Lucene search
K
WpexploitRecent

4359 matches found

wpexploit
wpexploit
•added 2022/03/09 12:0 a.m.•132 views

Booking Package < 1.5.29 - Unauthenticated Sensitive Data Disclosure

The plugin requires a token for exporting the ical representation of it's booking calendar, but this token is returned in the json response to unauthenticated users performing a booking, leading to a sensitive data disclosure vulnerability. When a guest make a booking via sending "action:...

7.5CVSS7.5AI score0.01594EPSS
Exploits2
wpexploit
wpexploit
•added 2022/03/09 12:0 a.m.•80 views

WP HTML Mail < 3.1.3 - Reflected Cross-Site Scripting

The plugin does not escape some URLs before outputting them back in attributes, leading to Reflected Cross-Site Scripting https://example.com/wp-admin/options-general.php?page=wp-html-mail&tab=advanced&a"alert/XSS/...

7.1AI score
Exploits0
wpexploit
wpexploit
•added 2022/03/08 12:0 a.m.•98 views

WP Block and Stop Bad Bots < 6.88 - Unauthenticated SQLi

The plugin does not properly sanitise and escape the User Agent before using it in a SQL statement to record logs, leading to an SQL Injection issue GET / HTTP/1.1 User-Agent: '+SLEEP5-- g Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language:...

9.8CVSS0.2AI score0.01583EPSS
Exploits2
wpexploit
wpexploit
•added 2022/03/08 12:0 a.m.•187 views

Ninja Forms File Uploads Extension < 3.3.1 - Unauthenticated Arbitrary File Upload

The plugin is vulnerable to arbitrary file uploads due to insufficient input file type validation found in the /includes/ajax/controllers/uploads.php file which can be bypassed making it possible for unauthenticated attackers to upload malicious files that can be used to obtain remote code...

9.8CVSS0.9AI score0.39393EPSS
Exploits2References1
wpexploit
wpexploit
•added 2022/03/08 12:0 a.m.•163 views

Google Pagespeed Insights < 4.0.4 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape various parameters before outputting them back in attributes in the plugin's settings dashboard, leading to Reflected Cross-Site Scripting...

6.1CVSS0.2AI score0.00863EPSS
Exploits2References1
wpexploit
wpexploit
•added 2022/03/08 12:0 a.m.•101 views

FormBuilder <= 1.08 - Stored Cross-Site Scripting via CSRF

The plugin does not have CSRF checks in place when creating/updating and deleting forms, and does not sanitise as well as escape its form field values. As a result, attackers could make logged in admin update and delete arbitrary forms via a CSRF attack, and put Cross-Site Scripting payloads in...

6.5CVSS0.2AI score0.00534EPSS
Exploits2
wpexploit
wpexploit
•added 2022/03/08 12:0 a.m.•144 views

Easy Social Icons < 3.1.4 - Admin+ SQL Injection

The plugin does not sanitize the selectedicons attribute to the cnsswidget before using it in an SQL statement, leading to a SQL injection vulnerability. Author : Qerogram import requests from bs4 import BeautifulSoup BASEURL = "http://localhost:8000" id = "wordpress" pw = "wordpress" def loginid...

7.2CVSS0.7AI score0.01265EPSS
Exploits2
wpexploit
wpexploit
•added 2022/03/07 12:0 a.m.•120 views

Interactive Medical Drawing of Human Body < 2.6 - Admin+ Stored XSS

The plugin does not sanitise and escape the Link field, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. Put the following payload in the Link settings of a body party and save the change: "alert/XSS-link/...

4.8CVSS0.6AI score0.00588EPSS
Exploits2
wpexploit
wpexploit
•added 2022/03/07 12:0 a.m.•119 views

Wow Countdowns <= 3.1.2 - Admin+ SQLi

The plugin does not sanitize user input into the 'did' parameter and uses it in a SQL statement, leading to an authenticated SQL Injection. https://example.com/wp-admin/admin.php?page=mwp-countdown&info=del&did=1+AND+SELECT+5382+FROM+SELECTSLEEP5PpNt...

7.2CVSS1.8AI score0.01306EPSS
Exploits2
wpexploit
wpexploit
•added 2022/03/07 12:0 a.m.•120 views

Title Experiments Free < 9.0.1 - Unauthenticated SQLi

The plugin does not sanitise and escape the id parameter before using it in a SQL statement via the wpextitles AJAX action available to unauthenticated users, leading to an unauthenticated SQL injection curl 'https://example.com/wp-admin/admin-ajax.php' --data 'action=wpextitles&id=1 AND SELECT 3...

9.8CVSS2.7AI score0.10352EPSS
Exploits2
wpexploit
wpexploit
•added 2022/03/07 12:0 a.m.•335 views

Plezi < 1.0.3 - Unauthenticated Stored XSS

The plugin has a REST endpoint allowing unauthenticated users to update the plzconfigurationtrackerenable option, which is then displayed in the admin panel without sanitisation and escaping, leading to a Stored Cross-Site Scripting issue curl -X POST...

6.1CVSS1.8AI score0.00852EPSS
Exploits2
wpexploit
wpexploit
•added 2022/03/07 12:0 a.m.•147 views

Church Admin < 3.4.135 - Unauthenticated Plugin's Backup Disclosure

The plugin does not have authorisation and CSRF in some of its action as well as requested files, allowing unauthenticated attackers to repeatedly request the "refresh-backup" action, and simultaneously keep requesting a publicly accessible temporary file generated by the plugin in order to...

4.3CVSS0.8AI score0.00487EPSS
Exploits2
wpexploit
wpexploit
•added 2022/03/07 12:0 a.m.•118 views

Akismet Privacy Policies <= 2.0.1- Reflected Cross-Site Scripting

The plugin does not sanitise and escape the translation parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting...

6.1CVSS1.4AI score0.00788EPSS
Exploits2
wpexploit
wpexploit
•added 2022/03/07 12:0 a.m.•121 views

Popup Builder < 4.1.1 - SQL Injection to Reflected Cross-Site Scripting

The plugin does not sanitise and escape the sgpb-subscription-popup-id parameter before using it in a SQL statement in the All Subscribers admin dashboard, leading to a SQL injection, which could also be used to perform Reflected Cross-Site Scripting attack against a logged in admin opening a...

9.8CVSS0.8AI score0.4408EPSS
Exploits2References1
wpexploit
wpexploit
•added 2022/03/07 12:0 a.m.•299 views

Menu Image, Icons made easy < 3.0.8 - Subscriber+ Stored Cross-Site Scripting

The plugin does not have authorisation and CSRF checks when saving menu settings, and does not validate, sanitise and escape them. As a result, any authenticate users, such as subscriber can update the settings or arbitrary menu and put Cross-Site Scripting payloads in them which will be triggere...

5.4CVSS0.1AI score0.00595EPSS
Exploits2
wpexploit
wpexploit
•added 2022/03/07 12:0 a.m.•632 views

Drag and Drop Multiple File Upload - Contact Form 7 < 1.3.6.3 - Unauthenticated Stored XSS

The plugin allows SVG files to be uploaded by default via the dndcodedropzupload AJAX action, which could lead to Stored Cross-Site Scripting issue POST /wp-admin/admin-ajax.php HTTP/1.1 Accept: application/json, text/javascript, /; q=0.01 Accept-Language: en-GB,en;q=0.5 Accept-Encoding: gzip,...

5.4CVSS0.2AI score0.13575EPSS
Exploits2References1
wpexploit
wpexploit
•added 2022/03/07 12:0 a.m.•98 views

SpeakOut! Email Petitions < 2.14.15.1 - Unauthenticated SQLi

The plugin does not sanitise and escape the id parameter before using it in a SQL statement via the dkspeakoutsendmail AJAX action, leading to an SQL Injection exploitable by unauthenticated users Create a new email petition /wp-admin/admin.php?page=dkspeakoutaddnew, check x Do not send email onl...

9.8CVSS1.1AI score0.08785EPSS
Exploits2
wpexploit
wpexploit
•added 2022/03/04 12:0 a.m.•120 views

Conference Scheduler < 2.4.3 - Reflected Cross-Site Scripting

The plugin does not sanitize and escape the tab parameter before outputting back in an admin page, leading to a Reflected Cross-Site Scripting. https://example.com/wp-admin/edit.php?posttype=confworkshop&page=confscheduleroptions&tab="...

6.1CVSS1.1AI score0.00788EPSS
Exploits2
wpexploit
wpexploit
•added 2022/03/02 12:0 a.m.•108 views

Coupon Affiliates < 4.16.4.5 - Unauthenticated Stored XSS

The plugin does not have authorization and CSRF checks on a specific action handler, as well as does not sanitize its settings, which enables an unauthenticated attacker to inject malicious XSS payloads into the settings page of the plugin. curl https://example.com/wp-admin/admin-ajax.php --data...

6.1CVSS1.1AI score0.00852EPSS
Exploits2
wpexploit
wpexploit
•added 2022/03/02 12:0 a.m.•169 views

Limit Login Attempts (Spam Protection) < 5.1 - Unauthenticated SQLi

The plugin does not sanitise and escape some parameters before using them in SQL statements via AJAX actions available to unauthenticated users, leading to SQL Injections order and columns parameters are affected curl 'https://example.com/wp-admin/admin-ajax.php' --data...

9.8CVSS1.5AI score0.08852EPSS
Exploits2
wpexploit
wpexploit
•added 2022/03/02 12:0 a.m.•151 views

MC4WP < 4.8.7 - Admin+ Stored Cross-Site Scripting

The plugin does not properly sanitise from data, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. Create a form and put the following payload in the Form Code textarea: The XSS will be triggered whe...

1.1AI score
Exploits0References1
wpexploit
wpexploit
•added 2022/03/01 12:0 a.m.•132 views

Multilist Subscribe for Sendy <= 1.6.1 - Subscriber+ Arbitrary Options Update

The plugin is using an outdated version of the Freemius library 1.2.2.9, which is known to be affected by a security issue allowing any authenticated users, such as subscriber to set arbitrary blog options As any authenticated user: Enable new user registrations:...

0.4AI score
Exploits0
wpexploit
wpexploit
•added 2022/03/01 12:0 a.m.•133 views

Delete Old Orders <= 0.2 - Reflected Cross-Site Scripting

The plugin does not sanitize and escape the date parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting. https://example.com/wp-admin/admin.php?page=woo-delete-old-orders&step=3&date="...

6.1CVSS1.2AI score0.00788EPSS
Exploits2
wpexploit
wpexploit
•added 2022/03/01 12:0 a.m.•212 views

OSMapper <= 2.1.5 - Unauthenticated Arbitrary Post Deletion

The plugin contains an AJAX action to delete a plugin related post type named 'map' and is registered with the wpajaxnopriv prefix, making it available to unauthenticated users. There is no authorisation, CSRF and checks in place to ensure that the post to delete is a map one. As a result,...

5.3CVSS1.2AI score0.00519EPSS
Exploits2
wpexploit
wpexploit
•added 2022/03/01 12:0 a.m.•116 views

dTabs <= 1.4 - Reflected Cross-Site Scripting

The plugin does not sanitize and escape the tab parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting. https://example.com/wp-admin/options-general.php?page=dtabs.php&action=edit&tab="...

6.1CVSS0.8AI score0.00788EPSS
Exploits2
wpexploit
wpexploit
•added 2022/03/01 12:0 a.m.•121 views

Amelia < 1.0.47 - Customer+ Arbitrary Appointments Update and Sensitive Data Disclosure

The plugin does not have proper authorisation when managing appointments, allowing any customer to update other's booking, as well as retrieve sensitive information about the bookings, such as the full name and phone number of the person who booked it. 1. Create a booking with user01 2. Create...

5.5CVSS0.00609EPSS
Exploits2
wpexploit
wpexploit
•added 2022/03/01 12:0 a.m.•178 views

WPC Smart Wishlist for WooCommerce < 2.9.4 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape the key parameter before outputting it back in the wishlistquickview AJAX action's response available to any authenticated user, leading to a Reflected Cross-Site Scripting alert/XSS/;' The source and destination should use the https:// protocol for the...

5.4CVSS5.4AI score0.00591EPSS
Exploits2
wpexploit
wpexploit
•added 2022/03/01 12:0 a.m.•133 views

Database Peek <= 1.2 - Reflected Cross-Site Scripting

The plugin does not sanitize and escape the match parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting. https://example.com/wp-admin/admin.php?page=ab-database-peek&table=wpusers&match="...

6.1CVSS0.8AI score0.00788EPSS
Exploits2
wpexploit
wpexploit
•added 2022/03/01 12:0 a.m.•148 views

Bank Mellat <= 1.3.7 - Reflected Cross-Site Scripting

The plugin does not sanitize and escape the orderId parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting. https://example.com/wp-admin/admin.php?page=bank-mellat&orderId="...

6.1CVSS0.8AI score0.00788EPSS
Exploits2
wpexploit
wpexploit
•added 2022/03/01 12:0 a.m.•117 views

Mapping Multiple URLs Redirect Same Page <= 5.8 - Reflected Cross-Site Scripting

The plugin does not sanitize and escape the mmurspid parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting. https://example.com/wp-admin/admin.php?page=mmursp-list&view=edit&mmurspid="...

6.1CVSS0.8AI score0.01713EPSS
Exploits2
wpexploit
wpexploit
•added 2022/03/01 12:0 a.m.•144 views

Folders Disclosure via Outdated jQueryFileTree Library

The plugins are using the admin-page-framework framework which is shipped with the outdated and no longer maintained library jQueryFileTree known to be affected by a path traversal issue, allowing unauthenticated attackers to disclose the folder structure of the web server curl...

7.5CVSS3AI score0.57608EPSS
Exploits7References1
wpexploit
wpexploit
•added 2022/03/01 12:0 a.m.•221 views

WordPress File Upload < 4.16.3 - Contributor+ Path Traversal to RCE

The plugin allows users with a role as low as Contributor to perform path traversal via a shortcode argument, which can then be used to upload a PHP code disguised as an image inside the auto-loaded directory of the plugin, resulting in arbitrary code execution. As a contributor or above, add the...

8.8CVSS0.4AI score0.02849EPSS
Exploits2References1
wpexploit
wpexploit
•added 2022/03/01 12:0 a.m.•137 views

Sermon Browser <= 0.45.22 - Arbitrary File Upload via CSRF

The plugin does not have CSRF checks in place when uploading Sermon files, and does not validate them in any way, allowing attackers to make a logged in admin upload arbitrary files such as PHP ones. function submitRequest var xhr = new XMLHttpRequest; xhr.open"POST",...

8.8CVSS1AI score0.00618EPSS
Exploits2
wpexploit
wpexploit
•added 2022/03/01 12:0 a.m.•373 views

Narnoo Distributor <= 2.5.1 - Unauthenticated LFI to Arbitrary File Read / RCE

The plugin fails to validate and sanitize the libpath parameter before it is passed into a call to require via the narnoodistributorlibrequest AJAX action available to both unauthenticated and authenticated users which results in the disclosure of arbitrary files as the content of the file is the...

9.8CVSS1AI score0.4783EPSS
Exploits2
wpexploit
wpexploit
•added 2022/03/01 12:0 a.m.•119 views

Bulk Creator <= 1.0.1 - Reflected Cross-Site Scripting

The plugin does not sanitize and escape the posttype parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting. https://example.com/wp-admin/admin.php?page=bulk-creator&posttype="...

1.1AI score0.00788EPSS
Exploits2
wpexploit
wpexploit
•added 2022/02/28 12:0 a.m.•1078 views

Formcraft3 < 3.8.28 - Unauthenticated SSRF

The plugin does not validate the URL parameter in the formcraft3get AJAX action, leading to SSRF issues exploitable by unauthenticated users https://example.com/wp-admin/admin-ajax.php?action=formcraft3get&URL=https://wpscan.com...

9.1CVSS3.4AI score0.20249EPSS
Exploits2
wpexploit
wpexploit
•added 2022/02/28 12:0 a.m.•130 views

Advanced Booking Calendar < 1.7.0 - Unauthenticated SQL Injection

The plugin does not validate and escape the calendar parameter before using it in a SQL statement via the abcbookinggetSingleCalendar AJAX action available to both unauthenticated and authenticated users, leading to an unauthenticated SQL injection 1. Install the vulnerable plugin...

9.8CVSS0.4AI score0.01821EPSS
Exploits2References1
wpexploit
wpexploit
•added 2022/02/28 12:0 a.m.•125 views

AP Pricing Tables Lite < 1.1.5 - Reflected Cross-Site Scripting

The plugin does not sanitize and escape the postid parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting. https://example.com/wp-admin/admin.php?page=ap-pricing-tables-lite-add-new&postid=1'...

6.1CVSS0.6AI score0.00853EPSS
Exploits2References1
wpexploit
wpexploit
•added 2022/02/28 12:0 a.m.•2332 views

Unauthorised AJAX Calls via Freemius

Description The plugins and themes use an insecure version of the Freemius Framework, which is lacking CSRF and/or authorisation in some of its AJAX actions. As a result, any authenticated users, such as subscriber could access the debug logs. Unauthenticated attackers could also make a logged in...

7.2AI score
Exploits0
wpexploit
wpexploit
•added 2022/02/28 12:0 a.m.•219 views

SEO Plugin by Squirrly SEO < 11.1.12 - Reflected Cross-Site Scripting

The plugin does not escape the type parameter before outputting it back in an attribute in an admin page, leading to a Reflected Cross-Site Scripting...

6.1CVSS1.2AI score0.00788EPSS
Exploits2
wpexploit
wpexploit
•added 2022/02/28 12:0 a.m.•188 views

Modern Events Calendar Lite < 6.4.0 - Contributor+ Stored Cross Site Scripting

The plugin does not sanitize and escape some of the Hourly Schedule parameters which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks As a contributor, create/edit an Event, add the following payload in a "Hourly Schedule" title, as well as any of...

5.4CVSS0.1AI score0.69552EPSS
Exploits2
wpexploit
wpexploit
•added 2022/02/28 12:0 a.m.•404 views

Unauthorised AJAX Calls via Freemius

Description The plugins and themes use an insecure version of the Freemius Framework, which is lacking CSRF and/or authorisation in some of its AJAX actions. As a result, any authenticated users, such as subscriber could access the debug logs. Unauthenticated attackers could also make a logged in...

7.2AI score
Exploits0
wpexploit
wpexploit
•added 2022/02/28 12:0 a.m.•165 views

AP Mega Menu < 3.0.8 - Reflected Cross-Site Scripting

The plugin does not sanitize and escape the wpnonce parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting. https://example.com/wp-admin/admin.php?page=wpmm-add-theme&wpnonce="...

6.1CVSS1.2AI score0.00853EPSS
Exploits2References1
wpexploit
wpexploit
•added 2022/02/28 12:0 a.m.•234 views

miniOrange's Google Authenticator < 5.5 - Unauthenticated Arbitrary Options Deletion

The plugin does not have proper authorisation and CSRF checks when handling the reconfigureMethod, and does not validate the parameters passed to it properly. As a result, unauthenticated users could delete arbitrary options from the blog, making it unusable. Note: The initial issue was fixed in...

8.1CVSS3.2AI score0.00538EPSS
Exploits2
wpexploit
wpexploit
•added 2022/02/28 12:0 a.m.•146 views

Infographic Maker - iList < 4.3.8 - Unauthenticated SQL Injection

The plugin does not validate and escape the postid parameter before using it in a SQL statement via the qcldupvoteaction AJAX action available to unauthenticated and authenticated users, leading to an unauthenticated SQL Injection curl https://example.com/wp-admin/admin-ajax.php --data...

9.8CVSS2.4AI score0.15254EPSS
Exploits2References1
wpexploit
wpexploit
•added 2022/02/28 12:0 a.m.•155 views

3D FlipBook < 1.12.1 - Subscriber+ Stored Cross-Site Scripting

The plugin does not have authorisation and CSRF checks when updating its settings, and does not have any sanitisation/escaping, allowing any authenticated users, such as subscriber to put Cross-Site Scripting payloads in all pages with a 3d flipbook. As a subscriber:...

5.4CVSS1AI score0.00591EPSS
Exploits2
wpexploit
wpexploit
•added 2022/02/28 12:0 a.m.•1004 views

BookingPress < 1.0.11 - Unauthenticated SQL Injection

The plugin fails to properly sanitize user supplied POST data before it is used in a dynamically constructed SQL query via the bookingpressfrontgetcategoryservices AJAX action available to unauthenticated users, leading to an unauthenticated SQL Injection - Create a new "category" and associate i...

9.8CVSS0.5AI score0.37171EPSS
Exploits11References1
wpexploit
wpexploit
•added 2022/02/28 12:0 a.m.•717 views

NotificationX < 2.3.12 - Unauthenticated SQLi

The plugin does not validate and escape the id parameter in its notificationx/v1/notification REST endpoint before using it in a SQL statement, which could allow unauthenticated attackers to perform SQL Injection attacks. The apikey is the md5 of the homeurl either with http or https protocol...

2.4AI score
Exploits0References1
wpexploit
wpexploit
•added 2022/02/28 12:0 a.m.•279 views

Simple Link Directory < 7.7.2 - Unauthenticated SQL injection

The plugin does not validate and escape the postid parameter before using it in a SQL statement via the qcopdupvoteaction AJAX action available to unauthenticated and authenticated users, leading to an unauthenticated SQL Injection curl 'http://example.com/wp-admin/admin-ajax.php' --data...

9.8CVSS2.9AI score0.10825EPSS
Exploits2References1
wpexploit
wpexploit
•added 2022/02/25 12:0 a.m.•149 views

Simple Membership < 4.1.0 - Arbitrary Transaction Deletion via CSRF

The plugin does not have CSRF check in place when deleting Transactions, which could allow attackers to make a logged in admin delete arbitrary transactions via a CSRF attack https://example.com/wp-admin/admin.php?page=simplewpmembershippayments&action=deletetxn&id=1 will delete the transaction...

6.5CVSS2.5AI score0.00523EPSS
Exploits2
Total number of security vulnerabilities4359