Lucene search
K
WpexploitRecent

4359 matches found

wpexploit
wpexploit
•added 2021/10/18 12:0 a.m.•537 views

Insert Pages < 3.7.0 - Contributor+ Stored Cross-Site Scripting

The plugin adds a shortcode that prints out other pages' content and custom fields. It can be used by users with a role as low as Contributor to perform Cross-Site Scripting attacks by storing the payload/s in another post's custom fields. - Create a page A - Add a custom field containing JS in...

5.4CVSS1.2AI score0.00604EPSS
Exploits2
wpexploit
wpexploit
•added 2021/10/18 12:0 a.m.•553 views

Helpful < 4.4.59 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed Put the following payload in the System Miscellaneous Custom Timezone setting of the plugin: " The XSS...

4.8CVSS4.7AI score0.00733EPSS
Exploits2References1
wpexploit
wpexploit
•added 2021/10/18 12:0 a.m.•689 views

WP Performance Score Booster < 2.1 - Settings Change via CSRF

The plugin does not have CSRF check when saving its settings, which could allow attackers to make a logged in admin change them via a CSRF attack. csrf.submit...

4.3CVSS1.4AI score0.00435EPSS
Exploits2
wpexploit
wpexploit
•added 2021/10/18 12:0 a.m.•682 views

SEO Redirection < 8.2 - Subscriber+ SQL Injection

The importFromRedirection AJAX action of the plugin, available to any authenticated user, does not properly sanitise the offset parameter before using it in a SQL statement, leading an SQL injection when the redirection plugin is also installed POST /wp-admin/admin-ajax.php HTTP/1.1 Accept:...

8.8CVSS0.6AI score0.01318EPSS
Exploits2
wpexploit
wpexploit
•added 2021/10/18 12:0 a.m.•828 views

Stream < 3.8.2 - Admin+ SQL Injection

The plugin does not sanitise and validate the order GET parameter from the Stream Records admin dashboard before using it in a SQL statement, leading to an SQL injection issue. https://example.com/wp-admin/admin.php?page=wpstream&order=+AND+SELECT+9940+FROM+SELECTSLEEP5vqNl...

8.8CVSS1.3AI score0.01504EPSS
Exploits2References1
wpexploit
wpexploit
•added 2021/10/18 12:0 a.m.•526 views

Insert Pages < 3.7.0 - Contributor+ Arbitrary Posts/Pages Access

The plugin allows users with a role as low as Contributor to access content and metadata from arbitrary posts/pages regardless of their author and status ie private, using a shortcode. Password protected posts/pages are not affected by such issue. insert page='pageslug' display='all' Where pagesl...

4.3CVSS2.8AI score0.00913EPSS
Exploits2References1
wpexploit
wpexploit
•added 2021/10/18 12:0 a.m.•508 views

My Tickets < 1.8.31 - Unauthenticated Stored Cross-Site Scripting

The plugin does not properly sanitise and escape the Email field of booked tickets before outputting it in the Payment admin dashboard, which could allow unauthenticated users to perform Cross-Site Scripting attacks against admins As unauthenticated, book a ticket, fill the purchase form with dum...

6.1CVSS6.1AI score0.01167EPSS
Exploits2
wpexploit
wpexploit
•added 2021/10/18 12:0 a.m.•794 views

MouseWheel Smooth Scroll < 5.7 - Plugin's Setting Update via CSRF

The plugin does not have CSRF check in place on its settings page, which could allow attackers to make a logged in admin change them via a CSRF attack...

6.5CVSS0.6AI score0.00531EPSS
Exploits2
wpexploit
wpexploit
•added 2021/10/16 12:0 a.m.•62 views

Speed Booster Pack < 4.3.3.1 - Admin+ SQL Injection

The plugin does not escape the sbpconverttablename parameter before using it in a SQL statement to convert the related table, leading to an SQL injection https://example.com/wp-admin/admin-ajax.php?action=sbpdatabaseaction&sbpaction=converttables&sbpconverttablename=SQLi&nonce=b2d6208254 The nonc...

7.2CVSS0.4AI score0.01112EPSS
Exploits2References1
wpexploit
wpexploit
•added 2021/10/15 12:0 a.m.•182 views

WordPress + Microsoft Office 365 < 15.4 - Unauthenticated Stored Cross-Site Scripting

The plugin does not sanitise error descriptions before outputting them in the log notice, which could allow unauthenticated users to perform Cross-Site Scripting attacks against a logged in administrator POST / HTTP/1.1 Content-Length: 242 Content-Type: application/x-www-form-urlencoded...

9.3CVSS2.7AI score0.00937EPSS
Exploits2References1
wpexploit
wpexploit
•added 2021/10/13 12:0 a.m.•726 views

Colorful Categories < 2.0.15 - Arbitrary Colors Update via CSRF

The plugin does not enforce nonce checks which could allow attackers to make a logged in admin or editor change taxonomy colors via a CSRF attack csrf.submit...

6.5CVSS1AI score0.00531EPSS
Exploits2
wpexploit
wpexploit
•added 2021/10/13 12:0 a.m.•501 views

Testimonial Builder < 1.6.0 - Admin+ Stored Cross-Site Scripting

The plugin does not escape some testimonial fields which could allow high privilege users to perform Cross Site Scripting attacks even when the unfilteredhtml capability is disallowed As admin, create/edit a testimonial and put the following payload in the Testimonial User Name field: "...

4.8CVSS0.9AI score0.00654EPSS
Exploits2References1
wpexploit
wpexploit
•added 2021/10/13 12:0 a.m.•112 views

WP Cloudy < 4.4.9 - Admin+ SQL Injection

The plugin does not escape the postid parameter before using it in a SQL statement in the admin dashboard, leading to a SQL Injection issue The first digits of the post parameter must be a valid Post ID Weather post or not...

0.8AI score0.01202EPSS
Exploits1References1
wpexploit
wpexploit
•added 2021/10/12 12:0 a.m.•498 views

WooCommerce Products Table < 1.0.4 - Reflected Cross-Site Scripting

The plugin does not sanitise or escape some parameters before outputting them back in pages, leading to Reflected Cross-Site Scripting issues https://example.com/?woot-remote-page=alert/XSS-page/&anchor=1&width=alert/XSS-width/ https://example.com/?woot-remote-page=1&anchor=1&arbitrary=...

0.6AI score
Exploits0
wpexploit
wpexploit
•added 2021/10/12 12:0 a.m.•517 views

Discounts Manager for Products < 3.4.5 - Reflected Cross-Site Scripting

The plugin does not escape the wcdptab parameter before outputting it back in a JavaScript context, leading to a Reflected Cross-Site Scripting issue v alert/XSS/ v 3.4.5 - https://example.com/wp-admin/admin.php?page=wcwcdp&wcdptab=a';alert/XSS/;//...

0.5AI score
Exploits0
wpexploit
wpexploit
•added 2021/10/11 12:0 a.m.•769 views

Similar Posts < 3.1.6 - Admin+ Arbitrary PHP Code Execution

The plugin allow high privilege users to execute arbitrary PHP code in an hardened environment ie with DISALLOWFILEEDIT, DISALLOWFILEMODS and DISALLOWUNFILTEREDHTML set to true via the 'widgetrrmsimilarpostscondition' widget setting of the plugin. Vendor was notified in July 2021, the issue was...

7.2CVSS1.3AI score0.01514EPSS
Exploits2
wpexploit
wpexploit
•added 2021/10/11 12:0 a.m.•503 views

YITH WooCommerce Multi Vendor < 3.8.1 - Reflected Cross-Site Scripting

The plugin does not escape some parameters before outputting them back in admin pages, leading to Reflected Cross-Site Scripting issues https://example.com/wp-admin/admin.php?page=yithvendorcommissions&message=error&text=alert/XSS/ fixed in 3.8.0 Below fixed in 3.8.1 alert/XSS/' /...

0.6AI score
Exploits0
wpexploit
wpexploit
•added 2021/10/11 12:0 a.m.•691 views

404 to 301 < 3.0.9 - Logs Deletion via CSRF

Description The plugin does not have CSRF check in place when cleaning the logs, which could allow attacker to make a logged in admin delete all of them via a CSRF attack https://example.com/wp-admin/admin.php?page=jj4t3-logs&action=bulkclean...

6.5CVSS6.3AI score0.00531EPSS
Exploits2
wpexploit
wpexploit
•added 2021/10/11 12:0 a.m.•513 views

Quiz Tool Lite <= 2.3.15 - Multiple Admin+ Stored Cross-Site Scripting

The plugin does not sanitize multiple input fields used when creating or managing quizzes and in other setting options, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. 1. When creating a new Question Pot, you can inject ...

4.8CVSS0.1AI score0.00598EPSS
Exploits2
wpexploit
wpexploit
•added 2021/10/11 12:0 a.m.•773 views

Post Expirator < 2.6.0 - Contributor+ Arbitrary Post Schedule Deletion

The plugin does not have proper capability checks in place, which could allow users with a role as low as Contributor to schedule deletion of arbitrary posts. Run on "Posts" page: jQuery.postajaxurl, nonce: config.ajax.nonce, action:"managewppostsusingbulkquicksavebulkedit", postids:783,...

6.5CVSS1.4AI score0.00798EPSS
Exploits2
wpexploit
wpexploit
•added 2021/10/11 12:0 a.m.•766 views

Affiliate Manager < 2.8.7 - Admin+ SQL injection

The plugin does not validate the orderby parameter before using it in an SQL statement in the admin dashboard, leading to an SQL Injection issue POST /wp-admin/admin.php?page=wpam-affiliates&tab=exportdata&orderby=if&order=0,1,SLEEP10 HTTP/1.1 Accept:...

7.2CVSS2.1AI score0.01484EPSS
Exploits2References2
wpexploit
wpexploit
•added 2021/10/11 12:0 a.m.•175 views

Squaretype Modern Blog < 3.0.4 - Unauthenticated Private/Schedule Posts Disclosure

The theme allows unauthenticated users to manipulate the queryvars used to retrieve the posts to display in one of its REST endpoint, without any validation. As a result, private and scheduled posts could be retrieved via a crafted request. POST /wp-json/csco/v1/more-posts Accept:...

5.3CVSS2.3AI score0.01131EPSS
Exploits2
wpexploit
wpexploit
•added 2021/10/11 12:0 a.m.•189 views

Pie Register < 3.7.1.6 - Unauthenticated Arbitrary Login

The plugin has a flaw in the social login implementation, allowing unauthenticated attacker to login as any user on the site by only knowing their user ID or username /pie-register-login/ is the login page of the plugin, ie the one with pieregisterlogin v 3.7.1.5 POST /pie-register-login/ HTTP/1....

8.1CVSS1.6AI score0.08377EPSS
Exploits3
wpexploit
wpexploit
•added 2021/10/11 12:0 a.m.•1113 views

Loco Translate < 2.5.4 - Authenticated PHP Code Injection

The plugin mishandles data inputs which get saved to a file, which can be renamed to an extension ending in .php, resulting in authenticated "translator" users being able to inject PHP code into files ending with .php in web accessible locations. 1. Using a User with the translator role, navigate...

6.5CVSS0.1AI score0.0091EPSS
Exploits2
wpexploit
wpexploit
•added 2021/10/11 12:0 a.m.•682 views

Pie Register < 3.7.1.6 - Unauthenticated SQL Injection

The plugin does not properly escape user data before using it in a SQL statement in the wp-json/pie/v1/login REST API endpoint, leading to an SQL injection. POST /wp-json/pie/v1/login HTTP/1.1 Accept: application/json, text/javascript, /; q=0.01 Accept-Language: en-GB,en;q=0.5 Accept-Encoding:...

9.8CVSS0.9AI score0.07542EPSS
Exploits2
wpexploit
wpexploit
•added 2021/10/11 12:0 a.m.•626 views

MAZ Loader < 1.3.3 - Contributor+ SQL Injection

The plugin does not validate or escape the loaderid parameter of the mzldr shortcode, which allows users with a role as low as Contributor to perform SQL injection. As a user with a role as low as Contributor, put the following shortcode in a page/post and view/preview it to get the login...

8.8CVSS0.8AI score0.01292EPSS
Exploits2
wpexploit
wpexploit
•added 2021/10/11 12:0 a.m.•808 views

Header Footer Code Manager < 1.1.14 - Admin+ SQL Injections

The plugin does not validate and escape the "orderby" and "order" request parameters before using them in a SQL statement when viewing the Snippets admin dashboard, leading to SQL injections...

7.2CVSS2AI score0.05124EPSS
Exploits2
wpexploit
wpexploit
•added 2021/10/11 12:0 a.m.•701 views

Coupon Affiliates for WooCommerce < 4.11.3.4 - Arbitrary Referral Visits Deletion via CSRF

The plugin does not have any CSRF in place when deleting Referral Visits, which could allow attackers to make a logged in admin delete them via a CSRF attack...

2.5AI score
Exploits0
wpexploit
wpexploit
•added 2021/10/11 12:0 a.m.•794 views

wpDiscuz < 7.3.4 - Arbitrary Comment Addition/Edition/Deletion via CSRF

The plugin does check for CSRF when adding, editing and deleting comments, which could allow attacker to make logged in users such as admin edit and delete arbitrary comment, or the user who made the comment to edit it via a CSRF attack. Attackers could also make logged in users post arbitrary...

4.3CVSS0.5AI score0.00467EPSS
Exploits2
wpexploit
wpexploit
•added 2021/10/11 12:0 a.m.•655 views

Multiple Plugins from Avirtum - Reflected Cross-Site Scripting

Most plugins both free and premium from the Avirtum author do not escape a page parameter before outputting it back in attributes, leading to Reflected Cross-Site Scripting issues. The issues were reported to the vendor on August 4th, 2021 Example in ipanorama-360-virtual-tour-builder-lite plugin...

0.3AI score
Exploits0
wpexploit
wpexploit
•added 2021/10/11 12:0 a.m.•714 views

WP SEO Redirect 301 < 2.3.2 - Redirect Deletion via CSRF

The plugin does not have CSRF in place when deleting redirects, which could allow attackers to make a logged in admin delete them via a CSRF attack https://example.com/wp-admin/admin.php?page=wp-seo-redirect-301/seoredirectlist.php&deleteid=12&deleteurl=https://example.com/yolo deleteid is the po...

4.3CVSS0.9AI score0.00435EPSS
Exploits2
wpexploit
wpexploit
•added 2021/10/11 12:0 a.m.•542 views

Multiple Plugins from WPPlugin - Reflected Cross-Site Scripting via page Parameter

The plugins do not escape a page parameter before outputting it back in an attribute in various admin pages, leading to Reflected Cross-Site Scripting issues. The issues were reported to the vendor on August 10th, 2021 Example in easy-paypal-donation alert/XSS/' / alert/XSS/' /...

0.5AI score
Exploits0
wpexploit
wpexploit
•added 2021/10/11 12:0 a.m.•564 views

3D Print Lite < 1.9.1.6 - Reflected Cross-Site Scripting

Description The plugin does not sanitise and escape some user input before outputting it back in attributes, leading to Reflected Cross-Site Scripting issues https://example.com/wp-admin/admin.php?page=p3dlitematerials&materialtext="alert/XSS/...

6.5AI score
Exploits0
wpexploit
wpexploit
•added 2021/10/11 12:0 a.m.•684 views

WCFM - Frontend Manager for WooCommerce < 6.5.12 - Customer/Subscriber+ SQL Injection

The plugin, when used in combination with another WCFM - WooCommerce Multivendor plugin such as WCFM - WooCommerce Multivendor Marketplace, does not escape the withdrawalvendor parameter before using it in a SQL statement, allowing low privilege users such as Subscribers to perform SQL injection...

8.8CVSS1.6AI score0.01292EPSS
Exploits2
wpexploit
wpexploit
•added 2021/10/11 12:0 a.m.•538 views

Print-O-Matic < 2.0.3 - Admin+ Stored Cross-Site Scripting

The plugin does not escape some of its settings before outputting them in attribute, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. Put the following payload in the "Pause Before Print" settings of the plugin: ...

4.8CVSS0.5AI score0.00654EPSS
Exploits2References1
wpexploit
wpexploit
•added 2021/10/11 12:0 a.m.•538 views

Storefront Footer Text <= 1.0.1 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitize and escape the "Footer Credit Text" added to pages, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered-html capability is disallowed. The plugin requires the Storefront theme Go to Appearance Customize /wp-admin/customize.ph...

4.8CVSS0.00598EPSS
Exploits2
wpexploit
wpexploit
•added 2021/10/11 12:0 a.m.•1092 views

Asgaros Forum < 1.15.13 - Unauthenticated SQL Injection

The plugin does not validate and escape user input when subscribing to a topic before using it in a SQL statement, leading to an unauthenticated SQL injection issue https://example.com/forum/?subscribetopic=1%20union%20select%201%20and%20sleep10...

9.8CVSS1.8AI score0.13285EPSS
Exploits3References1
wpexploit
wpexploit
•added 2021/10/11 12:0 a.m.•538 views

WP Header Images < 2.0.1 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape the t parameter before outputting it back in the plugin's settings page, leading to a Reflected Cross-Site Scripting issue https://example.com/wp-admin/options-general.php?page=wphi&t=5"alert/XSS/...

6.1CVSS0.4AI score0.008EPSS
Exploits2
wpexploit
wpexploit
•added 2021/10/11 12:0 a.m.•580 views

Qwizcards < 3.62 - Admin+ Stored Cross Site Scripting

The plugin does not properly sanitize and escape some of its settings, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. Within Settings Qwizcards Qwizcardsa Option, put the following payload in the Qwizcards-content HTML...

4.8CVSS4.8AI score0.00598EPSS
Exploits2
wpexploit
wpexploit
•added 2021/10/09 12:0 a.m.•131 views

Inline Related Posts < 3.0.5 - Admin+ Cross-Site Scripting

Multiple parameters are vulnerable to stored Cross-site Scripting. The vulnerabilities require admin privileges to exploit. In each case the script will execute for every user viewing a post that contains one of the inline references. POST /wp-admin/options-general.php?page=intelly-related-posts...

2.7AI score
Exploits1References1
wpexploit
wpexploit
•added 2021/10/07 12:0 a.m.•131 views

G Auto-Hyperlink <= 1.0.1 - Admin+ SQL Injection

The plugin does not sanitise or escape an 'id' GET parameter before using it in a SQL statement, to select data to be displayed in the admin dashboard, leading to an authenticated SQL injection https://plugins.trac.wordpress.org/browser/g-auto-hyperlink/trunk/g-auto-hyperlink.phpL271 Open the...

7.2CVSS0.9AI score0.06561EPSS
Exploits2References1
wpexploit
wpexploit
•added 2021/10/07 12:0 a.m.•151 views

Unlimited PopUps <= 4.5.3 - Author+ SQL Injection

The plugin does not sanitise or escape the did GET parameter before using it in a SQL statement, available to users as low as editor, leading to an authenticated SQL Injection https://plugins.trac.wordpress.org/browser/unlimited-popups/trunk/popuplist.phpL16...

8.8CVSS1.9AI score0.01517EPSS
Exploits2References1
wpexploit
wpexploit
•added 2021/10/07 12:0 a.m.•172 views

Chameleon CSS <= 1.2 - Subscriber+ SQL Injection

The plugin does not have any CSRF and capability checks in all its AJAX calls, allowing any authenticated user, such as subscriber to call them and perform unauthorised actions. One of AJAX call, removecss, also does not sanitise or escape the cssid POST parameter before using it in a SQL...

8.8CVSS0.5AI score0.00712EPSS
Exploits2References1
wpexploit
wpexploit
•added 2021/10/07 12:0 a.m.•142 views

Schreikasten <= 0.14.18 - Author+ SQL Injections

The plugin does not sanitise or escape the id GET parameter before using it in SQL statements in the comments dashboard from various actions, leading to authenticated SQL Injections which can be exploited by users as low as author...

8.8CVSS1.8AI score0.01517EPSS
Exploits2References1
wpexploit
wpexploit
•added 2021/10/07 12:0 a.m.•145 views

Support Board < 3.3.5 - Agent+ Stored Cross-Site Scripting

The plugin allows Authenticated Agent+ users to perform Cross-Site Scripting attacks by placing a payload in the notes field, when an administrator or any authenticated user go to the chat the XSS will be automatically executed. POST /supportboard/include/ajax.php HTTP/1.1 Cookie: Agent+ Accept: ...

5.4CVSS0.9AI score0.01395EPSS
Exploits2References2
wpexploit
wpexploit
•added 2021/10/07 12:0 a.m.•177 views

Wow Forms <= 3.1.3 - Admin+ SQL Injection

The plugin does not sanitise or escape a 'did' GET parameter before using it in a SQL statement, when deleting a form in the admin dashboard, leading to an authenticated SQL injection https://plugins.trac.wordpress.org/browser/mwp-forms/trunk/admin/partials/main.phpL13 As admin,...

7.2CVSS1.1AI score0.01497EPSS
Exploits2References1
wpexploit
wpexploit
•added 2021/10/07 12:0 a.m.•183 views

Post Content XMLRPC <= 1.0 - Admin+ SQL Injections

The plugin does not sanitise or escape multiple GET/POST parameters before using them in SQL statements in the admin dashboard, leading to an authenticated SQL Injections https://example.com/wp-admin/admin.php?page=pcxaddsites&mode=add&id=1%20AND%20SELECT%207953%20FROM%20SELECTSLEEP5AgUn...

7.2CVSS1.4AI score0.01497EPSS
Exploits2References1
wpexploit
wpexploit
•added 2021/10/07 12:0 a.m.•171 views

SpiderCatalog <= 1.7.3 - Admin+ SQL Injection

The plugin does not sanitise or escape the 'parent' and 'ordering' parameters from the admin dashboard before using them in a SQL statement, leading to a SQL injection when adding a category https://plugins.trac.wordpress.org/browser/catalog/trunk/Categories.phpL320 POST...

7.2CVSS1AI score0.01467EPSS
Exploits2References1
wpexploit
wpexploit
•added 2021/10/06 12:0 a.m.•205 views

Formidable Form Builder < 5.0.07 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape its Form's Labels, allowing high privileged users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed Create/edit a form, add the following payload to a Field Label: alert/XSS/ The XSS will be triggered when...

4.8CVSS0.3AI score0.00654EPSS
Exploits2References1
wpexploit
wpexploit
•added 2021/10/06 12:0 a.m.•152 views

Age Gate < 2.16.4 - Authenticated Stored Cross-Site Scripting

The plugin does not sanitise and escape the 'Additional content' setting of its 'Messaging' page, which could allow users having access to such setting by default admin, but the plugin has a feature to change this and allow access to lower privileged users to perform Cross-Site Scripting attacks...

0.9AI score
Exploits0References1
Total number of security vulnerabilities4359