Lucene search
K
WpexploitRecent

4359 matches found

wpexploit
wpexploit
•added 2022/11/02 12:0 a.m.•88 views

Salat Times < 3.2.2 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitize and escapes its settings, allowing high-privilege users such as admin to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. Put the following payload in any text field of Settings Salat Times: " Save, and the XSS will be...

4.8CVSS5AI score0.00501EPSS
Exploits2
wpexploit
wpexploit
•added 2022/11/02 12:0 a.m.•161 views

OWM Weather < 5.6.9 - Contributor+ SQLi

The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as contributor Logon as contributor and open the below URL, which will result in a delayed response If the "could not find original...

8.8CVSS0.7AI score0.01053EPSS
Exploits2References1
wpexploit
wpexploit
•added 2022/11/02 12:0 a.m.•312 views

Font Awesome 4 Menus <= 4.7.0 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. Put the following payload in the "A custom...

0.00524EPSS
Exploits2
wpexploit
wpexploit
•added 2022/10/31 12:0 a.m.•191 views

Popup Maker < 1.16.11 - Contributor+ Stored Cross Site Scripting

The plugin does not sanitise and escape some of its Popup options, which could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks, which could be used against admins Create a New popup Insert pop-up name, title, and body text. Add a new trigger with defau...

5.5CVSS0.2AI score0.00622EPSS
Exploits2
wpexploit
wpexploit
•added 2022/10/31 12:0 a.m.•101 views

Event Monster < 1.2.1 - Admin+ SQLi

The plugin does not validate and escape some parameters before using them in SQL statements, which could lead to SQL Injection exploitable by high privilege users...

7.2CVSS0.7AI score0.00962EPSS
Exploits2
wpexploit
wpexploit
•added 2022/10/31 12:0 a.m.•159 views

WP User Frontend < 3.5.29 - Obscure Registration as Admin

The plugin uses a user supplied argument called urhidden in its registration form, which contains the role for the account to be created with, encrypted via wpufencryption. This could allow an attacker having access to the AUTHKEY and AUTHSALT constant via an arbitrary file access issue for...

9.8CVSS0.4AI score0.00646EPSS
Exploits2
wpexploit
wpexploit
•added 2022/10/31 12:0 a.m.•408 views

Booster for WooCommerce - ShopManager+ Arbitrary File Download

The plugins do not validate files to download in some of its modules, which could allow ShopManager and Admin to download arbitrary files from the server even when they are not supposed to be able to for example in multisite Enable the "Checkout File Upload" module and open the following URL as a...

6.5CVSS6.5AI score0.00914EPSS
Exploits2
wpexploit
wpexploit
•added 2022/10/31 12:0 a.m.•413 views

Booster for WooCommerce - Checkout Files Deletion via CSRF

The plugins do not have CSRF check in place when deleting files uploaded at the checkout, allowing attackers to make a logged in shop manager or admin delete them via a CSRF attack Requirements: - Enable the "Checkout File Upload" module of the plugin...

8.1CVSS1AI score0.00371EPSS
Exploits2
wpexploit
wpexploit
•added 2022/10/31 12:0 a.m.•94 views

Event Monster < 1.2.0 - Visitors Deletion via CSRF

The plugin does not have CSRF check when deleting visitors, which could allow attackers to make logged in admin delete arbitrary visitors via a CSRF attack To delete the attendee/visitor with ID 1, make a logged in admin open a page with the HTML code below The statement deleting attendee is also...

4.3CVSS0.4AI score0.00274EPSS
Exploits2
wpexploit
wpexploit
•added 2022/10/29 12:0 a.m.•84 views

Evaluate <= 1.0 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitize and escapes some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example, in multisite setup. 1. Go to Settings Ā» Evaluate Ā» Add New. 2. Add...

4.8CVSS0.4AI score0.00501EPSS
Exploits2
wpexploit
wpexploit
•added 2022/10/28 12:0 a.m.•89 views

My wpdb < 2.5 - Arbitrary SQL Query via CSRF

The plugin is missing CSRF check when running SQL queries, which could allow attacker to make a logged in admin run arbitrary SQL query via a CSRF attack document.getElementById"test".submit;...

8.8CVSS1.2AI score0.00425EPSS
Exploits2
wpexploit
wpexploit
•added 2022/10/28 12:0 a.m.•89 views

Login Block IPs <= 1.0.0 - IP Spoofing Bypass

The function checkisloginpage uses headers for the IP check, which can be easily spoofed. Set HTTPCLIENTIP to bypass blocks / use allowed IP addresses...

7.5CVSS0.7AI score0.00664EPSS
Exploits2
wpexploit
wpexploit
•added 2022/10/28 12:0 a.m.•106 views

Spacer < 3.0.7 - Admin+ Stored XSS

The plugin does not sanitize and escapes some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example, in multisite setup. Add new Spacers and add payload "Gem to Setting...

4.8CVSS0.9AI score0.0047EPSS
Exploits2
wpexploit
wpexploit
•added 2022/10/28 12:0 a.m.•91 views

WP Best Quiz <= 1.0 - Author+ Stored XSS

The plugin does not sanitize and escape some parameters, which could allow users with a role as low as Author to perform Cross-Site Scripting attacks. 1. Go to Quiz Ā» Add Categories. 2. Inset a category with the payload as name: alert1. 3. The XSS will be trigged when accessing the Add Categories...

0.6AI score0.00677EPSS
Exploits2
wpexploit
wpexploit
•added 2022/10/27 12:0 a.m.•129 views

Contact Form 7 Database Addon < 1.2.6.5 - CSV Injection

The plugin does not validate data when output it back in a CSV file, which could lead to CSV injection Use a Contact Form 7 form and submit an Excel formula in the message field, such as "=5+5" without quotes. Export the entry as CSV using the plugin and import it into Excel...

9.8CVSS0.1AI score0.03617EPSS
Exploits2
wpexploit
wpexploit
•added 2022/10/27 12:0 a.m.•115 views

Zoho CRM Lead Magnet < 1.7.6.2 - Subscriber+ Arbitrary Options Update

The plugin does not have authorisation and CSRF in some AJAX actions, and does not ensure that the option to be updated belong to the plugin. As a result, any authenticated users, such as subscriber could update arbitrary blog options such as defaultrole and userscanregister. v response.text...

8.8CVSS0.2AI score0.02971EPSS
Exploits1
wpexploit
wpexploit
•added 2022/10/25 12:0 a.m.•140 views

Grid Kit Premium <= 1.8.53 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape some parameters before outputting them back in various pages, leading to Reflected Cross-Site Scripting https://example.com/wp-admin/admin.php?page=grid-kit&action=edit&id=...

0.8AI score
Exploits0
wpexploit
wpexploit
•added 2022/10/24 12:0 a.m.•612 views

tagDiv Composer < 3.5 - Unauthenticated Account Takeover

Description The plugin, required by the themes, does not properly implement the Facebook login feature, allowing unauthenticated attackers to login as any user by just knowing their email address Run the below command in the developer console of the web browser while being on the blog as an...

9.8CVSS9.7AI score0.03546EPSS
Exploits2
wpexploit
wpexploit
•added 2022/10/21 12:0 a.m.•99 views

OAuth Client by DigitialPixies <= 1.1.0 - CSRF

The plugin does not have CSRF checks in some places, which could allow attackers to make logged-in users perform unwanted actions. Make a logged in user visit a page with the following code fetch'https://example.com/wp-admin/admin-ajax.php', method: 'POST', headers: new Headers 'Content-Type':...

6.5CVSS1.9AI score0.0034EPSS
Exploits2
wpexploit
wpexploit
•added 2022/10/21 12:0 a.m.•99 views

Contact Form Entries < 1.3.0 - CSV Injection

The plugin does not validate data when its output in a CSV file, which could lead to CSV injection. - Submit a form using Contact Form 7, Ninja Forms, Elementor Forms or WP Forms using =5+5 as the value - Export the data as CSV /wp-admin/admin.php?page=vxcfleads - Open the CSV with a spreadsheet...

0.5AI score0.00428EPSS
Exploits2
wpexploit
wpexploit
•added 2022/10/21 12:0 a.m.•136 views

OAuth Client by DigitialPixies <= 1.1.0 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitize and escapes some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example, in multisite setup. Put the following payload in any of the plugin'...

4.8CVSS0.7AI score0.00501EPSS
Exploits2
wpexploit
wpexploit
•added 2022/10/19 12:0 a.m.•133 views

reSmush.it Image Optimizer < 0.4.7 - Multiple CSRF

The plugin does not perform CSRF checks for any of its AJAX actions, allowing an attackers to trick logged in users to perform various actions on their behalf on the site. input type="hidden" name="action" value="resmushit&...

6.5CVSS0.5AI score0.00326EPSS
Exploits2
wpexploit
wpexploit
•added 2022/10/19 12:0 a.m.•103 views

Webmaster Tools Verification <= 1.2 - Unauthenticated Arbitrary Plugin Deactivation

The plugin does not have authorisation and CSRF checks when disabling plugins, allowing unauthenticated users to disable arbitrary plugins curl -X POST --data "wmtvuninstall=1&wmtvuninstallconfirm=1&plugin=akismet/akismet.php" https://example.com...

6.5CVSS2.7AI score0.00349EPSS
Exploits2
wpexploit
wpexploit
•added 2022/10/19 12:0 a.m.•100 views

reSmush.it Image Optimizer < 0.4.4 - Subscriber+ AJAX Calls

The plugin lacks authorization in various AJAX actions, allowing any logged-in users, such as subscribers to call them. Examples of actions where low-privileged users can directly ask - https://example.com/wp-admin/admin-ajax.php?action=resmushitbulkgetimages -...

4.3CVSS2AI score0.00486EPSS
Exploits2
wpexploit
wpexploit
•added 2022/10/18 12:0 a.m.•94 views

WP Attachments < 5.0.5 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitize and escapes some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example, in multisite setup. Inject an XSS payload in the title by going to...

4.8CVSS4.9AI score0.00532EPSS
Exploits2
wpexploit
wpexploit
•added 2022/10/18 12:0 a.m.•168 views

ImageMagick-Engine < 1.7.6 - Command Injection via CSRF

The plugin is missing CSRF checks in multiple actions, which could allow attackers to make a logged in admin perform unwanted actions. In this case, it could lead to RCE via Command Injection https://example.com/wp-admin/admin-ajax.php?action=imetestimpath&clipath=payload...

4.4AI score0.01074EPSS
Exploits2References2
wpexploit
wpexploit
•added 2022/10/18 12:0 a.m.•108 views

Chat Bubble < 2.3 - Unauthenticated Stored Cross-Site Scripting

The plugin does not sanitise and escape some contact parameters, which could allow unauthenticated attackers to set Stored Cross-Site Scripting payloads in them, which will trigger when an admin view the related contact message Setup: - In the General Settings of the plugin, check the "Show Chat...

6.1CVSS0.1AI score0.00526EPSS
Exploits2
wpexploit
wpexploit
•added 2022/10/18 12:0 a.m.•87 views

Grid Kit Premium <= 1.8.53 - Reflected Cross-Site Scripting

The plugin does not escape generated URLs before outputting them back in attributes, leading to a Reflected Cross-Site Scripting. PS: The original advisory mentions the issue being in photo-gallery, however it is not the case. On a page where there is a gallery embed, append a'-alert/XSS///=1 e.g...

0.2AI score
Exploits0References1
wpexploit
wpexploit
•added 2022/10/17 12:0 a.m.•101 views

Role Based Pricing for WooCommerce < 1.6.3 - Subscriber+ PHAR Deserialization

The plugin does not have authorisation and proper CSRF checks, as well as does not validate path given via user input, allowing any authenticated users like subscriber to perform PHAR deserialization attacks when they can upload a file, and a suitable gadget chain is present on the blog As a...

8.8CVSS0.5AI score0.00511EPSS
Exploits2
wpexploit
wpexploit
•added 2022/10/17 12:0 a.m.•85 views

eCommerce Product Catalog Plugin for WordPress < 3.0.72 - Reflected XSS via AJAX

The plugin does not sanitise and escape a parameter before outputting it back in the response of an AJAX action available to any authenticated users, such as subscriber, leading to a Reflected Cross-Site Scripting Make a logged in user open a page containing the HTML code below alert/XSS/"...

6.8AI score
Exploits0
wpexploit
wpexploit
•added 2022/10/17 12:0 a.m.•701 views

Complianz (Free < 6.3.4, Premium < 6.3.6) - Translator SQLi

The plugins allow a translators to inject arbitrary SQL through an unsanitized translation. SQL can be injected through an infected translation file, or by a user with a translator role through translation plugins such as Loco Translate or WPML. 1. Install Complianz and set the following options ...

8.8CVSS8.9AI score0.01196EPSS
Exploits2
wpexploit
wpexploit
•added 2022/10/17 12:0 a.m.•84 views

WP Hide <= 0.0.2 - Unauthenticated Settings Update

The plugin does not have authorisation and CSRF checks in place when updating the customwpadminslug settings, allowing unauthenticated attackers to update it with a crafted request curl -X POST --data "customwpadminslug=attacker-value" https://example.com/wp-admin/admin-post.php Settings is...

5.3CVSS2AI score0.00346EPSS
Exploits2
wpexploit
wpexploit
•added 2022/10/17 12:0 a.m.•86 views

Role Based Pricing for WooCommerce < 1.6.2 - Subscriber+ Arbitrary File Upload

The plugin does not have authorisation and proper CSRF checks, and does not validate files to be uploaded, allowing any authenticated users like subscriber to upload arbitrary files, such as PHP As a subscriber, open the HTML code below while being logged in as a subscriber, then choose a file to...

8.8CVSS0.4AI score0.00498EPSS
Exploits2
wpexploit
wpexploit
•added 2022/10/17 12:0 a.m.•88 views

eCommerce Product Catalog Plugin for WordPress < 3.0.72 - Reflected XSS

The plugin does not sanitise and escape some parameter before outputting them back in attributes and JS code in admin dashboards, leading to Reflected Cross-Site Scripting Make a logged in admin open one of the URLs below...

0.4AI score
Exploits0
wpexploit
wpexploit
•added 2022/10/17 12:0 a.m.•109 views

WooCommerce Dropshipping < 4.4 - Unauthenticated SQLi

The plugin does not properly sanitise and escape a parameter before using it in a SQL statement via a REST endpoint available to unauthenticated users, leading to a SQL injection curl -isk -X 'POST' -H "Content-Type: application/json" --data '"sku":"a" AND SELECT 42 FROM SELECTSLEEP5wlHd-- pOeU"'...

9.8CVSS1.6AI score0.03686EPSS
Exploits2
wpexploit
wpexploit
•added 2022/10/17 12:0 a.m.•141 views

Product Stock Manager < 1.0.5 - Subscriber+ Unauthorised AJAX Calls

The plugin does not have authorisation and proper CSRF checks in multiple AJAX actions, allowing users with a role as low as subscriber to call them. One action in particular could allow to update arbitrary options To set the default role for new users to administrator, run the below command in t...

4.3CVSS0.7AI score0.00264EPSS
Exploits2
wpexploit
wpexploit
•added 2022/10/17 12:0 a.m.•105 views

FluentForm < 4.3.13 - CSV Injection

The plugin does not validate and escape fields when exporting form entries as CSV, leading to a CSV injection - As unauthenticated, submit a form using =5+5 as value in any field - As admin, export the data as CSV /wp-admin/admin.php?page=fluentforms&formid=1&route=entries - open the CSV with a...

9.8CVSS0.5AI score0.01231EPSS
Exploits2
wpexploit
wpexploit
•added 2022/10/17 12:0 a.m.•90 views

Easy Digital Downloads < 3.0 - Arbitrary Post Deletion via CSRF

The plugin does not have CSRF check in place when deleting payment history, and does not ensure that the post to be deleted is actually a payment history. As a result, attackers could make a logged in admin delete arbitrary post via a CSRF attack...

4.3CVSS2.6AI score0.00286EPSS
Exploits2
wpexploit
wpexploit
•added 2022/10/17 12:0 a.m.•99 views

Import and export users and customers < 1.20.5 - Subscriber+ CSV Injection

The plugin does not properly escape data when exporting it via CSV files. 1 Edit your subscriber account's nickname to: ;=1+3 2 As an administrator, export your users data via http://vulnerable-site.tld/wp-admin/tools.php?page=acui&tab=export, and open the resulting CSV file in Excel or equivalen...

8CVSS1.2AI score0.0099EPSS
Exploits2References1
wpexploit
wpexploit
•added 2022/10/14 12:0 a.m.•115 views

WP All Import < 3.6.9 - Admin+ Arbitrary File Upload to RCE

The plugin is not properly filtering which file extensions are allowed to be imported on the server, which could allow administrators in multi-site WordPress installations to upload arbitrary files 1 Create 'poc.zip' with 2 files like below 1-1 'exploit.php.txt' is as follows...

7.2CVSS0.9AI score0.01104EPSS
Exploits2
wpexploit
wpexploit
•added 2022/10/14 12:0 a.m.•114 views

WP All Import < 3.6.9 - Admin+ Directory traversal via file upload

The plugin is not validating the paths of files contained in uploaded zip archives, allowing highly privileged users, such as admins, to write arbitrary files to any part of the file system accessible by the web server via a path traversal vector. 1 Download 'poc.zip' via...

7.2CVSS0.7AI score0.03187EPSS
Exploits2
wpexploit
wpexploit
•added 2022/10/13 12:0 a.m.•92 views

Highlight FocusĀ <= 1.1 - Admin+ Stored Cross Site Scripting

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup Put the following payload in any of the plugins...

4.8CVSS0.2AI score0.00532EPSS
Exploits2
wpexploit
wpexploit
•added 2022/10/10 12:0 a.m.•597 views

Ocean Extra < 2.0.5 - Admin+ PHP Objection Injection

The plugin unserialises the content of an imported file, which could lead to PHP object injections issues when a high privilege user import intentionally or not a malicious Customizer Styling file and a suitable gadget chain is present on the blog. To simulate a gadget chain, put the following co...

7.2CVSS0.4AI score0.01126EPSS
Exploits2
wpexploit
wpexploit
•added 2022/10/10 12:0 a.m.•119 views

Easy WP SMTP < 1.5.0 - Admin+ PHP Objection Injection

The plugin unserialises the content of an imported file, which could lead to PHP object injection issue when an admin import intentionally or not a malicious file and a suitable gadget chain is present on the blog. To simulate a gadget chain, put the following code in a plugin class Evil public...

7.2CVSS0.1AI score0.01126EPSS
Exploits2
wpexploit
wpexploit
•added 2022/10/10 12:0 a.m.•118 views

eCommerce Product Catalog Plugin for WordPress < 3.0.71 - Reflected XSS

The plugin does not sanitise and escape an URL before outputting it back in an attribute of product category pages, leading to a Reflected Cross-Site Scripting https://example.com/products-category/cat/?productcategory=1&a%2522%253e%253cscript%253ealert%2528/XSS/%2529%253c%252fscript%253e=1...

0.6AI score
Exploits0References1
wpexploit
wpexploit
•added 2022/10/10 12:0 a.m.•106 views

AWP Classifieds Plugin < 4.3 - Unauthenticated SQLi

The plugin does not properly sanitise and escape some parameters before using them in a SQL statement via an AJAX action available to unauthenticated users and when a specific premium module is active, leading to a SQL injection To read the userlogin and userpass columns from the wpusers table:...

9.8CVSS2.8AI score0.05103EPSS
Exploits2
wpexploit
wpexploit
•added 2022/10/10 12:0 a.m.•465 views

Newspaper < 12 - Reflected Cross-Site Scripting

Description The theme does not sanitise a parameter before outputting it back in an HTML attribute via an AJAX action, leading to a Reflected Cross-Site Scripting. " / document.forms0.submit;...

6.1CVSS6.3AI score0.00969EPSS
Exploits2
wpexploit
wpexploit
•added 2022/10/10 12:0 a.m.•115 views

Envira Gallery Lite < 1.8.4.7 - Reflected Cross-Site Scripting

The plugin does not escape the $SERVER'REQUESTURI' parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers https://example.com/wp-admin/edit.php?posttype=envira&page=envira-gallery-lite-addons&"alert1...

6.1CVSS1.3AI score0.00593EPSS
Exploits3
wpexploit
wpexploit
•added 2022/10/10 12:0 a.m.•84 views

Rock Convert < 2.6.0 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape an URL before outputting it back in an attribute when a specific widget is present on a page, leading to a Reflected Cross-Site Scripting On a page where the "Capture box | Rock Convert" widget is present, append ?"alert/XSS/, e.g:...

6.1CVSS6.2AI score0.00486EPSS
Exploits2
wpexploit
wpexploit
•added 2022/10/10 12:0 a.m.•105 views

WP Contact Slider < 2.4.8 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitize and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. Create/edit a Contact slider and put the payload below in the "Text to display" option:...

4.8CVSS0.4AI score0.00532EPSS
Exploits2
Total number of security vulnerabilities4359