Lucene search
K
WpexploitRecent

4359 matches found

wpexploit
wpexploit
•added 2021/11/15 12:0 a.m.•132 views

User Meta Shortcodes <= 0.5 - Contributor+ Unauthorized Arbitrary User Metadata Access

The plugin registers a shortcode that allows any user with a role as low as contributor to access other users metadata by specifying the user login as a parameter. This makes the WP instance vulnerable to data extrafiltration, including password hashes As a contributor, put the following shortcod...

4.3CVSS5.3AI score0.00783EPSS
Exploits2
wpexploit
wpexploit
•added 2021/11/15 12:0 a.m.•155 views

Single Post Exporter <= 1.1.1 - Plugin's Settings Update via CSRF

The plugin does not have CSRF checks when saving its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and give access to the export feature to any role such as subscriber. Subscriber users would then be able to export an arbitrary post/page such as...

4.3CVSS5.3AI score0.00435EPSS
Exploits2
wpexploit
wpexploit
•added 2021/11/15 12:0 a.m.•179 views

Quotes Collection <= 2.5.2 - Admin+ SQL Injection

The plugin does not validate and escape the bulkcheck parameter before using it in a SQL statement, leading to a SQL injection https://example.com/wp-admin/admin.php?page=quotes-collection&s=&wpnonce=6e21e0a8b6&action=makepublic&paged=1&bulkcheck=1%20and%20sleep10--%20-&action2=makepublic...

7.2CVSS7.2AI score0.01275EPSS
Exploits2
wpexploit
wpexploit
•added 2021/11/15 12:0 a.m.•161 views

WP Admin Logo Changer <= 1.0 - Plugin's Settings Update via CSRF

The plugin does not have CSRF check when saving its settings, which could allow attackers to make a logged in admin update them via a CSRF attack. csrf.submit...

6.5CVSS6.3AI score0.00531EPSS
Exploits2
wpexploit
wpexploit
•added 2021/11/15 12:0 a.m.•152 views

NEX-Forms <= 7.9.4 - Multiple Admin+ Stored Cross-Site Scripting

The plugin does not escape some of its settings and form fields before outputting them in attributes, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. In Global Setting Preferences Validation, put the following...

4.8CVSS5AI score0.00305EPSS
Exploits2
wpexploit
wpexploit
•added 2021/11/15 12:0 a.m.•136 views

ProfilePress < 3.2.3 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape the ppressccdata parameter before outputting it back in an attribute of an admin dashboard page, leading to a Reflected Cross-Site Scripting issue alert/XSS/' / var form1 = document.getElementById'hack'; form1.submit;...

6.1CVSS5.9AI score0.00968EPSS
Exploits2References1
wpexploit
wpexploit
•added 2021/11/15 12:0 a.m.•239 views

All-In-One-Gallery < 2.5.0 - Admin+ Local File Inclusion

The plugin does not sanitise and validate the tab parameter before using it in a require statement in the admin dashboard, leading to a Local File Inclusion issue https://example.com/wp-admin/admin.php?page=all-in-one-video-gallery&tab=..%2F..%2F..%2F..%2F..%2Findex...

7.2CVSS6.8AI score0.05898EPSS
Exploits2References1
wpexploit
wpexploit
•added 2021/11/15 12:0 a.m.•171 views

Shiny Buttons <= 1.1.0 - Unauthenticated Stored Cross-Site Scripting

The plugin does not have any authorisation and CSRF in place when saving a template wpbtnsavetemplate function hooked to the init action, nor sanitise and escape them before outputting them in the admin dashboard, which allow unauthenticated users to add a malicious template and lead to Stored...

6.1CVSS5.9AI score0.01167EPSS
Exploits2
wpexploit
wpexploit
•added 2021/11/15 12:0 a.m.•178 views

Auto Featured Image < 3.9.3 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape the postid parameter before outputting back in an admin page within a JS block, leading to a Reflected Cross-Site Scripting issue. https://example.com/wp-admin/upload.php?page=menu-media-apt&postid=alert/XSS/...

6.1CVSS5.9AI score0.008EPSS
Exploits2
wpexploit
wpexploit
•added 2021/11/15 12:0 a.m.•132 views

Flex Local Fonts <= 1.0.0 - Admin+ Stored Cross-Site-Scripting

The plugin does not escape the Class Name field when adding a font, which could allow hight privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. Add a new font Tools -- Local Fonts -- Add Font, need to have at least one font for the 'Add...

4.8CVSS5AI score0.00598EPSS
Exploits2
wpexploit
wpexploit
•added 2021/11/15 12:0 a.m.•157 views

Page/Post Content Shortcode <= 1.0 - Contributor+ Arbitrary Posts/Pages Access

The plugin does not have proper authorisation in place, allowing users with a role as low as contributor to access draft/private/password protected/trashed posts/pages they should not be allowed to, including posts created by other users such as admins and editors. As a contributor, add the...

4.3CVSS5.1AI score0.00783EPSS
Exploits2
wpexploit
wpexploit
•added 2021/11/15 12:0 a.m.•141 views

SEO Booster < 3.8 - Admin+ SQL Injection

The plugin allows for authenticated SQL injection via the "fnmyajaxifieddataloaderajax" AJAX request as the $REQUEST'order'0'dir' parameter is not properly escaped leading to blind and error-based SQL injections. Install SEO Booster, then click on the "Incoming Keywords" link in the Wordpress...

7.2CVSS7.7AI score0.01497EPSS
Exploits2References1
wpexploit
wpexploit
•added 2021/11/14 12:0 a.m.•50 views

Contact Form Entries < 1.2.4 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape various parameters, such as formid, status, enddate, order, orderby and search before outputting them back in the admin page...

6.1CVSS1.5AI score0.0682EPSS
Exploits4References1
wpexploit
wpexploit
•added 2021/11/12 12:0 a.m.•62 views

GRAND FlaGallery <= 6.1.2 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its gallery settings, which could allow high privilege users to perform Cross-Site scripting attacks even when the unfilteredhtml capability is disallowed. Create/edit a gallery and put the following payload in the "Back Button Text" setting, then...

4.8CVSS4.9AI score0.00588EPSS
Exploits2
wpexploit
wpexploit
•added 2021/11/11 12:0 a.m.•134 views

Like Button Rating < 2.6.38 - Unauthorised Vote Export to Email & IP Addresses Disclosure

The plugin does not have any authorisation and CSRF checks in the likebtnexportvotes AJAX action, which could allow any authenticated user, such as subscriber, to get a list of email and IP addresses of people who liked content from the blog. fetch"http://example.com/wp-admin/admin-ajax.php",...

8CVSS7.6AI score0.00557EPSS
Exploits2
wpexploit
wpexploit
•added 2021/11/11 12:0 a.m.•253 views

Caldera forms < 1.9.5 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape the Form Name before outputting it in attributes, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. Create/edit a form, and put the following payload in the Form Name via th...

4.8CVSS5AI score0.00598EPSS
Exploits2
wpexploit
wpexploit
•added 2021/11/10 12:0 a.m.•46 views

Meks Easy Photo Feed Widget < 1.2.4 - Subscriber+ Settings Update to Stored XSS

The plugin does not have capability and CSRF checks in the mekssavebusinessselectedaccount AJAX action, available to any authenticated user, and does not escape some of the settings. As a result, any authenticated user, such as subscriber could update the plugin's settings and put Cross-Site...

0.2AI score0.00591EPSS
Exploits2
wpexploit
wpexploit
•added 2021/11/10 12:0 a.m.•73 views

Error Log Viewer Plugin <= 1.1.1 - Admin+ Arbitrary File Clearing

The plugin does not validate the path of the log file to clear, allowing high privilege users to clear arbitrary files on the web server, including those outside of the blog folder Click the "Log Monitor" available under Error Log Viewer menu item. Choose a log file to clear. Intercept the reques...

0.9AI score0.05188EPSS
Exploits5
wpexploit
wpexploit
•added 2021/11/09 12:0 a.m.•132 views

Get Custom Field Values < 4.0 - Contributors+ Arbitrary Post Metadata Access

The plugin allows users with a role as low as Contributor to access other posts metadata without validating the permissions. Eg. contributors can access admin posts metadata. customfield field="fieldname" postid="ID" e.g customfield field="ctctverifykey" postid="23"...

6.5CVSS6.4AI score0.00995EPSS
Exploits2
wpexploit
wpexploit
•added 2021/11/09 12:0 a.m.•765 views

LearnPress < 4.1.4 - Admin+ SQL Injection

The plugin does not sanitise, validate and escape the id parameter before using it in SQL statements when duplicating course/lesson/quiz/question, leading to SQL Injections issues Id needs to start with a valid course/lesson/quiz/question ID:...

9.8CVSS9.5AI score0.01575EPSS
Exploits2
wpexploit
wpexploit
•added 2021/11/09 12:0 a.m.•126 views

Get Custom Field Values < 4.0.1 - Contributor+ Stored Cross-Site Scripting

The plugin does not escape custom fields before outputting them in the page, which could allow users with a role as low as contributor to perform Cross-Site Scripting attacks As a contributor, create a custom field in a post, with the following payload: alert1 Then add the following shortcode to...

5.4CVSS5.3AI score0.00684EPSS
Exploits2
wpexploit
wpexploit
•added 2021/11/08 12:0 a.m.•116 views

Bookly < 20.3.1 - Staff Member Stored Cross-Site Scripting

The plugin does not escape the Staff Full Name field before outputting it back in a page, which could lead to a Stored Cross-Site Scripting issue As a Staff Member, put the following payload in your Full Name Booklyn -- Profile -- Edit -- Full Name: alert/XSS/ The XSS will be triggered when an...

5.4CVSS5.2AI score0.00604EPSS
Exploits2
wpexploit
wpexploit
•added 2021/11/08 12:0 a.m.•122 views

Backup and Restore <= 1.0.3 - Admin+ Arbitrary File Deletion

The plugin does not sanitise and validate the foldername parameter when deleting a report, which could allow high privilege users to delete arbitrary files on the web server, including those outside of the WordPress folder POST /wp-admin/admin-ajax.php HTTP/1.1 Accept: / Accept-Language:...

6.9AI score
Exploits0References1
wpexploit
wpexploit
•added 2021/11/08 12:0 a.m.•555 views

Email Log < 2.4.8 - Reflected Cross-Site Scripting

The plugin does not escape the d parameter before outputting it back in an attribute in the Log page, leading to a Reflected Cross-Site Scripting issue https://example.com/wp-admin/admin.php?page=email-log&d="+style=animation-name:rotation+onanimationstart=alert/XSS///...

6.1CVSS5.9AI score0.008EPSS
Exploits2
wpexploit
wpexploit
•added 2021/11/08 12:0 a.m.•135 views

Secure Copy Content Protection and Content Locking < 2.8.2 - Unauthenticated SQL Injection

The plugin does not escape the sccpid parameter of the ayssccpresultsexportfile AJAX action available to both unauthenticated and authenticated users before using it in a SQL statement, leading to an SQL injection...

9.8CVSS9.5AI score0.78812EPSS
Exploits7
wpexploit
wpexploit
•added 2021/11/08 12:0 a.m.•165 views

Tawk.to Live Chat < 0.6.0 - Subscriber+ Visitor Monitoring & Chat Removal

The plugin does not have capability and CSRF checks in the tawktosetwidget and tawktoremovewidget AJAX actions, available to any authenticated user. The first one allows low-privileged users including simple subscribers to change the 'tawkto-embed-widget-page-id' and 'tawkto-embed-widget-widget-i...

8CVSS7.7AI score0.00519EPSS
Exploits2
wpexploit
wpexploit
•added 2021/11/08 12:0 a.m.•126 views

PDF.js Viewer < 2.0.2 - Contributor+ Stored Cross-Site Scripting

The plugin does not escape some of its shortcode and Gutenberg Block attributes, which could allow users with a role as low as Contributor to to perform Cross-Site Scripting attacks pdfjs-viewer searchterm='" onload="alert/XSS/' pdfjs-viewer viewerwidth=0 viewerheight=800 url=undefined...

5.4CVSS5.3AI score0.00604EPSS
Exploits2
wpexploit
wpexploit
•added 2021/11/08 12:0 a.m.•117 views

LoginWP < 3.0.0.5 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape the rulloginurl and rullogouturl parameter before outputting them back in attributes in an admin page, leading to a Reflected Cross-Site Scripting issue var form1 = document.getElementById'hack'; form1.submit;...

6.1CVSS5.9AI score0.008EPSS
Exploits2
wpexploit
wpexploit
•added 2021/11/08 12:0 a.m.•409 views

WooCommerce Currency Switcher < 1.3.7.1 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape the key parameter of the woocsupdateprofilesdata AJAX action available to any authenticated user before outputting it back in the response, leading to a Reflected cross-Site Scripting issue " / var form1 = document.getElementById'hack'; form1.submit; POST...

6.1CVSS6AI score0.00795EPSS
Exploits2
wpexploit
wpexploit
•added 2021/11/08 12:0 a.m.•790 views

Registrations for the Events Calendar < 2.7.6 - Unauthenticated SQL Injection

The plugin does not sanitise and escape the eventid in the rtecsendunregisterlink AJAX action available to both unauthenticated and authenticated users before using it in a SQL statement, leading to an unauthenticated SQL injection. The below request will send an email to [email protected] wi...

9.8CVSS9.5AI score0.07474EPSS
Exploits2
wpexploit
wpexploit
•added 2021/11/08 12:0 a.m.•653 views

WP Data Access < 5.0.0 - Admin+ SQL Injection

The plugin does not properly sanitise and escape the backupdate parameter before using it a SQL statement, leading to a SQL injection issue and could allow arbitrary table deletion POST /wp-admin/admin.php?page=wpdataaccess&tab=repository HTTP/1.1 Accept:...

9.8CVSS9.9AI score0.01575EPSS
Exploits2
wpexploit
wpexploit
•added 2021/11/03 12:0 a.m.•146 views

WP Google Fonts < 3.1.5 - Reflected Cross-Site Scripting

The plugin does not escape the googlefontajaxname and googlefontajaxfamily parameter of the googlefontaction AJAx action available to any authenticated user before outputing them in attributes, leading Reflected Cross-Site Scripting issues var form1 = document.getElementById'hack'; //form1.submit...

6.1CVSS5.9AI score0.00861EPSS
Exploits2References1
wpexploit
wpexploit
•added 2021/11/03 12:0 a.m.•46 views

WooRockets Nitro <= 1.7.9 - Unauthenticated Arbitrary Plugin Installation

The theme does not have authorisation in some of its AJAX actions, and relied on CSRF checks for it. As one of the action allowed for nonces to be disclosed under a specific circumstance, unauthenticated users could then use them to install and active arbitrary plugins via a zip file, as well as...

2.5AI score
Exploits0
wpexploit
wpexploit
•added 2021/11/03 12:0 a.m.•103 views

Email Tracker < 5.2.6 - Reflected Cross-Site Scripting

The plugin does not escape user input before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting issue alert/XSS/' /...

6.2AI score
Exploits0
wpexploit
wpexploit
•added 2021/11/03 12:0 a.m.•104 views

Event Manager for WooCommerce < 3.5.3 - Unauthenticated Arbitrary Options Reset

The plugin has two AJAX actions, mepwlajaxlicenseactivate and mepwlajaxlicensedeactivate, which are available to both unauthenticated and authenticated users, and are lacking any authorisation, CSRF as well as checks to ensure that the options to be updated belong to the plugin. As a result,...

7.2AI score
Exploits0
wpexploit
wpexploit
•added 2021/11/03 12:0 a.m.•123 views

Event Manager for WooCommerce < 3.5.3 - Unauthenticated Arbitrary Elementor Template Import

The mepimportajaxtemplate AJAX action of the plugin, available to both unauthenticated and authenticated users, is lacking any authorisation and CSRF checks. As a result, unauthenticated user can import arbitrary Elementor template to the blog Legit template:...

7.2AI score
Exploits0
wpexploit
wpexploit
•added 2021/11/03 12:0 a.m.•56 views

Cost Calculator <= 1.4 - Contributor+ Local File Inclusion

The plugin allows users with a role as low as Contributor to perform path traversal and local PHP file inclusion on Windows Web Servers via the Cost Calculator post's Layout As a contributor, create a Cost Calculator post, set the Layout to /../../../../../../../../../../file assuming the file to...

0.3AI score0.03EPSS
Exploits2
wpexploit
wpexploit
•added 2021/11/02 12:0 a.m.•513 views

ARForms Form Builder < 1.5 - Admin+ Stored Cross Site Scripting

The plugin does not properly sanitize some of its settings allowing high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed Put the following payload in the From/Replyto Name field at ARForms Lite General Settings Email Settings: "alert/X...

4.8CVSS5.1AI score0.00598EPSS
Exploits2
wpexploit
wpexploit
•added 2021/11/02 12:0 a.m.•423 views

Ivory Search < 4.8 - Contributor+ Stored Cross-Site Scripting

The plugin dos not escape the id argument of its shortcode, allowing users with a role as low as contributor to perform Cross-Site Scripting attacks As a contributor or above, put the following shortcode in a post/page ivory-search title="Some Form" id='1" onmouseover="alert/XSS/'...

1AI score
Exploits0
wpexploit
wpexploit
•added 2021/11/02 12:0 a.m.•498 views

WP All Import < 3.6.3 - Admin+ Stored Cross-Site Scripting

The plugin does not escape the Import's Title and Unique Identifier fields before outputting them in admin pages, which could allow high privilege users to perform Cross-Site attacks even when the unfilteredhtml capability is disallowed. 1. Add a new Import at "New Import", upload a random.txt...

4.8CVSS5.3AI score0.00598EPSS
Exploits2
wpexploit
wpexploit
•added 2021/11/01 12:0 a.m.•516 views

Shop Page WP < 1.2.8 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of the Product fields, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. Add/edit a product and put the following payload in the Product Affiliate URL, Custom Button Text fields...

4.8CVSS5.1AI score0.00598EPSS
Exploits2
wpexploit
wpexploit
•added 2021/11/01 12:0 a.m.•645 views

Contest Gallery < 13.1.0.7 - Subscriber+ Email Address Disclosure

The plugin does not have any proper access controls when exporting users from a gallery, which could allow any authenticated users such as subscriber to list all users from the blog, disclosing their username and email address POST...

6.8AI score
Exploits0
wpexploit
wpexploit
•added 2021/11/01 12:0 a.m.•649 views

myCred < 2.3 - Subscriber+ SQL Injection

The plugin does not validate or escape the fields parameter before using it in a SQL statement, leading to an SQL injection exploitable by any authenticated user any authenticated user...

8.8CVSS9.2AI score0.01318EPSS
Exploits2
wpexploit
wpexploit
•added 2021/11/01 12:0 a.m.•486 views

Ibtana - Ecommerce Product Addons < 0.2.4 - Reflected Cross-Site Scripting

The plugin does not escape some user input before outputting them back in attributes, leading to Reflected Cross-Site Scripting issues. v alert/XSS/ v 0.2.4 - https://example.com/wp-admin/admin.php?page=ibtana-custom-post-type&posttypeid="+style=animation-name:rotation+onanimationstart=alert/XSS/...

6.2AI score
Exploits0
wpexploit
wpexploit
•added 2021/11/01 12:0 a.m.•554 views

Stylish Cost Calculator < 7.04 - Subscriber+ Unauthorised AJAX Calls to Stored XSS

The plugin does not have any authorisation and CSRF checks on some of its AJAX actions available to authenticated users, which could allow any authenticated users, such as subscriber to call them, and perform Stored Cross-Site Scripting attacks against logged in admin, as well as frontend users d...

5.4CVSS5.2AI score0.00307EPSS
Exploits2
wpexploit
wpexploit
•added 2021/11/01 12:0 a.m.•547 views

Check & Log Email < 1.0.4 - Reflected Cross-Site Scripting

The plugin does not escape the d parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting With the "Enable Logs" setting activated: https://example.com/wp-admin/admin.php?page=check-email-logs&d="+style=animation-name:rotation+onanimationstart=alert/XSS///...

6.1CVSS6.2AI score0.00757EPSS
Exploits2
wpexploit
wpexploit
•added 2021/11/01 12:0 a.m.•552 views

GenerateBlocks < 1.4.0 - Contributor+ Stored Cross-Site Scripting

The plugin does not validate the generateblocks/container block's tagName attribute, which could allow users with a role as low as contributor to perform Cross-Site Scripting attacks. Add the following code in a post/page while in code editor mode with an Contributor account: Then view/preview th...

5.4CVSS5.3AI score0.00604EPSS
Exploits2
wpexploit
wpexploit
•added 2021/11/01 12:0 a.m.•503 views

WP RSS Aggregator < 4.19.2 - Admin+ Stored Cross-Site Scripting

The plugin does not properly sanitise and escape the URL to Blacklist field, allowing malicious HTML to be inserted by high privilege users even when the unfilteredhtml capability is disallowed, which could lead to Cross-Site Scripting issues. Add an URL to Blacklist RSS Aggregator Tools Blacklis...

4.8CVSS5AI score0.00598EPSS
Exploits2
wpexploit
wpexploit
•added 2021/11/01 12:0 a.m.•529 views

My Calendar < 3.2.18 - Subscriber+ Reflected Cross-Site Scripting

The plugin does not sanitise and escape the callback parameter of the mcpostlookup AJAX action available to any authenticated user before outputting it back in the response, leading to a Reflected Cross-Site Scripting issue...

5.4CVSS5.3AI score0.006EPSS
Exploits2
wpexploit
wpexploit
•added 2021/11/01 12:0 a.m.•646 views

BSK PDF Manager < 3.1.2 - Admin+ SQL Injection

The plugin does not validate and escape the orderby and order parameters before using them in a SQL statement, leading to a SQL injection issue With at least one BSK PDF Category: https://example.com/wp-admin/admin.php?page=bsk-pdf-manager&order=and+sleep5...

7.2CVSS7.6AI score0.01275EPSS
Exploits2
Total number of security vulnerabilities4359