Lucene search
K
WpexploitRecent

4359 matches found

wpexploit
wpexploit
•added 2022/01/03 12:0 a.m.•640 views

NextScripts: Social Networks Auto-Poster < 4.3.25 - Arbitrary Post Deletion via CSRF

The plugin does not have CSRF check in place when deleting items, allowing attacker to make a logged in admin delete arbitrary posts via a CSRF attack https://example.com/wp-admin/admin.php?page=nxssnap-reposter&item=1&action=delete...

6.5CVSS3.3AI score0.00531EPSS
Exploits2
wpexploit
wpexploit
•added 2022/01/03 12:0 a.m.•96 views

TrustMate.io integration for WooCommerce < 1.8.12 - Subscriber+ Arbitrary Plugin's Settings Update

The plugin does not have any CSRF and authorisation checks in the savecheckbox AJAX action, available to any authenticated users, allowing any authenticated user, such as subscriber to update arbitrary settings from the plugin. Due to the lack of escaping, it could lead to Stored Cross-Site...

0.1AI score
Exploits0
wpexploit
wpexploit
•added 2022/01/03 12:0 a.m.•110 views

TrustMate.io integration for WooCommerce < 1.7.1 - Subscriber+ Arbitrary Blog Option Update

The plugin does not have any CSRF and authorisation checks in the savecheckbox AJAX action, available to any authenticated users, and do not validate the option key to ensure the option to update belongs to the plugin. As a result, any authenticated user, such as subscriber can update arbitrary...

Exploits0
wpexploit
wpexploit
•added 2022/01/03 12:0 a.m.•98 views

Wicked Folders < 2.18.10 - Subscriber+ SQL Injection

The plugin does not sanitise and escape the folderid parameter before using it in a SQL statement in the wickedfolderssavesortorder AJAX action, available to any authenticated user. leading to an SQL injection As a subscriber:...

8.8CVSS1.5AI score0.01517EPSS
Exploits2References1
wpexploit
wpexploit
•added 2022/01/03 12:0 a.m.•122 views

Contact Form 7 Skins < 2.5.1 - Reflected Cross-Site Scripting (XSS)

The plugin does not sanitise and escape the tab parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting https://example.com/wp-admin/admin.php?page=cf7skins&tab=%27%3E%3Cimg+src+onerror%3Dalert%281%29%3E requires the Contact Form 7 plugin to be installed...

6.1CVSS0.4AI score0.02412EPSS
Exploits2
wpexploit
wpexploit
•added 2022/01/03 12:0 a.m.•509 views

NextScripts: Social Networks Auto-Poster < 4.3.24 - Unauthenticated Stored XSS

The plugin does not sanitise and escape logged requests before outputting them in the related admin dashboard, leading to an Unauthenticated Stored Cross-Site Scripting issue curl -H 'x-tomato: alert/XSS/;' 'https://example.com/?nxs-cronrun=yes' The XSS will be triggered in the Log/History...

6.1CVSS1.2AI score0.01334EPSS
Exploits2References1
wpexploit
wpexploit
•added 2022/01/03 12:0 a.m.•515 views

SVG Support < 2.3.20 - Admin+ Stored Cross-Site Scripting

The plugin does not escape the "CSS Class to target" setting before outputting it in an attribute, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. With the Advanced Mode enabled, put the following payload in the...

4.8CVSS0.3AI score0.00654EPSS
Exploits2References1
wpexploit
wpexploit
•added 2022/01/02 12:0 a.m.•225 views

WP Photo Album Plus < 8.0.10 - Stored Cross-Site Scripting (XSS)

The plugin was vulnerable to Stored Cross-Site Scripting XSS. Error log content was handled improperly, therefore any user, even unauthenticated, could cause arbitrary javascript to be executed in the admin panel. http://127.0.0.1:8001/?search-submit=img%20src%20onerror=alert1 Then the admin neds...

6.4CVSS6AI score0.00683EPSS
Exploits2References1
wpexploit
wpexploit
•added 2021/12/30 12:0 a.m.•87 views

Link Library < 7.2.9 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape the settingscopy parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting...

6.1CVSS0.8AI score0.008EPSS
Exploits2
wpexploit
wpexploit
•added 2021/12/30 12:0 a.m.•80 views

Custom Dashboard & Login Page < 7.0 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise some of its settings, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. Note: v6.9.5 made the settings only available to admin with the unfilteredhtml capability, however existing payloads were...

4.8CVSS0.2AI score0.00598EPSS
Exploits2
wpexploit
wpexploit
•added 2021/12/30 12:0 a.m.•85 views

Link Library < 7.2.8 - Library Settings Reset via CSRF

The plugin does not have CSRF check when resetting library settings, allowing attackers to make a logged in admin reset arbitrary settings via a CSRF attack https://example.com/wp-admin/admin.php?page=link-library-settingssets&settings=1&reset=1...

6.5CVSS4.6AI score0.0048EPSS
Exploits1
wpexploit
wpexploit
•added 2021/12/30 12:0 a.m.•106 views

Link Library < 7.2.8 - Unauthenticated Arbitrary Links Deletion

The plugin does not have authorisation in place when deleting links, allowing unauthenticated users to delete arbitrary links via a crafted request https://example.com/?posttype=linklibrarylinks&ll60reupdate=1...

7.5CVSS4.1AI score0.01196EPSS
Exploits2
wpexploit
wpexploit
•added 2021/12/29 12:0 a.m.•91 views

Error Log Viewer < 1.1.2 - Arbitrary Text File Deletion via CSRF

The plugin does not perform nonce check when deleting a log file and does not have path traversal prevention, which could allow attackers to make a logged in admin delete arbitrary text files on the web server. On Web Servers other than Windows, the /wp-content/plugins/error-log-viewer/savedlogs/...

6.5CVSS0.9AI score0.00599EPSS
Exploits2
wpexploit
wpexploit
•added 2021/12/29 12:0 a.m.•84 views

Learning Courses < 5.0 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape the Email PDT identity token settings, which could allow high privilege users to perform cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed Visit to Paypal Setting Under Learning Plugin Enter the XSS payload " in Email PDT...

4.8CVSS0.6AI score0.00598EPSS
Exploits2
wpexploit
wpexploit
•added 2021/12/29 12:0 a.m.•99 views

Orange Form <= 1.0 - SQL Injection via CSRF

In the plugin, the processbulkaction function in "admin/orange-form-email.php" performs an unprepared SQL query with an unsanitized parameter $id. Only admin can access the page that invokes the function, but because of lack of CSRF protection, it is actually exploitable and could allow attackers...

8.8CVSS2.6AI score0.00609EPSS
Exploits2
wpexploit
wpexploit
•added 2021/12/29 12:0 a.m.•95 views

Orange Form <= 1.0.1 - Unauthenticated Arbitrary Post Deletion

The plugin does not have any authorisation and CSRF checks in all of its AJAX calls, for example the ordeletefiled one which is available to both unauthenticated and authenticated users could allow attackers to delete arbitrary posts.The AJAX calls performing actions on posts also do not ensure...

4.3CVSS1.1AI score0.00426EPSS
Exploits2
wpexploit
wpexploit
•added 2021/12/28 12:0 a.m.•127 views

WOOF - Products Filter for WooCommerce < 1.2.6.3 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape the woofredrawelements before outputing back in an admin page, leading to a Reflected Cross-Site Scripting https://example.com/wp-admin/admin-ajax.php?action=woofdrawproducts&woofredrawelements=%3Cimg%20src%20onerror=alert/XSS/%3E...

6.1CVSS1.4AI score0.01651EPSS
Exploits2References1
wpexploit
wpexploit
•added 2021/12/28 12:0 a.m.•93 views

LabTools <= 1.0 - Subscriber+ Arbitrary Publication Deletion

The plugin does not have proper authorisation and CSRF check in place when deleting publications, allowing any authenticated users, such as subscriber to delete arbitrary publication The PoC will be displayed once the issue has been remediated...

6.5CVSS1.7AI score0.00382EPSS
Exploits1
wpexploit
wpexploit
•added 2021/12/28 12:0 a.m.•110 views

Insight Core <= 1.0 - Subscriber+ PHP Object Injection & Stored XSS

The plugin does not have any authorisation and CSRF checks in the insightcustomizeroptionsimport available to any authenticated user, does not validate user input before passing it to unserialize, nor sanitise and escape it before outputting it in the response. As a result, it could allow users...

5.4CVSS0.00516EPSS
Exploits2
wpexploit
wpexploit
•added 2021/12/28 12:0 a.m.•409 views

UpdraftPlus < 1.16.69 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape the updraftrestore parameter before outputting it back in the Restore page, leading to a Reflected Cross-Site Scripting...

6.1CVSS1.1AI score0.008EPSS
Exploits2
wpexploit
wpexploit
•added 2021/12/28 12:0 a.m.•120 views

Dynamic Widgets <= 1.5.16 - Reflected Cross-Site Scripting

The plugin does not escape the prefix parameter before outputting it back in an attribute when using the termtree AJAX action available to any authenticated users, leading to a Reflected Cross-Site Scripting issue var form1 = document.getElementById'hack'; form1.submit;...

5.3AI score0.00591EPSS
Exploits2
wpexploit
wpexploit
•added 2021/12/28 12:0 a.m.•90 views

Domain Check < 1.0.17 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape the domain parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting issue https://example.com/wp-admin/admin.php?page=domain-check-profile&domain=alert/XSS/...

6.1CVSS0.4AI score0.12857EPSS
Exploits5
wpexploit
wpexploit
•added 2021/12/27 12:0 a.m.•113 views

Ultimate FAQ < 2.1.2 - Subscriber+ Arbitrary FAQ Creation

The plugin does not have capability and CSRF checks in the ewdufaqwelcomeaddfaq and ewdufaqwelcomeaddfaqpage AJAX actions, available to any authenticated users. As a result, any users, with a role as low as Subscriber could create FAQ and FAQ questions...

5.7CVSS0.00426EPSS
Exploits2References1
wpexploit
wpexploit
•added 2021/12/27 12:0 a.m.•90 views

Qubely < 1.7.8 - Subscriber+ Arbitrary Post Deletion

The plugin does not have authorisation and CSRF check on the qubelydeletesavedblock AJAX action, and does not ensure that the block to be deleted belong to the plugin, as a result, any authenticated users, such as subscriber can delete arbitrary posts Note: v1.7.7 added capability check, CSRF che...

6.5CVSS1AI score0.00429EPSS
Exploits2
wpexploit
wpexploit
•added 2021/12/27 12:0 a.m.•101 views

Orders Tracking for WooCommerce < 1.1.10 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape the fileurl before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting https://example.com/wp-admin/admin.php?page=woo-orders-tracking-import-csv&fileurl=%3Cimg+src+onerror%3Dalert%281%29%3E&viwoterror=2...

6.1CVSS1.3AI score0.00887EPSS
Exploits2References1
wpexploit
wpexploit
•added 2021/12/27 12:0 a.m.•82 views

Code Snippets < 2.14.3 - Reflected Cross-Site Scripting

The plugin does not escape the snippets-safe-mode parameter before outputting it back in attributes, leading to a Reflected Cross-Site Scripting issue...

6.1CVSS1.2AI score0.02268EPSS
Exploits2
wpexploit
wpexploit
•added 2021/12/27 12:0 a.m.•101 views

WP Cookie User Info < 1.0.9 - Admin+ SQL Injection

The plugin does not sanitise or escape the id GET parameter before using it in a SQL statement, when retrieving the setting to edit in the admin dashboard, leading to an authenticated SQL Injection...

7.2CVSS1.4AI score0.01316EPSS
Exploits2
wpexploit
wpexploit
•added 2021/12/27 12:0 a.m.•378 views

Image Hover Effects Ultimate < 9.7.1 - Reflected Cross-Site Scripting

The plugin does not escape the effects parameter before outputting it back in an attribute in an admin page, leading to a Reflected Cross-Site Scripting...

6.1CVSS1.3AI score0.00887EPSS
Exploits2References1
wpexploit
wpexploit
•added 2021/12/27 12:0 a.m.•486 views

Tutor LMS < 1.9.12 - Subscriber+ Stored Cross-Site Scripting

The plugin does not escape the 'Job Title" field of user's profile, which could allow any authenticated users to set a Cross-Site Scripting payload in it, which will be triggered when an admin edit the related profile As a subscriber, edit your profile and add the following payload in the Job Tit...

0.2AI score
Exploits0References1
wpexploit
wpexploit
•added 2021/12/27 12:0 a.m.•87 views

WP Post Page Clone < 1.2 - Unauthorised Post Access

The plugin allows users with a role as low as Contributor to clone and view other users' draft and password-protected posts which they cannot view normally. Go to All Posts, find the post to clone, click "Click to Clone" then edit the cloned post to see its content...

4.3CVSS1.7AI score0.00783EPSS
Exploits2
wpexploit
wpexploit
•added 2021/12/27 12:0 a.m.•117 views

AF Companion 1.1.0 - 1.1.2 - Arbitrary Plugin Installation & Activation via CSRF

The plugin has a flawed CSRF check, allowing attackers to make logged in admin installs and activate arbitrary plugins from the WP repository...

1.7AI score
Exploits0References1
wpexploit
wpexploit
•added 2021/12/27 12:0 a.m.•458 views

Tutor LMS < 1.9.12 - Reflected Cross-Site Scripting

The plugin does not escape the search parameter before outputting it back in an attribute in an admin page, leading to a Reflected Cross-Site Scripting https://example.com/wp-admin/admin.php?page=tutorannouncements&search=%22+style%3Danimation-name%3Arotation+onanimationstart%3Dalert%281%29+x%3D...

6.1CVSS1.1AI score0.01005EPSS
Exploits2References1
wpexploit
wpexploit
•added 2021/12/27 12:0 a.m.•78 views

WP Extra File Types < 0.5.1 - CSRF to Stored Cross-Site Scripting

The plugin does not have CSRF check when saving its settings, nor sanitise and escape some of them, which could allow attackers to make a logged in admin change them and perform Cross-Site Scripting attacks var form1 = document.getElementById'hack'; form1.submit;...

8CVSS0.2AI score0.00541EPSS
Exploits2
wpexploit
wpexploit
•added 2021/12/27 12:0 a.m.•81 views

WP User Frontend < 3.5.26 - SQL Injection to Reflected Cross-Site Scripting

The plugin does not validate and escape the status parameter before using it in a SQL statement in the Subscribers dashboard, leading to an SQL injection. Due to the lack of sanitisation and escaping, this could also lead to Reflected Cross-Site Scripting...

8.8CVSS1.2AI score0.1712EPSS
Exploits6References1
wpexploit
wpexploit
•added 2021/12/27 12:0 a.m.•510 views

myCred < 2.4 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape the search query before outputting it back in the history dashboard page, leading to a Reflected Cross-Site Scripting issue https://example.com/wp-admin/users.php?page=mycreddefault-history&s=%3Cimg+src+onerror%3Dalert%28/XSS/%29%3E...

6.1CVSS0.5AI score0.00887EPSS
Exploits2References1
wpexploit
wpexploit
•added 2021/12/27 12:0 a.m.•463 views

Registrations for the Events Calendar < 2.7.10 - Reflected Cross-Site Scripting

The plugin does not escape the qtype parameter before outputting it back in an attribute in the settings page, leading to a Reflected Cross-Site Scripting...

6.1CVSS1.2AI score0.00887EPSS
Exploits2References1
wpexploit
wpexploit
•added 2021/12/27 12:0 a.m.•84 views

WebP Converter for Media < 4.0.3 - Unauthenticated Open redirect

The plugin contains a file passthru.php which does not validate the src parameter before redirecting the user to it, leading to an Open Redirect issue https://example.com/wp-content/plugins/webp-converter-for-media/includes/passthru.php?src=https://wpscan.com...

6.1CVSS2.1AI score0.02505EPSS
Exploits2
wpexploit
wpexploit
•added 2021/12/24 12:0 a.m.•137 views

Advanced Custom Fields: Extended < 0.8.8.7 - Admin+ SQL Injection

The plugin does not validate the order and orderby parameters before using them in a SQL statement, leading to a SQL Injection issue https://example.ocm/wp-admin/options-general.php?page=acfe-options&orderby=1%20and%20sleep0.02%23...

7.2CVSS3.1AI score0.01502EPSS
Exploits2References1
wpexploit
wpexploit
•added 2021/12/24 12:0 a.m.•83 views

Mobile Events Manager < 1.4.4 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape various of its settings, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed Payload used: alert/XSS/ - Put the payload in the TMEM Events Settings Events Event prefix field, then Creat...

4.8CVSS4.8AI score0.00654EPSS
Exploits2References1
wpexploit
wpexploit
•added 2021/12/24 12:0 a.m.•82 views

Spreadsheet Integration < 3.6.0 - Reflected Cross-Site Scripting

The plugin does not sanitise or escape some parameters before outputting them back in the admin dashboard, leading to reflected Cross-Site Scripting issues https://example.com/wp-admin/admin.php?page=wpgsi&action=edit&id=1%22%3E%3Cimg+src+onerror%3Dalert%28%2FXSS%2F%29%3E POST...

0.9AI score
Exploits0References1
wpexploit
wpexploit
•added 2021/12/24 12:0 a.m.•490 views

Affiliates Manager < 2.9.0 - Unauthenticated Stored Cross-Site Scripting

The plugin does not validate, sanitise and escape the IP address of requests logged by the click tracking feature, allowing unauthenticated attackers to perform Cross-Site Scripting attacks against admin viewing the tracked requests. As unauthenticated: wget "https://example.com/?wpamid=1"...

6.1CVSS1.4AI score0.02288EPSS
Exploits2References1
wpexploit
wpexploit
•added 2021/12/23 12:0 a.m.•93 views

Product Feed PRO for WooCommerce < 11.0.7 - Subscriber+ Settings Update to Stored XSS

The plugin does not have authorisation and CSRF check in some of its AJAX actions, allowing any authenticated users to call then, which could lead to Stored Cross-Site Scripting issue which will be triggered in the admin dashboard due to the lack of escaping. v10.9.1 added a CSRF check, however...

5.4CVSS0.3AI score0.00607EPSS
Exploits2
wpexploit
wpexploit
•added 2021/12/23 12:0 a.m.•65 views

WP125 < 1.5.5 - Arbitrary Ad Deletion via CSRF

The plugin does not have CSRF checks in various action, for example when deleting an ad, allowing attackers to make a logged in admin delete them via a CSRF attack https://example.com/wp-admin/admin.php?page=wp125addedit&deletead=1...

8.8CVSS4.4AI score0.00683EPSS
Exploits2References1
wpexploit
wpexploit
•added 2021/12/23 12:0 a.m.•111 views

Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblue < 3.1.25 - Reflected XSS

The plugin does not escape the sib-statistics-date parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting issue var form1 = document.getElementById'hack'; form1.submit;...

6.1CVSS6.1AI score0.0081EPSS
Exploits2
wpexploit
wpexploit
•added 2021/12/23 12:0 a.m.•104 views

Protect WP Admin < 3.6.2 - Unauthenticated Plugin Deactivation

The plugin does not check for authorisation in the lib/pwa-deactivate.php file, which could allow unauthenticated users to disable the plugin and therefore the protection offered via a crafted request v 3.6 - https:/example.com/wp-content/plugins/protect-wp-admin/lib/pwa-deactivate.php?disablepwa...

7.5CVSS3.4AI score0.01489EPSS
Exploits2
wpexploit
wpexploit
•added 2021/12/22 12:0 a.m.•83 views

Event Tickets < 5.2.2 - Open Redirect

The plugin does not validate the tribeticketsredirectto parameter before redirecting the user to the given value, leading to an arbitrary redirect issue https://exampel.com/wp-admin/admin.php?page=wpajaxrsvp-form&tribeticketsredirectto=https://wpscan.com...

6.1CVSS2.1AI score0.0194EPSS
Exploits2
wpexploit
wpexploit
•added 2021/12/22 12:0 a.m.•119 views

Smart SEO Tool < 3.0.6 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape the search parameter before outputting it back in an attribute when the TDK optimisation setting is enabled, leading to a Reflected Cross-Site Scripting With the "TDK optimization" setting enabled 7th page, first one: https://example.com/?s=123456"alert/XSS...

6.1CVSS6.2AI score0.00917EPSS
Exploits2References1
wpexploit
wpexploit
•added 2021/12/22 12:0 a.m.•96 views

Contact Form & Lead Form Elementor Builder < 1.6.8 - Subscriber+ Arbitrary Lead Deletion

The plugin does not have capability and CSRF checks in the deleteleadsbackend AJAX action, available to any authenticated users. As a result, users with a role as low as subscriber could delete arbitrary Leads. Attackers could also make any logged in users delete leads via a CSRF attack POST...

0.4AI score
Exploits0
wpexploit
wpexploit
•added 2021/12/21 12:0 a.m.•97 views

Easy Forms for Mailchimp < 6.8.6 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape the fieldname and fieldtype parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting issues alert/XSS-fieldname/' / alert/XSS-fieldtype/' / var form1 = document.getElementById'hack'; form1.submit;...

6.1CVSS6.1AI score0.01109EPSS
Exploits2References1
wpexploit
wpexploit
•added 2021/12/21 12:0 a.m.•64 views

Shortcode Addons < 3.1.0 - Unauthenticated Arbitrary Option Update

The plugin does not have any authorisation in its REST API endpoint, one of them could allow unauthenticated attackers to update arbitrary blog options. POST /wp-json/ShortCodeAddonsUltimate/v2/addonssettings HTTP/1.1 Accept: / Accept-Language: en-GB,en;q=0.5 Accept-Encoding: gzip, deflate...

1.3AI score
Exploits0
Total number of security vulnerabilities4359