Lucene search
K
WpexploitRecent

4359 matches found

wpexploit
wpexploit
•added 2021/11/29 12:0 a.m.•69 views

Contact Form & Lead Form Elementor Builder < 1.6.4 - Unauthenticated Stored Cross-Site Scripting

The plugin does not sanitise and escape some lead values, which could allow unauthenticated users to perform Cross-Site Scripting attacks against logged in admin viewing the inserted Leads fetch"https://example.com/wp-admin/admin-ajax.php", "headers": "content-type":...

6.1CVSS0.3AI score0.01167EPSS
Exploits2
wpexploit
wpexploit
•added 2021/11/29 12:0 a.m.•64 views

Typebot < 1.4.3 - Admin+ Stored Cross Site Scripting

The plugin does not sanitise and escape the Publish ID setting, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. Put the following payload in the 'Publish ID or Full URL" setting and save: "...

4.8CVSS0.9AI score0.00598EPSS
Exploits2
wpexploit
wpexploit
•added 2021/11/29 12:0 a.m.•66 views

MOLIE <= 0.5 - Reflected Cross-Site Scripting

The plugin does not escape the courseid parameter before outputting it back in the admin dashboard, leading to a Reflected Cross-Site Scripting issue https://example.com/wp-admin/admin.php?page=moliecoursecheck&courseid=alert/XSS/...

6.1CVSS1.2AI score0.0082EPSS
Exploits2
wpexploit
wpexploit
•added 2021/11/29 12:0 a.m.•63 views

CorreosExpress <= 2.6.0 - Sensitive Information Disclosure

The plugin generates log files which are publicly accessible, and contain sensitive information such as sender/receiver names, phone numbers, physical and email addresses https://example.com/wp-content/plugins/correos-express/log/logcronfunction.txt...

5.3CVSS0.5AI score0.01179EPSS
Exploits2
wpexploit
wpexploit
•added 2021/11/29 12:0 a.m.•72 views

Download Manager < 3.2.22 - Subscriber+ Stored Cross-Site Scripting

The plugin does not sanitise and escape Template data before outputting it in various pages such as admin dashboard and frontend. Due to the lack of authorisation and CSRF checks in the wpdmsavetemplate AJAX action, any authenticated users such as subscriber is able to call it and perform...

5.4CVSS0.6AI score0.006EPSS
Exploits2
wpexploit
wpexploit
•added 2021/11/29 12:0 a.m.•78 views

Rich Reviews by Starfish < 1.9.6 - Admin+ SQL Injection

The plugin does not properly validate the orderby GET parameter of the pending reviews page before using it in a SQL statement, leading to an authenticated SQL injection issue error-based SQLI: orderby=id AND EXTRACTVALUE4795,CONCAT0x5c,0x717a627871,SELECT ELT4795=4795,1,0x7176707071 time-based...

7.2CVSS1.6AI score0.01497EPSS
Exploits2References1
wpexploit
wpexploit
•added 2021/11/29 12:0 a.m.•336 views

MOLIE <= 0.5 - Authenticated SQL Injection

The plugin does not validate and escape a post parameter before using in a SQL statement, leading to an SQL Injection https://example.com/wp-admin/post.php?post=validpostid+and+SLEEP%285%29&action=edit https://example.com/wp-admin/admin-post.php?action=edit&post=1+and+SLEEP%285%29...

9.8CVSS2.2AI score0.01583EPSS
Exploits2
wpexploit
wpexploit
•added 2021/11/29 12:0 a.m.•508 views

WP RSS Aggregator < 4.19.3 - Subscriber+ Stored Cross-Site Scripting

The plugin does not sanitise and escape data before outputting it in the System Info admin dashboard, which could lead to a Stored XSS issue due to the wprssdismissaddonnotice AJAX action missing authorisation and CSRF checks, allowing any authenticated users, such as subscriber to call it and se...

5.4CVSS0.3AI score0.00292EPSS
Exploits2
wpexploit
wpexploit
•added 2021/11/29 12:0 a.m.•542 views

WP Mail Logging < 1.10.0 - Outdated Redux Framework

The plugin uses an outdated version of the Redux Framework, which is know to be affected by security issues CVE-2021-38312 and CVE-2021-38314, and could allow unauthenticated attackers to change some of the Framework settings by using CVE-2021-38314 The first endpoint we can identify is gathered...

7.1CVSS0.1AI score0.28961EPSS
Exploits7
wpexploit
wpexploit
•added 2021/11/23 12:0 a.m.•58 views

IDPay for Contact Form 7 <= 2.1.2 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape the idpayerror parameter before outputting it back in the page leading to a Reflected Cross-Site Scripting Append the following payload on a page where a form with an idPay payment interface is embed: &idpayerror=alert/XSS/ Example:...

6.1CVSS0.00788EPSS
Exploits2
wpexploit
wpexploit
•added 2021/11/23 12:0 a.m.•60 views

HTML5 Responsive FAQ <= 2.8.5 - Admin+ Stored Cross-Site Scripting

The plugin does not properly sanitise and escape some of its settings, which could allow a high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml is disallowed Put the following payload in the "Text size of answer in pixels" settings: alert'XSS'; The XSS will be...

4.8CVSS4.8AI score0.00588EPSS
Exploits2
wpexploit
wpexploit
•added 2021/11/23 12:0 a.m.•145 views

Gwolle Guestbook < 4.2.0 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape the gwollegbuseremail parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting issue in an admin page alert/XSS/;' / var form1 = document.getElementById'hack'; form1.submit;...

6.1CVSS0.2AI score0.008EPSS
Exploits2
wpexploit
wpexploit
•added 2021/11/23 12:0 a.m.•377 views

Tickera < 3.4.8.3 - Unauthenticated Stored Cross-Site Scripting

The plugin does not properly sanitise and escape the Name fields of booked Events before outputting them in the Orders admin dashboard, which could allow unauthenticated users to perform Cross-Site Scripting attacks against admins. As unauthenticated, book an Event, and put the following payload ...

6.1CVSS0.4AI score0.01167EPSS
Exploits2
wpexploit
wpexploit
•added 2021/11/23 12:0 a.m.•434 views

Paid Memberships Pro < 2.6.6 - Reflected Cross-Site Scripting

The plugin does not escape the s parameter before outputting it back in an attribute in an admin page, leading to a Reflected Cross-Site Scripting https://example.com/wp-admin/admin.php?page=pmpro-discountcodes&s=s"+style=animation-name:rotation+onanimationstart=alert/XSS///...

6.1CVSS1.6AI score0.01868EPSS
Exploits2References1
wpexploit
wpexploit
•added 2021/11/23 12:0 a.m.•134 views

WPFront User Role Editor < 3.2.1.11184 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape the changes-saved parameter before outputting it back in the admin dashboard, leading to a Reflected Cross-Site Scripting...

6.1CVSS0.7AI score0.008EPSS
Exploits2
wpexploit
wpexploit
•added 2021/11/22 12:0 a.m.•182 views

Kudos Donations < 3.1.2 - Arbitrary Items Deletion via CSRF

The plugin has a logic flaw in its CSRF checks when deleting items such as Donors, Transactions, Subscriptions etc, allowing attackers to make a logged in admin delete them https://example.com/wp-admin/admin.php?page=kudos-transactions&action=delete&id=1...

6.9AI score
Exploits0
wpexploit
wpexploit
•added 2021/11/22 12:0 a.m.•143 views

Ni WooCommerce Custom Order Status < 1.9.7 - Subscriber+ SQL Injection

The getquery function of the plugin, used by the niwoocosajax AJAX action, available to all authenticated users, does not properly sanitise the sort parameter before using it in a SQL statement, leading to an SQL injection, exploitable by any authenticated users, such as subscriber POST...

8.8CVSS0.4AI score0.01318EPSS
Exploits2
wpexploit
wpexploit
•added 2021/11/22 12:0 a.m.•159 views

Logo Carousel < 3.4.2 - Contributor+ Stored Cross-Site Scripting

The plugin does not validate and escape the "Logo Margin" carousel option, which could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks 1 Make a new carousel /wp-admin/post-new.php?posttype=splcshortcodes 2 Set "Logo Margin" of the Style Setting to the...

5.4CVSS0.3AI score0.00604EPSS
Exploits2
wpexploit
wpexploit
•added 2021/11/22 12:0 a.m.•142 views

WP Guppy < 1.3 - Sensitive Information Disclosure

The plugin does not have any authorisation in some of the REST API endpoints, allowing any user to call them and could lead to sensitive information disclosure, such as usernames and chats between users, as well as be able to send messages as an arbitrary user !/bin/bash Exploit Title: Wordpress...

6.5CVSS6.4AI score0.02753EPSS
Exploits2References2
wpexploit
wpexploit
•added 2021/11/22 12:0 a.m.•128 views

Blog2Social < 6.8.7 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape the b2sShowByDate parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting issue https://example.com/wp-admin/admin.php?page=blog2social&b2sShowByDate="alert/XSS/...

6.1CVSS0.7AI score0.01669EPSS
Exploits2
wpexploit
wpexploit
•added 2021/11/22 12:0 a.m.•181 views

Everest Forms < 1.8.0 - Reflected Cross-Site Scripting

The plugin does not escape the status parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting issue The formid needs to be a valid one...

6.1CVSS0.8AI score0.00907EPSS
Exploits2
wpexploit
wpexploit
•added 2021/11/22 12:0 a.m.•142 views

WP Visitor Statistics (Real Time Traffic) < 4.8 - Subscriber+ SQL Injection

The plugin does not properly sanitise and escape the refUrl in the refDetails AJAX action, available to any authenticated user, which could allow users with a role as low as subscriber to perform SQL injection attacks...

8.8CVSS9.1AI score0.38298EPSS
Exploits5References2
wpexploit
wpexploit
•added 2021/11/22 12:0 a.m.•145 views

Logo Carousel < 3.4.2 - Unauthorised Private Post Access

The plugin allows users with a role as low as Contributor to duplicate and view arbitrary private posts made by other users via the Carousel Duplication feature 1 Go to Logo Carousel - Shortcode Generator. 2 If there is no carousel, create one. 3 Copy URL of the "Duplicate" link under the carouse...

8.1CVSS0.6AI score0.01006EPSS
Exploits2
wpexploit
wpexploit
•added 2021/11/22 12:0 a.m.•190 views

WCFM - WooCommerce Multivendor Marketplace < 3.4.12 - Unauthenticated SQL Injection

The wcfmajaxcontroller AJAX action of the plugin, available to unauthenticated and authenticated user, does not properly sanitise multiple parameters before using them in SQL statements, leading to SQL injections v 3.4.11 POST /wp-admin/admin-ajax.php HTTP/1.1 Accept:...

9.8CVSS1.5AI score0.0848EPSS
Exploits2
wpexploit
wpexploit
•added 2021/11/22 12:0 a.m.•459 views

Icegram < 2.0.5 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape the messageid parameter of the getmessageactionrow AJAX action before outputting it back in an attribute, leading to a reflected Cross-Site Scripting issue var form1 = document.getElementById'hack'; form1.submit; The XSS will be triggered when moving the...

6.1CVSS0.008EPSS
Exploits2
wpexploit
wpexploit
•added 2021/11/18 12:0 a.m.•46 views

Child Theme Generator <= 2.2.7 - Reflected Cross-Site Scripting

The plugin does not sanitise escape the parade parameter before outputting it back, leading to a Reflected Cross-Site Scripting in the admin dashboard alert/XSS/;" / var form1 = document.getElementById'hack'; form1.submit;...

0.00636EPSS
Exploits2
wpexploit
wpexploit
•added 2021/11/18 12:0 a.m.•158 views

WP User Frontend < 3.5.25 - Admin+ SQL Injection

The plugin does not validate and escape the postid parameter from the Subscribers list before using in a SQL statement, leading to an SQL injection https://example.com/wp-admin/edit.php?posttype=wpufsubscription&page=wpufsubscribers&postID=1+AND+%28SELECT+42+FROM+%28SELECT%28SLEEP%285%29%29%29b%2...

7.3AI score
Exploits0References1
wpexploit
wpexploit
•added 2021/11/17 12:0 a.m.•180 views

Preview E-mails for WooCommerce < 2.0.0 - Reflected Cross-Site Scripting

The plugin is vulnerable to reflected XSS via the searchorder parameter found in the /views/form.php file. alert1" /...

6.1CVSS6AI score0.01131EPSS
Exploits3References1
wpexploit
wpexploit
•added 2021/11/17 12:0 a.m.•337 views

Login/Signup Popup < 2.2 - Reflected Cross-Site Scripting

The plugin does not escape its tab parameter before outputting it back in an attribute in the admin dashboard, leading to a Reflected Cross-Site Scripting issue https://example.com/wp-admin/admin.php?page=xoo-el-fields&tab="alert/XSS/...

6.3AI score
Exploits0
wpexploit
wpexploit
•added 2021/11/16 12:0 a.m.•125 views

SportsPress < 2.7.9 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape its matchday parameter before outputting back in the Events backend page, leading to a Reflected Cross-Site Scripting issue https://example.com/wp-admin/edit.php?posttype=spevent&matchday=%22%3E%3Csvg%2Fonload%3Dalert%28%2FXSS%2F%29%3B%3E%3C%22...

6.1CVSS5.9AI score0.008EPSS
Exploits2
wpexploit
wpexploit
•added 2021/11/16 12:0 a.m.•43 views

Mortgage Calculator / Loan Calculator < 1.5.17 - Contributor+ Stored Cross-Site Scripting

The plugin does not escape the some of the attributes of its mlcalc shortcode before outputting them, which could allow users with a role as low as contributor to perform Cross-Site Scripting attacks mlcalc schedule="month';alert/XSS///"...

5.4CVSS1.6AI score0.00604EPSS
Exploits2
wpexploit
wpexploit
•added 2021/11/16 12:0 a.m.•183 views

Directorist – Business Directory Plugin < 7.0.6.2 - CSRF to Remote File Upload

The plugin was vulnerable to Cross-Site Request Forgery to Remote File Upload leading to arbitrary PHP shell uploads in the wp-content/plugins directory. This vulnerability was seen actively exploited by Sucuri in the wild for ransomware attacks. 1. Authenticate as any user. 2. Paste below HTML...

7.5CVSS7.7AI score0.00811EPSS
Exploits2References2
wpexploit
wpexploit
•added 2021/11/15 12:0 a.m.•143 views

Ultimate NoFollow <= 1.4.8 - Contributor+ Stored Cross-Site Scripting

The plugin does not sanitise and escape the href attribute of its shortcodes, allowing users with a role as low as contributor to perform Cross-Site Scripting attacks Affected shortcodes: nf, nofo, nofol, nofollow, relnofollow As a contributor, put the below shortcode in a post/page nf...

5.4CVSS5.3AI score0.00604EPSS
Exploits2
wpexploit
wpexploit
•added 2021/11/15 12:0 a.m.•140 views

Pixel Cat Lite < 2.6.2 - CSRF to Stored Cross-Site Scripting

The plugin does not have CSRF check when saving its settings, and did not sanitise as well as escape some of them, which could allow attacker to make a logged in admin change them and perform Cross-Site Scripting attacks alertdocument.domain;" / var form1 = document.getElementById'hack';...

9CVSS8.5AI score0.00535EPSS
Exploits2
wpexploit
wpexploit
•added 2021/11/15 12:0 a.m.•158 views

Pixel Cat Lite < 2.6.3 - Admin+ Stored Cross-Site Scripting

The plugin does not escape some of its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml is disallowed Put the following payload in the Google Product Category setting of the plugin at wp-admin/admin.php?page=fcapcsettingspage in...

4.8CVSS5AI score0.00598EPSS
Exploits2
wpexploit
wpexploit
•added 2021/11/15 12:0 a.m.•149 views

Improved Include Page <= 1.2 - Contributor+ Arbitrary Posts/Pages Access

The plugin allows passing shortcode attributes with posttype & poststatus which can be used to retrieve arbitrary content. This way, users with a role as low as Contributor can gain access to content they are not supposed to. include-page allowtype="post" allowstatus="draft" id="131" include-page...

6.5CVSS6.6AI score0.00995EPSS
Exploits2
wpexploit
wpexploit
•added 2021/11/15 12:0 a.m.•167 views

ToTop Link <= 1.7.1 - Unauthenticated PHP Object Injection

The plugin passes base64 encoded user input to the unserialize PHP function, which could lead to PHP Object injection if a plugin installed on the blog has a suitable gadget chain. https://example.com/wp-content/plugins/totop-link/trunk/totop-link.css.php?vars=base64encodedpayload...

9.8CVSS9.4AI score0.01841EPSS
Exploits2
wpexploit
wpexploit
•added 2021/11/15 12:0 a.m.•127 views

WP System Log < 1.0.21 - Unauthenticated Stored Cross-Site Scripting

The plugin does not sanitise, validate and escape the IP address retrieved from login requests before outputting them in the admin dashboard, which could allow unauthenticated attacker to perform Cross-Site Scripting attacks against admins viewing the logs. POST /wp-login.php HTTP/1.1 Accept:...

6.1CVSS6AI score0.01322EPSS
Exploits2
wpexploit
wpexploit
•added 2021/11/15 12:0 a.m.•47 views

Security Audit <= 1.0.0 - Admin+ Stored Cross Site Scripting

The plugin does not sanitise and escape the Data Id setting, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. Put the following payload in the Data ID setting of the plugin...

4.8CVSS1.3AI score0.05063EPSS
Exploits5
wpexploit
wpexploit
•added 2021/11/15 12:0 a.m.•237 views

StopBadBots < 6.67 - Unauthenticated SQL Injection

The plugin does not sanitise and escape the User Agent before using it in a SQL statement to save it, leading to a SQL injection GET / HTTP/1.1 User-Agent: Zongbot' where id = 'xxxxxxxxxxxxxxxxxxxxxxxxxxxx'-- - Accept:...

9.8CVSS9.4AI score0.01575EPSS
Exploits2
wpexploit
wpexploit
•added 2021/11/15 12:0 a.m.•132 views

Mediamatic < 2.8.1 - Subscriber+ SQL Injection

The mediamaticAjaxRenameCategory AJAX action of the plugin, available to any authenticated user, does not sanitise the categoryID parameter before using it in a SQL statement, leading to an SQL injection POST /wp-admin/admin-ajax.php HTTP/1.1 Accept:...

8.8CVSS8.8AI score0.01318EPSS
Exploits2
wpexploit
wpexploit
•added 2021/11/15 12:0 a.m.•138 views

Filter Portfolio Gallery <= 1.5 - Arbitrary Gallery Deletion via CSRF

The plugin is lacking Cross-Site Request Forgery CSRF check when deleting a Gallery, which could allow attackers to make a logged in admin delete arbitrary Gallery. https://example.com/wp-admin/admin.php?page=phoenfiltergallery&deleteid=1...

6.5CVSS6.4AI score0.00531EPSS
Exploits2
wpexploit
wpexploit
•added 2021/11/15 12:0 a.m.•281 views

Modern Events Calendar < 6.1.5 - Unauthenticated Blind SQL Injection

The plugin does not sanitise and escape the time parameter before using it in a SQL statement in the mecloadsinglepage AJAX action, available to unauthenticated users, leading to an unauthenticated SQL injection issue...

9.8CVSS9.9AI score0.728EPSS
Exploits7
wpexploit
wpexploit
•added 2021/11/15 12:0 a.m.•129 views

ProfilePress < 3.2.3 - Reflected Cross-Site Scripting

The plugin does not escape the data parameter of the ppgetformsbybuildertype AJAX action before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting issue var form1 = document.getElementById'hack'; form1.submit;...

6.1CVSS5.9AI score0.00968EPSS
Exploits2References1
wpexploit
wpexploit
•added 2021/11/15 12:0 a.m.•142 views

Inspirational Quote Rotator <= 1.0.0 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitize and escape some of its quote fields when adding/editing a quote as admin, leading to Stored Cross-Site scripting issues when the quote is output in the "Quotes list" even when the unfilteredhtml capability is disallowed Add/edit a quote...

4.8CVSS5.2AI score0.00598EPSS
Exploits2
wpexploit
wpexploit
•added 2021/11/15 12:0 a.m.•145 views

Modern Events Calendar Lite < 6.1.5 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape the currentmonthdivider parameter of its meclistloadmore AJAX call available to both unauthenticated and authenticated users before outputting it back in the response, leading to a Reflected Cross-Site Scripting issue...

6.1CVSS6AI score0.00795EPSS
Exploits2
wpexploit
wpexploit
•added 2021/11/15 12:0 a.m.•153 views

Contact Form Advanced Database <= 1.0.8 - Unauthorised AJAX Calls

The plugin does not have any authorisation as well as CSRF checks in its deletecf7data and exportcf7data AJAX actions, available to any authenticated users, which could allow users with a role as low as subscriber to call them. The deletecf7data would lead to arbitrary metadata deletion, as well ...

4.3CVSS5.6AI score0.0037EPSS
Exploits2
wpexploit
wpexploit
•added 2021/11/15 12:0 a.m.•159 views

Temporary Login Without Password < 1.7.1 - Subscriber+ Plugin's Settings Update

The plugin does not have authorisation and CSRF checks when updating its settings, which could allows any logged-in users, such as subscribers to update them jQuery.post"https://example.com/wp-admin/index.php", "wtlwp-nonce": "foo", // Not validated tlwpsettingsdata: defaultrole: "editor",...

4.3CVSS5.2AI score0.00347EPSS
Exploits2
wpexploit
wpexploit
•added 2021/11/15 12:0 a.m.•143 views

Display Post Metadata < 1.5.0 - Contributor+ Stored Cross-Site Scripting

The plugin adds a shortcode to print out custom fields, however their content is not sanitised or escaped which could allow users with a role as low as Contributor to perform Cross-Site Scripting attacks - Login as contributor+ - Create a custom field containing XSS payload eg. alert1 - Add this...

5.4CVSS5.3AI score0.00604EPSS
Exploits2
wpexploit
wpexploit
•added 2021/11/15 12:0 a.m.•148 views

WP Limits <= 1.0 - Plugin's Settings Update via CSRF

The plugin does not have CSRF check when saving its settings, allowing attacker to make a logged in admin change them, which could make the blog unstable by setting low values...

4.3CVSS5AI score0.00435EPSS
Exploits2
Total number of security vulnerabilities4359