Lucene search
K
WpexploitRecent

4359 matches found

wpexploit
wpexploit
added 2022/07/18 12:0 a.m.128 views

DW Promobar <= 1.0.4 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfilteredhtml capability is disallowed for example in multisite setup Put the following payload in any of the plugin settings...

4.8CVSS0.1AI score0.00493EPSS
Exploits2
wpexploit
wpexploit
added 2022/07/18 12:0 a.m.221 views

WPDating <= 7.1.9 - Multiple SQL Injection Issues

The plugin does not properly escape user input before concatenating it to certain SQL queries, leading to multiple SQL injection vulnerabilities. http://vulnerable-site.tld/wp-content/plugins/dspdating/m1/postone.php?senderid=senderidsleep10&receiverid=senderidsleep10...

9.8CVSS1.6AI score0.0089EPSS
Exploits2
wpexploit
wpexploit
added 2022/07/18 12:0 a.m.120 views

Better Tag Cloud <= 0.99.5 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfilteredhtml capability is disallowed for example in multisite setup Put the following payload in any text field settings of...

4.8CVSS4.7AI score0.00493EPSS
Exploits2
wpexploit
wpexploit
added 2022/07/18 12:0 a.m.400 views

YaySMTP < 2.2.1 - Subscriber+ Stored Cross-Site Scripting

The plugin does not have proper authorisation when saving its settings, allowing users with a role as low as subscriber to change them, and use that to conduct Stored Cross-Site Scripting attack due to the lack of escaping in them as well. v2.2.1 fixed the authorisation issue but not the escaping...

5.4CVSS0.00495EPSS
Exploits2
wpexploit
wpexploit
added 2022/07/18 12:0 a.m.124 views

WP DS Blog Map <= 3.1.3 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfilteredhtml capability is disallowed for example in multisite setup Put the following payload in any of the settings...

4.8CVSS4.7AI score0.00493EPSS
Exploits2
wpexploit
wpexploit
added 2022/07/18 12:0 a.m.140 views

Directorist - Business Directory Plugin < 7.2.3 - Admin+ Arbitrary File Upload

The plugin allows administrators to download other plugins from the same vendor directly to the site, but does not check the URL domain it gets the zip files from. This could allow administrators to run code on the server, which is a problem in multisite configurations. 1. Craft a custom zip file...

4.9CVSS0.2AI score0.00764EPSS
Exploits2References1
wpexploit
wpexploit
added 2022/07/18 12:0 a.m.123 views

Name Directory < 1.25.5 - Stored Cross-Site Scripting via CSRF

The plugin does not have CSRF check when adding/editing names, and is also lacking sanitisation as well as escaping in some of the fields, which could allow attackers to make a logged in admin edit arbitrary names and put XSS payloads in them. ' / " / ' /...

Exploits0
wpexploit
wpexploit
added 2022/07/18 12:0 a.m.140 views

Website File Changes Monitor < 1.8.3 - Admin+ SQLi

The plugin does not sanitise and escape user input before using it in a SQL statement via an action available to users with the manageoptions capability by default admins, leading to an SQL injection A user with manageoptions permission can exploit the vulnerability with the following request :...

9.8CVSS0.01026EPSS
Exploits2
wpexploit
wpexploit
added 2022/07/18 12:0 a.m.128 views

Thinkific Uploader <= 1.0.0 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks against other administrators. Put the following payload in any of the settings: "...

4.8CVSS1.7AI score0.00493EPSS
Exploits2
wpexploit
wpexploit
added 2022/07/18 12:0 a.m.167 views

mTouch Quiz <= 3.1.3 - Admin+ Stored Cross Site Scripting

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfilteredhtml capability is disallowed for example in multisite setup Put the following payload in any of the delimiter...

4.8CVSS0.5AI score0.00493EPSS
Exploits2
wpexploit
wpexploit
added 2022/07/18 12:0 a.m.416 views

YaySMTP < 2.2.2 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfilteredhtml capability is disallowed for example in multisite setup Put the following payload in the From Email or From Nam...

4.8CVSS0.4AI score0.00493EPSS
Exploits2
wpexploit
wpexploit
added 2022/07/14 12:0 a.m.144 views

WP Comments Fields < 4.1 - Admin+ Stored Cross-Site Scripting

The plugin does not escape Field Error Message, which could allow high-privileged users to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed Create/edit a Comment Fields Comments Comment Fields and put the following payload in the Error Message setting: "autofocus...

4.8CVSS0.2AI score0.00493EPSS
Exploits2
wpexploit
wpexploit
added 2022/07/14 12:0 a.m.115 views

Slide Anything < 2.3.47 - Author+ Cross Site Scripting in slide title

The plugin does not properly sanitize or escape the slide title before outputting it in the admin pages, allowing a logged in user with roles as low as Author to inject a javascript payload into the slide title even when the unfilteredhtml capability is disabled. An incomplete fix was introduced ...

0.5AI score0.0053EPSS
Exploits2
wpexploit
wpexploit
added 2022/07/12 12:0 a.m.276 views

User Private Files < 1.1.3 - Subscriber+ Arbitrary File Upload

The plugin does not filter file extensions when letting users upload files on the server, which may lead to malicious code being uploaded. 1 Create a file named exploit.php, which contains: ?php phpinfo; 2 Find the upfajaxnonce on the site's front page. 2 Run the following cURL request, curl --ur...

8.8CVSS0.2AI score0.0078EPSS
Exploits2
wpexploit
wpexploit
added 2022/07/12 12:0 a.m.211 views

Discy < 5.0 - Subscriber+ Broken Access Control to change settings

The theme lacks authorization checks then processing ajax requests to the discyupdateoptions action, allowing any logged in users with privileges as low as Subscriber, to change the theme options by sending a crafted POST request. POST /wp-admin/admin-ajax.php HTTP/1.1 Content-Type:...

6.5CVSS2.4AI score0.00623EPSS
Exploits2
wpexploit
wpexploit
added 2022/07/12 12:0 a.m.219 views

weForms < 1.6.14 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. On the dashboard navigate to weForms All Forms Add Form Choose Contact Form; Click Create Form Settings...

4.8CVSS0.6AI score0.00493EPSS
Exploits2
wpexploit
wpexploit
added 2022/07/11 12:0 a.m.552 views

GiveWP < 2.21.3 - Admin+ Stored Cross-Site Scripting

The plugin does not properly sanitise and escape the currency settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfilteredhtml capability is disallowed for example in multisite setup Get a REST nonce logged in as admin:...

4.8CVSS0.00493EPSS
Exploits2
wpexploit
wpexploit
added 2022/07/11 12:0 a.m.182 views

Event Timeline <= 1.1.6 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitize and escape Timeline Text, which could allow high-privileged users such as admin to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed Create/edit a Timeline, put the following payload in the "Text" field at the bottom: alert/XSS/ Click save...

4.8CVSS4.9AI score0.00493EPSS
Exploits2
wpexploit
wpexploit
added 2022/07/11 12:0 a.m.214 views

Featured Image from URL < 4.0.0 - Arbitrary Settings Update to Stored XSS via CSRF

The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack. Furthermore, due to the lack of validation, sanitisation and escaping in some of them, it could also lead to Stored XSS issues All settings...

6.1CVSS0.8AI score0.0051EPSS
Exploits2
wpexploit
wpexploit
added 2022/07/11 12:0 a.m.195 views

CAPTCHA 4WP < 7.1.0 - Local File Inclusion via CSRF

The plugin lets user input reach a sensitive requireonce call in one of its admin-side templates. This can be abused by attackers, via a Cross-Site Request Forgery attack to run arbitrary code on the server. 1 Create a malicious PHP script $ echo ' shell.php 2 Add it to a fake .doc file, who will...

8.8CVSS0.7AI score0.00489EPSS
Exploits2
wpexploit
wpexploit
added 2022/07/11 12:0 a.m.215 views

YaySMTP < 2.2.1 - Subscriber+ SMTP Credentials Leak

The plugin does not have capability check before displaying the Mailer Credentials in JS code for the settings, allowing any authenticated users, such as subscriber to retrieve them Install the plugin and configure any mailer other than Default. Access the wp-admin area with a Subscriber+ user an...

6.5CVSS0.00744EPSS
Exploits2
wpexploit
wpexploit
added 2022/07/11 12:0 a.m.571 views

YaySMTP < 2.2.1 - Subscriber+ Logs Disclosure

The plugin does not have capability check in an AJAX action, allowing any logged in users, such as subscriber to view the Logs of the plugin @author : 0xshdax Rafshanzani Suhada @usage : python3 script.py http://localhost import requests, sys, re, json Setup here url = sys.argv1 headers =...

4.3CVSS0.4AI score0.00585EPSS
Exploits2
wpexploit
wpexploit
added 2022/07/11 12:0 a.m.511 views

GiveWP < 2.21.3 - DoS via CSRF

The plugin does not have CSRF in place when exporting data, and does not validate the exporting parameters such as dates, which could allow attackers to make a logged in admin DoS the web server via a CSRF attack as the plugin will try to retrieve data from the database many times which leads to...

6.5CVSS1AI score0.00375EPSS
Exploits2
wpexploit
wpexploit
added 2022/07/11 12:0 a.m.217 views

Featured Image from URL < 4.0.1 - Admin+ Stored Cross-Site Scripting

The plugin does not validate, sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfilteredhtml capability is disallowed for example in multisite setup POST...

4.8CVSS4.7AI score0.00493EPSS
Exploits2
wpexploit
wpexploit
added 2022/07/08 12:0 a.m.221 views

Counter Box < 1.2.1 - Arbitrary Counter Activation/Deactivation via CSRF

The plugin is lacking CSRF check when activating and deactivating counters, which could allow attackers to make a logged in admin perform such actions via CSRF attacks https://example.com/wp-admin/admin.php?page=counter-box&id=1&action=activate...

8.8CVSS4.4AI score0.00443EPSS
Exploits2
wpexploit
wpexploit
added 2022/07/07 12:0 a.m.193 views

Shortcode For Current Date < 2.1.7 - Contributor+ Stored Cross-Site Scripting

The plugin does not escape the some of its shortcode's attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks currentdate format='d/m/Y' size="10px;position:absolute;top:0;left:0;max-width:9999px;width:9999px;height:9999px'...

1.2AI score
Exploits0
wpexploit
wpexploit
added 2022/07/07 12:0 a.m.221 views

Copyright Proof <= 4.16 - Reflected Cross-Site-Scripting

The plugin does not sanitise and escape a parameter before outputting it back via an AJAX action available to both unauthenticated and authenticated users, leading to a Reflected Cross-Site Scripting when a specific setting is enabled. To make it easier to verify the vulnerability without the nee...

6.1CVSS6.1AI score0.00922EPSS
Exploits2
wpexploit
wpexploit
added 2022/07/07 12:0 a.m.295 views

Microsoft Advertising Universal Event Tracking < 1.0.4 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. Due to the nature of this plugin, well crafted XSS can also leak into the frontpage. Put the following...

4.8CVSS0.2AI score0.01052EPSS
Exploits2
wpexploit
wpexploit
added 2022/07/06 12:0 a.m.147 views

Simple Membership < 4.1.3 - Unauthenticated Membership Privilege Escalation

The plugin allows user to change their membership at the registration stage due to insufficient checking of a user supplied parameter. Note: This only affects membership from the plugin, not the WordPress role The request contains the levelidentifier parameter with the md52 value, where 2 is the...

9.8CVSS0.7AI score0.01104EPSS
Exploits2
wpexploit
wpexploit
added 2022/07/06 12:0 a.m.180 views

Flexi Quote Rotator <= 0.9.4 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. Add the following payload to a new quote:...

4.8CVSS1.8AI score0.00493EPSS
Exploits2
wpexploit
wpexploit
added 2022/07/06 12:0 a.m.121 views

Simple Membership < 4.1.3 - Membership Privilege Escalation

The plugin does not properly validate the membershiplevel parameter when editing a profile, allowing members to escalate to a higher membership level by using a crafted POST request. Note: This only affects membership from the plugin, not the WordPress role To increase the level, the attacker nee...

8.8CVSS0.5AI score0.00935EPSS
Exploits2
wpexploit
wpexploit
added 2022/07/05 12:0 a.m.202 views

Login with phone number < 1.3.8 - Multiple Admin+ Stored XSS

The plugin does not sanitise and escape plugin settings which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. Plugin settings Style Settings button border radius or other field put to input field: alert'XSS'; Text &...

4.8CVSS4.8AI score0.00559EPSS
Exploits2
wpexploit
wpexploit
added 2022/07/05 12:0 a.m.124 views

Invitation Based Registrations <= 2.2.84 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfilteredhtml capability is disallowed for example in multisite setup Put the following payload in the "After Register Redire...

4.8CVSS0.3AI score0.00493EPSS
Exploits2
wpexploit
wpexploit
added 2022/07/05 12:0 a.m.173 views

WordPress Popup <= 1.9.3.8 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfilteredhtml capability is disallowed for example in multisite setup On...

4.8CVSS0.2AI score0.00493EPSS
Exploits2
wpexploit
wpexploit
added 2022/07/05 12:0 a.m.149 views

Advanced WordPress Reset < 1.6 - Reflected Cross-Site Scripting

The plugin does not escape some generated URLs before outputting them back in href attributes of admin dashboard pages, leading to Reflected Cross-Site Scripting - Completely reset the site using the plugin - Visit https://example.com/wp-admin/tools.php?page=advancedwpreset&"alert1...

6.1CVSS0.5AI score0.0055EPSS
Exploits2
wpexploit
wpexploit
added 2022/07/04 12:0 a.m.164 views

Ivory Search < 5.4.7 - Reflected Cross-Site Scripting

The plugin does not escape some URLs before outputting them back in attributes, leading to Reflected Cross-Site Scripting When the plugin displays the usage notice: https://example.com/wp-admin/plugins.php?"alert/XSS/...

0.2AI score
Exploits0
wpexploit
wpexploit
added 2022/07/04 12:0 a.m.165 views

Unyson < 2.7.27 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting https://example.com/wp-admin/admin.php?page=fw-extensions&sub-page=extension&extension=feedbackalert/XSS/...

7.2CVSS0.7AI score0.01448EPSS
Exploits2
wpexploit
wpexploit
added 2022/07/04 12:0 a.m.176 views

Shareaholic < 9.7.6 - Information Disclosure

The plugin does not have proper authorisation check in one of the AJAX action, available to unauthenticated in v 9.7.5 and author+ in v9.7.5 users, allowing them to call it and retrieve various information such as the list of active plugins, various version like PHP, cURL, WP etc...

5.3CVSS0.7AI score0.01633EPSS
Exploits2
wpexploit
wpexploit
added 2022/07/04 12:0 a.m.156 views

Popup Anything < 2.1.7 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape a parameter before outputting it back in a frontend page, leading to a Reflected Cross-Site Scripting On a post/page where the paocdetails display="keyxxx" shortcode is embed, append the following payload: ?xxx=11111%3Cscript%3Ealert/XSS/%3C/script%3E e.g:...

6.1CVSS6.2AI score0.0055EPSS
Exploits2
wpexploit
wpexploit
added 2022/07/04 12:0 a.m.425 views

Booster for WooCommerce < 5.6.2 - Reflected Cross-Site Scripting

The plugin does not escape some generated URLs before outputting them back in attributes, leading to Reflected Cross-Site Scripting v alert/XSS/ v alert/XSS/...

0.3AI score
Exploits0
wpexploit
wpexploit
added 2022/07/04 12:0 a.m.107 views

Name Directory < 1.25.4 - Arbitrary Directory/Name Deletion via CSRF

The plugin does not have CSRF checks in place when deleting Directories and Names, which could allow attackers to make a logged in admin delete them via a CSRF attack https://example.com/wp-admin/admin.php?page=name-directory&deletedir=2...

4.3AI score
Exploits0
wpexploit
wpexploit
added 2022/07/04 12:0 a.m.107 views

NextScripts: Social Networks Auto-Poster < 4.3.26 - Reflected Cross-Site Scripting

The plugin does not escape a generated URL before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting https://example.com/wp-admin/admin.php?page=nxssnap&a"alert/XSS/...

0.3AI score
Exploits0
wpexploit
wpexploit
added 2022/07/04 12:0 a.m.152 views

Name Directory < 1.25.4 - Stored Cross-Site Scripting via CSRF

The plugin does not have CSRF check when importing names, and is also lacking sanitisation as well as escaping in some of the imported data, which could allow attackers to make a logged in admin import arbitrary names with XSS payloads in them. function submitRequest var xhr = new XMLHttpRequest;...

6.1CVSS6.2AI score0.00284EPSS
Exploits2
wpexploit
wpexploit
added 2022/07/04 12:0 a.m.128 views

Name Directory < 1.25.3 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting. Furthermore, as the payload is also saved into the database after the request, it leads to a Stored XSS as well alert/XSS/" /...

6.1CVSS6.1AI score0.00569EPSS
Exploits2
wpexploit
wpexploit
added 2022/07/04 12:0 a.m.157 views

Header Footer Code Manager < 1.1.24 - Reflected Cross-Site Scripting

The plugin does not escape generated URLs before outputting them back in attributes in an admin page, leading to a Reflected Cross-Site Scripting. https://example.com/wp-admin/admin.php?page=hfcm-list&'alert/XSS/...

6.1CVSS0.5AI score0.01072EPSS
Exploits2
wpexploit
wpexploit
added 2022/07/01 12:0 a.m.138 views

Yellow Yard Searchbar <= 2.7.27 - Reflected Cross-Site Scripting

The plugin does not escape some URL parameters before outputting them back to the user, leading to Reflected Cross-Site Scripting /?searchjob="...

2.7AI score0.00486EPSS
Exploits2
wpexploit
wpexploit
added 2022/07/01 12:0 a.m.190 views

WP All Import < 3.6.8 - Admin+ Arbitrary File Upload

The plugin accepts all zip files and automatically extracts the zip file without validating the extracted file type. Allowing high privilege users such as admin to upload an arbitrary file like PHP, leading to RCE As an admin upload a php file containing the palyload zipped along with a valid XML...

7.2CVSS0.3AI score0.01374EPSS
Exploits2
wpexploit
wpexploit
added 2022/06/30 12:0 a.m.122 views

Gallery for Social Photo < 1.0.0.29 - Arbitrary Post Duplication via CSRF

The plugin does not have CSRF check in place when duplicating a post or page, which could allow attackers to make a logged in a admin duplicate them via a CSRF attack https://example.com/wp-admin/admin-ajax.php?action=gifeedduplicatefeed&post=12...

5.4CVSS4.2AI score0.00342EPSS
Exploits1
wpexploit
wpexploit
added 2022/06/29 12:0 a.m.113 views

WordPress Popular Posts < 6.0.0 - Reflected Cross-Site Scripting

The plugin does not escape some URLs before outputting them back in attributes, leading to Reflected Cross-Site Scripting When the plugin displays a performance notice: https://example.com/wp-admin/plugins.php?"alert/XSS/...

7.1AI score
Exploits0
wpexploit
wpexploit
added 2022/06/28 12:0 a.m.210 views

Custom Product Tabs for WooCommerce < 1.7.8 - Unauthenticated Toggle Content Setting Update

The plugin does not have proper authorisation in one of its REST endpoint, allowing unauthenticated users to update the "Toggle thecontent filter" setting POST /wp-json/yikes/cpt/v1/settings HTTP/1.1 Accept: / Accept-Language: en-GB,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type:...

5.3CVSS0.3AI score0.01226EPSS
Exploits1
Total number of security vulnerabilities4359