Lucene search
K
WpexploitRecent

4359 matches found

wpexploit
wpexploit
added 2022/02/25 12:0 a.m.386 views

Contact Form X < 2.4.1 - Reflected Cross-Site Scripting

The plugin does not escape the tab parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting issue https://example.com/wp-admin/options-general.php?page=contactformx&tab="+style=animation-name:rotation+onanimationstart=alert/XSS///...

6.1CVSS1.2AI score0.00978EPSS
Exploits1References1
wpexploit
wpexploit
added 2022/02/23 12:0 a.m.544 views

Amelia < 1.0.46 - Arbitrary Customer Deletion via CSRF

The plugin does not have CSRF check in place when deleting customers, which could allow attackers to make a logged in admin delete arbitrary customers via a CSRF attack...

4.3CVSS2.4AI score0.00429EPSS
Exploits2
wpexploit
wpexploit
added 2022/02/23 12:0 a.m.493 views

Amelia < 1.0.46 - Reflected Cross-Site Scripting

The plugin does not sanitize and escape the code parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting. https://example.com/wp-admin/admin.php?page=wpamelia-dashboard&code=...

6.1CVSS1.5AI score0.00788EPSS
Exploits2
wpexploit
wpexploit
added 2022/02/23 12:0 a.m.554 views

WooCommerce < 6.2.1 - Subscriber+ Arbitrary Comment Deletion

The plugin does not have proper authorisation check when deleting reviews, which could allow any authenticated users, such as subscriber to delete arbitrary comment Log in as any user with privileges as low as Subscriber...

0.3AI score0.00675EPSS
Exploits2References2
wpexploit
wpexploit
added 2022/02/23 12:0 a.m.12 views

15Zine < 3.3.0 - Reflected Cross-Site Scripting

Description The theme does not sanitise and escape the cbi parameter before outputing it back in the response via the cbsa AJAX action, leading to a Reflected Cross-Site Scripting https://example.com/wp-admin/admin-ajax.php?action=cbsa&cbi=alert/XSS/;...

6.1CVSS6.1AI score0.02602EPSS
Exploits2
wpexploit
wpexploit
added 2022/02/23 12:0 a.m.500 views

Amelia < 1.0.46 - Manager+ RCE

The plugin stores image blobs into actual files whose extension is controlled by the user, which may lead to PHP backdoors being uploaded onto the site. This vulnerability can be exploited by logged-in users with the custom "Amelia Manager" role. import requests import base64 BASEURL =...

8.8CVSS8.8AI score0.01439EPSS
Exploits2
wpexploit
wpexploit
added 2022/02/22 12:0 a.m.115 views

BulletProof Security < 5.8 - Admin+ Stored Cross-Site Scripting (XSS)

The plugin does not sanitise and escape some of its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. As admin, put the following payloads: - in the htaccess File Options htaccess File Editor...

0.4AI score0.00588EPSS
Exploits2
wpexploit
wpexploit
added 2022/02/22 12:0 a.m.78 views

RW Divi Unite Gallery <= 1.0 - Security Bypass via Outdated Freemius

The plugin is vulnerable to a security bypass due to the use of a known vulnerable component, Freemius 2.2.4. The plugin uses Freemius 1.0.0 and is therefore vulnerable. The core issue that causes the vulnerability is in the setdboption function, which is exposed to any authenticated user with no...

0.7AI score
Exploits0References1
wpexploit
wpexploit
added 2022/02/22 12:0 a.m.152 views

Advanced Contact form 7 DB < 1.8.7 - Subscriber+ Arbitrary File Deletion

The plugin does not have authorisation nor CSRF checks in the acf7dbeditscrfiledelete AJAX action, and does not validate the file to be deleted, allowing any authenticated user to delete arbitrary files on the web server. For example, removing the wp-config.php allows attackers to trigger WordPre...

8CVSS2.7AI score0.00721EPSS
Exploits2
wpexploit
wpexploit
added 2022/02/21 12:0 a.m.107 views

Cookie Information < 2.0.8 - Reflected Cross-Site Scripting

The plugin does not escape user data before outputting it back in attributes in the admin dashboard, leading to a Reflected Cross-Site Scripting issue https://example.com/wp-admin/admin.php?page=wp-gdpr-compliance&x=%27+onanimationstart%3Dalert%28/XSS/%29+style%3Danimation-name%3Arotation+x...

6.1CVSS1.3AI score0.01601EPSS
Exploits2References1
wpexploit
wpexploit
added 2022/02/21 12:0 a.m.109 views

SEO 301 Meta <= 1.9.1 - Admin+ Stored Cross-Site Scripting

The plugin does not escape its Request and Destination settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed Put the following payload in the Request or Destination settings of the plugin: "...

4.8CVSS1.5AI score0.00588EPSS
Exploits2
wpexploit
wpexploit
added 2022/02/21 12:0 a.m.146 views

Simple Theme Options < 1.7 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed Put the following payload in any of textarea field settings of the plugin such as 'Google Analytics': " T...

4.8CVSS0.1AI score0.00612EPSS
Exploits2
wpexploit
wpexploit
added 2022/02/21 12:0 a.m.109 views

Patreon WordPress < 1.8.2 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape the field "Custom Patreon Page name", which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed Put the following payload in the "Custom Patreon Page name" setting of the plugin and...

5.5CVSS0.3AI score0.00689EPSS
Exploits2References1
wpexploit
wpexploit
added 2022/02/21 12:0 a.m.253 views

Hide Admin Bar Based on User Roles < 3.1.0 - Settings Update via CSRF

The plugin does not have CSRF check when updating its settings, allowing attackers to make a logged in admin update the plugin's settings via a CSRF attack https://example.com/wp-admin/admin-ajax.php?action=saveuserroles&caps=test&disableForAll=no...

3.1AI score
Exploits0
wpexploit
wpexploit
added 2022/02/21 12:0 a.m.143 views

Event Manager for WooCommerce < 3.5.8 - Contributor+ SQL Injection

The plugin does not validate and escape the postauthorgutenberg parameter before using it in a SQL statement when creating/editing events, which could allow users with a role as low as contributor to perform SQL Injection attacks Create or edit an event as a contributor, intercept the request and...

8.8CVSS0.9AI score0.01511EPSS
Exploits2References1
wpexploit
wpexploit
added 2022/02/21 12:0 a.m.292 views

Hide Admin Bar Based on User Roles < 3.0.0 - Subscriber+ Settings Update

The plugin does not have authorisation and CSRF checks, allowing any authenticated users, such as subscriber, to update the plugin's settings https://example.com/wp-admin/admin-ajax.php?action=saveuserroles&caps=test&disableForAll=no...

3AI score
Exploits0
wpexploit
wpexploit
added 2022/02/21 12:0 a.m.148 views

Multisite Content Copier/Updater < 2.1.2 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape the s parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting issue in the network dashboard...

6.1CVSS1.1AI score0.00788EPSS
Exploits2
wpexploit
wpexploit
added 2022/02/21 12:0 a.m.107 views

Master Addons for Elementor < 1.8.2 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape the errormessage parameter before outputting it back in the response of the jltmarestrictcontent AJAX action, available to unauthenticated and authenticated users, leading to a Reflected Cross-Site Scripting " name="errormessage"...

6.1CVSS0.5AI score0.00783EPSS
Exploits2
wpexploit
wpexploit
added 2022/02/21 12:0 a.m.138 views

Team Circle Image Slider With Lightbox < 1.0.16 - Reflected Cross-Site Scripting

The plugin does not sanitize and escape the orderpos parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting. https://example.com/wp-admin/admin.php?page=circlethumbnailsliderwithlightboximagemanagement&orderpos=...

6.1CVSS0.6AI score0.00788EPSS
Exploits2
wpexploit
wpexploit
added 2022/02/21 12:0 a.m.410 views

WPCargo < 6.9.0 - Unauthenticated RCE

The plugin contains a file which could allow unauthenticated attackers to write a PHP file anywhere on the web server, leading to RCE import sys import binascii import requests This is a magic string that when treated as pixels and compressed using the png algorithm, will cause to be written to t...

0.4AI score0.56148EPSS
Exploits3
wpexploit
wpexploit
added 2022/02/21 12:0 a.m.114 views

GD Mylist <= 1.1.1 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed Put the following payload in any of the text field settings of the plugin such as Add to Mylist...

4.8CVSS0.8AI score0.00612EPSS
Exploits2
wpexploit
wpexploit
added 2022/02/21 12:0 a.m.130 views

Petfinder Listings < 1.1 - Admin+ Stored Cross-Site Scripting

The plugin does not escape its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed Put the following payload in any of the text field settings of the plugin such as 'Your Petfinder API Key v1.0': "...

4.8CVSS0.8AI score0.00612EPSS
Exploits2
wpexploit
wpexploit
added 2022/02/21 12:0 a.m.113 views

Countdown & Clock < 2.2.9 - Reflected Cross-Site Scripting

The plugin does not sanitize and escape the post parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting. https://example.com/wp-admin/post-new.php?posttype=ycdcountdown&post="...

6.1CVSS1AI score0.00863EPSS
Exploits2References1
wpexploit
wpexploit
added 2022/02/21 12:0 a.m.156 views

Contact Form Submissions < 1.7.3 - Unauthenticated Stored XSS

The plugin does not sanitise and escape additional fields in contact form requests before outputting them in the related submission. As a result, unauthenticated attacker could perform Cross-Site Scripting attacks against admins viewing the malicious submission POST...

6.1CVSS0.7AI score0.01691EPSS
Exploits2References1
wpexploit
wpexploit
added 2022/02/21 12:0 a.m.139 views

CommonsBooking < 2.6.8 - Unauthenticated SQL Injection

The plugin does not sanitise and escape the location parameter of the calendardata AJAX action available to unauthenticated users before it is used in dynamically constructed SQL queries, leading to an unauthenticated SQL injection Create an "item" and a "location" via the newly added...

9.8CVSS0.5AI score0.08852EPSS
Exploits2
wpexploit
wpexploit
added 2022/02/21 12:0 a.m.120 views

WP Home Page Menu < 3.1 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed Put the following payload in any of text field settings of the plugin such as 'Home Page Menu Label': "...

4.8CVSS0.5AI score0.0067EPSS
Exploits2References1
wpexploit
wpexploit
added 2022/02/18 12:0 a.m.117 views

Zero Spam < 5.2.11 - Admin+ SQL Injection

The plugin does not properly sanitise and escape the order and orderby parameters before using them in a SQL statement in the admin dashboard, leading to a SQL injection With at least one IP in the “Blocked IPs” list:...

9.8CVSS1.4AI score0.01997EPSS
Exploits2References2
wpexploit
wpexploit
added 2022/02/17 12:0 a.m.63 views

Kunze Law < 2.1 - Admin+ Stored Cross-Site Scripting

The plugin does not escape its 'E-Mail Error "From" Address' settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed Put the following payload in the 'E-Mail Error "From" Address' settings of the plugin:...

4.8CVSS0.7AI score0.00612EPSS
Exploits2
wpexploit
wpexploit
added 2022/02/17 12:0 a.m.96 views

Profile Builder < 3.6.2 - Reflected Cross-Site Scripting

The plugin does not properly sanitise and escape the siteurl parameter before outputting it back in an href attribute, leading to a Reflected Cross-Site Scripting issue...

6.1CVSS0.5AI score0.02703EPSS
Exploits3References1
wpexploit
wpexploit
added 2022/02/17 12:0 a.m.119 views

UpdraftPlus Free < 1.22.3 & Premium < 2.22.3 - Subscriber+ Backup Download

The plugins do not properly validate a user has the required privileges to access a backup's nonce identifier, which may allow any users with an account on the site such as subscriber to download the most recent site & database backup. from io import StringIO import requests import gzip import js...

6.5CVSS1AI score0.01979EPSS
Exploits3References2
wpexploit
wpexploit
added 2022/02/17 12:0 a.m.191 views

ARI Fancy Lightbox < 1.3.9 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape the msg parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting https://example.com/wp-admin/admin.php?page=ari-fancy-lightbox&msg=%3Cimg+src+onerror%3Dalert%28/XSS/%29%3E...

0.8AI score0.00863EPSS
Exploits2References1
wpexploit
wpexploit
added 2022/02/17 12:0 a.m.178 views

Sync iCloud COS < 2.0.1 - Admin+ Stored Cross-Site Scripting

The plugin does not escape some of its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed Put the following payload in the 本地文件夹 or URL前缀 settings of the plugin: " style=animation-name:rotation...

1.4AI score0.00588EPSS
Exploits2
wpexploit
wpexploit
added 2022/02/16 12:0 a.m.158 views

Powerkit < 2.5.9 - Post Views Settings Update/Reset via CSRF

The plugin does not have CSRF checks when saving or reseting its post views settings, which could allow an attacker to make a logged in admin change or reset them via a CSRF attack...

2.5AI score
Exploits0References1
wpexploit
wpexploit
added 2022/02/16 12:0 a.m.79 views

WP Voting Contest <= 2.1 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape the postid parameter before outputting it back in the response via the wpvcsocialshareicons AJAX action available to both unauthenticated and authenticated users, leading to a Reflected Cross-Site Scripting issue alert/XSS/' /...

0.3AI score0.00783EPSS
Exploits2
wpexploit
wpexploit
added 2022/02/16 12:0 a.m.44 views

WP Statistic < 13.1.6 - Reflected Cross-Site Scripting

The plugin does not escape various generated links before outputting them back in attributes, leading to Reflected Cross-Site Scripting https://example.com/wp-admin/admin.php?page=wpsvisitorspage&"alert/XSS/ https://example.com/wp-admin/admin.php?page=wpsreferrerspage&"alert/XSS/...

0.8AI score
Exploits0
wpexploit
wpexploit
added 2022/02/16 12:0 a.m.88 views

hub2word <= 1.1.0 - Subscriber+ Arbitrary Options Update

The plugin does not have authorisation and CSRF checks in its Hub2Wordsavesettings AJAX action, and does not validate the option key to be updated. As a result, any authenticated user, such as subscriber could update arbitrary WordPress options POST /wp-admin/admin-ajax.php HTTP/1.1 Accept:...

0.8AI score
Exploits0
wpexploit
wpexploit
added 2022/02/16 12:0 a.m.263 views

Flexi - Guest Submit < 4.20 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape various parameters before outputting them back in some pages such as the user dashboard, leading to a Reflected Cross-Site Scripting Open the following URL when authenticated as any user: https://example.com/user-dashboard/?search=keyword:...

6.1CVSS6.2AI score0.00788EPSS
Exploits2
wpexploit
wpexploit
added 2022/02/16 12:0 a.m.246 views

Page Builder KingComposer <= 2.9.6 - Open Redirect

The plugin does not validate the id parameter before redirecting the user to it via the kcgetthumbn AJAX action available to both unauthenticated and authenticated users https://example.com/wp-admin/admin-ajax.php?action=kcgetthumbn&id=https://wpscan.com...

6.1CVSS3.8AI score0.0428EPSS
Exploits4
wpexploit
wpexploit
added 2022/02/16 12:0 a.m.127 views

Simple Quotation <= 1.3.2 - Quote Creation/Edition via CSRF to Stored Cross-Site Scripting

The plugin does not have CSRF check when creating or editing a quote and does not sanitise and escape Quotes. As a result, attacker could make a logged in admin create or edit arbitrary quote, and put Cross-Site Scripting payloads in them alert/XSS-image/" / alert/XSS-quote/" /...

6.1CVSS0.2AI score0.00788EPSS
Exploits2
wpexploit
wpexploit
added 2022/02/16 12:0 a.m.100 views

Login with phone number < 1.3.7 - Unauthenticated remote plugin deletion

The plugin includes a file delete.php with no form of authentication or authorization checks placed in the plugin directory, allowing unauthenticated user to remotely delete the plugin files leading to a potential Denial of Service situation...

6.5CVSS2.9AI score0.01419EPSS
Exploits2References1
wpexploit
wpexploit
added 2022/02/16 12:0 a.m.123 views

Better WordPress Google XML Sitemaps <= 1.4.1 - Unauthenticated Stored Cross-Site Scripting

The plugin does not sanitise and escape its logs when outputting them in the admin dashboard, which could allow unauthenticated users to perform Stored Cross-Site Scripting attacks against admins With the permalinks settings set to plain, as an unauthenticated user, open...

0.1AI score0.01496EPSS
Exploits2
wpexploit
wpexploit
added 2022/02/16 12:0 a.m.101 views

Simple Quotation <= 1.3.2 - Subscriber+ SQL injection

The plugin does not have authorisation and CSRF checks in various of its AJAX actions and is lacking escaping of user data when using it in SQL statements, allowing any authenticated users, such as subscriber to perform SQL injection attacks POST /wp-admin/admin-ajax.php HTTP/1.1 Accept: /...

8.8CVSS1.3AI score0.01297EPSS
Exploits2
wpexploit
wpexploit
added 2022/02/15 12:0 a.m.78 views

Relevanssi - Subscriber+ Unauthorised AJAX Calls

The plugins do not have authorisation and CSRF checks in some of their AJAX actions, allowing any authenticated users, such as subscriber, to call them. This could disclose information to subscribers, as well as allow them to truncate the index, which will disable the search...

2.5AI score
Exploits0References2
wpexploit
wpexploit
added 2022/02/15 12:0 a.m.109 views

Advanced Product Labels for WooCommerce < 1.2.3.7 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape the taxcolorsettype parameter before outputting it back in the berocketaplcolorlistener AJAX action's response, leading to a Reflected Cross-Site Scripting As any authenticated user: ' name="taxcolorsettype"...

6.1CVSS6.2AI score0.00863EPSS
Exploits2References1
wpexploit
wpexploit
added 2022/02/15 12:0 a.m.588 views

Photo Gallery by 10Web < 1.6.0 - Unauthenticated SQL Injection

The plugin does not validate and escape the bwgtagidbwgthumbnails0 parameter before using it in a SQL statement via the bwgfrontenddata AJAX action available to unauthenticated and authenticated users, leading to an unauthenticated SQL injection...

9.8CVSS3AI score0.74615EPSS
Exploits4References1
wpexploit
wpexploit
added 2022/02/15 12:0 a.m.67 views

The Events Calendar < 5.14.0 - Reflected Cross-Site Scripting

The plugin does not escape an aggregator URL before outputting it back in an attribute, leading to Reflected Cross-Site Scripting When there is an Event Aggregator license key active: https://example.com/wp-admin/edit.php?page=tribe-common&tab=imports&posttype=tribeevents&"alert/XSS/...

7.1AI score
Exploits0
wpexploit
wpexploit
added 2022/02/15 12:0 a.m.187 views

Persian Woocommerce < 5.9.8 - Reflected Cross-Site Scripting

The plugin does not escape the s parameter before outputting it back in an attribute in the admin dashboard, which could lead to a Reflected Cross-Site Scripting issue https://example.com/wp-admin/admin.php?page=persian-wc&s=xxxxx%22+accesskey%3DX+onclick%3Dalert%281%29+test%3D%22...

6.1CVSS1.9AI score0.01477EPSS
Exploits2
wpexploit
wpexploit
added 2022/02/14 12:0 a.m.89 views

Multiple Themes - Reflected Cross-Site Scripting via Customizer Notify

The qualitycustomizernotifydismissaction and ticustomizernotifydismissrecommendedplugins AJAX actions names can differ depending on the theme, available to authenticated users in multiple themes do not validate or escape the id parameter before outputting it back in the response, leading to...

0.4AI score
Exploits0
wpexploit
wpexploit
added 2022/02/14 12:0 a.m.135 views

WP-Matomo Integration (WP-Piwik) < 1.0.27 - Plugin Settings Reset via CSRF

The plugin does not have CSRF when resetting its settings, which could allow attackers to make a logged in admin reset them via a CSRF attack https://example.com/wp-admin/options-general.php?page=wp-piwik%2Fclasses%2FWPPiwik.php&clear=2...

6.8AI score
Exploits0References1
wpexploit
wpexploit
added 2022/02/14 12:0 a.m.115 views

WP Cerber Security, Anti-spam & Malware Scan < 8.9.6 - Unauthenticated Stored Cross-Site Scripting

The plugin does not sanitise the $url variable before using it in an attribute in the Activity tab in the plugins dashboard, leading to an unauthenticated stored Cross-Site Scripting vulnerability. POST /"/onmouseover=alert1;// HTTP/1.1 Host: 127.0.0.1 Content-Type:...

6.1CVSS0.1AI score0.01378EPSS
Exploits2
Total number of security vulnerabilities4359