Lucene search
K
WpexploitRecent

4359 matches found

wpexploit
wpexploit
added 2023/01/17 12:0 a.m.444 views

TemplatesNext ToolKit < 3.2.8 - Contributor+ Stored XSS via Shortcode

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. txheading margin='" onmouseover="alert/XSS/...

5.4CVSS5.2AI score0.0054EPSS
Exploits2
wpexploit
wpexploit
added 2023/01/17 12:0 a.m.428 views

YaMaps for WordPress Plugin < 0.6.26 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. yamap height='100px;" onmouseover="alert1"'...

5.4CVSS5.2AI score0.00477EPSS
Exploits2
wpexploit
wpexploit
added 2023/01/17 12:0 a.m.387 views

Simple URLs < 115 - Subscriber+ SQLi

The plugin does not escape some parameters before using them in various SQL statements used by AJAX actions available by any authenticated users, leading to a SQL injection exploitable by low privilege users such as subscriber. Run the below command in the developer console of the web browser whi...

8.8CVSS9.2AI score0.00943EPSS
Exploits2
wpexploit
wpexploit
added 2023/01/17 12:0 a.m.398 views

Responsive Gallery Grid < 2.3.9 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. Note: In ids, please add the image attachme...

5.4CVSS5.2AI score0.00477EPSS
Exploits2
wpexploit
wpexploit
added 2023/01/17 12:0 a.m.378 views

Rich Table of Contents < 1.3.9 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks Note: The shortcode generates the content...

5.4CVSS5.2AI score0.00477EPSS
Exploits2
wpexploit
wpexploit
added 2023/01/17 12:0 a.m.389 views

Widgets on Pages <= 1.7.0 - Contributor+ Stored XSS

The plugin does not validate and escape its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. widgetsonpages tiny="...

6.8CVSS5.2AI score0.00707EPSS
Exploits2
wpexploit
wpexploit
added 2023/01/17 12:0 a.m.156 views

Calculated Fields Form < 1.1.151 - Admin+ Stored Cross-Site Scripting via Dropdown Fields

The plugin does not sanitise and escape some of its form settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup Partial fixes were implemented in versions...

0.8AI score0.00473EPSS
Exploits2
wpexploit
wpexploit
added 2023/01/17 12:0 a.m.377 views

WP Visitor Statistics (Real Time Traffic) < 6.5 - Contributor+ Stored XSS via Shortcode

The plugin does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack. Exploit shortcode: wsmshowDayStatBox id='" onclick="javascript:alert1'...

5.4CVSS5.2AI score0.00477EPSS
Exploits2
wpexploit
wpexploit
added 2023/01/17 12:0 a.m.77 views

uTubeVideo Gallery < 2.0.8 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. utubevideo view='panel' id='"...

5.4CVSS1.4AI score0.00477EPSS
Exploits2
wpexploit
wpexploit
added 2023/01/17 12:0 a.m.710 views

Enable Media Replace < 4.0.2 - Author+ Arbitrary File Upload

The plugin does not prevent authors from uploading arbitrary files to the site, which may allow them to upload PHP shells on affected sites. 1 As an Author, upload a picture via http://vulnerable-site.tld/wp-admin/upload.php 2 Press on the new picture's thumbnail to see the attachment's details 3...

8.8CVSS8.9AI score0.01096EPSS
Exploits2
wpexploit
wpexploit
added 2023/01/16 12:0 a.m.93 views

Restaurant Menu < 2.3.6 - Contributor+ Stored XSS via Shortcode

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks The exploit requires at least a contributor...

5.4CVSS5.2AI score0.00667EPSS
Exploits2
wpexploit
wpexploit
added 2023/01/16 12:0 a.m.137 views

Stream < 3.9.2 - Subscriber+ Alert Creation

The plugin does not prevent users with little privileges on the site like subscribers from using its alert creation functionality, which may enable them to leak sensitive information. Step 1: Log in as a subscriber Step 2: Get a nonce from...

6.5CVSS6.3AI score0.0091EPSS
Exploits2
wpexploit
wpexploit
added 2023/01/16 12:0 a.m.412 views

Contextual Related Posts < 3.3.1 - Contributor+ Stored XSS

The plugin does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks 1. Insert a "Contextual Related Posts" block, and give ...

5.4CVSS5.2AI score0.0054EPSS
Exploits2
wpexploit
wpexploit
added 2023/01/16 12:0 a.m.115 views

PDF Generator for WordPress < 1.1.2 - Reflected XSS

The plugin includes a vendored dompdf example file which is susceptible to Reflected Cross-Site Scripting and could be used against high privilege users such as admin Make a logged in admin open the following URL:...

6.1CVSS5.9AI score0.01193EPSS
Exploits2
wpexploit
wpexploit
added 2023/01/16 12:0 a.m.127 views

Simple Tooltips < 2.1.4 - Contributor+ Stored XSS via Shortcode

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks simpletooltip...

5.4CVSS5.2AI score0.00605EPSS
Exploits2
wpexploit
wpexploit
added 2023/01/13 12:0 a.m.204 views

MonsterInsights < 8.12.1 - Contributor+ Stored XSS

The plugin does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. As a contributor, add an "Inline Popular Posts" to a...

5.4CVSS0.8AI score0.00589EPSS
Exploits2
wpexploit
wpexploit
added 2023/01/13 12:0 a.m.140 views

SiteGround Security < 1.3.1 - Admin+ SQLi

The plugin does not properly sanitize user input before using it in an SQL query, leading to an authenticated SQL injection issue. 1: POST /wordpress/index.php/wp-json/sg-security/v1/activity-registered HTTP/1.1 Host: YOUR HOST X-WP-Nonce: YOUR NONCE Cookie: Admin+ Content-Length: 155...

8.8CVSS0.6AI score0.17992EPSS
Exploits2References2
wpexploit
wpexploit
added 2023/01/13 12:0 a.m.169 views

ExactMetrics < 7.12.1 - Contributor+ Stored XSS

The plugin does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. As a contributor, add a "Popular Posts" block and put...

5.4CVSS0.9AI score0.00573EPSS
Exploits2
wpexploit
wpexploit
added 2023/01/13 12:0 a.m.104 views

Happyforms < 1.22.0 - Contributor+ Stored XSS

The plugin does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. Exploit Additional CSS classes for "Forms" Gutenberg...

5.4CVSS0.3AI score0.00496EPSS
Exploits2
wpexploit
wpexploit
added 2023/01/13 12:0 a.m.90 views

Materialis Companion < 1.3.40 - Contributor+ Stored XSS via Shortcode

The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. Required them...

5.4CVSS1.5AI score0.00605EPSS
Exploits2
wpexploit
wpexploit
added 2023/01/12 12:0 a.m.422 views

Quick Event Manager < 9.7.5 - Reflected Cross-Site

The plugin does not sanitise and escape the category parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin https://example.com/wp-admin/admin-ajax.php?action=qemajaxcalendar&category=alert1...

6.1CVSS0.7AI score0.01179EPSS
Exploits2References1
wpexploit
wpexploit
added 2023/01/12 12:0 a.m.520 views

Paid Membership Pro < 2.9.8 - Unauthenticated SQLi

The plugin does not properly sanitise and escape the code parameter before using it in a SQL statement via the /pmpro/v1/order REST route, leading to a SQL injection exploitable by unauthenticated users curl...

9.8CVSS1.5AI score0.9246EPSS
Exploits6References1
wpexploit
wpexploit
added 2023/01/12 12:0 a.m.88 views

Annual Archive < 1.6.0 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. archives tag='ul onmouseover="alert1"'...

5.4CVSS2.1AI score0.00573EPSS
Exploits2
wpexploit
wpexploit
added 2023/01/12 12:0 a.m.126 views

Leaflet Maps Marker (Google Maps, OpenStreetMap, Bing Maps) < 3.12.7 - Contributor+ Stored XSS via Shortcode

The plugin does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack. mapsmarker lot='1' lat='1' mapwidth='" onmouseover="alert1"'...

5.4CVSS2.4AI score0.00562EPSS
Exploits2
wpexploit
wpexploit
added 2023/01/12 12:0 a.m.128 views

Html5 Audio Player < 2.1.12 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. h5apinlineplayer src="invalid'...

5.4CVSS2.3AI score0.00573EPSS
Exploits2
wpexploit
wpexploit
added 2023/01/12 12:0 a.m.554 views

Easy Digital Downloads 3.1.0.2 & 3.1.0.3 - Unauthenticated SQLi

The plugin does not properly sanitise and escape the s parameter before using it in a SQL statement via the edddownloadsearch AJAX action , leading to a SQL injection exploitable by unauthenticated users curl...

9.8CVSS2.5AI score0.11172EPSS
Exploits2References1
wpexploit
wpexploit
added 2023/01/12 12:0 a.m.176 views

jQuery T(-) Countdown Widget < 2.3.24 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. tminus t='2100-01-01' width='"...

5.4CVSS2AI score0.00562EPSS
Exploits2
wpexploit
wpexploit
added 2023/01/12 12:0 a.m.373 views

Login with Phone Number < 1.4.2 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape the ID parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin https://example.com/wp-admin/admin-ajax.php?action=lwpforgotpassword&ID=...

8.8CVSS1.2AI score0.57397EPSS
Exploits2References1
wpexploit
wpexploit
added 2023/01/12 12:0 a.m.91 views

Giveaways and Contests by RafflePress < 1.11.3 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. rafflepress id='1' minheight="'; alert1; '"...

5.4CVSS1.9AI score0.00573EPSS
Exploits2
wpexploit
wpexploit
added 2023/01/12 12:0 a.m.95 views

WP Blog and Widget < 2.3.1 - Contributor+ Stored XSS via Shortcode

The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. Note: First,...

5.4CVSS0.8AI score0.00649EPSS
Exploits2
wpexploit
wpexploit
added 2023/01/12 12:0 a.m.115 views

Tutor LMS < 2.0.10 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape the resetkey and userid parameters before outputting then back in attributes, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

6.1CVSS1.3AI score0.01347EPSS
Exploits2
wpexploit
wpexploit
added 2023/01/11 12:0 a.m.125 views

Send PDF for Contact Form 7 < 0.9.9.2 - Contributor+ Stored XSS via Shortcode

The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. Exploit...

5.4CVSS0.3AI score0.00562EPSS
Exploits2
wpexploit
wpexploit
added 2023/01/11 12:0 a.m.105 views

GamiPress – Vimeo integration < 1.0.9 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. gamipressvimeo url='https://vimeo.com/"...

5.4CVSS0.9AI score0.00695EPSS
Exploits2
wpexploit
wpexploit
added 2023/01/11 12:0 a.m.133 views

Gallery Factory Lite <= 2.0.0 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. Note: First, you need to add an Album...

5.4CVSS1.6AI score0.00695EPSS
Exploits2
wpexploit
wpexploit
added 2023/01/11 12:0 a.m.185 views

Hide My WP < 6.2.9 - Unauthenticated SQLi

The plugin does not properly sanitize and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection. curl -k --location --request GET "http://localhost:10008" --header "X-Forwarded-For:...

9.8CVSS1.2AI score0.03824EPSS
Exploits5
wpexploit
wpexploit
added 2023/01/11 12:0 a.m.127 views

WC Vendors Marketplace < 2.4.5 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. wcvrecentproducts columns='1"...

5.4CVSS2.6AI score0.00685EPSS
Exploits2
wpexploit
wpexploit
added 2023/01/11 12:0 a.m.165 views

ResponsiveVoice Text To Speech < 1.7.7 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. responsivevoicebutton voice='"; alert1; "'...

5.4CVSS1.3AI score0.00623EPSS
Exploits2
wpexploit
wpexploit
added 2023/01/11 12:0 a.m.104 views

Vimeo Video Autoplay Automute <= 1.0 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. vimeo clipid="1" color="'...

5.4CVSS2.6AI score0.0055EPSS
Exploits2
wpexploit
wpexploit
added 2023/01/11 12:0 a.m.109 views

WP Show Posts < 1.1.4 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. 1. Add a new...

5.4CVSS0.2AI score0.00695EPSS
Exploits2
wpexploit
wpexploit
added 2023/01/11 12:0 a.m.111 views

Flexible Captcha <= 4.1 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks FCcaptchafields width='" onmouseover="alert1...

5.4CVSS1.6AI score0.00613EPSS
Exploits2
wpexploit
wpexploit
added 2023/01/11 12:0 a.m.174 views

Breadcrumb < 1.5.33 - Contributor+ Stored XSS via Shortcode

The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. Exploit...

5.4CVSS1.2AI score0.00588EPSS
Exploits2
wpexploit
wpexploit
added 2023/01/11 12:0 a.m.110 views

Naver Map <= 1.1.0 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. naver-map y='" onmouseover="alert1"...

5.4CVSS1.5AI score0.0051EPSS
Exploits2
wpexploit
wpexploit
added 2023/01/11 12:0 a.m.115 views

Cloak Front End Email < 1.9.2 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks email name='" onmouseover="alert1"...

5.4CVSS0.5AI score0.00649EPSS
Exploits2
wpexploit
wpexploit
added 2023/01/11 12:0 a.m.87 views

WordPrezi < 0.9 - Contributor+ Strored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks prezi url="https://prezi.com/'...

5.4CVSS5.2AI score0.00695EPSS
Exploits2
wpexploit
wpexploit
added 2023/01/11 12:0 a.m.151 views

WOOF - Products Filter for WooCommerce < 1.3.2 - Admin+ PHP Object Injection

The plugin unserializes user input provided via the settings, which could allow high privilege users such as admin to perform PHP Object Injection when a suitable gadget is present. 1. To simulate a gadget chain, put the following code in a plugin: class Evil public function wakeup : void...

7.2CVSS0.6AI score0.01313EPSS
Exploits2
wpexploit
wpexploit
added 2023/01/11 12:0 a.m.93 views

EAN for WooCommerce < 4.4.3 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. algwceanproductimage productid='1'...

5.4CVSS1AI score0.00573EPSS
Exploits2
wpexploit
wpexploit
added 2023/01/10 12:0 a.m.147 views

Post Category Image With Grid and Slider < 1.4.8 - Contributor+ Stored XSS via Shortcode

The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. Exploit...

5.4CVSS1.5AI score0.00685EPSS
Exploits2
wpexploit
wpexploit
added 2023/01/10 12:0 a.m.108 views

Strong Testimonials < 3.0.3 - Contributor+ Stored XSS via Shortcode

The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. Exploit:...

5.4CVSS2.2AI score0.00649EPSS
Exploits2
wpexploit
wpexploit
added 2023/01/10 12:0 a.m.96 views

Page View Count < 2.6.1 - Contributor+ Stored XSS

The plugin does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. Exploit Additional CSS classes for "Page Views"...

5.4CVSS0.2AI score0.00573EPSS
Exploits2
wpexploit
wpexploit
added 2023/01/10 12:0 a.m.172 views

Event Manager and Tickets Selling Plugin for WooCommerce < 3.8.0 - Contributor+ Stored XSS

The plugin does not validate and escape some of its post meta before outputting them back in a page/post, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. 1. Add an event in the plugin with a city meta as: " onmouseover="alert1" 2. On a n...

5.4CVSS0.3AI score0.00477EPSS
Exploits2
Total number of security vulnerabilities4359