Lucene search
K
WpexploitRecent

4359 matches found

wpexploit
wpexploit
added 2022/10/10 12:0 a.m.87 views

JReviews <= 4.1.5 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting https://example.com/top-user-rated-listings?listview=2&q%22%3e%3cscript%3ealert1%3c%2fscript%3e=1...

0.9AI score
Exploits0References1
wpexploit
wpexploit
added 2022/10/10 12:0 a.m.105 views

Official Integration for Billingo < 3.4.0 - ShopManager+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users with a role as low as Shop Manager to perform Stored Cross-Site Scripting attacks. Put the following payload in the WooCommerce Settings Billingo E-mail Beállítások Gomb szöveg field in the table:...

4.8CVSS0.3AI score0.0047EPSS
Exploits2
wpexploit
wpexploit
added 2022/10/10 12:0 a.m.88 views

Rock Convert < 2.11.0 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup Go to the plugin's settings Popup tab, click on "C...

4.8CVSS0.1AI score0.0047EPSS
Exploits2
wpexploit
wpexploit
added 2022/10/10 12:0 a.m.128 views

Newspaper < 12 - Reflected Cross-Site Scripting

Description The theme does not sanitise a parameter before outputting it back in an HTML attribute via an AJAX action, leading to a Reflected Cross-Site Scripting Affected parameter: acts.tdatts.imagesize input type="hidden" name="atts"...

6.1CVSS6.1AI score0.00551EPSS
Exploits2
wpexploit
wpexploit
added 2022/10/10 12:0 a.m.200 views

Smart Slider 3 < 3.5.1.11 - PHP Object Injection

The plugin unserialises the content of an imported file, which could lead to PHP object injection issues when a user import intentionally or not a malicious file, and a suitable gadget chain is present on the site. To simulate a gadget chain, put the following code in a plugin class Evil public...

8.8CVSS0.4AI score0.01903EPSS
Exploits3
wpexploit
wpexploit
added 2022/10/10 12:0 a.m.94 views

PublishPress Capabilities < 2.5.2 - Admin+ PHP Objection Injection

The plugin unserializes the content of imported files, which could lead to PHP object injection attacks by administrators, on multisite WordPress configurations. Successful exploitation in this case requires other plugins with a suitable gadget chain to be present on the site. To simulate a gadge...

7.2CVSS0.4AI score0.01126EPSS
Exploits2
wpexploit
wpexploit
added 2022/10/10 12:0 a.m.88 views

WP Total Hacks <= 4.7.2 - Subscriber+ Arbitrary Options Update to Stored XSS

The plugin does not prevent low privilege users from modifying the plugin's settings. This could allow users such as subscribers to perform Stored Cross-Site Scripting attacks against other users, like administrators, due to the lack of sanitisation and escaping as well. Run the below command in...

5.4CVSS0.3AI score0.00411EPSS
Exploits2
wpexploit
wpexploit
added 2022/10/05 12:0 a.m.501 views

LearnPress < 4.1.7.2 - Unauthenticated PHP Object Injection via REST API

The plugin unserialises user input in a REST API endpoint available to unauthenticated users, which could lead to PHP Object Injection when a suitable gadget is present, leadint to remote code execution RCE. To successfully exploit this vulnerability attackers must have knowledge of the site...

8.1CVSS0.6AI score0.01786EPSS
Exploits2
wpexploit
wpexploit
added 2022/10/05 12:0 a.m.149 views

Create Block Theme < 1.2.2 - Unauthenticated Arbitrary File Upload

The plugin does not have authorisation and CSRF checks, as well as does not validate the file to be uploaded, which could allow unauthenticated attackers to upload arbitrary files to the server As unauthenticated user, open The file will be uploaded at...

0.6AI score
Exploits0References1
wpexploit
wpexploit
added 2022/10/03 12:0 a.m.537 views

Blog2Social < 6.9.10 - Subscriber+ SQLi

The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by any authenticated users, such as subscribers Run the script below in the web browser console while being logged in as a subscriber and on the Blog2Social...

8.8CVSS0.5AI score0.01049EPSS
Exploits2
wpexploit
wpexploit
added 2022/10/03 12:0 a.m.181 views

WP ALL Export Pro < 1.7.9 - Authenticated SQLi

The plugin uses the contents of the ccsql POST parameter directly as a database query, allowing users which has been given permission to run exports to execute arbitrary SQL statements, leading to a SQL Injection vulnerability. By default only users with the Administrator role can perform exports...

8.8CVSS0.00945EPSS
Exploits2
wpexploit
wpexploit
added 2022/10/03 12:0 a.m.579 views

Form Maker by 10Web < 1.15.6 - Admin+ SQLI

The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin Create/edit a form, go to the Settings MySQL Mapping i.e...

7.2CVSS0.5AI score0.01015EPSS
Exploits2
wpexploit
wpexploit
added 2022/10/03 12:0 a.m.106 views

Bricks Builder < 1.5.4 - Subscriber+ Remote Code Execution

The theme allows website editors to include executable code blocks in their website, which can contain arbitrary PHP code. By default, code execution is intended to be disabled, with website administrators having to explicitly allow code execution for specific user roles. However, due to improper...

8.8CVSS0.5AI score0.01556EPSS
Exploits1
wpexploit
wpexploit
added 2022/10/03 12:0 a.m.93 views

Bricks Builder < 1.5.4 - Subscriber+ Arbitrary Post/Page Edition

The theme does not have authorisation in an AJAX action, which could allow any authenticated users such as subscriber to call it and edit any page, post, or template on the blog 1. Start with a clean Wordpress install 2. Install Bricks builder v1.5.3 3. Enable registrations on the website 4...

6.5CVSS0.8AI score0.00618EPSS
Exploits1
wpexploit
wpexploit
added 2022/10/03 12:0 a.m.796 views

WP Super Cache < 1.9 - Unauthenticated Cache Poisoning

The plugin is affected by a cache poisoning issue curl 'https://example.com//?s=12333'...

2.6AI score
Exploits0
wpexploit
wpexploit
added 2022/10/03 12:0 a.m.415 views

Blog2Social < 6.9.10 - Subscriber+ SSRF

The plugin does not have authorisation in an AJAX action, and does not ensure that the URL to make a request to is an external one. As a result, any authenticated users, such as subscriber could perform SSRF attacks Run this script in the web browser console while being logged in as a subscriber...

6.5CVSS1.3AI score0.0066EPSS
Exploits2
wpexploit
wpexploit
added 2022/10/03 12:0 a.m.457 views

WP Humans.txt <= 1.0.6 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup Put the following payload in the Humans.txt texare...

4.8CVSS0.2AI score0.00583EPSS
Exploits2
wpexploit
wpexploit
added 2022/10/03 12:0 a.m.457 views

Retain Live Chat <= 0.1 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup Put the following payload in the Rtain App ID...

4.8CVSS0.3AI score0.00554EPSS
Exploits2
wpexploit
wpexploit
added 2022/10/03 12:0 a.m.578 views

Anti-Spam by CleanTalk < 5.185.1 - Admin+ SQLi

The plugin does not validate ids before using them in a SQL statement, which could lead to SQL injection exploitable by high privilege users such as admin When deleting a scan logs /edit-comments.php?page=ctcheckspamlogs, intercept the request and change the spamids parameter to...

7.2CVSS1AI score0.01015EPSS
Exploits2
wpexploit
wpexploit
added 2022/10/03 12:0 a.m.363 views

Post to CSV by BestWebSoft <= 1.4.0 - Author+ CSV Injection

The plugin does not properly escape fields when exporting data as CSV, leading to a CSV injection - create a post using =5+5 as the title - export the data as CSV /wp-admin/admin.php?page=post-to-csv.php - open the CSV with a spreadsheet application Excel, Libre Office - the CSV formula gets...

9.8CVSS0.4AI score0.01279EPSS
Exploits2
wpexploit
wpexploit
added 2022/10/03 12:0 a.m.145 views

WP ALL Export Pro < 1.7.9 - Authenticated Code Injection

The plugin does not limit some functionality during exports only to users with the Administrator role, allowing any logged in user which has been given privileges to perform exports to execute arbitrary code on the site. By default only administrators can run exports, but the privilege can be...

7.2CVSS0.7AI score0.01307EPSS
Exploits2
wpexploit
wpexploit
added 2022/10/03 12:0 a.m.478 views

Kadence WooCommerce Email Designer < 1.5.7 - Admin+ PHP Objection Injection

The plugin unserialises the content of an imported file, which could lead to PHP object injections issues when an admin import intentionally or not a malicious file and a suitable gadget chain is present on the blog. To simulate a gadget chain, put the following code in a plugin class Evil public...

7.2CVSS0.2AI score0.0115EPSS
Exploits2
wpexploit
wpexploit
added 2022/09/29 12:0 a.m.619 views

LBStopAttack < 1.1.3 - Arbitrary Settings Update via CSRF

The plugin does not use nonces when saving its settings, making it possible for attackers to conduct CSRF attacks. This could allow attackers to disable the plugin's protections. document.getElementById"test".submit;...

6.5CVSS1.1AI score0.00346EPSS
Exploits2
wpexploit
wpexploit
added 2022/09/29 12:0 a.m.424 views

Contact Bank <= 3.0.30 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its Form settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup Create/edit a form and put the following...

4.8CVSS0.1AI score0.00489EPSS
Exploits2
wpexploit
wpexploit
added 2022/09/29 12:0 a.m.628 views

AdminPad < 2.2 - Note Update via CSRF

The plugin does not have CSRF check when updating admin's note, allowing attackers to make a logged in admin update their notes via a CSRF attack Notes are displayed in the Dashboard /wp-admin/index.php...

6.5CVSS1.4AI score0.00337EPSS
Exploits2
wpexploit
wpexploit
added 2022/09/28 12:0 a.m.111 views

Easy Digital Downloads < 3.1.0.2 - Unauthenticated CSV Injection

The plugin does not validate data when its output in a CSV file, which could lead to CSV injection. - Submit an order using =5+5 as "first name" and empty "last name" the plugin allows that. - Export the data as CSV from Reports Export. - Open the CSV with a spreadsheet application Excel, Libre...

9.8CVSS1AI score0.01218EPSS
Exploits2
wpexploit
wpexploit
added 2022/09/27 12:0 a.m.609 views

3dady Real Time Web Stats <= 1.0 - Stored Cross-Site Scripting via CSRF

Description The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack. Furthermore, due to the lack of escaping, it could also lead to Stored Cross-Site Scripting issue Make a logged in admin open a...

6.4AI score
Exploits0References1
wpexploit
wpexploit
added 2022/09/27 12:0 a.m.63 views

Forym <= 1.5.8 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting On a blog having the plugin and the Search Forum Widget active, append the following parameter: ?s="...

0.2AI score
Exploits0References1
wpexploit
wpexploit
added 2022/09/26 12:0 a.m.125 views

Sabai Discuss < 1.4.14 - Reflected Cross Site Scripting

The plugin does not sanitise and escape some parameters before outputting them back in the page when number filters are enabled, leading to Reflected Cross-Site Scripting https://example.com/questions?category=77&filter=1&fieldnumbermin="...

0.7AI score
Exploits0References1
wpexploit
wpexploit
added 2022/09/26 12:0 a.m.618 views

miniOrange Discord Integration < 2.1.6 - Subscriber+ App Disabling

The plugin does not have authorisation and CSRF in some of its AJAX actions, allowing any logged in users, such as subscriber to call them, and disable the app for example Run the below command in the developer console of the web browser while being on the blog as any user, such as subscriber...

6.5CVSS1AI score0.00411EPSS
Exploits2
wpexploit
wpexploit
added 2022/09/26 12:0 a.m.589 views

Frontend File Manager < 21.4 - File Upload via CSRF

The plugin does not have CSRF check when uploading files, which could allow attackers to make logged in users upload files on their behalf The file won't show up via the frontend/backend, but will be uploaded in the user folder ie in wp-content/uploads/useruploads//payload.pdf...

4.3CVSS0.9AI score0.00267EPSS
Exploits2
wpexploit
wpexploit
added 2022/09/26 12:0 a.m.122 views

Meks Easy Social Share < 1.2.8 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup Intercept the request made when saving the setting...

4.8CVSS4.7AI score0.00532EPSS
Exploits2
wpexploit
wpexploit
added 2022/09/26 12:0 a.m.109 views

Drag and Drop Multiple File Upload < 1.3.6.5 - File Upload Size Limit Bypass

The plugin does not properly check for the upload size limit set in forms, taking the value from user input sent when submitting the form. As a result, attackers could control the file length limit and bypass the limit set by admins in the contact form. curl -X POST -F "sizelimit=10485760" -F...

4.3CVSS0.6AI score0.00543EPSS
Exploits2
wpexploit
wpexploit
added 2022/09/26 12:0 a.m.587 views

Frontend File Manager < 21.4 - Arbitrary Settings Update via CSRF

The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack. As the plugin does not validate the allowed file type, this could lead to attackers making admins allowing PHP file to be uploaded by any...

2.2AI score
Exploits0
wpexploit
wpexploit
added 2022/09/26 12:0 a.m.99 views

Tutor LMS < 2.0.10 - Admin+ Stored Cross-Site Scripting

The plugin does not escape some course parameters, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup Create/Edit a Course, add a new Topic and put the following...

4.8CVSS4.7AI score0.00573EPSS
Exploits2
wpexploit
wpexploit
added 2022/09/26 12:0 a.m.699 views

Helpful < 4.5.26 - Information Disclosure

The plugin puts the exported logs and feedbacks in a publicly accessible location and guessable names, which could allow attackers to download them and retrieve sensitive information such as IP, Names and Email Address depending on the plugin's settings After an admin export logs via...

5.3CVSS0.3AI score0.00769EPSS
Exploits2
wpexploit
wpexploit
added 2022/09/23 12:0 a.m.394 views

Popup Maker < 1.16.9 - Contributor+ Stored XSS via Subscription Form

The plugin does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks As a contributor, put the following shortcode in a post/page pumsubform namefieldtype="fullname" labelname="Name"...

5.4CVSS0.00534EPSS
Exploits2
wpexploit
wpexploit
added 2022/09/23 12:0 a.m.455 views

Popup Maker < 1.16.9 - Contributor+ Stored XSS via Shortcode

The plugin does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks As a user with the Contributor or above, create a new Popup in Popup Maker menu with "content" field containing...

5.4CVSS0.5AI score0.00562EPSS
Exploits2
wpexploit
wpexploit
added 2022/09/21 12:0 a.m.416 views

WP Custom Cursors < 3.0.1 - Arbitrary Cursor Deletion via CSRF

The plugin does not have CSRF check in place when deleting cursors, which could allow attackers to made a logged in admin delete arbitrary cursors via a CSRF attack. Make a logged in admin open a page with the following JS code: fetch'https://example.com/wp-admin/admin.php?page=wpcustomcursors',...

4.3CVSS1.4AI score0.00267EPSS
Exploits2
wpexploit
wpexploit
added 2022/09/21 12:0 a.m.444 views

WP Custom Cursors <= 3.0.1 - Admin+ SQLi

The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privileged users such as admin As admin, open...

7.2CVSS0.5AI score0.00921EPSS
Exploits2
wpexploit
wpexploit
added 2022/09/21 12:0 a.m.496 views

WP Custom Cursors < 3.0.1 - Stored Cross-Site Scripting via CSRF

The plugin does not have CSRF check in place when creating and editing cursors, which could allow attackers to made a logged in admin perform such actions via CSRF attacks. Furthermore, due to the lack of sanitisation and escaping in some of the cursor options, it could also lead to Stored...

6.1CVSS0.2AI score0.00251EPSS
Exploits2
wpexploit
wpexploit
added 2022/09/20 12:0 a.m.448 views

We’re Open! < 1.42 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup Put the following payload in the Settings We're Op...

4.8CVSS4.7AI score0.00496EPSS
Exploits2
wpexploit
wpexploit
added 2022/09/20 12:0 a.m.99 views

Import all XML, CSV & TXT into WordPress < 6.5.8 - Admin+ SQLi

The plugin does not properly sanitise and escape imported data before using them back SQL statements, leading to SQL injection exploitable by high privilege users such as admin With the additional https://wordpress.org/plugins/polylang/ plugin installed, import a CSV with the following payload in...

7.2CVSS7.3AI score0.00992EPSS
Exploits2
wpexploit
wpexploit
added 2022/09/20 12:0 a.m.531 views

Search Logger <= 0.9 - Admin+ SQLi

The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users ------------------------------------------------- Go to Search Logger Logs Select Delete ------------------------------------------------...

7.2CVSS0.7AI score0.00921EPSS
Exploits2
wpexploit
wpexploit
added 2022/09/19 12:0 a.m.135 views

Memberpress Downloads < 1.2.6 - Subscriber+ Arbitrary File Upload

The plugin does not properly check user capabilities in its file uploading AJAX endpoint, relying on WordPress nonces to do so. Unfortunately, the nonce can be leaked by any logged-in users, like subscribers. Since the Uploader library they use does not check file extensions at all, this may lead...

1.3AI score
Exploits0
wpexploit
wpexploit
added 2022/09/19 12:0 a.m.117 views

Social Rocket < 1.3.3 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup Logged in the backend of Wordpress as Administrato...

4.8CVSS4.7AI score0.0047EPSS
Exploits2
wpexploit
wpexploit
added 2022/09/19 12:0 a.m.98 views

Booster for WooCommerce - Subscriber+ Order Status Update

The plugins allow users to update their own order status via a settings defined by admins when the My Account module is enabled, however does not ensure that the status set is allowed. As a result, users could set arbitrary status to their own orders, making them paid without actually paying for...

0.4AI score
Exploits0
wpexploit
wpexploit
added 2022/09/19 12:0 a.m.142 views

Simple File List < 4.4.13 - Page Creation via CSRF

The plugin does not implement nonce checks, which could allow attackers to make a logged in admin create new page and change it's content via a CSRF attack...

6.5CVSS0.5AI score0.00338EPSS
Exploits2
wpexploit
wpexploit
added 2022/09/19 12:0 a.m.106 views

Download Monitor < 4.5.98 - Admin+ Arbitrary File Download

The plugin does not ensure that files to be downloaded are inside the blog folders, and not sensitive, allowing high privilege users such as admin to download the wp-config.php or /etc/passwd even in an hardened environment or multisite setup. Create a new download on:...

4.9CVSS0.8AI score0.00859EPSS
Exploits2
wpexploit
wpexploit
added 2022/09/19 12:0 a.m.104 views

Simple File List < 4.4.12 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup First Stored XSS - HTTP Request POST...

4.8CVSS0.0047EPSS
Exploits2
Total number of security vulnerabilities4359