Lucene search
K
WpexploitRecent

4359 matches found

wpexploit
wpexploit
•added 2021/11/01 12:0 a.m.•773 views

Email Before Download < 6.8 - Admin+ SQL Injection

The plugin does not properly validate and escape the order and orderby GET parameters before using them in SQL statements, leading to authenticated SQL injection issues...

8.8CVSS9.3AI score0.01318EPSS
Exploits2
wpexploit
wpexploit
•added 2021/11/01 12:0 a.m.•529 views

My Calendar < 3.2.18 - Subscriber+ Reflected Cross-Site Scripting

The plugin does not sanitise and escape the callback parameter of the mcpostlookup AJAX action available to any authenticated user before outputting it back in the response, leading to a Reflected Cross-Site Scripting issue...

5.4CVSS5.3AI score0.006EPSS
Exploits2
wpexploit
wpexploit
•added 2021/10/28 12:0 a.m.•127 views

URL Shortify < 1.5.1 - Arbitrary Link/Group Deletion via CSRF

The plugin does not have CSRF check in place when bulk-deleting links or groups, which could allow attackers to make a logged in admin delete arbitrary link and group via a CSRF attack. https://example.com/wp-admin/admin.php?page=uslinks&action=bulkdelete&linkids=1...

4.3CVSS5.2AI score0.00435EPSS
Exploits2
wpexploit
wpexploit
•added 2021/10/28 12:0 a.m.•132 views

Contact Form by Supsystic < 1.7.20 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape fields label, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml is disallowed Create/edit a field in a form, and put the following payload in the label:...

6AI score
Exploits0References1
wpexploit
wpexploit
•added 2021/10/27 12:0 a.m.•141 views

WPS Hide Login < 1.9.1 - Protection Bypass with Referer-Header

The plugin has a bug which allows to get the secret login page by setting a random referer string and making a request to /wp-admin/options.php as an unauthenticated user. curl --referer "something" -sIXGET https://example.com/wp-admin/options.php HTTP/2 302 ... location:...

0.7AI score0.71532EPSS
Exploits5References1
wpexploit
wpexploit
•added 2021/10/27 12:0 a.m.•473 views

Registrations for The Events Calendar < 2.7.5 - Reflected Cross-Site Scripting

The plugin does not escape the v parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting https://example.com/wp-admin/admin.php?page=registrations-for-the-events-calendar&tab=registrations&v="+style=animation-name:rotation+onanimationstart=alert/XSS///...

6.1CVSS6.2AI score0.01165EPSS
Exploits2
wpexploit
wpexploit
•added 2021/10/26 12:0 a.m.•680 views

Bulk Datetime Change < 1.12 - Missing Authorisation

The plugin does not enforce capability checks which allows users with Contributor roles to 1 list private post titles of other users and 2 change the posted date of other users' posts. Run on "Bulk Datetime Change" page: jQuery.post"https://example.com/wp-admin/admin.php?page=bulkdatetimechange",...

5.5CVSS5.7AI score0.00699EPSS
Exploits2References1
wpexploit
wpexploit
•added 2021/10/26 12:0 a.m.•560 views

About Author Box < 1.0.2 - Contributor+ Stored Cross-Site Scripting

The plugin does not sanitise and escape the Social Profiles field values before outputting them in attributes, which could allow user with a role as low as contributor to perform Cross-Site Scripting attacks. With a role as low as Contributor, put the following payloads in one of the Social Profi...

5.4CVSS0.2AI score0.00604EPSS
Exploits2
wpexploit
wpexploit
•added 2021/10/26 12:0 a.m.•781 views

Ninja Forms < 3.6.4 - Admin+ SQL Injection

The plugin does not escape keys of the fields POST parameter, which could allow high privilege users to perform SQL injections attacks POST /wp-admin/post.php HTTP/1.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: zh,en;q=0.5...

7.2CVSS7.1AI score0.01275EPSS
Exploits2
wpexploit
wpexploit
•added 2021/10/25 12:0 a.m.•67 views

Ninja Tables < 4.1.8 - Admin+ Stored Cross-Site Cross-Site Scripting

The plugin does not sanitise and escape some of its table fields, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed Create a table, add a column with the following payload " as Name, then add data with the followin...

4.8CVSS0.9AI score0.00686EPSS
Exploits2References2
wpexploit
wpexploit
•added 2021/10/25 12:0 a.m.•746 views

Reviews Plus < 1.2.14 - Subscriber+ Reviews DoS

The plugin does not validate the submitted rating, allowing submission of long integer, causing a Denial of Service in the review section when an authenticated user submit such rating and the reviews are set to be displayed on the post/page Enable reviews for post/pages, and enable the "Show...

6.5CVSS0.01433EPSS
Exploits2References1
wpexploit
wpexploit
•added 2021/10/25 12:0 a.m.•670 views

MAZ Loader < 1.4.1 - Arbitrary Loader Deletion via CSRF

The plugin does not enforce nonce checks, which allows attackers to make administrators delete arbitrary loaders via a CSRF attack The vendor has been notified on August 24th, 2021, as well as escalated to the WP plugins team 3 times, no fix was made despite two new versions being released...

4.3CVSS3.6AI score0.00435EPSS
Exploits2
wpexploit
wpexploit
•added 2021/10/25 12:0 a.m.•548 views

Video Lessons Manager - Admin+ Stored Cross-Site Scripting

The plugins do not properly sanitize and escape values when updating their settings, which could allow high privilege users to perform Cross-Site Scripting attacks Open the CM Video Lesson Plugin's Settings page. Click on Label Tab Enter payload like "alert1 into the "channel" or "channels" field...

4.8CVSS0.7AI score0.00598EPSS
Exploits2
wpexploit
wpexploit
•added 2021/10/25 12:0 a.m.•471 views

WP Spell Check < 9.3 - Reflected Cross-Site Scripting

The plugin does not escape the page and wpsc-scan-tab parameters before outputting them back in attributes, leading Reflected Cross-Site Scripting issues alert/XSS/' / alert/XSS/' /...

Exploits0
wpexploit
wpexploit
•added 2021/10/25 12:0 a.m.•498 views

eCommerce Product Catalog for WordPress < 3.0.39 - Reflected Cross-Site Scripting

The plugin does not escape the ic-settings-search parameter before outputting it back in the page in an attribute, leading to a Reflected Cross-Site Scripting issue...

6.1CVSS1AI score0.01555EPSS
Exploits1
wpexploit
wpexploit
•added 2021/10/25 12:0 a.m.•66 views

EditableTable <= 0.1.4 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape any of the Table and Column fields, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed Create a new EDTB and put the following payload in the Table Name, Column Name or Column...

0.9AI score0.00588EPSS
Exploits2
wpexploit
wpexploit
•added 2021/10/25 12:0 a.m.•666 views

MainWP Child < 4.1.8 - Admin+ SQL Injection

The plugin does not validate the orderby and order parameter before using them in a SQL statement, leading to an SQL injection exploitable by high privilege users such as admin when the Backup and Staging by WP Time Capsule plugin is installed POST / HTTP/1.1 Accept:...

7.2CVSS1.5AI score0.01238EPSS
Exploits2
wpexploit
wpexploit
•added 2021/10/25 12:0 a.m.•433 views

Ecommerce - Two Factor Authentication < 1.0.5 - Reflected Cross-Site Scripting

The plugin does not escape the user parameter before outputting it back in an attribute in the dashboard page to confirm the 2FA reset, leading to a Reflected Cross-Site Scripting issue v alert/XSS/ v 1.0.5: https://example.com/wp-admin/users.php?page=reset&action=resetedit&user="...

0.3AI score
Exploits0
wpexploit
wpexploit
•added 2021/10/25 12:0 a.m.•509 views

Falang multilanguage for WordPress < 1.3.18 - Reflected Cross-Site Scripting

The plugin does not escape the page parameter before outputting it back in an attribute, leading to a Reflected Cross-Site scripting issue alert/XSS/' /...

0.2AI score
Exploits0
wpexploit
wpexploit
•added 2021/10/25 12:0 a.m.•554 views

Slideshow Gallery < 1.7.4 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape the Slide "Title", "Description", and Gallery "Title" fields, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml is disallowed Create/edit a Slide /wp-admin/admin.php?page=slideshow-slides and put the...

4.8CVSS0.4AI score0.00598EPSS
Exploits2
wpexploit
wpexploit
•added 2021/10/25 12:0 a.m.•145 views

Duplicate Post < 1.2.0 - Authenticated SQL Injection

The plugin does not properly sanitise and escape the id parameter passed to the cdpactionhandling AJAX action, which could allow user having access to the plugin by default admins to perform SQL Injection attacks POST /wp-admin/admin-ajax.php HTTP/1.1 Content-Length: 229 Accept: / X-Requested-Wit...

9CVSS1AI score0.09509EPSS
Exploits3References1
wpexploit
wpexploit
•added 2021/10/25 12:0 a.m.•141 views

Media-Tags <= 3.2.0.2 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape any of its Labels settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtnl capability is disallowed. https://drive.google.com/file/d/1ZXIS-q2fzZhRhTyHpHEzxcZ2Shl4Up2/view?usp=sharing Put the...

4.8CVSS1AI score0.00598EPSS
Exploits2References2
wpexploit
wpexploit
•added 2021/10/24 12:0 a.m.•670 views

Logo Showcase with Slick Slider < 1.2.5 - Subscriber+ Arbitrary Media Title/Description/Alt Text/URL Update

The plugin does not have CSRF and authorisation checks in the lswsssaveattachmentdata AJAX action, allowing any authenticated users, such as Subscriber, to change title, description, alt text, and URL of arbitrary uploaded media. jQuery.postajaxurl, action: "lswsssaveattachmentdata", attachmentid...

0.3AI score0.00339EPSS
Exploits2
wpexploit
wpexploit
•added 2021/10/21 12:0 a.m.•71 views

Core Tweaks WP Setup <= 4.1 - Arbitrary Admin Account Creation / Admin Email Update via CSRF

The plugin allows to bulk-set many settings in WordPress, including the admin email, as well as creating a new admin account. There is no CSRF protection in place, allowing an attacker to arbitrary change the admin email or create another admin account and takeover the website via CSRF attacks...

1.4AI score0.00618EPSS
Exploits2
wpexploit
wpexploit
•added 2021/10/21 12:0 a.m.•666 views

Pie Register < 3.7.2.4 - Open Redirect

The plugin passes unvalidated user input to the wpredirect function, without validating it, leading to an Open redirect issue https://example.com/?piereglogouturl=true&redirectto=https://wpscan.com...

1.7AI score
Exploits0
wpexploit
wpexploit
•added 2021/10/20 12:0 a.m.•145 views

Sassy Social Share 3.3.23 - Missing Access Controls to PHP Object Injection

Version 3.3.23 of the Sassy Social Share WordPress plugin is vulnerable to PHP Object Injection via the wpajaxheateorsssimportconfig AJAX action due to a missing capability check in the importconfig function found in the /admin/class-sassy-social-share-admin.php file along with the implementation...

8.8CVSS1.1AI score0.01976EPSS
Exploits2References1
wpexploit
wpexploit
•added 2021/10/20 12:0 a.m.•527 views

BetterLinks < 1.2.6 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of imported link fields, which could lead to Stored Cross-Site Scripting issues when an admin import a malicious CSV. Go to Plugin's Settings page, in "Tool" tab, import a CSV file with Betterlinks option. Put a simple XSS payload into "linktitle" colu...

5.4CVSS0.1AI score0.00604EPSS
Exploits2
wpexploit
wpexploit
•added 2021/10/20 12:0 a.m.•705 views

Responsive Image Slider, Photo Gallery And Carousel < 1.3.6 - Subscriber+ Arbitrary Post Access

The plugin does not have proper authorisation check in the sfimageid AJAX action, which could allow any authenticated, such as subscriber, to view the content and title of arbitrary posts, for example private, draft and password protected ones. POST /wp-admin/admin-ajax.php HTTP/1.1 Accept: /...

0.1AI score
Exploits0
wpexploit
wpexploit
•added 2021/10/20 12:0 a.m.•80 views

Download Monitor < 4.4.5 - Admin+ SQL Injection

The plugin does not properly validate and escape the "orderby" GET parameter before using it in a SQL statement when viewing the logs, leading to an SQL Injection issue There need to be at least one log for the payload to trigger...

7.2CVSS1.3AI score0.17484EPSS
Exploits5
wpexploit
wpexploit
•added 2021/10/20 12:0 a.m.•564 views

Forminator < 1.15.4 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitize and escape the email field label, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml is disallowed As an admin, create or edit a Forminator form, add an email field and put the following payload in the label...

4.8CVSS0.7AI score0.00598EPSS
Exploits2
wpexploit
wpexploit
•added 2021/10/19 12:0 a.m.•156 views

Easy Digital Downloads < 2.11.2.1 - Reflected Cross-Site Scripting

The plugin does not escape the start-date and end-date parameters in the payment history dashboard before outputting them back in attributes, leading to Reflected Cross-Site Scripting issues...

4.8CVSS1.6AI score0.00902EPSS
Exploits2References3
wpexploit
wpexploit
•added 2021/10/19 12:0 a.m.•516 views

Tutor LMS < 1.9.11 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape user input before outputting back in attributes in the Student Registration page, leading to a Reflected Cross-Site Scripting issue https://example.com/student-registration/?userlogin="alert/XSS/...

6.1CVSS0.3AI score0.00757EPSS
Exploits1References1
wpexploit
wpexploit
•added 2021/10/19 12:0 a.m.•551 views

Images to WebP < 1.9 - Multiple Cross Site Request Forgery (CSRF)

The plugin does not have CSRF checks in place when performing some administrative actions, which could result in modification of plugin settings, Denial-of-Service, as well as arbitrary image conversion The PoC varies based on the endpoint targeted. Here is one example that will modify the...

8.1CVSS0.3AI score0.00519EPSS
Exploits2
wpexploit
wpexploit
•added 2021/10/19 12:0 a.m.•675 views

Logo Showcase with Slick Slider < 1.2.4 - Author+ Stored Cross Site Scripting

The plugin does not sanitise the Grid Settings, which could allow users with a role as low as Author to perform stored Cross-Site Scripting attacks via post metadata of Grid logo showcase. 1 Create a Logo Showcase 2 Set display type to Logo Grid 3 Set number of grid to 1"...

5.4CVSS5.3AI score0.00604EPSS
Exploits2
wpexploit
wpexploit
•added 2021/10/19 12:0 a.m.•42 views

Relevanssi - A Better Search < 4.14.3 - Unauthenticated Stored Cross-Site Scripting

The plugin does not sanitise and escape user searches before outputting them in the related admin dashboard when the feature is enabled Enable the logging of user query, then was unauthenticated user /?s= The XSS will be triggered when an admin will view the User Searches dashboard at...

7.1AI score
Exploits0References1
wpexploit
wpexploit
•added 2021/10/19 12:0 a.m.•568 views

Images to WebP < 1.9 - Authenticated Local File Inclusion

The plugin does not validate or sanitise the tab parameter before passing it to the include function, which could lead to a Local File Inclusion issue Assuming WordPress installed at C:\xampp\htdocs\wordpress,...

7.5CVSS0.5AI score0.05028EPSS
Exploits2
wpexploit
wpexploit
•added 2021/10/19 12:0 a.m.•742 views

Download Plugin < 1.6.1 - Subscriber+ Arbitrary Plugin Activation

The plugin does not have capability and CSRF checks in the dpwappluginactivate AJAX action, allowing any authenticated users, such as subscribers, to activate plugins that are already installed. v 1.5.9 - jQuery.postajaxurl, action:"dpwappluginactivate", dpwapurl:"hello.php" v 1.6.0 -...

5.7CVSS3.2AI score0.00386EPSS
Exploits2
wpexploit
wpexploit
•added 2021/10/19 12:0 a.m.•600 views

Advanced Access Manager < 6.8.0 - Admin+ Stored Cross-Site Scripting

The plugin does not escape some of its settings when outputting them, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed Put the following payload in any of the plugin's settings with a text input: - v alert/XSS/ - v...

4.8CVSS0.1AI score0.00654EPSS
Exploits2References1
wpexploit
wpexploit
•added 2021/10/18 12:0 a.m.•65 views

Support Board < 3.3.6 - Arbitrary File Deletion via CSRF

The plugin does not have any CSRF checks in actions handled by the include/ajax.php file, which could allow attackers to make logged in users do unwanted actions. For example, make an admin delete arbitrary files...

1.1AI score0.00542EPSS
Exploits2References1
wpexploit
wpexploit
•added 2021/10/18 12:0 a.m.•835 views

Email Log < 2.4.7 - Admin+ SQL Injection

The plugin does not properly validate, sanitise and escape the "orderby" and "order" GET parameters before using them in SQL statement in the admin dashboard, leading to SQL injections https://example.com/wp-admin/admin.php?page=email-log&orderby=sentdate+AND+SELECT+3025...

8.8CVSS1.5AI score0.01292EPSS
Exploits2
wpexploit
wpexploit
•added 2021/10/18 12:0 a.m.•508 views

QR Redirector < 1.6.1 - Contributor+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of the QR Redirect fields, which could allow users with a role as low as Contributor perform Stored Cross-Site Scripting attacks. As a contributor, create/edit a "QR Redirect" and set the following fields: "URL to Redirect to": https://example.com/"...

5.4CVSS5.3AI score0.00604EPSS
Exploits2
wpexploit
wpexploit
•added 2021/10/18 12:0 a.m.•466 views

TableOn < 1.0.1 - Reflected Cross-Site Scripting

The plugin does not sanitise or escape some parameters before outputting them back in the page, leading to Reflected Cross-Site Scripting issues https://example.com/?tableon-remote-page=alert/XSS-page/&anchor=1&width=alert/XSS-width/...

0.7AI score
Exploits0
wpexploit
wpexploit
•added 2021/10/18 12:0 a.m.•505 views

Paypal Donation < 1.3.2 - Admin+ Stored Cross-Site Scripting

The plugin does not escape the Amount Menu Name field of created Buttons, which could allow a high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. Create/Edit a Button and put the following payload in the Amount Menu Name field...

4.8CVSS0.1AI score0.00598EPSS
Exploits2
wpexploit
wpexploit
•added 2021/10/18 12:0 a.m.•679 views

QR Redirector < 1.6 - Subscriber+ Arbitrary QR Redirect Response Status Update

The plugin does not have capability and CSRF checks when saving bulk QR Redirector settings via the qrsavebulk AJAX action, which could allow any authenticated user, such as subscriber to change the redirect response status code of arbitrary QR Redirects jQuery.postajaxurl, qrredirectresponse: 30...

4.3CVSS0.5AI score0.00433EPSS
Exploits2
wpexploit
wpexploit
•added 2021/10/18 12:0 a.m.•153 views

Shared Files < 1.6.61 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape the Download Counter Text settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed Put the following payload in the Download Counter Text settings and tick the Show Downlo...

4.8CVSS4.8AI score0.00647EPSS
Exploits2References1
wpexploit
wpexploit
•added 2021/10/18 12:0 a.m.•483 views

Client Invoicing by Sprout Invoices < 19.9.7 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed Put the following payload in one of the vulnerable fields in the General Settings of the plugin...

4.8CVSS0.6AI score0.00598EPSS
Exploits2
wpexploit
wpexploit
•added 2021/10/18 12:0 a.m.•673 views

Responsive Image Slider, Photo Gallery And Carousel < 1.3.2 - Slider Clone/Save/Delete via CSRF

The plugin has a logic flaw in its CSRF checks in the sfcloneslider, sfsaveslider and sfremoveslider AJAX actions, which could allow an attacker to make a logged in user call them via a CSRF attack. To delete a slider: To create a slider /bod...

1AI score
Exploits0
wpexploit
wpexploit
•added 2021/10/18 12:0 a.m.•729 views

Simple JWT Login < 3.2.1 - Arbitrary Settings Update to Site Takeover via CSRF

The plugin does not have nonce checks when saving its settings, allowing attackers to make a logged in admin changed them. Settings such as HMAC verification secret, account registering and default user roles can be updated, which could result in site takeover. The following HTML code can be used...

8.8CVSS0.4AI score0.00612EPSS
Exploits2
wpexploit
wpexploit
•added 2021/10/18 12:0 a.m.•469 views

IMPress for IDX Broker < 3.0.6 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape the leadID parameter before outputting it back in attributes, leading to a Reflected Cross-Site Scripting issue https://examle.com/wp-admin/admin.php?page=edit-lead&leadID="alert/XSS/...

1.1AI score
Exploits0
wpexploit
wpexploit
•added 2021/10/18 12:0 a.m.•793 views

MouseWheel Smooth Scroll < 5.7 - Plugin's Setting Update via CSRF

The plugin does not have CSRF check in place on its settings page, which could allow attackers to make a logged in admin change them via a CSRF attack...

6.5CVSS0.6AI score0.00531EPSS
Exploits2
Total number of security vulnerabilities4359