Lucene search
K
WpexploitRecent

4359 matches found

wpexploit
wpexploit
added 2022/08/01 12:0 a.m.172 views

Lana Downloads Manager < 1.8.0 - Contributor+ Arbitrary File Download

The plugin is affected by an arbitrary file download vulnerability that can be exploited by users with "Contributor" permissions or higher. As contributor, navigate to https://target/blog/wp-admin/post-new.php?posttype=lanadownload Inside "File URL:" input, fill the file you want to download, for...

6.5CVSS0.6AI score0.00911EPSS
Exploits2
wpexploit
wpexploit
added 2022/08/01 12:0 a.m.136 views

Social Slider Feed < 2.0.5 - Subscriber+ Stored XSS via Feeds

The plugin does not have authorisation and CSRF check in place when adding and editing a Feed, and does not sanitise as well as escape user input. As a result, users with a role as low as subscriber could add arbitrary feeds, with Stored Cross-Site Scripting payloads in them. As any authenticated...

6.5AI score
Exploits0
wpexploit
wpexploit
added 2022/08/01 12:0 a.m.107 views

Social Slider Feed < 2.0.5 - Subscriber+ Arbitrary API Key Update to Stored XSS

The plugin does not have authorisation and CSRF check in place when saving the YouTube API Key, and does not sanitise as well as escape it. As a result, users with a role as low as subscriber could change it, including setting it with Stored Cross-Site Scripting payloads in it As any authenticate...

6.5AI score
Exploits0
wpexploit
wpexploit
added 2022/08/01 12:0 a.m.115 views

Multiple Plugins from Puvox.software - Reflected Cross-Site Scripting

The plugins do not escape some URLs before outputting them back in attributes, leading to Reflected Cross-Site Scripting https://example.com/wp-admin/admin.php?page=wp-phpmyadmin-extension&tab=errors-logreset&a"alert/XSS/...

0.7AI score
Exploits0
wpexploit
wpexploit
added 2022/08/01 12:0 a.m.170 views

Download Manager < 3.2.50 - Bypass IP Address Blocking Restriction

The plugin prioritizes getting a visitor's IP from certain HTTP headers over PHP's REMOTEADDR, which makes it possible to bypass IP-based download blocking restrictions. When downloading a file, add an X-Forwarded-For header that contains a random IP address to your request...

7.5CVSS0.8AI score0.00958EPSS
Exploits2
wpexploit
wpexploit
added 2022/08/01 12:0 a.m.171 views

Ninja Job Board < 1.3.3 - Resume Disclosure via Directory Listing

The plugin does not protect the directory where it stores uploaded resumes, making it vulnerable to unauthenticated Directory Listing which allows the download of uploaded resumes. curl https://example.com/wp-content/uploads/wpjobboard Search for this path / folder in search engines to find...

7.5CVSS1AI score0.03158EPSS
Exploits2References1
wpexploit
wpexploit
added 2022/08/01 12:0 a.m.129 views

WP Edit Menu < 1.5.0 - Unauthenticated Arbitrary Post Deletion

The plugin does not have authorisation and CSRF in an AJAX action, which could allow unauthenticated attackers to delete arbitrary posts/pages from the blog https://example.com/wp-admin/admin-ajax.php?action=filtermenu&val=post-id...

4.3CVSS4.4AI score0.00336EPSS
Exploits2References1
wpexploit
wpexploit
added 2022/08/01 12:0 a.m.163 views

WP phpMyAdmin < 5.2.0.4 - Admin+ Stored Cross-Site Scripting

The plugin does not escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfilteredhtml capability is disallowed for example in multisite setup Put the following payload in the "phpMyAdmin on hosting" settings...

4.8CVSS0.5AI score0.00642EPSS
Exploits2
wpexploit
wpexploit
added 2022/08/01 12:0 a.m.156 views

Simple Job Board < 2.10.0 - Resume Disclosure via Directory Listing

The plugin is susceptible to Directory Listing which allows the public listing of uploaded resumes in certain configurations. curl https://example.com/wp-content/uploads/jobpost Search for this path / folder in search engines to find uploaded resumes...

5.3CVSS0.8AI score0.00787EPSS
Exploits2
wpexploit
wpexploit
added 2022/08/01 12:0 a.m.201 views

WP Sticky Button < 1.4.1 - Unauthenticated Arbitrary Settings Update to Stored XSS

The plugin does not have authorisation and CSRF checks when saving its settings, allowing unauthenticated users to update them. Furthermore, due to the lack of escaping in some of them, it could lead to Stored Cross-Site Scripting issues fetch"/wp-admin/admin-ajax.php", "headers": "content-type":...

5.4CVSS1.2AI score0.00302EPSS
Exploits2
wpexploit
wpexploit
added 2022/08/01 12:0 a.m.125 views

Better Search and Replace < 1.4.1 - Admin+ SQLi

The plugin does not properly sanitise and escape table data before inserting it into a SQL query, which could allow high privilege users to perform SQL Injection attacks POST /wp-admin/tools.php?page=better-search-replace&bsr-ajax=processsearchreplace HTTP/1.1 Accept: application/json,...

7.2CVSS0.4AI score0.01066EPSS
Exploits2
wpexploit
wpexploit
added 2022/08/01 12:0 a.m.131 views

Student Result or Employee Database < 1.7.5 - Stored Cross Site Scripting via CSRF

The plugin does not have CSRF in its AJAX actions, allowing attackers to make logged in user with a role as low as contributor to add/edit and delete students via CSRF attacks. Furthermore, due to the lack of sanitisation and escaping, it could also lead to Stored Cross-Site scripting alert/XSS/'...

5.4CVSS0.8AI score0.00254EPSS
Exploits2
wpexploit
wpexploit
added 2022/08/01 12:0 a.m.152 views

NEX-Forms < 7.9.7 - Authenticated SQLi

The plugin does not properly sanitise and escape user input before using it in SQL statements, leading to SQL injections. The attack can be executed by anyone who is permitted to view the forms statistics chart, by default administrators, however can be configured otherwise via the plugin setting...

8.8CVSS3.1AI score0.10375EPSS
Exploits5References2
wpexploit
wpexploit
added 2022/08/01 12:0 a.m.139 views

Duplicator < 1.4.7 - Unauthenticated Backup Download

The plugin discloses the url of the a backup to unauthenticated visitors accessing the main installer endpoint of the plugin, if the installer script has been run once by an administrator, allowing download of the full site backup without authenticating. Find the URL of the actual installer scrip...

7.5CVSS1.3AI score0.12485EPSS
Exploits5References2
wpexploit
wpexploit
added 2022/08/01 12:0 a.m.121 views

LinkWorth Plugin < 3.3.4 - Arbitrary Setting Update via CSRF

The plugin does not implement nonce checks, which could allow attackers to make a logged in admin change settings via a CSRF attack. document.getElementById"test".submit;...

4.3CVSS1.5AI score0.00317EPSS
Exploits2References1
wpexploit
wpexploit
added 2022/08/01 12:0 a.m.124 views

WP Edit Menu <= 1.5.0 - Arbitrary Post Deletion via CSRF

The plugin does not have CSRF in an AJAX action, which could allow attackers to make a logged in admin delete arbitrary posts/pages from the blog via a CSRF attack...

4.3CVSS1.8AI score0.00292EPSS
Exploits2
wpexploit
wpexploit
added 2022/08/01 12:0 a.m.1441 views

Advanced Custom Fields 5.0-5.12.2 - Unauthenticated File Upload

The plugin allows unauthenticated users to upload files allowed in a default WP configuration so PHP is not possible if there is a frontend form available. This vulnerability was introduced in the 5.0 rewrite and did not exist prior to that release. By default WordPress does not allow uploading o...

8.8CVSS0.3AI score0.01264EPSS
Exploits2References1
wpexploit
wpexploit
added 2022/08/01 12:0 a.m.268 views

Duplicator < 1.4.7.1 - Unauthenticated System Information Disclosure

The plugin does not authenticate or authorize visitors before displaying information about the system such as server software, php version and full file system path to the site. 1. curl 'http://example.com/wp-content/backups-dup-lite/dup-installer/main.installer.php?view=1' 2. curl -d view...

5.3CVSS2AI score0.08415EPSS
Exploits5References2
wpexploit
wpexploit
added 2022/08/01 12:0 a.m.147 views

Social Slider Feed < 2.0.5 - Subscriber+ Arbitrary Feed Deletion

The plugin does not have authorisation and CSRF check in place when deleting feeds, allowing ay authenticated users, such as subscriber to delete arbitrary feeds As any authenticated user, such as subscriber. Or via CSRF against them...

0.5AI score
Exploits0
wpexploit
wpexploit
added 2022/07/31 12:0 a.m.162 views

Fast Flow < 1.2.13 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its Widget settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup Create/edit a dashboard with an HTML widget...

5.5CVSS5.1AI score0.00597EPSS
Exploits2
wpexploit
wpexploit
added 2022/07/28 12:0 a.m.201 views

VR Calendar <= 2.3.4 - Admin+ LFI

The plugin does not validate user input before using it in a require statement, which could allow high privilege users to perform LFI attacks. The attack could also be performed via a CSRF vector by making a logged in admin open a malicious link...

3.6AI score
Exploits0
wpexploit
wpexploit
added 2022/07/28 12:0 a.m.148 views

VR Calendar < 2.3.1 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape some parameters before outputting them back in the page, leading to Reflected Cross-Site Scripting https://example.com/wp-admin/plugins.php?vrcmsg=&vrcmsgtype="...

1AI score
Exploits0
wpexploit
wpexploit
added 2022/07/27 12:0 a.m.126 views

WordPress Team Members Showcase < 4.1.2 - Subscriber+ Arbitrary File Read and Deletion

The plugin contains a file which could allow any authenticated users to download arbitrary files from the server via a path traversal vector. Furthermore, the file will also be deleted after its content is returned to the user...

8.8CVSS3.2AI score0.0129EPSS
Exploits2
wpexploit
wpexploit
added 2022/07/26 12:0 a.m.180 views

Feed Them Social < 3.0.1 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting Both can be used against authenticated and unauthenticated users https://example.com/wp-admin/admin-ajax.php?action=ftsrefreshtokenajax&accesstoken=...

6.1CVSS0.1AI score0.04873EPSS
Exploits2
wpexploit
wpexploit
added 2022/07/26 12:0 a.m.482 views

Rezgo Online Booking < 4.1.8 - Reflected Cross-Site-Scripting

The plugin does not sanitise and escape some parameters before outputting them back in a page, leading to a Reflected Cross-Site Scripting, which can be exploited either via a LFI in an AJAX action, or direct call to the affected file Direct call:...

6.1CVSS0.4AI score0.00531EPSS
Exploits2
wpexploit
wpexploit
added 2022/07/26 12:0 a.m.160 views

Automations By Autonami < 2.1.2 - Subscriber+ Automation Creation

The plugin does not have authorisation and CSRF checks in one of its AJAX action, allowing any authenticated users, such as subscriber to create automations var data = new FormData data.append'file',new...

4.3CVSS0.2AI score0.00308EPSS
Exploits2
wpexploit
wpexploit
added 2022/07/26 12:0 a.m.128 views

Feed Them Social < 3.0.1 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting Against any authenticated user: https://example.com/wp-admin/admin-ajax.php?action=ftsencrypttokenajax&accesstoken=%3Cimg%20src=x%20onerror=alert/XSS/%3E...

6.1CVSS0.2AI score0.00634EPSS
Exploits2
wpexploit
wpexploit
added 2022/07/26 12:0 a.m.173 views

Transposh WordPress Translation <= 1.0.8 - Admin+ SQL Injection

The plugin does not sanitise and escape the order and orderby parameters before using them in a SQL statement, leading to a SQL injection https://example.com/wp-admin/admin.php?page=tpeditor&action=filter-by&order=+AND+SELECT+42+FROM+SELECTSLEEP5b...

7.2CVSS1.6AI score0.01202EPSS
Exploits5
wpexploit
wpexploit
added 2022/07/26 12:0 a.m.111 views

Simple Banner < 2.12.0 - Admin+ Stored Cross Site Scripting

The plugin does not properly sanitize its "Simple Banner Text" Settings allowing high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. Put the following payloads in the "Simple Banner Text" settings of the plugin: Firefox...

4.8CVSS0.1AI score0.00444EPSS
Exploits1
wpexploit
wpexploit
added 2022/07/26 12:0 a.m.139 views

Directorist < 7.3.0 - Subscriber+ Arbitrary E-mail Sending

The plugin does not have authorisation and CSRF checks in an AJAX action, allowing any authenticated users to send arbitrary emails on behalf of the blog fetch"/wp-admin/admin-ajax.php", "headers": "content-type": "application/x-www-form-urlencoded", , "method": "POST", "body":...

4.3CVSS1.7AI score0.00308EPSS
Exploits2
wpexploit
wpexploit
added 2022/07/26 12:0 a.m.131 views

WPGraphQL WooCommerce <= 0.11.0 - Unauthenticated Coupon Codes Disclosure

The plugin does not prevent unauthenticated attackers from enumerating a shop's coupon codes and values via GraphQL. The vulnerability exists due to the plugin only preventing users from leaking coupons using the "coupons" aggregate field, and not the regular "coupon" field. Given a valid coupon...

0.5AI score0.00724EPSS
Exploits2References1
wpexploit
wpexploit
added 2022/07/26 12:0 a.m.556 views

WP Coder < 2.5.3 - Code Deletion via CSRF

The plugin does not have CSRF check in place when deleting code created by the plugin, which could allow attackers to make a logged in admin delete arbitrary ones via a CSRF attack https://example.com/wp-admin/admin.php?page=wp-coder&info=del&did=1...

6.5CVSS4AI score0.00363EPSS
Exploits2
wpexploit
wpexploit
added 2022/07/26 12:0 a.m.159 views

Transposh WordPress Translation <= 1.0.8 - Subscriber+ Unauthorised Calls

The plugin exposes a couple of sensitive actions such has “tpreset” under the Utilities tab /wp-admin/admin.php?page=tputils, which can be used/executed as the lowest-privileged user. Basically all Utilities functionalities are vulnerable this way, which involves resetting configurations and...

6.5CVSS1.2AI score0.00891EPSS
Exploits5
wpexploit
wpexploit
added 2022/07/26 12:0 a.m.176 views

Coming Soon - Under Construction <= 1.2.0 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitize and escape some of its settings, which could allow high-privileged users to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed As admin, put the following payload in the "More text information" settings of the plugin: The XSS will be triggered...

4.8CVSS4.9AI score0.00513EPSS
Exploits2
wpexploit
wpexploit
added 2022/07/26 12:0 a.m.578 views

Product Slider for WooCommerce < 2.5.7 - Subscriber+ Arbitrary Options Deletion

The plugin has flawed CSRF checks and lack authorisation in some of its AJAX actions, allowing any authenticated users, such as subscriber to call them. One in particular could allow them to delete arbitrary blog options. fetch"/wp-admin/admin-ajax.php", "headers": "content-type":...

4.3CVSS0.9AI score0.00308EPSS
Exploits2
wpexploit
wpexploit
added 2022/07/25 12:0 a.m.299 views

SearchWP Live Ajax Search < 1.6.2 - Unauthenticated Arbitrary Post Title Disclosure

The plugin does not ensure that users making. alive search are limited to published posts only, allowing unauthenticated users to make a crafted query disclosing private/draft/pending post titles along with their permalink...

5.3CVSS2AI score0.01464EPSS
Exploits2
wpexploit
wpexploit
added 2022/07/25 12:0 a.m.187 views

WP-DBManager < 2.80.8 - Admin+ Remote Command Execution

The plugin does not prevent administrators from running arbitrary commands on the server in multisite installations, where only super-administrators should. Use any WordPress plugin that allows the users to upload files with extension - ".php" is not required - for example: .jpg usually many...

7.2CVSS0.9AI score0.01012EPSS
Exploits2
wpexploit
wpexploit
added 2022/07/23 12:0 a.m.147 views

Translatepress Multilinugal < 2.3.3 - Admin+ SQLi

The plugin is vulnerable to an authenticated SQL injection. By adding a new language via the settings page containing specific special characters, the backticks in the SQL query can be surpassed and a time-based blind payload can be injected. To exploit the vulnerability, someone must send a...

8.8CVSS1AI score0.03851EPSS
Exploits5References2
wpexploit
wpexploit
added 2022/07/22 12:0 a.m.269 views

VR Calendar < 2.3.2 - Unauthenticated Arbitrary Function Call

The plugin lets any user execute arbitrary PHP functions on the site. https://example.com/wp-admin/admin-post.php?vrccmd=phpinfo...

9.8CVSS2.7AI score0.12442EPSS
Exploits2
wpexploit
wpexploit
added 2022/07/21 12:0 a.m.231 views

GREYD.SUITE < 1.2.7 - Unauthenticated File Upload to RCE

The plugin does not properly validate uploaded custom font packages, and does not perform any authorization or csrf checks, allowing an unauthenticated attacker to upload arbitrary files including php source files, leading to possible remote code execution RCE. Version 1.2.5 added CSRF checks Sen...

9.8CVSS1.5AI score0.01896EPSS
Exploits2
wpexploit
wpexploit
added 2022/07/21 12:0 a.m.125 views

Digital Publications by Supsystic < 1.7.4 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. 1. Create new publication, name it whatever 2. Click the "Custom Page" tab to add a new page: - name it...

4.8CVSS0.2AI score0.00493EPSS
Exploits2
wpexploit
wpexploit
added 2022/07/20 12:0 a.m.150 views

Duplicate Page and Post Plugin < 2.8 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. Put the following payload in the "Duplicate Post Suffix" or "Duplicate Link Text" settings: "alert/XSS/...

4.8CVSS0.4AI score0.00493EPSS
Exploits2
wpexploit
wpexploit
added 2022/07/19 12:0 a.m.459 views

Elementor Contact Form DB < 1.8.0 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape some parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting When there is at least one submission: https://example.com/wp-admin/edit.php?posttype=elementorcfdb&page=sbelemcfd&formid="...

6.1CVSS0.7AI score0.0051EPSS
Exploits2
wpexploit
wpexploit
added 2022/07/19 12:0 a.m.150 views

Easy Student Results <= 2.2.8 - Sensitive Information Disclosure via REST API

The plugin lacks authorisation in its REST API, allowing unauthenticated users to retrieve information related to the courses, exams, departments as well as student's grades and PII such as email address, physical address, phone number etc When the "Enable API for Mobile Apps" settings...

7.5CVSS1.7AI score0.02801EPSS
Exploits2
wpexploit
wpexploit
added 2022/07/19 12:0 a.m.126 views

Easy Student Results <= 2.2.8 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting https://example.com/wp-admin/admin.php?page=rpsresultbatch&edit=%3Cscript%3Ealert/XSS/%3C/script%3E...

6.1CVSS1AI score0.0051EPSS
Exploits2
wpexploit
wpexploit
added 2022/07/19 12:0 a.m.172 views

E Unlocked - Student Result <= 1.0.4 - Arbitrary File Upload via CSRF

The plugin is lacking CSRF and validation when uploading the School logo, which could allow attackers to make a logged in admin upload arbitrary files, such as PHP via a CSRF attack function submitRequest var xhr = new XMLHttpRequest; xhr.open"POST",...

8.8CVSS0.5AI score0.00443EPSS
Exploits2
wpexploit
wpexploit
added 2022/07/18 12:0 a.m.138 views

Inspiro Premium < 7.2.3 - Contributor+ Stored Cross-Site Scripting

The plugin does not sanitize the portfolio slider description, allowing users with privileges as low as Contributor to inject JavaScript into the description. Steps to reproduce: 1 As a Contributor, go to portfolio on the dashboard and add new item. 2 on the editing page that comes up, scroll dow...

5.4CVSS0.5AI score0.00495EPSS
Exploits2
wpexploit
wpexploit
added 2022/07/18 12:0 a.m.177 views

Google Maps Anywhere <= 1.2.6.3 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape any of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfilteredhtml capability is disallowed for example in multisite setup Put the following payload in any of the plugin settings:...

4.8CVSS1.1AI score0.00493EPSS
Exploits2
wpexploit
wpexploit
added 2022/07/18 12:0 a.m.179 views

Easy Username Updater < 1.0.5 - Arbitrary Username Update via CSRF

The plugin does not implement CSRF checks, which could allow attackers to make a logged in admin change any user's username includes the admin...

6.5CVSS1.1AI score0.00319EPSS
Exploits2
wpexploit
wpexploit
added 2022/07/18 12:0 a.m.233 views

Crowdsignal Polls & Ratings < 3.0.8 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting var form1 = document.getElementById'hack'; form1.submit;...

6.1CVSS6.2AI score0.0051EPSS
Exploits2
Total number of security vulnerabilities4359