Lucene search
K
WpexploitRecent

4359 matches found

wpexploit
wpexploit
added 2022/12/23 12:0 a.m.73 views

Show All Comments < 7.0.1 - Reflected XSS

The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against a logged in high privilege users such as admin. Visit the following URL authenticated or not to trigger an alert box:...

6.1CVSS0.2AI score0.00897EPSS
Exploits2
wpexploit
wpexploit
added 2022/12/23 12:0 a.m.171 views

ConvertKit < 2.0.5 - Contributor+ Stored XSS

The plugin does not validate and escapes some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as a contributor to perform Stored Cross-Site Scripting attacks, which could be used against high-privilege users such as admins. Exploit:...

5.4CVSS0.2AI score0.00534EPSS
Exploits2
wpexploit
wpexploit
added 2022/12/23 12:0 a.m.114 views

MashShare < 3.8.7 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. Exploit:...

5.4CVSS1AI score0.00534EPSS
Exploits2
wpexploit
wpexploit
added 2022/12/22 12:0 a.m.169 views

Anti-Malware Security and Brute-Force Firewall < 4.21.86 - Admin+ PHP Object Injection

The plugin unserializes user input provided via the settings, which could allow high privilege users such as admin to perform PHP Object Injection when a suitable gadget is present. 1. To simulate a gadget chain, put the following code in a plugin: class Evil public function wakeup : void...

0.6AI score
Exploits1
wpexploit
wpexploit
added 2022/12/22 12:0 a.m.116 views

3D FlipBook < 1.13.3 - Contributor+ Stored XSS

The plugin does not validate or escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks against high privilege users like administrators. 1. As an administrator, creat...

6.1CVSS0.6AI score0.00534EPSS
Exploits2
wpexploit
wpexploit
added 2022/12/22 12:0 a.m.79 views

Real Testimonials < 2.6.0 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. Exploit...

5.4CVSS1.1AI score0.00471EPSS
Exploits2
wpexploit
wpexploit
added 2022/12/22 12:0 a.m.108 views

Font Awesome < 4.3.2 - Contributor+ Stored XSS

The plugin does not validate and escapes some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as a contributor to perform Stored Cross-Site Scripting attacks against logged-in admins. Exploit shortcode: icon name='circle-exclamation'...

5.4CVSS1.2AI score0.00471EPSS
Exploits2
wpexploit
wpexploit
added 2022/12/22 12:0 a.m.83 views

Carousel, Slider, Gallery by WP Carousel < 2.5.3 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. Exploit...

5.4CVSS0.3AI score0.00471EPSS
Exploits2
wpexploit
wpexploit
added 2022/12/21 12:0 a.m.182 views

Sidebar Widgets by CodeLights <= 1.4 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks Insert the following shortcode in a post:...

5.4CVSS5.2AI score0.00471EPSS
Exploits2
wpexploit
wpexploit
added 2022/12/21 12:0 a.m.107 views

JetWidgets For Elementor < 1.0.14 - Contributor+ Stored XSS via Shortcode

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks jw-posts showimage='yes'...

5.4CVSS1.5AI score0.00477EPSS
Exploits2
wpexploit
wpexploit
added 2022/12/21 12:0 a.m.99 views

Click to Chat < 3.18.1 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. Exploit...

5.4CVSS0.7AI score0.00534EPSS
Exploits2
wpexploit
wpexploit
added 2022/12/21 12:0 a.m.134 views

Page Scroll To ID < 1.7.6 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. Put the...

5.4CVSS0.5AI score0.00471EPSS
Exploits2
wpexploit
wpexploit
added 2022/12/21 12:0 a.m.371 views

Woo Products Widgets For Elementor < 1.0.8 - Contributor+ Stored XSS via Shortcode

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks 1. Install WooCommerce and add a product. 2...

5.4CVSS0.7AI score0.00471EPSS
Exploits2
wpexploit
wpexploit
added 2022/12/21 12:0 a.m.95 views

Seriously Simple Podcasting < 2.19.1 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. 1. Create a...

5.4CVSS0.4AI score0.00534EPSS
Exploits2
wpexploit
wpexploit
added 2022/12/21 12:0 a.m.146 views

Fontsy <= 1.8.6 - Multiple Unauthenticated SQLi

The plugin does not properly sanitize and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection. curl -i 'http://example.com/wp-admin/admin-ajax.php?action=getfonts' \ --data 'id=1 AND SELECT 1 FROM SELECTSLEEP5hewu...

9.8CVSS1.1AI score0.04795EPSS
Exploits2
wpexploit
wpexploit
added 2022/12/21 12:0 a.m.143 views

WP Attachments < 5.0.6 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. Put the following payload in the "List Head" or...

4.8CVSS4.7AI score0.0047EPSS
Exploits2
wpexploit
wpexploit
added 2022/12/21 12:0 a.m.95 views

Images Optimize and Upload CF7 <= 2.1.4 - Unauthenticated Arbitrary File Deletion

The plugin does not validate the file to be deleted via an AJAX action available to unauthenticated users, which could allow them to delete arbitrary files on the server via path traversal attack. 1. Install contact-form-7 dependency 2. Install the vulnerable plugin images-optimize-and-upload-cf7...

9.1CVSS1AI score0.29369EPSS
Exploits2
wpexploit
wpexploit
added 2022/12/21 12:0 a.m.93 views

Simple Membership < 4.2.2 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admin. 1. Exploit...

5.4CVSS0.3AI score0.00534EPSS
Exploits2
wpexploit
wpexploit
added 2022/12/21 12:0 a.m.113 views

WCK < 2.3.3 - Admin+ Stored XSS

The plugin does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example, in multisite setup. 1. Create/edit a Post Type via the plugin...

4.8CVSS4.8AI score0.0047EPSS
Exploits2
wpexploit
wpexploit
added 2022/12/20 12:0 a.m.108 views

Metricool < 1.18 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. 1. In the settings page of the plugin, add the...

4.8CVSS0.2AI score0.0047EPSS
Exploits2
wpexploit
wpexploit
added 2022/12/20 12:0 a.m.196 views

WOOCS < 1.3.9.4 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins...

5.4CVSS1.5AI score0.00503EPSS
Exploits3
wpexploit
wpexploit
added 2022/12/20 12:0 a.m.176 views

Mesmerize Companion < 1.6.135 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. Required them...

5.4CVSS0.2AI score0.00575EPSS
Exploits2
wpexploit
wpexploit
added 2022/12/20 12:0 a.m.123 views

Ibtana – WordPress Website Builder < 1.1.8.8 - Contributor+ Stored XSS via Shortcode

The plugin does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack Exploit shortcode: ive t='2100-01-01' id='" onmouseover="alert1" style="background:red;"'...

5.4CVSS2AI score0.00555EPSS
Exploits2
wpexploit
wpexploit
added 2022/12/20 12:0 a.m.121 views

Download Manager < 3.2.62 - Contributor+ Stored XSS

The plugin does not validate and escapes some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as a contributor to perform Stored Cross-Site Scripting attacks against logged-in admins. 1. “Enable modal login form” option in the...

5.4CVSS0.2AI score0.00575EPSS
Exploits2
wpexploit
wpexploit
added 2022/12/20 12:0 a.m.101 views

WordPress Events Calendar Plugin < 1.4.5 - Multiple Reflected XSS

The plugin does not sanitize and escapes a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against both unauthenticated and authenticated users such as high-privilege ones like admin. 1. Create a new calendar in the plugin's setting...

6.1CVSS6.1AI score0.00891EPSS
Exploits2
wpexploit
wpexploit
added 2022/12/20 12:0 a.m.89 views

WOOCS < 1.3.9.3 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins...

5.4CVSS1.5AI score0.00503EPSS
Exploits3
wpexploit
wpexploit
added 2022/12/19 12:0 a.m.118 views

WP Recipe Maker < 8.6.1 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admin. Exploit...

5.4CVSS1.1AI score0.00534EPSS
Exploits2
wpexploit
wpexploit
added 2022/12/19 12:0 a.m.108 views

Mautic Integration For WooCommerce < 1.0.3 - Arbitrary Options Update via CSRF

The plugin does not have proper CSRF check when updating settings, and does not ensure that the options to be updated belong to the plugin, allowing attackers to make a logged in admin change arbitrary blog options via a CSRF attack. The attack could also be performed via a LFI if one is present ...

4.3CVSS0.5AI score0.00308EPSS
Exploits2
wpexploit
wpexploit
added 2022/12/19 12:0 a.m.378 views

Slimstat Analytics < 4.9.3 - Unauthenticated Stored XSS

The plugin does not sanitise and escape the URI when logging requests, which could allow unauthenticated attackers to perform Stored Cross-Site Scripting attacks against logged in admin viewing the logs As an unauthenticated user, open the following URL https://example.com/?s="alert/XSS/ The XSS...

6.1CVSS0.1AI score0.00642EPSS
Exploits2
wpexploit
wpexploit
added 2022/12/19 12:0 a.m.152 views

Table of Contents Plus < 2212 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. toc...

5.4CVSS0.4AI score0.00575EPSS
Exploits2
wpexploit
wpexploit
added 2022/12/19 12:0 a.m.95 views

Jetpack CRM < 5.5 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins As a...

5.4CVSS0.5AI score0.00534EPSS
Exploits2
wpexploit
wpexploit
added 2022/12/17 12:0 a.m.116 views

Multi Step Form < 1.7.8 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its form fields, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. 1. Create/edit a Form via the plugin. 2. Put t...

4.8CVSS4.7AI score0.0047EPSS
Exploits2
wpexploit
wpexploit
added 2022/12/17 12:0 a.m.107 views

Bg Bible References <= 3.8.14 - Reflected XSS

The plugin does not sanitize and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting. Steps to reproduce: 1. Install the vulnerable plugin bg-biblie-references 3.18.4 2. As an unauthenticated or authenticated user, visit the following URL which...

6.1CVSS0.00551EPSS
Exploits2
wpexploit
wpexploit
added 2022/12/16 12:0 a.m.94 views

ActiveCampaign for WooCommerce < 1.9.8 - Subscriber+ Error Log Cleanup

The plugin does not have authorisation check when cleaning up its error logs via an AJAX action, which could allow any authenticated users, such as subscriber to call it and remove error logs. Run the below command in the developer console of the web browser while being on the blog as a subscribe...

4.3CVSS1.5AI score0.00483EPSS
Exploits2
wpexploit
wpexploit
added 2022/12/16 12:0 a.m.139 views

iPanorama 360 WordPress Virtual Tour Builder < 1.6.30 - Contributor+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow users such as contributor+ to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. 1. Create a new panorama item with whatever role, even if it's an Administrator. 2...

5.4CVSS0.00471EPSS
Exploits2
wpexploit
wpexploit
added 2022/12/16 12:0 a.m.162 views

Vision Interactive For WordPress < 1.5.4 - Contributor+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow users such as contributor+ to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. 1. Create a new vision item with whatever role, even if it's an Administrator 2. Connect...

5.4CVSS0.3AI score0.00471EPSS
Exploits2
wpexploit
wpexploit
added 2022/12/16 12:0 a.m.124 views

iPages Flipbook For WordPress < 1.4.7 - Contributor+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow users such as contributor+ to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. 1. Create a new book item with whatever role, even if it's an Administrator. 2. Connect ...

5.4CVSS0.3AI score0.00471EPSS
Exploits2
wpexploit
wpexploit
added 2022/12/16 12:0 a.m.93 views

Logo Slider < 3.6.0 - Contributor+ Stored XSS in Shortcode

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks Note: First, you need to add a Logo Slider...

5.4CVSS1.3AI score0.00578EPSS
Exploits2
wpexploit
wpexploit
added 2022/12/16 12:0 a.m.126 views

ImageLinks Interactive Image Builder for WordPress < 1.5.4 - Contributor+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow users such as contributor+ to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. 1. Create a new vision item with whatever role, even if it's an Administrator. 2. Connec...

5.4CVSS0.3AI score0.00471EPSS
Exploits2
wpexploit
wpexploit
added 2022/12/16 12:0 a.m.127 views

Starter Templates by Kadence WP < 1.2.17 - Admin+ PHP Object Injection

The plugin unserialises the content of an imported file, which could lead to PHP object injection issues when an admin import intentionally or not a malicious file and a suitable gadget chain is present on the blog. To simulate a gadget chain, put the following code in a plugin: class Evil public...

8.8CVSS0.3AI score0.00922EPSS
Exploits2
wpexploit
wpexploit
added 2022/12/15 12:0 a.m.88 views

WP CSV <= 1.8.0.0 - Reflected XSS via CSV Import

The plugin does not sanitize and escape a parameter before outputting it back in the page when importing a CSV, and doe snot have CSRF checks in place as well, leading to a Reflected Cross-Site Scripting. Create a .txt file and the below line there: $ echo "alert/XSS/" Make a logged in admin impo...

6.1CVSS6.3AI score0.00251EPSS
Exploits2
wpexploit
wpexploit
added 2022/12/15 12:0 a.m.86 views

Post Status Notifier Lite < 1.10.1 - Reflected XSS

The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which can be used against high privilege users such as admin. Make a logged in high privilege user such as admin open the URL below...

6.1CVSS0.1AI score0.00902EPSS
Exploits2
wpexploit
wpexploit
added 2022/12/15 12:0 a.m.89 views

404 to Start <= 1.6.1 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. 1. In the settings of the plugin, ent...

4.8CVSS4.8AI score0.00532EPSS
Exploits2
wpexploit
wpexploit
added 2022/12/14 12:0 a.m.100 views

WP Table Reloaded <= 1.9.4 - Contributor+ Stored XSS

The plugin does not validate and escapes some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as a contributor to perform Stored Cross-Site Scripting attacks, which could be used against high privilege users such as admins. Exploit...

5.4CVSS0.4AI score0.00471EPSS
Exploits2
wpexploit
wpexploit
added 2022/12/13 12:0 a.m.388 views

WPQA < 5.9.3 - Missing validation lead to functionality abuse

The plugin which is a companion plugin used with Discy and Himer themes incorrectly tries to validate that a user already follows another in the wpqafollowingyouajax action, allowing a user to inflate their score on the site by having another user send repeated follow actions to them...

3.5CVSS3.9AI score0.00488EPSS
Exploits2
wpexploit
wpexploit
added 2022/12/13 12:0 a.m.425 views

WP Custom Admin Interface < 7.29 - Admin+ PHP Object Injection

The plugin unserialize user input provided via the settings, which could allow high privilege users such as admin to perform PHP Object Injection when a suitable gadget is present. action=importsettings&settings=O%3a4%3a%22Evil%22%3a0%3a%7b%7d%3b&security=6960d7bb50...

7.2CVSS4.6AI score0.17686EPSS
Exploits2
wpexploit
wpexploit
added 2022/12/13 12:0 a.m.3517 views

WP <= 6.2 - Unauthenticated Blind SSRF via DNS Rebinding

Description WordPress is affected by an unauthenticated blind SSRF in the pingback feature. Because of a TOCTOU race condition between the validation checks and the HTTP request, attackers can reach internal hosts that are explicitly forbidden...

5.9CVSS5.8AI score0.0315EPSS
Exploits5References1
wpexploit
wpexploit
added 2022/12/12 12:0 a.m.599 views

WP Cerber < 9.3.3 - User Enumeration Bypass via Rest API

The plugin does not properly block access to the REST API users endpoint when the blog is in a subdirectory, which could allow attackers to bypass the restriction in place and list users When the "Block access to users' data via REST API" settings is enabled...

5.3CVSS1.5AI score0.00671EPSS
Exploits2
wpexploit
wpexploit
added 2022/12/12 12:0 a.m.111 views

Web Invoice <= 2.1.3 - Authenticated SQLi

The plugin does not properly sanitize and escape a parameter before using it in a SQL statement, leading to a SQL Injection exploitable by high privilege users such as admin by default. However, depending on the plugin configuration, other users, such as subscriber could exploit this as well When...

7.2CVSS0.4AI score0.00983EPSS
Exploits2References1
wpexploit
wpexploit
added 2022/12/12 12:0 a.m.132 views

Multimedial Images <= 1.0b - Admin+ SQLi

The plugin does not properly sanitize and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as Admin. https://example.com/wp-admin/options-general.php?page=mmi&a=delbg&id=33+AND+SELECT+5926+FROM+SELECTSLEEP5erUA...

7.2CVSS1.5AI score0.00983EPSS
Exploits2References1
Total number of security vulnerabilities4359