Lucene search
K
WpexploitRecent

4359 matches found

wpexploit
wpexploit
•added 2023/02/28 12:0 a.m.•514 views

OAuth Single Sign On - SSO (OAuth Client) Free < 6.24.2 - IdP Deletion via CSRF

The plugin does not have CSRF checks when deleting Identity Providers IdP, which could allow attackers to make logged in admins delete arbitrary IdP via a CSRF attack https://example.com/wp-admin/admin.php?page=mooauthsettings&tab=config&action=delete&app=wordpress...

6.5CVSS6.8AI score0.00442EPSS
Exploits5
wpexploit
wpexploit
•added 2023/02/28 12:0 a.m.•133 views

HT Portfolio < 1.1.6 - Arbitrary Plugin Activation via CSRF

The plugin does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack activate woocommerce plugin exploit: fetch'http://localhost/wp-admin/admin-ajax.php', method: 'POST', headers: new...

4.3CVSS5.6AI score0.00281EPSS
Exploits2
wpexploit
wpexploit
•added 2023/02/28 12:0 a.m.•95 views

HT Slider For Elementor < 1.4.0 - Arbitrary Plugin Activation via CSRF

The plugin does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack activate woocommerce plugin exploit: fetch'http://localhost/wp-admin/admin-ajax.php', method: 'POST', headers: new...

4.3CVSS1.3AI score0.00262EPSS
Exploits2
wpexploit
wpexploit
•added 2023/02/28 12:0 a.m.•120 views

WoodMart < 7.1.2 - License Update/Deactivation via CSRF

The theme does not have CSRF checks when updating and deactivating the license, which could allow attackers to make logged in admins perform such actions via CSRF attacks To deactivate the license...

1.3AI score
Exploits0References1
wpexploit
wpexploit
•added 2023/02/28 12:0 a.m.•139 views

Smart Slider 3 < 3.5.1.14 - Contributor+ Stored XSS

The plugin does not properly validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks smartslider3 slider="'-alert/XSS/-'...

5.4CVSS5.6AI score0.00478EPSS
Exploits2
wpexploit
wpexploit
•added 2023/02/28 12:0 a.m.•108 views

OAuth Single Sign On - SSO (OAuth Client) Premium < 38.4.9 - IdP Deletion via CSRF

The plugin does not have CSRF checks when deleting Identity Providers IdP, which could allow attackers to make logged in admins delete arbitrary IdP via a CSRF attack https://example.com/wp-admin/admin.php?page=mooauthsettings&tab=config&action=delete&app=wordpress...

6.5CVSS6.8AI score0.00442EPSS
Exploits5
wpexploit
wpexploit
•added 2023/02/28 12:0 a.m.•121 views

WP Film Studio < 1.3.5 - Arbitrary Plugin Activation via CSRF

The plugin does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack activate woocommerce plugin exploit: fetch'http://localhost/wp-admin/admin-ajax.php', method: 'POST', headers: new...

6.5CVSS6.9AI score0.00307EPSS
Exploits2
wpexploit
wpexploit
•added 2023/02/28 12:0 a.m.•99 views

OAuth Single Sign On - SSO (OAuth Client) Standard < 28.4.9 - IdP Deletion via CSRF

The plugin does not have CSRF checks when deleting Identity Providers IdP, which could allow attackers to make logged in admins delete arbitrary IdP via a CSRF attack https://example.com/wp-admin/admin.php?page=mooauthsettings&tab=config&action=delete&app=wordpress...

6.5CVSS6.8AI score0.00442EPSS
Exploits5
wpexploit
wpexploit
•added 2023/02/28 12:0 a.m.•97 views

HT Politic < 2.3.8 - Arbitrary Plugin Activation via CSRF

The plugin does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack activate woocommerce plugin exploit: fetch'http://localhost/wp-admin/admin-ajax.php', method: 'POST', headers: new...

4.3CVSS5.6AI score0.00252EPSS
Exploits2
wpexploit
wpexploit
•added 2023/02/28 12:0 a.m.•134 views

OoohBoi Steroids for Elementor < 2.1.5 - Subscriber+ Attachment Deletion

The plugin has CSRF and broken access control vulnerabilities which leads user with role as low as subscriber to delete attachment. Exploit 1 attachment id delete: fetch'/wp-admin/admin-ajax.php', method: 'POST', headers: new Headers 'Content-Type': 'application/x-www-form-urlencoded', , body:...

6.5CVSS7.2AI score0.01003EPSS
Exploits2
wpexploit
wpexploit
•added 2023/02/28 12:0 a.m.•105 views

QuickSwish < 1.1.0 - Arbitrary Plugin Activation via CSRF

The plugin does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack activate woocommerce plugin exploit: fetch'/wp-admin/admin-ajax.php', method: 'POST', headers: new Headers...

4.3CVSS5.6AI score0.00252EPSS
Exploits2
wpexploit
wpexploit
•added 2023/02/27 12:0 a.m.•394 views

Paid Memberships Pro < 2.9.12 - Subscriber+ SQL Injection

The plugin does not prevent subscribers from rendering shortcodes that concatenate attributes directly into an SQL query. While logged in as a subscriber, send the following request: await fetch'/wp-admin/admin-ajax.php',method:'POST', headers: 'Content-Type':...

8.8CVSS9AI score0.60452EPSS
Exploits2
wpexploit
wpexploit
•added 2023/02/27 12:0 a.m.•101 views

WP Meta SEO < 4.5.3 - Subscriber+ SQLi

The plugin does not properly sanitize and escape inputs into SQL queries, leading to a blind SQL Injection vulnerability that can be exploited by subscriber+ users. Run the following js code in your web console on the dashboard as a subscriber: fetch 'admin-ajax.php', method: 'POST', headers:...

8.8CVSS9.2AI score0.00907EPSS
Exploits2
wpexploit
wpexploit
•added 2023/02/27 12:0 a.m.•151 views

Shortcodes Ultimate < 5.12.8 - Subscriber+ Arbitrary Post Access

The plugin does not ensure that posts to be displayed via some shortcodes are already public and can be accessed by the user making the request, allowing any authenticated users such as subscriber to view draft, private or even password protected posts. It is also possible to leak the password of...

6.5CVSS6.9AI score0.00654EPSS
Exploits2
wpexploit
wpexploit
•added 2023/02/27 12:0 a.m.•135 views

WooCommerce Multiple Customer Addresses & Shipping < 21.7 - Arbitrary Address Creation/Deletion/Access/Update via IDOR

The plugin does not ensure that the address to add/update/retrieve/delete and duplicate belong to the user making the request, or is from a high privilege users, allowing any authenticated users, such as subscriber to add/update/duplicate/delete as well as retrieve addresses of other users. Run t...

8.8CVSS8.5AI score0.01196EPSS
Exploits2
wpexploit
wpexploit
•added 2023/02/27 12:0 a.m.•102 views

WP Meta SEO < 4.5.3 - Subscriber+ Improper Authorization causing Arbitrary Redirect

The plugin does not authorize several ajax actions, allowing low-privilege users to make updates to certain data and leading to an arbitrary redirect vulnerability. Visit, for example, the page ?p=99999. This should create the first auto redirect entry in the wpwpmslinks table with ID 1. Now log ...

6.1CVSS6.4AI score0.00713EPSS
Exploits2
wpexploit
wpexploit
•added 2023/02/27 12:0 a.m.•147 views

Shortcodes Ultimate < 5.12.8 - Subscriber+ User Meta Disclosure

The plugin does not validate the user meta to be retrieved via the user shortcode, allowing any authenticated users such as subscriber to retrieve arbitrary user meta except the userpass, such as the user email and activation key by default. Run one of the below commands in the developer console ...

6.5CVSS7AI score0.00654EPSS
Exploits2
wpexploit
wpexploit
•added 2023/02/27 12:0 a.m.•438 views

Slimstat Analytics < 4.9.3.3 - Subscriber+ SQL Injection

The plugin does not prevent subscribers from rendering shortcodes that concatenates attributes directly into an SQL query. While logged in as a subscriber, send the following request: await fetch'/wp-admin/admin-ajax.php',method:'POST', headers: 'Content-Type':...

8.8CVSS9AI score0.05141EPSS
Exploits3
wpexploit
wpexploit
•added 2023/02/27 12:0 a.m.•150 views

GN Publisher < 1.5.6 - Reflected XSS

The plugin does not sanitise and escape the tab parameter before outputting it back in a page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

6.1CVSS6.3AI score0.0126EPSS
Exploits3
wpexploit
wpexploit
•added 2023/02/23 12:0 a.m.•511 views

ReviewX < 1.6.4 - Subscriber+ SQLi

The plugin does not properly sanitise and escape the filterValue and selectedColumns parameters before using them in SQL statements via the rxexportreview AJAX action available to any authenticated users, leading to a SQL injection exploitable by users with a role as low as subscriber Run the bel...

8.8CVSS9.2AI score0.00872EPSS
Exploits2
wpexploit
wpexploit
•added 2023/02/23 12:0 a.m.•141 views

VK All in One Expansion Unit < 9.87.1.0 - Reflected XSS

The plugin does not escape the $SERVER'REQUESTURI' parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers Make a logged in admin open the below URL using web browser which does not encode characters...

6.1CVSS6.4AI score0.00519EPSS
Exploits2
wpexploit
wpexploit
•added 2023/02/23 12:0 a.m.•363 views

BuddyForms < 2.7.8 - Unauthenticated PHAR Deserialization

The plugin does not validate the url parameter of its uploadimagefromurl AJAX action, which could allow unauthenticated attackers to perform PHAR deserialisation granted they an upload a file to the server and a suitable gadget chain is present as well 1. Create a malicious phar file. 2. Upload t...

9.8CVSS9.3AI score0.03824EPSS
Exploits5
wpexploit
wpexploit
•added 2023/02/22 12:0 a.m.•83 views

GoToWP <= 5.1.1 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. registermeeting type='" onmouseover="alert1...

5.4CVSS5.6AI score0.00444EPSS
Exploits2
wpexploit
wpexploit
•added 2023/02/21 12:0 a.m.•95 views

WP OAuth Server < 4.2.5 - Arbitrary Post Deletion via CSRF

The plugin does not have CSRF check when deleting a client, and does not ensure that the object to be deleted is actually a client, which could allow attackers to make a logged in admin delete arbitrary client and post via a CSRF attack. fetch'/wp-admin/admin-ajax.php', method: 'POST', headers: n...

4.3CVSS5.7AI score0.00252EPSS
Exploits2
wpexploit
wpexploit
•added 2023/02/21 12:0 a.m.•106 views

WP OAuth Server < 4.3.0 - Subscriber+ Arbitrary Client Deletion

The plugin has a flawed CSRF and authorisation check when deleting a client, which could allow any authenticated users, such as subscriber to delete arbitrary client. Run the below command in the developer console of the web browser while being on the blog as any authenticated users, such as...

4.3CVSS5.3AI score0.00262EPSS
Exploits2
wpexploit
wpexploit
•added 2023/02/21 12:0 a.m.•133 views

React Webcam <= 1.2.0 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. reactwebcam dir='" onmouseover="alert1"...

5.4CVSS5.2AI score0.00471EPSS
Exploits2
wpexploit
wpexploit
•added 2023/02/21 12:0 a.m.•142 views

Saan World Clock <= 1.8 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. wclock tz='" onmouseover="alert1"...

5.4CVSS5.2AI score0.00471EPSS
Exploits2
wpexploit
wpexploit
•added 2023/02/21 12:0 a.m.•115 views

GetResponse for WordPress <= 5.5.31 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. grwebform center='on'...

5.4CVSS5.2AI score0.00534EPSS
Exploits2
wpexploit
wpexploit
•added 2023/02/21 12:0 a.m.•123 views

Smart Logo Showcase Lite <= 1.1.9 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. smlsgutenblock heading='XSS' headingtag='h2...

5.4CVSS5.2AI score0.00471EPSS
Exploits2
wpexploit
wpexploit
•added 2023/02/21 12:0 a.m.•90 views

real.Kit < 5.1.1 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. modal open='1' class='" onmouseover="alert1...

5.4CVSS5.2AI score0.00471EPSS
Exploits2
wpexploit
wpexploit
•added 2023/02/21 12:0 a.m.•112 views

Japanized For WooCommerce < 2.5.5 - Reflected XSS

The plugin does not sanitise and escape the tab parameter before outputting it back in a page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin https://example.com/wp-admin/admin.php?page=wc4jp-options&tab=a...

6.1CVSS6.3AI score0.01213EPSS
Exploits3
wpexploit
wpexploit
•added 2023/02/20 12:0 a.m.•88 views

Companion Sitemap Generator <= 4.5.2 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. html-sitemap columns='1"...

5.4CVSS5.6AI score0.00444EPSS
Exploits2
wpexploit
wpexploit
•added 2023/02/20 12:0 a.m.•112 views

Video Background < 2.7.5 - Contributor+ Stored XSS via Shortcode

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks v 2.7.5 vidbg loop="1;alert/XSS-loop/;...

5.4CVSS5.2AI score0.00534EPSS
Exploits2
wpexploit
wpexploit
•added 2023/02/20 12:0 a.m.•377 views

FluentSMTP < 2.2.3 - Stored XSS via Email Logs

The plugin does not sanitize or escape email content, making it vulnerable to stored cross-site scripting attacks XSS when an administrator views the email logs. This exploit requires other plugins to enable users to send emails with unfiltered HTML. XSS Payload : Steps to reproduce: 1. Install...

5.4CVSS5.7AI score0.00507EPSS
Exploits2
wpexploit
wpexploit
•added 2023/02/20 12:0 a.m.•117 views

Juicer < 1.11 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks juicer name='" onmouseover=alert/XSS/...

5.4CVSS5.2AI score0.00471EPSS
Exploits2
wpexploit
wpexploit
•added 2023/02/20 12:0 a.m.•147 views

Namaste! LMS < 2.6 - Admin+ Stored XSS

The plugin does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. One XSS issue was fixed in version 2.5.9.9. The...

4.8CVSS5.2AI score0.00442EPSS
Exploits2
wpexploit
wpexploit
•added 2023/02/20 12:0 a.m.•155 views

10WebMapBuilder < 1.0.73 - Unauthenticated SQLi

The plugin does not properly sanitise and escape some parameters before using them in an SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection Note: /2022/12/29/map/ is page/post where the GoogleMapsWD is embed POST /2022/12/29/map/ HTTP/1.1 Content-Type:...

9.8CVSS9.6AI score0.03911EPSS
Exploits2References1
wpexploit
wpexploit
•added 2023/02/16 12:0 a.m.•414 views

Campaign URL Builder < 1.8.2 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks The shortcode need to be active can be done...

5.4CVSS5.6AI score0.00444EPSS
Exploits2
wpexploit
wpexploit
•added 2023/02/16 12:0 a.m.•486 views

WordPress Infinite Scroll - Ajax Load More < 5.6.0.3 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. Examples a lot of attributes are affected!,...

5.4CVSS5.6AI score0.00478EPSS
Exploits2
wpexploit
wpexploit
•added 2023/02/16 12:0 a.m.•188 views

WoodMart < 7.1.2 - Unauthenticated Arbitrary Shortcode Injection

The theme could allow arbitrary shortcode to be injected when the "Display results from blog" settings is enabled, which could lead to Reflected XSS for example, when using a shortcode vulnerable to XSS When the "Display results from blog" settings is enabled:...

1.1AI score0.00523EPSS
Exploits3References1
wpexploit
wpexploit
•added 2023/02/16 12:0 a.m.•1028 views

Media Library Assistant < 3.06 - Admin+ SQLi

The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin. POST /wp-admin/tools.php?page=insertfixit-tools HTTP/1.1...

7.2CVSS7.9AI score0.00785EPSS
Exploits1References1
wpexploit
wpexploit
•added 2023/02/14 12:0 a.m.•488 views

Ocean Extra < 2.1.3 - Subscriber+ Arbitrary Post Content Disclosure

The plugin does not ensure that the template to be loaded via a shortcode is actually a template, allowing any authenticated users such as subscriber to retrieve the content of arbitrary posts, such as draft, private or even password protected ones. Note: This requires the OceanWP theme to be...

6.5CVSS7AI score0.00654EPSS
Exploits2
wpexploit
wpexploit
•added 2023/02/14 12:0 a.m.•161 views

Popup Builder by OptinMonster < 2.12.2 - Subscriber+ Arbitrary Post Content Disclosure

The plugin does not ensure that the campaign to be loaded via some shortcodes is actually a campaign, allowing any authenticated users such as subscriber to retrieve the content of arbitrary posts, like draft, private or even password protected ones. Run one of the below commands in the developer...

6.5CVSS7.1AI score0.00778EPSS
Exploits2
wpexploit
wpexploit
•added 2023/02/14 12:0 a.m.•134 views

Client Logo Carousel <= 3.0.0 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. Note: 1. First, you need to add a Carousel...

5.4CVSS5.2AI score0.00471EPSS
Exploits2
wpexploit
wpexploit
•added 2023/02/14 12:0 a.m.•111 views

Ocean Extra < 2.1.3 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks Note: This requires the OceanWP theme to be...

0.5AI score
Exploits0
wpexploit
wpexploit
•added 2023/02/13 12:0 a.m.•146 views

UpQode Google Maps <= 1.0.5 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. Exploit: vcugmmap mapheight='100px;...

1AI score0.00534EPSS
Exploits2
wpexploit
wpexploit
•added 2023/02/13 12:0 a.m.•93 views

eVision Responsive Column Layout Shortcodes <= 2.3 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. bscolumns class='" onmouseover="alert1"...

5.4CVSS5.2AI score0.00471EPSS
Exploits2
wpexploit
wpexploit
•added 2023/02/13 12:0 a.m.•161 views

WooCommerce Checkout Field Manager < 18.0 - Unauthenticated Arbitrary File Upload

The plugin does not validate files to be uploaded, which could allow unauthenticated attackers to upload arbitrary files such as PHP on the server 1. Install and activate woocommerce dependency, no setup required 2. Install and active the vulnerable plugin n-media-woocommerce-checkout-fields 17.2...

9.8CVSS9.5AI score0.04427EPSS
Exploits2
wpexploit
wpexploit
•added 2023/02/13 12:0 a.m.•85 views

Product GTIN (EAN, UPC, ISBN) for WooCommerce <= 1.1.1 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. wpmproductgtin id='1' wrapper='div...

5.4CVSS5.2AI score0.00471EPSS
Exploits2
wpexploit
wpexploit
•added 2023/02/13 12:0 a.m.•101 views

Download Attachments <= 1.2.24 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. download-attachments containerclass='"...

5.4CVSS5.2AI score0.00482EPSS
Exploits1
Total number of security vulnerabilities4359