Lucene search
K
WpexploitRecent

4359 matches found

wpexploit
wpexploit
added 2021/09/28 12:0 a.m.542 views

Connections Business Directory < 10.4.3 - Admin+ Stored Cross-Site Scripting

The plugin does not escape the Address settings when creating an Entry, which could allow high privilege users to perform Cross-Site Scripting when the unfilteredhtml capability is disallowed. Add an Entry /wp-admin/admin.php?page=connectionsadd and put the following payload in the Address Line...

4.8CVSS4.8AI score0.00705EPSS
Exploits2
wpexploit
wpexploit
added 2021/09/28 12:0 a.m.540 views

WP Reactions Lite < 1.3.6 - Authenticated Stored Cross Site Scripting

The plugin does not properly sanitize inputs within wp-admin pages, allowing users with sufficient access to inject XSS payloads within /wp-admin/ pages. Open Global Activation and Click on Customize Now On Step3 StylingTab Enter the XSS payload into "Whats your reaction" field Payload Used :...

5.4CVSS5.3AI score0.00629EPSS
Exploits2
wpexploit
wpexploit
added 2021/09/28 12:0 a.m.718 views

AutomatorWP < 1.7.6 - Missing Authorization and Privilege Escalation

The plugin does not perform capability checks which allows users with Subscriber roles to enumerate automations, disclose title of private posts or user emails, call functions, or perform privilege escalation via Ajax actions. Attack Procedures 1 Run this in Dashboard while logged in as Subscribe...

8.8CVSS0.9AI score0.01294EPSS
Exploits2
wpexploit
wpexploit
added 2021/09/27 12:0 a.m.525 views

WordPress Contact Forms by Cimatti < 1.4.12 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape the Form Title before outputting it in some admin pages. which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml is disallowed. 1. go to Forms. 2. go to Add New Form 3. In th title put alert"Ehlo"; 4. Save...

4.8CVSS0.3AI score0.00598EPSS
Exploits2
wpexploit
wpexploit
added 2021/09/27 12:0 a.m.800 views

Check & Log Email < 1.0.3 - Admin+ SQL Injections

The plugin does not validate and escape the "order" and "orderby" GET parameters before using them in a SQL statement when viewing logs, leading to SQL injections issues With the 'Enable Log' settings of the plugin activated: -...

7.2CVSS1.2AI score0.01275EPSS
Exploits2
wpexploit
wpexploit
added 2021/09/27 12:0 a.m.443 views

WooCommerce Product Table Lite < 2.4.0 - Reflected Cross-Site Scripting

The plugin does not escape the pricerangemin and pricerangemax parameters before outputting them back in attributes, leading a Reflected Cross-Site Scripting issue On a page where there is a Product Table with a Price filter, append the following payload to the min and max price filters:"alert/XS...

0.1AI score
Exploits0
wpexploit
wpexploit
added 2021/09/27 12:0 a.m.42 views

WP Visited Countries Reloaded < 3.1.1 - Reflected Cross-Site Scripting

The plugin does not escape the page parameter in its Countries dashboard before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting issue alert/XSS/' /...

0.1AI score
Exploits0
wpexploit
wpexploit
added 2021/09/27 12:0 a.m.742 views

Permalink Manager Lite < 2.2.13.1 - Admin+ SQL Injection

The plugin does not validate and escape the orderby parameter before using it in a SQL statement in the Permalink Manager page, leading to a SQL Injection https://example.com/wp-admin/tools.php?page=permalink-manager&orderby=ID+AND+SELECT+9480+FROM+SELECTSLEEP5EXid...

7.2CVSS1.6AI score0.01336EPSS
Exploits2
wpexploit
wpexploit
added 2021/09/27 12:0 a.m.132 views

Wappointment < 2.2.5 - Unauthenticated Stored Cross-Site Scripting

The plugin does not sanitise the name parameter when booking an appointment, leading to a Stored Cross-Site Scripting issue which is triggered when an admin view the Calendar. POST /wp-json/wappointment/v1/services/booking HTTP/1.1 Content-Length: 205 Accept: application/json, text/plain, /...

0.4AI score
Exploits0References1
wpexploit
wpexploit
added 2021/09/27 12:0 a.m.772 views

WP Debugging < 2.11.0 - Unauthenticated Plugin's Settings Update

The plugin has its updatesettings function hooked to admininit and is missing any authorisation and CSRF checks, as a result, the settings can be updated by unauthenticated users. csrf.submit POST /wp-admin/admin-post.php HTTP/1.1 Accept:...

6.5CVSS1.3AI score0.00556EPSS
Exploits2
wpexploit
wpexploit
added 2021/09/27 12:0 a.m.529 views

WP Table Builder < 1.3.10 - Reflected Cross-Site Scripting

The plugin does not escape a page parameter before outputting it back in an admin dashboard page, leading to a Reflected Cross-Site Scripting issue alert/XSS/' /...

0.2AI score
Exploits0
wpexploit
wpexploit
added 2021/09/27 12:0 a.m.484 views

Great Quotes <= 1.0.0 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape the Quote and Author fields of its Quotes, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml is disallowed. Add/edit a Quote and put the following payload in the "Quote" and "Author" fields:...

4.8CVSS0.9AI score0.00598EPSS
Exploits2
wpexploit
wpexploit
added 2021/09/27 12:0 a.m.664 views

NinjaForms < 3.5.8.2 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape the custom class name of the form field created, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. With the Form Builder "Dev Mode” setting enabled, create a form and a fiel...

4.8CVSS0.2AI score0.00598EPSS
Exploits2
wpexploit
wpexploit
added 2021/09/27 12:0 a.m.472 views

Visual Form Builder < 3.0.4 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise or escape its Form Name, allowing high privilege users such as admin to set Cross-Site Scripting payload in them, even when the unfilteredhtml capability is disallowed Create a new Form via the plugin, fill it with any values. In the next step, change the Form name to...

4.8CVSS0.5AI score0.00598EPSS
Exploits2
wpexploit
wpexploit
added 2021/09/24 12:0 a.m.137 views

WP DSGVO Tools (GDPR) < 3.1.24 - Unauthenticated Plugin's Settings Update to Stored Cross-Site Scripting

The plugin is lacking proper authorisation and CSRF checks, makes some functions available to unauthenticated as well as any authenticated users via AJAX hooks. As a result, unauthenticated users could update some of the plugin's settings, and set a Cross-Site Scripting payload in the Matomo Code...

Exploits0References2
wpexploit
wpexploit
added 2021/09/23 12:0 a.m.200 views

3DPrint Lite < 1.9.1.5 - Unauthenticated Arbitrary File Upload

Description The plugin does not have any authorisation and does not check the uploaded file in its p3dlitehandleupload AJAX action , allowing unauthenticated users to upload arbitrary file to the web server. However, there is a .htaccess, preventing the file to be accessed on Web servers such as...

9.8CVSS7.5AI score0.067EPSS
Exploits2References1
wpexploit
wpexploit
added 2021/09/22 12:0 a.m.136 views

Ninja Forms < 3.5.8 - Unprotected REST-API to Email Injection

The plugin is vulnerable to arbitrary email sending via the triggeremailaction function found in the /includes/Routes/Submissions.php file, in versions up to and including 3.5.7. This allows authenticated attackers to send arbitrary emails from the affected server via the...

6.4CVSS0.4AI score0.00636EPSS
Exploits2References1
wpexploit
wpexploit
added 2021/09/22 12:0 a.m.553 views

Easy Media Download < 1.1.7 - Contributor+ Stored Cross-Site Scripting

The plugin does not escape the text argument of its shortcode, which could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks. Affected argument: url, text, target, rel and class easymediadownload url="/" text='" onerror="alert/XSS///http' easymediadownlo...

5.4CVSS1.1AI score0.00604EPSS
Exploits2
wpexploit
wpexploit
added 2021/09/22 12:0 a.m.145 views

Ninja Forms < 3.5.8 - Unprotected REST-API to Sensitive Information Disclosure

The plugin is vulnerable to sensitive information disclosure via the bulkexportsubmissions function found in the /includes/Routes/Submissions.php file, in versions up to and including 3.5.7. This allows authenticated attackers to export all Ninja Forms submissions data via the...

6.5CVSS0.7AI score0.01122EPSS
Exploits2References1
wpexploit
wpexploit
added 2021/09/22 12:0 a.m.687 views

WP User Manager < 2.6.3 - Arbitrary User Password Reset to Account Compromise

The plugin does not ensure that the user ID to reset the password of is related to the reset key given. As a result, any authenticated user can reset the password to an arbitrary value of any user knowing only their ID, and gain access to their account. User registration must be enabled or you mu...

5.4CVSS0.3AI score0.006EPSS
Exploits3
wpexploit
wpexploit
added 2021/09/22 12:0 a.m.174 views

Cookie Bar <= 1.8.8 - Admin+ Stored Cross-Site Scripting

The plugin doesn't properly sanitise the Cookie Bar Message setting, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed Add the following payload in the "Cookie Bar Message" setting of the plugin...

4.8CVSS0.5AI score0.00598EPSS
Exploits2
wpexploit
wpexploit
added 2021/09/21 12:0 a.m.156 views

WP HTML Author Bio <= 1.2.0 - Author+ Stored Cross-Site Scripting

The plugin does not sanitise the HTML allowed in the Bio of users, allowing them to use malicious JavaScript code, which will be executed when anyone visit a post in the frontend made by such user. As a result, user with a role as low as author could perform Cross-Site Scripting attacks against...

5.4CVSS0.5AI score0.01771EPSS
Exploits3
wpexploit
wpexploit
added 2021/09/21 12:0 a.m.137 views

Special Text Boxes <= 5.9.109 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise or escape some of its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml is disallowed. Put the following payload in any of the field in the 'Basic Settings' section of the plugin's setting...

4.8CVSS1.2AI score0.00598EPSS
Exploits2
wpexploit
wpexploit
added 2021/09/21 12:0 a.m.709 views

jQuery Reply to Comment <= 1.31 - CSRF to Stored Cross-Site Scripting

The plugin does not have any CSRF check when saving its settings, nor sanitise or escape its 'Quote String' and 'Reply String' settings before outputting them in Comments, leading to a Stored Cross-Site Scripting issue. Put the following payload in the 'Quote String' or 'Reply String' settings of...

6.1CVSS0.00399EPSS
Exploits2
wpexploit
wpexploit
added 2021/09/21 12:0 a.m.514 views

Allow REL= and HTML in Author Bios <= .1- Author+ Stored Cross-Site Scripting

The plugin does not sanitise the allowed HTML in Bio, allowing user with a role as low as author to perform Cross-Site Scripting attack against users viewing their posts As Author, put a JS payload such as alert/XSS/ in your Biographical Info via your Profile, then access any public posts made by...

6.5AI score
Exploits0
wpexploit
wpexploit
added 2021/09/21 12:0 a.m.128 views

Frontend Uploader <= 1.3.2 - Unauthenticated Stored Cross-Site Scripting

The plugin does not prevent HTML files from being uploaded via its form, allowing unauthenticated user to upload a malicious HTML file containing JavaScript for example, which will be triggered when someone access the file directly In a page/posts where the fu-upload-form shortcode is embed, simp...

6.1CVSS6.3AI score0.26379EPSS
Exploits6
wpexploit
wpexploit
added 2021/09/21 12:0 a.m.733 views

WP Mega Menu < 1.4.0 - Unauthenticated Arbitrary Post Access

The plugin does not properly check for capability and CSRF due to a logic flaw, in its exporttheme and exportwpmegamenunavmenu methods, hooked to admininit. As a result, unauthenticated users can call them and access arbitrary post data, including password protected or private ones. Access an...

0.5AI score
Exploits0
wpexploit
wpexploit
added 2021/09/21 12:0 a.m.764 views

WP Mega Menu < 1.4.1 - Subscriber+ Arbitrary Post Access

The plugin does not properly check for capability and CSRF due to a logic flaw, in its exporttheme and exportwpmegamenunavmenu methods, hooked as AJAX actions and available to any authenticated users. As a result, low privilege authenticated users such as subscribers can call them and access...

0.8AI score
Exploits0
wpexploit
wpexploit
added 2021/09/21 12:0 a.m.498 views

Responsive WordPress Slider <= 2.2.0 - Reflected Cross-Site Scripting

The plugin does not escape the id parameter before outputting it back in attributes, leading to a Reflected Cross-Site Scripting issue. Timeline: August 11th, 2021 - Details sent to vendor August 12th, 2021 - Vendor working on a patch August 24th, 2021 - Ticket put as 'solved' on vendor side due ...

0.6AI score
Exploits0
wpexploit
wpexploit
added 2021/09/21 12:0 a.m.490 views

Responsive WordPress Slider <= 2.2.0 - Subscriber+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of the Slider options, allowing Cross-Site Scripting payloads to be set in them. Furthermore, as by default any authenticated user is allowed to create Sliders https://wordpress.org/support/topic/slider-can-be-changed-from-any-user-even-subscriber/, su...

5.4CVSS5.5AI score0.006EPSS
Exploits2
wpexploit
wpexploit
added 2021/09/21 12:0 a.m.491 views

Request a Quote < 2.3.5 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise, validate or escape some of its settings in the admin dashboard, leading to authenticated Stored Cross-Site Scripting issues even when the unfilteredhtml capability is disallowed. As admin, put the below payloads in the related vulnerable field/s and save them there i...

4.8CVSS5.1AI score0.00622EPSS
Exploits2
wpexploit
wpexploit
added 2021/09/21 12:0 a.m.673 views

St Daily Tip <= 4.7 - CSRF to Stored Cross-Site Scripting

The plugin does not have any CSRF check in place when saving its 'Default Text to Display if no tips' setting, and was also lacking sanitisation as well as escaping before outputting it the page. This could allow attacker to make logged in administrators set a malicious payload in it, leading to ...

8.8CVSS8AI score0.00618EPSS
Exploits2
wpexploit
wpexploit
added 2021/09/21 12:0 a.m.535 views

Game Server Status <= 1.0 - Admin+ Stored Cross-Site Scripting

The plugin does not escape some of the Game Server data, which could allow high privilege users such as admin to perform Cross-Site Scripting even when the unfiletredhtml is disallowed Create/Edit a Game Server and add the following payload as Server name: Test"alert/XSS/...

1AI score
Exploits0
wpexploit
wpexploit
added 2021/09/21 12:0 a.m.777 views

Video Gallery - Vimeo and YouTube Gallery < 1.1.5 - Admin+ Stored Cross-Site Scripting

The plugin does not escape the Title and Description of the videos in a gallery before outputting them in attributes, leading to Stored Cross-Site Scripting issues Add the following payload in the Title or Description of a Video added in a List/Gallery: "onmouseover=alert/XSS/// Then view the...

4.8CVSS0.00598EPSS
Exploits2
wpexploit
wpexploit
added 2021/09/21 12:0 a.m.540 views

Fetch Tweets <= 2.6.4 - Reflected Cross-Site Scripting

The plugin does not escape some parameters before outputting them back in attributes in an admin page, leading to Reflected Cross-Site Scripting issues alert/XSS-page/' / alert/XSS-tab/' /...

Exploits0
wpexploit
wpexploit
added 2021/09/21 12:0 a.m.592 views

Game Server Status <= 1.0 - Admin+ SQL Injection

The plugin does not validate or escape the serverid parameter before using it in SQL statement, leading to an Authenticated SQL Injection in an admin page sqlmap -u "https://example.com/wp-admin/admin.php?page=grohsfabian-add-game-servers&serverid=1" -p serverid --dbms mysql --cookie your cookie...

7.2CVSS1.6AI score0.013EPSS
Exploits2
wpexploit
wpexploit
added 2021/09/21 12:0 a.m.523 views

Game Server Status <= 1.0 - Contributor+ SQL Injection

The plugin does not validate or escape the server id shortcode attribute before using it in a SQL statement, allowing any user with a role as low as contributor to perform SQL Injection attacks As a contributor or above, put the below shortcode in a page/post and view/preview it game-servers...

1.4AI score
Exploits0
wpexploit
wpexploit
added 2021/09/20 12:0 a.m.479 views

Polo Video Gallery <= 1.2 - Contributor+ Stored Cross-Site Scripting

The plugin does not sanitise or validate the parameters from its shortcode, allowing users with a role as low as contributor to set Cross-Site Scripting payload in them which will be triggered in the page/s with the embed malicious shortcode Log in as contributor and add the following shortcode i...

5.4CVSS0.8AI score0.00562EPSS
Exploits1
wpexploit
wpexploit
added 2021/09/20 12:0 a.m.535 views

StreamCast < 2.1.1 - Contributor+ Stored Cross-Site Scripting

The plugin does not sanitise or validate the parameters from its shortcode, allowing users with a role as low as contributor to set Cross-Site Scripting payload in them which will be triggered in the page/s with the embed malicious shortcode Log in as contributor and add the following shortcode i...

5.4CVSS0.5AI score0.00562EPSS
Exploits1
wpexploit
wpexploit
added 2021/09/20 12:0 a.m.514 views

Html5 Audio Player < 2.1.3 - Contributor+ Stored Cross-Site Scripting

The plugin does not sanitise or validate the parameters from its shortcode, allowing users with a role as low as contributor to set Cross-Site Scripting payload in them which will be triggered in the page/s with the embed malicious shortcode Log in as contributor and add the following shortcode i...

5.4CVSS0.6AI score0.00629EPSS
Exploits2
wpexploit
wpexploit
added 2021/09/20 12:0 a.m.658 views

WP Cookie Choice <= 1.1.0 - CSRF to Stored Cross-Site Scripting

The plugin is lacking any CSRF check when saving its options, and do not escape them when outputting them in attributes. As a result, an attacker could make a logged in admin change them to arbitrary values including XSS payloads via a CSRF attack...

6.5CVSS0.8AI score0.00509EPSS
Exploits1
wpexploit
wpexploit
added 2021/09/20 12:0 a.m.528 views

LearnPress < 4.1.3.1 - Multiple Admin+ Stored Cross-Site Scripting

The plugin does not properly sanitize or escape various inputs within course settings, which could allow high privilege users to perform Cross-Site Scripting attacks when the unfiltredhtml capability is disallowed When adding new courses, the following fields can have XSS payloads like "alert1...

4.8CVSS0.2AI score0.00661EPSS
Exploits2
wpexploit
wpexploit
added 2021/09/20 12:0 a.m.499 views

BetterDocs < 1.9.0 - Reflected Cross-Site Scripting

The plugin does not escape the tagID before outputting it back in the edit category page of the admin dashboard, leading to a Reflected Cross-Site Scripting issue https://example.com/wp-admin/term.php?taxonomy=doccategory&tagID=147"alert/XSS/...

0.4AI score
Exploits0
wpexploit
wpexploit
added 2021/09/20 12:0 a.m.510 views

Easy Twitter Feed < 1.2 - Contributor+ Stored Cross-Site Scripting

The plugin does not sanitise or validate the parameters from its shortcode, allowing users with a role as low as contributor to set Cross-Site Scripting payload in them which will be triggered in the page/s with the embed malicious shortcode Log in as contributor and add the following shortcode i...

5.4CVSS5.3AI score0.00629EPSS
Exploits2
wpexploit
wpexploit
added 2021/09/20 12:0 a.m.895 views

Multiple Plugins from CatchThemes - Unauthorised Plugin's Setting Change

Multiple Plugins from the CatchThemes vendor do not perform capability and CSRF checks in the ctpswitch AJAX action, which could allow any authenticated users, such as Subscriber to change the plugin's configurations. 1 Turn off "Turn On Catch Themes & Catch Plugin tabs" jQuery.postajaxurl,...

5.7CVSS1AI score0.00408EPSS
Exploits2
wpexploit
wpexploit
added 2021/09/20 12:0 a.m.742 views

MainWP Child Reports < 2.0.8 - Admin+ SQL Injection

The plugin does not validate or sanitise the order parameter before using it in a SQL statement in the admin dashboard, leading to an SQL injection issue https://example.com/wp-admin/options-general.php?page=mainwp-reports-page&order=+AND+SELECT+7332 FROM+SELECTSLEEP5qiXg - the web page freezes f...

7.2CVSS0.8AI score0.01327EPSS
Exploits2
wpexploit
wpexploit
added 2021/09/20 12:0 a.m.529 views

Gutenberg PDF Viewer Block < 1.0.1 - Contributor+ Stored Cross-Site Scripting

The plugin does not sanitise and escape its block, which could allow users with a role as low as Contributor to perform Cross-Site Scripting attacks...

5.4CVSS0.00629EPSS
Exploits2
wpexploit
wpexploit
added 2021/09/20 12:0 a.m.541 views

GamePress <= 1.1.0 - Reflected Cross-Site Scripting

The plugin does not escape the opedit POST parameter before outputting it back in multiple Game Option pages, leading to Reflected Cross-Site Scripting issues Affected pages: op=engines, op=perspectives, op=modes, op=genres, op=themes, op=platforms alert'xss'" document.test.submit;...

6.1CVSS0.1AI score0.00745EPSS
Exploits1
wpexploit
wpexploit
added 2021/09/20 12:0 a.m.537 views

Sociable <= 4.3.4.1 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise or escape some of its settings before outputting them in the admins dashboard, allowing high privilege users to perform Cross-Site Scripting attacks against other users even when the unfilteredhtml capability is disallowed Put the following payload in the "Background...

4.8CVSS4.8AI score0.00622EPSS
Exploits2
wpexploit
wpexploit
added 2021/09/20 12:0 a.m.107 views

WP Ticket < 5.10.4 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitize or escape form fields before outputting it in the List, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. Navigate to WP Ticket Forms edit layout of "Open a Ticket" or "Search Tickets"...

4.8CVSS4.8AI score0.00622EPSS
Exploits2
Total number of security vulnerabilities4359