Lucene search
K
WpexploitRecent

4359 matches found

wpexploit
wpexploit
•added 2022/03/28 12:0 a.m.•134 views

Easy Digital Downloads < 2.11.6 - Arbitrary Payment Note Insertion via CSRF

The plugin does not have CSRF check in place when inserting payment notes, which could allow attackers to make a logged admin insert arbitrary notes via a CSRF attack...

4.3CVSS1.3AI score0.00469EPSS
Exploits2References1
wpexploit
wpexploit
•added 2022/03/28 12:0 a.m.•120 views

Modern Events Calendar Lite < 6.4.7 - Reflected Cross-Site Scripting

The plugin does not escape some generated URLs before outputting them back in attributes, leading to Reflected Cross-Site Scripting On a page where the Total Booking widget is displayed, append the following payload: &a"alert/XSS/...

0.5AI score
Exploits0
wpexploit
wpexploit
•added 2022/03/28 12:0 a.m.•81 views

Page Security & Membership <= 1.5.15 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed Put the following payload in the "Force Public Pages" settings of the plugin...

4.8CVSS0.4AI score0.00588EPSS
Exploits2
wpexploit
wpexploit
•added 2022/03/28 12:0 a.m.•58 views

Shopping Cart & eCommerce Store < 5.2.5 - Arbitrary Design Settings Update via CSRF

The plugin is lacking CSRF checks in various AJAX actions, such as ecadminajaxsavedesignsettings, which could allow attackers to make a logged in admin update arbitrary settings To disable the Live Design Editor To set the custom CSS setting to body background-color: red;...

1.2AI score
Exploits0
wpexploit
wpexploit
•added 2022/03/28 12:0 a.m.•88 views

Text Hover < 4.2 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitize and escape the text to hover, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. As admin, put the following in the plugin's settings: test = "alert/XSS/ Tick the "Enable text hover in...

4.8CVSS0.2AI score0.00802EPSS
Exploits2
wpexploit
wpexploit
•added 2022/03/28 12:0 a.m.•118 views

Good & Bad Comments <= 1.0.0 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed Put the following payload in any of the plugin's settings: "...

4.8CVSS0.8AI score0.00588EPSS
Exploits2
wpexploit
wpexploit
•added 2022/03/28 12:0 a.m.•155 views

Easy Digital Downloads < 2.11.6 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape the Downloadable File Name in the Logs, which could allow high privilege users to perform Cross-Site Scripting attacks when the unfilteredhtml capability is disallowed Create/edit a Download and put the following payload in the File Name field: Download the...

4.8CVSS0.3AI score0.0065EPSS
Exploits2References1
wpexploit
wpexploit
•added 2022/03/27 12:0 a.m.•102 views

Admin Word Count Column <= 2.2 - Unauthenticated Arbitrary File Read

The plugin does not validate the path parameter given to readfile, which could allow unauthenticated attackers to read arbitrary files on server running old version of PHP susceptible to the null byte technique. This could also lead to RCE by using a Phar Deserialization technique...

9.8CVSS3.2AI score0.22133EPSS
Exploits2References2
wpexploit
wpexploit
•added 2022/03/25 12:0 a.m.•120 views

Safe SVG < 1.9.10 - SVG Sanitisation Bypass

The sanitisation step of the plugin can be bypassed by spoofing the content-type in the POST request to upload a file. Exploiting this vulnerability, an attacker will be able to perform the kinds of attacks that this plugin should prevent mainly XSS, but depending on further use of uploaded SVG...

6.1CVSS0.2AI score0.01183EPSS
Exploits2References1
wpexploit
wpexploit
•added 2022/03/23 12:0 a.m.•89 views

Amministrazione Aperta < 3.8 - Admin+ LFI

The plugin does not validate the open parameter before using it in an include statement, leading to a Local File Inclusion issue. The original advisory mentions that unauthenticated users can exploit this, however the affected file generates a fatal error when accessed directly and the affected...

6.5CVSS1.8AI score0.02179EPSS
Exploits2References1
wpexploit
wpexploit
•added 2022/03/23 12:0 a.m.•632 views

Daily Prayer Time < 2022.03.01 - Unauthenticated SQLi

The plugin does not sanitise and escape the month parameter before using it in a SQL statement via the getmonthlytimetable AJAX action available to unauthenticated users, leading to an unauthenticated SQL injection curl 'https://example.com/wp-admin/admin-ajax.php' --data...

9.8CVSS2.6AI score0.09351EPSS
Exploits2
wpexploit
wpexploit
•added 2022/03/23 12:0 a.m.•83 views

Hummingbird < 3.3.2 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape the Config Name, which could allow high privilege users, such as admin to perform cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed Go to Hummingbird's Settings Configs edit the "Name and Description" and put the following...

4.8CVSS4.9AI score0.0275EPSS
Exploits4
wpexploit
wpexploit
•added 2022/03/22 12:0 a.m.•85 views

Woo Product Table < 3.1.2 - Unauthenticated Arbitrary Function Call

The plugin does not have authorisation and CSRF checks in the wptadminupdatenoticeoption AJAX action available to both unauthenticated and authenticated users, as well as does not validate the callback parameter, allowing unauthenticated attackers to call arbitrary functions with either none or o...

9.8CVSS3AI score0.26586EPSS
Exploits2
wpexploit
wpexploit
•added 2022/03/22 12:0 a.m.•98 views

WP Downgrade < 1.2.3 - Admin+ Stored Cross-Site Scripting

The plugin only perform client side validation of its "WordPress Target Version" settings, but does not sanitise and escape it server side, allowing high privilege users such as admin to perform Cross-Site attacks even when the unfilteredhtml capability is disallowed Access the settings of the...

4.8CVSS0.3AI score0.04782EPSS
Exploits4References1
wpexploit
wpexploit
•added 2022/03/22 12:0 a.m.•90 views

Ad Injection <= 1.2.0.19 - Admin+ Stored Cross-Site Scripting & RCE

The plugin does not properly sanitize the body of the adverts injected into the pages, allowing a high privileged user Admin+ to inject arbitrary HTML or javascript even with unfilteredhtml disallowed, leading to a stored cross-site scripting XSS vulnerability. Further it is also possible to inje...

7.2CVSS0.2AI score0.40237EPSS
Exploits2
wpexploit
wpexploit
•added 2022/03/22 12:0 a.m.•89 views

Loco Translate < 2.6.1 - Authenticated Stored Cross-Site Scripting

The plugin does not properly remove inline events from elements in the source translation strings before outputting them in the editor in the plugin admin panel, allowing any user with access to the plugin Translator and Administrator by default to add arbitrary javascript payloads to the source...

5.4CVSS0.1AI score0.03932EPSS
Exploits4
wpexploit
wpexploit
•added 2022/03/22 12:0 a.m.•139 views

Ninja Forms < 3.6.8 - Unauthenticated Email Address Disclosure

The plugin does not delete the temporary files created when exporting submissions, which could allow unauthenticated attackers to download them and get sensitive information such as the email address of users who submitted a form given that the file is publicly accessible, and with a guessable na...

7AI score
Exploits0
wpexploit
wpexploit
•added 2022/03/21 12:0 a.m.•90 views

Easy Smooth Scroll Links < 2.23.1 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed Put the following payload in any text field settings of the plugin for example Scroll Speed and...

4.8CVSS0.5AI score0.00588EPSS
Exploits2
wpexploit
wpexploit
•added 2022/03/21 12:0 a.m.•110 views

One Click Demo Import < 3.1.0 - Admin+ Arbitrary File Upload

The plugin does not validate the imported file, allowing high privilege users such as admin to upload arbitrary files such as PHP even when FILEMODS and FILEEDIT are disallowed Access Tools Import One Click Demo Import Run Importer and import dummy XML file can be empty Intercept the request made...

7.2CVSS0.5AI score0.01653EPSS
Exploits2References1
wpexploit
wpexploit
•added 2022/03/21 12:0 a.m.•109 views

Easy Social Icons < 3.2.1 - Unauthenticated Arbitrary Icon Deletion

The plugin does not have authorisation and CSRF checks when deleting icons, allowing unauthenticated user to delete arbitrary icons https://example.com/?cnss-delete=&id=1...

3.4AI score
Exploits0
wpexploit
wpexploit
•added 2022/03/21 12:0 a.m.•605 views

Podcast Importer SecondLine < 1.3.8 - Admin+ SQLi

The plugin does not sanitise and properly escape some imported data, which could allow SQL injection attacks to be performed by imported a malicious podcast file Put the XML below on a web server replacing the PAYLOAD with the correct one, then import a podcast...

7.2CVSS7.3AI score0.01461EPSS
Exploits2References1
wpexploit
wpexploit
•added 2022/03/21 12:0 a.m.•100 views

Favicon by RealFaviconGenerator < 1.3.23 - Reflected Cross-Site Scripting

The plugin does not properly sanitise and escape the jsonresulturl parameter before outputting it back in the Favicon admin dashboard, leading to a Reflected Cross-Site Scripting issue...

6.1CVSS1.1AI score0.00863EPSS
Exploits2References1
wpexploit
wpexploit
•added 2022/03/21 12:0 a.m.•102 views

Easy Social Icons < 3.2.1 - Admin+ Stored Cross-Site Scripting in add icon

The plugin does not properly escape the imagefile field when adding a new social icon, allowing high privileged users to inject arbitrary javascript even when the unfilteredhtml capability is disallowed. Version 3.2.0 adressed some of the issues, but was still vulnerable when clicking to edit the...

4.8CVSS1.1AI score0.00588EPSS
Exploits2
wpexploit
wpexploit
•added 2022/03/21 12:0 a.m.•87 views

Advanced Booking Calendar < 1.7.1 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape the room parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting issue...

6.1CVSS1AI score0.01618EPSS
Exploits2References1
wpexploit
wpexploit
•added 2022/03/21 12:0 a.m.•173 views

Image optimization & Lazy Load < 3.3.2 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape its "Lazyload background images for selectors" settings, which could allow high privilege users such as admin to perform Cross-Site scripting attacks even when the unfilteredhtml capability is disallowed. Put the following payload in the Media Optimole...

4.8CVSS0.5AI score0.0073EPSS
Exploits2References1
wpexploit
wpexploit
•added 2022/03/21 12:0 a.m.•193 views

Advanced Booking Calendar < 1.7.1 - Admin+ SQLi

The plugin does not sanitise and escape the id parameter when editing Calendars, which could allow high privilege users such as admin to perform SQL injection attacks Edit an existing Seasons & Calendars /wp-admin/admin.php?page=advanced-booking-calendar-show-seasons-calendars and tamper the id...

7.2CVSS0.2AI score0.01461EPSS
Exploits2References1
wpexploit
wpexploit
•added 2022/03/21 12:0 a.m.•537 views

Salon booking system < 7.6.3 - Customer+ Bookings/Customers Data Disclosure

The plugin does not have proper authorisation in some of its endpoints, which could allow customers to access all bookings and other customer's data Make a booking to get a customer account Login via API and get access token: curl...

7.5CVSS1.2AI score0.01431EPSS
Exploits2
wpexploit
wpexploit
•added 2022/03/21 12:0 a.m.•556 views

Salon booking system < 7.6.3 - Unauthenticated Sensitive Data Disclosure

The plugin does not have proper authorisation when searching bookings, allowing any unauthenticated users to search other's booking, as well as retrieve sensitive information about the bookings, such as the full name, email and phone number of the person who booked it. Although the API only retur...

5.3CVSS0.2AI score0.01146EPSS
Exploits2
wpexploit
wpexploit
•added 2022/03/16 12:0 a.m.•122 views

LearnPress < 4.1.6 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape the lp-dismiss-notice before outputting it back via the lpbackgroundsingleemail AJAX action, leading to a Reflected Cross-Site Scripting...

6.1CVSS1.7AI score0.02254EPSS
Exploits2
wpexploit
wpexploit
•added 2022/03/16 12:0 a.m.•124 views

iQ Block Country < 1.2.13 - Admin+ Arbitrary File Deletion via Zip Slip

The settings of the plugin can be exported or imported using its backup functionality. An authorized user can import preconfigured settings of the plugin by uploading a zip file. After the uploading process, files in the uploaded zip file are extracted one by one. During the extraction process,...

4.9CVSS5.1AI score0.03315EPSS
Exploits5
wpexploit
wpexploit
•added 2022/03/16 12:0 a.m.•118 views

WP Block and Stop Bad Bots < 6.930 - Unauthenticated SQLi

The plugin does not properly sanitise and escape the fingerprint parameter before using it in a SQL statement via the stopbadbotsgravafingerprint AJAX action, available to unauthenticated users, leading to a SQL injection curl -i 'https://example.com/wp-admin/admin-ajax.php' --data...

9.8CVSS1.9AI score0.07867EPSS
Exploits2
wpexploit
wpexploit
•added 2022/03/16 12:0 a.m.•207 views

Download Manager < 3.2.39 - Unauthenticated brute force of files master key

The plugin uses the uniqid php function to generate the master key for a download, allowing an attacker to brute force the key with reasonable resources giving direct download access regardless of role based restrictions or password protections set for the download. ?php // The full timestamp fro...

7.5CVSS0.2AI score0.0151EPSS
Exploits2
wpexploit
wpexploit
•added 2022/03/15 12:0 a.m.•426 views

Sassy Social Share < 3.3.40 - Reflected Cross-Site Scripting

The plugin does not escape the viewed post URL before outputting it back in onclick attributes when the "Enable 'More' icon" option is enabled which is the default setting, leading to a Reflected Cross-Site Scripting issue. Note: Vendor was notified on September 14th, 2021...

6.1CVSS0.9AI score0.02244EPSS
Exploits2
wpexploit
wpexploit
•added 2022/03/15 12:0 a.m.•143 views

Post Grid < 2.1.16 - Reflected Cross-Site Scripting via keyword

The plugin does not escape the keyword parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting in pages containing a Post Grid with a search form Append the following payload on a page containing a Post Grid with a search form:...

6.1CVSS1AI score0.00788EPSS
Exploits2
wpexploit
wpexploit
•added 2022/03/15 12:0 a.m.•96 views

NS WooCommerce Watermark <= 2.11.3 - Abuse of Functionality

An unprivileged user could use the functionality of the plugin to load images that hide malware for example from passing malicious domains to hide their trace, by making them pass through the vulnerable domain. Search for a vulnerable domain with the dork:...

7.5CVSS1AI score0.01211EPSS
Exploits2
wpexploit
wpexploit
•added 2022/03/15 12:0 a.m.•117 views

GridKit Portfolio < 2.1.0 - Subscriber+ Stored Cross-Site Scripting

The plugin does not have authorisation and CSRF checks in various functions related to AJAX actions, allowing any authenticated users, such as subscriber, to call them. Due to the lack of sanitisation and escaping, it could also allows attackers to perform Cross-Site Scripting attacks on pages...

5.4CVSS0.3AI score0.00591EPSS
Exploits2
wpexploit
wpexploit
•added 2022/03/15 12:0 a.m.•115 views

Post Grid < 2.1.16 - Reflected Cross-Site Scripting via post_types

The plugin does not sanitise and escape the posttypes parameter before outputting it back in the response of the postgridupdatetaxonomiestermsbyposttypes AJAX action, available to any authenticated users, leading to a Reflected Cross-Site Scripting " name="posttypes"...

6.4CVSS0.2AI score0.00632EPSS
Exploits2
wpexploit
wpexploit
•added 2022/03/15 12:0 a.m.•60 views

Easy Social Icons < 3.2.0 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape its saved settings before outputting them in attributes, which could allow high privilege users to perform Cross-Site Scripting attacks when the unfilteredhtml capability is disallowed. 3.1.3 added some escaping, but data was output elsewhere Put the...

0.2AI score
Exploits0
wpexploit
wpexploit
•added 2022/03/14 12:0 a.m.•115 views

Mark Posts < 2.0.1 - Admin+ Stored Cross-Site Scripting

The plugin does not escape new markers, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed Put the following payload in the 'Add new markers' settings of the plugin: "autofocus onfocus=alert/XSS/ b=...

4.8CVSS0.8AI score0.00644EPSS
Exploits2References1
wpexploit
wpexploit
•added 2022/03/14 12:0 a.m.•115 views

MapPress Maps for WordPress < 2.73.13 - Admin+ File Upload to Remote Code Execution

The plugin allows a high privileged user to bypass the DISALLOWFILEEDIT and DISALLOWFILEMODS settings and upload arbitrary files to the site through the "ajaxsave" function. The file is written relative to the current theme's stylesheet directory, and a .php file extension is added. No validation...

7.2CVSS0.6AI score0.01484EPSS
Exploits2
wpexploit
wpexploit
•added 2022/03/14 12:0 a.m.•105 views

Dropdown Menu Widget <= 1.9.7 - Subscriber+ Arbitrary Settings Update to Stored XSS

The plugin does not have authorisation and CSRF checks when saving its settings, allowing low privilege users such as subscriber to update them. Due to the lack of sanitisation and escaping, it could also lead to Stored Cross-Site Scripting issues Open the following URL as a subscriber:...

5.4CVSS0.3AI score0.00595EPSS
Exploits2
wpexploit
wpexploit
•added 2022/03/14 12:0 a.m.•200 views

KingComposer <= 2.9.6 - Subscriber+ Stored Cross-Site Scripting

The plugin does not have authorisation, CSRF and sanitisation/escaping when creating profile, allowing any authenticated users to create arbitrary ones, with Cross-Site Scripting payloads in them Create profile: fetch"https://example.com/wp-admin/admin-ajax.php?action=kccreateprofile", "headers":...

5.4CVSS0.2AI score0.00627EPSS
Exploits2
wpexploit
wpexploit
•added 2022/03/14 12:0 a.m.•71 views

Members List < 4.3.7 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape some parameters in various pages before outputting them back, leading to Reflected Cross-Site Scripting issues https://example.com/wp-content/plugins/members-list/admin/view/user.php?page=%22%3E%3Cimg/src/onerror=alert/XSS/%20x...

1.2AI score
Exploits0References1
wpexploit
wpexploit
•added 2022/03/14 12:0 a.m.•204 views

Library File Manager < 5.2.3 - Subscriber+ Arbitrary File Creation/Upload/Deletion

The plugin is using an outdated version of the elFinder library, which is know to be affected by security issues CVE-2021-32682, and does not have any authorisation as well as CSRF checks in its connector AJAX action, allowing any authenticated users, such as subscriber to call it. Furthermore, a...

9.8CVSS9AI score0.69934EPSS
Exploits6
wpexploit
wpexploit
•added 2022/03/14 12:0 a.m.•173 views

Amelia < 1.0.48 - Customer+ SMS Service Abuse and Sensitive Data Disclosure

The plugin does not have proper authorisation when handling Amelia SMS service, allowing any customer to send paid test SMS notification as well as retrieve sensitive information about the admin, such as the email, account balance and payment history. A malicious actor can abuse this vulnerabilit...

5.5CVSS0.1AI score0.00609EPSS
Exploits2
wpexploit
wpexploit
•added 2022/03/14 12:0 a.m.•116 views

Amelia < 1.0.49 - Customer+ Arbitrary Appointments Status Update

The plugin does not have proper authorisation when managing appointments, allowing any customer to update other's booking status, as well as retrieve sensitive information about the bookings, such as the full name and phone number of the person who booked it. 1. Make a booking to become customer ...

5.5CVSS0.5AI score0.00788EPSS
Exploits2References1
wpexploit
wpexploit
•added 2022/03/14 12:0 a.m.•98 views

Ad Inserter < 2.7.12 - Reflected Cross-Site Scripting

The plugins do not sanitise and escape the REQUESTURI before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting in browsers which do not encode characters In a browser which does not encode characters:...

6.1CVSS1AI score0.03541EPSS
Exploits4
wpexploit
wpexploit
•added 2022/03/11 12:0 a.m.•107 views

Material Design for Contact Form 7 <= 2.6.4 - Subscriber+ Arbitrary Settings Update leading to DoS

The plugin does not check authorization or that the option mentioned in the notice param belongs to the plugin when processing requests to the cf7mddismissnotice action, allowing any logged in user with roles as low as Subscriber to set arbitrary options to true, potentially leading to Denial of...

6.5CVSS0.4AI score0.01036EPSS
Exploits2
wpexploit
wpexploit
•added 2022/03/11 12:0 a.m.•917 views

WordPress (5.9-5.9.1) / Gutenberg (9.8.0-12.7.1) - Contributor+ Stored Cross-Site Scripting

Description Post authors are able to bypass KSES restrictions in WordPress = 5.9 and or Gutenberg = 9.8.0 due to the order filters are executed, which could allow them to perform to Stored Cross-Site Scripting attacks As a user without the UNFILTEREDHTML capability, create a post containing the...

6.5AI score
Exploits0References1
wpexploit
wpexploit
•added 2022/03/10 12:0 a.m.•438 views

UpdraftPlus < 1.22.9 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape the updraftinterval parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting XSS vulnerability. https://example.com//wp-admin/options-general.php?page=updraftplus&updraftinterval"confirm1...

6.1CVSS1AI score0.07355EPSS
Exploits4
Total number of security vulnerabilities4359