Lucene search
K
WpexploitRecent

4359 matches found

wpexploit
wpexploit
added 2022/06/28 12:0 a.m.151 views

SP Project & Document Manager < 4.58 - Sensitive File Disclosure

The plugin uses an easily guessable path to store user files, bad actors could use that to access other users' sensitive files. 1. Upload a file using the plugin. 2. On another browser, access the newly uploaded file via:...

6.5CVSS6.5AI score0.00807EPSS
Exploits2
wpexploit
wpexploit
added 2022/06/28 12:0 a.m.147 views

Request a Quote <= 2.3.7 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. Put the following payload in the Misc No Access Message setting of the plugin: alert/XSS/; The X...

4.8CVSS0.1AI score0.00532EPSS
Exploits2
wpexploit
wpexploit
added 2022/06/28 12:0 a.m.112 views

Request a Quote <= 2.3.7 - CSV Injection

The plugin does not validate uploaded CSV files, allowing unauthenticated users to attach a malicious CSV file to a quote, which could lead to a CSV injection once an admin download and open it On a page with a Quote Request form, upload the following CSV as an attachment: "First Name","Last...

8.8CVSS0.5AI score0.01184EPSS
Exploits2
wpexploit
wpexploit
added 2022/06/27 12:0 a.m.121 views

W-DALIL <= 2.0 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its fields, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfilteredhtml capability is disallowed for example in multisite setup Add/edit a Dali Item and put the following payload in one...

4.8CVSS4.7AI score0.00608EPSS
Exploits2References1
wpexploit
wpexploit
added 2022/06/27 12:0 a.m.131 views

Advanced Database Cleaner < 3.1.1 - Reflected Cross-Site Scripting

The plugin does not escape numerous generated URLs before outputting them back in href attributes of admin dashboard pages, leading to Reflected Cross-Site Scripting https://example.com/wp-admin/admin.php?page=advanceddbcleaner&aDBctab=cron&aDBccat=all&"alert/XSS/ Other pages are affected...

6.1CVSS0.3AI score0.00661EPSS
Exploits2
wpexploit
wpexploit
added 2022/06/27 12:0 a.m.180 views

Contact Form 7 Captcha < 0.1.2 - Reflected Cross-Site Scripting

The plugin does not escape the $SERVER'REQUESTURI' parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers https://example.com/wp-admin/options-general.php?page=cf7sredit&"alert/XSS/...

6.1CVSS1.1AI score0.01277EPSS
Exploits2
wpexploit
wpexploit
added 2022/06/27 12:0 a.m.123 views

miniOrange's Google Authenticator < 5.5.75 - Reflected Cross-Site Scripting

The plugin does not escape some URLs before outputting them back in attributes, leading to Reflected Cross-Site Scripting https://example.com/wp-admin/admin.php?page=mo2fatwofa&a"alert/XSS/...

0.4AI score
Exploits0
wpexploit
wpexploit
added 2022/06/27 12:0 a.m.252 views

Page Generator Plugin < 1.6.5 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. Got to Page Generator - Keywords - Add Keyword and put the following payload in the "Terms" field then...

4.8CVSS0.5AI score0.00493EPSS
Exploits2
wpexploit
wpexploit
added 2022/06/27 12:0 a.m.205 views

Woo Discount Rules < 2.4.2 - Reflected Cross-Site Scripting

The plugin does not escape a parameter before outputting it back in an attribute of the plugin's discount rule page, leading to Reflected Cross-Site Scripting https://example.com/wp-admin/admin.php?page=woodiscountrules&name="+style=animation-name:rotation+onanimationstart=alert/XSS///...

6.1CVSS1.1AI score0.00661EPSS
Exploits2
wpexploit
wpexploit
added 2022/06/27 12:0 a.m.162 views

Download Manager < 3.2.44 - Reflected Cross-Site Scripting

The plugin does not escape a generated URL before outputting it back in an attribute of the history dashboard, leading to Reflected Cross-Site Scripting https://example.com/wp-admin/edit.php?posttype=wpdmpro&page=wpdm-stats&type=history&userids=1&"alert/XSS/...

6.1CVSS0.8AI score0.0106EPSS
Exploits2
wpexploit
wpexploit
added 2022/06/27 12:0 a.m.248 views

Jquery Validation For Contact Form 7 < 5.3 - Arbitrary Options Update via CSRF

The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change Blog options like defaultrole, userscanregister via a CSRF attack...

4.3CVSS1.6AI score0.00368EPSS
Exploits2
wpexploit
wpexploit
added 2022/06/27 12:0 a.m.696 views

OAuth Single Sign On < 6.22.6 - Authentication Bypass

The plugin doesn't validate that OAuth access token requests are legitimate, which allows attackers to log onto the site with the only knowledge of a user's email address. POST / HTTP/1.1 Accept: / Accept-Language: en-GB,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type:...

5.3CVSS1.6AI score0.00988EPSS
Exploits2References1
wpexploit
wpexploit
added 2022/06/27 12:0 a.m.147 views

Simple Page Transition <= 1.4.1 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfilteredhtml capability is disallowed for example in multisite setup Put the following payload in the "Ignored Download Link...

4.8CVSS0.00608EPSS
Exploits2References1
wpexploit
wpexploit
added 2022/06/27 12:0 a.m.135 views

Insights from Google PageSpeed < 4.0.7 - Multiple CSRF

The plugin does not verify for CSRF before doing various actions such as deleting Custom URLs, which could allow attackers to make a logged in admin perform such actions via CSRF attacks...

8.8CVSS2.8AI score0.00512EPSS
Exploits2
wpexploit
wpexploit
added 2022/06/27 12:0 a.m.148 views

Page Generator Plugin < 1.6.6 - Arbitrary Keywords Deletion/Duplication via CSRF

The plugin does not have CSRF check in place when deleting and duplicating keywords, which could allow attackers to make a logged in admin delete and duplicate arbitrary keywords via CSRF attacks https://example.com/wp-admin/admin.php?page=page-generator-keywords&cmd=delete&id=3...

4.3AI score
Exploits0
wpexploit
wpexploit
added 2022/06/27 12:0 a.m.102 views

Download Manager < 3.2.44 - Unauthenticated Reflected Cross-Site Scripting

The plugin does not escape a generated URL before outputting it back in an attribute of the login page made by the plugin, leading to Reflected Cross-Site Scripting, which is only exploitable against unauthenticated users On the login page from the plugin ie where the wpdmloginform is embed, appe...

0.4AI score
Exploits0
wpexploit
wpexploit
added 2022/06/27 12:0 a.m.143 views

Simple Post Notes < 1.7.6 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. Put the following payload in the "Notes placeholder" settings of the plugin: alert/XSS/...

4.8CVSS0.4AI score0.00493EPSS
Exploits2
wpexploit
wpexploit
added 2022/06/23 12:0 a.m.122 views

Loading Page with Loading Screen < 1.0.83 - Admin+ Stored Cross-Site Scripting

The plugin does not escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. Go to Settings - Loading Page, in the "Display loading screen in" settings, select either "specific pages" or "specif...

4.8CVSS0.00493EPSS
Exploits2
wpexploit
wpexploit
added 2022/06/22 12:0 a.m.162 views

404s < 3.5.1 - Admin+ Stored Cross-Site Scripting

Description The plugin does not sanitise and escape its fields, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. Create/edit a new 404 via the plugin and put the following payload in the "Please enter the 40...

4.8CVSS4.8AI score0.00493EPSS
Exploits2
wpexploit
wpexploit
added 2022/06/22 12:0 a.m.396 views

LearnPress < 4.1.6.7 - Reflected Cross-Site Scripting

The plugin does not escape some URLs before outputting them back in attributes, leading to Reflected Cross-Site Scripting Fixed in 4.1.6.6 - https://example.com/wp-admin/admin.php?page=learn-press-settings&tab=emails&section=new-order-emails&a"alert/XSS/ Fixed in 4.1.6.7 - With a lesson attached ...

0.1AI score
Exploits0
wpexploit
wpexploit
added 2022/06/22 12:0 a.m.443 views

Data Tables Generator by Supsystic < 1.10.20 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its Table settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfilteredhtml capability is disallowed for example in multisite setup Create/edit a table, go to its settings, enabled...

4.8CVSS0.5AI score0.00493EPSS
Exploits2
wpexploit
wpexploit
added 2022/06/22 12:0 a.m.152 views

Download Manager < 3.2.48 - Contributor+ Stored Cross-Site Scripting

The plugin does not sanitise and escape the 'Insert URL' field, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks. Note: The attempted fix made in 3.2.46 and 3.2.47 were found to be insufficient As a contributor, create/edit a download and pu...

6.4CVSS5.5AI score0.00846EPSS
Exploits3References1
wpexploit
wpexploit
added 2022/06/21 12:0 a.m.150 views

Best Contact Management Software <= 3.7.3 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. Put the following payload in the "No Access Message" settings...

4.8CVSS4.8AI score0.00493EPSS
Exploits2
wpexploit
wpexploit
added 2022/06/21 12:0 a.m.107 views

Brizy Page Builder < 2.4.2 - Contributor+ Stored Cross-Site Scripting via Element Content

The plugin does not sanitise and escape some element content, which could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks As a contributor or above, create a post using Brizy editor and: - Add a Text Element then put the following payload:...

5.4CVSS0.00644EPSS
Exploits2References1
wpexploit
wpexploit
added 2022/06/21 12:0 a.m.114 views

OAuth 2.0 client for SSO < 1.11.4 - Authenticated Bypass

The plugin allows attackers to login as any user by just knowing their email address POST / HTTP/1.1 Content-Type: application/x-www-form-urlencoded option=mooauth&[email protected]...

9.8CVSS4.5AI score0.01344EPSS
Exploits2
wpexploit
wpexploit
added 2022/06/21 12:0 a.m.134 views

Import CSV Files <= 1.0 - Reflected Cross-Site Scripting

The plugin does not sanitise and escaped imported data before outputting them back in a page, and is lacking CSRF check when performing such action as well, resulting in a Reflected Cross-Site Scripting history.pushState'', '', '/' function submitRequest var xhr = new XMLHttpRequest;...

6.1CVSS0.00337EPSS
Exploits2
wpexploit
wpexploit
added 2022/06/21 12:0 a.m.135 views

Very Simple Breadcrumb <= 1.0 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. Put the following payload in the "Breadcrumb css class name" settings of the plugin: "alert/XSS/...

4.8CVSS0.5AI score0.00493EPSS
Exploits2
wpexploit
wpexploit
added 2022/06/21 12:0 a.m.123 views

CDI < 5.1.9 - Reflected Cross-Site-Scripting

The plugin does not sanitise and escape a parameter before outputting it back in the response of an AJAX action available to both unauthenticated and authenticated users, leading to a Reflected Cross-Site Scripting...

6.1CVSS0.5AI score0.01297EPSS
Exploits2
wpexploit
wpexploit
added 2022/06/21 12:0 a.m.135 views

LinkedIn Company Updates <= 1.5.3 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. Put the following payload in the "Client ID" settings: "/...

4.8CVSS1.2AI score0.00493EPSS
Exploits2
wpexploit
wpexploit
added 2022/06/21 12:0 a.m.122 views

Brizy Page Builder < 2.4.2 - Contributor+ Stored Cross-Site Scripting via Element URL

The plugin does not sanitise and escape some element URL, which could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks As a contributor or above, create a post using Brizy editor, add an Icon or Button element and put the following payload in the "Link...

5.4CVSS5.2AI score0.00644EPSS
Exploits2References1
wpexploit
wpexploit
added 2022/06/20 12:0 a.m.131 views

Popup Builder < 4.1.11 - Admin+ Stored Cross-Site Scripting

The plugin does not escape and sanitize some settings, which could allow high privilege users to perform Stored Cross-Site Scripting attacks when the unfiltredhtml is disallowed Create/edit a subscription, enabled the GDPR options in it and add the following payload in the "confirmation text"...

4.8CVSS0.2AI score0.00493EPSS
Exploits2
wpexploit
wpexploit
added 2022/06/20 12:0 a.m.130 views

Cache Images < 3.2.1 - Image Upload / Import via CSRF

The plugin does not implement nonce checks, which could allow attackers to make any logged user upload images via a CSRF attack. Allows import of any images with any user level. document.getElementById"test".submit; document.getElementById"test".submit; document.getElementById"test".submit;...

6.5CVSS0.9AI score0.00449EPSS
Exploits2
wpexploit
wpexploit
added 2022/06/20 12:0 a.m.100 views

WP Opt-in <= 1.4.1 - Arbitrary Settings Update via CSRF

The plugin is vulnerable to CSRF which allows changed plugin settings and can be used for sending spam emails. Bad e-mail address." Failed sending to e-mail address." " " " document.getElementById"test".submit;...

4.3CVSS0.5AI score0.00368EPSS
Exploits2
wpexploit
wpexploit
added 2022/06/20 12:0 a.m.404 views

Give < 2.21.0 - Reflected Cross-Site Scripting

The plugin does not escape some URLs before outputting them back in attributes, leading to Reflected Cross-Site Scripting https://example.com/wp-admin/edit.php?posttype=giveforms&page=give-tools&a"alert/XSS/...

0.2AI score
Exploits0
wpexploit
wpexploit
added 2022/06/20 12:0 a.m.164 views

WooCommerce PDF Invoices & Packing Slips < 2.16.0 - Reflected Cross-Site Scripting

The plugin doesn't escape a parameter on its setting page, making it possible for attackers to conduct reflected cross-site scripting attacks. https://example.com/wp-admin/admin.php?page=wpowcpdfoptionspage&preview=xxxxx%22+accesskey%3DX+onclick%3Dalert%281%29+test%3D%22...

6.1CVSS2.4AI score0.0068EPSS
Exploits2
wpexploit
wpexploit
added 2022/06/20 12:0 a.m.685 views

WooCommerce < 6.6.0 - Admin+ Stored HTML Injection

The plugin is vulnerable to stored HTML injection due to lack of escaping and sanitizing in the payment gateway titles Go to WooCommerce - Settings - Payments tab, enable BAC Bank Account Transfers and edit the title in the setup dialog. HTML can be injected there, and will be rendered both for...

4.8CVSS0.1AI score0.00559EPSS
Exploits2
wpexploit
wpexploit
added 2022/06/20 12:0 a.m.137 views

Admin Management Xtended < 2.4.5 - Post Visibility/Date/Comment Status Update via CSRF

The plugin does not have CSRF checks in some of its AJAX actions, allowing attackers to make a logged users with the right capabilities to call them. This can lead to changes in post status draft, published, slug, post date, comment status enabled, disabled and more. The following PoC codes are f...

6.5CVSS0.4AI score0.00612EPSS
Exploits2
wpexploit
wpexploit
added 2022/06/20 12:0 a.m.132 views

WP Duplicate Page < 1.3 - Admin+ Stored Cross Site Scripting

The plugin does not sanitize and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed. 1. Navigate to Settings -Duplicate Page - Duplicate Page Settings and enter the XSS payload into the...

4.8CVSS0.00493EPSS
Exploits2
wpexploit
wpexploit
added 2022/06/20 12:0 a.m.114 views

WP Event Manager < 3.1.28 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape its search before outputting it back in an attribute on the event dashboard, leading to a Reflected Cross-Site Scripting Against any authenticated user: https://example.com/event-dashboard/?searchkeywords=aaaa"...

6.1CVSS6.2AI score0.00712EPSS
Exploits2
wpexploit
wpexploit
added 2022/06/20 12:0 a.m.124 views

Analytify < 4.2.1 - Reflected Cross-Site Scripting

The plugin does not escape the current URL before outputting it back in a 404 page when the 404 tracking feature is enabled, leading to Reflected Cross-Site Scripting When 404 tracking is enabled: https://example.com/aa404bb?aalert/XSS/...

Exploits0
wpexploit
wpexploit
added 2022/06/20 12:0 a.m.153 views

WP Maintenance Mode & Coming Soon < 2.4.5 - Subscribed Users Deletion via CSRF

The plugin is lacking CSRF when emptying the subscribed users list, which could allow attackers to make a logged in admin perform such action via a CSRF attack document.getElementById"test".submit;...

6.5CVSS1.7AI score0.00449EPSS
Exploits2
wpexploit
wpexploit
added 2022/06/20 12:0 a.m.127 views

Bold Page Builder < 4.3.3 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed. 1. Navigate to Settings - Bold Builder - Bold Builder Settings and enter "alert'XSS'" into the "Color...

4.8CVSS4.8AI score0.00935EPSS
Exploits2
wpexploit
wpexploit
added 2022/06/20 12:0 a.m.147 views

WP OAuth Server ( Login with WordPress ) < 4.0.1 - Authentication Bypass

The plugin is affected by an Auth Bypass security vulnerability. To bypass authentication, we only need to know the user’s username. Depending on whose username we know, which can be easily queried because it is usually public data, we may even be given an administrative role on the client’s...

9.8CVSS0.2AI score0.01025EPSS
Exploits1
wpexploit
wpexploit
added 2022/06/16 12:0 a.m.225 views

WP Championship < 9.3 - Multiple CSRF

The plugin is lacking CSRF checks in various places, allowing attackers to make a logged in admin perform unwanted actions, such as create and delete arbitrary teams as well as update the plugin's settings. Due to the lack of sanitisation and escaping, it could also lead to Stored Cross-Site...

6.5CVSS0.8AI score0.00502EPSS
Exploits2
wpexploit
wpexploit
added 2022/06/16 12:0 a.m.115 views

Rename wp-login.php <= 2.6.0 - Secret URL Update via CSRF

The plugin does not have CSRF check in place when updating the secret login URL, which could allow attackers to make a logged in admin change them via a CSRF attack document.getElementById"test".submit;...

6.5CVSS1.5AI score0.00475EPSS
Exploits2
wpexploit
wpexploit
added 2022/06/16 12:0 a.m.109 views

Comment License < 1.4.0 - Arbitrary Settings Update via CSRF

The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack document.getElementById"test".submit;...

4.3CVSS1.3AI score0.00368EPSS
Exploits2
wpexploit
wpexploit
added 2022/06/16 12:0 a.m.177 views

WP Paginate < 2.1.9 - Admin+ Stored Cross-Site Scripting

The plugin does not escape one of its settings, which could allow high privilege users to perform Stored Cross-Site Scripting attacks when unfilteredhtml is disallowed Put the following payload on the Preset settings of the plugin: '+accesskey="X"+onclick="alert1"'...

4.8CVSS1.2AI score0.00493EPSS
Exploits2
wpexploit
wpexploit
added 2022/06/16 12:0 a.m.139 views

Pricing Deals for WooCommerce < 2.0.3 - Unauthenticated SQLi

The plugin does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to an unauthenticated SQL injection...

9.8CVSS2.9AI score0.0666EPSS
Exploits2
wpexploit
wpexploit
added 2022/06/16 12:0 a.m.109 views

Shortcut Macros <= 1.3 - Subscriber+ Arbitrary Settings Update

The plugin does not have authorisation and CSRF checks in place when updating its settings, which could allow any authenticated users, such as subscriber, to update them. Open the following HTML code while being logged in as a subscriber, or make any logged in user open it via a CSRF attack...

4.3CVSS0.4AI score0.00305EPSS
Exploits2
wpexploit
wpexploit
added 2022/06/16 12:0 a.m.108 views

FoxyShop < 4.8.2 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape a parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting https://example.com/wp-admin/edit.php?posttype=foxyshopproduct&page=foxyshoptools&updatetemplate=error&error=...

6.1CVSS0.7AI score0.00661EPSS
Exploits2
Total number of security vulnerabilities4359