Lucene search
K
WpexploitRecent

4359 matches found

wpexploit
wpexploit
added 2022/09/19 12:0 a.m.113 views

reSmush.it Image Optimizer < 0.4.6 - Admin+ Cross-Site Scripting

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when unfilteredhtml is disallowed. POST /wp-admin/options.php HTTP/1.1 Accept:...

4.8CVSS1.1AI score0.00506EPSS
Exploits2
wpexploit
wpexploit
added 2022/09/19 12:0 a.m.93 views

Top Bar < 3.0.4 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its settings before outputting them in frontend pages, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup Put the...

4.8CVSS4.8AI score0.00506EPSS
Exploits2
wpexploit
wpexploit
added 2022/09/15 12:0 a.m.151 views

Advanced Comment Form < 1.2.1 - Admin+ Authenticated Stored XSS

The plugin does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. In the settings of the plugin, add the following payload to the text before the form:...

4.8CVSS0.5AI score0.0047EPSS
Exploits2
wpexploit
wpexploit
added 2022/09/15 12:0 a.m.113 views

TaskBuilder < 1.0.8 - Subscriber+ Stored XSS via SVG file upload

The plugin does not validate and sanitise task's attachments, which could allow any authenticated user such as subscriber creating a task to perform Stored Cross-Site Scripting by attaching a malicious SVG file Create a SVG with the following content: alertdocument.cookie; As any authenticated...

5.4CVSS5.2AI score0.00468EPSS
Exploits2
wpexploit
wpexploit
added 2022/09/14 12:0 a.m.338 views

Slider, Gallery, and Carousel by MetaSlider < 3.27.9 - Admin+ Stored Cross Site Scripting

The plugin does not sanitise and escape some of its Gallery Image parameters, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup Add an image to a Gallery via...

4.8CVSS0.0047EPSS
Exploits2
wpexploit
wpexploit
added 2022/09/14 12:0 a.m.171 views

Multiple Plugins from Viszt Peter - Multiple CSRF

The plugins are lacking CSRF checks in various AJAX actions, which could allow attackers to make logged in Shop Managers and above perform unwanted actions, such as deactivate the plugin's license With the woo-billingo-plus plugin installed, make a logged in user with the editshoporders capabilit...

8.8CVSS1.1AI score0.004EPSS
Exploits2
wpexploit
wpexploit
added 2022/09/14 12:0 a.m.722 views

Enable Media Replace < 4.0.0 - Admin+ Path Traversal

The plugin does not ensure that renamed files are moved to the Upload folder, which could allow high privilege users such as admin to move them outside to the web root directory via a path traversal attack for example When replacing the file, select "Replace the file, use new file name and update...

4.9CVSS0.9AI score0.00781EPSS
Exploits2
wpexploit
wpexploit
added 2022/09/13 12:0 a.m.237 views

Soledad < 8.2.5 - Reflected Cross-site Scripting

The theme does not sanitise the id,datafiltertype,... parameters in its pencimoreslistpostajax AJAX action, leading to a Reflected Cross-Site Scripting XSS vulnerability. A threat actor can collect the nonce value on the main webpage by searching for it on the ajaxvarmore call: var ajaxvarmore =...

6.1CVSS6AI score0.00486EPSS
Exploits2
wpexploit
wpexploit
added 2022/09/12 12:0 a.m.103 views

DSGVO All in one for WP < 4.2 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup Go the DSGVO AIO Settings Cookie Notice settings a...

4.8CVSS4.7AI score0.00548EPSS
Exploits2
wpexploit
wpexploit
added 2022/09/08 12:0 a.m.125 views

Zephyr Project Manager < 3.2.55 - Unauthorised AJAX Calls To Stored XSS

The plugin does not have any authorisation as well as CSRF in all its AJAX actions, allowing unauthenticated users to call them either directly or via CSRF attacks. Furthermore, due to the lack of sanitisation and escaping, it could also allow them to perform Stored Cross-Site Scripting attacks...

5.4CVSS0.3AI score0.00381EPSS
Exploits2
wpexploit
wpexploit
added 2022/09/07 12:0 a.m.419 views

Donation Thermometer < 2.1.3 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup Put the following payload in the Settings...

4.8CVSS0.1AI score0.00548EPSS
Exploits2
wpexploit
wpexploit
added 2022/09/07 12:0 a.m.451 views

Goolytics - Simple Google Analytics < 1.1.2 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. As admin, put the following payloads in Settings Goolytics Google Analytics ID field and save: "...

4.8CVSS0.8AI score0.00605EPSS
Exploits2
wpexploit
wpexploit
added 2022/09/07 12:0 a.m.512 views

Frontend File Manager < 21.3 - Unauthenticated File Renaming

The plugin allows any unauthenticated user to rename uploaded files from users. Furthermore, due to the lack of validation in the destination filename, this could allow allow them to change the content of arbitrary files on the web server curl -i -s -k -X 'POST' --data-binary...

5.3CVSS1.7AI score0.06199EPSS
Exploits2
wpexploit
wpexploit
added 2022/09/07 12:0 a.m.470 views

Frontend File Manager < 21.3 - Subscriber+ Arbitrary File Upload

The plugin allows any authenticated users, such as subscriber, to rename a file to an arbitrary extension, like PHP, which could allow them to basically be able to upload arbitrary files on the server and achieve RCE 1. Navigate to the page where ffmwp shortcode is included as Subscriber 2. Uploa...

8.8CVSS0.2AI score0.01113EPSS
Exploits2
wpexploit
wpexploit
added 2022/09/06 12:0 a.m.416 views

Ketchup Restaurant Reservations <= 1.0.0 - Unauthenticated Stored XSS

The plugin does not sanitise and escape some of the reservation user inputs, allowing unauthenticated attackers to perform Cross-Site Scripting attacks logged in admin viewing the malicious reservation made As unauthenticated, make a reservation ie on a page where the reservationform is embed and...

6.1CVSS0.3AI score0.83373EPSS
Exploits2
wpexploit
wpexploit
added 2022/09/06 12:0 a.m.481 views

Ketchup Restaurant Reservations <= 1.0.0 - Unauthenticated Blind SQLi

The plugin does not validate and escape some reservation parameters before using them in SQL statements, which could allow unauthenticated attackers to perform SQL Injection attacks As unauthenticated, fill the reservation form it's on a page where the reservationform is embed, intercept the...

9.8CVSS0.7AI score0.37709EPSS
Exploits2
wpexploit
wpexploit
added 2022/09/06 12:0 a.m.209 views

WP Socializer < 7.3 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its Icons settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup Activate the Share Icons feature of the...

4.8CVSS4.7AI score0.00591EPSS
Exploits2
wpexploit
wpexploit
added 2022/09/06 12:0 a.m.144 views

BackupBuddy < 8.7.5 - Unauthenticated Arbitrary File Access

The plugin is affected by a Directory Traversal attack, allowing unauthenticated attackers to access arbitrary files on the web server, starting in version 8.5.8.0. Install BackupBuddy v8.5.8.0 through v8.7.4.1. curl...

2.8AI score0.63761EPSS
Exploits2References1
wpexploit
wpexploit
added 2022/09/05 12:0 a.m.525 views

Slider Hero < 8.4.4 - Admin+ Stored Cross-Site Scripting

The plugin does not escape the slider Name, which could allow high-privileged users to perform Cross-Site Scripting attacks. Create or edit a Slide and put the following payload in the Name field: " onfocus=alert/XSS/ autofocus=" The XSS will be triggered when editing the slide again...

4.8CVSS0.5AI score0.00475EPSS
Exploits2
wpexploit
wpexploit
added 2022/09/05 12:0 a.m.646 views

OAuth client Single Sign On for WordPress < 3.0.4 - Unauthenticated Settings Update to Authentication Bypass

The plugin does not have authorisation and CSRF when updating its settings, which could allow unauthenticated attackers to update them and change the OAuth endpoints to ones they controls, allowing them to then be authenticated as admin if they know the correct email address POST / HTTP/1.1...

7.5CVSS1AI score0.00364EPSS
Exploits2
wpexploit
wpexploit
added 2022/09/05 12:0 a.m.484 views

NinjaForms < 3.6.13 - Admin+ PHP Objection Injection

The plugin unserialises the content of an imported file, which could lead to PHP object injections issues when an admin import intentionally or not a malicious file and a suitable gadget chain is present on the blog. To simulate a gadget chain, put the following code in a plugin class Evil public...

7.2CVSS0.3AI score0.0108EPSS
Exploits2
wpexploit
wpexploit
added 2022/09/05 12:0 a.m.447 views

WP Popup Builder < 1.3.0 - Subscriber+ Arbitrary Popup Deletion

The plugin does not have authorisation and CSRF check in an AJAX action, allowing any authenticated users, such as subscribers to delete arbitrary Popup fetch'/wordpress/wp-admin/admin-ajax.php?action=deletepopup', method: 'POST',headers:"content-type":"application/x-www-form-urlencoded", body:...

4.3CVSS2.4AI score0.00262EPSS
Exploits2
wpexploit
wpexploit
added 2022/09/05 12:0 a.m.705 views

Post SMTP < 2.1.7 - Admin+ Blind SSRF

The plugin does not have proper authorisation in some AJAX actions, which could allow high privilege users such as admin to perform blind SSRF on multisite installations for example. Navigate to https://example.com/wp-admin/admin.php?page=postman%2Fporttest Inside "Outgoing Mail Server Hostname"...

7.2CVSS1.2AI score0.01028EPSS
Exploits2
wpexploit
wpexploit
added 2022/09/05 12:0 a.m.672 views

CM Download Manager < 2.8.6 - Admin+ Arbitrary File Upload

The plugin allows high privilege users such as admin to upload arbitrary files by setting the any extension via the plugin's setting, which could be used by admins of multisite blog to upload PHP files for example. Activate PHP extension: - Log in and go to "CM Downloads" "Settings" "General". -...

7.2CVSS0.3AI score0.01054EPSS
Exploits2
wpexploit
wpexploit
added 2022/09/05 12:0 a.m.107 views

Scripts Organizer < 3.0 - Unauthenticated Arbitrary File Upload

The plugin does not have capability and CSRF checks in the saveScript AJAX action, available to both unauthenticated and authenticated users, and does not validate user input in any way, which could allow unauthenticated users to put arbitrary PHP code in a file POST /wp-admin/admin-ajax.php...

8.8CVSS1.1AI score0.00457EPSS
Exploits2References1
wpexploit
wpexploit
added 2022/09/05 12:0 a.m.778 views

Download Manager < 3.2.55 - Admin+ Arbitrary File/Folder Access via Path Traversal

The plugin does not validate one of its settings, which could allow high privilege users such as admin to list and read arbitrary files and folders outside of the blog directory 1. Navigate to settings page /wp-admin/edit.php?posttype=wpdmpro&page=settings 2. In the “File Browser Root:” setting,...

4.9CVSS0.5AI score0.01315EPSS
Exploits2
wpexploit
wpexploit
added 2022/09/05 12:0 a.m.461 views

SEO Smart Links <= 3.0.1 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup Put the following payload in the "Whitelisted...

4.8CVSS4.7AI score0.00532EPSS
Exploits2
wpexploit
wpexploit
added 2022/09/05 12:0 a.m.437 views

Ldap WP Login / Active Directory Integration < 3.0.2 - Reflected Cross-Site Scripting

The plugin does not escape generated URLs before outputing them in attrubutes, leading to Reflected Cross-Site Scripting Make a logged in admin open https://example.com/wp-admin/admin.php?page=LDAP+authentication+intergrating+with+AD&a"alert/XSS/...

0.5AI score
Exploits0
wpexploit
wpexploit
added 2022/09/05 12:0 a.m.632 views

Login Block IPs <= 1.0.0 - Arbitrary Setting Update via CSRF

The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack Make a logged in admin open a page containing the HTML code below input type="text" name="ip11" value="...

4.3CVSS1.2AI score0.00267EPSS
Exploits2
wpexploit
wpexploit
added 2022/09/05 12:0 a.m.480 views

Ldap WP Login / Active Directory Integration < 3.0.2 - Unauthenticated Settings Update to Auth Bypass

The plugin does not have any authorisation and CSRF checks when updating it's settings which are hooked to the init action, allowing unauthenticated attackers to update them. Attackers could set their own LDAP server to be used to authenticated users, therefore bypassing the current authenticatio...

7.5CVSS1.2AI score0.00386EPSS
Exploits2
wpexploit
wpexploit
added 2022/09/05 12:0 a.m.436 views

WP Popup Builder < 1.2.9 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting The custom-popup parameter needs to be the ID of an existing popup https://example.com/wp-admin/admin.php?page=wppb&pos-name=xxx"alert%2FXSS%2F%3B&custom-popup=1...

6.1CVSS0.1AI score0.00492EPSS
Exploits2
wpexploit
wpexploit
added 2022/08/31 12:0 a.m.623 views

Simple Bitcoin Faucets <= 1.7.0 - Unauthorised AJAX Call to Stored XSS

The plugin does not have any authorisation and CSRF in an AJAX action, allowing any authenticated users, such as subscribers to call it and add/delete/edit Bonds. Furthermore, due to the lack of sanitisation and escaping, it could also lead to Stored Cross-Site Scripting issues Open a page...

5.4CVSS0.00231EPSS
Exploits2
wpexploit
wpexploit
added 2022/08/31 12:0 a.m.644 views

Bitcoin / Altcoin Faucet <= 1.6.0 - Settings Update to Stored XSS via CSRF

The plugin does not have any CSRF check when saving its settings, allowing attacker to make a logged in admin change them via a CSRF attack. Furthermore, due to the lack of sanitisation and escaping, it could also lead to Stored Cross-Site Scripting issues Make a logged in admin open a page...

5.4CVSS0.3AI score0.00244EPSS
Exploits2
wpexploit
wpexploit
added 2022/08/31 12:0 a.m.620 views

Generate PDF using Contact Form 7 < 3.6 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. 1 - Install and activate "Generate PDF using Contact Form 7 Version 3.5" 2 - Click on "Contact - Add new...

4.8CVSS0.5AI score0.00538EPSS
Exploits2
wpexploit
wpexploit
added 2022/08/31 12:0 a.m.418 views

Wordlift < 3.37.2 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. - Go to publisher and select Create a New Publisher - Add publisher name " - Click on Save Changes - Now...

4.8CVSS0.9AI score0.0047EPSS
Exploits2
wpexploit
wpexploit
added 2022/08/31 12:0 a.m.656 views

Restricted Site Access < 7.3.2 - Access Bypass via IP Spoofing

The plugin prioritizes getting a visitor's IP from certain HTTP headers over PHP's REMOTEADDR, which makes it possible to bypass IP-based limitations in certain situations. Set HTTPCFCONNECTINGIP or any of the other headers in getclientipaddress to spoof the IP address...

5.3CVSS2.1AI score0.00583EPSS
Exploits2
wpexploit
wpexploit
added 2022/08/30 12:0 a.m.473 views

Simple File List < 4.4.12 - Reflected Cross-Site Scripting

The plugin does not escape parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting https://example.com/wp-admin/admin.php?page=ee-simple-file-list&tab="style=animation-name:rotation+onanimationstart=alert/XSS///...

6.1CVSS1.5AI score0.44095EPSS
Exploits2
wpexploit
wpexploit
added 2022/08/29 12:0 a.m.133 views

Visual Composer Website Builder < 45.0.1 - Authenticated Stored XSS via Title

The plugin does not sanitise and escape post/page Title, which could allow users with access to the plugin's editor to perform Cross-Site Scripting attacks Create a post using the plugin editor and add the following payload in the Title: " The XSS will be triggered when editing the post again...

6.4CVSS0.8AI score0.00489EPSS
Exploits1
wpexploit
wpexploit
added 2022/08/29 12:0 a.m.482 views

Gettext override translations < 2.0.0 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup Create/edit a translation and put the following...

4.8CVSS0.0056EPSS
Exploits2
wpexploit
wpexploit
added 2022/08/29 12:0 a.m.637 views

Zephyr Project Manager < 3.2.5 - Multiple Unauthenticated SQLi

The plugin does not sanitise and escape various parameters before using them in SQL statements via various AJAX actions available to both unauthenticated and authenticated users, leading to SQL injections POST /wp-admin/admin-ajax.php HTTP/1.1 Accept:...

9.8CVSS1.6AI score0.09675EPSS
Exploits5
wpexploit
wpexploit
added 2022/08/29 12:0 a.m.510 views

Slickr Flickr <= 2.8.1 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. Open the plugin and intercept the request using burpsuite. Give the below payload in the parameter...

4.8CVSS0.4AI score0.00494EPSS
Exploits2
wpexploit
wpexploit
added 2022/08/29 12:0 a.m.171 views

Visual Composer Website Builder < 45.0.1 - Authenticated Stored XSS via Text Block

The plugin does not sanitise and escape its Text Block fields, which could allow users with access to the plugin's editor to perform Cross-Site Scripting attacks Create a post using the plugin editor, add a Text Block and put the following payload in its content: The XSS will be triggered when...

6.4CVSS5.4AI score0.00489EPSS
Exploits1
wpexploit
wpexploit
added 2022/08/29 12:0 a.m.506 views

Zephyr Project Manager < 3.2.5 - Unauthorised REST Calls to Stored XSS

The plugin does not have proper authorisation even when the Require Authorisation for REST API Requests is enabled in all its REST endpoints, allowing unauthenticated users to call them either directly. Furthermore, due to the lack of sanitisation and escaping, it could also allow them to perform...

0.7AI score
Exploits0
wpexploit
wpexploit
added 2022/08/29 12:0 a.m.658 views

Site Offline < 1.5.3 - Access Bypass

The plugin prevents users from accessing a website but does not do so if the URL contained certain keywords. Adding those keywords to the URL's query string would bypass the plugin's main feature. https://example.com/?admin...

4.3CVSS2.2AI score0.01299EPSS
Exploits2
wpexploit
wpexploit
added 2022/08/29 12:0 a.m.534 views

Form Builder CP < 1.2.32 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its form settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup Create/edit a form and put the following...

4.8CVSS0.1AI score0.005EPSS
Exploits2
wpexploit
wpexploit
added 2022/08/29 12:0 a.m.468 views

Zephyr Project Manager < 3.2.5 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape a parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting https://example.com/wp-admin/admin.php?page=zephyrprojectmanagerprojects&projectspage=--...

1.1AI score
Exploits0
wpexploit
wpexploit
added 2022/08/25 12:0 a.m.757 views

Alphabetic Pagination < 3.0.8 - Unauthenticated Arbitrary Option Update

The plugin does not have any proper authorisation in place when updating some settings via a REST endpoint, and does not ensure that the options to be updated belong to the plugin. As a result, unauthenticated attackers could update arbitrary option from the blog and allow registration with a...

3.3AI score
Exploits0
wpexploit
wpexploit
added 2022/08/24 12:0 a.m.818 views

Ajax Load More < 5.5.4.1 - Admin+ Arbitrary File Read

The plugin does not properly validates paths generated with user input in the almrepeatersexport function, which could allow high privilege users to read arbitrary files form the server even when they should not be able to have access to any, for example in multisite setup This is due to an...

0.3AI score0.01279EPSS
Exploits2
wpexploit
wpexploit
added 2022/08/23 12:0 a.m.561 views

Float to Top Button <= 2.3.6 - Admin+ Stored Cross-Site Scripting

The plugin does not escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup Put the following payload in the "Text for the button" or "URL ...

4.8CVSS4.8AI score0.00494EPSS
Exploits2
wpexploit
wpexploit
added 2022/08/23 12:0 a.m.508 views

Scroll To Top < 1.4.1 - Admin+ Stored Cross-Site Scripting

The plugin does not escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup Put the following payload in the "Text" settings of the plugin...

4.8CVSS0.3AI score0.005EPSS
Exploits2
Total number of security vulnerabilities4359