Lucene search
K
WpexploitRecent

4359 matches found

wpexploit
wpexploit
•added 2023/03/20 12:0 a.m.•258 views

JetEngine < 3.1.3.1 - Author+ Remote Code Execution

The plugin includes uploaded files without adequately ensuring that they are not executable, leading to a remote code execution vulnerability. fetch"/wp-admin/admin.php?action=jetengineformsimport", "headers": "accept": "text/html", "content-type": "multipart/form-data;...

8.8CVSS9.1AI score0.01519EPSS
Exploits2
wpexploit
wpexploit
•added 2023/03/20 12:0 a.m.•90 views

WordPress Amazon S3 Plugin < 1.6 - Reflected XSS

The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

4.8CVSS5.5AI score0.00442EPSS
Exploits2
wpexploit
wpexploit
•added 2023/03/20 12:0 a.m.•78 views

Simple Giveaways < 2.45.1 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup Login with admin user and navigate to "Giveaways...

4.8CVSS5.3AI score0.00442EPSS
Exploits2
wpexploit
wpexploit
•added 2023/03/20 12:0 a.m.•90 views

Simple Giveaways < 2.45.1 - Editor+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its Giveaways options, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup Login with an editor user and add/edit a...

4.8CVSS5.3AI score0.00446EPSS
Exploits2
wpexploit
wpexploit
•added 2023/03/20 12:0 a.m.•122 views

Scheduled Announcements Widget < 1.0 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. Note: First you need to add an Announcement...

5.4CVSS5.6AI score0.00444EPSS
Exploits2
wpexploit
wpexploit
•added 2023/03/20 12:0 a.m.•128 views

Stylish Cost Calculator Premium < 7.9.0 - Unauthenticated Stored XSS

The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Stored Cross-Site Scripting which could be used against admins when viewing submissions submitted through the Email Quote Form. POST /wp-admin/admin-ajax.php HTTP/2 Host: hosthere Content-Lengt...

6.1CVSS6.6AI score0.00458EPSS
Exploits2
wpexploit
wpexploit
•added 2023/03/17 12:0 a.m.•96 views

Article Directory <= 1.3 - Admin+ Stored XSS

The plugin does not properly sanitize the publishtermstext setting before displaying it in the administration panel, which may enable administrators to conduct Stored XSS attacks in multisite contexts. POST /wordpress/wp-admin/options.php HTTP/1.1 Host: 172.28.128.6 User-Agent: Mozilla/5.0 Window...

4.8CVSS5.1AI score0.0047EPSS
Exploits2
wpexploit
wpexploit
•added 2023/03/16 12:0 a.m.•152 views

WP Tiles <= 1.1.2 - Subscriber+ Draft/Private Post Title Disclosure

The plugin does not ensure that posts to be displayed are not draft/private, allowing any authenticated users, such as subscriber to retrieve the titles of draft and privates posts for example. AN attacker could also retrieve the title of any other type of post. Run the below command in the...

6.5CVSS6.4AI score0.00795EPSS
Exploits2
wpexploit
wpexploit
•added 2023/03/16 12:0 a.m.•77 views

WP Tiles <= 1.1.2 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks wp-tiles extraclasses='"...

5.4CVSS5.2AI score0.00471EPSS
Exploits2
wpexploit
wpexploit
•added 2023/03/14 12:0 a.m.•179 views

Modern Events Calendar lite <= 5.16.2 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. 1. Go to the import/export section. 2. Enter the...

4.8CVSS5.3AI score0.00501EPSS
Exploits2
wpexploit
wpexploit
•added 2023/03/13 12:0 a.m.•158 views

Solidres <= 0.9.4 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup Add a new currency...

4.8CVSS5.3AI score0.00612EPSS
Exploits2References1
wpexploit
wpexploit
•added 2023/03/13 12:0 a.m.•87 views

User Role by BestWebSoft < 1.6.7 - Privilege Escalation via CSRF

The plugin does not protect against CSRF in requests to update role capabilities, leading to arbitrary privilege escalation of any role. Make a logged in admin open a page with the code below. Then, log in as a subscriber and see that you have full admin access...

8.8CVSS8.9AI score0.00411EPSS
Exploits2
wpexploit
wpexploit
•added 2023/03/13 12:0 a.m.•400 views

Solidres <= 0.9.4 - Multiple Reflected XSS

The plugin does not sanitise and escape numerous parameter before outputting them back in pages, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin Make a logged in admin open...

6.1CVSS6.3AI score0.00458EPSS
Exploits2
wpexploit
wpexploit
•added 2023/03/13 12:0 a.m.•100 views

Shopping Cart & eCommerce Store < 5.4.3 - Admin+ LFI

The plugin does not validate HTTP requests, allowing authenticated users with admin privileges to perform LFI attacks. 1. Login as Admin. 2. Go to wp-admin/admin.php?page=wp-easycart-products&subpage=products 3. Click on Import Products. Browse any file and click on import file. Intercept the...

7.2CVSS7.2AI score0.01084EPSS
Exploits2
wpexploit
wpexploit
•added 2023/03/11 12:0 a.m.•123 views

WH Testimonials <= 3.0.0 - Unauthenticated Stored XSS

The plugin does not sanitise and escape the whhomepage, whtextshort and whtextfull parameters of submitted Testimonials, which could allow unauthenticated attackers to perform Stored Cross-Site Scripting attacks curl -X POST 'http://example.com/add/' \ -H 'Content-Type: multipart/form-data;...

7.2CVSS6.3AI score0.00743EPSS
Exploits2References1
wpexploit
wpexploit
•added 2023/03/10 12:0 a.m.•495 views

Redirection < 1.1.4 - Redirect Creation via CSRF

The plugin does not add nonce verification in place when adding the redirect, which could allow attackers to add redirects via a CSRF attack. POST /wp-admin/admin-ajax.php HTTP/2 Host: sawcup.s2-tastewp.com Cookie: test=test; User-Agent: useragent Accept: / Accept-Language: en-US,en;q=0.5...

6.5CVSS6.3AI score0.00344EPSS
Exploits2
wpexploit
wpexploit
•added 2023/03/09 12:0 a.m.•113 views

Easy Forms for MailChimp < 6.8.9 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its from parameters, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup Edit a form and put the following payload i...

4.8CVSS5.4AI score0.00444EPSS
Exploits1
wpexploit
wpexploit
•added 2023/03/08 12:0 a.m.•148 views

Drag and Drop Multiple File Upload PRO - Contact Form 7 with Remote Storage Integrations < 5.0.6.3 - Path Traversal

The plugin does not properly check the value of the input "uploaddir", which is modifiable by the user. As a result, by changing the value of this input, it's possible to upload a file anywhere writable in the webserver. 1. Create a contact form and add a "multiple file upload" field. 2. Add the...

9.8CVSS9.1AI score0.03004EPSS
Exploits3
wpexploit
wpexploit
•added 2023/03/08 12:0 a.m.•120 views

Drag and Drop Multiple File Upload PRO - Contact Form 7 Standard < 2.11.0 - Path Traversal

The plugin does not properly check the value of the input "uploaddir", which is modifiable by the user. As a result, by changing the value of this input, it's possible to upload a file anywhere writable in the webserver. 1. Create a contact form and add a "multiple file upload" field. 2. Add the...

9.8CVSS9.1AI score0.03004EPSS
Exploits3
wpexploit
wpexploit
•added 2023/03/08 12:0 a.m.•129 views

Image Over Image For WPBakery Page Builder < 3.0 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. imageoverimagevc...

5.4CVSS5.2AI score0.00471EPSS
Exploits2
wpexploit
wpexploit
•added 2023/03/07 12:0 a.m.•162 views

Coming Soon & Maintenance < 4.1.7 - Unauthenticated Post/Page Access in Maintenance Mode

The plugin does not restrict access to published and non protected posts/pages when the maintenance mode is enabled, allowing unauthenticated users to access them Run the below command in the developer console of the web browser while being on the blog as unauthenticated, when maintenance mode is...

5.3CVSS6.2AI score0.01414EPSS
Exploits1
wpexploit
wpexploit
•added 2023/03/06 12:0 a.m.•118 views

Cookie Notice & Compliance for GDPR / CCPA < 2.4.7 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks As a contributor, put the below shortcode in...

5.4CVSS5.6AI score0.00457EPSS
Exploits2
wpexploit
wpexploit
•added 2023/03/06 12:0 a.m.•138 views

WP Dark Mode < 4.0.8 - Subscriber+ Local File Inclusion

The plugin does not properly sanitize the style parameter in shortcodes before using it to load a PHP template. This leads to Local File Inclusion on servers where non-existent directories may be traversed, or when chained with another vulnerability allowing arbitrary directory creation. As a...

4.3CVSS5.8AI score0.00678EPSS
Exploits2
wpexploit
wpexploit
•added 2023/03/06 12:0 a.m.•593 views

Formidable Forms < 6.1 - IP Spoofing

The plugin uses several potentially untrusted headers to determine the IP address of the client, leading to IP Address spoofing and bypass of anti-spam protections. 1. In WordPress's Settings Discussion page, add your IP address to the Disallowed Comment Keys field. This will block form submissio...

6.5CVSS7AI score0.00498EPSS
Exploits2
wpexploit
wpexploit
•added 2023/03/06 12:0 a.m.•444 views

Complianz - GDPR/CCPA Cookie Consent < 6.4.2 - Contributor+ Stored XSS

The plugins do not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks cmplz-consent-area...

5.4CVSS5.7AI score0.00558EPSS
Exploits2
wpexploit
wpexploit
•added 2023/03/06 12:0 a.m.•107 views

Multiple e-plugins - Subscriber+ Privilege Escalation

The plugins, sold by the same developer e-plugins, do not implementing any security measures in some AJAX calls. For example in the file plugin.php, the function ivdirectoriesupdateprofilesetting uses updateusermeta with any data provided by the ajax call, which can be used to give the logged in...

8.8CVSS8.6AI score0.00905EPSS
Exploits2References1
wpexploit
wpexploit
•added 2023/03/06 12:0 a.m.•98 views

Gallery Blocks with Lightbox < 3.0.8 - Subscriber+ Arbitrary Options Update

The plugin has an AJAX endpoint that can be accessed by any authenticated users, such as subscriber. The callback function allows numerous actions, the most serious one being reading and updating the WordPress options which could be used to enable registration with a default administrator user...

8.1CVSS7.8AI score0.00731EPSS
Exploits2
wpexploit
wpexploit
•added 2023/03/06 12:0 a.m.•121 views

WP Statistics < 14.0 - Authenticated SQLi

The plugin does not escape a parameter, which could allow authenticated users to perform SQL Injection attacks. By default, the affected feature is available to users with the manageoptions capability admin+, however the plugin has a settings to allow low privilege users to access it as well. Log...

8.8CVSS9.1AI score0.00898EPSS
Exploits2
wpexploit
wpexploit
•added 2023/03/03 12:0 a.m.•139 views

WP Image Carousel <= 1.0.2 - Contributor+ Stored XSS

The plugin does not sanitise and escape some parameters, which could allow users with a role as low as contributor to perform Cross-Site Scripting attacks. 1. Go to the plugin settings and insert all the settings, then save. 2. Insert the following shortcode in a post/page: wpic speed='""; alert1...

5.4CVSS5.8AI score0.00444EPSS
Exploits2
wpexploit
wpexploit
•added 2023/03/03 12:0 a.m.•114 views

Watu Quiz < 3.3.9.1 - Reflected XSS

The plugin does not sanitise and escape some parameters such as email, dn, date and points before outputting then back in a page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

6.1CVSS6.3AI score0.01252EPSS
Exploits3
wpexploit
wpexploit
•added 2023/03/03 12:0 a.m.•100 views

Schedulicity - Easy Online Scheduling <= 2.21 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. schedulenowbutton bizkey='"...

6.5CVSS5.2AI score0.0056EPSS
Exploits2
wpexploit
wpexploit
•added 2023/03/01 12:0 a.m.•109 views

menu shortcode <= 1.0 - Contributor+ Stored XSS via Shortcode

The plugin does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. Exploit shortcode: redirect duration="1"...

5.4CVSS5.6AI score0.00462EPSS
Exploits2
wpexploit
wpexploit
•added 2023/02/28 12:0 a.m.•167 views

WP Plugin Manager < 1.1.8 - Arbitrary Plugin Activation via CSRF

The plugin does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack fetch'https://example.com/wp-admin/admin-ajax.php', method: 'POST', headers: new Headers 'Content-Type':...

4.3CVSS5.6AI score0.00252EPSS
Exploits2
wpexploit
wpexploit
•added 2023/02/28 12:0 a.m.•152 views

NEX-Forms < 8.3.3 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks 1. Add a form 2. Insert the following payloa...

5.4CVSS5.6AI score0.00503EPSS
Exploits2
wpexploit
wpexploit
•added 2023/02/28 12:0 a.m.•109 views

HT Event < 1.4.6 - Arbitrary Plugin Activation via CSRF

The plugin does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack activate woocommerce plugin exploit: fetch'http://localhost/wp-admin/admin-ajax.php', method: 'POST', headers: new...

4.3CVSS5.6AI score0.00262EPSS
Exploits2
wpexploit
wpexploit
•added 2023/02/28 12:0 a.m.•163 views

WP Shamsi <= 4.3.3 - Subscriber+ Attachment Deletion

The plugin has CSRF and broken access control vulnerabilities which leads user with role as low as subscriber delete attachment. Exploit 1 attachment id delete: fetch'http://localhost/wp-admin/admin-ajax.php', method: 'POST', headers: new Headers 'Content-Type': 'application/x-www-form-urlencoded...

6.5CVSS7.2AI score0.01003EPSS
Exploits2
wpexploit
wpexploit
•added 2023/02/28 12:0 a.m.•104 views

WP Insurance < 2.1.4 - Arbitrary Plugin Activation via CSRF

The plugin does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack activate woocommerce plugin exploit: fetch'http://localhost/wp-admin/admin-ajax.php', method: 'POST', headers: new...

6.5CVSS6.9AI score0.00307EPSS
Exploits2
wpexploit
wpexploit
•added 2023/02/28 12:0 a.m.•99 views

Contact Form 7 Widget For Elementor Page Builder & Gutenberg Blocks < 1.1.6 - Arbitrary Plugin Activation via CSRF

The plugin does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack activate woocommerce plugin exploit: fetch'http://localhost/wp-admin/admin-ajax.php', method: 'POST', headers: new...

4.3CVSS5.6AI score0.00278EPSS
Exploits2
wpexploit
wpexploit
•added 2023/02/28 12:0 a.m.•530 views

OAuth Single Sign On - SSO (OAuth Client) < 6.24.2 - IdP Discard via CSRF

The plugin does not have CSRF checks when discarding Identify providers IdP, which could allow attackers to make logged in admins delete all IdP via a CSRF attack Make a logged in admin open: https://example.com/wp-admin/admin.php?page=mooauthsettings&tab=config&action=discard...

6.5CVSS6.3AI score0.00326EPSS
Exploits2
wpexploit
wpexploit
•added 2023/02/28 12:0 a.m.•138 views

Real Estate 7 < 3.3.5 - Reflected XSS

The theme does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

1AI score
Exploits0References1
wpexploit
wpexploit
•added 2023/02/28 12:0 a.m.•141 views

OAuth Single Sign On - SSO (OAuth Client) Enterprise < 48.4.9 - IdP Deletion via CSRF

The plugin does not have CSRF checks when deleting Identity Providers IdP, which could allow attackers to make logged in admins delete arbitrary IdP via a CSRF attack https://example.com/wp-admin/admin.php?page=mooauthsettings&tab=config&action=delete&app=wordpress...

6.5CVSS6.8AI score0.00442EPSS
Exploits5
wpexploit
wpexploit
•added 2023/02/28 12:0 a.m.•108 views

Free WooCommerce Theme 99fy Extension < 1.2.8 - Arbitrary Plugin Activation via CSRF

Description The plugin does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack activate woocommerce plugin exploit: fetch'http://localhost/wp-admin/admin-ajax.php', method: 'POST',...

4.3CVSS5.1AI score0.00252EPSS
Exploits2
wpexploit
wpexploit
•added 2023/02/28 12:0 a.m.•104 views

QuickSwish < 1.1.0 - Arbitrary Plugin Activation via CSRF

The plugin does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack activate woocommerce plugin exploit: fetch'/wp-admin/admin-ajax.php', method: 'POST', headers: new Headers...

4.3CVSS5.6AI score0.00252EPSS
Exploits2
wpexploit
wpexploit
•added 2023/02/28 12:0 a.m.•99 views

Real Estate 7 < 3.3.5 - Multiple CSRF

The theme does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks, for example create/delete arbitrary lead alerts, manipulate properties add/remove from favourite etc To be disclosed on March 6th...

2.9AI score
Exploits0References1
wpexploit
wpexploit
•added 2023/02/28 12:0 a.m.•94 views

Coupon Zen < 1.0.6 - Arbitrary Plugin Activation via CSRF

The plugin does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack fetch'https://example.com/wp-admin/admin-ajax.php', method: 'POST', headers: new Headers 'Content-Type':...

4.3CVSS5.2AI score0.00267EPSS
Exploits2
wpexploit
wpexploit
•added 2023/02/28 12:0 a.m.•101 views

Preview Link Generator < 1.0.4 - Arbitrary Plugin Activation via CSRF

The plugin does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack fetch'https://example.com/wp-admin/admin-ajax.php', method: 'POST', headers: new Headers 'Content-Type':...

4.3CVSS5.6AI score0.00337EPSS
Exploits2
wpexploit
wpexploit
•added 2023/02/28 12:0 a.m.•126 views

Ever Compare < 1.2.4 - Arbitrary Plugin Activation via CSRF

The plugin does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack activate woocommerce plugin exploit: fetch'http://localhost/wp-admin/admin-ajax.php', method: 'POST', headers: new...

4.3CVSS5.2AI score0.00252EPSS
Exploits2
wpexploit
wpexploit
•added 2023/02/28 12:0 a.m.•121 views

WC Sales Notification < 1.2.3 - Arbitrary Plugin Activation via CSRF

The plugin does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack fetch'https://example.com/wp-admin/admin-ajax.php', method: 'POST', headers: new Headers 'Content-Type':...

4.3CVSS5.6AI score0.00252EPSS
Exploits2
wpexploit
wpexploit
•added 2023/02/28 12:0 a.m.•99 views

WP News <= 1.1.9 - Arbitrary Plugin Activation via CSRF

The plugin does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack activate woocommerce plugin exploit: fetch'http://localhost/wp-admin/admin-ajax.php', method: 'POST', headers: new...

6.5CVSS6.9AI score0.00326EPSS
Exploits2
wpexploit
wpexploit
•added 2023/02/28 12:0 a.m.•130 views

WP Education < 1.2.7 - Arbitrary Plugin Activation via CSRF

The plugin does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack activate woocommerce plugin exploit: fetch'http://localhost/wp-admin/admin-ajax.php', method: 'POST', headers: new...

4.3CVSS5.6AI score0.00252EPSS
Exploits2
Total number of security vulnerabilities4359