Lucene search
K
WpexploitRecent

4359 matches found

wpexploit
wpexploit
•added 2022/01/31 12:0 a.m.•111 views

Post Snippets < 3.1.4 - CSRF to Stored Cross-Site Scripting

The plugin does not have CSRF check when importing files, allowing attacker to make a logged In admin import arbitrary snippets. Furthermore, imported snippers are not sanitised and escaped, which could lead to Stored Cross-Site Scripting issues function submitRequest var xhr = new XMLHttpRequest...

9.6CVSS0.00602EPSS
Exploits2
wpexploit
wpexploit
•added 2022/01/31 12:0 a.m.•136 views

Use Any Font < 6.2.1 - Unauthenticated Arbitrary CSS Appending

The plugin does not have any authorisation checks when assigning a font, allowing unauthenticated users to sent arbitrary CSS which will then be processed by the frontend for all users. Due to the lack of sanitisation and escaping in the backend, it could also lead to Stored XSS issues...

6.1CVSS0.01469EPSS
Exploits2
wpexploit
wpexploit
•added 2022/01/31 12:0 a.m.•141 views

WP Email Users <= 1.7.6 - Subscriber+ SQL Injection

The plugin does not escape the dataraw parameter in the weuselectedusers1 AJAX action, available to any authenticated users, allowing them to perform SQL injection attacks. As any authenticated user such as subscriber, the request below will display all users email addresses...

8.8CVSS0.8AI score0.02214EPSS
Exploits3
wpexploit
wpexploit
•added 2022/01/31 12:0 a.m.•421 views

Essential Addons for Elementor < 5.0.5 - Unauthenticated LFI

The plugin does not validate and sanitise some template data before it them in include statements, which could allow unauthenticated attackers to perform Local File Inclusion attack and read arbitrary files on the server, this could also lead to RCE via user uploaded files or other LFI to RCE...

9.8CVSS0.01989EPSS
Exploits1
wpexploit
wpexploit
•added 2022/01/27 12:0 a.m.•117 views

WHMCS Bridge < 6.4b - Reflected Cross-Site Scripting (XSS)

The plugin does not sanitise and escape the error parameter before outputting it back in admin dashboard, leading to a Reflected Cross-Site Scripting http://example.com/wp-admin/options-general.php?page=cc-ce-bridge-cp&error=%3Cimg%20src%20onerror=alert1%3E...

6.1CVSS0.6AI score0.02187EPSS
Exploits2References1
wpexploit
wpexploit
•added 2022/01/27 12:0 a.m.•112 views

WP Google Map < 1.8.4 - Arbitrary Post Deletion and Plugin's Settings Update via CSRF

The plugin does not have CSRF checks in most of its AJAX actions, which could allow attackers to make logged in admins delete arbitrary posts and update the plugin's settings via a CSRF attack Removing post: fetch"https://example.com/wp-admin/admin-ajax.php", "headers": "content-type":...

6.5CVSS1.4AI score0.00566EPSS
Exploits2References1
wpexploit
wpexploit
•added 2022/01/26 12:0 a.m.•103 views

WordPress GDPR & CCPA < 1.9.26 - Authenticated Reflected Cross-Site Scripting

The checkprivacysettings AJAX action of the plugin, available to both unauthenticated and authenticated users, responds with JSON data without an "application/json" content-type. Since an HTML payload isn't properly escaped, it may be interpreted by a web browser led to this endpoint. Javascript...

9.6CVSS9.2AI score0.02085EPSS
Exploits2
wpexploit
wpexploit
•added 2022/01/26 12:0 a.m.•115 views

WP Accessibility Helper (WAH) < 0.6.0.7 - Reflected Cross-Site Scripting (XSS)

The plugin does not sanitise and escape the wahi parameter before outputting back its base64 decode value in the page, leading to a Reflected Cross-Site Scripting issue https://example.com/?wahi=JzthbGVydCgxKTsvLw==...

6.1CVSS0.3AI score0.01718EPSS
Exploits2References1
wpexploit
wpexploit
•added 2022/01/26 12:0 a.m.•104 views

StatCounter < 2.0.7 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape the Project ID and Secure Code settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed Put the following payload in the Project ID or Secure Code settings...

4.8CVSS0.8AI score0.00637EPSS
Exploits2References1
wpexploit
wpexploit
•added 2022/01/26 12:0 a.m.•97 views

Add Subtitle <= 1.1.0 - Contributor+ Stored Cross-Site Scripting

The plugin does not sanitise or escape the sub-title field available only with classic editor when output in the page, which could allow users with a role as low as contributor to perform Cross-Site Scripting attacks The classic editor plugin is needed to see the sub-title field - Create a post a...

5.4CVSS0.1AI score0.00595EPSS
Exploits2
wpexploit
wpexploit
•added 2022/01/26 12:0 a.m.•158 views

LearnPress < 4.1.5 - Arbitrary Image Renaming

Users of the plugin can upload an image as a profile avatar after the registration. After this process the user crops and saves the image. Then a "POST" request that contains user supplied name of the image is sent to the server for renaming and cropping of the image. As a result of this request,...

4.3CVSS4.7AI score0.03205EPSS
Exploits5References2
wpexploit
wpexploit
•added 2022/01/26 12:0 a.m.•219 views

WP Responsive Menu < 3.1.7.1 - Subscriber+ Settings Update to Stored XSS

The plugin does not have capability and CSRF checks in the wprliveupdate AJAX action, as well as do not sanitise and escape some of the data submitted. As a result, any authenticated, such as subscriber could update the plugin's settings and perform Cross-Site Scripting attacks against all visito...

5.4CVSS5.3AI score0.00591EPSS
Exploits2
wpexploit
wpexploit
•added 2022/01/26 12:0 a.m.•88 views

Embed Swagger <= 1.0.0 - Reflected Cross-Site Scripting

The plugin is vulnerable to Reflected Cross-Site Scripting due to insufficient escaping/sanitization and validation via the url parameter found in the /swagger-iframe.php file which allows attackers to inject arbitrary web scripts onto the page, in versions up to and including 1.0.0...

6.1CVSS3.7AI score0.03865EPSS
Exploits2References1
wpexploit
wpexploit
•added 2022/01/26 12:0 a.m.•466 views

WP Ultimate CSV Importer < 6.4.3 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escaped imported comments, which could allow high privilege users to import malicious ones either intentionnaly or not and lead to Stored Cross-Site Scripting issues Import the following CSV as comment:...

4.8AI score0.00637EPSS
Exploits2References1
wpexploit
wpexploit
•added 2022/01/26 12:0 a.m.•662 views

WP RSS Aggregator < 4.20 - Reflected Cross-Site Scripting (XSS)

The plugin does not sanitise and escape the id parameter in the wprssfetchitemsrowaction AJAX action before outputting it back in the response, leading to a Reflected Cross-Site Scripting Save the HTML below to a file with the .html extension, then open it in Firefox, while being authenticated in...

6.1CVSS0.1AI score0.02228EPSS
Exploits2References1
wpexploit
wpexploit
•added 2022/01/26 12:0 a.m.•112 views

WordPress GDPR & CCPA < 1.9.27 - Unauthenticated Reflected Cross-Site Scripting

The checkprivacysettings AJAX action of the plugin, available to both unauthenticated and authenticated users, responds with JSON data without an "application/json" content-type. Since an HTML payload isn't properly escaped, it may be interpreted by a web browser led to this endpoint. Javascript...

6.1CVSS6.2AI score0.0231EPSS
Exploits2
wpexploit
wpexploit
•added 2022/01/25 12:0 a.m.•151 views

AP Custom Testimonial < 1.4.8 - Admin+ SQL Injection

The plugin does not validate and escape the id parameter before using it in a SQL statement when retrieving a testimonial to edit, leading to a SQL Injection https://example.com/wp-admin/admin.php?page=apcttestimonialedit&id=1+AND+SELECT+42+FROM+SELECTSLEEP5b...

7.2CVSS2AI score0.01445EPSS
Exploits2References1
wpexploit
wpexploit
•added 2022/01/25 12:0 a.m.•105 views

Simple Membership < 4.0.9 - Arbitrary Member Deletion via CSRF

The plugin does not have CSRF check when deleting members in bulk, which could allow attackers to make a logged in admin delete them via a CSRF attack https://example.com/wp-admin/admin.php?page=simplewpmembership&action=bulkdelete&members%5B0%5D=1&members%5B1%5D=2...

4.7CVSS3.4AI score0.00464EPSS
Exploits2References1
wpexploit
wpexploit
•added 2022/01/25 12:0 a.m.•133 views

AP Custom Testimonial < 1.4.8 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape the id parameter before outputting it back in an attribute, leading to a Reflected cross-Site Scripting https://example.com/wp-admin/admin.php?page=apcttestimonialedit&id=1"alert/XSS/...

6.1CVSS0.8AI score0.00853EPSS
Exploits2References1
wpexploit
wpexploit
•added 2022/01/24 12:0 a.m.•111 views

Duplicate Page or Post < 1.5.1 - Arbitrary Settings Update to Stored XSS

The plugin does not have any authorisation and has a flawed CSRF check in the wpdevartduplicatepostparametrssaveindb AJAX action, allowing any authenticated users, such as subscriber to call it and change the plugin's settings, or perform such attack via CSRF. Furthermore, due to the lack of...

3.5CVSS0.4AI score0.01582EPSS
Exploits2
wpexploit
wpexploit
•added 2022/01/24 12:0 a.m.•78 views

Catch Web Tools < 2.7.1 - Subscriber+ Arbitrary Catch IDs Activation/Deactivation

The plugin does not have authorisation and CSRF check in its catchwebtoolscatchidsswitch AJAX action, allowing any authenticated users, such as subscriber to activate/disable Catch IDs fetch"https://example.com/wp-admin/admin-ajax.php", "headers": "content-type":...

0.9AI score
Exploits0References1
wpexploit
wpexploit
•added 2022/01/24 12:0 a.m.•92 views

WP Dependency Installer < 4.3.1 - Arbitrary Plugin Installation from Dependency via CSRF

The wp-dependency-installer library, used in the plugins, does not have CSRF check in its dependencyinstaller AJAX action with the install method, which could allow attackers to make a logged in admin install plugins defined in the wp-dependencies.json via a CSRF attack. The slug has to be presen...

1.5AI score
Exploits0
wpexploit
wpexploit
•added 2022/01/24 12:0 a.m.•157 views

Coming soon and Maintenance mode < 3.6.8 - Arbitrary Email Sending to Subscribed Users via CSRF

The plugin does not have CSRF check in its comingsoonsendmail AJAX action, allowing attackers to make logged in admin to send arbitrary emails to all subscribed users via a CSRF attack fetch"https://example.com/wp-admin/admin-ajax.php", "headers": "content-type":...

4.3CVSS1.1AI score0.00464EPSS
Exploits2References1
wpexploit
wpexploit
•added 2022/01/24 12:0 a.m.•95 views

Ad Inserter < 2.7.10 - Reflected Cross-Site Scripting

The plugins do not sanitise and escape the htmlelementselection parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting "...

6.1CVSS6.2AI score0.02389EPSS
Exploits2
wpexploit
wpexploit
•added 2022/01/24 12:0 a.m.•119 views

Coming soon and Maintenance mode < 3.6.7 - Subscriber+ Arbitrary Email Sending to Subscribed Users

The plugin does not have authorisation and CSRF checks in its comingsoonsendmail AJAX action, allowing any authenticated users, with a role as low as subscriber to send arbitrary emails to all subscribed users fetch"https://example.com/wp-admin/admin-ajax.php", "headers": "content-type":...

4.3CVSS1AI score0.00344EPSS
Exploits2References1
wpexploit
wpexploit
•added 2022/01/24 12:0 a.m.•155 views

Anti-Malware Security and Brute-Force Firewall < 4.20.94 - Admin+ Reflected Cross-Site Scripting

The plugin does not sanitise and escape the POST data before outputting it back in attributes of an admin page, leading to a Reflected Cross-Site scripting. Due to the presence of specific parameter value, available to admin users, this can only be exploited by an admin against another admin user...

4.8CVSS4.9AI score0.00588EPSS
Exploits2
wpexploit
wpexploit
•added 2022/01/24 12:0 a.m.•66 views

WP Dependency Installer < 4.3.1 - Subscriber+ Arbitrary Plugin Activation

The wp-dependency-installer library, used in the plugins does not have authorisation and CSRF checks in its dependencyinstaller AJAX action with the activate method, allowing any authenticated users, such as subscriber to activate arbitrary plugin installed on the blog. Furthermore, despite havin...

1.5AI score
Exploits0
wpexploit
wpexploit
•added 2022/01/24 12:0 a.m.•112 views

Database Backup for WordPress < 2.5.1 - Admin+ SQL Injection

The plugin does not properly sanitise and escape the fragment parameter before using it in a SQL statement in the admin dashboard, leading to a SQL injection issue https://example.com/wp-admin/?fragment=select%20updatexml1,concat0x7e,select%20user,0::2.txt&wpnonce=7347278aca The nonce can be...

7.2CVSS0.7AI score0.01265EPSS
Exploits2
wpexploit
wpexploit
•added 2022/01/24 12:0 a.m.•249 views

Popup Builder < 4.0.7 - Admin+ SQL Injection

The plugin does not validate and properly escape the orderby and order parameters before using them in a SQL statement in the admin dashboard, which could allow high privilege users to perform SQL injection...

7.2CVSS1.9AI score0.05839EPSS
Exploits2References1
wpexploit
wpexploit
•added 2022/01/24 12:0 a.m.•115 views

Float Menu < 4.3.1 - Arbitrary Menu Deletion via CSRF

The plugin does not have CSRF check in place when deleting menu, which could allow attackers to make a logged in admin delete them via a CSRF attack https://example.com/wp-admin/admin.php?page=float-menu&info=delete&did=1...

4.3CVSS4AI score0.00464EPSS
Exploits2References1
wpexploit
wpexploit
•added 2022/01/24 12:0 a.m.•117 views

Advanced Database Cleaner < 3.0.4 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape $GET keys and values before outputting them back in attributes, leading to Reflected Cross-Site Scripting issues https://example.com/wp-admin/admin.php?page=advanceddbcleaner&aDBctab=options&aDBccat=all&'alert/XSS-key/=alert/XSS-value/...

6.1CVSS0.7AI score0.00788EPSS
Exploits2
wpexploit
wpexploit
•added 2022/01/24 12:0 a.m.•142 views

Popup Builder < 4.0.7 - LFI to RCE

The plugin does not validate and sanitise the sgpbtype parameter before using it in a require statement, leading to a Local File Inclusion issue. Furthermore, since the beginning of the string can be controlled, the issue can lead to RCE vulnerability via wrappers such as PHAR Create a zip archiv...

8.8CVSS0.3AI score0.05365EPSS
Exploits2References1
wpexploit
wpexploit
•added 2022/01/20 12:0 a.m.•190 views

WordPress Download Manager < 3.2.34 - Authenticated SQL Injection to Reflected XSS

The plugin does not sanitise and escape the packageids parameter before using it in a SQL statement, leading to a SQL injection, which can also be exploited to cause a Reflected Cross-Site Scripting issue...

8.8CVSS1.7AI score0.01464EPSS
Exploits2References1
wpexploit
wpexploit
•added 2022/01/19 12:0 a.m.•108 views

AnyComment < 0.2.18 - Comment Rating Increase/Decrease via Race Condition

The plugin is affected by a race condition when liking/disliking a comment/reply, which could allow any authenticated user to quickly raise their rating or lower the rating of other users https://www.youtube.com/watch?v=0IqZL-slt00 1. Make a new comment 2. Like your comment and intercept it using...

3.5CVSS0.4AI score0.00487EPSS
Exploits2
wpexploit
wpexploit
•added 2022/01/19 12:0 a.m.•142 views

AnyComment < 0.2.18 - Arbitrary HyperComments Import/Revert via CSRF

The plugin does not have CSRF checks in the Import and Revert HyperComments features, allowing attackers to make logged in admin perform such actions via a CSRF attack Go to https://example.com/wordpress/wp-admin/admin.php?r=import%2Fhypercomments&url=http://, and you will see a get request in yo...

8.8CVSS1.4AI score0.00635EPSS
Exploits2
wpexploit
wpexploit
•added 2022/01/19 12:0 a.m.•509 views

WOOCS < 1.3.7.5 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape the woocsinordercurrency parameter of the woocsgetproductspricehtml AJAX action available to both unauthenticated and authenticated users before outputting it back in the response, leading to a Reflected Cross-Site Scripting...

6.1CVSS0.9AI score0.01798EPSS
Exploits2References1
wpexploit
wpexploit
•added 2022/01/19 12:0 a.m.•483 views

Shield Security < 13.0.6 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape admin notes, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml is disallowed. Put the following payload as an Admin Note Shield Security Tools Admin Notes: alert/XSS/;...

4.8CVSS0.7AI score0.00588EPSS
Exploits2
wpexploit
wpexploit
•added 2022/01/18 12:0 a.m.•112 views

FeedWordPress < 2022.0123 - Reflected Cross-Site Scripting (XSS)

The plugin is affected by a Reflected Cross-Site Scripting XSS within the "visibility" parameter. https://example.com/wp-admin/admin.php?page=feedwordpress%2Fsyndication.php&visibility=%22%3E%3Cimg+src%3D2+onerror%3Dalert%28origin%29%3E...

6.1CVSS1.9AI score0.02342EPSS
Exploits2References1
wpexploit
wpexploit
•added 2022/01/18 12:0 a.m.•118 views

Image Photo Gallery Final Tiles Grid < 3.5.3 - Contributor+ Stored Cross-Site Scripting

The plugin does not sanitise and escape the Description field when editing a gallery, allowing users with a role as low as contributor to perform Cross-Site Scripting attacks against other users having access to the gallery dashboard As a contributor, create/edit a gallery and add the following...

5.4CVSS0.00595EPSS
Exploits2
wpexploit
wpexploit
•added 2022/01/18 12:0 a.m.•432 views

Give < 2.17.3 - Reflected Cross-Site Scripting via Donation Forms Dashboard

The plugin does not escape the s parameter before outputting it back in an attribute in the Donation Forms dashboard, leading to a Reflected Cross-Site Scripting...

6.1CVSS1.8AI score0.00853EPSS
Exploits2References1
wpexploit
wpexploit
•added 2022/01/18 12:0 a.m.•497 views

Give < 2.17.3 - Reflected Cross-Site Scripting via Import Tool

The plugin does not escape the json parameter before outputting it back in an attribute in the Import admin dashboard, leading to a Reflected Cross-Site Scripting var form1 = document.getElementById'hack'; form1.submit;...

6.1CVSS0.00853EPSS
Exploits2References1
wpexploit
wpexploit
•added 2022/01/18 12:0 a.m.•84 views

Translation Exchange <= 1.0.14 - Authenticated Stored Cross-Site Scripting (XSS)

The plugin was vulnerable to Authenticated Stored Cross-Site Scripting XSS within the Project Key text field found in the plugin's settings. 1. Click on Use on translation exchange connector 2. In Basic Settings,insert following payload in Project Key text field. "alert55 3. Click Save Changes...

5.4CVSS0.3AI score0.00591EPSS
Exploits2
wpexploit
wpexploit
•added 2022/01/18 12:0 a.m.•142 views

Five Star Business Profile and Schema < 2.1.7 - Subscriber+ Page Creation & Settings Update to Stored XSS

The plugin does not have any authorisation and CSRF in its bpfwpwelcomeaddcontactpage and bpfwpwelcomesetcontactinformation AJAX action, allowing any authenticated users, such as subscribers, to call them. Furthermore, due to the lack of sanitisation, it also lead to Stored Cross-Site Scripting...

5.4CVSS0.4AI score0.00591EPSS
Exploits2
wpexploit
wpexploit
•added 2022/01/18 12:0 a.m.•97 views

The Buffer Button <= 1.0 - Authenticated Stored Cross Site Scripting (XSS)

The plugin was vulnerable to Authenticated Stored Cross Site Scripting XSS within the Twitter username to mention text field. 1. Insert below payload in the Twitter username to mention text field "alert44 2. Click on Save Changes...

5.4CVSS0.1AI score0.00591EPSS
Exploits2
wpexploit
wpexploit
•added 2022/01/18 12:0 a.m.•407 views

Give < 2.17.3 - Unauthenticated Reflected Cross-Site Scripting

The plugin does not sanitise and escape the formid parameter before outputting it back in the response of an unauthenticated request via the givecheckoutlogin AJAX action, leading to a Reflected Cross-Site Scripting As an unauthenticated user: alert/XSS/' / var form1 =...

6.1CVSS0.3AI score0.02145EPSS
Exploits2References1
wpexploit
wpexploit
•added 2022/01/17 12:0 a.m.•76 views

WP-Appbox < 4.3.18 - Authenticated Local File Inclusion

The plugin does not validate user input before using it to create a local path then passed to an includeonce statement, leading to a Local File Inclusion issue https://example.com/wp-admin/options-general.php?page=wp-appbox&tab=advanced%2F..%2F...

1.2AI score
Exploits0
wpexploit
wpexploit
•added 2022/01/17 12:0 a.m.•99 views

MapPress Maps for WordPress < 2.73.4 - Reflected Cross-Site scripting

The plugin does not sanitise and escape the mapid parameter before outputting it back in the "Bad mapid" error message, leading to a Reflected Cross-Site Scripting https://example.com/?mappiframe=1&mapid=--%3E%3Cimg%20src%20onerror=alert/XSS/%3E...

6.1CVSS0.8AI score0.02021EPSS
Exploits2
wpexploit
wpexploit
•added 2022/01/17 12:0 a.m.•74 views

Magee Shortcodes < 2.0.9 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape various parameters before outputting them back in attributes in AJAX actions available to both unauthenticated and authenticated users, leading to Reflected Cross-Site Scripting issues...

6.6AI score
Exploits0
wpexploit
wpexploit
•added 2022/01/17 12:0 a.m.•85 views

Noptin < 1.6.5 - Open Redirect

The plugin does not validate the to parameter before redirecting the user to its given value, leading to an open redirect issue https://example.com/?noptinns=emailclick&to=https://wpscan.com...

6.1CVSS1.8AI score0.02682EPSS
Exploits2References1
wpexploit
wpexploit
•added 2022/01/17 12:0 a.m.•624 views

WP Ultimate CSV Importer < 6.4.2 - Subscriber+ Arbitrary Option Deletion

The plugin does not have authorisation and CSRF checks when deleting options via the disablemainmode AJAX action, and does not ensure that the option to be delete belong to the plugin. As a result, any authenticated user, such as subscriber, could delete arbitrary options from the blog POST...

0.2AI score
Exploits0
Total number of security vulnerabilities4359