Lucene search
K
WpexploitRecent

4359 matches found

wpexploit
wpexploit
•added 2024/04/05 12:0 a.m.•259 views

Sassy Social Share < 3.3.61 - Contributor+ Stored XSS

Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks As a contributor, put the below...

5.9AI score0.0048EPSS
Exploits3References1
wpexploit
wpexploit
•added 2024/04/04 12:0 a.m.•283 views

WP Advanced Search <= 1.1.6 - Admin+ SQL Injection

Description The plugin does not properly escape parameters appended to an SQL query, making it possible for users with the administrator role to conduct SQL Injection attacks in the context of a multisite WordPress configurations. 1. Log in as an administrator 2. Visit...

7.8AI score0.00422EPSS
Exploits2
wpexploit
wpexploit
•added 2024/04/04 12:0 a.m.•136 views

AGCA – Custom Dashboard & Login Page < 7.2.2 - Admin+ Stored XSS via Image URL

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. 1. Navigate AGCA, and select the "Adm...

5.7AI score0.00548EPSS
Exploits2
wpexploit
wpexploit
•added 2024/04/03 12:0 a.m.•127 views

Strong Testimonials < 3.1.12 - Contributor+ Stored XSS

Description The plugin does not validate and escape some of its Testimonial fields before outputting them back in a page/post, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. The attack requires a specific view to be performed Setup as...

5.9AI score0.00399EPSS
Exploits2References1
wpexploit
wpexploit
•added 2024/04/03 12:0 a.m.•141 views

WooCommerce Customers Manager < 29.8 - Reflected XSS

Description The plugin does not sanitise and escape various parameters before outputting them back in pages and attributes, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin Make a logged in admin open the HTML page/URLs below...

6AI score0.00315EPSS
Exploits2
wpexploit
wpexploit
•added 2024/04/03 12:0 a.m.•155 views

Better Comments < 1.5.6 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup 1. From the WordPress menu on the left...

5.7AI score0.00403EPSS
Exploits2
wpexploit
wpexploit
•added 2024/04/03 12:0 a.m.•141 views

Better Comments < 1.5.6 - Subscriber+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow low privilege users such as Subscribers to perform Stored Cross-Site Scripting attacks. 1. From the menu on the left, go into "Users" and edit Subscriber user. 2. Upload a new avatar image and click "Updat...

5.4CVSS5.8AI score0.00401EPSS
Exploits2
wpexploit
wpexploit
•added 2024/04/03 12:0 a.m.•253 views

Floating Chat Widget < 3.1.9 - Editor+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup 1. Go to "Chaty New Widget" 2. Create ...

5.7AI score0.00394EPSS
Exploits2References1
wpexploit
wpexploit
•added 2024/04/03 12:0 a.m.•186 views

Import WP < 2.13.1 - Admin+ Server-side Request Forgery

Description The plugin does not prevent users with the administrator role from pinging conducting SSRF attacks, which may be a problem in multisite configurations. 1. As an admin, create a new importer in /wp-admin/tools.php?page=importwp 2. Visit /wp-admin/admin-ajax.php?action=rest-nonce and...

6.7AI score0.00568EPSS
Exploits2
wpexploit
wpexploit
•added 2024/04/02 12:0 a.m.•146 views

Save as PDF by Pdfcrowd < 3.2.2 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup 1. Go to "Settings Save as Image" 2...

5.7AI score0.00266EPSS
Exploits2
wpexploit
wpexploit
•added 2024/04/02 12:0 a.m.•126 views

WooCommerce Customers Manager < 29.8 - Subscriber+ Email Disclosure

Description The plugin does not have authorisation and CSRF in an AJAX action, allowing any authenticated users, such as subscriber, to call it and retrieve the list of customer email addresses along with their id, first name and last name As a subscriber, open the following URL:...

7.2AI score0.00319EPSS
Exploits2
wpexploit
wpexploit
•added 2024/04/01 12:0 a.m.•161 views

Tickera < 3.5.2.5 - Ticket leakage through IDOR

Description The plugin does not prevent users from leaking other users' tickets. After a user has bought a ticket, an example of a ticket would look like https://www.website.com/?downloadticket=1&orderkey=1234567890&downloadticketnonce=ab903b7c71, but due to missing validation, the URL can be...

6.8AI score0.00515EPSS
Exploits2
wpexploit
wpexploit
•added 2024/03/29 12:0 a.m.•187 views

Genesis Blocks < 3.1.3 - Contributor+ Stored XSS

Description The plugin does not properly escape data input provided to some of its blocks, allowing using with at least contributor privileges to conduct Stored XSS attacks. As a contributor, put the below code in a post while in Code Editor mode The XSS will be triggered when viewing/previewing...

5.9AI score0.00665EPSS
Exploits2References1
wpexploit
wpexploit
•added 2024/03/28 12:0 a.m.•155 views

Otter Blocks < 2.6.6 - Contributor+ Stored XSS

Description The plugin does not properly escape its mainHeadings blocks' attribute before appending it to the final rendered block, allowing contributors to conduct Stored XSS attacks. As a contributor, put the following payload in a post while in Code Editor mode The XSS will be triggered when...

9.1AI score0.0042EPSS
Exploits2References1
wpexploit
wpexploit
•added 2024/03/27 12:0 a.m.•179 views

Salon Booking System < 9.6.3 - Unauthenticated Stored XSS

Description The plugin does not properly sanitize and escape the 'Mobile Phone' field when booking an appointment, allowing customers to conduct Stored Cross-Site Scripting attacks. The payload gets triggered when an admin visits the 'Customers' page and the malicious script is executed in the...

6AI score0.00631EPSS
Exploits2
wpexploit
wpexploit
•added 2024/03/27 12:0 a.m.•143 views

coreActivity < 2.1 - Unauthenticated IP Spoofing

Description The plugin retrieved IP addresses of requests via headers such X-FORWARDED to log them, allowing users to spoof them by providing an arbitrary value As unauthenticated: curl 'https://example.com/attacker' -H 'X-FORWARDED: 127.0.0.1' Then view the logs and note that the plugin display...

6.8AI score0.00482EPSS
Exploits2
wpexploit
wpexploit
•added 2024/03/27 12:0 a.m.•160 views

WP Staging (Free < 3.4.0, Pro < 5.4.0) - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup 1. Go to "WP Staging Backup & Migratio...

5.7AI score0.00423EPSS
Exploits2References1
wpexploit
wpexploit
•added 2024/03/27 12:0 a.m.•184 views

Easy Social Feed < 6.5.6 - Contributor+ Stored XSS

Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admin...

6AI score0.00303EPSS
Exploits2References1
wpexploit
wpexploit
•added 2024/03/27 12:0 a.m.•159 views

Salon booking system < 9.6.3 - Unauthenticated Stored XSS

Description The plugin does not properly sanitize and escape the 'Mobile Phone' field and 'smsprefix' parameter when booking an appointment, allowing customers to conduct Stored Cross-Site Scripting attacks. The payload gets triggered when an admin visits the 'Bookings' page and the malicious...

6AI score0.00464EPSS
Exploits2
wpexploit
wpexploit
•added 2024/03/27 12:0 a.m.•158 views

Social Media Share Buttons < 2.8.9 - Admin+ Stored XSS via settings

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup 1. Go to "Ultimate Social Media Icons"...

5.7AI score0.00405EPSS
Exploits2References1
wpexploit
wpexploit
•added 2024/03/26 12:0 a.m.•236 views

My Sticky Bar < 2.6.8 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup You should click on "My Sticky Bar" an...

5.7AI score0.00315EPSS
Exploits2
wpexploit
wpexploit
•added 2024/03/26 12:0 a.m.•225 views

Responsive Gallery Grid < 2.3.11 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup 1. Navigate to "RGG Gallery" and scrol...

5.7AI score0.00492EPSS
Exploits2References1
wpexploit
wpexploit
•added 2024/03/25 12:0 a.m.•150 views

Everest Backup < 2.2.5 - Admin+ Arbitrary File Upload

Description The plugin does not properly validate backup files to be uploaded, allowing high privilege users such as admin to upload arbitrary files on the server even when they should not be allowed to for example in multisite setup 1. Go to the plugin setting and in the "Restore" section upload...

9.4AI score0.00649EPSS
Exploits2
wpexploit
wpexploit
•added 2024/03/25 12:0 a.m.•458 views

WooCommerce < 8.6 - Contributor+ Private/Draft Products Access

Description The plugin does not prevent users with at least the contributor role from leaking products they shouldn't have access to. e.g. private, draft and trashed products 1. ADMIN: Install WooCommerce 2. ADMIN: Add products of various visibility and statuses including Publish, Draft, Private,...

6.8AI score0.0068EPSS
Exploits2
wpexploit
wpexploit
•added 2024/03/25 12:0 a.m.•175 views

Carousel Slider < 2.2.7 - Editor+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup 1. Add a new slider at "Carousel Slide...

5.7AI score0.00484EPSS
Exploits2References1
wpexploit
wpexploit
•added 2024/03/25 12:0 a.m.•142 views

Meta Box < 5.9.4 - Contributor+ Arbitrary Posts' Custom Field Disclosure

Description The plugin does not prevent users with at least the contributor role from access arbitrary custom fields assigned to other user's posts. 1. ADMIN: Install Meta Box 2. ADMIN: Add Meta Box fields through code or the premium add-on...

6.8AI score0.00501EPSS
Exploits2References1
wpexploit
wpexploit
•added 2024/03/25 12:0 a.m.•168 views

Top Bar < 3.0.5 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup 1. Go to "Top Bar" in WP Admin 2. Save...

5.7AI score0.00441EPSS
Exploits2
wpexploit
wpexploit
•added 2024/03/25 12:0 a.m.•152 views

Super Socializer < 7.13.64 - Editor+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as editors to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed When creating a new widget, insert the following payload in the "FaceBook URL" field -...

6AI score0.005EPSS
Exploits2
wpexploit
wpexploit
•added 2024/03/25 12:0 a.m.•142 views

NPS computy < 2.7.6 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup 1. Go to "Settings NPS Monitoring" 2...

7.9AI score0.0051EPSS
Exploits2
wpexploit
wpexploit
•added 2024/03/25 12:0 a.m.•146 views

Simple Buttons Creator <= 1.04 - Aribtrary Button Deletion via CSRF

Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks Make a logged in admin open a page with the code below where is an existing button:...

9.5AI score0.00192EPSS
Exploits2
wpexploit
wpexploit
•added 2024/03/25 12:0 a.m.•155 views

Fancy Product Designer < 6.1.81 - Admin+ Cross Site Scripting via Product Title

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup Note: This requires WooCommerce to be...

8.1AI score0.00441EPSS
Exploits2
wpexploit
wpexploit
•added 2024/03/25 12:0 a.m.•162 views

WP User Profile Avatar <= 1.0.1 - Contributor+ Stored XSS

Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks Enter the following shortcode in...

8.3AI score0.0042EPSS
Exploits2References1
wpexploit
wpexploit
•added 2024/03/25 12:0 a.m.•211 views

Testimonial Slider < 2.3.8 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup 1. Go to "Testimonial Shortcode" 2. Ad...

5.7AI score0.00442EPSS
Exploits2
wpexploit
wpexploit
•added 2024/03/25 12:0 a.m.•161 views

WooCommerce Customers Manager < 29.7 - Subscriber+ SQL Injection

Description The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to an SQL injection exploitable by Subscriber+ role. Note: v29.5 added authorisation, however the injection was not fixed and still exploitable by users with the managewoocommerce...

7.4AI score0.02877EPSS
Exploits5
wpexploit
wpexploit
•added 2024/03/25 12:0 a.m.•158 views

Simple Buttons Creator <= 1.04 - Unauthenticated Stored XSS

Description The plugin does not have any authorisation as well as CSRF in its add button function, allowing unauthenticated users to call them either directly or via CSRF attacks. Furthermore, due to the lack of sanitisation and escaping, it could also allow them to perform Stored Cross-Site...

8.4AI score0.00235EPSS
Exploits2
wpexploit
wpexploit
•added 2024/03/25 12:0 a.m.•156 views

Responsive Tabs < 4.0.7 - Contributor+ Stored XSS

Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks 1. Go to "Tab Sets Add New" in W...

5.9AI score0.00501EPSS
Exploits2References1
wpexploit
wpexploit
•added 2024/03/25 12:0 a.m.•178 views

Jetpack < 13.2.1 - Contributor+ Stored XSS

Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks When the "Let visitors subscribe...

6.2AI score
Exploits0
wpexploit
wpexploit
•added 2024/03/25 12:0 a.m.•249 views

Ultimate Noindex Nofollow Tool II < 1.3.6 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup 1. Go to "Settings Ultimate Noindex" 2...

5.7AI score0.00266EPSS
Exploits2
wpexploit
wpexploit
•added 2024/03/25 12:0 a.m.•136 views

NPS computy < 2.7.6 - Results Deletion via CSRF

Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks Make a logged in admin open the following: The result is that all existing poll responses are deleted...

9.5AI score0.00365EPSS
Exploits2
wpexploit
wpexploit
•added 2024/03/25 12:0 a.m.•174 views

Smart Forms < 2.6.94 - Subscriber+ Edit Entries via Broken Access Control

Description The plugin does not have proper authorization in some actions, which could allow users with a role as low as a subscriber to call them and perform unauthorized actions While logged as a subscriber, paste the following in your browser's console: fetch'/wp-admin/admin-ajax.php', method:...

6.7AI score0.00534EPSS
Exploits2
wpexploit
wpexploit
•added 2024/03/25 12:0 a.m.•140 views

WP Customer Reviews < 3.7.1 - Malicious Redirect via HTTP-EQUIV Injection

Description The plugin does not validate a parameter allowing contributor and above users to redirect a page to a malicious URL 1 Create a new post 2 In the "Bussness Name" field enter the payload: 0;http://smth.me/" HTTP-EQUIV="refresh" a="a 3 Save the post and view it. You will see that you are...

6.7AI score0.00495EPSS
Exploits2
wpexploit
wpexploit
•added 2024/03/25 12:0 a.m.•143 views

Smart Forms < 2.6.94 - Edit Entries via CSRF

Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged-in users perform unwanted actions via CSRF attacks, such as editing entries, and we consider it a medium risk. CSRF PoC CSRF PoC input type="hidden" name="elementOptions"...

6.8AI score0.00226EPSS
Exploits2
wpexploit
wpexploit
•added 2024/03/25 12:0 a.m.•147 views

Advance Search <= 1.1.6 - Shortcode Deletion via CSRF

Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks Make a logged in admin open the following HTML replace FORMID with a valid ID: The security field isn't validated and the shortcode is...

6.8AI score0.00335EPSS
Exploits2
wpexploit
wpexploit
•added 2024/03/23 12:0 a.m.•160 views

Shortcodes Ultimate < 7.0.5 - Contributor+ Stored XSS

Description The plugin does not properly escape some of its shortcodes attributes before they are echoed back to users, making it possible for users with the contributor role to conduct Stored XSS attacks. sunote notecolor='123"onmouseover="alert/XSS/"' textcolor='1' radius='1' class='1' id="1"No...

5.9AI score0.00403EPSS
Exploits2References1
wpexploit
wpexploit
•added 2024/03/21 12:0 a.m.•141 views

Inline Related Posts < 3.6.0 - Subscriber+ Password Protected Post Read

Description The plugin does not ensure that post content displayed via an AJAX action are accessible to the user, allowing any authenticated user, such as subscriber to retrieve the content of password protected posts When logged in as a subscriber, open the following URL and note that the conten...

6.8AI score0.00427EPSS
Exploits2
wpexploit
wpexploit
•added 2024/03/20 12:0 a.m.•276 views

Avada < 7.11.7 - Unauthenticated Sensitive Information Exposure via Form Uploads Directory Listing

Description The Avada theme for WordPress is vulnerable to Sensitive Information Exposure via the '/wp-content/uploads/fusion-forms/' directory. This makes it possible for unauthenticated attackers to extract sensitive data uploaded via an Avada created form with a file upload mechanism. Access t...

5.3CVSS5.7AI score0.27997EPSS
Exploits1References1
wpexploit
wpexploit
•added 2024/03/20 12:0 a.m.•157 views

The Ultimate Video Player For WordPress < 2.2.3 - Contributor+ Stored XSS

Description The plugin does not have proper capability check when updating its settings via a REST route, allowing Contributor and above users to update them. Furthermore, due to the lack of escaping in one of the settings, this also allows them to perform Stored XSS attacks As a contributor, get...

9AI score0.00495EPSS
Exploits2References1
wpexploit
wpexploit
•added 2024/03/20 12:0 a.m.•175 views

WordPress Ping Optimizer <= 2.35.1.3.0 - Log Clearing via CSRF

Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks such as clearing logs. Make a logged in admin open the URL below...

6.8AI score0.00225EPSS
Exploits2
wpexploit
wpexploit
•added 2024/03/19 12:0 a.m.•140 views

Combo Blocks < 2.2.76 - Unauthenticated Password Protected Posts Access

Description The plugin does not prevent password protected posts from being displayed in the result of some unauthenticated AJAX actions, allowing unauthenticated users to read such posts Open one of the below URL as an unauthenticated user and note that password protected posts are disclosed in ...

6.9AI score0.16906EPSS
Exploits2
wpexploit
wpexploit
•added 2024/03/19 12:0 a.m.•343 views

Everest Forms < 2.0.8 - Unauthenticated Server-Side Request Forgery via font_url

Description The Everest Forms plugin for WordPress is vulnerable to Server-Side Request Forgery via the 'fonturl' parameter. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application and can be used to query and modify...

7.2CVSS6.7AI score0.00536EPSS
Exploits1References1
Total number of security vulnerabilities4359