Lucene search
K
WpexploitRecent

4359 matches found

wpexploit
wpexploit
•added 2022/12/05 12:0 a.m.•123 views

Welcart e-Commerce < 2.8.5 - Unauthenticated Arbitrary File Access

The plugin does not validate user input before using it to output the content of a file, which could allow unauthenticated attacker to read arbitrary files on the server This is a different issue than CVE-2022-41840...

9.8CVSS2.9AI score0.05116EPSS
Exploits3
wpexploit
wpexploit
•added 2022/12/05 12:0 a.m.•121 views

Contest Gallery < 19.1.5 - Author+ SQL Injection

The plugins do not escape the cgcopystart POST parameter before concatenating it to an SQL query in copy-gallery-images.php. This may allow malicious users with at least author privilege to leak sensitive information from the site's database. POST...

6.5CVSS0.7AI score0.00854EPSS
Exploits2References1
wpexploit
wpexploit
•added 2022/12/05 12:0 a.m.•131 views

Contest Gallery < 19.1.5.1 - Author+ SQL Injection

The plugins do not escape the upload POST parameter before concatenating it to an SQL query in get-data-create-upload-v10.php. This may allow malicious users with at least author privilege to leak sensitive information from the site's database. POST...

6.5CVSS0.5AI score0.00854EPSS
Exploits2References1
wpexploit
wpexploit
•added 2022/12/05 12:0 a.m.•101 views

Contest Gallery < 19.1.5 - Author+ SQL Injection

The plugins do not escape the optionid POST parameter before concatenating it to an SQL query in edit-options.php. This may allow malicious users with at least author privilege to leak sensitive information from the site's database. POST...

6.5CVSS0.7AI score0.00854EPSS
Exploits2References1
wpexploit
wpexploit
•added 2022/12/02 12:0 a.m.•137 views

ImageInject <= 1.17 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. POST...

4.8CVSS0.6AI score0.00532EPSS
Exploits2
wpexploit
wpexploit
•added 2022/12/02 12:0 a.m.•105 views

Workreap < 2.6.4 - Subscriber+ Arbitrary Posts Deletion via IDOR

The theme does not verify that an addon service belongs to the user issuing the request, or indeed that it is an addon service, when processing the workreapaddonsserviceremove action, allowing any user to delete any post by knowing or guessing the id. POST /testt/wp-admin/admin-ajax.php HTTP/2...

6.5CVSS2.4AI score0.00593EPSS
Exploits2
wpexploit
wpexploit
•added 2022/12/02 12:0 a.m.•431 views

WP Google Review Slider < 11.6 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. POST /wp-admin/admin-ajax.php?fsblogadmin=true...

4.8CVSS0.4AI score0.00532EPSS
Exploits2
wpexploit
wpexploit
•added 2022/12/02 12:0 a.m.•114 views

Plugin Logic < 1.0.8 - Admin+ SQLi

The plugin does not sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin POST /wp-admin/network/plugins.php?page=plugin-logic&tabid=options%20union%20SELECT%20SLEEP16%3b%23 HTTP/1.1 Content-Type:...

7.2CVSS2.1AI score0.01091EPSS
Exploits2References1
wpexploit
wpexploit
•added 2022/12/02 12:0 a.m.•160 views

Simple Basic Contact Form < 20221201 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. 1. Go to "Settings » Contact Form » Plugin Option...

4.8CVSS0.3AI score0.00532EPSS
Exploits2
wpexploit
wpexploit
•added 2022/12/01 12:0 a.m.•145 views

Google Apps Login < 3.4.5 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. 1. Go to the setting page of this plugin. 2. In...

4.8CVSS4.7AI score0.00532EPSS
Exploits2
wpexploit
wpexploit
•added 2022/11/30 12:0 a.m.•151 views

Sliderby10Web < 1.2.53 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. 1. Go to "Slider » Sliders" and edit one of the...

4.8CVSS4.8AI score0.00532EPSS
Exploits2
wpexploit
wpexploit
•added 2022/11/30 12:0 a.m.•190 views

Eventify <= 2.1 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. 1. Go to Settings » Eventify. 2. Under 'Category...

4.8CVSS4.7AI score0.00532EPSS
Exploits2
wpexploit
wpexploit
•added 2022/11/30 12:0 a.m.•157 views

Paytium < 4.3.7 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. 1. Go to Playtium » Settings and in the 'Test'...

4.8CVSS0.5AI score0.0047EPSS
Exploits2
wpexploit
wpexploit
•added 2022/11/29 12:0 a.m.•83 views

Appointment Hour Booking < 1.3.73 - Unauthenticated iFrame Injection

The plugin does not sanitise and escape the email and general field parameters, which could allow unauthenticated users to perform iFrame injection attack As an unauthenticated user, submit a booking and put an iFrame payload in the email/general field parameter The iFrame will be executed when a...

7.2CVSS1.1AI score0.00687EPSS
Exploits1
wpexploit
wpexploit
•added 2022/11/29 12:0 a.m.•124 views

Menu Item Visibility Control <= 0.5 - Admin+ Arbitrary PHP Code Execution

The plugin doesn't sanitize and validate the "Visibility logic" option for WordPress menu items, which could allow highly privileged users to execute arbitrary PHP code even in a hardened environment. 1. As an admin, go to "Appearance - Menus" and create a menu with some items of your choice. 2. ...

7.2CVSS1.3AI score0.01225EPSS
Exploits2
wpexploit
wpexploit
•added 2022/11/29 12:0 a.m.•523 views

WP CSV Exporter < 1.3.7 - CSV Injection

The plugin does not properly escape the fields when exporting data as CSV, leading to a CSV injection vulnerability. - create a post using =5+5 as the title - export the data as CSV - open the CSV with a spreadsheet application Excel, Libre Office - the CSV formula gets executed...

7.8CVSS0.6AI score0.0041EPSS
Exploits1
wpexploit
wpexploit
•added 2022/11/28 12:0 a.m.•165 views

Directorist < 7.4.4 - Subscriber+ Sensitive Information Disclosure

The plugin does not prevent users with low privileges like subscribers from accessing sensitive system information. fetch'http://wpscan.local/wp-admin/admin-ajax.php', method: 'POST', headers: new Headers 'Content-Type': 'application/x-www-form-urlencoded', , body: 'action=sendsysteminfo',...

6.5CVSS1.5AI score0.00699EPSS
Exploits2
wpexploit
wpexploit
•added 2022/11/28 12:0 a.m.•184 views

Popup Manager <= 1.6.6 - Unauthenticated Stored XSS

The plugin does not have authorisation and CSRF check when creating/updating popups, and is missing sanitisation as well as escaping, which could allow unauthenticated attackers to create arbitrary popups and add Stored XSS payloads as well fetch'/wp-admin/admin-ajax.php', method: 'POST', headers...

4.3CVSS1.2AI score0.00285EPSS
Exploits2
wpexploit
wpexploit
•added 2022/11/28 12:0 a.m.•170 views

Popup Manager <= 1.6.6 - Unauthenticated Arbitrary Popup Deletion

The plugin does not have authorisation and CSRF checks when deleting popups, which could allow unauthenticated users to delete them As an unauthenticated users, or via CSRF: fetch'/wp-admin/admin-ajax.php', method: 'POST', headers: new Headers 'Content-Type': 'application/x-www-form-urlencoded', ...

4.3CVSS1.7AI score0.00274EPSS
Exploits2
wpexploit
wpexploit
•added 2022/11/28 12:0 a.m.•160 views

Better Click to Tweet < 5.10.4 - Settings Update via CSRF

The plugin lacks CSRF protection when updating the bctt-twitter-handle option, allowing an attacker to change the plugin settings by tricking a logged in admin to submit a form. curl -b .cookies -d bctt-twitter=$NEWHANDLE 'https://example.com/wp-admin/?page=bctt-welcome&step=welcome'...

2.7AI score0.0038EPSS
Exploits1References1
wpexploit
wpexploit
•added 2022/11/28 12:0 a.m.•579 views

Pie Register < 3.8.1.3 - Unauthenticated Arbitrary User Deletion

The plugin does not have authorisation and CSRF when deleting users via an init action handler, allowing unauthenticated attackers to delete arbitrary users along with their posts Invoke the following curl command to delete the user user id 2 curl https://example.com/wp-admin/admin-ajax.php --dat...

6.5CVSS1.8AI score0.00334EPSS
Exploits2
wpexploit
wpexploit
•added 2022/11/28 12:0 a.m.•203 views

Photo Gallery < 1.8.3 - Stored XSS via CSRF

The plugin does not validate and escape some parameters before outputting them back in in JS code later on in another page, which could lead to Stored XSS issue when an attacker makes a logged in admin open a malicious URL or page under their control. Note: The XSS will only trigger for the...

5.4CVSS5.3AI score0.00244EPSS
Exploits2
wpexploit
wpexploit
•added 2022/11/28 12:0 a.m.•260 views

InPost Gallery < 2.1.4.1 - Unauthenticated LFI to RCE

The plugin insecurely uses PHP's extract function when rendering HTML views, allowing attackers to force the inclusion of malicious files & URLs, which may enable them to run code on servers. Invoke the following shell commands to disclose the /etc/passwd file: Define the payload "pagepath" value...

9.8CVSS0.2AI score0.09519EPSS
Exploits2
wpexploit
wpexploit
•added 2022/11/28 12:0 a.m.•216 views

JobBoardWP < 1.2.2 - Unauthenticated Arbitrary File Upload

The plugin does not properly validate file names and types in its file upload functionalities, allowing unauthenticated users to upload arbitrary files such as PHP. Setup: 1. Install the vulnerable plugin jobboardwp version 1.2.1 2. In the toast message that appears on the plugin's installation...

7.5CVSS0.1AI score0.01354EPSS
Exploits2
wpexploit
wpexploit
•added 2022/11/28 12:0 a.m.•561 views

Wholesale Market for WooCommerce < 1.0.7 - Unauthenticated Arbitrary File Download

The plugin does not have authorisation check, as well as does not validate user input used to generate system path, allowing unauthenticated attackers to download arbitrary file from the server. Note: v1.0.7 added capability check, making the issue still exploitable by high privilege users such a...

7.5CVSS1AI score0.00857EPSS
Exploits2
wpexploit
wpexploit
•added 2022/11/28 12:0 a.m.•580 views

Wholesale Market for WooCommerce < 1.0.8 - Admin+ Arbitrary File Download

The plugin does not validate user input used to generate system path, allowing high privilege users such as admin to download arbitrary file from the server even when they should not be able to for example in multisite First call...

4.9CVSS1.9AI score0.00798EPSS
Exploits2
wpexploit
wpexploit
•added 2022/11/28 12:0 a.m.•182 views

JoomSport < 5.2.8 - Unauthenticated SQLi

The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by unauthenticated users 1. Install the vulnerable plugin joomsport-sports-league-results-management version 5.2.6, skip the demo data import when prompted 2...

9.8CVSS0.6AI score0.04756EPSS
Exploits2
wpexploit
wpexploit
•added 2022/11/22 12:0 a.m.•148 views

Responsive Lightbox2 < 1.0.4 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks As a contributor, put, the following shortcode in a page/post lightbox2 url='"...

5.4CVSS0.1AI score0.00471EPSS
Exploits2
wpexploit
wpexploit
•added 2022/11/22 12:0 a.m.•196 views

Easy Video Player < 1.2.2.3 - Contributor+ Stored XSS

The plugin does not sanitize and escapes some parameters, which could allow users with a role as low as Contributor to perform Cross-Site Scripting attacks. 1. Add a new post and add the payload there: evpembedvideo url='" onerror=alert/XSS/ "' 2. Preview the post, and the XSS will trigger...

5.4CVSS2AI score0.00507EPSS
Exploits2
wpexploit
wpexploit
•added 2022/11/22 12:0 a.m.•150 views

WP Stripe Checkout < 1.2.2.21 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks As a contributor, put the following shortcode in a page/post wpstripecheckout...

5.4CVSS1.1AI score0.00471EPSS
Exploits2
wpexploit
wpexploit
•added 2022/11/22 12:0 a.m.•154 views

Flowplayer Video Player < 1.0.5 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks As a contributor, put, the following shortcode in a page/post flowplayer src='...

5.4CVSS0.9AI score0.00471EPSS
Exploits2
wpexploit
wpexploit
•added 2022/11/22 12:0 a.m.•266 views

Videojs HTML5 Player < 1.1.9 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks As a contributor, put the following shortcode in a page/post videojsvideo url=...

5.4CVSS0.8AI score0.00471EPSS
Exploits2
wpexploit
wpexploit
•added 2022/11/22 12:0 a.m.•160 views

Checkout for PayPal < 1.0.14 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks As a contributor, put the following shortcode in a page/post checkoutforpaypal...

5.4CVSS1AI score0.00471EPSS
Exploits2
wpexploit
wpexploit
•added 2022/11/22 12:0 a.m.•176 views

SMSA Shipping for WooCommerce < 1.0.5 - Subscriber+ Arbitrary File Download

The plugin does not have authorisation and proper CSRF checks, as well as does not validate the file to be downloaded, allowing any authenticated users, such as subscriber to download arbitrary file from the server Open the following URL when being logged in as any user...

6.5CVSS1.2AI score0.00382EPSS
Exploits2
wpexploit
wpexploit
•added 2022/11/21 12:0 a.m.•160 views

StopBadBots < 7.24 - Subscriber+ Arbitrary Plugin Installation

The plugin does not have proper authorisation and CSRF in an AJAX action, allowing any authenticated users, such as subscriber to call it and install and activate arbitrary plugins from wordpress.org Run the below command in the developer console of the web browser while being on the blog as a...

6.5CVSS1.2AI score0.00327EPSS
Exploits2
wpexploit
wpexploit
•added 2022/11/21 12:0 a.m.•277 views

Betheme < 26.6 - Contributor+ PHP Object Injection

The plugin unserializes user input provided via the import, mfn-items-import-page, and mfn-items-import parameters passed through the mfnbuilderimport, mfnbuilderimportpage, importdata, importsinglepage, and importfromclipboard functions. This could allow users with a role as low as contributor t...

8.8CVSS0.6AI score0.01984EPSS
Exploits5References1
wpexploit
wpexploit
•added 2022/11/21 12:0 a.m.•190 views

Cooked Pro < 1.7.5.7 - Unauthenticated PHP Object Injection

The plugin does not properly validate or sanitize the recipeargs parameter before unserializing it in the cookedloadmore action, allowing an unauthenticated attacker to trigger a PHP Object injection vulnerability. POST /wp-admin/admin-ajax.php HTTP/1.1 Content-Type:...

9.8CVSS2.8AI score0.18966EPSS
Exploits2
wpexploit
wpexploit
•added 2022/11/21 12:0 a.m.•303 views

Dokan < 3.7.6 - Unauthenticated SQLi

The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by unauthenticated users Setup: - Install WooCommerce dependency, no setup required - Install the plugin, complete the wizard no special configuration was...

9.8CVSS0.1AI score0.01059EPSS
Exploits2
wpexploit
wpexploit
•added 2022/11/21 12:0 a.m.•314 views

Listingo < 3.2.7 - Unauthenticated Arbitrary File Upload

The theme does not validate files to be uploaded via an AJAX action available to unauthenticated users, which could allow them to upload arbitrary files and lead to RCE Listingo Unauthenticated File Upload Upload a File: The response give the path to the file uploaded:...

9.8CVSS0.3AI score0.21205EPSS
Exploits2
wpexploit
wpexploit
•added 2022/11/21 12:0 a.m.•149 views

Jetpack CRM < 5.4.3 - Admin+ Cross-Site Scripting

The plugin does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. 1. In the settings of the plugin, in the three input boxes are named "Second Address Label", "Login Logo...

4.8CVSS0.1AI score0.0047EPSS
Exploits2
wpexploit
wpexploit
•added 2022/11/21 12:0 a.m.•418 views

Booster for WooCommerce - Custom Role Creation/Deletion via CSRF

The plugins does not properly check for CSRF when creating and deleting Customer roles, allowing attackers to make logged admins create and delete arbitrary custom roles via CSRF attacks To delete the custom role dj it's possible to delete roles created by other plugins, make a logged in admin op...

6.5CVSS0.6AI score0.00338EPSS
Exploits2
wpexploit
wpexploit
•added 2022/11/21 12:0 a.m.•562 views

Icegram Express < 5.5.1 - Subscriber+ SQLi

The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by any authenticated users, such as subscriber Open the below URL when logged in as a subscriber and notice the 5s delay...

8.8CVSS0.6AI score0.00742EPSS
Exploits1
wpexploit
wpexploit
•added 2022/11/21 12:0 a.m.•534 views

User Registration < 2.2.4.1 - Subscriber+ Arbitrary File Upload

The plugin does not properly restrict the files to be uploaded via an AJAX action available to both unauthenticated and authenticated users, which could allow unauthenticated users to upload PHP files for example. The following Python script automates the exploitation of this plugin by uploading ...

7.5CVSS0.6AI score0.00743EPSS
Exploits2
wpexploit
wpexploit
•added 2022/11/21 12:0 a.m.•214 views

Motors - Car Dealer, Classifieds & Listing < 1.4.4 - Arbitrary File Upload

The plugin does not properly validate uploaded files for dangerous file types such as .php in an AJAX action, allowing an attacker to sign up on a victim's WordPress instance, upload a malicious PHP file and attempt to launch a brute-force attack to discover the uploaded payload. This PoC was...

8.8CVSS0.2AI score0.01048EPSS
Exploits2
wpexploit
wpexploit
•added 2022/11/21 12:0 a.m.•156 views

Welcart e-Commerce < 2.8.4 - Subscriber+ Arbitrary Shipping Method Creation/Update/Deletion

The plugin does not have authorisation and CSRF in an AJAX action, allowing any logged-in user to create, update and delete shipping methods. wpajaxshopoptionsajax hook calls shopoptionsajax function without nonce and without access control update shipping method name 0 shipping method id exploit...

6.5CVSS1.2AI score0.00329EPSS
Exploits2
wpexploit
wpexploit
•added 2022/11/21 12:0 a.m.•163 views

WP Memory < 2.46 - Subscriber+ Arbitrary Plugin Installation

The plugin does not have proper authorisation and CSRF in an AJAX action, allowing any authenticated users, such as subscriber to call it and install and activate arbitrary plugins from wordpress.org Run the below command in the developer console of the web browser while being on the blog as a...

6.5CVSS1AI score0.00327EPSS
Exploits2
wpexploit
wpexploit
•added 2022/11/21 12:0 a.m.•229 views

Booking Calendar < 3.2.2 - Unauthenticated Arbitrary File Upload

The plugin does not validate uploaded files, which could allow unauthenticated users to upload arbitrary files, such as PHP and achieve RCE 1. As an unauthenticated user, navigate to the main WordPress page 2. Extract a valid nonce from the page source CTRL+F for "var wpdevart =", field "ajaxNonc...

9.8CVSS0.2AI score0.04493EPSS
Exploits2
wpexploit
wpexploit
•added 2022/11/21 12:0 a.m.•159 views

AntiHacker < 4.20 - Subscriber+ Arbitrary Plugin Installation

The plugin does not have proper authorisation and CSRF in an AJAX action, allowing any authenticated users, such as subscriber to call it and install and activate arbitrary plugins from wordpress.org Run the below command in the developer console of the web browser while being on the blog as a...

6.5CVSS1.5AI score0.0034EPSS
Exploits2
wpexploit
wpexploit
•added 2022/11/21 12:0 a.m.•209 views

Welcart e-Commerce < 2.8.4 - Multiple Subscriber+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some parameters, which could allow any authenticated users, such as subscriber to perform Stored Cross-Site Scripting attacks add new payment method with XSS exploit: fetch'http://localhost/tester-wp/wp-admin/admin-ajax.php', method: 'POST', headers: new...

5.4CVSS0.00468EPSS
Exploits2
wpexploit
wpexploit
•added 2022/11/21 12:0 a.m.•187 views

All In One WP Security & Firewall < 5.0.8 - IP Spoofing

The plugin is susceptible to IP Spoofing attacks, which can lead to bypassed security features like IP blocks, rate limiting, brute force protection, and more. Set HTTPXREALIP or HTTPXFORWARDEDFOR used in getuseripaddress to bypass IP-based blocks...

5.3CVSS1AI score0.00576EPSS
Exploits2
Total number of security vulnerabilities4359