Lucene search
K
WpexploitRecent

4359 matches found

wpexploit
wpexploit
added 2021/09/20 12:0 a.m.493 views

Page Generator < 1.5.9 - Reflected Cross-Site Scripting

The plugin does not properly escape user input before outputting it back in attributes, leading to reflected Cross-Site Scripting issues alert/XSS/' /...

6.6AI score
Exploits0
wpexploit
wpexploit
added 2021/09/20 12:0 a.m.581 views

WordPress to Hootsuite (< 1.3.9) & Buffer (< 3.7.5) - Reflected Cross-Site Scripting

The plugins do not properly sanitise and escape user input before outputting it back in pages and attributes, which could lead to reflected Cross-Site Scripting issues https://example.com/wp-admin/admin.php?page=wp-to-buffer-log&s=alert/XSS/...

6.5AI score
Exploits0
wpexploit
wpexploit
added 2021/09/20 12:0 a.m.537 views

YITH WooCommerce Product Add-Ons < 2.1.0 - Reflected Cross-Site Scripting

The plugin does not escape some parameters before outputting them back in the edit addon page in the admin dashboard, leading to Reflected Cross-Site Scripting issues v alert/XSS-id/&addontype=html"alert/XSS-type/ v 2.1.0...

0.3AI score
Exploits0
wpexploit
wpexploit
added 2021/09/20 12:0 a.m.483 views

One User Avatar < 2.3.7 - Contributor+ Stored Cross-Site Scripting

The plugin does not escape the link and target attributes of its shortcode, allowing users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks avatar link="javascript:alertorigin" avatar target='" style="animation-name:twentytwentyone-close-button-transition"...

5.4CVSS1.8AI score0.00629EPSS
Exploits2
wpexploit
wpexploit
added 2021/09/20 12:0 a.m.514 views

One User Avatar < 2.3.7 - Avatar Update via CSRF

The plugin does not check for CSRF when updating the Avatar in page where the avatarupload shortcode is embed. As a result, attackers could make logged in user change their avatar via a CSRF attack Click...

6.5CVSS0.5AI score0.00553EPSS
Exploits2
wpexploit
wpexploit
added 2021/09/20 12:0 a.m.720 views

Scroll Baner <= 1.0 - CSRF to RCE

The plugin does not have CSRF check in place when saving its settings, nor perform any sanitisation, escaping or validation on them. This could allow attackers to make logged in admin change them and could lead to RCE via a file upload as well as XSS function submitRequest var xhr = new...

6.5CVSS0.00553EPSS
Exploits2
wpexploit
wpexploit
added 2021/09/20 12:0 a.m.845 views

WP Import Export Lite < 3.9.5 - Subscriber+ Extensions Update

The plugin does not have any CSRF and authorisation checks done in wpieextsaveextensions AJAX action. This could allow any authenticated user such as subscriber, or an unauthenticated attacker via a CSRF to set the extensions to be used by the plugin, as well as disable all of them To disabled al...

0.6AI score
Exploits0
wpexploit
wpexploit
added 2021/09/20 12:0 a.m.843 views

WP Import Export Lite < 3.9.5 - Subscriber+ Arbitrary Blog Options Update

The plugin does not have any CSRF and authorisation checks done in the wpieextsaveextensiondata AJAX action, nor do perform any validation on the option to be updated. As a result, any authenticated user such as subscriber, or an unauthenticated attacker via a CSRF could update any of the blog...

0.7AI score
Exploits0
wpexploit
wpexploit
added 2021/09/20 12:0 a.m.537 views

YITH WooCommerce Product Add-Ons < 2.1.0 - Authenticated Local File Inclusion

The plugin does not validate user input before using it to generate a local path passed to include, which could lead to a Local File Inclusion issue on Windows Web Servers https://example.com/wp-admin/admin.php?page=yithwapopanel&tab=blocks&blockid=1&addonid=1&addontype=html%2F..%2Fhello...

2.6AI score
Exploits0
wpexploit
wpexploit
added 2021/09/20 12:0 a.m.508 views

BetterDocs 1.9.0-1.9.1 - Reflected Cross-Site Scripting

The plugin does not escape the daterange parameter before outputting it back in the All docs admin dashboard, leading to a Reflected Cross-Site Scripting issue https://example.com/wp-admin/admin.php?page=betterdocs-admin&daterange="alert/XSS/...

0.7AI score
Exploits0
wpexploit
wpexploit
added 2021/09/20 12:0 a.m.749 views

Wechat Reward <= 1.7 - CSRF to Stored Cross-Site Scripting

The plugin does not sanitise or escape its QR settings, nor has any CSRF check in place, allowing attackers to make a logged in admin change the settings and perform Cross-Site Scripting attacks. Put the following payload in the QR setting: "alert/XSS/ The XSS will be triggered in the plugin's...

5.4CVSS5.4AI score0.00382EPSS
Exploits1
wpexploit
wpexploit
added 2021/09/20 12:0 a.m.499 views

Tutor LMS < 1.9.9 - Multiple Admin+ Stored Cross-Site Scripting

The plugin does not escape some of its settings before outputting them in attributes, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. Put the following payload in the Plugin's Settings General "Error message for...

4.8CVSS4.8AI score0.00622EPSS
Exploits2
wpexploit
wpexploit
added 2021/09/16 12:0 a.m.154 views

BulletProof Security < 5.2 - Sensitive Information Disclosure

The plugin is vulnerable to sensitive information disclosure due to a file path disclosure in the publicly accessible /dbbackuplog.txt file which grants attackers the full path of the site, in addition to the path of database backup files...

5.3CVSS1.5AI score0.7233EPSS
Exploits7References2
wpexploit
wpexploit
added 2021/09/15 12:0 a.m.660 views

Find My Blocks < 3.4.0 - Private Post Titles Disclosure

The plugin does not have authorisation checks in its REST API, which could allow unauthenticated users to enumerate private posts' titles. Create a private post with at least one Gutenburg paragraph block and go to https://example.com/wp-json/find-my-blocks/blocks/?name=core/paragraph...

5.3CVSS0.7AI score0.01212EPSS
Exploits2
wpexploit
wpexploit
added 2021/09/15 12:0 a.m.820 views

PDF Light Viewer < 1.4.12 - Authenticated Command Injection

The plugin allows users with Author roles to execute arbitrary OS command on the server via OS Command Injection when invoking Ghostscript. 1 Go to Import PDF. 2 Select PDF file. 3 Set compression as 60 | calc | echo 4 Toggle import the first checkbox 5 Publish or update 6 Command executes...

9CVSS2.5AI score0.04268EPSS
Exploits2
wpexploit
wpexploit
added 2021/09/15 12:0 a.m.567 views

PlanSo Forms <= 2.6.3 - Authenticated Stored Cross-Site Scripting

The plugin does not escape the title of its Form before outputting it in attributes, allowing high privilege users such as admin to set XSS payload in it, even when the unfilteredhtml is disallowed, leading to an Authenticated Stored Cross-Site Scripting issue. Timeline July 12th, 2021 - Vendor...

4.8CVSS0.4AI score0.00618EPSS
Exploits2
wpexploit
wpexploit
added 2021/09/15 12:0 a.m.634 views

Dflip Lite < 1.7.10 - Contributor+ Stored Cross-Site Scripting

Description The plugin does not escape the class attribute of its shortcode before outputting it back in an attribute, which could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks dflip class='"...

5.4CVSS5.4AI score0.00629EPSS
Exploits2
wpexploit
wpexploit
added 2021/09/15 12:0 a.m.511 views

Compact WP Audio Player < 1.9.7 - Setting Change via CSRF

The plugin does not implement nonce checks, which could allow attackers to make a logged in admin change the "Disable Simultaneous Play" setting via a CSRF attack. csrf.submit...

6.5CVSS1.6AI score0.00553EPSS
Exploits2
wpexploit
wpexploit
added 2021/09/15 12:0 a.m.661 views

SEO Redirection < 7.9 - Arbitrary Redirect Deletion via CSRF

The plugin does have CSRF in place, allowing attackers to make logged in admin delete arbitrary Custom and Post Redirects via a CSRF attack. v...

2.2AI score
Exploits0
wpexploit
wpexploit
added 2021/09/15 12:0 a.m.502 views

Compact WP Audio Player < 1.9.7 - Contributor+ Stored Cross-Site Scripting

The plugin does not escape some of its shortcodes attributes, which could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks. scembedplayer fileurl='" style="animation-name:twentytwentyone-close-button-transition" onanimationend="alertorigin//'...

5.4CVSS2.4AI score0.00629EPSS
Exploits2
wpexploit
wpexploit
added 2021/09/15 12:0 a.m.549 views

Podcast Subscribe Buttons < 1.4.2 - Contributor+ Stored XSS

The plugin allows users with any role capable of editing or adding posts to perform stored XSS. Add the below payload as a shortcode block: podcastsubscribe alignment='" style="animation-name:twentytwentyone-close-button-transition" onanimationend="alertorigin//'...

5.4CVSS1AI score0.00604EPSS
Exploits2
wpexploit
wpexploit
added 2021/09/15 12:0 a.m.627 views

Shared Files < 1.6.57 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its settings before outputting them in attributes, which could lead to Stored Cross-Site Scripting issues. Put the following payload in the "Folder for new files" and "Maximum size of uploaded file" settings of the plugin: "alert/XSS/...

4.8CVSS4.9AI score0.00622EPSS
Exploits2
wpexploit
wpexploit
added 2021/09/13 12:0 a.m.482 views

SEO Redirection < 7.4 - Reflected Cross-Site Scripting

The plugin does not escape the tab parameter before outputting it back in JavaScript code, leading to a Reflected Cross-Site Scripting issue " / " /...

0.1AI score
Exploits0
wpexploit
wpexploit
added 2021/09/13 12:0 a.m.600 views

Quiz And Survey Master < 7.3.2 - Admin+ Stored Cross-Site Scripting

The plugin does not escape the Quiz Url Slug setting before outputting it in some pages, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed Put the following payload in the Quiz Url Slug setting: "alert/XSS/ Create ...

4.8CVSS0.2AI score0.00603EPSS
Exploits2
wpexploit
wpexploit
added 2021/09/13 12:0 a.m.710 views

Software License Manager < 4.5.1 - Arbitrary Domain Deletion via CSRF

The delreistereddomains AJAX action of the plugin does not have any CSRF checks, and is vulnerable to a CSRF attack https://example.com/wp-admin/admin-ajax.php?action=delreistereddomain&id=1...

8.8CVSS3.5AI score0.00667EPSS
Exploits2References1
wpexploit
wpexploit
added 2021/09/13 12:0 a.m.536 views

Affiliate Power < 2.3.0 - Reflected Cross-Site Scripting

The plugin does not escape the page parameter in its Affiliate Power Sales dashboard before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting issue alert/XSS/' /...

0.2AI score
Exploits0
wpexploit
wpexploit
added 2021/09/13 12:0 a.m.709 views

Poll Maker < 3.4.2 - Unauthenticated Time Based SQL Injection

The plugin allows unauthenticated users to perform SQL injection via the aysfinishpoll AJAX action. While the result is not disclosed in the response, it is possible to use a timing attack to exfiltrate data such as password hash. This requires a valid nonce, which can be obtained by going to a...

7.5CVSS0.9AI score0.01587EPSS
Exploits2
wpexploit
wpexploit
added 2021/09/13 12:0 a.m.812 views

EditorsKit < 1.31.6 - Contributor+ Arbitrary PHP Code Execution

The plugin does not sanitise and validate the Conditional Logic of the Custom Visibility settings, allowing users with a role as low contributor to execute Arbitrary PHP code As a contributor, create/edit a post and put the below code while in Code Editor mode: \naa\n Save or Preview the page,...

8.8CVSS1.1AI score0.01753EPSS
Exploits2
wpexploit
wpexploit
added 2021/09/13 12:0 a.m.469 views

Avada < 7.4.2 - Reflected Cross-Site Scripting

Description The theme does not properly escape bbPress searches before outputting them back as breadcrumbs, leading to a Reflected Cross-Site Scripting issue. https://theme-fusion.com/forums/search/z--FAIL/...

6.7AI score
Exploits0References1
wpexploit
wpexploit
added 2021/09/13 12:0 a.m.569 views

Simple Social Media Share Buttons < 3.2.4 - Authenticated Stored Cross-Site Scripting

The plugin does not escape the Share Title settings before outputting it in the frontend pages or posts depending on the settings used, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. Put the following payload in the Sha...

4.8CVSS4.8AI score0.00598EPSS
Exploits2
wpexploit
wpexploit
added 2021/09/13 12:0 a.m.524 views

Comments - wpDiscuz < 7.3.2 - Admin+ Stored Cross-Site Scripting

The plugin does not properly sanitise or escape the Follow and Unfollow messages before outputting them in the page, which could allow high privilege users to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. Timeline: May 18th, 2021 - Vendor...

4.8CVSS4.9AI score0.00598EPSS
Exploits2
wpexploit
wpexploit
added 2021/09/13 12:0 a.m.734 views

Download from files <= 1.48 - Unauthenticated Arbitrary File Upload

The downloadfromfiles617fileupload AJAX action f the plugin, available to both unauthenticated and authenticated users does not properly restrict the files to be uploaded, which could allow unauthenticated users to upload PHP4 files for example POST /wp-admin/admin-ajax.php HTTP/1.1 Accept:...

0.2AI score
Exploits0References1
wpexploit
wpexploit
added 2021/09/13 12:0 a.m.554 views

Coming Soon and Maintenance Mode < 3.5.3 - Authenticated Stored XSS

The plugin does not properly sanitize inputs submitted by authenticated users when setting adding or modifying coming soon or maintenance mode pages, leading to stored XSS. Open the Coming Soon plugin's settings Coming Soon - Coming Soon Click on the "Title" section Inject XSS payload into the...

5.4CVSS0.3AI score0.006EPSS
Exploits2
wpexploit
wpexploit
added 2021/09/10 12:0 a.m.570 views

Appointment Hour Booking – WordPress Booking Plugin < 1.3.17 - Authenticated Stored XSS

The plugin does not properly sanitize values used when creating new calendars. Open the Appointment Hour Booking Tab. Enter XSS payload like "alertdocument.location in new calendar name field. and click on "add new" button. Go back to the Appointment Hour Booking Tab and select "Publish" for any...

5.4CVSS5.5AI score0.00604EPSS
Exploits2
wpexploit
wpexploit
added 2021/09/10 12:0 a.m.536 views

Easy Accordion < 2.0.22 - Authenticated Stored XSS

The plugin does not properly sanitize inputs when adding new items to an accordion. When adding new items to an accordion, an injection payload of "" for an accordion item's title will result in XSS in the wp-admin page as well as on pages that show the accordion...

5.4CVSS1.4AI score0.00604EPSS
Exploits2
wpexploit
wpexploit
added 2021/09/07 12:0 a.m.544 views

Chained Quiz < 1.2.7.2 - Authenticated Stored Cross Site Scripting

The plugin does not properly sanitize or escape inputs in the plugin's settings. Open "Chained Quiz Social Sharing" in the WP admin panel. Under title field enter the payload : "alertdocument.domain Click on Save All Setting and the XSS will fire every time the Social Sharing page is loaded...

5.4CVSS0.1AI score0.00604EPSS
Exploits2
wpexploit
wpexploit
added 2021/09/07 12:0 a.m.588 views

WP Sitemap Page < 1.7.0 - Admin+ Stored Cross Site Scripting

The plugin does not properly sanitise and escape some of its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. Put the following payloads in the mentioned settings of the plugin: - How to display the pos...

4.8CVSS4.7AI score0.00622EPSS
Exploits2References1
wpexploit
wpexploit
added 2021/09/07 12:0 a.m.741 views

Weather Effect < 1.3.4 - CSRF to Stored Cross-Site Scripting

The plugin does not have any CSRF checks in place when saving its settings, and do not validate or escape them, which could lead to Stored Cross-Site Scripting issue. v1.3.4 fixed the CSRF, but not the sanitisation/escaping fully. Another issue has been created for it To have the XSS only trigger...

5.4CVSS0.1AI score0.00399EPSS
Exploits2
wpexploit
wpexploit
added 2021/09/07 12:0 a.m.540 views

Weather Effect < 1.3.6 - Admin+ Stored Cross-Site Scripting

The plugin does not properly validate and escape some of its settings like sizeleaf, flakesleaf, speed which could lead to Stored Cross-Site Scripting issues POST /wp-admin/admin.php?page=weather-effects-setting HTTP/1.1 Accept: text/html, /; q=0.01 Accept-Language: en-GB,en;q=0.5 Accept-Encoding...

4.8CVSS0.4AI score0.00598EPSS
Exploits2
wpexploit
wpexploit
added 2021/09/06 12:0 a.m.489 views

User Registration < 2.0.2 - Low Privilege Stored Cross-Site Scripting

The plugin does not properly sanitise the userregistrationprofilepicurl value when submitted directly via the userregistrationupdateprofiledetails AJAX action. This could allow any authenticated user, such as subscriber, to perform Stored Cross-Site attacks when their profile is viewed 1. Login a...

5.4CVSS0.1AI score0.006EPSS
Exploits3
wpexploit
wpexploit
added 2021/09/06 12:0 a.m.554 views

CM Tooltip Glossary < 3.9.21 - Contributor+ Stored Cross-Site Scripting

The plugin does not escape some glossarytooltip shortcode attributes, which could allow users a role as low as Contributor to perform Stored Cross-Site Scripting attacks glossarytooltip dashicon='" style="animation-name:twentytwentyone-close-button-transition"...

5.4CVSS1.9AI score0.00604EPSS
Exploits2
wpexploit
wpexploit
added 2021/09/06 12:0 a.m.707 views

uListing < 2.0.9 - Arbitrary Blog Option Update via CSRF

The plugin does not have CSRF check in the uListingimportlayout function, nor perform any validation on the option/post meta key to update to ensure it belongs to the plugin. As a result, attackers could make a logged in admin change any of the blog option such as siteurl, blogname etc as well as...

0.4AI score
Exploits0
wpexploit
wpexploit
added 2021/09/06 12:0 a.m.536 views

UsersWP < 1.2.2.29 - Reflected Cross-Site Scripting

The plugin sanitises user input via sanitizetextfield but do not escape it before outputting it back in attributes, leading to Reflected Cross-Site Scripting issues On the reset page made by the plugin: https://example.com/reset/?key=a&login=%22accesskey=X%20onclick=alert1%20b=%22...

0.7AI score
Exploits0
wpexploit
wpexploit
added 2021/09/06 12:0 a.m.558 views

My Chatbot <= 1.1 - Reflected Cross-Site Scripting (XSS)

The plugin does not sanitise or escape its tab parameter in the Settings page before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting issue https://example.com/wp-admin/options-general.php?page=my-chatbot&tab=%22%3E%3Cscript%3Ealert%28%2FXSS%2F%29%3C%2Fscript%3E...

1AI score
Exploits0
wpexploit
wpexploit
added 2021/09/06 12:0 a.m.457 views

PublishPress Editorial Calendar < 3.5.1 - Reflected Cross-Site Scripting

The plugin does not escape some parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting issues https://example.com/wp-admin/admin.php?page=pp-content-overview&orderby="alert/XSS-orderby/&order="alert/XSS-order/...

1.2AI score
Exploits0
wpexploit
wpexploit
added 2021/09/06 12:0 a.m.575 views

Better Find and Replace < 1.2.9 - Reflected Cross-Site Scripting

The plugin does not escape the 's' GET parameter before outputting back in the All Masking Rules page, leading to a Reflected Cross-Site Scripting issue https://example.com/wp-admin/admin.php?page=cs-all-masking-rules&s=alert/XSS/...

6.1CVSS0.6AI score0.008EPSS
Exploits2
wpexploit
wpexploit
added 2021/09/06 12:0 a.m.585 views

Bitcoin / AltCoin Payment Gateway for WooCommerce < 1.6.1 - Reflected Cross-Site Scripting

The plugin does not escape the 's' GET parameter before outputting back in the All Masking Rules page, leading to a Reflected Cross-Site Scripting issue https://example.com/wp-admin/admin.php?page=cs-woo-altcoin-all-coins&s="alert/XSS/...

6.1CVSS0.9AI score0.008EPSS
Exploits2
wpexploit
wpexploit
added 2021/09/06 12:0 a.m.168 views

Enfold Theme < 4.8.4 - Reflected Cross-Site Scripting (XSS)

The Enfold theme was vulnerable to Reflected Cross-Site Scripting XSS. The vulnerability is present on Enfold versions previous than 4.8.4 which use Avia Page Builder. The issue appears when pagination comes in place while navigating on a WordPress site with Enfold theme active. When that occurs,...

6.1CVSS6.1AI score0.02959EPSS
Exploits5
wpexploit
wpexploit
added 2021/09/06 12:0 a.m.508 views

ELEX WooCommerce Google Shopping < 1.2.4 - Reflected Cross-Site Scripting (XSS)

The plugin does not sanitise or escape the search GET parameter before outputting back in the page, leading to a reflected Cross-Site Scripting issue, which will be executed in a logged in admin context https://example.com/wp-admin/admin.php?page=elex-product-feed-manage&search="alert/XSS/...

0.5AI score
Exploits0
wpexploit
wpexploit
added 2021/09/06 12:0 a.m.547 views

Modern Events Calendar Lite < 5.22.2 - Admin+ Stored Cross-Site Scripting

The plugin does not escape some of its settings before outputting them in attributes, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. Go to the plugin Settings Messages Taxonomies...

4.8CVSS0.2AI score0.00598EPSS
Exploits2
Total number of security vulnerabilities4359