Lucene search
K
WpexploitRecent

4359 matches found

wpexploit
wpexploit
•added 2022/12/12 12:0 a.m.•542 views

Quote-O-Matic <= 1.0.5 - Admin+ SQLi

The plugin does not properly sanitize and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin. https://example.com/wp-admin/edit.php?page=quote-o-matic.php&sortby=qomID+AND+SELECT+3477+FROM+SELECTSLEEP5DhVP...

7.2CVSS1.8AI score0.00902EPSS
Exploits2
wpexploit
wpexploit
•added 2022/12/12 12:0 a.m.•593 views

Wholesale Market for WooCommerce < 2.0.0 - Admin+ Arbitrary Log Download

The plugin does not validate user input against path traversal attacks, allowing high privilege users such as admin to download arbitrary logs from the server even when they should not be able to for example in multisite First call...

2.7CVSS1.6AI score0.00705EPSS
Exploits2
wpexploit
wpexploit
•added 2022/12/12 12:0 a.m.•643 views

WP AutoComplete Search <= 1.0.4 - Unauthenticated SQLi

The plugin does not sanitise and escape a parameter before using it in a SQL statement via an AJAX available to unauthenticated users, leading to an unauthenticated SQL injection Extract the nonce from the index page search for "wpautosearchconfig", look for the "nonce" field Invoke the following...

9.8CVSS1.9AI score0.03595EPSS
Exploits5
wpexploit
wpexploit
•added 2022/12/12 12:0 a.m.•93 views

Web Invoice <= 2.1.3 - Authenticated SQLi

The plugin does not properly sanitize and escape a parameter before using it in a SQL statement, leading to a SQL Injection exploitable by high privilege users such as admin by default. However, depending on the plugin configuration, other users, such as subscriber could exploit this as well When...

7.2CVSS0.5AI score0.00983EPSS
Exploits2References1
wpexploit
wpexploit
•added 2022/12/12 12:0 a.m.•487 views

LetsRecover < 1.2.0 - Unauthenticated SQLi

The plugin does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection. GET /checkout/order-received/30/?key=wcorderKwss5kjkrhgKG HTTP/1.1 Host: localhost User-Agent: Mozilla/5.0 X11; Linux...

9.8CVSS0.7AI score0.00997EPSS
Exploits1References1
wpexploit
wpexploit
•added 2022/12/12 12:0 a.m.•85 views

iubenda < 3.3.3 - Subscriber+ Privileges Escalation to Admin

The plugin does does not have authorisation and CSRF in an AJAX action, and does not ensure that the options to be updated belong to the plugin as long as they are arrays. As a result, any authenticated users, such as subscriber can grant themselves any privileges, such as editplugins etc Run the...

8.8CVSS1.9AI score0.00462EPSS
Exploits2
wpexploit
wpexploit
•added 2022/12/12 12:0 a.m.•548 views

Wholesale Market < 2.2.1 - Unauthenticated Arbitrary File Download

The plugin does not have authorisation check, as well as does not validate user input used to generate system path, allowing unauthenticated attackers to download arbitrary file from the server. 1. Install woocommerce dependency, no setup required 2. Install the vulnerable plugin wholesale-market...

9.8CVSS1AI score0.01833EPSS
Exploits2
wpexploit
wpexploit
•added 2022/12/09 12:0 a.m.•93 views

WP RSS By Publishers <= 0.1 - Admin+ SQLi

The plugin does not properly sanitize and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin https://example.com/wp-admin/admin.php?page=wsysadminfeeds&action=delete&id=0,1+AND+SELECT+5926+FROM+SELECTSLEEP5erUA...

7.2CVSS1.1AI score0.00983EPSS
Exploits2References1
wpexploit
wpexploit
•added 2022/12/09 12:0 a.m.•428 views

WP User <= 7.0 - Unauthenticated SQLi

The plugin does not properly sanitize and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by unauthenticated users. 1. As an unauthenticated user, visit the "Sign Up" page by default, this is /?pageid=5, or /user/ 2. Extract the "wpuserupdatesetting"...

9.8CVSS0.3AI score0.04756EPSS
Exploits2
wpexploit
wpexploit
•added 2022/12/09 12:0 a.m.•392 views

Team Members < 5.2.1 - Editor+ Stored XSS

The plugin does not sanitize and escapes some of its settings, which could allow high-privilege users such as editors to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example, in a multisite setup. 1. Go to the "Teams" section » add a new te...

4.8CVSS0.2AI score0.00532EPSS
Exploits2
wpexploit
wpexploit
•added 2022/12/09 12:0 a.m.•91 views

WP RSS By Publishers <= 0.1 - Admin+ SQLi

The plugin does not properly sanitize and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin https://example.com/wp-admin/admin.php?page=wsysadminpublishers&action=delete&id=0,1+AND+SELECT+5926+FROM+SELECTSLEEP5erUA...

7.2CVSS1.1AI score0.01096EPSS
Exploits2References1
wpexploit
wpexploit
•added 2022/12/09 12:0 a.m.•510 views

Visual Email Designer for WooCommerce < 1.7.2 - Multiple Author+ SQLi

The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as author. action=INSERT HERE NAME OF...

8.8CVSS1.5AI score0.00907EPSS
Exploits2
wpexploit
wpexploit
•added 2022/12/09 12:0 a.m.•407 views

WP-Lister Lite for Amazon < 2.4.4 - Reflected XSS

The plugin does not sanitize and escapes a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which can be used against high-privilege users such as admin. 1. Install and activate WooCommerce dependency, no setup required 2. Install and activate the...

6.1CVSS6.1AI score0.00486EPSS
Exploits2
wpexploit
wpexploit
•added 2022/12/09 12:0 a.m.•488 views

Image Optimizer, Resizer and CDN < 6.8.1 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. Step 1: Install the plugin and register for an...

4.8CVSS4.8AI score0.0047EPSS
Exploits2
wpexploit
wpexploit
•added 2022/12/09 12:0 a.m.•114 views

WP RSS By Publishers <= 0.1 - Admin+ SQLi

The plugin does not properly sanitize and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin https://example.com/wp-admin/admin.php?page=wsysadminrules&action=delete&id=0,1+AND+SELECT+5926+FROM+SELECTSLEEP5erUA...

7.2CVSS1.1AI score0.00983EPSS
Exploits2References1
wpexploit
wpexploit
•added 2022/12/09 12:0 a.m.•92 views

Superio - Job Board < 1.2.33 - Subscriber+ Stored Cross-Site Scripting

The theme does not sanitise and escape some parameters, which could allow users with a role as low as a subscriber to perform Stored Cross-Site Scripting attacks. As a candidate, add the following payload on the Social Network option: javascript:alert1 As a recruiter, access the candidate page an...

5.4CVSS0.3AI score0.00484EPSS
Exploits2References1
wpexploit
wpexploit
•added 2022/12/09 12:0 a.m.•520 views

LetsRecover < 1.2.0 - Admin+ SQLi

The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin POST /wp-admin/admin.php?page=letsrecover-templates&subscriberid=6&cartid=10+AND+SELECT+5926+FROM+SELECTSLEEP5erUA HTTP/1.1...

7.2CVSS0.8AI score0.00874EPSS
Exploits1References1
wpexploit
wpexploit
•added 2022/12/09 12:0 a.m.•496 views

LetsRecover < 1.2.0 - Admin+ SQLi

The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin...

7.2CVSS1.6AI score0.00874EPSS
Exploits1References1
wpexploit
wpexploit
•added 2022/12/08 12:0 a.m.•443 views

White Label CMS < 2.5 - Admin+ PHP Object Injection

The plugin unserializes user input provided via the settings, which could allow high-privilege users such as admin to perform PHP Object Injection when a suitable gadget is present. To simulate a gadget chain, put the following code in a plugin: class Evil public function wakeup : void...

7.2CVSS0.2AI score0.17686EPSS
Exploits2
wpexploit
wpexploit
•added 2022/12/08 12:0 a.m.•89 views

Qe SEO Handyman <= 1.0 - Admin+ SQLi

The plugin does not properly sanitize and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin POST /wp-admin/admin-ajax.php HTTP/1.1 Host: localhost User-Agent: Mozilla/5.0 X11; Linux x8664; rv:91.0 Gecko/20100101...

7.2CVSS0.5AI score0.01096EPSS
Exploits2References1
wpexploit
wpexploit
•added 2022/12/08 12:0 a.m.•370 views

Product list Widget for Woocommerce <= 1.0 - Reflected XSS

The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against both unauthenticated and authenticated users such as high privilege one like admin. Make any unauthenticated or authenticated users su...

6.1CVSS0.3AI score0.00483EPSS
Exploits2
wpexploit
wpexploit
•added 2022/12/08 12:0 a.m.•91 views

Qe SEO Handyman <= 1.0 - Admin+ SQLi

The plugin does not properly sanitize and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin POST /wp-admin/admin-post.php HTTP/1.1 Host: localhost User-Agent: Mozilla/5.0 X11; Linux x8664; rv:91.0 Gecko/20100101...

7.2CVSS0.4AI score0.00983EPSS
Exploits2References1
wpexploit
wpexploit
•added 2022/12/08 12:0 a.m.•499 views

Joy Of Text Lite < 2.3.1 - Unauthenticated SQLi

The plugin does not properly sanitise and escape some parameters before using them in SQL statements accessible to unauthenticated users, leading to unauthenticated SQL injection Invoke the following curl command to induce a 5 second sleep: time curl...

9.8CVSS1.6AI score0.01037EPSS
Exploits2
wpexploit
wpexploit
•added 2022/12/07 12:0 a.m.•88 views

Panda Pods Repeater Field < 1.5.4 - Reflected XSS

The plugin does not sanitize and escapes a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against a user having at least Contributor permission. 1. Install Pods plugin dependency - https://wordpress.org/plugins/pods 2. Install the...

5.4CVSS0.1AI score0.00841EPSS
Exploits2
wpexploit
wpexploit
•added 2022/12/07 12:0 a.m.•454 views

Login with Cognito < 1.4.9 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. 1. Go to "Cognito Login » Configure OAuth", and a...

4.8CVSS0.1AI score0.00532EPSS
Exploits2
wpexploit
wpexploit
•added 2022/12/07 12:0 a.m.•352 views

BookingPress < 1.0.31 - Unauthenticated IDOR in appointment_id

The plugin suffers from an Insecure Direct Object Reference IDOR vulnerability in it's thank you page, allowing any visitor to display information about any booking, including full name, date, time and service booked, by manipulating the appointmentid query parameter. curl -s...

5.3CVSS0.5AI score0.00669EPSS
Exploits2
wpexploit
wpexploit
•added 2022/12/07 12:0 a.m.•463 views

WP Social Sharing <= 2.2 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. 1. Go to Settings » WP Social Sharing page of the...

4.8CVSS0.006EPSS
Exploits2
wpexploit
wpexploit
•added 2022/12/06 12:0 a.m.•432 views

WP-Ban < 1.69.1 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. 1. Go to the plugin settings and set these fields...

4.8CVSS4.7AI score0.00851EPSS
Exploits2
wpexploit
wpexploit
•added 2022/12/06 12:0 a.m.•403 views

WordPress Filter Gallery Plugin < 0.1.6 - Admin+ Stored XSS

The plugin does not properly escape the filters passed in the ufggalleryfilters ajax action before outputting them on the page, allowing a high privileged user such as an administrator to inject HTML or javascript to the plugin settings page, even when the unfilteredhtml capability is disabled...

4.8CVSS0.7AI score0.0047EPSS
Exploits2
wpexploit
wpexploit
•added 2022/12/06 12:0 a.m.•429 views

All-in-One Addons for Elementor - WidgetKit < 2.4.4 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup Go to WidgetKit - API Keys, put the following...

4.8CVSS0.1AI score0.0047EPSS
Exploits2
wpexploit
wpexploit
•added 2022/12/06 12:0 a.m.•653 views

Build App Online < 1.0.19 - Unauthenticated SQL Injection

The plugin does not properly sanitise and escape some parameters before using them in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection Additional plugins required: https://wordpress.org/plugins/wc-multivendor-marketplace/...

0.6AI score0.01037EPSS
Exploits2
wpexploit
wpexploit
•added 2022/12/05 12:0 a.m.•162 views

Contest Gallery < 19.1.5 - Admin+ SQL Injection

The plugins do not escape the wpuserid GET parameter before concatenating it to an SQL query in management-show-user.php. This may allow malicious users with administrator privileges i.e. on multisite WordPress configurations to leak sensitive information from the site's database. Exploit 1: The...

4.9CVSS0.5AI score0.00846EPSS
Exploits2References1
wpexploit
wpexploit
•added 2022/12/05 12:0 a.m.•160 views

Stop Spammers Security < 2022.6 - Unauthenticated PHP Object Injection

The plugin passes base64 encoded user input to the unserialize PHP function when CAPTCHA are used as second challenge, which could lead to PHP Object injection if a plugin installed on the blog has a suitable gadget chain To simulate a gadget chain, put the following code in a plugin class Evil...

9.8CVSS0.8AI score0.18121EPSS
Exploits2
wpexploit
wpexploit
•added 2022/12/05 12:0 a.m.•113 views

Return Refund and Exchange For WooCommerce < 4.0.9 - Unauthenticated Arbitrary File Upload

The plugin does not validate attachment files to be uploaded via an AJAX action available to unauthenticated users, which could allow them to upload arbitrary files such as PHP and lead to RCE 1. Install and activate woocommerce dependency, no setup required 2. Install and activate the vulnerable...

9.8CVSS9.8AI score0.06152EPSS
Exploits3
wpexploit
wpexploit
•added 2022/12/05 12:0 a.m.•108 views

Contest Gallery < 19.1.5 - Author+ SQL Injection

The plugins do not escape the cgorder POST parameter before concatenating it to an SQL query in order-custom-fields-with-and-without-search.php. This may allow malicious users with at least author privilege to leak sensitive information from the site's database. POST /wp-admin/admin-ajax.php...

6.5CVSS0.2AI score0.00854EPSS
Exploits2References1
wpexploit
wpexploit
•added 2022/12/05 12:0 a.m.•107 views

Contest Gallery < 19.1.5.1 - Unauthenticated SQL Injection

The plugins do not escape the userid POST parameter before concatenating it to an SQL query in ajax-functions-backend.php. This may allow malicious users with at least author privilege to leak sensitive information from the site's database. POST /wp-admin/admin-ajax.php HTTP/1.1 Host:...

7.5CVSS0.6AI score0.0092EPSS
Exploits2References1
wpexploit
wpexploit
•added 2022/12/05 12:0 a.m.•108 views

Contest Gallery < 19.1.5 - Author+ SQL Injection

The plugins do not escape the cgmultiplefilesforpost POST parameter before concatenating it to an SQL query in 0change-gallery.php. This may allow malicious users with at least author privilege to leak sensitive information from the site's database. POST /wp-admin/admin-ajax.php HTTP/1.1 Host:...

6.5CVSS0.1AI score0.00854EPSS
Exploits2References1
wpexploit
wpexploit
•added 2022/12/05 12:0 a.m.•100 views

Contest Gallery < 19.1.5 - Author+ SQL Injection

The plugins do not escape the optionid POST parameter before concatenating it to an SQL query in edit-options.php. This may allow malicious users with at least author privilege to leak sensitive information from the site's database. POST...

6.5CVSS0.7AI score0.00854EPSS
Exploits2References1
wpexploit
wpexploit
•added 2022/12/05 12:0 a.m.•104 views

Welcart e-Commerce < 2.8.6 - Subscriber+ PHAR Deserialisation

The plugin does not validate user input before using it in fileexist functions via various AJAX actions available to any authenticated users, which could allow users with a role as low as subscriber to perform PHAR deserialisation when they can upload a file and a suitable gadget chain is present...

8.8CVSS0.01073EPSS
Exploits2
wpexploit
wpexploit
•added 2022/12/05 12:0 a.m.•127 views

Kwayy HTML Sitemap < 4.0 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. 1. Click the 'Settings' button of this plugin. 2...

4.8CVSS4.7AI score0.00532EPSS
Exploits2
wpexploit
wpexploit
•added 2022/12/05 12:0 a.m.•93 views

Contest Gallery < 19.1.5 - Admin+ SQL Injection

The plugins do not escape the cgoptionid POST parameter before concatenating it to an SQL query in export-votes-all.php. This may allow malicious users with administrator privileges i.e. on multisite WordPress configurations to leak sensitive information from the site's database. POST...

4.9CVSS0.4AI score0.00883EPSS
Exploits2References1
wpexploit
wpexploit
•added 2022/12/05 12:0 a.m.•105 views

Contest Gallery < 19.1.5 - Author+ SQL Injection

The plugins do not escape the cgcopyid POST parameter before concatenating it to an SQL query in cg-copy-comments.php and cg-copy-rating.php. This may allow malicious users with at least author privilege to leak sensitive information from the site's database. POST...

6.5CVSS0.7AI score0.00911EPSS
Exploits2References1
wpexploit
wpexploit
•added 2022/12/05 12:0 a.m.•107 views

Contest Gallery < 19.1.5 - Unauthenticated SQL Injection

The plugins do not escape the cgFields POST parameter before concatenating it to an SQL query in users-registry-check-registering-and-login.php. This may allow malicious visitors to leak sensitive information from the site's database. POST /wp-admin/admin-ajax.php HTTP/1.1 Host: localhost:8080...

7.5CVSS0.1AI score0.00882EPSS
Exploits2References1
wpexploit
wpexploit
•added 2022/12/05 12:0 a.m.•76 views

Welcart e-Commerce < 2.8.5 - Subscriber+ Arbitrary File Access

The plugin does not validate user input before using it to output the content of a file via an AJAX action available to any authenticated users, which could allow users with a role as low as subscriber to read arbitrary files on the server. Run the below command in the developer console of the we...

6.5CVSS0.00795EPSS
Exploits2
wpexploit
wpexploit
•added 2022/12/05 12:0 a.m.•101 views

Contest Gallery < 19.1.5 - Admin+ SQL Injection

The plugins do not escape the optionid GET parameter before concatenating it to an SQL query in export-images-data.php. This may allow malicious users with at least author privilege to leak sensitive information from the site's database. POST...

6.5CVSS0.7AI score0.00854EPSS
Exploits2References1
wpexploit
wpexploit
•added 2022/12/05 12:0 a.m.•110 views

Contest Gallery < 19.1.5 - Author+ SQL Injection

The plugins do not escape the cgrow POST parameter before concatenating it to an SQL query in 3row-order.php. This may allow malicious users with at least author privilege to leak sensitive information from the site's database. POST /wp-admin/admin-ajax.php HTTP/1.1 Host: localhost:8080 User-Agen...

6.5CVSS0.2AI score0.00854EPSS
Exploits2References1
wpexploit
wpexploit
•added 2022/12/05 12:0 a.m.•111 views

Contest Gallery < 19.1.5 - Author+ SQL Injection

The plugins do not escape the addCountS POST parameter before concatenating it to an SQL query in 4activate.php. This may allow malicious users with at least author privilege to leak sensitive information from the site's database. POST /wp-admin/admin-ajax.php HTTP/1.1 Host: localhost:8080...

6.5CVSS0.2AI score0.00854EPSS
Exploits2References1
wpexploit
wpexploit
•added 2022/12/05 12:0 a.m.•110 views

Contest Gallery < 19.1.5 - Author+ SQL Injection

The plugins do not escape the cgdeactivate and cgactivate POST parameters before concatenating it to an SQL query in 2deactivate.php and 4activate.php, respectively. This may allow malicious users with at least author privilege to leak sensitive information from the site's database. Exploit...

6.5CVSS0.1AI score0.00854EPSS
Exploits2References1
wpexploit
wpexploit
•added 2022/12/05 12:0 a.m.•94 views

Contest Gallery < 19.1.5 - Author+ SQL Injection

The plugins do not escape the optionid POST parameter before concatenating it to an SQL query in order-custom-fields-with-and-without-search.php. This may allow malicious users with at least author privilege to leak sensitive information from the site's database. POST...

6.5CVSS0.6AI score0.00854EPSS
Exploits2References1
wpexploit
wpexploit
•added 2022/12/05 12:0 a.m.•86 views

Contest Gallery < 19.1.5.1 - Author+ SQL Injection

The plugins do not escape the cgid POST parameter before concatenating it to an SQL query in 0change-gallery.php. This may allow malicious users with at least author privilege to leak sensitive information from the site's database. POST /wp-admin/admin-ajax.php?page=/index.php&editgallery=1&wpmad...

6.5CVSS0.2AI score0.00854EPSS
Exploits2References1
Total number of security vulnerabilities4359