Lucene search
K
WpexploitRecent

4359 matches found

wpexploit
wpexploit
added 2021/10/06 12:0 a.m.199 views

Access Demo Importer < 1.0.7 - Subscriber+ Arbitrary File Upload

Versions up to, and including, 1.0.6, of the Access Demo Importer WordPress plugin are vulnerable to arbitrary file uploads via the pluginofflineinstaller AJAX action due to a missing capability check in the pluginofflineinstallercallback functionfound in the /inc/demo-functions.php file along wi...

8.8CVSS1.5AI score0.01652EPSS
Exploits2References1
wpexploit
wpexploit
added 2021/10/06 12:0 a.m.561 views

WP All Export < 1.3.1 - Admin+ Stored Cross-Site Scripting

The plugin does not escape its Export's Name before outputting it in Manage Exports settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed 1. Create a new export via "New Export" page. 2. Go to "Manage Exports...

4.8CVSS0.00598EPSS
Exploits2
wpexploit
wpexploit
added 2021/10/06 12:0 a.m.658 views

Genie WP Favicon <= 0.5.2 - Arbitrary Favicon Change via CSRF

The plugin does not have CSRF in place when updating the favicon, which could allow attackers to make a logged in admin change it via a CSRF attack // 32x32 white png const buf =...

6.5CVSS0.9AI score0.00531EPSS
Exploits2
wpexploit
wpexploit
added 2021/10/06 12:0 a.m.813 views

Phoenix Media Rename < 3.4.4 - Author Arbitrary Media File Renaming

The plugin does not have capability checks in its phoenixmediarename AJAX action, which could allow users with Author roles to rename any uploaded media files, including ones they do not own. As an Author, go to the page to edit one of your own Media ie /wp-admin/post.php?post=1993&action=edit,...

4.3CVSS1.4AI score0.00654EPSS
Exploits2
wpexploit
wpexploit
added 2021/10/06 12:0 a.m.687 views

Redirect 404 Error Page to Homepage or Custom Page with Logs < 1.7.9 - Log Deletion via CSRF

The plugin does not check for CSRF when deleting logs, which could allow attacker to make a logged in admin delete them via a CSRF attack csrf.submit...

6.5CVSS0.5AI score0.00531EPSS
Exploits2
wpexploit
wpexploit
added 2021/10/06 12:0 a.m.715 views

Visitor Traffic Real Time Statistics < 3.9 - Subscriber+ SQL Injection

The plugin does not validate and escape user input passed to the todaytrafficindex AJAX action available to any authenticated users before using it in a SQL statement, leading to an SQL injection issue POST /wp-admin/admin-ajax.php HTTP/1.1 Accept: application/json, text/javascript, /; q=0.01...

8.8CVSS0.7AI score0.01318EPSS
Exploits2
wpexploit
wpexploit
added 2021/10/05 12:0 a.m.67 views

Perfect Survey < 1.5.2 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape multiple parameters id and filterssessionid of singlestatistics page, type and message of importexport page before outputting them back in pages/attributes in the admin dashboard, leading to Reflected Cross-Site Scripting issues...

0.008EPSS
Exploits2
wpexploit
wpexploit
added 2021/10/05 12:0 a.m.129 views

TheCartPress eCommerce Shopping Cart <= 1.5.3.6 - Unauthenticated Arbitrary Admin Account Creation

The tcpregisterandloginajax AJAX action of the plugin allows unauthenticated users to create accounts with an arbitrary role such as admin POST /wp-admin/admin-ajax.php HTTP/1.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/;q=0.8 Accept-Language: en-GB,en;q=0.5...

2.9AI score
Exploits0References1
wpexploit
wpexploit
added 2021/10/05 12:0 a.m.43 views

Perfect Survey < 1.5.2 - Unauthenticated Stored Cross-Site Scripting

The plugin does not validate and escape the X-Forwarded-For header value before outputting it in the statistic page when the Anonymize IP setting of a survey is turned off, leading to a Stored Cross-Site Scripting issue jQuery.postdata: psquestions:1:"1", action:"savequestiondata", ID:"765",...

0.1AI score0.01405EPSS
Exploits2
wpexploit
wpexploit
added 2021/10/05 12:0 a.m.486 views

WP-Recall < 16.24.48 - Reflected Cross-Site Scripting

The plugin does not escape some filters parameters before outputting them back in attributes when the Commerce add-on is active, leading to Reflected Cross-Site Scripting issues Activate the Commerce Add-On of the plugin and open the below URL...

0.8AI score
Exploits0
wpexploit
wpexploit
added 2021/10/05 12:0 a.m.457 views

Two Way Chat < 3.1.5 - Multiple CSRF

The plugin does not have CSRF checks in place in some of its functions, allowing attacker to make logged in admin perform unwanted actions, such as update the plugin's settings...

1AI score
Exploits0References1
wpexploit
wpexploit
added 2021/10/05 12:0 a.m.699 views

WP Survey Plus <= 1.0 - Subscriber+ AJAX Calls

The plugin does not have any authorisation and CSRF checks in place in its AJAX actions, allowing any user to call them and add/edit/delete Surveys. Furthermore, due to the lack of sanitization in the Surveys' Title, this could also lead to Stored Cross-Site Scripting issues To create a survey wi...

4.3CVSS0.1AI score0.00435EPSS
Exploits2
wpexploit
wpexploit
added 2021/10/05 12:0 a.m.65 views

Perfect Survey < 1.5.2 - Unauthorised AJAX Call to Stored XSS / Survey Settings Update

The plugin does not have proper authorisation nor CSRF checks in the saveglobalsetting AJAX action, allowing unauthenticated users to edit surveys and modify settings. Given the lack of sanitisation and escaping in the settings, this could also lead to a Stored Cross-Site Scripting issue which wi...

0.6AI score0.00644EPSS
Exploits2
wpexploit
wpexploit
added 2021/10/05 12:0 a.m.513 views

World Travel Information <= 1.0.0 - Reflected Cross-Site Scripting

The plugin does not escape the $SERVER'PHPSELF' parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting issue https://example.com/wp-admin/admin.php/"alert/XSS//?page=ti-info...

0.9AI score
Exploits0
wpexploit
wpexploit
added 2021/10/05 12:0 a.m.588 views

Simple Download Monitor < 3.9.6 - Unauthenticated Log Access

The plugin saves logs in a predictable location, and does not have any authentication or authorisation in place to prevent unauthenticated users to download and read the logs containing Sensitive Information such as IP Addresses and Usernames...

7.5CVSS0.1AI score0.01625EPSS
Exploits2
wpexploit
wpexploit
added 2021/10/05 12:0 a.m.533 views

Simple Download Monitor < 3.9.6 - Arbitrary Thumbnails Removal

The plugin allows users with a role as low as Contributor to remove thumbnails from downloads they do not own, even if they cannot normally edit the download. jQuery.postajaxurl, action: "sdmremovethumbnailimage", postiddel: 613 // not owned by the user POST /wp-admin/admin-ajax.php HTTP/1.1...

4.3CVSS0.4AI score0.00654EPSS
Exploits2
wpexploit
wpexploit
added 2021/10/05 12:0 a.m.731 views

MStore API < 3.4.5 - Unauthenticated PHP File Upload

The api/flutterwoo/configfile REST endpoint of the plugin, does not have proper authorisation in place only checking if the plugin has a license, nor enough validation against the config file sent in the request. As a result, unauthenticated users could use such endpoint to upload a PHP file,...

0.2AI score
Exploits0References1
wpexploit
wpexploit
added 2021/10/05 12:0 a.m.506 views

Simple Download Monitor < 3.9.6 - Unauthorised Log Reset

The sdmresetlog AJAX action of the plugin does not have any capability and CSRF checks, which could allow any authenticated user such as subscriber, or an attacker performing a CSRF attack against a logged in admin to reset the log entries...

2.7AI score
Exploits0
wpexploit
wpexploit
added 2021/10/05 12:0 a.m.503 views

Simple Download Monitor < 3.9.5 - Reflected Cross-Site Scripting

The plugin does not escape the 1 sdmactivetab GET parameter and 2 sdmstatsstartdate/sdmstatsenddate POST parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting issues PoC 1: This requires Firefox due to onclick+accesskey trick on hidden input. There is...

6.1CVSS6.1AI score0.008EPSS
Exploits2
wpexploit
wpexploit
added 2021/10/05 12:0 a.m.111 views

Translate WordPress - Google Language Translator < 6.0.12 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its settings before outputting it in various pages, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. Put the following payload in the Floating Widget Settings Custom text fo...

4.8CVSS0.3AI score0.00654EPSS
Exploits2References1
wpexploit
wpexploit
added 2021/10/05 12:0 a.m.2690 views

Perfect Survey < 1.5.2 - Unauthenticated SQL Injection

The plugin does not validate and escape the questionid GET parameter before using it in a SQL statement in the getquestion AJAX action, allowing unauthenticated users to perform SQL injection. The questionid must start with an existing post ID...

2AI score0.86896EPSS
Exploits7
wpexploit
wpexploit
added 2021/10/05 12:0 a.m.534 views

Simple Download Monitor < 3.9.5 - Contributor+ Stored Cross-Site Scripting via File Thumbnail

The plugin does not escape the "File Thumbnail" post meta before outputting it in some pages, which could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks. Given the that XSS is triggered even when the Download is in a review state, contributor could ma...

9CVSS0.01241EPSS
Exploits2
wpexploit
wpexploit
added 2021/10/05 12:0 a.m.514 views

Booking.com Banner Creator < 1.4.3 - Admin+ Stored Cross-Site Scripting

The plugin does not properly sanitize inputs when creating banners, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed Open the plugin's add new banner page B.com Banner - Add New Banner The form field named "Banner...

4.8CVSS0.6AI score0.00598EPSS
Exploits2
wpexploit
wpexploit
added 2021/10/05 12:0 a.m.491 views

Two Way Chat < 3.1.5 - Admin+ Local File Inclusion

The plugin does not properly sanitise and validate user input before using in require statements, leading to Local File Inclusion issues https://example.com/wp-admin/admin.php?page=TWCHsettings&tab=../../index https://example.com/wp-admin/admin.php?page=TWCHsettings&tab=Float&sT=../../index...

1.1AI score
Exploits0
wpexploit
wpexploit
added 2021/10/05 12:0 a.m.487 views

Booking.com Product Helper < 1.0.2 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitize and escape Product Code when creating Product Shortcode, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed When creating a "New product shortcode" you can inject XSS payloads like --! i...

4.8CVSS0.1AI score0.00598EPSS
Exploits2
wpexploit
wpexploit
added 2021/10/05 12:0 a.m.785 views

Batch Cat <= 0.3 - Subscriber+ Arbitrary Categories Add/Set/Delete to Posts

The plugin defines 3 custom AJAX actions, which both require authentication but are available for all roles. As a result, any authenticated user including simple subscribers can add/set/delete arbitrary categories to posts. Set the category 107 to the post 1537: POST /wp-admin/admin-ajax.php...

6.5CVSS0.6AI score0.00873EPSS
Exploits2
wpexploit
wpexploit
added 2021/10/04 12:0 a.m.703 views

Far Future Expiry Header < 1.5 - Plugin's Settings Update via CSRF

The plugin does not have CSRF check when saving its settings, which could allow attackers to make a logged in admin change them via a CSRF attack. csrf.submit...

4.3CVSS1.3AI score0.00453EPSS
Exploits2
wpexploit
wpexploit
added 2021/10/04 12:0 a.m.535 views

Events Made Easy < 2.2.24 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape Custom Field Names, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed Add/Edit a Custom Field /wp-admin/admin.php?page=eme-formfields and put the following payload in the Field Name:...

4.8CVSS0.1AI score0.00681EPSS
Exploits2References1
wpexploit
wpexploit
added 2021/10/04 12:0 a.m.506 views

Cardinity Payment Gateway for WooCommerce < 3.0.7 - Reflected Cross-Site Scripting

The plugin does not escape various parameter before outputting them in attributes, leading to Reflected Cross-Site Scripting issues Vulnerable parameters: amount, country, currency, orderid, description, returnurl, projectid, signature...

0.1AI score
Exploits0
wpexploit
wpexploit
added 2021/10/04 12:0 a.m.659 views

Logo Slider and Showcase < 1.3.37 - Editor Plugin's Settings Update

The plugin allows Editor users to update the plugin's settings via the rtWLSSettings AJAX action because it uses a nonce for authorisation instead of a capability check. - As Editor, go to Logo Showcase - Shortcode Generator - Run...

6.5CVSS0.9AI score0.0083EPSS
Exploits2
wpexploit
wpexploit
added 2021/10/04 12:0 a.m.529 views

BP Better Messages < 1.9.9.41 - Multiple CSRF

The plugin does not check for CSRF in multiple of its AJAX actions: bpbettermessagesleavechat, bpbettermessagesjoinchat, bpmessagesleavethread, bpmessagesmutethread, bpmessagesunmutethread, bpbettermessagesaddusertothread, bpbettermessagesexcludeuserfromthread. This could allow attackers to make...

8.8CVSS1AI score0.00703EPSS
Exploits2References1
wpexploit
wpexploit
added 2021/10/04 12:0 a.m.109 views

Easy PayPal Buy Now Button < 1.7.3 - CSRF to Stored Cross-Site Scripting

The plugin does not have CSRF check in place when saving its settings, and does not sanitise as well as escape them when output in the page. As a result, an attacker could make a logged in admin change them via. CSRF attack and perform Cross-Site Scripting attacks. The plugin also fixed a Reflect...

6AI score
Exploits0References1
wpexploit
wpexploit
added 2021/10/04 12:0 a.m.514 views

Themify Builder < 5.3.2 - Reflected Cross-Site Scripting

The plugin does not escape some parameters before outputting them back in attributes and tags in an admin page, leading to Reflected Cross-Site Scripting issues https://example.com/wp-admin/admin.php?page=themify-global-styles&status="alert/XSS/...

1.4AI score
Exploits0
wpexploit
wpexploit
added 2021/10/04 12:0 a.m.524 views

Coming Soon, Under Construction & Maintenance Mode By Dazzler < 1.6.7 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise or escape its description setting when outputting it in the frontend when the Coming Soon mode is enabled, even when the unfilteredhtml capability is disallowed, leading to an authenticated Stored Cross-Site Scripting issue Via the plugin's settings: - Enable the...

4.8CVSS4.8AI score0.00571EPSS
Exploits2
wpexploit
wpexploit
added 2021/10/04 12:0 a.m.498 views

MP3 Audio Player for Music, Radio & Podcast by Sonaar < 2.4.2 - Multiple Admin+ Cross Site Scripting

The plugin does not properly sanitize or escape data in some of its Playlist settings, allowing high privilege users to perform Cross-Site Scripting attacks 1 Add playlist with "Optional Call to Action"'s "Label" set to: " style="animation-name:twentytwentyone-close-button-transition"...

4.8CVSS0.8AI score0.00622EPSS
Exploits2
wpexploit
wpexploit
added 2021/10/04 12:0 a.m.695 views

Image Source Control < 2.3.1 - Contributor+ Arbitrary Post Meta Value Change

The plugin allows users with a role as low as Contributor to change arbitrary post meta fields of arbitrary posts even those they should not be able to edit Run while in the Post/Page editor as a contributor jQuery.postajaxurl, action: "iscsavemeta", nonce: iscData.nonce, id:781, key:...

4.3CVSS1.6AI score0.00768EPSS
Exploits2References1
wpexploit
wpexploit
added 2021/10/04 12:0 a.m.705 views

Paypal Donation < 1.3.1 - CSRF to Arbitrary Post Deletion

The plugin provides a function to create donation buttons which are internally stored as posts. The deletion of a button is not CSRF protected and there is no control to check if the deleted post was a button post. As a result, an attacker could make logged in admins delete arbitrary posts...

4.3CVSS1.6AI score0.00453EPSS
Exploits2
wpexploit
wpexploit
added 2021/10/04 12:0 a.m.727 views

Paypal Donation < 1.3.1 - CSRF to Stored Cross-Site Scripting

The plugin offers a function to create donation buttons, which internally are posts. The process to create a new button is lacking a CSRF check. An attacker could use this to make an authenticated admin create a new button. Furthermore, one of the Button field is not escaped before being output i...

4.3CVSS4.4AI score0.00487EPSS
Exploits2References1
wpexploit
wpexploit
added 2021/10/04 12:0 a.m.555 views

BP Better Messages < 1.9.9.41 - Reflected Cross-Site Scripting

The plugin sanitise with sanitizetextfield but does not escape the 'subject' parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting issue https://example.com/chat-rooms/?subject=asd%22%20%22%20onmouseover=javascript:alert1;%20test=%22&new-message=asd...

6.1CVSS0.9AI score0.00912EPSS
Exploits2References1
wpexploit
wpexploit
added 2021/10/01 12:0 a.m.573 views

Ivory Search < 4.7 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape the post parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting issue. The data parameter was also affected, although it was not reported...

6.1CVSS0.6AI score0.00731EPSS
Exploits1
wpexploit
wpexploit
added 2021/09/30 12:0 a.m.778 views

JS Job Manager < 1.1.9 - Unauthenticated Arbitrary Plugin Installation/Activation

The jsjobsajax AJAX action of the plugin available to both authenticated and unauthenticated users does not have proper authorisation and CSRF checks, in particular when using the installPluginFromAjax and activatePluginFromAjax, which could allow unauthenticated attackers to install arbitrary...

0.9AI score
Exploits0References1
wpexploit
wpexploit
added 2021/09/29 12:0 a.m.542 views

Modern Events Calendar Lite < 5.22.3 - Authenticated Stored Cross Site Scripting

The plugin does not properly sanitize or escape values set by users with access to adjust settings withing wp-admin. Go to Setting Tab Under Calendar Lite Plugin Under Setting tab Click on Slugs/Permalinks tab Enter the XSS payload into Main Slug and Category Slug both. Both fields are vulnerable...

5.4CVSS0.00629EPSS
Exploits2
wpexploit
wpexploit
added 2021/09/29 12:0 a.m.753 views

Stylish Price List < 6.9.1 - Subscriber+ Arbitrary Image Upload

The plugin does not perform capability checks in its spluploadserimg AJAX action available to authenticated users, which could allow any authenticated users, such as subscriber, to upload arbitrary images...

6.5CVSS0.8AI score0.00825EPSS
Exploits2
wpexploit
wpexploit
added 2021/09/29 12:0 a.m.570 views

WPeMatico RSS Feed Fetcher < 2.6.12 - Admin+ Stored Cross-Site Scripting

The plugin does not escape the Feed URL added to a campaign before outputting it in an attribute, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. Create/edit a campaign and add the following feed URL:...

4.8CVSS0.7AI score0.00622EPSS
Exploits2
wpexploit
wpexploit
added 2021/09/29 12:0 a.m.725 views

Stylish Price List < 6.9.0 - Unauthenticated Arbitrary Image Upload

The plugin does not perform capability checks in its spluploadserimg AJAX action available to both unauthenticated and authenticated users, which could allow unauthenticated users to upload images. v6.9.0 removed the unauthenticated hook, however, no capability and CSRF checks were implemented,...

5.3CVSS0.4AI score0.0102EPSS
Exploits2
wpexploit
wpexploit
added 2021/09/29 12:0 a.m.567 views

WordPress Download Manager < 3.2.16 - Admin+ Stored Cross-Site Scripting

The plugin does not escape some of the Download settings when outputting them, allowing high privilege users to perform XSS attacks even when the unfilteredhtml capability is disallowed - Create a new Download, add the following payload in the "Version" and "Link Label" fields from the 'Package...

4.8CVSS0.3AI score0.02774EPSS
Exploits2
wpexploit
wpexploit
added 2021/09/28 12:0 a.m.590 views

Cool Tag Cloud < 2.26 - Contributor+ Stored Cross-Site Scripting

The plugin does not escape the style attribute of the cooltagcloud shortcode, which could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks. cooltagcloud style='" style="animation-name:twentytwentyone-close-button-transition" onanimationend="alert/XSS/'...

5.4CVSS2.1AI score0.00629EPSS
Exploits2
wpexploit
wpexploit
added 2021/09/28 12:0 a.m.703 views

Flat Preloader < 1.5.4 - CSRF to Stored Cross-Site Scripting

The plugin does not enforce nonce checks when saving its settings, as well as does not sanitise and escape them, which could allow attackers to a make logged in admin change them with a Cross-Site Scripting payload triggered either in the frontend or backend depending on the payload The CSRF was...

5.4CVSS5.3AI score0.00491EPSS
Exploits2
wpexploit
wpexploit
added 2021/09/28 12:0 a.m.550 views

Flat Preloader < 1.5.5 - Admin+ Stored Cross-Site Scripting

The plugin does not escape some of its settings when outputting them in attribute in the frontend, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml is disallowed Put the following payload in the "Alt text" setting of the plugin, then view...

4.8CVSS0.6AI score0.00622EPSS
Exploits2
wpexploit
wpexploit
added 2021/09/28 12:0 a.m.612 views

Restaurant Menu by MotoPress < 2.4.2 - Admin+ Stored Cross Site Scripting

The plugin does not properly sanitize or escape inputs when creating new menu items, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed Click on "Add New" under Restaurant Menu Plugin. Give any random title like...

4.8CVSS0.4AI score0.00622EPSS
Exploits2
Total number of security vulnerabilities4359