Lucene search
K
WpexploitRecent

4359 matches found

wpexploit
wpexploit
added 2022/11/21 12:0 a.m.184 views

Car Dealer < 3.05 - Subscriber+ Arbitrary Plugin Installation

The plugin does not have proper authorisation and CSRF in an AJAX action, allowing any authenticated users, such as subscriber to call it and install and activate arbitrary plugins from wordpress.org Run the below command in the developer console of the web browser while being on the blog as a...

6.5CVSS1.1AI score0.00336EPSS
Exploits2
wpexploit
wpexploit
added 2022/11/21 12:0 a.m.190 views

Livemesh Addons for Elementor < 7.2.4 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. 1. Enter the setting page of this plugin. 2. In t...

4.8CVSS4.7AI score0.0047EPSS
Exploits2
wpexploit
wpexploit
added 2022/11/21 12:0 a.m.169 views

WooCommerce Shipping - DPD baltic < 1.2.57 - Subscriber+ Arbitrary Options Deletion

The plugin does not have authorisation and CSRF in an AJAX action, which could allow any authenticated users, such as subscriber to delete arbitrary options from the blog, which could make the blog unavailable. Run the below command in the developer console of the web browser while being on the...

8.1CVSS0.9AI score0.00424EPSS
Exploits2
wpexploit
wpexploit
added 2022/11/19 12:0 a.m.115 views

Quizlord <= 2.0 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. 1. Go to Quizlord » Add a quiz 2. In the input...

4.8CVSS0.3AI score0.00535EPSS
Exploits2
wpexploit
wpexploit
added 2022/11/17 12:0 a.m.140 views

Essential Real Estate < 3.9.6 - Reflected Cross-Site-Scripting

The plugin does not sanitize and escapes some parameters, which could allow users with a role as low as Admin to perform Cross-Site Scripting attacks. https://example.com/wp-admin/admin-ajax.php?action=erepropertygalleryfillterajax&columnsgap=%22%3E%3Cscript%3Ealert%22xss%22;%3C/script%3E%3C!--...

5.4CVSS2.7AI score0.00869EPSS
Exploits2
wpexploit
wpexploit
added 2022/11/17 12:0 a.m.136 views

Buddybadges <= 1.0.0 - Admin+ SQLi

The plugin does not sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users https://example.com/wp-admin/options-general.php?page=buddybadge&wpedit=b2f9b59706&edit=1+AND+SELECT+7741+FROM+SELECTSLEEP10hlAf...

7.2CVSS1.4AI score0.00964EPSS
Exploits2References1
wpexploit
wpexploit
added 2022/11/17 12:0 a.m.176 views

Flat PM < 3.0.13 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape some parameters before outputting them back in pages, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin v 3.0.13 the blockid needs to start with an existing block ID...

5.4CVSS0.3AI score0.00869EPSS
Exploits2
wpexploit
wpexploit
added 2022/11/17 12:0 a.m.111 views

WooSwipe WooCommerce Gallery <= 2.0.1 - Subscriber+ Settings Update

The plugin does not have any authorisation when updating its settings, which could allow any authenticated users, such as subscriber to update them POST /wp-admin/admin.php?page=wooswipe-options HTTP/1.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8...

8.8CVSS1.1AI score0.00631EPSS
Exploits1
wpexploit
wpexploit
added 2022/11/17 12:0 a.m.125 views

GetYourGuide Ticketing < 1.0.4 - Admin+ Stored XSS

The plugin does not sanitise and escape some parameters, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup 1. Navigate toward the GYG Ticketing and GYG Ticketing...

4.8CVSS0.9AI score0.00392EPSS
Exploits1
wpexploit
wpexploit
added 2022/11/16 12:0 a.m.94 views

WooCommerce Shipping - DPD baltic < 1.2.11 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. Put the following payload in the Name field of...

4.8CVSS4.7AI score0.0047EPSS
Exploits2
wpexploit
wpexploit
added 2022/11/16 12:0 a.m.162 views

Image Hover Effects < 5.5 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. Go to the plugin settings Image Hover Effects Ima...

4.8CVSS4.7AI score0.00532EPSS
Exploits2
wpexploit
wpexploit
added 2022/11/16 12:0 a.m.110 views

Donation Button <= 4.0.0 - Subscriber+ Broken Access Control leading to SMS Spam

The plugin does not properly check for privileges and nonce tokens in its "donationbuttontwiliosendtestsms" AJAX action, which may allow any users with an account on the affected site, like subscribers, to use the plugin's Twilio integration to send SMSes to arbitrary phone numbers. While logged...

4.3CVSS0.8AI score0.00486EPSS
Exploits2
wpexploit
wpexploit
added 2022/11/16 12:0 a.m.152 views

Easy Form Builder < 3.4.0 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. 1. Navigate to New Form » go to the Settings of t...

4.8CVSS4.7AI score0.00392EPSS
Exploits1
wpexploit
wpexploit
added 2022/11/16 12:0 a.m.110 views

Donation Button <= 4.0.0 - Contributor+ Stored XSS

The plugin does not sanitize and escapes some parameters, which could allow users with a role as low as Contributor to perform Cross-Site Scripting attacks. Put the following shortcode in a blog post: paypaldonationbutton align='center" onmouseover="alert1'...

5.4CVSS0.8AI score0.00534EPSS
Exploits2
wpexploit
wpexploit
added 2022/11/16 12:0 a.m.162 views

Directorist < 7.4.2.2 - Subscriber+ Arbitrary User Password Update via IDOR

The plugin suffers from an IDOR vulnerability which an attacker can exploit to change the password of arbitrary users instead of his own. The following Python script automates the exploitation of this vulnerability. The script was tested on an installation of WordPress 6.1 with the vulnerable...

6.5CVSS0.6AI score0.00606EPSS
Exploits2
wpexploit
wpexploit
added 2022/11/15 12:0 a.m.355 views

Helloprint < 1.4.7 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting Make a logged in admin open the following URL: https://example.com/wp-admin/admin.php?page=language-translate.php&success=added"alertXSS...

6.1CVSS6.2AI score0.00897EPSS
Exploits2
wpexploit
wpexploit
added 2022/11/14 12:0 a.m.621 views

Comic Book Management System < 2.2.0 - Admin+ SQLi

The plugin does not sanitize and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as Admin. https://example.com/wp-admin/admin.php?page=cbmsweeklypicksadmin&action=updatepicks&id=1+AND+SELECT+7741+FROM+SELECTSLEEP3hlAf POST...

7.2CVSS0.4AI score0.00964EPSS
Exploits2References1
wpexploit
wpexploit
added 2022/11/14 12:0 a.m.117 views

Advanced Import < 1.3.8 - Arbitrary Plugin Installation & Activation via CSRF

The plugin does not have CSRF check when installing and activating plugins, which could allow attackers to make a logged in admin install arbitrary plugins from WordPress.org, and activate arbitrary ones from the blog via CSRF attacks Make a logged in admin open a page containing the HTML code be...

6.5CVSS1.5AI score0.00356EPSS
Exploits2
wpexploit
wpexploit
added 2022/11/14 12:0 a.m.318 views

Chaty < 3.0.3 - Admin+ SQLi

The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as admin...

7.2CVSS1.4AI score0.00992EPSS
Exploits2
wpexploit
wpexploit
added 2022/11/14 12:0 a.m.155 views

Becustom < 1.0.5.3 - Settings Update via CSRF

The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

8.8CVSS0.4AI score0.00781EPSS
Exploits5References1
wpexploit
wpexploit
added 2022/11/12 12:0 a.m.102 views

Workreap - Freelance Marketplace and Directory < 2.6.3 - Subscriber+ Private Message Disclosure via IDOR

The theme has a vulnerability with the notifications feature as it's possible to read any user's notification employer or freelancer as the notification ID is brute-forceable. POST /testt/wp-admin/admin-ajax.php HTTP/2 Host: host Cookie: Content-Type: application/x-www-form-urlencoded;...

7.5CVSS1.2AI score0.00783EPSS
Exploits2
wpexploit
wpexploit
added 2022/11/11 12:0 a.m.120 views

Broken Link Checker < 1.11.20 - Admin+ Cross-Site Scripting

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup Put the following payload in the Youtube API Key...

4.8CVSS0.1AI score0.00506EPSS
Exploits2
wpexploit
wpexploit
added 2022/11/11 12:0 a.m.564 views

PostmagThemes Demo < 1.0.8 - Admin+ Arbitrary File Upload

The plugin does not validate the imported file, allowing high-privilege users such as admin to upload arbitrary files such as PHP leading to RCE. 1. Go to Appearance » Import Demo Data » Manual demo files upload » Run "Choose a JSON file for customizer import" and import a PHP file. 2. Click Impo...

7.2CVSS7.1AI score0.01042EPSS
Exploits2
wpexploit
wpexploit
added 2022/11/10 12:0 a.m.172 views

WP OAuth Server < 3.4.2 - Client Secret Regeneration via CSRF

The plugin does not have CSRF check when regenerating secrets, which could allow attackers to make logged in admins regenerate the secret of an arbitrary client given they know the client ID Make a logged in admin open a page containing the HTML code below. This will regenerate the secret for the...

6.5CVSS1.5AI score0.00326EPSS
Exploits2
wpexploit
wpexploit
added 2022/11/10 12:0 a.m.431 views

Uji Countdown <= 2.2 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. 1. In the settings of the plugin add the payload ...

4.8CVSS0.4AI score0.0047EPSS
Exploits2
wpexploit
wpexploit
added 2022/11/10 12:0 a.m.588 views

Clerk < 4.0.0 - Authentication Bypass and API Keys Disclosure

The plugin is affected by time-based attacks in the validation function for all API requests due to the usage of comparison operators to verify API keys against the ones stored in the site options. - Install the plugin and set the API creds to: - Key:...

7.5CVSS1.7AI score0.00881EPSS
Exploits2
wpexploit
wpexploit
added 2022/11/10 12:0 a.m.433 views

Advanced WP Columns <= 2.0.6 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. Put the following payload in the plugin setting i...

4.8CVSS0.3AI score0.00567EPSS
Exploits2
wpexploit
wpexploit
added 2022/11/10 12:0 a.m.446 views

Add Comments <= 1.0.1 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. POST /wp-admin/options-general.php?page=addCommen...

4.8CVSS0.2AI score0.00532EPSS
Exploits2
wpexploit
wpexploit
added 2022/11/10 12:0 a.m.447 views

WP Page Builder <= 1.2.8 - Admin+ Stored Cross-Site

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. Navigate to Setting » add the payload: ", into...

4.8CVSS0.2AI score0.0047EPSS
Exploits2
wpexploit
wpexploit
added 2022/11/09 12:0 a.m.563 views

WP CSV Exporter < 1.3.7 - Admin+ SQLi

The plugin does not properly sanitise and escape some parameters before using them in a SQL statement, allowing high privilege users such as admin to perform SQL injection attacks As an admin, go to Tools CSV Export, leave everything as default and click on Export POSTS CSV Intercept the request...

7.2CVSS0.8AI score0.0097EPSS
Exploits2
wpexploit
wpexploit
added 2022/11/09 12:0 a.m.386 views

Seed Social < 2.0.4 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. 1. Put the following payload in any of the plugin...

0.1AI score0.00497EPSS
Exploits2
wpexploit
wpexploit
added 2022/11/08 12:0 a.m.547 views

Theme-Demo-Importer < 1.1.1 - Admin+ Arbitrary File Upload

The plugin does not validate the imported file, allowing high-privilege users such as admin to upload arbitrary files such as PHP even when FILEMODS and FILEEDIT are disallowed. 1. Navigate to: Appearance Import Demo Content Theme Demo Importer Manually upload the demo files 2. Use the XML file...

0.2AI score0.012EPSS
Exploits2
wpexploit
wpexploit
added 2022/11/08 12:0 a.m.525 views

Form Vibes < 1.4.5 - Admin+ SQLi

The "deleteentries" function does not filter parameters from the request. This leads to an SQL Injection vulnerability. - Create a submission using the Contact From 7 plugin. - On the Form Vibes tab in the dashboard, click "submissions" and implement the delete function on an entry. - Intercept t...

0.5AI score0.00981EPSS
Exploits2
wpexploit
wpexploit
added 2022/11/08 12:0 a.m.445 views

WP OAuth Server < 4.2.2 - Admin+ Stored XSS

The plugin does not sanitize and escape Client IDs, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup Edit a client "OAuth Server Clients and put the following...

4.8CVSS0.1AI score0.00485EPSS
Exploits2
wpexploit
wpexploit
added 2022/11/08 12:0 a.m.612 views

3DPrint < 3.5.6.9 - Arbitrary File and Directory Deletion via CSRF

Description The plugin does not protect against CSRF attacks in the modified version of Tiny File Manager included with the plugin, allowing an attacker to craft a malicious request that will delete any number of files or directories on the target server by tricking a logged in admin into...

8.1CVSS8.1AI score0.00404EPSS
Exploits2
wpexploit
wpexploit
added 2022/11/07 12:0 a.m.142 views

HTML Forms < 1.3.25 - Admin+ SQLi

The plugin does not properly properly escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users Access the submission page on https://example.com/wp-admin/admin.php?page=html-forms&view=edit&formid=formID&tab=submissions Capture the...

7.2CVSS0.4AI score0.01786EPSS
Exploits2
wpexploit
wpexploit
added 2022/11/07 12:0 a.m.186 views

Checkout Field Editor for WooCommerce < 1.8.0 - Admin+ PHP Object Injection

The plugin unserialize user input provided via the settings, which could allow high privilege users such as admin to perform PHP Object Injection when a suitable gadget is present To simulate a gadget chain, put the following code in a plugin class Evil public function wakeup : void die"Arbitrary...

7.2CVSS1.1AI score0.01141EPSS
Exploits2
wpexploit
wpexploit
added 2022/11/07 12:0 a.m.158 views

WPSmartContracts < 1.3.12 - Author+ SQLi

The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as author Logon as an author and open the following URL, which will result in a delayed response...

8.8CVSS0.8AI score0.03663EPSS
Exploits2References1
wpexploit
wpexploit
added 2022/11/04 12:0 a.m.96 views

WP Admin UI Customize < 1.5.13 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. 1. Go to "WP Admin UI Customize" » "Login Form". ...

4.8CVSS4.7AI score0.00533EPSS
Exploits2
wpexploit
wpexploit
added 2022/11/04 12:0 a.m.126 views

Donations via PayPal < 1.9.9 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. 1. Click the 'Settings' button of this plugin. 2...

4.8CVSS0.3AI score0.00532EPSS
Exploits2
wpexploit
wpexploit
added 2022/11/03 12:0 a.m.85 views

Find and Replace All < 1.3 - Reflected Cross Site Scripting

The plugin does not sanitize and escape some parameters from its setting page before outputting them back to the user, leading to a Reflected Cross-Site Scripting issue...

6.1CVSS6.1AI score0.00486EPSS
Exploits2
wpexploit
wpexploit
added 2022/11/03 12:0 a.m.86 views

Fancier Author Box by ThematoSoup <= 1.4 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. 1. Open the setting page of this plugin. 2. There...

4.8CVSS4.7AI score0.00501EPSS
Exploits2
wpexploit
wpexploit
added 2022/11/03 12:0 a.m.90 views

Image Hover Effects Css3 <= 4.5 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. 1. Go to Hover Effects » Hover Effects » Add New...

4.8CVSS0.1AI score0.0047EPSS
Exploits2
wpexploit
wpexploit
added 2022/11/03 12:0 a.m.91 views

Analytics for WP <= 1.5.1 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. 1. In the Settings page of this plugin, in the bo...

4.8CVSS4.7AI score0.00519EPSS
Exploits2
wpexploit
wpexploit
added 2022/11/03 12:0 a.m.107 views

reCAPTCHA <= 1.6 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. 1. On the setting page of this plugin, enter the...

4.8CVSS0.6AI score0.00532EPSS
Exploits2
wpexploit
wpexploit
added 2022/11/03 12:0 a.m.89 views

Find and Replace All <= 1.3 - Arbitrary Replacement via CSRF

The plugin does not have CSRF check when replacing string, which could allow attackers to make a logged admin replace arbitrary string in database tables via a CSRF attack Make a logged in admin open a page with the below code...

4.3CVSS1AI score0.00267EPSS
Exploits2
wpexploit
wpexploit
added 2022/11/03 12:0 a.m.116 views

Showing URL in QR Code <= 0.0.1 - Stored XSS via CSRF

The plugin does not have CSRF check when updating its settings, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin or editor add Stored XSS payloads via a CSRF attack Make a logged in editor or admin open a page with the below payload...

6.1CVSS0.4AI score0.00268EPSS
Exploits2References1
wpexploit
wpexploit
added 2022/11/03 12:0 a.m.129 views

Beautiful Cookie Consent Banner < 2.9.1 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. The PoC will be displayed once the issue has been...

4.8CVSS0.6AI score0.00459EPSS
Exploits1
wpexploit
wpexploit
added 2022/11/02 12:0 a.m.87 views

Jeeng Push Notifications < 2.0.4 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup Put the following payload in the "Account ID"...

4.8CVSS4.7AI score0.00501EPSS
Exploits2
wpexploit
wpexploit
added 2022/11/02 12:0 a.m.87 views

Video Thumbnails <= 2.12.3 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. Put the following payload in the "Custom Field...

4.8CVSS0.1AI score0.00495EPSS
Exploits2
Total number of security vulnerabilities4359