Lucene search
K
WpexploitRecent

4359 matches found

wpexploit
wpexploit
added 2023/01/25 12:0 a.m.374 views

Opening Hours <= 2.3.0 - Contributor+ Stored XSS via Shortcode

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks Note: A Set needs to be present op-is-open...

5.4CVSS5.2AI score0.00471EPSS
Exploits2
wpexploit
wpexploit
added 2023/01/25 12:0 a.m.434 views

Loan Comparison < 1.5.3 - Contributor+ Stored XSS via shortcode

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks loancomparison slider='" onmouseover="alert1...

5.4CVSS5.2AI score0.00534EPSS
Exploits2
wpexploit
wpexploit
added 2023/01/25 12:0 a.m.431 views

Login Logout Menu <= 1.3.3 - Contributor+ Stored XSS in Shortcode

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks login edittag=' onmouseover="alert1"'...

5.4CVSS5.2AI score0.00471EPSS
Exploits2
wpexploit
wpexploit
added 2023/01/25 12:0 a.m.399 views

Easy Social Box < 4.1.3 - Contributor+ Stored XSS via Shortcode

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks easy-fb-like-box locale='"; alert1; var xss=...

5.4CVSS5.2AI score0.00471EPSS
Exploits2
wpexploit
wpexploit
added 2023/01/25 12:0 a.m.525 views

Simple File Downloader <= 1.0.4 - Contributor+ Stored XSS via Shortcode

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks As a Contributor+ create a new post and add...

6.8CVSS5.2AI score0.00627EPSS
Exploits2
wpexploit
wpexploit
added 2023/01/24 12:0 a.m.407 views

Page Builder: Live Composer < 1.5.23 - Contributor+ Stored XSS via Shortcode

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. dslcnotification color='red"...

5.4CVSS5.2AI score0.00393EPSS
Exploits1
wpexploit
wpexploit
added 2023/01/24 12:0 a.m.416 views

Markup <= 4.8.1 - Contributor+ Stored XSS via Shortcode

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. wp-structuring-markup-breadcrumb class='"...

5.4CVSS5.2AI score0.00471EPSS
Exploits2
wpexploit
wpexploit
added 2023/01/24 12:0 a.m.413 views

LearnPress Plugin < 4.2.0 - Subscriber+ SQLi

The plugin does not validate and escape some of its shortcode attributes before using them in SQL statement/s, which could allow any authenticated users, such as subscriber to perform SQL Injection attacks Note: The original advisory mentioned that the issue is only exploitable by contributors, b...

9.1CVSS9.1AI score0.01005EPSS
Exploits2
wpexploit
wpexploit
added 2023/01/24 12:0 a.m.396 views

Watu Quiz < 3.3.8.2 - Reflected XSS

The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. Make a logged in admin open the following URL:...

7.5CVSS5.8AI score0.00632EPSS
Exploits2
wpexploit
wpexploit
added 2023/01/24 12:0 a.m.434 views

WP Font Awesome < 1.7.9 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embedded, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. wpfa color='red" onmouseover="alert1"'...

5.4CVSS5.2AI score0.00471EPSS
Exploits2
wpexploit
wpexploit
added 2023/01/24 12:0 a.m.349 views

Easy Affiliate Links < 3.7.1 - Contributor+ Stored XSS

The plugin does not validate and escape some of its block options before outputting them back in a page/post where the block is embedded, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. Exploit Additional CSS classes for "Easy Affiliate...

6.8CVSS5.2AI score0.00699EPSS
Exploits2
wpexploit
wpexploit
added 2023/01/24 12:0 a.m.408 views

Intuitive Custom Post Order < 3.1.4 - Arbitrary Menu Order Update via CSRF

The plugin lacks CSRF protection in its update-menu-order ajax action, allowing an attacker to trick any user to change the menu order via a CSRF attack...

4.3CVSS5.1AI score0.00267EPSS
Exploits2
wpexploit
wpexploit
added 2023/01/24 12:0 a.m.418 views

Watu Quiz < 3.3.8.3 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. Put the following payload in one of the 'Words us...

4.8CVSS4.9AI score0.0047EPSS
Exploits2
wpexploit
wpexploit
added 2023/01/24 12:0 a.m.408 views

Spectra < 1.15.0 - Contributor+ Stored Cross-Side Scripting

The plugin does not sanitize user input as it reaches its style HTML attribute, allowing contributors to conduct stored XSS attacks via the plugin's Gutenberg blocks. Note: The exploit requires the Contact Form 7 plugin. Exploit Additional CSS classes for “Contact Form 7 Styler” Gutenberg block: ...

5.4CVSS5.3AI score0.00507EPSS
Exploits2
wpexploit
wpexploit
added 2023/01/24 12:0 a.m.367 views

Timed Content < 2.73 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. timed-content-client hide="10:00:'...

5.4CVSS5.2AI score0.00471EPSS
Exploits2
wpexploit
wpexploit
added 2023/01/24 12:0 a.m.390 views

Product Slider and Carousel with Category for WooCommerce < 2.8 - Contributor+ Stored XSS via Shortcode

The plugin does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack. wcpscwcpdtslider design='" onmouseover="alert1"'...

5.4CVSS5.2AI score0.00471EPSS
Exploits2
wpexploit
wpexploit
added 2023/01/24 12:0 a.m.458 views

Intuitive Custom Post Order < 3.1.4 - Subscriber+ Arbitrary Menu Order Update

The plugin does not check for authorization in the update-menu-order ajax action, allowing any logged in user with roles as low as Subscriber to update the menu order Open the below HTML while being logged in as a subscriber...

4.3CVSS5.2AI score0.00486EPSS
Exploits2
wpexploit
wpexploit
added 2023/01/24 12:0 a.m.413 views

Shortcode for Font Awesome < 1.4.1 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embedded, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. fa set='" onmouseover="alert1"...

5.4CVSS5.2AI score0.00534EPSS
Exploits2
wpexploit
wpexploit
added 2023/01/23 12:0 a.m.361 views

Social Like Box and Page by WpDevArt < 0.8.41 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. wpdevartlikebox height='"...

5.4CVSS5.2AI score0.00477EPSS
Exploits2
wpexploit
wpexploit
added 2023/01/23 12:0 a.m.419 views

Spotlight Social Feeds < 1.4.3 - Contributor+ Stored XSS

The plugin does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks Exploit Additional CSS classes for "Spotlight Instagram...

5.4CVSS5.2AI score0.00526EPSS
Exploits2
wpexploit
wpexploit
added 2023/01/23 12:0 a.m.520 views

Pinpoint Booking System < 2.9.9.2.9 - Subscriber+ SQLi

The plugin does not validate and escape one of its shortcode attributes before using it in a SQL statement, which could allow any authenticated users, such as subscriber to perform SQL Injection attacks. Note: A Calendar is needed if there is not one already. Run the below command in the develope...

8.8CVSS9.1AI score0.00937EPSS
Exploits2
wpexploit
wpexploit
added 2023/01/23 12:0 a.m.494 views

WP Airbnb Review Slider < 3.3 - Subscriber+ SQLi

The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as subscriber. Run the following code in the browser console on any WP Admin page. fetch'/wp-admin/admin-ajax.php', method: 'POST',...

8.8CVSS9.2AI score0.00925EPSS
Exploits2
wpexploit
wpexploit
added 2023/01/23 12:0 a.m.400 views

Zoho Forms < 3.0.1 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. As a contributor, put the following in a bl...

5.4CVSS5.2AI score0.01648EPSS
Exploits2
wpexploit
wpexploit
added 2023/01/23 12:0 a.m.366 views

PickPlugins Product Slider for WooCommerce < 1.13.42 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. wcps id='" onmouseover="alert/XSS/"'...

5.4CVSS5.2AI score0.00477EPSS
Exploits2
wpexploit
wpexploit
added 2023/01/23 12:0 a.m.541 views

WP Review Slider < 12.2 - Subscriber+ SQLi

The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as subscriber. Run the following code in the browser console on any WP Admin page. fetch'/wp-admin/admin-ajax.php', method: 'POST',...

8.8CVSS9.2AI score0.00919EPSS
Exploits2
wpexploit
wpexploit
added 2023/01/23 12:0 a.m.576 views

WP Google Review Slider < 11.8 - Subscriber+ SQLi

The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as subscriber. Run the following code in the browser console on any WP Admin page. fetch'/wp-admin/admin-ajax.php', method: 'POST',...

8.8CVSS9.2AI score0.00919EPSS
Exploits2
wpexploit
wpexploit
added 2023/01/23 12:0 a.m.746 views

WP TripAdvisor Review Slider < 10.8 - Subscriber+ SQLi

The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as subscriber. Run the following code in the browser console on any WP Admin page. fetch'/wp-admin/admin-ajax.php', method: 'POST',...

8.8CVSS9.2AI score0.04356EPSS
Exploits2
wpexploit
wpexploit
added 2023/01/23 12:0 a.m.439 views

WP Helper Lite < 4.3 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape all GET parameters before outputting them back in an AJAX response, leading to a Reflected Cross-Site Scripting https://example.com/wp-admin/admin-ajax.php?action=surveySubmit&a="...

6.1CVSS6.2AI score0.44513EPSS
Exploits2References1
wpexploit
wpexploit
added 2023/01/23 12:0 a.m.438 views

Lightweight Accordion < 1.5.15 - Contributor+ Stored XSS

The plugin does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks Exploit Additional CSS classes for "Lightweight...

5.4CVSS5.2AI score0.00562EPSS
Exploits2
wpexploit
wpexploit
added 2023/01/20 12:0 a.m.466 views

Amazon JS <= 0.10 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. amazonjs asin='XSS' imgsize='"...

6.8CVSS5.2AI score0.00635EPSS
Exploits2
wpexploit
wpexploit
added 2023/01/20 12:0 a.m.405 views

FL3R FeelBox <= 8.1 - Unauthenticated SQLi

The plugin does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection. 1. Visit a blog post and extract the nonce from the source search for "feelboxAjax", and extract the "token" curl -s...

9.8CVSS9.6AI score0.0105EPSS
Exploits2
wpexploit
wpexploit
added 2023/01/19 12:0 a.m.399 views

Easy PayPal Buy Now Button < 1.7.4 - Contributor+ Stored XSS in Shortcode

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks wpecpp name="' accesskey='X' onclick='alert1...

5.4CVSS5.2AI score0.00477EPSS
Exploits2
wpexploit
wpexploit
added 2023/01/19 12:0 a.m.511 views

Amr Shortcode Any Widget <= 4.0 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. 1. Insert a...

5.4CVSS5.1AI score0.00477EPSS
Exploits2
wpexploit
wpexploit
added 2023/01/19 12:0 a.m.532 views

Mapwiz <= 1.0.1 - Admin+ SQLi

The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin. POST /wp-admin/admin.php?page=myplug/muyplg.php&mid HTTP/1.1...

7.2CVSS7.6AI score0.00957EPSS
Exploits2References1
wpexploit
wpexploit
added 2023/01/19 12:0 a.m.698 views

GiveWP < 2.24.1 - Unauthenticated SQLi

The plugin does not properly escape user input before it reaches SQL queries, which could let unauthenticated attackers perform SQL Injection attacks 1 Create a post/page that contains the "Donor Wall" block. 2 Using the default donation form, send a test donation 3 In a terminal, edit and run th...

1.2AI score0.03742EPSS
Exploits2References1
wpexploit
wpexploit
added 2023/01/19 12:0 a.m.390 views

GiveWP < 2.24.0 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks givemultiformgoal image='"...

5.4CVSS5.2AI score0.00555EPSS
Exploits2
wpexploit
wpexploit
added 2023/01/19 12:0 a.m.479 views

YARPP - Yet Another Related Posts Plugin < 5.30.3 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks v 5.30.3 yarpp template="'...

6.8CVSS5.2AI score0.00707EPSS
Exploits2
wpexploit
wpexploit
added 2023/01/19 12:0 a.m.514 views

GPT3 AI Content Writer < 1.4.38 - Subscriber+ Arbitrary Post Content Update

The plugin does not perform any kind of nonce or privilege checks before letting logged-in users modify arbitrary posts. fetch'http://localhost/wp-admin/admin-ajax.php', method: 'POST', headers: new Headers 'Content-Type': 'application/x-www-form-urlencoded', , body:...

5.4CVSS5.5AI score0.00512EPSS
Exploits2
wpexploit
wpexploit
added 2023/01/19 12:0 a.m.431 views

Themify Portfolio Post < 1.2.2 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. themifyportfolioposts imageh='100"...

5.4CVSS5.2AI score0.00526EPSS
Exploits2
wpexploit
wpexploit
added 2023/01/18 12:0 a.m.403 views

Better Font Awesome < 2.0.4 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. icon name='flag' class='4x border' title='"...

6.8CVSS5.2AI score0.00762EPSS
Exploits2
wpexploit
wpexploit
added 2023/01/18 12:0 a.m.410 views

TemplatesNext ToolKit < 3.2.9 - Contributor+ Stored XSS

The plugin does not validate some of its shortcode attributes before using them to generate an HTML tag, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks txheading tag='script' headingtext='alert/XSS/'...

5.4CVSS1.5AI score0.0049EPSS
Exploits2
wpexploit
wpexploit
added 2023/01/18 12:0 a.m.415 views

GigPress < 2.3.28 - Contributor+ Stored XSS via Shortcode

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks Note: A Show needs to exist for the issue to...

6.8CVSS5.2AI score0.00707EPSS
Exploits2
wpexploit
wpexploit
added 2023/01/18 12:0 a.m.458 views

Location Weather < 1.3.4 - Contributor+ Stored XSS

The plugin does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. Exploit Additional CSS classes for "Location Weather"...

5.4CVSS5.2AI score0.0054EPSS
Exploits2
wpexploit
wpexploit
added 2023/01/18 12:0 a.m.456 views

Lightbox Gallery < 0.9.5 - Contributor+ Stored XSS via Shortcode

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks gallery ids='88' class='"...

6.8CVSS5.2AI score0.00707EPSS
Exploits2
wpexploit
wpexploit
added 2023/01/17 12:0 a.m.358 views

Simple URLs < 115 - Multiple Reflected XSS

The plugin does not sanitise and escape some parameters before outputting them back in some pages, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin. https://example.com/wp-content/plugins/simple-urls/admin/assets/js/import-js.php?search=...

6.1CVSS5.8AI score0.01726EPSS
Exploits6
wpexploit
wpexploit
added 2023/01/17 12:0 a.m.413 views

Judge.me Product Reviews for WooCommerce < 1.3.21 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. Note: First, you need to set Judge.me shop...

6.8CVSS5.2AI score0.00635EPSS
Exploits2
wpexploit
wpexploit
added 2023/01/17 12:0 a.m.378 views

Meks Flexible Shortcodes < 1.3.5 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. Exploit:...

5.4CVSS5.1AI score0.0054EPSS
Exploits2
wpexploit
wpexploit
added 2023/01/17 12:0 a.m.469 views

Widget Shortcode <= 0.3.5 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. Exploit...

5.4CVSS5.1AI score0.0054EPSS
Exploits2
wpexploit
wpexploit
added 2023/01/17 12:0 a.m.624 views

WP FullCalendar < 1.5 - Unauthenticated Arbitrary Post Access

The plugin does not ensure that the post retrieved via an AJAX action is public and can be accessed by the user making the request, allowing unauthenticated attackers to get the content of arbitrary posts, including draft/private as well as password-protected ones. Open the below URL as an...

5.3CVSS1.7AI score0.00694EPSS
Exploits2
wpexploit
wpexploit
added 2023/01/17 12:0 a.m.411 views

Easy Accept Payments for PayPal < 4.9.10 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. wppaypalpaymentboxforanyamount...

5.4CVSS5.2AI score0.0054EPSS
Exploits2
Total number of security vulnerabilities4359