Lucene search
K
WpexploitRecent

4359 matches found

wpexploit
wpexploit
added 2022/04/27 12:0 a.m.81 views

Coru LFMember <= 1.0.2 - Arbitrary Game Deletion/Activation via CSRF

The plugin does not have CSRF in place when deleting and activating games, which could allow attacker to make a logged in admin perform such actions...

1.8AI score
Exploits0
wpexploit
wpexploit
added 2022/04/26 12:0 a.m.91 views

Donate Extra <= 2.02 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape a parameter before outputting it back in the response, leading to a Reflected cross-Site Scripting ' document.form1.submit;...

6.1CVSS0.1AI score0.00757EPSS
Exploits2
wpexploit
wpexploit
added 2022/04/26 12:0 a.m.104 views

Sliderby10Web < 1.2.52 - Admin+ Stored Cross-Site Scripting

The plugin does not properly sanitize and escape some of its settings, which could allow high-privileged users such as admin to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed Create/edit a slider, put the following payload in the CSS settings and save: The XSS will be...

4.8CVSS0.8AI score0.00995EPSS
Exploits2
wpexploit
wpexploit
added 2022/04/26 12:0 a.m.102 views

Domain Replace <= 1.3.8 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape a parameter before outputting it back in an attribute in an admin page, leading to a Reflected Cross-Site Scripting https://example.com/wp-admin/admin.php?page=dr-convert&msg=%3Csvg%2Fonload%3Dalert%28%2Fxss%2F%29%3E...

6.1CVSS1.2AI score0.00757EPSS
Exploits2
wpexploit
wpexploit
added 2022/04/26 12:0 a.m.91 views

Coru LFMember <= 1.0.2 - Stored Cross-Site Scripting via CSRF

The plugin does not have CSRF check in place when adding a new game, and is lacking sanitisation as well as escaping in their settings, allowing attacker to make a logged in admin add an arbitrary game with XSS payloads ' / ' / ' / " / ' /...

0.9AI score0.00266EPSS
Exploits2References1
wpexploit
wpexploit
added 2022/04/26 12:0 a.m.96 views

Turn off all comments <= 1.0 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape the rows parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting https://example.com/wp-admin/tools.php?page=toac&status=success&rows=%3Csvg%2Fonload%3Dalert%28%2Fxss%2F%29%3E...

6.1CVSS1.5AI score0.02953EPSS
Exploits2
wpexploit
wpexploit
added 2022/04/26 12:0 a.m.98 views

Vertical scroll recent post < 14.0 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape a parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting https://example.com/wp-admin/options-general.php?page=vertical-scroll-recent-post&action=edit&vsrpid=0%22%3E%3Csvg%2Fonload%3Dalert%28%2Fxss%2F%29%3E...

6.1CVSS0.7AI score0.00773EPSS
Exploits2
wpexploit
wpexploit
added 2022/04/25 12:0 a.m.80 views

Tracked Tweets <= 0.2.9 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape some parameters before outputting them back in an admin page, leading to a Reflected Cross-Site Scripting issue All parameters from the settings page are affected ' /...

0.1AI score
Exploits0
wpexploit
wpexploit
added 2022/04/25 12:0 a.m.135 views

WPC Smart Wishlist for WooCommerce < 2.9.9 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape a parameter before outputting it back in an attribute via an AJAX action, leading to a Reflected Cross-Site Scripting issue. Against any authenticated user: ' /...

6.1CVSS0.00815EPSS
Exploits2
wpexploit
wpexploit
added 2022/04/25 12:0 a.m.137 views

ScrollReveal.js Effects <= 1.2 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed Put the following payload in any of the plugin's settings such as Opacity: "...

4.8CVSS1.2AI score0.00648EPSS
Exploits2References1
wpexploit
wpexploit
added 2022/04/25 12:0 a.m.125 views

WP Subtitle < 3.4.1 - Contributor+ Stored Cross-Site Scripting

The plugin adds a subtitle field and provides a shortcode to display it via wpsubtitle. The subtitle is stored as a custom post meta with the key: "wpssubtitle", which is sanitized upon post save/update, however is not sanitized when updating it directly from the post meta update button via AJAX ...

5.4CVSS0.00567EPSS
Exploits2
wpexploit
wpexploit
added 2022/04/25 12:0 a.m.142 views

Gmedia Photo Gallery < 1.20.0 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape the Album's name before outputting it in pages/posts with a media embed, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered-html capability is disallowed https://youtu.be/kTMg65teTvU Create ...

4.8CVSS0.3AI score0.00854EPSS
Exploits2
wpexploit
wpexploit
added 2022/04/25 12:0 a.m.162 views

Call Now Button < 1.1.2 - Reflected Cross-Site Scripting

The plugin does not escape a parameter before outputting it back in an attribute of a hidden input, leading to a Reflected Cross-Site Scripting when the premium is enabled With premium enabled: http://example.com/wp-admin/admin.php?page=call-now-button&bid=xxxxx" accesskey=X onclick=alert/XSS/...

6.1CVSS0.2AI score0.00757EPSS
Exploits2
wpexploit
wpexploit
added 2022/04/25 12:0 a.m.83 views

Tracked Tweets <= 0.2.9 - Stored Cross-Site Scripting via CSRF

The plugin does not have SCRF check when updating its settings, as well as does not sanitise and escape them when outputting them back. This could allow attackers to make a logged in admin update them to arbitrary values, including XSS payloads, via a CSRF attack ' /...

0.5AI score
Exploits0
wpexploit
wpexploit
added 2022/04/25 12:0 a.m.108 views

WP-Invoice <= 4.3.1 - Stored Cross-Site Scripting via CSRF

The plugin does not have CSRF check in place when updating its settings, and is lacking sanitisation as well as escaping in some of them, allowing attacker to make a logged in admin change them and add XSS payload in them ' /...

1AI score0.00266EPSS
Exploits2References1
wpexploit
wpexploit
added 2022/04/25 12:0 a.m.61 views

Content Egg < 5.3.1 - Reflected Cross-Site Scripting

The plugin does not escape some URLs before outputting them back in attributes, leading to Reflected Cross-Site Scripting https://example.com/wp-admin/admin.php?page=content-egg-autoblog-edit&a"alert/XSS/...

0.1AI score
Exploits0
wpexploit
wpexploit
added 2022/04/21 12:0 a.m.440 views

VikBooking Hotel Booking Engine & PMS < 1.5.8 - Admin+ Stored Cross-Site Scripting

The plugin does not escape various settings before outputting them in attributes, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed v 1.5.7 Add/edit a custom field /wp-admin/admin.php?option=comvikbooking&task=custo...

4.8CVSS0.5AI score0.00565EPSS
Exploits2
wpexploit
wpexploit
added 2022/04/21 12:0 a.m.406 views

VikBooking Hotel Booking Engine & PMS < 1.5.7 - Stored Cross-Site Scripting via CSRF

The plugin does not have CSRF check in place when adding a tracking campaign, and does not escape the campaign fields when outputting them In attributes. As a result, attackers could make a logged in admin add tracking campaign with XSS payloads in them via a CSRF attack XSS will be triggered in...

6.5CVSS0.8AI score0.00513EPSS
Exploits2
wpexploit
wpexploit
added 2022/04/21 12:0 a.m.416 views

VikBooking Hotel Booking Engine & PMS < 1.5.8 - Admin+ PHP File Upload

The plugin does not properly validate images, allowing high privilege users such as administrators to upload PHP files disguised as images and containing malicious PHP code Edit/add a Characteristics /wp-admin/admin.php?option=comvikbooking&task=carat and upload a fake GIF with PHP code in it as ...

7.2CVSS0.8AI score0.01436EPSS
Exploits2
wpexploit
wpexploit
added 2022/04/20 12:0 a.m.117 views

Country Selector < 1.6.6 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape the country and lang parameters before outputting them back in the response, leading to a Reflected Cross-Site Scripting " / " /...

6.1CVSS6.2AI score0.01409EPSS
Exploits2References1
wpexploit
wpexploit
added 2022/04/20 12:0 a.m.157 views

Social Stickers <= 2.2.9 - Stored Cross-Site Scripting via CSRF

The plugin does not have CSRF checks in place when updating its Social Network settings, and does not escape some of these fields, which could allow attackers to make a logged-in admin change them and lead to Stored Cross-Site Scripting issues. history.pushState'', '', '/' input type="hidden"...

6.1CVSS6AI score0.00377EPSS
Exploits2
wpexploit
wpexploit
added 2022/04/19 12:0 a.m.160 views

th23 Social <= 1.2.0 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed Put the following payload in the plugin's settings...

4.8CVSS0.8AI score0.00565EPSS
Exploits2
wpexploit
wpexploit
added 2022/04/19 12:0 a.m.1622 views

Fusion Builder < 3.6.2 - Unauthenticated SSRF

Description The plugin, used in the Avada theme, does not validate a parameter in its forms which could be used to initiate arbitrary HTTP requests. The data returned is then reflected back in the application's response. This could be used to interact with hosts on the server's local network...

9.8CVSS9.3AI score0.71722EPSS
Exploits6References2
wpexploit
wpexploit
added 2022/04/19 12:0 a.m.92 views

Videos sync PDF <= 1.7.4 - Stored Cross-Site Scripting via CSRF

The plugin does not have CSRF check in place when editing a video, and does not escape some of its fields, which could allow attackers to make a logged in admin change them and lead to Stored Cross-Site Scripting issues 2, 00:00:10-3, 00:00:15-4, 00:00:20-5" /...

0.2AI score
Exploits0References1
wpexploit
wpexploit
added 2022/04/19 12:0 a.m.107 views

Advanced Uploader <= 4.2 - Subscriber+ Arbitrary File Upload

The plugin allows any authenticated users like subscriber to upload arbitrary files, such as PHP, which could lead to RCE As any authenticated user, upload a PHP file via /wp-admin/upload.php?page=adv-file-upload The file will be at https://example.com/wp-content/uploads/2022/03/.php...

8.8CVSS0.7AI score0.14977EPSS
Exploits5
wpexploit
wpexploit
added 2022/04/19 12:0 a.m.115 views

BMI BMR Calculator <= 1.3 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape arbitrary POST data before outputting it back in the response, leading to a Reflected Cross-Site Scripting " document.form1.submit;...

6.1CVSS0.2AI score0.00813EPSS
Exploits2
wpexploit
wpexploit
added 2022/04/19 12:0 a.m.154 views

Advanced Image Sitemap <= 1.2 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape the PHPSELF PHP variable before outputting it back in an attribute in an admin page, leading to Reflected Cross-Site Scripting. https://example.com/wp-admin/options-general.php/%22%3E%3Csvg/onload=alert/xss/%3E?page=ais...

6.1CVSS1.3AI score0.00757EPSS
Exploits2
wpexploit
wpexploit
added 2022/04/18 12:0 a.m.108 views

Popup by Supsystic < 1.10.9 - Unauthenticated Subscriber Email Addresses Disclosure

The plugin does not have any authentication and authorisation in an AJAX action, allowing unauthenticated attackers to call it and get the email addresses of subscribed users POST /wp-admin/admin-ajax.php HTTP/1.1 Content-Length: 104 Accept: application/json, text/javascript, /; q=0.01...

5.3CVSS0.7AI score0.02869EPSS
Exploits2
wpexploit
wpexploit
added 2022/04/18 12:0 a.m.201 views

MapSVG < 6.2.20 - Unauthenticated SQLi

The plugin does not validate and escape a parameter via a REST endpoint before using it in a SQL statement, leading to a SQL Injection exploitable by unauthenticated users. https://example.com/wp-json/mapsvg/v1/maps/2?id=1%27%20AND%20SELECT%2042%20FROM%20SELECTSLEEP5b--+...

9.8CVSS2.3AI score0.10279EPSS
Exploits2
wpexploit
wpexploit
added 2022/04/18 12:0 a.m.149 views

Slide Anything < 2.3.44 - Editor+ Stored Cross-Site Scripting

The plugin does not sanitize and escape sliders' description, which could allow high privilege users such as editor and above to perform Cross-Site Scripting attacks even when the unfilteredhtml is disallowed Create/edit a Slider with the plugin and put the following payload in a Slide Descriptio...

4.8CVSS0.3AI score0.00577EPSS
Exploits2
wpexploit
wpexploit
added 2022/04/18 12:0 a.m.119 views

Ubigeo de Peru < 3.6.4 - Unauthenticated SQLi

The plugin does not properly sanitise and escape some parameters before using them in SQL statements via various AJAX actions, some of which are available to unauthenticated users, leading to SQL Injections curl https://example.com/wp-admin/admin-ajax.php \ --data...

9.8CVSS1.4AI score0.09495EPSS
Exploits2
wpexploit
wpexploit
added 2022/04/18 12:0 a.m.115 views

Personal Dictionary < 1.3.4 - Unauthenticated SQLi

The plugin fails to properly sanitize user supplied POST data before it is being interpolated in an SQL statement and then executed, leading to a blind SQL injection vulnerability. 1. Create a new page with the plugin's shortcode shortcode can be copied from...

9.8CVSS0.7AI score0.0677EPSS
Exploits2
wpexploit
wpexploit
added 2022/04/13 12:0 a.m.148 views

Easily Generate Rest API Url <= 1.0.0 - Admin+ Stored Cross-Site Scripting

The plugin does not escape some of its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed Put the following payload in the "Post Per Page" or "Enter Search Text": settings of the plugin: "autofocus...

4.8CVSS0.5AI score0.00577EPSS
Exploits2
wpexploit
wpexploit
added 2022/04/13 12:0 a.m.119 views

IgniteUp <= 3.4.1 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some fields when high privilege users don't have the unfilteredhtml capability, which could lead to Stored Cross-Site Scripting issues Customise a template from the plugin /wp-admin/admin.php?page=cscstemplates and put the following payload in the Paragraph...

5.4CVSS0.00584EPSS
Exploits2
wpexploit
wpexploit
added 2022/04/13 12:0 a.m.219 views

SEMA API < 4.02 - Unauthenticated SQLi

The plugin does not properly sanitise and escape some parameters before using them in SQL statements via an AJAX action, leading to SQL Injections exploitable by unauthenticated users v 3.64: curl http://example.com/wp-admin/admin-ajax.php --data 'action=getsemadata&type=attributes&catid=-3 UNION...

9.8CVSS1.6AI score0.01779EPSS
Exploits2
wpexploit
wpexploit
added 2022/04/13 12:0 a.m.147 views

Admin Menu Editor <= 1.0.4 - Reflected Cross-Site Scripting

The plugin does not sanitize and escape a parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting. https://example.com/wp-admin/options-general.php?page=admin-menu-restriction&role="...

6.1CVSS1.1AI score0.00773EPSS
Exploits2
wpexploit
wpexploit
added 2022/04/13 12:0 a.m.256 views

Elementor 3.6.0-3.6.2 - Subscriber+ Arbitrary File Upload

The plugin is lacking capability check in a function hooked to admininit introduced in v3.6.0, and only relying on a CSRF check. As the nonce is available to any authenticated users, they could call it and upload a malicious zip archive containing arbitrary files via a subsequent call, leading to...

8.8CVSS0.92658EPSS
Exploits10References2
wpexploit
wpexploit
added 2022/04/13 12:0 a.m.585 views

BadgeOS <= 3.7.0 - Unauthenticated SQLi

The plugin does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action, leading to an SQL Injection exploitable by unauthenticated users curl 'https://example.com/wp-admin/admin-ajax.php' --data 'action=get-achievements&totalonly=true&userid=11 AND SELECT 9628...

9.8CVSS2.2AI score0.11725EPSS
Exploits2
wpexploit
wpexploit
added 2022/04/13 12:0 a.m.107 views

WP Social Buttons <= 2.2 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. Put the following payload in the Delay Time General Settings or Top Margin Advanced Settings of the...

4.8CVSS0.2AI score0.00577EPSS
Exploits2
wpexploit
wpexploit
added 2022/04/12 12:0 a.m.107 views

Themify - Post Type Builder Search Addon < 1.4.0 - Reflected Cross-Site Scripting

The plugin does not properly escape the current page URL before reusing it in a HTML attribute, leading to a reflected cross site scripting vulnerability. On a page or post with a search form, add the following url query parameter: ?%22%3E%3Cscript%3Ealert1%3C/script%3E...

6.1CVSS6.1AI score0.00773EPSS
Exploits2
wpexploit
wpexploit
added 2022/04/12 12:0 a.m.401 views

Popup Maker < 1.16.5 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its Popup settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed Popup Maker Create Popup Popup Settings Triggers Add New Cookie Add Cookie...

4.8CVSS0.2AI score0.55784EPSS
Exploits2
wpexploit
wpexploit
added 2022/04/12 12:0 a.m.103 views

Order Listener for WooCommerce < 3.2.2 - Unauthenticated SQLi

The plugin does not sanitise and escape the id parameter before using it in a SQL statement via a REST route available to unauthenticated users, leading to an SQL injection curl 'http://example.com/?restroute=/olistener/new' --data '"id":" SELECT SLEEP3"' -H 'content-type: application/json'...

9.8CVSS2.5AI score0.09999EPSS
Exploits2References1
wpexploit
wpexploit
added 2022/04/11 12:0 a.m.132 views

Photo Gallery < 1.6.3 - Unauthenticated SQL Injection

The plugin does not properly escape the $POST'filtertag' parameter, which is appended to an SQL query, making SQL Injection attacks possible. POST /wp-admin/admin-ajax.php?imageid=123 HTTP/1.1 Accept: application/json, text/javascript, /; q=0.01 Accept-Language: zh,en;q=0.5 Accept-Encoding: gzip,...

9.8CVSS1AI score0.23459EPSS
Exploits2References1
wpexploit
wpexploit
added 2022/04/11 12:0 a.m.166 views

All In One WP Security < 4.4.11 - Authenticated Arbitrary Redirect / Reflected XSS

The plugin does not validate, sanitise and escape the redirectto parameter before using it to redirect user, either via a Location header, or meta url attribute, when the Rename Login Page is active, which could lead to an Arbitrary Redirect as well as Cross-Site Scripting issue. Exploitation of...

4.7CVSS0.4AI score0.00726EPSS
Exploits2
wpexploit
wpexploit
added 2022/04/11 12:0 a.m.124 views

Responsive Tabs < 4.0.6 - Author+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some parameters, which could allow users with a role as low as author to perform Cross-Site Scripting attacks As author or above, create/edit a new Tab and put the following payload as its content:...

4.8CVSS0.5AI score0.00576EPSS
Exploits1
wpexploit
wpexploit
added 2022/04/11 12:0 a.m.137 views

SiteSuperCharger < 5.2.0 - Unauthenticated SQLi

The plugin does not validate, sanitise and escape various user inputs before using them in SQL statements via AJAX actions available to both unauthenticated and authenticated users, leading to Unauthenticated SQL Injections curl https://example.com/wp-admin/admin-ajax.php --data...

9.8CVSS1.9AI score0.01602EPSS
Exploits2
wpexploit
wpexploit
added 2022/04/11 12:0 a.m.120 views

Import and export users and customers < 1.19.2.1 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escaped imported CSV data, which could allow high privilege users to import malicious javascript code and lead to Stored Cross-Site Scripting issues As admin, import the below CSV file via Tools Import and export users and customers /wp-admin/tools.php?page=acui...

4.8CVSS0.4AI score0.00689EPSS
Exploits2
wpexploit
wpexploit
added 2022/04/11 12:0 a.m.188 views

Adrotate < 5.8.23 - Admin+ XSS via Advert Name

The plugin does not sanitise and escape Advert Names which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed Create/edit an Advert and put the following payload in the Name field: " The XSS will be triggered when accessi...

4.8CVSS1.4AI score0.00577EPSS
Exploits2
wpexploit
wpexploit
added 2022/04/11 12:0 a.m.133 views

Fast Flow < 1.2.11 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape the page parameter before outputting back in an attribute in an admin dashboard, leading to a Reflected Cross-Site Scripting ' document.form1.submit;...

6.1CVSS0.4AI score0.00876EPSS
Exploits2
wpexploit
wpexploit
added 2022/04/11 12:0 a.m.120 views

Wbcom Designs Plugins - Subscriber+ Arbitrary Plugin Installation, Activation and Deactivation

Multiple Plugins from Wbcom Designs have an AJAX action without authorisation and CSRF checks, allowing any logged in user to install, activate or deactivate a plugin on the site. fetch"/wp-admin/admin-ajax.php", "headers": "content-type": "application/x-www-form-urlencoded", , "body":...

1.5AI score
Exploits0
Total number of security vulnerabilities4359