Lucene search
K
WpexploitRecent

4359 matches found

wpexploit
wpexploit
added 2022/05/23 12:0 a.m.132 views

WP Admin Style <= 0.1.2 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfilteredhtml capability is disallowed Put the following payload in the CSS settings of the plugin:...

4.8CVSS0.6AI score0.00565EPSS
Exploits2
wpexploit
wpexploit
added 2022/05/23 12:0 a.m.155 views

LaTeX for WordPress <= 3.4.10 - Arbitrary Settings Update via CSRF to Stored XSS

The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack which could also lead to Stored Cross-Site Scripting due to the lack of sanitisation and escaping " document.getElementById"test".submit;...

5.4CVSS1AI score0.00292EPSS
Exploits2
wpexploit
wpexploit
added 2022/05/23 12:0 a.m.139 views

Quick Subscribe <= 1.7.1 - Arbitrary Settings Update via CSRF to Stored XSS

The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and leading to Stored XSS due to the lack of sanitisation and escaping in some of them ok' document.getElementById"test".submit;...

5.4CVSS1.4AI score0.00292EPSS
Exploits2
wpexploit
wpexploit
added 2022/05/23 12:0 a.m.120 views

Simple Membership < 4.1.1 - Reflected Cross-Site Scripting

The plugin does not properly sanitise and escape parameters before outputting them back in AJAX actions, leading to Reflected Cross-Site Scripting https://example.com/wp-admin/admin-ajax.php?action=swpmvalidateemail&fieldId=%22%3Cscript%3Ealert%22XSS%22;%3C/script%3E...

6.1CVSS1.5AI score0.01693EPSS
Exploits2
wpexploit
wpexploit
added 2022/05/23 12:0 a.m.115 views

Newsletter < 7.4.5 - Reflected Cross-Site Scripting

The plugin does not sanitize and escape the $SERVER'REQUESTURI' before echoing it back in admin pages. Although this uses addslashes, and most modern browsers automatically URLEncode requests, this is still vulnerable to Reflected XSS in older browsers such as Internet Explorer 9 or below...

6.1CVSS0.1AI score0.01785EPSS
Exploits2
wpexploit
wpexploit
added 2022/05/23 12:0 a.m.110 views

Change Uploaded File Permissions <= 4.0.0 - File Permission Update via CSRF

Due to missing checks the plugin is vulnerable to CSRF attacks. This can be used to change the file and folder permissions of any folder. This could be problematic when specific files like ini files are made readable for everyone due to this. document.getElementById"test".submit;...

6.5CVSS0.5AI score0.00736EPSS
Exploits2
wpexploit
wpexploit
added 2022/05/23 12:0 a.m.153 views

One Click Plugin Updater <= 2.4.14 - Arbitrary Settings Update via CSRF

The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and disable / hide the badge of the available updates and the related check. document.getElementById"test".submit;...

8.1CVSS1.2AI score0.00517EPSS
Exploits2
wpexploit
wpexploit
added 2022/05/23 12:0 a.m.137 views

WP-chgFontSize <= 1.8 - Arbitrary Settings Update via CSRF to Stored XSS

The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and lead to Stored Cross-Site Scripting due to the lack of sanitisation and escaping ' document.getElementById"test".submit;...

5.4CVSS1AI score0.00292EPSS
Exploits2
wpexploit
wpexploit
added 2022/05/23 12:0 a.m.100 views

Private Files <= 0.40 - Protection Disabling via CSRF

The plugin is missing CSRF check when disabling the protection, which could allow attackers to make a logged in admin perform such action via a CSRF attack and make the blog public document.getElementById"test".submit; That will also delete the .htaccess...

4.3CVSS0.9AI score0.00412EPSS
Exploits2
wpexploit
wpexploit
added 2022/05/23 12:0 a.m.118 views

Like Button Rating < 2.6.45 - Arbitrary e-mail Sending

The plugin allows any logged-in user, such as subscriber, to send arbitrary e-mails to any recipient, with any subject and body As a subscriber, run the below command in the web developer console of the browser fetch"/wp-admin/admin-ajax.php?action=likebtntestvotenotification", "headers":...

6.5CVSS0.4AI score0.0077EPSS
Exploits2
wpexploit
wpexploit
added 2022/05/23 12:0 a.m.117 views

RB Internal Links <= 2.0.16 - Stored Cross-Site Scripting via CSRF

The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack, as well as perform Stored Cross-Site Scripting attacks due to the lack of sanitisation and escaping ' document.getElementById"test".submit;...

5.4CVSS0.8AI score0.00292EPSS
Exploits2
wpexploit
wpexploit
added 2022/05/23 12:0 a.m.219 views

KiviCare < 2.3.9 - Unauthenticated SQLi

The plugin does not sanitise and escape some parameters before using them in SQL statements via the ajaxpost AJAX action with the getdoctordetails route, leading to SQL Injections exploitable by unauthenticated users With at least one doctor created via the plugin: v 2.3.4 curl...

9.8CVSS1.9AI score0.11485EPSS
Exploits2
wpexploit
wpexploit
added 2022/05/23 12:0 a.m.113 views

Genki Pre-Publish Reminder <= 1.4.1 - Stored XSS & RCE via CSRF

The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and lead to Stored XSS as well as RCE when custom code is added via the plugin settings. document.getElementById"test".submit;...

8.8CVSS0.7AI score0.00597EPSS
Exploits2
wpexploit
wpexploit
added 2022/05/23 12:0 a.m.142 views

Sideblog <= 6.0 - Arbitrary Settings Update via CSRF to Stored XSS

The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and lead to Stored Cross-Site Scripting due to the lack of sanitisation and escaping " document.getElementById"test".submit; The XSS will be...

5.4CVSS0.5AI score0.00292EPSS
Exploits2
wpexploit
wpexploit
added 2022/05/20 12:0 a.m.659 views

Export any WordPress data to XML/CSV < 1.3.5 - Admin+ SQL Injection

The plugin does not sanitize the cpt POST parameter when exporting post data before using it in a database query, leading to an SQL injection vulnerability. 1. Go to the All Export New Export screen in the WordPress admin. 2. Now click on Specific Post Type Posts. 3. Click now on Migrate Posts an...

7.2CVSS0.6AI score0.01269EPSS
Exploits2References1
wpexploit
wpexploit
added 2022/05/18 12:0 a.m.315 views

HC Custom WP-Admin URL <= 1.4 - Unauthenticated Secret URL Disclosure

The plugin leaks the secret login URL when sending a specific crafted request curl -sIXGET -H "Cookie: validloginslug=1" https://example.com/wp-login.php HTTP/2 302 x-redirect-by: WordPress location: secret...

5.3CVSS5.3AI score0.02621EPSS
Exploits2
wpexploit
wpexploit
added 2022/05/18 12:0 a.m.116 views

Slideshow CK < 1.4.10 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitize and escape Slide's descriptions, which could allow high-privileged users such as admin to perform Cross-Site Scripting attacks when unfilteredhtml is disallowed Create/edit a Slideshow, add a Slide and put the following payload in the Description The XSS will be...

4.8CVSS0.9AI score0.00565EPSS
Exploits2
wpexploit
wpexploit
added 2022/05/18 12:0 a.m.132 views

The School Management < 9.9.7 - Unauthenticated RCE via REST api

The plugin contains an obfuscated backdoor injected in it's license checking code that registers a REST API handler, allowing an unauthenticated attacker to execute arbitrary PHP code on the site. curl -d 'blowfish=1' -d "blowf=system'id';" 'https://examples.com/wp-json/am-member/license'...

4.5AI score0.64321EPSS
Exploits6
wpexploit
wpexploit
added 2022/05/18 12:0 a.m.310 views

Member Hero <= 1.0.9 - Unauthenticated RCE

The plugin lacks authorization checks, and does not validate the a request parameter in an AJAX action, allowing unauthenticated users to call arbitrary PHP functions with no arguments. curl https://example.com/wp-admin/admin-ajax.php?action=memberherosendform&memberherohook=phpinfo...

9.8CVSS3AI score0.09105EPSS
Exploits2
wpexploit
wpexploit
added 2022/05/18 12:0 a.m.107 views

Webriti SMTP Mail <= 1.0 - Arbitrary Settings Update via CSRF

The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack document.getElementById"test".submit; document.getElementById"test".submit;...

6.5CVSS0.9AI score0.00513EPSS
Exploits2
wpexploit
wpexploit
added 2022/05/18 12:0 a.m.179 views

Themify - WooCommerce Product Filter < 1.3.8 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape the page parameter before outputting it back in an attribute in an admin page, leading to a Reflected Cross-Site Scripting ' /...

6.1CVSS0.2AI score0.00815EPSS
Exploits2
wpexploit
wpexploit
added 2022/05/18 12:0 a.m.118 views

HC Custom WP-Admin URL <= 1.4 - Arbitrary Settings Update via CSRF

The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack, allowing them to change the login URL document.getElementById"test".submit;...

4.3CVSS1.6AI score0.00412EPSS
Exploits2
wpexploit
wpexploit
added 2022/05/18 12:0 a.m.126 views

Carousel CK <= 1.1.0 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitize and escape Slide's descriptions, which could allow high-privileged users such as admin to perform Cross-Site Scripting attacks when unfilteredhtml is disallowed Create/edit a Carousel, add a Slide and put the following payload in the Description The XSS will be...

4.8CVSS1AI score0.00565EPSS
Exploits2
wpexploit
wpexploit
added 2022/05/18 12:0 a.m.135 views

Email Users <= 4.8.8 - Arbitrary Settings Update via CSRF

The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and change the notification settings of arbitrary users...

6.5CVSS3.9AI score0.00513EPSS
Exploits2
wpexploit
wpexploit
added 2022/05/18 12:0 a.m.102 views

MailerLite < 1.5.4 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting The first digit of the ID must be an existing form ID...

6.1CVSS0.3AI score0.00815EPSS
Exploits2
wpexploit
wpexploit
added 2022/05/18 12:0 a.m.250 views

Latest Tweets Widget <= 1.1.4 - Arbitrary Settings Update via CSRF

The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack document.getElementById"test".submit;...

6.5CVSS1.7AI score0.00513EPSS
Exploits2
wpexploit
wpexploit
added 2022/05/18 12:0 a.m.151 views

WP-CRM <= 1.2.1 - CSV Injection

The plugin does not validate and sanitise fields when exporting people to a CSV file, leading to a CSV injection vulnerability. 1. Add new person and put the following CSV calculator payload into the Display Name, Phone Number and Description field and save the entry. payload : =cmd|' /C calc'!'A...

7.8CVSS0.7AI score0.00988EPSS
Exploits2
wpexploit
wpexploit
added 2022/05/18 12:0 a.m.138 views

Log WP_Mail <= 0.1 - Email Logs Publicly Accessible

The plugin saves sent email in a publicly accessible directory using predictable filenames, allowing any unauthenticated visitor to obtain potentially sensitive information like generated passwords. curl https://example.com/wp-content/plugins/logwpmail/log/LWPMAIL-20220330-success.log...

7.5CVSS1.8AI score0.01394EPSS
Exploits2
wpexploit
wpexploit
added 2022/05/18 12:0 a.m.104 views

OnePress Social Locker <= 5.6.2 - Arbitrary Settings Update via CSRF

The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack document.getElementById"test".submit; form id="test"...

6.5CVSS0.9AI score0.00513EPSS
Exploits2
wpexploit
wpexploit
added 2022/05/17 12:0 a.m.121 views

Google Places Review < 2.0.0 - Admin+ Stored Cross Site Scripting

The plugin does not properly escape its Google API key setting, which is reflected on the site's administration panel. A malicious administrator could abuse this bug, in a multisite WordPress configuration, to trick super-administrators into viewing the booby-trapped payload and taking over their...

4.8CVSS0.8AI score0.0071EPSS
Exploits2
wpexploit
wpexploit
added 2022/05/17 12:0 a.m.132 views

WP Athletics <= 1.1.7 - Subscriber+ Stored Cross-Site Scripting

The plugin does not sanitize parameters before storing them in the database, nor does it escape the values when outputting them back in the admin dashboard, leading to a Stored Cross-Site Scripting vulnerability. - Log on to the site using a subscriber account. - On the page the shortcode is...

5.4CVSS0.5AI score0.00571EPSS
Exploits2
wpexploit
wpexploit
added 2022/05/17 12:0 a.m.208 views

iQ Block Country <= 1.2.18 - Protection Bypass due to IP Spoofing

The plugin does not properly checks HTTP headers in order to validate the origin IP address, allowing threat actors to bypass it's block feature by spoofing the headers. curl -i -H 'CF-CONNECTING-IP: 0.0.0.0' https://example.com...

7.5CVSS1.2AI score0.01191EPSS
Exploits2
wpexploit
wpexploit
added 2022/05/17 12:0 a.m.107 views

Hot Linked Image Cacher <= 1.16 - Image upload/cache abuse via CSRF

The plugin is vulnerable to CSRF. This can be used to store / cache images from external domains on the server, which could lead to legal risks due to copyright violations or licensing rules. document.getElementById"test".submit;...

8.8CVSS0.7AI score0.00609EPSS
Exploits2
wpexploit
wpexploit
added 2022/05/17 12:0 a.m.156 views

Advanced Admin Search < 1.1.6 - Reflected Cross-Site Scripting

The plugin does not sanitize and escape some parameters before outputting them back in an admin page, leading to a Reflected Cross-Site Scripting. Affected parameters: keyword, user, metaKey, and metaValue https://example.com/wp-admin/admin.php?page=advanced-admin-search&keyword="...

6.1CVSS0.3AI score0.00757EPSS
Exploits2
wpexploit
wpexploit
added 2022/05/17 12:0 a.m.149 views

Bestbooks <= 2.6.3 - Unauthenticated SQLi

The plugin does not sanitise and escape some parameters before using them in a SQL statement via an AJAX action, leading to an SQL Injection exploitable by unauthenticated users Affected parameters: credit and debit curl https://example.com/wp-admin/admin-ajax.php \ --data...

9.8CVSS1.1AI score0.09047EPSS
Exploits2
wpexploit
wpexploit
added 2022/05/17 12:0 a.m.104 views

WP Athletics <= 1.1.7 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape a parameter before outputting back in an admin page, leading to a Reflected Cross-Site Scripting...

6.1CVSS0.8AI score0.00757EPSS
Exploits2
wpexploit
wpexploit
added 2022/05/17 12:0 a.m.128 views

Useful Banner Manager <= 1.6.1 - Modify banners via CSRF

The plugin does not perform CSRF checks on POST requests to its admin page, allowing an attacker to trick a logged in admin to add, modify or delete banners from the plugin by submitting a form. document.getElementById"test".submit;...

6.5CVSS1.5AI score0.00513EPSS
Exploits2
wpexploit
wpexploit
added 2022/05/17 12:0 a.m.112 views

Enqueue Anything <= 1.0.1 - Subscriber+ Arbitrary Asset/Post Deletion

The plugin does not have authorisation and CSRF checks in the removeasset AJAX action, and does not ensure that the item to be deleted is actually an asset. As a result, low privilege users such as subscriber could delete arbitrary assets, as well as put arbitrary posts in the trash. v1.0.1 added...

6.5CVSS0.4AI score0.00408EPSS
Exploits2
wpexploit
wpexploit
added 2022/05/16 12:0 a.m.206 views

FiboSearch < 1.18.0 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfilteredhtml capability is disallowed Put the following payload in the Woocommerce FiboSearch Autocomplete Products - "No...

4.8CVSS0.5AI score0.00565EPSS
Exploits2
wpexploit
wpexploit
added 2022/05/16 12:0 a.m.134 views

WP Born Babies <= 1.0 - Contributor+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its fields, which could allow users with a role as low as contributor to perform Cross-Site Scripting attacks As a contributor, create a new Baby item and put the following payload in any of the settings such as Birth Date, Time of Birth etc:...

5.4CVSS0.1AI score0.00571EPSS
Exploits2
wpexploit
wpexploit
added 2022/05/16 12:0 a.m.117 views

Throws SPAM Away < 3.3.1 - Comment Deletion via CSRF

The plugin does not have CSRF checks in place when deleting comments either all, spam, or pending, allowing attackers to make a logged in admin delete comments via a CSRF attack To delete all comments document.getElementById"test".submit; document.getElementById"test".submit;...

4.3CVSS0.7AI score0.00412EPSS
Exploits2
wpexploit
wpexploit
added 2022/05/16 12:0 a.m.116 views

Discy < 5.2 - Settings Update via CSRF

The theme lacks CSRF checks in some AJAX actions, allowing an attacker to make a logged in admin change arbitrary plugin's settings including payment methods via a CSRF attack...

4.3CVSS1.5AI score0.01244EPSS
Exploits2
wpexploit
wpexploit
added 2022/05/16 12:0 a.m.125 views

Discy < 5.2 - Restore Default Settings via CSRF

The theme does not check for CSRF tokens in the AJAX action discyresetoptions, allowing an attacker to trick an admin into resetting the site settings back to defaults...

6.5CVSS1.6AI score0.00513EPSS
Exploits2
wpexploit
wpexploit
added 2022/05/16 12:0 a.m.112 views

FormCraft Basic < 1.2.6 - Admin+ Stored Cross Site Scripting

The plugin does not sanitise and escape Field Labels, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. Put the following payload into a Field Label and save: The XSS will be triggered when accessing the form...

4.8CVSS0.8AI score0.00565EPSS
Exploits2
wpexploit
wpexploit
added 2022/05/16 12:0 a.m.155 views

Photo Gallery < 1.6.4 - Admin+ Stored Cross-Site Scripting

The plugin does not properly validate and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks when unfilteredhtml is disallowed Go to Photo Gallery Global Settings Watermark Using the web browser inspector, change the input typ...

4.8CVSS0.5AI score0.00995EPSS
Exploits2
wpexploit
wpexploit
added 2022/05/16 12:0 a.m.121 views

LiveSync for WordPress <= 1.0 - Arbitrary Settings Update via CSRF

The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack document.getElementById"test".submit; document.getElementById"test".submit; input...

4.3CVSS1.4AI score0.00412EPSS
Exploits2
wpexploit
wpexploit
added 2022/05/16 12:0 a.m.128 views

Video Slider - Slider Carousel < 1.4.8 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitize or escape some of its video settings, which could allow high-privileged users to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed Create/edit a video from a slider and put the following payload in the Description: , then save/update the vide...

4.8CVSS4.9AI score0.00565EPSS
Exploits2
wpexploit
wpexploit
added 2022/05/16 12:0 a.m.133 views

User Meta < 2.4.4 - Subscriber+ Local File Enumeration via Path Traversal

The plugin does not validate the filepath parameter of its umshowuploadedfile AJAX action, which could allow low privileged users such as subscriber to enumerate the local files on the web server via path traversal payloads As a subscriber, submit a dummy image on a page/post with a File Upload...

6.5CVSS6.4AI score0.02233EPSS
Exploits5
wpexploit
wpexploit
added 2022/05/13 12:0 a.m.123 views

Files Download Delay < 1.0.7 - Subscriber+ Settings Reset

The plugin does not have authorisation and CSRF checks when reseting its settings, which could allow any authenticated users, such as subscriber to perform such action. https://example.com/wp-admin/admin-ajax.php?action=ddlayrestoredefaults...

6.5CVSS3AI score0.00406EPSS
Exploits2
wpexploit
wpexploit
added 2022/05/12 12:0 a.m.136 views

WP Simple Adsense Insertion < 2.1 - Inject ads and javascript via CSRF

The plugin does not perform CSRF checks on updates to its admin page, allowing an attacker to trick a logged in user to manipulate ads and inject arbitrary javascript via submitting a form. alert'boo!'" document.getElementById"test".submit;...

4.3CVSS0.8AI score0.00412EPSS
Exploits2
Total number of security vulnerabilities4359