Lucene search
K
WpexploitRecent

4359 matches found

wpexploit
wpexploit
•added 2024/05/31 12:0 a.m.•128 views

WP Logs Book <= 1.0.1 - Disable Logging via CSRF

Description The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack Make an admin open an HTML file containing:...

6.6AI score0.05957EPSS
Exploits2
wpexploit
wpexploit
•added 2024/05/31 12:0 a.m.•128 views

CB (legacy) <= 0.9.4.18 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup 1. Go to...

5.6AI score0.00332EPSS
Exploits2
wpexploit
wpexploit
•added 2024/05/31 12:0 a.m.•156 views

Widget Bundle <= 2.0.0 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup 1. Enable the "Text Form" widget 2. Ad...

5.6AI score0.00356EPSS
Exploits2
wpexploit
wpexploit
•added 2024/05/30 12:0 a.m.•154 views

HTML5 Video Player < 2.5.27 - Unauthenticated SQLi

Description The plugin does not sanitize and escape a parameter from a REST route before using it in a SQL statement, allowing unauthenticated users to perform SQL injection attacks % time curl "https://example.com/?restroute=/h5vp/v1/video/1&id=1'+OR+SELECT+1+FROM+SELECTSLEEP5xyz--+-"...

7.4AI score0.02639EPSS
Exploits6
wpexploit
wpexploit
•added 2024/05/30 12:0 a.m.•159 views

Responsive video embed < 0.5.1 - Contributor+ Stored XSS

Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. As a contributor, create a post...

8.3AI score0.00367EPSS
Exploits2
wpexploit
wpexploit
•added 2024/05/30 12:0 a.m.•240 views

Advanced Custom Fields < 6.3 - Contributor+ Custom Field Access

Description The plugin allows you to display custom field values for any post via shortcode without checking for the correct access 1. ADMIN: Install Advanced Custom Fields or ACF Pro 2. ADMIN: Create a new field group for posts and add a field to that 3. ADMIN: Fill in content for posts includin...

9.5AI score0.00428EPSS
Exploits2
wpexploit
wpexploit
•added 2024/05/28 12:0 a.m.•157 views

Simple Share Buttons Adder < 8.5.1 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as editors to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed 1. Go to the plugin settings 2. In the "Additional CSS" field, enter the payload 3. Save...

5.9AI score0.00399EPSS
Exploits2References1
wpexploit
wpexploit
•added 2024/05/28 12:0 a.m.•148 views

FooBox (Free and Premium) < 2.7.28 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. Go to settings and change the "Specif...

7.8AI score0.00335EPSS
Exploits2References1
wpexploit
wpexploit
•added 2024/05/28 12:0 a.m.•172 views

Expert Invoice <= 1.0.2 -Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup 1. Navigate to Expert Invoice Customer...

5.6AI score0.00398EPSS
Exploits2
wpexploit
wpexploit
•added 2024/05/27 12:0 a.m.•179 views

Easy Notify Lite < 1.1.33 - Contributor+ Stored XSS

Description The plugin does not sanitise and escape some of its Notification fields, which could allow users such as contributor and above to perform Stored Cross-Site Scripting attacks. - Create/edit a Notification https://example.com/wp-admin/post-new.php?posttype=easynotify - Put the following...

5.8AI score0.00312EPSS
Exploits2
wpexploit
wpexploit
•added 2024/05/27 12:0 a.m.•163 views

PostX < 4.1.0 - Contributor+ Stored XSS

Description The plugin does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks As a contributor, put the below code in a...

8.3AI score0.0043EPSS
Exploits2References1
wpexploit
wpexploit
•added 2024/05/24 12:0 a.m.•137 views

WordPress Jitsi Shortcode <= 0.1 - Contributor+ Stored XSS via Shortcode

Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks As a contributor, add a shortcod...

5.8AI score0.00357EPSS
Exploits2
wpexploit
wpexploit
•added 2024/05/24 12:0 a.m.•129 views

Pray For Me <= 1.0.4 - Unauthenticated Stored XSS

Description The plugin does not sanitise and escape some parameters, which could unauthenticated visitors to perform Cross-Site Scripting attacks that trigger when an admin visits the Prayer Requests in the WP Admin 1. Configure the plugin to add the first name and last name fields to the form:...

6.2AI score0.00323EPSS
Exploits2
wpexploit
wpexploit
•added 2024/05/24 12:0 a.m.•174 views

Inquiry Cart <= 3.4.2 - Stored XSS via CSRF

Description The plugin does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack Make a logged in admin open an HTML file containing: alert9995'...

9AI score0.00212EPSS
Exploits2
wpexploit
wpexploit
•added 2024/05/24 12:0 a.m.•124 views

WP Prayer II <= 2.4.7 - Settings Update via CSRF

Description The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack Have an admin open an HTML file containing:...

6.6AI score0.00211EPSS
Exploits2
wpexploit
wpexploit
•added 2024/05/24 12:0 a.m.•188 views

LuckyWP Table of Contents <= 2.1.4 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup Request: POST...

5.6AI score0.00342EPSS
Exploits2
wpexploit
wpexploit
•added 2024/05/24 12:0 a.m.•159 views

Similarity <= 3.0 - Plugin Reset via CSRF

Description The plugin does not have CSRF check in place when resetting its settings, which could allow attackers to make a logged in admin reset them via a CSRF attack Make a logged in admin open an HTML file containing:...

9.4AI score0.002EPSS
Exploits2
wpexploit
wpexploit
•added 2024/05/24 12:0 a.m.•121 views

SVGMagic <= 1.1 - Stored XSS via SVG Upload

Description The plugin does not sanitize SVG file contents, which enables users with at least the author role to SVG with malicious JavaScript to conduct Stored XSS attacks. 1. Create a SVG file with the malicious payload within it; Example SVG file:...

5.8AI score0.00312EPSS
Exploits2
wpexploit
wpexploit
•added 2024/05/24 12:0 a.m.•157 views

Similarity <= 3.0 - Stored XSS via CSRF

Description The plugin does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack Make a logged in admin open an HTML file containing: alert3' /...

9AI score0.00229EPSS
Exploits2
wpexploit
wpexploit
•added 2024/05/24 12:0 a.m.•129 views

AZAN Plugin <= 0.6 - Stored XSS via CSRF

Description The plugin does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack Make a logged in admin open an HTML file containing: alert999,2,2,3' / If the widget is...

5.9AI score0.00192EPSS
Exploits2
wpexploit
wpexploit
•added 2024/05/24 12:0 a.m.•128 views

Amen <= 3.3.1 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup 1. Go to...

5.6AI score0.00374EPSS
Exploits2
wpexploit
wpexploit
•added 2024/05/24 12:0 a.m.•136 views

Social Pixel <= 2.1 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup 1. Go to:...

5.6AI score0.00419EPSS
Exploits2
wpexploit
wpexploit
•added 2024/05/24 12:0 a.m.•124 views

Pray For Me <= 1.0.4 - Settings Update via CSRF

Description The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack Make a logged in admin open an HTML file containing:...

6.6AI score0.00198EPSS
Exploits2
wpexploit
wpexploit
•added 2024/05/24 12:0 a.m.•173 views

The Events Calendar (Free < 6.4.0.1, Pro < 6.4.0.1) - Contributor+ Arbitrary Events Access

Description The plugin does not prevent users with at least the contributor role from leaking details about events they shouldn't have access to. e.g. password-protected events, drafts, etc. Free: 1. ADMIN: Install The Events Calendar 2. ADMIN: Create events with each status: published, private,...

9.6AI score0.00464EPSS
Exploits2
wpexploit
wpexploit
•added 2024/05/24 12:0 a.m.•134 views

WP Prayer II <= 2.4.7 - Email Settings Update via CSRF

Description The plugin does not have CSRF check in place when updating its email settings, which could allow attackers to make a logged in admin change them via a CSRF attack Have an admin open an HTML file containing:...

6.6AI score0.00197EPSS
Exploits2
wpexploit
wpexploit
•added 2024/05/24 12:0 a.m.•148 views

Alemha Watermarker <= 1.3.1 - Author+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup 1. As an "author" level user, add a ne...

5.6AI score0.00359EPSS
Exploits2
wpexploit
wpexploit
•added 2024/05/24 12:0 a.m.•122 views

SVGator <= 1.2.6 - Stored XSS via SVG Upload

Description The plugin does not sanitize SVG file contents, which enables users with at least the author role to SVG with malicious JavaScript to conduct Stored XSS attacks. 1. Create a SVG file with the malicious payload within it; Example SVG file:...

5.8AI score0.00312EPSS
Exploits2
wpexploit
wpexploit
•added 2024/05/24 12:0 a.m.•167 views

WordPress Jitsi Shortcode <= 0.1 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup 1. Go to:...

5.6AI score0.00294EPSS
Exploits2
wpexploit
wpexploit
•added 2024/05/23 12:0 a.m.•160 views

Search & Replace < 3.2.2 - Admin+ SQL injection

Description The plugin does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks such as within a multi-site network. 1. Go to the Tools parameter 2. Select Search & Replace 3. Click "Do Search & Replace" 4. Change the parameters...

7.5AI score0.00444EPSS
Exploits2References1
wpexploit
wpexploit
•added 2024/05/23 12:0 a.m.•183 views

FooGallery < 2.4.15 - Author+ Stored XSS

Description The plugin does not validate and escape some of its Gallery settings before outputting them back in the page, which could allow users with a role as low as Author to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admin Create a new...

8.2AI score0.00368EPSS
Exploits2References1
wpexploit
wpexploit
•added 2024/05/23 12:0 a.m.•166 views

Floating Chat Widget < 3.2.3 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. 1. Go "Chaty Create New Widgets 3...

5.7AI score0.00426EPSS
Exploits2References1
wpexploit
wpexploit
•added 2024/05/23 12:0 a.m.•198 views

Themify Builder < 7.5.8 - Open Redirect

Description The plugin does not validate a parameter before redirecting the user to its value, leading to an Open Redirect issue curl -kvL https://www.example.com/wp-login.php \ -e http://arbitrary-referer \ -d...

6.7AI score0.00823EPSS
Exploits2
wpexploit
wpexploit
•added 2024/05/23 12:0 a.m.•462 views

Web Directory Free < 1.7.0 - Unauthenticated SQL Injection

Description The plugin does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection with different techniques like UNION, Time-Based and Error-Based. curl --url...

9.9AI score0.67288EPSS
Exploits4
wpexploit
wpexploit
•added 2024/05/22 12:0 a.m.•249 views

Sassy social share < 3.3.63 Admin+ Stored Cross-Site scripting

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup 1. Go to the plugin's settings. 2...

5.6AI score0.00456EPSS
Exploits2References1
wpexploit
wpexploit
•added 2024/05/22 12:0 a.m.•131 views

Arforms < 6.4.1 - Reflected XSS

Description The plugin does not properly escape user-controlled input when it is reflected in some of its AJAX actions. https://www.example.com/wp-admin/admin-ajax.php?action=currentmodal&positionmodal=alertdocument.domain...

6.7AI score0.00358EPSS
Exploits2
wpexploit
wpexploit
•added 2024/05/17 12:0 a.m.•165 views

Logo Slider < 4.0.0 - Contributor+ Stored XSS

Description The plugin does not validate and escape some of its Slider Settings before outputting them back in attributes, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks 1. Using a contributor account, add a Logo Slider using the Shortco...

8.3AI score0.00295EPSS
Exploits1
wpexploit
wpexploit
•added 2024/05/17 12:0 a.m.•188 views

ArForms < 6.6 - Unauthenticated RCE

Description The plugin allows unauthenticated users to modify uploaded files in such a way that PHP code can be uploaded when an upload file input is included on a form 1. Create a form with an upload input 2. As an unauthenticated user, upload an image file and intercept the request. 3. Modify i...

9.6AI score0.03345EPSS
Exploits2
wpexploit
wpexploit
•added 2024/05/17 12:0 a.m.•143 views

WP Backpack <= 2.1 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup 1. Go to...

5.6AI score0.00333EPSS
Exploits2
wpexploit
wpexploit
•added 2024/05/17 12:0 a.m.•167 views

ArForms < 6.6 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup 1. Add or edit an existing form and in...

7.9AI score0.00351EPSS
Exploits2
wpexploit
wpexploit
•added 2024/05/17 12:0 a.m.•120 views

WP Stacker <= 1.8.5 - Stored XSS via CSRF

Description The plugin does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack Make an admin open an HTML document containing: alert888' / alert2' /...

5.9AI score0.00199EPSS
Exploits2
wpexploit
wpexploit
•added 2024/05/15 12:0 a.m.•154 views

BuddyBoss Platform < 2.6.0 - Subscriber+ Comment on Private Post via IDOR

Description The plugin contains an IDOR vulnerability that allows a user to comment on a private post by manipulating the ID included in the request POST /wp-admin/admin-ajax.php HTTP/2 Host: online-communities.demos.buddyboss.com Cookie:...

4.3CVSS6.6AI score0.00375EPSS
Exploits2References2
wpexploit
wpexploit
•added 2024/05/14 12:0 a.m.•193 views

BuddyBoss Platform < 2.6.0 - Insecure Direct Object Reference on Like Comment

Description The plugin contains an IDOR vulnerability that allows a user to like a private post by manipulating the ID included in the request POST /wp-admin/admin-ajax.php HTTP/2 Host: buddyboss.example.com Cookie: REDACTED User-Agent: Mozilla/5.0 Macintosh; Intel Mac OS X 10.15; rv:120.0...

6.5AI score0.0043EPSS
Exploits2
wpexploit
wpexploit
•added 2024/05/14 12:0 a.m.•165 views

FS Product Inquiry <= 1.1.1 - Unauthenticated Stored XSS

Description The plugin does not sanitise and escape some form submissions, which could allow unauthenticated users to perform Stored Cross-Site Scripting attacks 1. Add an inquiry form using the shortcode fspi-show-products-list 2. As a non-logged in visitor, enter the payload "...

8.3AI score0.00408EPSS
Exploits2
wpexploit
wpexploit
•added 2024/05/14 12:0 a.m.•148 views

FS Product Inquiry <= 1.1.1 - Reflected XSS

Description The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin or unauthenticated users Have any user admin or unauthenticated open an HTML page with...

8.8AI score0.00478EPSS
Exploits2
wpexploit
wpexploit
•added 2024/05/14 12:0 a.m.•191 views

Insert or Embed Articulate Content into WordPress <= 4.3000000023 - Iframe Injection

Description The plugin lacks validation of URLs when adding iframes, allowing attackers to inject an iFrame in the page and thus load arbitrary content from any page. 1 Create a new post 2 Add and e-Learning block and upload a zip file 3 Select the "Insert As: Iframe" option 4 Intercept the reque...

5.4CVSS6.8AI score0.00202EPSS
Exploits2References1
wpexploit
wpexploit
•added 2024/05/14 12:0 a.m.•151 views

Jetpack < 13.4 - Contributor+ Stored Cross-Site Scripting via wpvideo Shortcode

Description The plugin did not properly escape some of its shortcode attributes, allowing users with at least the contributor role to conduct Stored XSS attacks. wpvideo OcobLTqC freedom=true preloadContent='"src=x onerror=alertdocument.cookie xss'...

6.4CVSS5.8AI score0.00372EPSS
Exploits1References1
wpexploit
wpexploit
•added 2024/05/14 12:0 a.m.•241 views

Gutenberg Blocks by Kadence Blocks < 3.2.37 - Contributor+ Stored XSS

Description The plugin does not validate and escape some of its block attributes before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks Add a Lottie Animation block to a post a...

5.9AI score0.00367EPSS
Exploits2References1
wpexploit
wpexploit
•added 2024/05/14 12:0 a.m.•204 views

The Events Calendar < 6.4.0.1 - Reflected XSS

Description The plugin does not properly sanitize user-submitted content when rendering some views via AJAX. The Events Calendar "...

6.8AI score0.01834EPSS
Exploits2
wpexploit
wpexploit
•added 2024/05/14 12:0 a.m.•161 views

Simple Ajax Chat < 20240412 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup This was partially fixed in 0240216 bu...

7.8AI score0.00335EPSS
Exploits2
wpexploit
wpexploit
•added 2024/05/14 12:0 a.m.•164 views

WP eMember < 10.3.9 - Reflected XSS

Description The plugin does not sanitize and escape the "fieldId" parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting. https://www.example.com/wp-admin/admin-ajax.php?fieldId=alertdocument.cookie&action=checkname...

9.3AI score0.0044EPSS
Exploits2
Total number of security vulnerabilities4359