Lucene search
K
WpexploitRecent

4359 matches found

wpexploit
wpexploit
added 2023/04/05 12:0 a.m.135 views

WP SMTP Mailing Queue < 2.0.1 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup 1. Navigate to "Settings SMTP Mailing Queue Tools"...

4.8CVSS8.8AI score0.00535EPSS
Exploits2References1
wpexploit
wpexploit
added 2023/04/04 12:0 a.m.204 views

Zyrex Popup < 1.1 - Admin+ Arbitrary File Upload

The plugin does not validate the type of files uploaded when creating a popup, allowing a high privileged user such as an Administrator to upload arbitrary files, even when modifying the file system is disallowed, such as in a multisite install. Create a new popup by filling in anything in the...

7.2CVSS9.2AI score0.00962EPSS
Exploits2
wpexploit
wpexploit
added 2023/04/04 12:0 a.m.189 views

Quick Paypal Payments < 5.7.26.4 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup Original request - with sandbox=checked POST...

4.8CVSS5.3AI score0.0047EPSS
Exploits2
wpexploit
wpexploit
added 2023/04/04 12:0 a.m.142 views

Amr Ical Events Lists <= 6.6 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup 1. Login as Admin. 2. Go to...

4.8CVSS8.8AI score0.00442EPSS
Exploits2
wpexploit
wpexploit
added 2023/04/03 12:0 a.m.141 views

Steveas WP Live Chat Shoutbox <= 1.4.2 - Unauthenticated SQLi

The plugin does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection. Submit a message in the chatbox, intercept the request using Burp Suite for example. Edit the request to reflect this request:...

9.8CVSS9.6AI score0.0499EPSS
Exploits2
wpexploit
wpexploit
added 2023/04/03 12:0 a.m.134 views

Steveas WP Live Chat Shoutbox <= 1.4.2 - Unauthenticated Stored XSS

The plugin does not sanitise and escape a parameter before outputting it back in the Shoutbox, leading to Stored Cross-Site Scripting which could be used against high privilege users such as admins. On a clean Wordpress on localhost: 1. Modify the Shoutboxalias cookie with a value such as 2. Send...

6.1CVSS6.1AI score0.00458EPSS
Exploits2
wpexploit
wpexploit
added 2023/04/03 12:0 a.m.120 views

Ajax Search Lite Pro < 4.26.2 - Multiple Reflected Cross-Site Scripting

The plugin does not sanitise and escape various parameters before outputting them back in pages, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin Make a logged in admin open a page with the code below...

6.1CVSS6.3AI score0.00458EPSS
Exploits2
wpexploit
wpexploit
added 2023/04/03 12:0 a.m.178 views

Ajax Search Lite < 4.11.1, Pro < 4.26.2 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape a parameter before outputting it back in a response of an AJAX action, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin Make a logged in admin open a page with the code below...

6.1CVSS6.3AI score0.00493EPSS
Exploits2
wpexploit
wpexploit
added 2023/04/03 12:0 a.m.181 views

WPCode Lite < 2.0.9 - Arbitrary Log File Deletion via CSRF

The plugin has a flawed CSRF when deleting log, and does not ensure that the file to be deleted is inside the expected folder. This could allow attackers to make users with the wpcodeactivatesnippets capability delete arbitrary log files on the server, including outside of the blog folders Make a...

6.5CVSS7AI score0.00307EPSS
Exploits2
wpexploit
wpexploit
added 2023/04/03 12:0 a.m.133 views

Random Text <= 0.3.0 - Subscriber+ SQLi

The plugin does not properly sanitize and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by any authenticated users, such as subscribers. fetch'/wp-admin/admin-ajax.php', method: 'POST', headers: new Headers 'Content-Type':...

8.8CVSS9.2AI score0.0089EPSS
Exploits2
wpexploit
wpexploit
added 2023/04/03 12:0 a.m.118 views

WP FEvents Book <= 0.46 - Subscriber+ Stored XSS

The plugin does not sanitise and escape some parameters, which could allow any authenticated users, such as subscriber to perform Cross-Site Scripting attacks 1. Create an event page using the plugin. 2. Access the page using an account with Subscriber role. 3. In the 'User notes' section, inject...

5.4CVSS5.8AI score0.00441EPSS
Exploits2
wpexploit
wpexploit
added 2023/04/03 12:0 a.m.89 views

WP FEvents Book <= 0.46 - Subscriber+ Arbitrary Booking Manipulation via IDOR

The plugin does not ensures that bookings to be updated belong to the user making the request, allowing any authenticated user to book, add notes, or cancel booking on behalf of other users. 1. Book or cancel booking an event using an authenticated user. 2. Intercept the request using an HTTP Pro...

6.5CVSS6.9AI score0.00555EPSS
Exploits2
wpexploit
wpexploit
added 2023/03/29 12:0 a.m.141 views

Easy Forms for MailChimp < 6.8.8 - Reflected XSS

The plugin does not sanitise and escape some parameters before outputting them back in the response, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin Make a logged in admin open a page with the following code this requires the attacker to...

6.1CVSS6.3AI score0.00559EPSS
Exploits2
wpexploit
wpexploit
added 2023/03/29 12:0 a.m.133 views

Weaver Xtreme Theme Support < 6.2.7 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. Required theme:...

5.4CVSS5.2AI score0.00471EPSS
Exploits2
wpexploit
wpexploit
added 2023/03/28 12:0 a.m.113 views

Video Central for WordPress <= 1.3.0 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks video-central-subtitle src="'...

5.4CVSS5.6AI score0.00444EPSS
Exploits2
wpexploit
wpexploit
added 2023/03/28 12:0 a.m.104 views

MS-Reviews <= 1.5 - Subscriber+ Stored XSS

The plugin does not sanitise and escape reviews, which could allow users any authenticated users, such as Subscribers to perform Stored Cross-Site Scripting attacks As a subscriber, submit a review a page/post with msreviews embed with the following payload: alert/XSS/ The XSS will be triggered...

5.4CVSS5.6AI score0.00441EPSS
Exploits2
wpexploit
wpexploit
added 2023/03/27 12:0 a.m.115 views

Easy Forms for MailChimp < 6.8.7 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks As a contributor, put the below shortcodes i...

5.4CVSS5.6AI score0.00529EPSS
Exploits2
wpexploit
wpexploit
added 2023/03/27 12:0 a.m.110 views

TF Random Numbers < 2.0.1 - Subscriber+ Arbitrary Option Update

The plugin does not have authorisation and CSRF check in an AJAX action, and does not ensure that the options to be updated belong to the plugin. As a result, it could allow any authenticated users, such as subscriber, to update arbitrary blog options, such as enabling registration and set the...

6.5CVSS6.9AI score0.00301EPSS
Exploits2
wpexploit
wpexploit
added 2023/03/27 12:0 a.m.131 views

Responsive WordPress Slideshows 3.29.0 - Reflected XSS

The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin Make a logged in admin open a page with the code below '/...

6.1CVSS6.3AI score0.00458EPSS
Exploits2
wpexploit
wpexploit
added 2023/03/27 12:0 a.m.136 views

Gallery by BestWebSoft < 4.7.0 - Author+ SQL Injection

The plugin does not properly escape values used in SQL queries, leading to an Blind SQL Injection vulnerability. The attacker must have at least the privileges of an Author, and the vendor's Slider plugin https://wordpress.org/plugins/slider-bws/ must also be installed for this vulnerability to b...

8.8CVSS9.2AI score0.00873EPSS
Exploits2
wpexploit
wpexploit
added 2023/03/27 12:0 a.m.158 views

WC Fields Factory < 4.1.7 - ShopManager+ SQLi

The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin...

7.2CVSS7.9AI score0.00909EPSS
Exploits2References1
wpexploit
wpexploit
added 2023/03/27 12:0 a.m.220 views

Newsletter < 7.6.9 - Reflected XSS

The plugin does not escape generated URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as administrators Make a logged in admin open...

6.1CVSS5.7AI score0.01198EPSS
Exploits1References1
wpexploit
wpexploit
added 2023/03/27 12:0 a.m.134 views

Photo Gallery by 10Web < 1.8.15 - Admin+ Path Traversal

- The plugin did not ensure that uploaded files are kept inside its uploads folder, allowing high privilege users to put images anywhere in the filesystem via a path traversal vector. - Path Traversal Vulnerabillity also allows listing the entire folder & image file in the system. - The below...

4.9CVSS5.5AI score0.00783EPSS
Exploits2
wpexploit
wpexploit
added 2023/03/27 12:0 a.m.84 views

Gallery by BestWebSoft < 4.7.0 - Author+ Stored Cross-Site Scripting

The plugin does not perform proper sanitization of gallery information, leading to a Stored Cross-Site Scription vulnerability. The attacker must have at least the privileges of the Author role. 1. Go to Galleries Add New. 2. Click "Add Media" and choose or upload an image. 3. When publishing or...

5.4CVSS5.9AI score0.00444EPSS
Exploits2
wpexploit
wpexploit
added 2023/03/27 12:0 a.m.130 views

WP Meta SEO < 4.5.5 - Author+ PHAR Deserialization

The plugin does not validate image file paths before attempting to manipulate the image files, leading to a PHAR deserialization vulnerability. Furthermore, the plugin contains a gadget chain which may be used in certain configurations to achieve remote code execution. 1. Use a WordPress instance...

8.8CVSS8.9AI score0.01689EPSS
Exploits2References1
wpexploit
wpexploit
added 2023/03/23 12:0 a.m.793 views

WooCommerce Payments < 5.6.2 - Unauthenticated Privilege Escalation

The plugin has a flaw allowing unauthenticated attackers to create an admin account and take over the blog POST /wp-json/wp/v2/users HTTP/1.1 Host: 127.0.0.1 Upgrade-Insecure-Requests: 1 Accept:...

9.8CVSS9.3AI score0.86919EPSS
Exploits9References1
wpexploit
wpexploit
added 2023/03/22 12:0 a.m.105 views

Woo Bulk Price Update < 2.2.2 - Reflected XSS

The plugin does not sanitize and escape escape the page parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin Make a logged in admin open...

5.4CVSS5.3AI score0.00887EPSS
Exploits2References1
wpexploit
wpexploit
added 2023/03/22 12:0 a.m.164 views

Waiting: One-click Countdowns <= 0.6.2 - Subscriber+ SQLi

The plugin does not properly sanitise and escape the pbcdownmetaid parameter before using it in a SQL statement via the pbcsavedowns AJAX action, leading to a SQL injection exploitable by any authenticated users, such as subscriber Run the below command in the developer console of the web browser...

8.8CVSS9.2AI score0.00872EPSS
Exploits2References1
wpexploit
wpexploit
added 2023/03/22 12:0 a.m.426 views

W4 Post List < 2.4.6 - Contributor+ Stored XSS

The plugin does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. On a post, add a "W4 Post List" block, select a list a...

5.4CVSS5.6AI score0.00444EPSS
Exploits2
wpexploit
wpexploit
added 2023/03/22 12:0 a.m.97 views

InPost Gallery <= 2.1.4.1 - Reflected XSS

The plugin does not sanitise and escape the imgurl parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin Make a logged in admin open...

5.4CVSS5.7AI score0.00441EPSS
Exploits2References1
wpexploit
wpexploit
added 2023/03/22 12:0 a.m.80 views

Pricing Tables For WPBakery Page Builder < 3.0 - Subscriber+ LFI

The plugin does not validate some shortcode attributes before using them to generate paths passed to include function/s, allowing any authenticated users such as subscriber to perform LFI attacks Run the below command in the developer console of the web browser while being on the blog as a...

6.5CVSS6.9AI score0.009EPSS
Exploits2
wpexploit
wpexploit
added 2023/03/22 12:0 a.m.145 views

Gift Voucher < 4.3.3 - Subscriber+ SQLi

The plugin does not properly sanitise and escape the template parameter before using it in a SQL statement via the wpgvdoajaxvoucherpdfsavefunc AJAX action, leading to a SQL injection exploitable by any authenticated users, such as subscriber curl "http://$TARGETHOST/wp-admin/admin-ajax.php" --da...

9.8CVSS9.8AI score0.42186EPSS
Exploits2References1
wpexploit
wpexploit
added 2023/03/22 12:0 a.m.81 views

MDTF < 1.3.1 - Reflected XSS

The plugin does not sanitise and escape the taxname parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin Make a logged in admin open...

5.4CVSS5.7AI score0.00441EPSS
Exploits2References1
wpexploit
wpexploit
added 2023/03/22 12:0 a.m.94 views

Events Made Easy <= 2.3.14 - Subscriber+ SQLi

The plugin does not properly sanitise and escape the searchname parameter before using it in a SQL statement via the emerecurrenceslist AJAX action, leading to a SQL injection exploitable by any authenticated users, such as subscriber Open the URL below while being on the blog as subscriber user...

8.8CVSS9.2AI score0.00872EPSS
Exploits2References1
wpexploit
wpexploit
added 2023/03/22 12:0 a.m.410 views

W4 Post List < 2.4.6 - Subscriber+ Password Protected Post Content Disclosure

The plugin does not ensure that password protected posts can be accessed before displaying their content, which could allow any authenticated users to access them Setup: Create a default Post list, and create a password protected post with secret content Then, run the below command in the develop...

6.5CVSS6.9AI score0.00654EPSS
Exploits2
wpexploit
wpexploit
added 2023/03/22 12:0 a.m.102 views

Formidable PRO2PDF < 3.11 - Subscriber+ SQLi

The plugin does not properly sanitise and escape the fieldmap parameter before using it in a SQL statement via the fpropdfexportfile AJAX action, leading to a SQL injection exploitable by any authenticated users, such as subscriber Run the below command in the developer console of the web browser...

8.8CVSS9.2AI score0.00926EPSS
Exploits2References1
wpexploit
wpexploit
added 2023/03/22 12:0 a.m.444 views

W4 Post List < 2.4.6 - Reflected XSS

The plugin does not escape some URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting Make a logged in admin open https://example.com/wp-admin/edit.php?posttype=w4pl&page=w4pl-docs&a"alert/XSS/ On a page where there is a list with navigation displayed put a nav in t...

6.1CVSS6.7AI score0.00458EPSS
Exploits2
wpexploit
wpexploit
added 2023/03/22 12:0 a.m.130 views

Pricing Tables For WPBakery Page Builder < 3.0 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks Note: The plugin requires WPBakery Page...

5.4CVSS5.6AI score0.00444EPSS
Exploits2
wpexploit
wpexploit
added 2023/03/22 12:0 a.m.91 views

WP Popup Banners <= 1.2.5 - Subscriber+ SQLi

The plugin does not properly sanitise and escape the value parameter before using it in a SQL statement via the getpopupdata AJAX action, leading to a SQL injection exploitable by any authenticated users, such as subscriber Run the below command in the developer console of the web browser while...

8.8CVSS9.2AI score0.00872EPSS
Exploits2References1
wpexploit
wpexploit
added 2023/03/21 12:0 a.m.100 views

Drag and Drop Multiple File Upload PRO - Contact Form 7 Standard < 2.11.1 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high-privilege users such as admins. Visit the following path on the site as an admin user:...

6.1CVSS5.9AI score0.00542EPSS
Exploits3
wpexploit
wpexploit
added 2023/03/21 12:0 a.m.542 views

Redirection < 1.1.5 - Plugin Reset via CSRF

The plugin does not have CSRF checks in the uninstall action, which could allow attackers to make logged in admins delete all the redirections through a CSRF attack. https://example.com/wp-admin/admin-post.php?action=iruninstall...

6.5CVSS6.3AI score0.00326EPSS
Exploits2
wpexploit
wpexploit
added 2023/03/21 12:0 a.m.91 views

Drag and Drop Multiple File Upload PRO - Contact Form 7 with Remote Storage Integrations < 5.0.6.4 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high-privilege users such as admins. Visit the following path on the site as an admin user:...

6.1CVSS5.9AI score0.00542EPSS
Exploits3
wpexploit
wpexploit
added 2023/03/20 12:0 a.m.161 views

Groundhogg Contacts < 2.7.9.4 - Admin+ SQLi

The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admins 1. Login as a WordPress administrator or any of the custom roles from GroundHogg 2. Navigate to the URL:...

7.2CVSS7.9AI score0.0085EPSS
Exploits2
wpexploit
wpexploit
added 2023/03/20 12:0 a.m.158 views

FluentForms < 4.3.25 - Contributor+ Stored XSS via Custom HTML Form Field

The plugin does not properly sanitize and escape the srcdoc attribute in iframes in it's custom HTML field type, allowing a logged in user with roles as low as contributor to inject arbitrary javascript into a form which will trigger for any visitor to the form or admins previewing or editing the...

5.4CVSS6.2AI score0.00478EPSS
Exploits2
wpexploit
wpexploit
added 2023/03/20 12:0 a.m.106 views

Simple Giveaways < 2.45.1 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup As admin, add/edit a sharing method "Giveaways"...

4.8CVSS5.3AI score0.00442EPSS
Exploits2
wpexploit
wpexploit
added 2023/03/20 12:0 a.m.92 views

All-In-One Security (AIOS) < 5.1.5 - Admin+ Arbitrary File/Folder Access via Traversal

The plugin does not limit what log files to display in it's settings pages, allowing an authorized user admin+ to view the contents of arbitrary files and list directories anywhere on the server to which the web server has access. The plugin only displays the last 50 lines of the file. POST...

4.9CVSS5.7AI score0.19921EPSS
Exploits2
wpexploit
wpexploit
added 2023/03/20 12:0 a.m.395 views

Klaviyo <= 3.0.10 - Admin+ Stored XSS

The plugin does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. 1. Go to Klaviyo Settings, and at Klaviyo Setting...

4.8CVSS5.4AI score0.00442EPSS
Exploits2
wpexploit
wpexploit
added 2023/03/20 12:0 a.m.123 views

All-In-One Security (AIOS) < 5.1.5 - Admin+ Stored XSS

The plugin does not escape the content of log files before outputting it to the plugin admin page, allowing an authorized user admin+ to plant bogus log files containing malicious JavaScript code that will be executed in the context of any administrator visiting this page. Just create a test.pdf...

4.8CVSS6.1AI score0.32462EPSS
Exploits2
wpexploit
wpexploit
added 2023/03/20 12:0 a.m.194 views

Hummingbird < 3.4.2 - Unauthenticated Path Traversal

The plugin does not validate the generated file path for page cache files before writing them, leading to a path traversal vulnerability in the page cache module. This allows an attacker to: - Enumerate file system directories where the user who starts the web server process has write access. -...

9.8CVSS9.1AI score0.01119EPSS
Exploits2
wpexploit
wpexploit
added 2023/03/20 12:0 a.m.82 views

Time Sheets < 1.29.3 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup 1. Login as Admin. 2. Go to...

4.8CVSS5.3AI score0.00442EPSS
Exploits2
Total number of security vulnerabilities4359