Lucene search
K
WpexploitRecent

4359 matches found

wpexploit
wpexploit
•added 2024/04/24 12:0 a.m.•152 views

WP Prayer <= 2.0.9 - Arbitrary Prayer Deletion via CSRF

Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks Make and admin open a URL where is any valid prayer ID: https://example.com/wp-admin/admin.php?page=wpemanageprayer&doaction=delete&prayer...

6.8AI score0.00189EPSS
Exploits2
wpexploit
wpexploit
•added 2024/04/24 12:0 a.m.•142 views

HL Twitter <= 2014.1.18 - Admin+ Stored XSS via Widget

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup 1. In the widget area, add the widget...

5.7AI score0.00331EPSS
Exploits2
wpexploit
wpexploit
•added 2024/04/23 12:0 a.m.•129 views

Ultimate Blocks < 3.1.7 - Contributor+ Stored XSS

Description The plugin does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks As a contributor, put the below code in a...

8.3AI score0.00353EPSS
Exploits2References1
wpexploit
wpexploit
•added 2024/04/22 12:0 a.m.•128 views

PostX < 4.0.2 - Contributor+ Stored XSS

Description The plugin does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks 1. Create a new Post and add "Ultimate post...

8.3AI score0.00416EPSS
Exploits2References1
wpexploit
wpexploit
•added 2024/04/19 12:0 a.m.•174 views

reCAPTCHA Jetpack <= 0.2.2 - Stored XSS via CSRF

Description The plugin does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged-in admin add Stored XSS payloads via a CSRF attack. This requires Jetpack to be installed and to have a page/post with a Jetpack Contact Form...

5.9AI score0.00269EPSS
Exploits2
wpexploit
wpexploit
•added 2024/04/19 12:0 a.m.•177 views

VikBooking < 1.6.8 - Broken Access Control

Description The plugin's access control mechanism fails to properly restrict access to its settings, permitting any users that can access a menu to manipulate requests and perform unauthorized actions such as editing, renaming or deleting categories for example despite initial settings prohibitin...

6.7AI score0.0028EPSS
Exploits2
wpexploit
wpexploit
•added 2024/04/19 12:0 a.m.•172 views

VikBooking < 1.6.8 - Insecure Direct Object References

Description The plugin allows direct access to menus, allowing an authenticated user with subscriber privileges or above, to bypass authorization and access settings of the plugin's they shouldn't be allowed to. https://example.com/wp-admin/admin.php?option=comvikbooking&task=config...

6.6AI score0.0061EPSS
Exploits2
wpexploit
wpexploit
•added 2024/04/19 12:0 a.m.•137 views

reCAPTCHA Jetpack <= 0.2.2 - Settings Update via CSRF

Description The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack Have an admin open an HTML page containing:...

6.7AI score0.00381EPSS
Exploits2
wpexploit
wpexploit
•added 2024/04/18 12:0 a.m.•158 views

Add Custom CSS and JS <= 1.20 - Stored XSS via CSRF

Description The plugin does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in as author and above add Stored XSS payloads via a CSRF attack Make an author or above role open the following HTML: alert"frontendjs"' /...

5.9AI score0.00212EPSS
Exploits2
wpexploit
wpexploit
•added 2024/04/18 12:0 a.m.•138 views

LetterPress <= 1.2.2 - Subscriber Deletion via CSRF

Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks, such as delete arbitrary subscribers Make a logged in admin open an HTML file containing:...

6.9AI score0.00232EPSS
Exploits2
wpexploit
wpexploit
•added 2024/04/18 12:0 a.m.•143 views

Save as PDF < 3.2.0 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup 1. On the "Settings Save as PDF Basic...

5.7AI score0.00454EPSS
Exploits2
wpexploit
wpexploit
•added 2024/04/18 12:0 a.m.•163 views

Ungallery <= 2.2.4 - Stored XSS via CSRF

Description The plugin does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack Make a logged in admin open an HTML file containing the following: /" alert2' Save Changes...

5.9AI score0.00224EPSS
Exploits2
wpexploit
wpexploit
•added 2024/04/17 12:0 a.m.•171 views

SSL Zen <= 4.5.3 - Unauthenticated Private Keys Access

Description The plugin only relies on the use of .htaccess to prevent visitors from accessing the site's generated private keys, which allows an attacker to read them if the site runs on a server who doesn't support .htaccess files, like NGINX. Install the plugin on a server that doesn't support...

6.4AI score0.00413EPSS
Exploits2
wpexploit
wpexploit
•added 2024/04/16 12:0 a.m.•196 views

EasyEvent <= 1.0.0 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed 1. Got to https://example.com/wp-admin/options-general.php?page=easyevent 2. In the ID fiel...

6AI score0.00435EPSS
Exploits2
wpexploit
wpexploit
•added 2024/04/15 12:0 a.m.•139 views

MF Gig Calendar <= 1.2.1 - Arbitrary Event Deletion via CSRF

Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in Contributors and above delete arbitrary events via a CSRF attack Make a contributor or higher user open a link where is a valid event:...

6.8AI score0.00317EPSS
Exploits2
wpexploit
wpexploit
•added 2024/04/15 12:0 a.m.•161 views

Fancy Product Designer < 6.1.81 - Admin+ Cross Site Scripting

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup 1. Go to:...

5.7AI score0.00584EPSS
Exploits2
wpexploit
wpexploit
•added 2024/04/15 12:0 a.m.•133 views

MF Gig Calendar <= 1.2.1 - Editor+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as editor to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup 1. Go to "MF Gig Calendar Settings" 2...

5.7AI score0.00425EPSS
Exploits2
wpexploit
wpexploit
•added 2024/04/15 12:0 a.m.•149 views

Crelly Slider <= 1.4.5 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup 1. Go to "Crelly Slider" 2. Add a slid...

5.7AI score0.00425EPSS
Exploits2
wpexploit
wpexploit
•added 2024/04/15 12:0 a.m.•141 views

LiveJournal Shortcode <= 1.1.1 - Contributor+ Stored XSS via Shortcode

Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks Add this shortcode to a page: lj...

5.9AI score
Exploits1
wpexploit
wpexploit
•added 2024/04/12 12:0 a.m.•184 views

Carousel Slider < 2.2.10 - Editor+ Stored XSS

Description The plugin does not validate and escape some of its Slide options before outputting them back in the page/post where the related Slide shortcode is embed, which could allow users with the Editor role and above to perform Stored Cross-Site Scripting attacks As an Editor, create/edit a...

8.2AI score0.00497EPSS
Exploits2References1
wpexploit
wpexploit
•added 2024/04/12 12:0 a.m.•180 views

Responsive Contact Form Builder & Lead Generation Plugin <= 1.8.9 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup To replicate this vulnerability, follo...

5.7AI score0.00472EPSS
Exploits2
wpexploit
wpexploit
•added 2024/04/12 12:0 a.m.•157 views

Gutenverse < 1.9.1 - Contributor+ Stored XSS

Description The plugin does not validate the htmlTag option in various of its block before outputting it back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks As a contributor, put the below code in...

6AI score0.00442EPSS
Exploits2References1
wpexploit
wpexploit
•added 2024/04/11 12:0 a.m.•131 views

Side Menu Lite < 4.2.1 - Menu Deletion via CSRF

Description The plugin does not have CSRF checks in some bulk actions, which could allow attackers to make logged in admins perform unwanted actions, such as deleting buttons via CSRF attacks Make a logged in admin open an HTML file where ID is a valid ID: action...

6.8AI score0.0035EPSS
Exploits2
wpexploit
wpexploit
•added 2024/04/11 12:0 a.m.•138 views

Popup Box < 2.2.7 - Popup Deletion via CSRF

Description The plugin does not have CSRF checks in some bulk actions, which could allow attackers to make logged in admins perform unwanted actions, such as deleting popups via CSRF attacks Make a logged in admin open an HTML file where ID is a valid ID: action...

6.8AI score0.00277EPSS
Exploits2
wpexploit
wpexploit
•added 2024/04/11 12:0 a.m.•178 views

Wow Skype Buttons < 4.0.4 - Button Deletion via CSRF

Description The plugin does not have CSRF checks in some bulk actions, which could allow attackers to make logged in admins perform unwanted actions, such as deleting buttons via CSRF attacks As an admin open HTML file containing: action...

6.8AI score0.0035EPSS
Exploits2
wpexploit
wpexploit
•added 2024/04/11 12:0 a.m.•144 views

Float menu < 6.0.1 - Menu Deletion via CSRF

Description The plugin does not have CSRF check in its bulk actions, which could allow attackers to make logged in admin delete arbitrary menu via a CSRF attack. Make a logged in admin open one a page with the code below, this will make them delete the menu with ID 1:...

6.8AI score0.0028EPSS
Exploits2
wpexploit
wpexploit
•added 2024/04/11 12:0 a.m.•135 views

Modal Window < 5.3.10 - Modal Deletion via CSRF

Description The plugin does not have CSRF check in place when bulk deleting modals, which could allow attackers to make a logged in admin delete them via a CSRF attack Have a logged in admin open an HTML file containing where ID is an existing modal: action...

6.7AI score0.00204EPSS
Exploits2
wpexploit
wpexploit
•added 2024/04/11 12:0 a.m.•133 views

Button Generator < 3.0 - Button Deletion via CSRF

Description The plugin does not have CSRF check in place when bulk deleting, which could allow attackers to make a logged in admin delete buttons via a CSRF attack Make a logged in admin open an HTML file containing: action...

6.7AI score0.00229EPSS
Exploits2
wpexploit
wpexploit
•added 2024/04/11 12:0 a.m.•145 views

Sticky Buttons < 3.2.4 - Button Deletion via CSRF

Description The plugin does not have CSRF checks in some bulk actions, which could allow attackers to make logged in admins perform unwanted actions, such as deleting buttons via CSRF attacks Make a logged in admin open an HTML file where ID is a valid ID: action...

6.8AI score0.00283EPSS
Exploits2
wpexploit
wpexploit
•added 2024/04/11 12:0 a.m.•161 views

Counter Box < 1.2.4 - Counter Deletion via CSRF

Description The plugin does not have CSRF checks in some bulk actions, which could allow attackers to make logged in admins perform unwanted actions, such deleting counters via CSRF attacks Make a logged in admin open an HTML file where ID is a valid ID: action...

6.8AI score0.00272EPSS
Exploits2
wpexploit
wpexploit
•added 2024/04/11 12:0 a.m.•145 views

Herd Effects < 5.2.7 - Effect Deletion via CSRF

Description The plugin does not have CSRF checks in some bulk actions, which could allow attackers to make logged in admins perform unwanted actions, such as deleting effects via CSRF attacks Make a logged in admin open an HTML file where ID is a valid ID: action...

6.8AI score0.00223EPSS
Exploits2
wpexploit
wpexploit
•added 2024/04/10 12:0 a.m.•172 views

WordPress Geo Controller < 8.6.5 - PHP Object Injection

Description The plugin unserializes user input via some of its AJAX actions and REST API routes, which could allow unauthenticated users to perform PHP Object Injection when a suitable gadget is present on the blog...

7.2AI score0.00489EPSS
Exploits2References1
wpexploit
wpexploit
•added 2024/04/10 12:0 a.m.•1546 views

WP < 6.5.2 - Unauthenticated Stored XSS

Description WordPress does not escape the Author name of its Avatar block when some settings are enabled, leading to Stored Cross-Site Scripting. In a default setup, contributor and above users could perform such attack. However, if the blog is using the mentioned settings in the comment template...

7AI score
Exploits0References1
wpexploit
wpexploit
•added 2024/04/08 12:0 a.m.•153 views

GamiPress < 6.8.9 - Broken Access Control

Description The plugin's access control mechanism fails to properly restrict access to its settings, permitting Authors to manipulate requests and extend access to lower privileged users, like Subscribers, despite initial settings prohibiting such access. This vulnerability resembles broken acces...

6.6AI score0.00635EPSS
Exploits2
wpexploit
wpexploit
•added 2024/04/08 12:0 a.m.•134 views

Smart Forms < 2.6.96 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup 1. Add a new form or edit an existing...

5.7AI score0.0047EPSS
Exploits2
wpexploit
wpexploit
•added 2024/04/05 12:0 a.m.•174 views

Sassy Social Share < 3.3.61 - Contributor+ Stored XSS

Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks As a contributor, put the below...

5.8AI score0.0048EPSS
Exploits3References1
wpexploit
wpexploit
•added 2024/04/05 12:0 a.m.•177 views

Call Now Button < 1.4.7 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. 1. Navigate to All Buttons, and add a...

5.7AI score0.0067EPSS
Exploits2
wpexploit
wpexploit
•added 2024/04/05 12:0 a.m.•142 views

Bannerlid <= 1.1.0 - Reflected XSS

Description The plugin does not escape generated URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as administrators Have an admin open URLs: -...

8.7AI score0.00431EPSS
Exploits2
wpexploit
wpexploit
•added 2024/04/05 12:0 a.m.•132 views

Salon booking system < 9.6.6 - Editor+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as Editor to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup 1. Go to "Salon Services Add New...

5.6AI score0.00418EPSS
Exploits2
wpexploit
wpexploit
•added 2024/04/05 12:0 a.m.•132 views

Fancy Product Designer < 6.1.8 - Reflected Cross Site Scripting

Description The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against unauthenticated and admin-level users Note: This requires WooCommerce to be installed. 1. Go to "Fancy Product Designer...

6.3AI score0.00462EPSS
Exploits2
wpexploit
wpexploit
•added 2024/04/05 12:0 a.m.•179 views

Salon booking system < 9.6.6 - Settings Update via CSRF

Description The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack Make an admin open a page containing the code: input type="submit" valu...

6.6AI score0.00247EPSS
Exploits2
wpexploit
wpexploit
•added 2024/04/05 12:0 a.m.•136 views

ENL Newsletter <= 1.0.1 - Stored XSS via CSRF

Description The plugin does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack Make an admin open an HTML file containing: Name: alert1' / alert2' /...

5.9AI score0.00207EPSS
Exploits2
wpexploit
wpexploit
•added 2024/04/05 12:0 a.m.•131 views

MM-email2image <= 0.2.5 - Stored XSS via CSRF

Description The plugin does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack Make a logged in admin open a file containing the HTML: alert2' /...

9AI score0.00202EPSS
Exploits2
wpexploit
wpexploit
•added 2024/04/05 12:0 a.m.•174 views

Shortcodes Ultimate < 7.1.0 - Contributor+ Stored XSS

Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks As a contributor, put the...

5.9AI score0.00438EPSS
Exploits2References1
wpexploit
wpexploit
•added 2024/04/05 12:0 a.m.•179 views

MM-email2image <= 0.2.5 - Contributor+ Stored XSS

Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks Add the following payload to a...

8.3AI score0.00624EPSS
Exploits2
wpexploit
wpexploit
•added 2024/04/05 12:0 a.m.•194 views

Salon booking system < 9.6.6 - Editor+ Stored XSS via Email Settings

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin or editor depending on plugin configuration to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite...

5.6AI score0.00465EPSS
Exploits2
wpexploit
wpexploit
•added 2024/04/05 12:0 a.m.•146 views

ENL Newsletter <= 1.0.1 - Admin+ SQL Injection

Description The plugin does not sanitize and escape a parameter before using it in a SQL statement, allowing admin+ to perform SQL injection attacks As an admin open a link like:...

7.5AI score0.00512EPSS
Exploits2
wpexploit
wpexploit
•added 2024/04/05 12:0 a.m.•177 views

WP Google Review Slider < 13.6 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup 1. Go to "WP Google Reviews Templates"...

5.7AI score0.00308EPSS
Exploits2References1
wpexploit
wpexploit
•added 2024/04/05 12:0 a.m.•137 views

ENL Newsletter <= 1.0.1 - Campaign Deletion via CSRF

Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in admins delete arbitrary Campaigns via a CSRF attack Make an admin open a URL like where is a valid ID: http://example.com/wp-admin/admin.php?page=enl-campaigns&action=campaign-delete&id=...

6.8AI score0.00281EPSS
Exploits2
wpexploit
wpexploit
•added 2024/04/05 12:0 a.m.•165 views

WP Chat App < 3.6.4 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admins to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed 1. Navigate to http://vulnerable-site.tld/wp-admin/admin.php?page=ntawhatsappfloatingwidge...

6AI score0.00522EPSS
Exploits2References1
Total number of security vulnerabilities4359