views

WooCommerce Ship to Multiple Addresses < 3.8.4 - Subscriber+ Shipping Address Disclosure via IDOR

The plugin does not ensure that the order to display the shipping address from belong to the user making the request, allowing any authenticated users, such as subscriber to view other shipping addresses via an IDOR https://example.com/checkout/shipping-addresses/?orderid=106...

6.4AI score0.00545EPSS
Exploits1References1
wpexploit
wpexploit
added 2023/05/12 12:0 a.m.152 views

WP Multi Store Locator <= 2.5 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks storelocatorshow location="'; alert1;...

5.4CVSS8.5AI score0.00444EPSS
Exploits2
wpexploit
wpexploit
added 2023/05/12 12:0 a.m.168 views

Get Your Number <= 1.1.3 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup 1. In the plugin's settings, enter the payload...

4.8CVSS8.4AI score0.00539EPSS
Exploits2
wpexploit
wpexploit
added 2023/05/11 12:0 a.m.118 views

Frontend Post WordPress Plugin <= 2.8.4 - Contributor+ Arbitrary Redirect

The plugin does not validate an attribute of one of its shortcode, which could allow users with a role as low as contributor to add a malicious shortcode to a page/post, which will redirect users to an arbitrary domain. ap-form-message redirect="https://wpscan.com"...

5.4CVSS9.1AI score0.00433EPSS
Exploits2
wpexploit
wpexploit
added 2023/05/11 12:0 a.m.148 views

10WebSocial < 1.2.9 - Reflected XSS

The plugin does not sanitise and escape some parameter before outputting it back in a page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin Make a logged in admin open a page with the code below The XSS will be triggered when pressing...

6.1CVSS8.6AI score0.00458EPSS
Exploits2
wpexploit
wpexploit
added 2023/05/10 12:0 a.m.152 views

AP Pricing Tables Lite <= 1.1.6 - Admin+ SQLi

The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high-privilege users such as admins. POST /wp-admin/admin-ajax.php HTTP/1.1 Host: localhost Content-Length: 115 Accept: / Content-Type:...

7.2CVSS9.8AI score0.03229EPSS
Exploits2
wpexploit
wpexploit
added 2023/05/10 12:0 a.m.146 views

Hostel < 1.1.5.2 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. 1. Go to Manage Rooms and click on "Click here to...

4.8CVSS8.4AI score0.00442EPSS
Exploits2
wpexploit
wpexploit
added 2023/05/10 12:0 a.m.153 views

Seo By 10Web < 1.2.7 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. 1. Go to SEO by 10Web » Sitemap section. 2. And n...

4.8CVSS8.4AI score0.00909EPSS
Exploits3
wpexploit
wpexploit
added 2023/05/10 12:0 a.m.150 views

Directorist < 7.5.4 - Admin+ LFI

The plugin is vulnerable to Local File Inclusion as it does not validate the file parameter when importing CSV files. This PoC will work on Linux systems. 1. Navigate to the URL path: /wp-admin/edit.php?posttype=atbizdir&page=tools&step=2&file=/etc/passwd&delimiter=; 2.. You will be presented wit...

9.2AI score0.01313EPSS
Exploits2
wpexploit
wpexploit
added 2023/05/08 12:0 a.m.276 views

Download Manager < 3.2.71 - Broken Access Controls

The plugin does not adequately validate passwords for password-protected files. Upon validation, a master key is generated and exposed to the user, which may be used to download any password-protected file on the server, allowing a user to download any file with the knowledge of any one file's...

6.5CVSS9.1AI score0.00737EPSS
Exploits2
wpexploit
wpexploit
added 2023/05/08 12:0 a.m.152 views

HollerBox < 2.1.4 - Admin+ SQL Injection

The plugin concatenates user input into an SQL query without escaping it first in the plugin's report API endpoint, which could allow administrators in multi-site configuration to leak sensitive information from the site's database. 1. Login as admin 2. Make sure HollerBox is installed and...

4.9CVSS9.2AI score0.00752EPSS
Exploits2
wpexploit
wpexploit
added 2023/05/04 12:0 a.m.261 views

Advanced Custom Fields < 6.1.6 - Reflected XSS

The plugins do not escape the poststatus parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin Make a logged in admin open...

7.1CVSS6.3AI score0.38768EPSS
Exploits3
wpexploit
wpexploit
added 2023/05/03 12:0 a.m.159 views

OSM – OpenStreetMap <= 6.01 - Contributor+ Stored XSS via Shortcode

The plugin does not validate and escape some of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack. osmmap mapborder='3px solid black;background:red;width:100px;height:100px;" onmouseover="alert1"'...

5.4CVSS8.6AI score0.00444EPSS
Exploits2
wpexploit
wpexploit
added 2023/05/02 12:0 a.m.156 views

Login Rebuilder < 2.8.1 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. 1. Go to Settings » Login rebuilder 2. In Login...

4.8CVSS8.4AI score0.00552EPSS
Exploits3
wpexploit
wpexploit
added 2023/05/02 12:0 a.m.182 views

AnyWhere Elementor < 1.2.8 - Freemius API Key Disclosure

The plugin discloses a Freemius Secret Key which could be used by an attacker to purchase the pro subscription using test credit card numbers without actually paying the amount. Such key has been revoked. See the disclosed secret key in includes/pro.php...

5.3CVSS6.8AI score0.0062EPSS
Exploits2
wpexploit
wpexploit
added 2023/05/02 12:0 a.m.134 views

Add to Feedly <= 1.2.11 - Admin+ Stored XSS

The plugin does not sanitize and escape its settings, allowing high-privilege users such as admin to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. Install the plugin and insert the following payload in the field "Feed URL http://...": 1"alert1 Save th...

4.8CVSS8.7AI score0.00472EPSS
Exploits2
wpexploit
wpexploit
added 2023/05/02 12:0 a.m.748 views

Elementor Website Builder < 3.12.2 - Admin+ SQLi

The plugin does not properly sanitize and escape the Replace URL parameter in the Tools module before using it in a SQL statement, leading to a SQL injection exploitable by users with the Administrator role. 1. Go to Elementor Tools Replace URL 2. Fill the first field with http://localhost:8000/ ...

7.2CVSS7.3AI score0.19695EPSS
Exploits7
wpexploit
wpexploit
added 2023/05/02 12:0 a.m.150 views

WP Fatest Cache < 1.1.5 - Blind SSRF via CSRF

The plugin does not have CSRF check in an AJAX action, and does not validate user input before using it in the wpremoteget function, leading to a Blind SSRF issue Note: CSRF was fixed in 1.1.4, the SSRF in 1.1.5 Make a logged in admin open...

8.8CVSS9.1AI score0.08466EPSS
Exploits2
wpexploit
wpexploit
added 2023/05/02 12:0 a.m.155 views

Newsletter Popup <= 1.2 - Unauthenticated Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow unauthenticated users to perform Stored Cross-Site Scripting attacks 1. Create a Newsletter popup any will do and publish it. 2. Use an incognito window and open the website involved, then run the following code in th...

6.1CVSS8.6AI score0.0051EPSS
Exploits2
wpexploit
wpexploit
added 2023/05/02 12:0 a.m.135 views

Loginizer 1.7.8 - Reflected XSS

The plugin does not escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin Make a logged in admin open a page with the code below...

6.1CVSS8.6AI score0.00493EPSS
Exploits2
wpexploit
wpexploit
added 2023/05/02 12:0 a.m.447 views

Otter - Gutenberg Blocks < 2.2.6 - Author+ PHAR Deserialization

The plugin does not sanitize some user-controlled file paths before performing file operations on them. This leads to a PHAR deserialization vulnerability on PHP startBuffering; $phar-addFromString'test.png', 'text'; $phar-setStub"\xff\xd8\xff\n"; $phar-setMetadatanew Evil; $phar-stopBuffering; 2...

8.8CVSS9.1AI score0.17973EPSS
Exploits2
wpexploit
wpexploit
added 2023/05/02 12:0 a.m.485 views

Image Optimizer by 10web < 1.0.27 - Admin+ Path Traversal

The plugin does not sanitize the dir parameter when handling the getsubdirs ajax action, allowing a high privileged users such as admins to inspect names of files and directories outside of the sites root. - Payload: ../../../../../../../../../../../../../../../../../../../ - At the "Other...

2.7CVSS8.9AI score0.00665EPSS
Exploits2
wpexploit
wpexploit
added 2023/05/02 12:0 a.m.130 views

Newsletter Popup <= 1.2 - Record Deletion via CSRF

The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks as the wpnewslettershowlocalrecord page is not protected with a nonce...

8.8CVSS9AI score0.00389EPSS
Exploits2
wpexploit
wpexploit
added 2023/05/02 12:0 a.m.128 views

Orbit Fox < 2.10.24 - Author+ Server-Side Request Forgery

The plugin does not limit URLs which may be used for the stock photo import feature, allowing the user to specify arbitrary URLs. This leads to a server-side request forgery as the user may force the server to access any URL of their choosing. 1. Install the Log HTTP Requests plugin to inspect th...

4.3CVSS6.6AI score0.00557EPSS
Exploits2
wpexploit
wpexploit
added 2023/05/01 12:0 a.m.132 views

WP EasyPay < 4.1 - Reflected Cross-Site Scripting

The plugin does not escape some generated URLs before outputting them back in pages, leading to Reflected Cross-Site Scripting issues which could be used against high privilege users such as admin When there is no account connected, make a logged in admin open...

8.7AI score0.00458EPSS
Exploits2
wpexploit
wpexploit
added 2023/05/01 12:0 a.m.406 views

Product Addons & Fields for WooCommerce < 32.0.7 - Reflected Cross-Site Scripting

The plugin does not sanitize and escape some URL parameters, leading to Reflected Cross-Site Scripting. Ensure WooCommerce is installed. Visit the following path, while logged in as an Admin: /wp-admin/admin.php?page=ppom&productmetaid=5&dometa=edit&"alert/XSS/=1...

6.1CVSS9.1AI score0.00952EPSS
Exploits2
wpexploit
wpexploit
added 2023/04/26 12:0 a.m.156 views

ClickFunnels <= 3.1.1 - Contributor+ Stored XSS via Shortcode

The plugin does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack. clickfunnelsembed url="javascript:alert1"...

5.5AI score0.00444EPSS
Exploits2
wpexploit
wpexploit
added 2023/04/26 12:0 a.m.387 views

Image Optimizer by 10web < 1.0.27 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape the iowdtabsactive parameter before rendering it in the plugin admin panel, leading to a reflected Cross-Site Scripting vulnerability, allowing an attacker to trick a logged in admin to execute arbitrary javascript by clicking a link. Make a logged in admin...

6.3AI score0.0085EPSS
Exploits2
wpexploit
wpexploit
added 2023/04/26 12:0 a.m.117 views

WP Inventory Manager < 2.1.0.13 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting. 1. Go to WP Inventory Inventory Items and create a new Inventory Item. 2. Create a page and add the wpinventory shortcode. 3. View the new page on the frontend,...

6.2AI score0.01161EPSS
Exploits3References1
wpexploit
wpexploit
added 2023/04/26 12:0 a.m.171 views

Booking Manager < 2.0.29 - Subscriber+ SSRF

The plugin does not validate URLs input in it's admin panel or in shortcodes for showing events from a remote .ics file, allowing an attacker with privileges as low as Subscriber to perform SSRF attacks on the sites internal network. As an admin: Type in an internal URL for example...

6.4AI score0.00823EPSS
Exploits2
wpexploit
wpexploit
added 2023/04/26 12:0 a.m.193 views

SEO ALert <= 1.59 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. 1. Go to Vanilla Beans » SEO Alert. 2. In "Slack...

5.4AI score0.00472EPSS
Exploits3
wpexploit
wpexploit
added 2023/04/25 12:0 a.m.605 views

YARPP - Yet Another Related Posts Plugin < 5.30.3 - Subscriber+ SQLi

The plugin does not validate and escape some of its shortcode attributes before using them in SQL statement/s, which could allow any authenticated users, such as subscribers to perform SQL Injection attacks. Run the below command in the developer console of the web browser while being on the blog...

7.5AI score0.0094EPSS
Exploits2
wpexploit
wpexploit
added 2023/04/25 12:0 a.m.125 views

Tiempo.com <= 0.1.2 - Shortcode Deletion via CSRF

The plugin does not have CSRF check when deleting its shortcode, which could allow attackers to make logged in admins delete arbitrary shortcode via a CSRF attack Make a logged in admin open the URL below, this will make them delete the shortcode with ID 1...

6.9AI score0.00252EPSS
Exploits2
wpexploit
wpexploit
added 2023/04/25 12:0 a.m.188 views

Tiempo.com <= 0.1.2 - Stored XSS via CSRF

The plugin does not have CSRF check when creating and editing its shortcode, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack Make a logged in admin open a page with the code below input type="hid...

6.4AI score0.00237EPSS
Exploits2
wpexploit
wpexploit
added 2023/04/25 12:0 a.m.133 views

REST API TO MiniProgram <= 4.6.1 - Subscriber+ Attachment Deletion

The plugin does not have authorisation and CSRF checks in an AJAX action, allowing ay authenticated users, such as subscriber to call and delete arbitrary attachments fetch'https://example.com/wp-admin/admin-ajax.php', method: 'POST', headers: new Headers 'Content-Type':...

7AI score0.0028EPSS
Exploits2
wpexploit
wpexploit
added 2023/04/25 12:0 a.m.164 views

Tiempo.com <= 0.1.2 - Reflected XSS

The plugin does not sanitise and escape the page parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin Make a logged in admin open a page with the code below ' /...

6.4AI score0.0085EPSS
Exploits2
wpexploit
wpexploit
added 2023/04/25 12:0 a.m.135 views

URL Params < 2.5 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. urlparam htmltag='h1' attr='a'...

6.3AI score0.00503EPSS
Exploits2
wpexploit
wpexploit
added 2023/04/25 12:0 a.m.167 views

Ko-fi Button < 1.3.3 - Admin+ Stored XSS

The plugin does not properly some of its settings, which could allow high-privilege users to perform Stored Cross-Site Scripting XSS attacks even when the unfilteredhtml capability is disallowed for example in multisite setup, and we consider it a low risk. 1. In the Kofi plugin settings, change...

5.3AI score0.00442EPSS
Exploits2
wpexploit
wpexploit
added 2023/04/24 12:0 a.m.788 views

WP Visitor Statistics (Real Time Traffic) < 6.9 - Unauthenticated SQLi

The plugin does not escape user input which is concatenated to an SQL query, allowing unauthenticated visitors to conduct SQL Injection attacks. Note: The visitorId parameter's numerical prefix before the %27 must be different on each try...

9.8CVSS7.8AI score0.04234EPSS
Exploits2
wpexploit
wpexploit
added 2023/04/24 12:0 a.m.138 views

Tablesome < 1.0.9 - Reflected XSS

The plugin does not escape various generated URLs, before outputting them in attributes when some notices are displayed, leading to Reflected Cross-Site Scripting Make a logged in admin open one of the URL below when the feature/tracking notice has not been dismissed yet...

6.1CVSS6.1AI score0.01067EPSS
Exploits3
wpexploit
wpexploit
added 2023/04/24 12:0 a.m.160 views

HTTP Headers < 1.18.8 - Admin+ SQL Injection

This plugin has an import functionality which executes arbitrary SQL on the server, leading to an SQL Injection vulnerability. 1. Create an SQL file with the following contents: UPDATE wpoptions SET optionvalue = "Hacked" WHERE optionname = "blogname" 2. As an admin user within WP Admin, navigate...

7.2CVSS8AI score0.00885EPSS
Exploits2
wpexploit
wpexploit
added 2023/04/24 12:0 a.m.160 views

Side Cart Woocommerce < 2.2 - Settings Reset via CSRF

The plugin does not have CSRF check when reseting its Settings, which could allow attackers to make logged in admins perform such action via a CSRF attack Make a logged in admin open https://example.com/wp-admin/admin.php?page=side-cart-woocommerce-settings&reset=yes...

8.8CVSS6.3AI score0.00273EPSS
Exploits1
wpexploit
wpexploit
added 2023/04/24 12:0 a.m.404 views

Product Addons & Fields for WooCommerce < 32.0.6 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitize and escape some of its setting fields, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example, in multisite setup. - Install the plugin and WooCommerce, whic...

4.8CVSS5.5AI score0.00461EPSS
Exploits2
wpexploit
wpexploit
added 2023/04/24 12:0 a.m.576 views

Ninja Forms < 3.6.22 - Reflected XSS

The plugin does not properly escape user input before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin Make a logged in admin open...

6.1CVSS5.7AI score0.00925EPSS
Exploits2
wpexploit
wpexploit
added 2023/04/24 12:0 a.m.170 views

tagDiv Composer < 4.0 - Reflected Cross-site Scripting

The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin Make a logged in admin open a page containing the HTML code below...

6.1CVSS5.7AI score0.00506EPSS
Exploits2
wpexploit
wpexploit
added 2023/04/20 12:0 a.m.154 views

ActiveCampaign < 8.1.12 - Contributor+ Stored XSS

The plugin does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks As a contributor, add a "AC Forms" Gutenberg block to a...

5.4CVSS7.8AI score0.00462EPSS
Exploits2
wpexploit
wpexploit
added 2023/04/19 12:0 a.m.177 views

KIWIZ Invoices Certification & PDF System <= 2.1.3 - Unauthenticated Arbitrary File Download

The plugin does not validate the path of files to be downloaded, which could allow unauthenticated attacker to read/downlaod arbitrary files, as well as perform PHAR unserialization assuming they can upload a file on the server To download ../../../../wp-config.php:...

7.5CVSS9.4AI score0.00866EPSS
Exploits2
wpexploit
wpexploit
added 2023/04/19 12:0 a.m.168 views

RapidExpCart <= 1.0 - Stored XSS via CSRF

The plugin does not sanitize and escape the url parameter in the rapidexpcart endpoint before storing it and outputting it back in the page, leading to a Stored Cross-Site Scripting vulnerability which could be used against high-privilege users such as admin, furthermore lack of csrf protection...

5.4CVSS8.3AI score0.00239EPSS
Exploits2
Total number of security vulnerabilities4359