Lucene search
K
WpexploitRecent

4359 matches found

wpexploit
wpexploit
•added 2022/08/23 12:0 a.m.•914 views

All-in-One WP Migration < 7.63 - Unauthenticated Reflected XSS

The plugin uses the wrong content type for, and does not properly escape the response from the ai1wmexport action, allowing an attacker to craft a request that when submitted by any visitor will inject arbitrary html or javascript into the response that will be executed in the victims session. "...

0.01204EPSS
Exploits3
wpexploit
wpexploit
•added 2022/08/23 12:0 a.m.•749 views

WordPress Ping Optimizer < 2.35.1.3.0 - Arbitrary Settings Update via CSRF

The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack http://evil.com aaaa bbbb document.getElementById"test".submit;...

4.3CVSS1.7AI score0.00284EPSS
Exploits2
wpexploit
wpexploit
•added 2022/08/23 12:0 a.m.•696 views

BadgeOS < 3.7.1.3 - Subscriber+ SQLi

The plugin does not sanitise and escape parameters before using them in SQL statements via AJAX actions available to any authenticated users, leading to SQL Injections Open the following URL as any authenticated user such as subscriber:...

8.8CVSS0.8AI score0.00994EPSS
Exploits2
wpexploit
wpexploit
•added 2022/08/22 12:0 a.m.•828 views

Login No Captcha reCAPTCHA < 1.7 - IP Check Bypass

The plugin doesn't check the proper IP address allowing attackers to spoof IP addresses on the allow list and bypass the need for captcha on the login screen. Set HTTPCLIENTIP, HTTPXFORWARDEDFOR or any other header in LoginNoCaptcha::getipaddress which is then checked against the whitelist and...

4.3CVSS0.6AI score0.0057EPSS
Exploits2
wpexploit
wpexploit
•added 2022/08/22 12:0 a.m.•167 views

Tutor LMS < 2.0.9 - Reflected Cross-Site Scripting

The plugin does not escape an URL before outputting it back in an attribute, leading to Reflected Cross-Site Scripting The issue was initially fixed in 1.9.13 but re-introduced in 2.0.0 https://example.com/wp-admin/post.php?post=1369&action=edit&settingstab=general&a'alert/XSS/...

0.4AI score
Exploits0
wpexploit
wpexploit
•added 2022/08/22 12:0 a.m.•513 views

WP Taxonomy Import <= 1.0.4 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting alert/XSS/" /...

6.1CVSS6.2AI score0.00491EPSS
Exploits2
wpexploit
wpexploit
•added 2022/08/22 12:0 a.m.•270 views

WP Hotel Booking < 2.0.1 - Unauthenticated Arbitrary Settings Update

The plugin does not have authorisation and CSRF checks in place when updating its settings, which could allow unauthenticated attackers to change them. All settings are affected, example, to change the Thousands Separator one, run the below command in the developer console of the web browser whil...

0.4AI score
Exploits0
wpexploit
wpexploit
•added 2022/08/22 12:0 a.m.•591 views

WBW Currency Switcher for WooCommerce < 1.6.6 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup In the plugin's settings WooCommerce Settings...

4.8CVSS4.7AI score0.00475EPSS
Exploits2
wpexploit
wpexploit
•added 2022/08/22 12:0 a.m.•187 views

Post SMTP < 2.1.4 - Admin+ Stored Cross-Site Scripting

The plugin does not escape some of its settings before outputting them in the admins dashboard, allowing high privilege users to perform Cross-Site Scripting attacks against other users even when the unfilteredhtml capability is disallowed. Put the following payload in the Post SMTP Settings...

4.8CVSS4.8AI score0.00538EPSS
Exploits2
wpexploit
wpexploit
•added 2022/08/22 12:0 a.m.•514 views

WP Server Health Stats < 1.7.0 - Admin+ Stored Cross-Site Scripting

The plugin does not escape some of its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. As admin, put the following payload in the "Provide your IP-API Pro key", "Memcached Server Host", "Set the realti...

4.8CVSS0.1AI score0.00538EPSS
Exploits2
wpexploit
wpexploit
•added 2022/08/22 12:0 a.m.•181 views

Classified Listing Pro < 2.0.20 - Reflected Cross-Site Scripting

The plugin does not escape a generated URL before outputting it back in an attribute in an admin page, leading to a Reflected Cross-Site Scripting https://example.com/all-ads/?"alert/XSS/ https://example.com/all-properties/?"alert/XSS/...

6.1CVSS0.9AI score0.00557EPSS
Exploits2
wpexploit
wpexploit
•added 2022/08/22 12:0 a.m.•587 views

Classima < 2.1.11 - Reflected Cross-Site Scripting

The theme and some of its required plugins do not escape a parameter before outputting it back in attributes, leading to Reflected Cross-Site Scripting https://example.com/all-ads/?q="+onmouseover%3Dalert%281%29+id%3Dx+tabindex%3D0+style%3Ddisplay%3Ablock The XSS will be triggered when the user...

6.1CVSS0.6AI score0.00491EPSS
Exploits2
wpexploit
wpexploit
•added 2022/08/19 12:0 a.m.•745 views

Calendar Event Multi View < 1.4.07 - Unauthenticated Arbitrary Event Deletion

The plugin does not have any authorisation and CSRF checks in place when deleting events which could allow unauthenticated attackers to delete arbitrary events As an unauthenticated user, open the code below, this will delete the event with ID 4 from the calendar with ID 1...

1.2AI score
Exploits0
wpexploit
wpexploit
•added 2022/08/19 12:0 a.m.•125 views

Craw Data <= 1.0.0 - Server Side Request Forgery

The plugin does not implement nonce checks, which could allow attackers to make a logged in admin change the url value performing unwanted crawls on third-party sites SSRF. When configuring the CrawData addon, the request is as follows GET...

4.3CVSS0.3AI score0.00552EPSS
Exploits2
wpexploit
wpexploit
•added 2022/08/17 12:0 a.m.•705 views

Titan Anti-spam & Security < 7.3.1 - Protection Bypass due to IP Spoofing

The plugin does not properly checks HTTP headers in order to validate the origin IP address, allowing threat actors to bypass it's block feature by spoofing the headers. The function wantispampgetip is vulnerable to IP spoofing because of the general usage of $SERVER'HTTPXFORWARDEDFOR' curl -i -H...

5.3CVSS0.7AI score0.00615EPSS
Exploits2
wpexploit
wpexploit
•added 2022/08/17 12:0 a.m.•497 views

WP STAGING < 2.9.18 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup With the web browser inspector, change the input...

4.8CVSS4.7AI score0.00538EPSS
Exploits2
wpexploit
wpexploit
•added 2022/08/17 12:0 a.m.•502 views

Mobile Events Manager < 1.4.8 - Admin+ CSV Injection

The plugin does not properly escape the Enquiry source field when exporting events, or the Paid for field when exporting transactions as CSV, leading to a CSV injection vulnerability. Export events with malicious CSV: 1. Create and save a new Enquiry source and add the following in the name field...

8.8CVSS0.5AI score0.00977EPSS
Exploits2
wpexploit
wpexploit
•added 2022/08/16 12:0 a.m.•648 views

Calendar Event Multi View < 1.4.07 - Unauthenticated Arbitrary Event Creation to Stored XSS

The plugin does not have any authorisation and CSRF checks in place when creating an event, and is also lacking sanitisation as well as escaping in some of the event fields. This could allow unauthenticated attackers to create arbitrary events and put Cross-Site Scripting payloads in it. As an...

4.3CVSS4.6AI score0.02179EPSS
Exploits5
wpexploit
wpexploit
•added 2022/08/16 12:0 a.m.•509 views

Affiliates Manager < 2.9.14 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape parameters before outputting them back in pages, which could lead to Reflected Cross-Site Scripting GET /wp-admin/admin.php?page=wpam-settings&b=" HTTP/1.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8...

1.5AI score
Exploits0
wpexploit
wpexploit
•added 2022/08/16 12:0 a.m.•583 views

Affiliates Manager < 2.9.14 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. Put the following payload in the "Currency Symbol" settings of the plugin and save: " Other settings...

4.8CVSS0.8AI score0.00538EPSS
Exploits2
wpexploit
wpexploit
•added 2022/08/16 12:0 a.m.•503 views

Affiliates Manager < 2.9.14 - Arbitrary Affiliates & Creatives Deletion via CSRF

The plugin does not have CSRF checks when deleting affiliates and creatives, which could allow attackers to make a logged in admin perform such actions via CSRF attacks Make a logged in admin open - https://example.com/wp-admin/admin.php?page=wpam-affiliates&deleteaid=2 -...

3AI score
Exploits0
wpexploit
wpexploit
•added 2022/08/16 12:0 a.m.•657 views

Affiliates Manager < 2.9.14 - Affiliate CSV Injection

The plugin does not validate and sanitise the affiliate data, which could allow users registering as affiliate to perform CSV injection attacks against an admin exporting the data Register as an affiliate and put the following payload in the Firstname, Lastname or Company fields: =10+2+30 As admi...

8CVSS1.6AI score0.0095EPSS
Exploits2
wpexploit
wpexploit
•added 2022/08/15 12:0 a.m.•186 views

Fast Flow < 1.2.12 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape some parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting ' https://example.com/wp-admin/admin.php?page=fast-flow&p="...

1.2AI score
Exploits0
wpexploit
wpexploit
•added 2022/08/15 12:0 a.m.•227 views

Multivendor Marketplace Solution for WooCommerce < 3.8.12 - Unauthorised AJAX Calls

The plugin is lacking authorisation and CSRF in multiple AJAX actions, which could allow any authenticated users, such as subscriber to call them and suspend vendors reporter by the submitter or update arbitrary order status identified by WPScan when verifying the issue for example. Other...

4.3CVSS0.8AI score0.00275EPSS
Exploits2
wpexploit
wpexploit
•added 2022/08/15 12:0 a.m.•231 views

Visual Portfolio < 2.19.0 - Contributor+ CSS Injection

The plugin does not have proper authorisation checks in some of its REST endpoints, allowing users with a role as low as contributor to call them and inject arbitrary CSS in arbitrary saved layouts The postid is the ID of a saved layout As a contributor, get a REST nonce via...

5.4CVSS5.5AI score0.00432EPSS
Exploits2
wpexploit
wpexploit
•added 2022/08/15 12:0 a.m.•211 views

Visual Portfolio < 2.18.0 - Unauthenticated CSS Injection

The plugin does not have proper authorisation checks in some of its REST endpoints, allowing unauthenticated users to call them and inject arbitrary CSS in arbitrary saved layouts The postid is the ID of a saved layout...

6.1CVSS1.9AI score0.00496EPSS
Exploits2
wpexploit
wpexploit
•added 2022/08/15 12:0 a.m.•236 views

WP Database Backup < 5.9 - Admin+ Stored Cross-Site Scripting

The plugin does not escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfilteredhtml capability is disallowed for example in multisite setup Put the following payload in any of the Destination FTP Settings: "...

4.8CVSS0.2AI score0.00419EPSS
Exploits1
wpexploit
wpexploit
•added 2022/08/15 12:0 a.m.•185 views

Multivendor Marketplace Solution for WooCommerce < 3.8.12 - Unauthenticated LFI

The plugin does not validate and sanitise a parameter before using it to include a file via an AJAX action available to both unauthenticated and authenticated users, which could lead to Local File Inclusion POST /wp-admin/admin-ajax.php HTTP/1.1 Accept:...

2.4AI score
Exploits0
wpexploit
wpexploit
•added 2022/08/15 12:0 a.m.•162 views

Multivendor Marketplace Solution for WooCommerce < 3.8.12 - Multiple Reflected Cross-Site Scripting

The plugin does not sanitise and escape numerous parameters before outputting them back in admin pages via various AJAX actions, leading to Reflected Cross-Site Scripting With SitePress active, and with more than 1 active language: ' 6458 being a valid Product ID productid' value="6458"/ 16 being...

0.6AI score
Exploits0
wpexploit
wpexploit
•added 2022/08/10 12:0 a.m.•202 views

Directorist < 7.3.1 - Unauthenticated Email Address Disclosure

The plugin discloses the email address of all users in an AJAX action available to both unauthenticated and any authenticated users https://example.com/wp-admin/admin-ajax.php?action=directoristauthorpagination...

5.3CVSS2.1AI score0.01408EPSS
Exploits2
wpexploit
wpexploit
•added 2022/08/10 12:0 a.m.•194 views

Best Payments Plugin for WP < 4.2.1 - Unauthenticated Stored Cross-Site Scripting

The plugin does not sanitise and escape user input given in its forms, which could allow unauthenticated attackers to perform Cross-Site Scripting attacks against admins As unauthenticated, on a page/post where there is a contact form created via the plugin, put the following payload in the Name,...

7.2CVSS0.5AI score0.0059EPSS
Exploits2
wpexploit
wpexploit
•added 2022/08/10 12:0 a.m.•116 views

Best Payments Plugin for WP < 4.2.1 - Reflected Cross-Site Scripting

The plugin does not escape an URL before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting Append the following payload on a page where the is a form from the plugin: a"alert/XSS/ e.g: https://example.com/contact-form/?a"alert/XSS/...

7.1AI score
Exploits0
wpexploit
wpexploit
•added 2022/08/09 12:0 a.m.•270 views

Simple Single Sign On <= 4.1.0 - Authentication Bypass

The plugin leaks its OAuth clientsecret, which could be used by attackers to gain unauthorized access to the site. When we click the "Single Sign On" button, the plugin redirects us to the OAuth server to authenticate ourselves if we are not logged in. The button invokes the following URL:...

7.5CVSS2AI score0.00619EPSS
Exploits2References1
wpexploit
wpexploit
•added 2022/08/09 12:0 a.m.•126 views

Social Slider Feed < 2.0.7 - Admin+ Stored XSS via Feeds

The plugin does not sanitise as well as escape user input in feeds, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup Put the following payload in a Instagram Fee...

0.5AI score
Exploits0
wpexploit
wpexploit
•added 2022/08/09 12:0 a.m.•158 views

Photo Gallery < 1.7.1 - Reflected Cross-Site Scripting

The plugin does not escape some URLs before outputting them back in attributes, leading to Reflected Cross-Site Scripting When the plugin displays a notice: https://example.com/wp-admin/plugins.php?"alert/XSS/...

Exploits0
wpexploit
wpexploit
•added 2022/08/08 12:0 a.m.•126 views

Simply Schedule Appointments < 1.5.7.7 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup Navigate to style settings:...

4.8CVSS4.7AI score0.00559EPSS
Exploits2
wpexploit
wpexploit
•added 2022/08/08 12:0 a.m.•133 views

Stop Spam Comments <= 0.2.1.2 - Access Token Bypass

The plugin does not properly generate the Javascript access token for preventing abuse of comment section, allowing threat authors to easily collect the value and add it to the request. Collect the name and value of ssckey for the target post and use it on the request. curl...

6.5CVSS2AI score0.00546EPSS
Exploits2
wpexploit
wpexploit
•added 2022/08/08 12:0 a.m.•216 views

Leaflet Maps Marker < 3.12.5 - Admin+ SQLi

The plugin does not properly sanitize some parameters before inserting them into SQL queries. As a result, high privilege users could perform SQL injection attacks. PoC for filter-operator1 parameter: POST...

7.2CVSS0.6AI score0.01062EPSS
Exploits2
wpexploit
wpexploit
•added 2022/08/08 12:0 a.m.•108 views

WP Hide & Security Enhancer < 1.8 - Reflected Cross-Site Scripting

The plugin does not escape a parameter before outputting it back in an attribute of a backend page, leading to a Reflected Cross-Site Scripting http://example.com/wp-admin/admin.php?page=wp-hide-cdn&component=%22+style%3Danimation-name%3Arotation+onanimationstart%3Dalert%28/XSS/%29+x...

6.1CVSS0.4AI score0.0055EPSS
Exploits2
wpexploit
wpexploit
•added 2022/08/08 12:0 a.m.•149 views

Simply Schedule Appointments < 1.5.7.7 - Unauthenticated Email Address Disclosure

The plugin is missing authorisation in a REST endpoint, allowing unauthenticated users to retrieve WordPress users details such as name and email address https://example.com/wp-json/ssa/v1/users...

5.3CVSS2.4AI score0.01424EPSS
Exploits2
wpexploit
wpexploit
•added 2022/08/04 12:0 a.m.•156 views

Sensei LMS < 4.5.0 - Unauthenticated Private Messages Disclosure via Rest API

The plugin does not have proper permissions set in one of its REST endpoint, allowing unauthenticated users to access private messages sent to teachers https://example.com/wp-json/wp/v2/sensei-messages/...

5.3CVSS1.8AI score0.01868EPSS
Exploits2References1
wpexploit
wpexploit
•added 2022/08/04 12:0 a.m.•147 views

Sensei LMS < 4.5.2 - Arbitrary Private Message Sending via IDOR

The plugin does not ensure that the sender of a private message is either the teacher or the original sender, allowing any authenticated user to send messages to arbitrary private conversation via a IDOR attack. Note: Attackers are not able to see responses/messages between the teacher and studen...

4.3CVSS1.7AI score0.00645EPSS
Exploits2References1
wpexploit
wpexploit
•added 2022/08/04 12:0 a.m.•696 views

Download Manager < 3.2.53 - Unauthenticated Reflected Cross-Site Scripting

The plugin does not escape the $SERVER'REQUESTURI' parameter before outputting it back in an attribute of the modal login page only available when users are not logged in, which could lead to Reflected Cross-Site Scripting in old web browsers. On the modal login page from the plugin and using an...

0.4AI score
Exploits0
wpexploit
wpexploit
•added 2022/08/03 12:0 a.m.•208 views

MailChimp for Woocommerce < 2.7.1 - Subscriber+ SSRF

The plugin has an AJAX action that allows any logged in users such as subscriber to perform a POST request on behalf of the server to the internal network/LAN, the body of the request is also appended to the response so it can be used to scan private network for example As any logged in user:...

4.3CVSS0.2AI score0.00585EPSS
Exploits2
wpexploit
wpexploit
•added 2022/08/03 12:0 a.m.•174 views

MailChimp for Woocommerce < 2.7.2 - Admin+ SSRF

The plugin has an AJAX action that allows high privilege users to perform a POST request on behalf of the server to the internal network/LAN, the body of the request is also appended to the response so it can be used to scan private network for example As an admin:...

2.7CVSS0.8AI score0.00632EPSS
Exploits2
wpexploit
wpexploit
•added 2022/08/03 12:0 a.m.•119 views

Anti-Malware Security and Brute-Force Firewall < 4.21.83 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape some parameters before outputting them back in an admin dashboard, leading to Reflected Cross-Site Scripting https://example.com/wp-admin/admin.php?page=GOTMLS-settings&GOTMLSdebug=%3C%2Fscript%3E%3Cimg+src+onerror%3Dalert%281%29%3B%3E Also possible with th...

6.1CVSS0.2AI score0.0102EPSS
Exploits2
wpexploit
wpexploit
•added 2022/08/03 12:0 a.m.•143 views

WooCommerce PDF Invoices & Packing Slips < 3.0.1 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape some parameters before outputting them back in an attributes of an admin page, leading to Reflected Cross-Site Scripting. This is a re-introduction of CVE-2021-24991 in 2.14.0...

6.1CVSS1.5AI score0.01188EPSS
Exploits4
wpexploit
wpexploit
•added 2022/08/02 12:0 a.m.•168 views

Fluent Support < 1.5.8 - Admin+ SQLi

The plugin does not properly sanitise, validate and escape various parameters before using them in an SQL statement, leading to an SQL Injection vulnerability exploitable by high privilege users With at least one support ticket in the system:...

7.2CVSS0.5AI score0.00966EPSS
Exploits2
wpexploit
wpexploit
•added 2022/08/02 12:0 a.m.•103 views

Social Slider Feed < 2.0.6 - Admin+ Stored XSS via API Key

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup Put the following payload in the YT API Key settin...

1.1AI score
Exploits0
wpexploit
wpexploit
•added 2022/08/01 12:0 a.m.•90 views

Student Result or Employee Database < 1.8.0 - Unauthorised REST Calls

The plugin has a flawed permission callback in its REST endpoints, allowing unauthenticated attackers to call them and add/edit/delete arbitrary student for example POST /wp-json/v2/ssradddata HTTP/1.1 Accept: / Accept-Language: en-GB,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type:...

1AI score
Exploits0
Total number of security vulnerabilities4359