Lucene search
K
WpexploitRecent

4359 matches found

wpexploit
wpexploit
added 2023/04/19 12:0 a.m.139 views

BizLibrary <= 1.1 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup 1. Login as Admin. 2. Go to...

4.8CVSS7.8AI score0.00489EPSS
Exploits2
wpexploit
wpexploit
added 2023/04/19 12:0 a.m.162 views

Ad Inserter < 2.7.27 - Admin+ PHP Object Injection

The plugin unserializes user input provided via the settings, which could allow high privilege users such as admin to perform PHP Object Injection when a suitable gadget is present To simulate a gadget chain, put the following code in a plugin: class Evil public function wakeup : void die"Arbitra...

7.2CVSS9.5AI score0.16903EPSS
Exploits2
wpexploit
wpexploit
added 2023/04/19 12:0 a.m.137 views

Active Directory Integration / LDAP Integration < 4.1.1 - Unauthenticated Data Disclosure

The plugin does not have proper authorization or nonce values for some POST requests, leading to unauthenticated data disclosure. In version 4.1.0 a nonce check was added to the request, but it still lacked authorization. The admininit hook calls MoLdapLocalLogin class loginwidgetsaveoptions meth...

7.5CVSS8.5AI score0.00819EPSS
Exploits2
wpexploit
wpexploit
added 2023/04/19 12:0 a.m.167 views

Bit Form < 1.9 - RCE via Unauthenticated Arbitrary File Upload

The plugin does not validate the file types uploaded via it's file upload form field, allowing unauthenticated users to upload arbitrary files types such as PHP or HTML files to the server, leading to Remote Code Execution. As an unauthenticated user access a form containing a File Upload form...

9.8CVSS6.9AI score0.01785EPSS
Exploits2
wpexploit
wpexploit
added 2023/04/19 12:0 a.m.135 views

Help Desk WP <= 1.2.0 - Editor+ Stored XSS

The plugin does not sanitise and escape some parameters, which could allow users with a role as low as Editor to perform Cross-Site Scripting attacks. 1. Using a user with Editor Role privileges, go to the support page assigned for the Help Desk WP Plugin. 2. Click on "Add New Ticket", and fill t...

5.4CVSS8.7AI score0.00462EPSS
Exploits2
wpexploit
wpexploit
added 2023/04/19 12:0 a.m.148 views

WooCommerce Order Status Change Notifier <= 1.1.0 - Subscriber+ Arbitrary Order Status Update

The plugin does not have authorisation and CSRF when updating status orders via an AJAX action available to any authenticated users, which could allow low privilege users such as subscriber to update arbitrary order status, making them paid without actually paying for them for example Run the bel...

6.5CVSS9.3AI score0.00337EPSS
Exploits2
wpexploit
wpexploit
added 2023/04/18 12:0 a.m.117 views

Clock In Portal <= 2.1 - Designation Deletion via CSRF

The plugin does not have CSRF check when deleting designations, which could allow attackers to make logged in admins delete arbitrary designations via a CSRF attack Make a logged in admin open a page with the code below, this will make them delete the Designation with ID 2...

4.3CVSS8.5AI score0.00278EPSS
Exploits2
wpexploit
wpexploit
added 2023/04/18 12:0 a.m.140 views

Pretty Url <= 1.5.4 - Admin+ Stored XSS in plugin settings

Plugin does not sanitize and escape the URL field in the plugin settings, which could allow high-privilege users to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. 1. In the "Enter the URL: field, add the XSS payloa...

4.8CVSS7.8AI score0.00824EPSS
Exploits2
wpexploit
wpexploit
added 2023/04/18 12:0 a.m.139 views

Thumbnail carousel slider < 1.1.10 - Reflected XSS

The plugin does not sanitise and escape some parameters before outputting them back in pages, leading to Reflected Cross-Site Scripting vulnerability which could be used against high privilege users such as admin. Make a logged in admin open: GET...

6.1CVSS8AI score0.00477EPSS
Exploits2
wpexploit
wpexploit
added 2023/04/18 12:0 a.m.139 views

Clock In Portal <= 2.1 - Holidays Deletion via CSRF

The plugin does not have CSRF check when deleting Holidays, which could allow attackers to make logged in admins delete arbitrary holidays via a CSRF attack Make a logged in admin open a page with the code below, this will make them delete the Holiday with ID 1...

4.3CVSS8.5AI score0.00278EPSS
Exploits2
wpexploit
wpexploit
added 2023/04/18 12:0 a.m.182 views

Clock In Portal <= 2.1 - Staff Deletion via CSRF

The plugin does not have CSRF check when deleting Staff members, which could allow attackers to make logged in admins delete arbitrary Staff via a CSRF attack Make a logged in admin open a page with the code below, this will make them delete the Staff with ID 1...

4.3CVSS8.5AI score0.00278EPSS
Exploits2
wpexploit
wpexploit
added 2023/04/17 12:0 a.m.171 views

NEX-Forms < 8.4 - Admin+ SQL Injection

The plugin does not properly escape the table parameter, which is populated with user input, before concatenating it to an SQL query. POST /wp-admin/admin-ajax.php HTTP/1.1 Deleted Headers action=nfupdaterecord&table=Injection Point&editId=1&plugin=shared&title=exploit%60&formfields=/Deleted...

7.2CVSS7.6AI score0.44629EPSS
Exploits3References1
wpexploit
wpexploit
added 2023/04/17 12:0 a.m.162 views

Ultimate Carousel For Elementor <= 2.1.7 - Contributor+ Stored XSS

The plugin does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. The plugin author was made aware of this vulnerability...

5.4CVSS5.6AI score0.00444EPSS
Exploits2
wpexploit
wpexploit
added 2023/04/17 12:0 a.m.427 views

Japanized For WooCommerce < 2.5.8 - Reflected XSS

The plugin does not escape generated URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting With the PeachPay payment gateway enabled can be enabled via the settings: http://example.com/wp-admin/admin.php?page=wc4jp-options&tab=payment Make a logged in admin open the...

6.1CVSS6.7AI score0.0085EPSS
Exploits2
wpexploit
wpexploit
added 2023/04/17 12:0 a.m.171 views

Ultimate Carousel For WPBakery Page Builder <= 2.6 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. The plugin author was made aware of this...

5.4CVSS5.6AI score0.00444EPSS
Exploits2
wpexploit
wpexploit
added 2023/04/17 12:0 a.m.118 views

Wp-D3 <= 2.4.1 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. d3-source canvas='" onmouseover="alert1"...

5.4CVSS8.5AI score0.00444EPSS
Exploits2
wpexploit
wpexploit
added 2023/04/17 12:0 a.m.184 views

WP Popups < 2.1.5.1 - Contributor+ Stored XSS

The plugin does not properly escape the href attribute of its spu-facebook-page shortcode before outputting it back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. This is due to an insufficie...

6.5CVSS5.6AI score0.00444EPSS
Exploits2
wpexploit
wpexploit
added 2023/04/17 12:0 a.m.141 views

Video List Manager <= 1.7 - Admin+ SQL Injection

The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin SELECT query: 1. Log in as admin. 2. Visit the following path on the site:...

7.2CVSS9.8AI score0.03229EPSS
Exploits2
wpexploit
wpexploit
added 2023/04/17 12:0 a.m.131 views

Product Slider For WooCommerce Lite <= 1.1.7 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks psfwlgutenblock headingtag='h2"...

5.4CVSS5.3AI score0.00503EPSS
Exploits2
wpexploit
wpexploit
added 2023/04/17 12:0 a.m.163 views

Membership Database <= 1.0 - Reflected XSS

The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin Make a logged in admin open a page with the code below...

6.1CVSS8.6AI score0.0085EPSS
Exploits2
wpexploit
wpexploit
added 2023/04/17 12:0 a.m.232 views

Bitcoin / AltCoin Payment Gateway <= 1.7.1 - Unauthenticated SQLi

The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by authenticated users Setup: 1. Install woocommerce dependency, no setup required 2. Install the vulnerable plugin woo-altcoin-payment-gateway version 1.7.1 3. ...

9.8CVSS9.8AI score0.00898EPSS
Exploits2
wpexploit
wpexploit
added 2023/04/17 12:0 a.m.123 views

Sloth Logo Customizer <= 2.0.2 - Stored XSS via CSRF

The plugin does not have CSRF check when updating its settings, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack Make a logged in Admin open a page containing the HTML code below '...

8.8CVSS8AI score0.13871EPSS
Exploits2
wpexploit
wpexploit
added 2023/04/17 12:0 a.m.108 views

Post Shortcode <= 2.0.9 - Contributor+ Stored Cross-Site Scripting

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks pcs template='" onmouseover="alert1"...

5.4CVSS7.8AI score0.00448EPSS
Exploits2
wpexploit
wpexploit
added 2023/04/17 12:0 a.m.135 views

WP Login Box <= 2.0.2 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup Set “Greeting Text” option to: alert1 Set “Enable...

4.8CVSS7.8AI score0.00442EPSS
Exploits2
wpexploit
wpexploit
added 2023/04/17 12:0 a.m.139 views

Mega Addons For WPBakery Page Builder < 4.3.0 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. vctestimonial link='target:"...

5.4CVSS5.6AI score0.00444EPSS
Exploits2
wpexploit
wpexploit
added 2023/04/16 12:0 a.m.383 views

WPML Multilingual CMS < 4.6.1 - Reflected Cross-Site Scripting

The plugin does not escape some URL attributes before outputting them to a page, leading to a Reflected Cross-Site Scripting vulnerability. After setting up the plugin, visit the following URL: /wp-login.php?wplang=%20=id=x+type=image%20id=xss%20onfoc%3C!%3Eusin+alert0%0c...

6.3AI score
Exploits0References2
wpexploit
wpexploit
added 2023/04/12 12:0 a.m.166 views

ChatBot < 4.4.7 - Unauthenticated PHP Object Injection

The plugin unserializes user input from cookies via an AJAX action available to unauthenticated users, which could allow them to perform PHP Object Injection when a suitable gadget is present on the blog To simulate a gadget chain, put the following code in a plugin: class Evil public function...

9.8CVSS9.6AI score0.34351EPSS
Exploits2
wpexploit
wpexploit
added 2023/04/12 12:0 a.m.127 views

Cloud Manager <= 1.0 - Reflected XSS

The plugin does not sanitise and escape the query param ricerca before outputting it in an admin panel, allowing unauthenticated attackers to trick a logged in admin to trigger a XSS payload by clicking a link...

6.1CVSS8.9AI score0.0051EPSS
Exploits2
wpexploit
wpexploit
added 2023/04/12 12:0 a.m.168 views

ChatBot < 4.4.5 - Stored XSS via CSRF

The plugin does not escape most of its settings before outputting them back in the dashboard, and does not have a proper CSRF check, allowing attackers to make a logged in admin set XSS payloads in them. Note: v4.4.5 fixed the CSRF issue, the lack of escaping was fixed in 4.5.1 and a separate iss...

6.1CVSS6.5AI score0.00237EPSS
Exploits2
wpexploit
wpexploit
added 2023/04/12 12:0 a.m.178 views

WP Inventory Manager < 2.1.0.12 - Reflected XSS

The plugin does not sanitise and escape the message parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as administrators. On a page where the wpinventory shortcode is embed, append the following payloa...

6.1CVSS6.3AI score0.00458EPSS
Exploits2
wpexploit
wpexploit
added 2023/04/12 12:0 a.m.105 views

ChatBot < 4.4.9 - Unauthenticated Stored XSS

The plugin does not have authorisation and CSRF in a function hooked to init, allowing unauthenticated users to update some settings, leading to Stored XSS due to the lack of escaping when outputting them in the admin dashboard curl -X POST --data 'qcbotstrweight=" style=animation-name:rotation...

6.1CVSS6AI score0.00269EPSS
Exploits2
wpexploit
wpexploit
added 2023/04/12 12:0 a.m.119 views

ChatBot < 4.5.1 - Admin+ Stored XSS

The plugin does not sanitise and escape numerous of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup Put the following payload in the Your Company ...

4.8CVSS5.3AI score0.00442EPSS
Exploits2
wpexploit
wpexploit
added 2023/04/12 12:0 a.m.125 views

Pickup | Delivery | Dine-in date time <= 1.0.9 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup Go to this page:...

4.8CVSS8.8AI score0.00442EPSS
Exploits2
wpexploit
wpexploit
added 2023/04/12 12:0 a.m.213 views

hiWeb Migration Simple <= 2.0.0.1 Reflected Cross-Site Scripting

The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high-privilege users such as admins. The hiweb-migration-simple plugin is vulnerable to POST based XSS on endpoint...

8.7AI score0.00476EPSS
Exploits2
wpexploit
wpexploit
added 2023/04/12 12:0 a.m.146 views

UserPlus <= 2.0 - Stored XSS via CSRF

The plugin does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged-in admin add Stored XSS payloads via a CSRF attack. Open the .html file where the admin user is logged in history.pushState'', '', '/' input type="hi...

9AI score0.00319EPSS
Exploits2
wpexploit
wpexploit
added 2023/04/12 12:0 a.m.134 views

ChatBot < 4.4.9 - Subscriber+ OpenAI Settings Update to Stored XSS

The plugin does not have authorisation and CSRF in the AJAX action responsible to update the OpenAI settings, allowing any authenticated users, such as subscriber to update them. Furthermore, due to the lack of escaping of the settings, this could also lead to Stored XSS Run the below command in...

5.4CVSS5.6AI score0.00242EPSS
Exploits2
wpexploit
wpexploit
added 2023/04/10 12:0 a.m.188 views

Download Manager Pro < 6.3.0 - Unauthenticated Sensitive Information Disclosure

The plugin leaks master key information without the need for a password, allowing attackers to download arbitrary password-protected package files. - Create a password protected package containing one or more files. - Navigate to the download page of the package e.g. /download/package1 - Inspect...

7.5CVSS7.7AI score0.00738EPSS
Exploits2
wpexploit
wpexploit
added 2023/04/10 12:0 a.m.128 views

Product Catalog Feed by PixelYourSite < 2.1.1 - Reflected XSS

The plugin does not sanitise and escape the page parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin Make a logged in admin open a page with the code below ' /...

6.1CVSS8.9AI score0.00458EPSS
Exploits2
wpexploit
wpexploit
added 2023/04/10 12:0 a.m.209 views

SEOPress < 6.5.0.3 - Admin+ PHP Object Injection

The plugin unserializes user input provided via the settings, which could allow high-privilege users such as admin to perform PHP Object Injection when a suitable gadget is present. To simulate a gadget chain, put the following code in a plugin: class Evil public function wakeup : void...

7.2CVSS6.5AI score0.18505EPSS
Exploits2
wpexploit
wpexploit
added 2023/04/10 12:0 a.m.127 views

WP Custom Author URL < 1.0.5 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. 1. Login as Admin. 2. Go to...

4.8CVSS5.3AI score0.00501EPSS
Exploits2
wpexploit
wpexploit
added 2023/04/10 12:0 a.m.171 views

Product Catalog Feed by PixelYourSite < 2.1.1 - Reflected XSS

The plugin does not sanitise and escape the edit parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as administrators. Make a logged in admin open the following URL:...

6.1CVSS6.3AI score0.00519EPSS
Exploits2
wpexploit
wpexploit
added 2023/04/10 12:0 a.m.236 views

Blocksy Companion < 1.8.82 - Subscriber+ Draft Post Access

The plugin does not ensure that posts to be accessed via a shortcode are already public and can be viewed, allowing any authenticated users, such as subscriber to access draft posts for example Run the below command in the developer console of the web browser while being on the blog as a subscrib...

4.3CVSS9.2AI score0.0055EPSS
Exploits2
wpexploit
wpexploit
added 2023/04/10 12:0 a.m.150 views

Advanced Custom Fields < 5.12.5 - Contributor+ PHP Object Injection

The plugin unserializes user controllable data, which could allow users with a role of Contributor and above to perform PHP Object Injection when a suitable gadget is present. Setup As admin - To simulate a gadget chain, put the following code in a plugin: class Evil public function wakeup : void...

8.8CVSS9.6AI score0.0108EPSS
Exploits3
wpexploit
wpexploit
added 2023/04/10 12:0 a.m.1561 views

Advanced Custom Fields < 6.1.0 - Contributor+ PHP Object Injection

The plugin unserializes user controllable data, which could allow users with a role of Contributor and above to perform PHP Object Injection when a suitable gadget is present. Setup As admin - To simulate a gadget chain, put the following code in a plugin: class Evil public function wakeup : void...

8.8CVSS9.6AI score0.0108EPSS
Exploits3
wpexploit
wpexploit
added 2023/04/10 12:0 a.m.125 views

Limit Login Attempts < 1.7.2 - Subscriber+ Stored XSS

The plugin does not sanitize and escape usernames when outputting them back in the logs dashboard, which could allow any authenticated users, such as subscriber to perform Stored Cross-Site Scripting attacks import requests import sys import re if lensys.argv != 4: print'USAGE: python %s ' %...

5.4CVSS5.6AI score0.28799EPSS
Exploits2
wpexploit
wpexploit
added 2023/04/06 12:0 a.m.261 views

Formidable Forms < 6.2 - Unauthenticated PHP Object Injection

The plugin unserializes user input, which could allow anonymous users to perform PHP Object Injection when a suitable gadget is present. To simulate a gadget chain, put the following code in a plugin: class Evil public function wakeup : void die"Arbitrary deserialization"; 1. Active this plugin a...

9.6AI score0.00702EPSS
Exploits2
wpexploit
wpexploit
added 2023/04/06 12:0 a.m.113 views

Limit Login Attempts < 1.7.2 - Unauthenticated Stored XSS

The plugin does not sanitize and escape the IP address retrieved from headers such as X-Forwarded-For when the "Site Connection" settings is set to "From behind a reversy proxy", which could allow unauthenticated attackers to perform Stored Cross-Site Scripting attacks Setup: As admin, set the...

7.2CVSS6.3AI score0.00789EPSS
Exploits3
wpexploit
wpexploit
added 2023/04/05 12:0 a.m.144 views

Slimstat Analytics < 4.9.4 - Subscriber+ SQL Injection

The plugin does not prevent subscribers from rendering certain shortcodes that concatenate attributes directly into an SQL query...

7.3AI score
Exploits0References1
wpexploit
wpexploit
added 2023/04/05 12:0 a.m.123 views

Stagtools < 2.3.7 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. 1. Create a Post and add a Shortcode. 2...

5.4CVSS8.8AI score0.00444EPSS
Exploits2
wpexploit
wpexploit
added 2023/04/05 12:0 a.m.153 views

Site Reviews < 6.7.1 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. 1. Login as Admin. 2. Go to...

4.8CVSS8.8AI score0.00501EPSS
Exploits2
Total number of security vulnerabilities4359