Lucene search
K
WpexploitRecent

4359 matches found

wpexploit
wpexploit
•added 2024/05/14 12:0 a.m.•198 views

Insert or Embed Articulate Content into WordPress <= 4.3000000023 - Author+ Upload to RCE

Description The plugin is not properly filtering which file extensions are allowed to be imported on the server, allowing the uploading of malicious code within zip files Note: This must be tested on a web server running Apache 1 Create a new post 2 Add e-Learning block to the post and upload a z...

6.8AI score0.00936EPSS
Exploits3References1
wpexploit
wpexploit
•added 2024/05/10 12:0 a.m.•195 views

Migration Backup Restore < 3.5.0 - Admin+ SSRF

Description The plugin does not prevent users with the administrator role from pinging conducting SSRF attacks, which may be a problem in multisite configurations. 1. Click on "Upload Backup" and add http://127.0.0.1:XXX/123.wpstg - "Upload". If the port is open it will return an error "Not Found...

9.4AI score0.00591EPSS
Exploits2References1
wpexploit
wpexploit
•added 2024/05/09 12:0 a.m.•229 views

LearnPress – WordPress LMS Plugin < 4.2.6.6 - Unauthenticated Time-Based SQL Injection

Description The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to time-based SQL Injection via the ‘termid’ parameter in versions up to, and including, 4.2.6.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL...

9.8CVSS9.7AI score0.36925EPSS
Exploits2References1
wpexploit
wpexploit
•added 2024/05/08 12:0 a.m.•161 views

Site Reviews < 7.0.0 - IP Spoofing

Description The plugin retrieves client IP addresses from potentially untrusted headers, allowing an attacker to manipulate its value. This may be used to bypass IP-based blocking Request sent to the server to add review: POST /wordpress/wp-admin/admin-ajax.php HTTP/1.1 Host: localhost:8888...

6.7AI score0.00565EPSS
Exploits2
wpexploit
wpexploit
•added 2024/05/08 12:0 a.m.•135 views

Gianism <= 5.1.0 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup 1. Go to...

5.7AI score0.00372EPSS
Exploits2
wpexploit
wpexploit
•added 2024/05/08 12:0 a.m.•124 views

Playlist for Youtube <= 1.32 - Editor+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup 1. Go to...

5.6AI score0.00332EPSS
Exploits2
wpexploit
wpexploit
•added 2024/05/06 12:0 a.m.•157 views

Business Card <= 1.0.0 - Category Edit via CSRF

Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions such as editing card categories via CSRF attacks Make a logged in admin open an HTML document containing:...

6.7AI score0.00209EPSS
Exploits2
wpexploit
wpexploit
•added 2024/05/06 12:0 a.m.•176 views

KKProgressbar2 Free <= 1.1.4.2 - Admin+ SQL Injection

Description The plugin does not sanitize and escape a parameter before using it in a SQL statement, allowing admin users to perform SQL injection attacks 1. Send a POST request to /wp-admin/admin.php?page=kkpb-add-project with the BODY action=edit-project&id=sleep5 2. Observe the delay in respons...

7.4AI score0.00547EPSS
Exploits2
wpexploit
wpexploit
•added 2024/05/06 12:0 a.m.•179 views

KKProgressbar2 Free <= 1.1.4.2 - Progress Bar Deletion via CSRF

Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks Make a logged in admin open an HTML file containing where is a valid ID: "...

6.7AI score0.00324EPSS
Exploits3
wpexploit
wpexploit
•added 2024/05/06 12:0 a.m.•149 views

Business Card <= 1.0.0 - Arbitrary Card Deletion via CSRF

Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions such as deleting cards via CSRF attacks Make a logged in admin open an HTML document containing where is a valid ID: "...

6.7AI score0.00276EPSS
Exploits2
wpexploit
wpexploit
•added 2024/05/06 12:0 a.m.•165 views

Business Card <= 1.0.0 - Card Edit via CSRF

Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions such as editing cards via CSRF attacks Make a logged in admin open an HTML document containing where is a valid ID: " method="post"...

6.7AI score0.0025EPSS
Exploits2
wpexploit
wpexploit
•added 2024/05/06 12:0 a.m.•182 views

Ditty < 3.1.36 - Author+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup 1. Go to...

5.6AI score0.00399EPSS
Exploits2References1
wpexploit
wpexploit
•added 2024/05/06 12:0 a.m.•147 views

KKProgressbar2 Free <= 1.1.4.2 - Stored XSS via CSRF

Description The plugin does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack Make a logged in admin open an HTML file containing: alert/XSS/' csrf" XSS will trigger on...

5.9AI score0.002EPSS
Exploits2
wpexploit
wpexploit
•added 2024/05/06 12:0 a.m.•162 views

Business Card <= 1.0.0 - Category Deletion via CSRF

Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions such as deleting card categories via CSRF attacks Make a logged in admin open an HTML document containing:...

6.7AI score0.00185EPSS
Exploits2
wpexploit
wpexploit
•added 2024/05/03 12:0 a.m.•280 views

Royal Elementor Addons < 1.3.95 - Unauthenticated IP Spoofing

Description The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to IP Address Spoofing due to insufficient IP address validation. This makes it possible for unauthenticated attackers to spoof their IP addresses. Set any of the following server headers as used in getclienti...

9.8CVSS5.3AI score0.00455EPSS
Exploits1References1
wpexploit
wpexploit
•added 2024/05/02 12:0 a.m.•156 views

CAS <= 1.0.0 - Unauthenticated SSRF

Description The plugin does not validate a parameter before making a request to it, which could allow unauthenticated users to perform SSRF attack https://example.com/wp-content/themes/cas/download.php?path=http://127.0.0.1:8080...

6.9AI score0.01836EPSS
Exploits2
wpexploit
wpexploit
•added 2024/05/02 12:0 a.m.•184 views

Flattr <= 1.2.2 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup 1. Go to "Flattr" settings 2. In the...

5.7AI score0.00372EPSS
Exploits2
wpexploit
wpexploit
•added 2024/05/02 12:0 a.m.•165 views

Pet Manager <= 1.4 - Reflected XSS

Description The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin 1. Add a pet and publish the listing 2. View the pet on the frontend of the site and ge...

6AI score0.00347EPSS
Exploits2
wpexploit
wpexploit
•added 2024/05/02 12:0 a.m.•133 views

Pet Manager <= 1.4 - Contributor+ Stored XSS

Description The plugin does not sanitise and escape some of its Pet settings, which could allow high privilege users such as Contributor to perform Stored Cross-Site Scripting attacks. 1. Go to "Pets Add Pet" 2. In the "Address" field add the payload " style=animation-name:rotation...

5.8AI score0.00351EPSS
Exploits2
wpexploit
wpexploit
•added 2024/05/02 12:0 a.m.•152 views

CAS <= 1.0.0 - Unauthenticated Arbitrary File Access

Description This plugin does not validate a path generated with user input when downloading files, allowing unauthenticated user to download arbitrary files from the server https://example.com/wp-content/themes/cas/download.php?path=...

7AI score0.00719EPSS
Exploits1
wpexploit
wpexploit
•added 2024/05/02 12:0 a.m.•164 views

Button contact VR <= 4.7 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup Click on the "Button contact" and chan...

5.7AI score0.0033EPSS
Exploits2References1
wpexploit
wpexploit
•added 2024/05/01 12:0 a.m.•135 views

Carousel Slider < 2.2.11 - Editor+ Stored XSS

Description The plugin does not sanitise and escape some parameters, which could allow users with a role as low as editor to perform Cross-Site Scripting attacks 1. Create a new slider and inset: 1212"onmouseover='alert1' to "URL View" field...

6.1AI score0.00399EPSS
Exploits2References1
wpexploit
wpexploit
•added 2024/05/01 12:0 a.m.•149 views

IDonate <= 1.9.0 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup 1. Navigate to...

5.7AI score0.00518EPSS
Exploits2References1
wpexploit
wpexploit
•added 2024/04/30 12:0 a.m.•140 views

Sailthru Triggermail <= 1.1 - Reflected XSS

Description The plugin does not sanitise and escape various parameters before outputting them back in pages and attributes, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin The PoC will be displayed on May 14, 2024, to give users the time ...

8.5AI score0.00367EPSS
Exploits3
wpexploit
wpexploit
•added 2024/04/30 12:0 a.m.•163 views

Sailthru Triggermail <= 1.1 - Reflected XSS

Description The plugin does not sanitise and escape various parameters before outputting them back in pages and attributes, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin Make a logged in admin open: alert23' /...

8.5AI score0.00367EPSS
Exploits3
wpexploit
wpexploit
•added 2024/04/30 12:0 a.m.•187 views

Social Icons Widget & Block < 4.2.18 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its Widget settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup 1. As an administrator, visit...

5.7AI score0.00391EPSS
Exploits2References1
wpexploit
wpexploit
•added 2024/04/30 12:0 a.m.•141 views

Survey Maker < 4.2.9 - Admin+ Stored XSS via Plugin Settings

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup 1. Add New Survey 2. Choose any...

5.7AI score0.00422EPSS
Exploits2
wpexploit
wpexploit
•added 2024/04/30 12:0 a.m.•138 views

Sailthru Triggermail <= 1.1 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup 1. Go to...

7.8AI score0.00388EPSS
Exploits2
wpexploit
wpexploit
•added 2024/04/29 12:0 a.m.•477 views

All in One SEO – Best WordPress SEO Plugin – Easily Improve SEO Rankings & Increase Traffic < 4.6.1.1 - Contributor+ Stored Cross-Site Scripting via Shortcode

Description The All in One SEO – Best WordPress SEO Plugin – Easily Improve SEO Rankings & Increase Traffic plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes insufficient input sanitization and output escaping on user supplied attributes. This makes it...

6.4CVSS5.8AI score0.00457EPSS
Exploits1References1
wpexploit
wpexploit
•added 2024/04/29 12:0 a.m.•426 views

All in One SEO < 4.6.1.1 - Contributor+ Stored XSS

Description The plugin does not validate and escape some of its Post fields before outputting them back, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks As a contributor, create a post and put the following payload in the "Meta Descriptio...

5.9AI score0.00369EPSS
Exploits2References1
wpexploit
wpexploit
•added 2024/04/26 12:0 a.m.•142 views

Nextgen Gallery < 3.59.1 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed 1. Add the "NextGEN Media RSS" Widget to the blog Appearance Widgets 2. Change the "Tooltip...

8.6AI score0.0039EPSS
Exploits2References1
wpexploit
wpexploit
•added 2024/04/26 12:0 a.m.•180 views

Popup4Phone <= 1.3.2 - Unauthenticated Stored XSS

Description The plugin does not sanitise and escape some parameters, which could allow unauthenticated users to perform Cross-Site Scripting attacks against admins. Run the following JavaScript in the browser console: fetch"/", "headers": "content-type": "application/x-www-form-urlencoded", ,...

6.2AI score0.00684EPSS
Exploits2
wpexploit
wpexploit
•added 2024/04/26 12:0 a.m.•167 views

Swift Framework < 2024.0.0 - Contributor+ Stored XSS via Shortcode

Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. 1...

5.9AI score0.00332EPSS
Exploits2
wpexploit
wpexploit
•added 2024/04/26 12:0 a.m.•169 views

Popup4Phone <= 1.3.2 - Editor+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as Editor to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup 1. Go to "Popup4Phone Settings Form" ...

5.7AI score0.00389EPSS
Exploits2
wpexploit
wpexploit
•added 2024/04/25 12:0 a.m.•140 views

Newsletter Popup <= 1.2 - Unauthenticated Stored XSS

Description The plugin does not sanitise and escape some parameters, which could allow unauthenticated visitors to perform Cross-Site Scripting attacks against admins 1. Make sure there is a newsletter configured with the setting "Email Service Save to local database" 2. When not logged in, use a...

6.3AI score0.00386EPSS
Exploits2
wpexploit
wpexploit
•added 2024/04/25 12:0 a.m.•151 views

Newsletter Popup <= 1.2 - List Deletion via CSRF

Description The plugin does not have CSRF check when deleting list, which could allow attackers to make logged in admins perform such action via a CSRF attack Make an admin open a URL where is a valid id: http://example.com4/wp-admin/admin.php?page=wpnewslettershowitems&action=trash&id=...

6.7AI score0.0035EPSS
Exploits3
wpexploit
wpexploit
•added 2024/04/25 12:0 a.m.•148 views

Newsletter Popup <= 1.2 - List Deletion via CSRF

Description The plugin does not have CSRF check when deleting list, which could allow attackers to make logged in admins perform such action via a CSRF attack Make an admin open a URL where is a valid id: http://example.com4/wp-admin/admin.php?page=wpnewslettershowitems&action=trash&id=...

6.7AI score0.0035EPSS
Exploits3
wpexploit
wpexploit
•added 2024/04/25 12:0 a.m.•158 views

Newsletter Popup <= 1.2 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup 1. Go to "Newsletter Popup Add New" 2...

5.7AI score0.00372EPSS
Exploits2
wpexploit
wpexploit
•added 2024/04/25 12:0 a.m.•161 views

Newsletter Popup <= 1.2 - Subscriber Deletion via CSRF

Description The plugin does not have CSRF check when deleting subscriber, which could allow attackers to make logged in admins perform such action via a CSRF attack Make an admin open a link where is a valid user:...

6.7AI score0.00254EPSS
Exploits2
wpexploit
wpexploit
•added 2024/04/24 12:0 a.m.•167 views

HL Twitter <= 2014.1.18 - Unlink Twitter Account via CSRF

Description The plugin does not have CSRF check when unlinking twitter accounts, which could allow attackers to make logged in admins perform such actions via a CSRF attack Make an admin open an HTML file containing: The Twitter connection will be removed API tokens reset to ''...

6.7AI score0.00211EPSS
Exploits2
wpexploit
wpexploit
•added 2024/04/24 12:0 a.m.•163 views

WP Prayer <= 2.0.9 - Email Settings Update via CSRF

Description The plugin does not have CSRF check in place when updating its email settings, which could allow attackers to make a logged in admin change them via a CSRF attack Make a logged in admin open an HTML file containing:...

6.7AI score0.0035EPSS
Exploits2
wpexploit
wpexploit
•added 2024/04/24 12:0 a.m.•129 views

HL Twitter <= 2014.1.18 - Settings Update via CSRF

Description The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack Have a logged in admin open an HTML page containing:...

6.7AI score0.00204EPSS
Exploits2
wpexploit
wpexploit
•added 2024/04/24 12:0 a.m.•154 views

Base64 Encoder/Decoder <= 0.9.2 - Stored XSS via CSRF

Description The plugin does not have CSRF check when updating its settings, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack Make a logged in admin open an HTML file containing the following: alert999'...

5.9AI score0.00217EPSS
Exploits2
wpexploit
wpexploit
•added 2024/04/24 12:0 a.m.•154 views

SP Project & Document Manager <= 4.71 - Subscriber+ File Download via IDOR

Description The plugin lacks proper access controllers and allows a logged in user to view and download files belonging to another user As a logged in user, send a GET request: GET /wp-admin/admin-ajax.php?action=cdmfilelist&uid=3CHANGE HERE&pid=0CHANGE HERE&search=&=1708406394720 You can view...

6.6AI score0.00523EPSS
Exploits2
wpexploit
wpexploit
•added 2024/04/24 12:0 a.m.•140 views

SP Project & Document Manager <= 4.71 - Data Update via IDOR

Description The plugin is missing validation in its upload function, allowing a user to manipulate the userid to make it appear that a file was uploaded by another user 1. Select to upload a file through the plugin 2. Intercept the request: Example: ------WebKitFormBoundaryX4YnPgSA4oPHlNjv...

6.7AI score0.00434EPSS
Exploits2
wpexploit
wpexploit
•added 2024/04/24 12:0 a.m.•137 views

month name translation benaceur < 2.3.8 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup 1. Go to...

5.7AI score0.00352EPSS
Exploits2
wpexploit
wpexploit
•added 2024/04/24 12:0 a.m.•152 views

Base64 Encoder/Decoder <= 0.9.2 - Reflected XSS

Description The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin Make a logged in admin open the URL below...

6AI score0.00741EPSS
Exploits2
wpexploit
wpexploit
•added 2024/04/24 12:0 a.m.•139 views

Base64 Encoder/Decoder <= 0.9.2 - Settings Reset via CSRF

Description The plugin does not have CSRF check in place when resetting its settings, which could allow attackers to make a logged in admin reset them via a CSRF attack Make a logged in admin open an HTML file containing the following:...

6.7AI score0.00202EPSS
Exploits2
wpexploit
wpexploit
•added 2024/04/24 12:0 a.m.•171 views

WP Prayer <= 2.0.9 - Settings Update via CSRF

Description The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack Make a logged in admin open a page containing: input type="hidden"...

6.7AI score0.00258EPSS
Exploits2
wpexploit
wpexploit
•added 2024/04/24 12:0 a.m.•144 views

Shortcodes Ultimate < 7.1.2 - Contributor+ Stored XSS

Description The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin Add the following shortcode to a post: sulightbox src='123"onmouseover="alert1"'Click...

6AI score0.00441EPSS
Exploits2References1
Total number of security vulnerabilities4359