Lucene search
K
WpexploitRecent

4359 matches found

wpexploit
wpexploit
•added 2024/03/19 12:0 a.m.•147 views

Woomotiv < 3.5.0 - Review Count Reset via CSRF

Description The plugin is vulnerable to Cross-Site Request Forgery due to missing or incorrect nonce validation on the 'ajaxcancelreview' function. This makes it possible for unauthenticated attackers to reset the site's review count via a forged request granted they can trick a site administrato...

4.3CVSS4.9AI score0.00253EPSS
Exploits1References1
wpexploit
wpexploit
•added 2024/03/18 12:0 a.m.•165 views

WPB Show Core < 2.6 - Reflected XSS

Description The plugin does not sanitise and escape some parameters before outputting them back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

6AI score0.00499EPSS
Exploits2
wpexploit
wpexploit
•added 2024/03/18 12:0 a.m.•178 views

SendPress Newsletters <= 1.23.11.6 - Admin+ Stored XSS via Settings

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup 1. Click SendPress in the Admin menu...

5.7AI score0.0071EPSS
Exploits2
wpexploit
wpexploit
•added 2024/03/18 12:0 a.m.•152 views

WPB Show Core < 2.7 - Reflected XSS

Description The plugin does not sanitise and escape the parameters before outputting it back in the response of an unauthenticated request, leading to a Reflected Cross-Site Scripting Open an HTML file containing the following: alert/XSS/' / var form1 = document.getElementById'hack'; form1.submit...

6.7AI score0.00499EPSS
Exploits2
wpexploit
wpexploit
•added 2024/03/18 12:0 a.m.•168 views

SendPress Newsletters <= 1.23.11.6 - Admin+ Stored XSS via Form Settings

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup 1. Click SendPress which is available ...

5.7AI score0.00405EPSS
Exploits2
wpexploit
wpexploit
•added 2024/03/18 12:0 a.m.•246 views

BackWPup < 4.0.4 - Unauthenticated Backup Download

Description The plugin does not prevent visitors from leaking key information about ongoing backups, allowing unauthenticated attackers to download backups of a site's database. 1 Ensure that Apache is configured with the ability to list directory content. 2 When this is done, you can see the...

6.6AI score0.02261EPSS
Exploits2References1
wpexploit
wpexploit
•added 2024/03/18 12:0 a.m.•126 views

WPB Show Core < 2.7 - Reflected XSS

Description The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin or unauthenticated users...

6.2AI score0.00458EPSS
Exploits2
wpexploit
wpexploit
•added 2024/03/18 12:0 a.m.•181 views

Font Farsi <= 1.6.6 - Admin+ Stored XSS in Settings

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup 1. Go to...

5.7AI score0.00443EPSS
Exploits2
wpexploit
wpexploit
•added 2024/03/16 12:0 a.m.•177 views

Inline Related Posts < 3.5.0 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as Admin to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed Put the following payload in the CSS margin-top settings: 0 em" onmouseover=alert/XSS/// Th...

8.6AI score0.00424EPSS
Exploits2References1
wpexploit
wpexploit
•added 2024/03/15 12:0 a.m.•135 views

Gutenberg Blocks by Kadence Blocks < 3.2.26 - Contributor+ Stored XSS

Description The plugin does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks As a contributor or above, edit a post in...

5.9AI score0.00427EPSS
Exploits3References1
wpexploit
wpexploit
•added 2024/03/15 12:0 a.m.•147 views

Gutenberg Blocks by Kadence Blocks < 3.2.26 - Contributor+ Stored XSS

Description The plugin does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks As a contributor or above, edit a post in...

5.8AI score0.00427EPSS
Exploits3References1
wpexploit
wpexploit
•added 2024/03/13 12:0 a.m.•478 views

Malware Scanner < 4.7.3 and Web Application Firewall < 2.1.2 - Unauthenticated Privilege Escalation

Description The plugin does not prevent unauthenticated users from resetting any account's password, allowing them to takeover sites by resetting one of its administrators' password. curl --url 'http://vulnerable-site.tld/wp-login.php' --data...

9.8CVSS9.7AI score0.01712EPSS
Exploits1References1
wpexploit
wpexploit
•added 2024/03/13 12:0 a.m.•154 views

WooCommerce Cart Abandonment Recovery < 1.2.27 - Templates/Abandoned Orders Deletion via CSRF

Description The plugin does not have CSRF check in its bulk actions, which could allow attackers to make logged in admins delete arbitrary email templates as well as delete and unsubscribe users from abandoned orders via CSRF attacks. Make a logged in admin open one of the URLs below - To make th...

6.9AI score0.00353EPSS
Exploits2
wpexploit
wpexploit
•added 2024/03/13 12:0 a.m.•442 views

WP Statistics < 14.5.1 - Unauthenticated Stored Cross-Site Scripting

Description The plugin does not properly escape visited URLs which are reflected on the plugin's dashboard. Visit one same page multiple times so it makes it to the most visited pages, adding the following "utmid" parameter to it:...

7.2CVSS7.1AI score0.67723EPSS
Exploits1References1
wpexploit
wpexploit
•added 2024/03/13 12:0 a.m.•434 views

WooCommerce < 8.4.0 - Reflected Cross-Site Scripting

Description The plugin does not properly sanitize user-input provided by the addqueryarg function when echoed back into JavaScript code context. http://vulnerable-site.tld/wp-admin/edit-comments.php?%27;alert1//...

7.5AI score
Exploits0References1
wpexploit
wpexploit
•added 2024/03/13 12:0 a.m.•1112 views

Contact Form 7 < 5.9.2 - Reflected Cross-Site Scripting

Description The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against administrators...

6.1CVSS6.2AI score0.013EPSS
Exploits2References1
wpexploit
wpexploit
•added 2024/03/12 12:0 a.m.•155 views

Page Builder Gutenberg Blocks < 3.1.7 - Contributor+ Stored XSS

Description The plugin does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks Create/Edit a Post, add an "Icon" block and...

5.9AI score0.00446EPSS
Exploits2References1
wpexploit
wpexploit
•added 2024/03/11 12:0 a.m.•157 views

WooCommerce Product Filter < 1.4.4 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its Filters settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup As and admin, create a filter...

5.7AI score0.0042EPSS
Exploits2
wpexploit
wpexploit
•added 2024/03/11 12:0 a.m.•198 views

WooCommerce Product Filter < 1.4.4 - Filter Deletion via CSRF

Description The plugin does not have CSRF check in its bulk action, which could allow attackers to make logged in users delete arbitrary filters via CSRF attack, granted they know the related filter slugs Make a logged in admin open the URL below to make them delete the filter with the slug test1...

6.9AI score0.00237EPSS
Exploits2
wpexploit
wpexploit
•added 2024/03/11 12:0 a.m.•150 views

Hubbub Lite < 1.33.1 - Unauthenticated Password Protected Posts Access

Description The plugin does not ensure that user have access to password protected post before displaying its content in a meta tag. When the "Disable Open Graph Meta Tags" settings of the plugin is disabled, view the source of a password protected post and note its content being disclosed in the...

6.8AI score0.00516EPSS
Exploits2
wpexploit
wpexploit
•added 2024/03/11 12:0 a.m.•158 views

WooCommerce Product Filter < 1.4.4 - Reflected XSS

Description The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin Make a logged in admin open the URL below the filter with the slug test1 needs to exist...

6AI score0.00402EPSS
Exploits2
wpexploit
wpexploit
•added 2024/03/07 12:0 a.m.•159 views

My Calendar < 3.4.24 - Authenticated Stored XSS

Description The plugin does not sanitise and escape some parameters, which could allow users with a role as low as Subscriber to perform Cross-Site Scripting attacks depending on the permissions set by the admin 1. Use any type of role as long as you permit it the action to Add Events. 2. Add a n...

6AI score0.00425EPSS
Exploits2
wpexploit
wpexploit
•added 2024/03/07 12:0 a.m.•155 views

Pz-LinkCard < 2.5.3 - Reflected XSS

Description The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin Make a logged in admin open a page containing the code below ' /...

6AI score0.00491EPSS
Exploits2
wpexploit
wpexploit
•added 2024/03/07 12:0 a.m.•172 views

Pz-LinkCard < 2.5.3 - Contributor+ SSRF

Description The plugin does not prevent users from pinging arbitrary hosts via some of its shortcodes, which could allow high privilege users such as contributors to perform SSRF attacks. Setup a listener on a localhost/LAN host such as nc -l 127.0.0.1 9000, then as a contributor, put the followi...

9.4AI score0.00263EPSS
Exploits2References1
wpexploit
wpexploit
•added 2024/03/07 12:0 a.m.•152 views

Pz-LinkCard < 2.5.3 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed Put the following payload in the "Class ID to be Added for PC" setting of the plugin...

8.6AI score0.00467EPSS
Exploits2References1
wpexploit
wpexploit
•added 2024/03/05 12:0 a.m.•151 views

Backup and Restore WordPress < 1.50 - Unauthenticated Sensitive Data Exposure

Description The plugin does not protect some log files containing sensitive information such as site configuration etc, allowing unauthenticated users to access such data. 1 There is a lot of sensitive data and most importantly, you can download this logs to your machine and read it. These files...

6.3AI score0.00565EPSS
Exploits2
wpexploit
wpexploit
•added 2024/03/05 12:0 a.m.•182 views

Testimonial Slider < 2.3.7 - Author+ Settings Update

Description The plugin does not properly ensure that a user has the necessary capabilities to edit certain sensitive plugin settings, making it possible for users with at least the Author role to edit them. 1 Go to a page where one of the sliders is already in use and intercept the nonce tss 2...

9.5AI score0.00381EPSS
Exploits2References1
wpexploit
wpexploit
•added 2024/03/04 12:0 a.m.•136 views

CM Download and File Manager < 2.9.1 - Download Edit via CSRF

Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in admins edit downloads via a CSRF attack Make an admin open an HTML file containing the following:...

6.7AI score0.0047EPSS
Exploits2
wpexploit
wpexploit
•added 2024/03/04 12:0 a.m.•182 views

CM Download Manager < 2.9.0 - Download Deletion via CSRF

Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in admins delete downloads via a CSRF attack Make an admin open the URL below https://example.com/cmdownload/del/id/...

6.7AI score0.00244EPSS
Exploits2
wpexploit
wpexploit
•added 2024/03/04 12:0 a.m.•149 views

CM Download and File Manager < 2.9.0 - Download Unpublish via CSRF

Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in admins unpublish downloads via a CSRF attack Make an admin open the URL below https://example.com/cmdownload/unpublish/id/...

6.7AI score0.00225EPSS
Exploits2
wpexploit
wpexploit
•added 2024/03/04 12:0 a.m.•142 views

Schema Pro < 2.7.16 - Contributor+ Custom Field Access

Description The plugin does not validate post access allowing a contributor user to access custom fields on any post regardless of post type or status via a shortcode As a contributor, add/edit a post and embed aiosrsprocustomfield postid="ANYPOSTID" fieldkey="ANYMETAKEY" and specify/guess any po...

9.5AI score0.00453EPSS
Exploits2
wpexploit
wpexploit
•added 2024/02/29 12:0 a.m.•656 views

LiteSpeed Cache < 5.7.0.1 - Unauthenticated Stored XSS

Description The plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'nameservers' and 'msg' parameters due to insufficient input sanitization and output escaping, allowing unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user...

8.3CVSS8.3AI score0.54872EPSS
Exploits5References1
wpexploit
wpexploit
•added 2024/02/28 12:0 a.m.•154 views

Simple Ajax Chat < 20240223 - Unauthenticated Stored XSS

Description The plugin does not prevent visitors from using malicious Names when using the chat, which will be reflected unsanitized to other users. await fetch"http://vulnerable-site.tld/wp-content/plugins/simple-ajax-chat/simple-ajax-chat-core.php?sacSendChat=yes", "credentials": "include",...

6.7AI score0.00452EPSS
Exploits2
wpexploit
wpexploit
•added 2024/02/28 12:0 a.m.•272 views

System Dashboard < 2.8.10 - XSS via Header Injection

Description The plugin does not sanitize and escape some parameters, which could allow administrators in multisite WordPress configurations to perform Cross-Site Scripting attacks X-Forwarded-For: 11.11.11.11alert1...

6.1AI score0.00813EPSS
Exploits2References1
wpexploit
wpexploit
•added 2024/02/28 12:0 a.m.•132 views

Booking Calendar < 1.3.83 - CSRF appointment scheduling

Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks such as adding a booking to the calendar without paying. input type="s...

6.7AI score0.00384EPSS
Exploits2
wpexploit
wpexploit
•added 2024/02/28 12:0 a.m.•310 views

Travelpayouts < 1.1.17 - Open Redirect

Description The plugin is vulnerable to Open Redirect due to insufficient validation on the travelpayoutsredirect variable. This makes it possible for unauthenticated attackers to redirect users to potentially malicious sites if they can successfully trick them into performing an action...

6.7AI score0.00891EPSS
Exploits2
wpexploit
wpexploit
•added 2024/02/27 12:0 a.m.•151 views

Payment Gateway for Telcell < 2.0.4 - Unauthenticated Open Redirect

Description The plugin does not validate the apiurl parameter before redirecting the user to its value, leading to an Open Redirect issue https://localhost/wp-admin/admin.php?page=wc-settings&action=redirecttelcellform&apiurl=https://www.google.com...

6.8AI score0.00464EPSS
Exploits2
wpexploit
wpexploit
•added 2024/02/27 12:0 a.m.•132 views

Profile Box Shortcode And Widget < 1.2.1 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup When creating a new widget, insert the...

5.7AI score0.00416EPSS
Exploits2References1
wpexploit
wpexploit
•added 2024/02/26 12:0 a.m.•127 views

Grid Shortcodes < 1.1.1 - Contributor+ Stored XSS

Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks GDCrow GDCcolumn size='"...

5.9AI score0.00379EPSS
Exploits2
wpexploit
wpexploit
•added 2024/02/26 12:0 a.m.•159 views

Team Members < 5.3.2 - Author+ Stored XSS

Description The plugin does not validate and escape some of its Team options attributes before outputting them back in a page/post where the related shortcode is embed, which could allow users with the author role and above to perform Stored Cross-Site Scripting attacks. 1. Create/edit a team and...

5.9AI score0.00443EPSS
Exploits2
wpexploit
wpexploit
•added 2024/02/26 12:0 a.m.•181 views

Responsive Pricing Table < 5.1.11 - Author+ Stored XSS

Description The plugin does not validate and escape some of its Pricing Table options before outputting them back in a page/post where the related shortcode is embed, which could allow users with the author role and above to perform Stored Cross-Site Scripting attacks - Create a new Pricing Table...

8.3AI score0.00401EPSS
Exploits2References1
wpexploit
wpexploit
•added 2024/02/26 12:0 a.m.•297 views

Ultimate Member 2.1.3 - 2.8.2 - Unauthenticated SQL Injection

Description The plugin does not sanitize and escape the sorting parameter before using it in a SQL statement, allowing unauthenticated users to perform SQL injection attacks when the "Enable custom table for usermeta" option is enabled. Requirement: "Enable custom table for usermeta" option to be...

9.8CVSS9.8AI score0.89431EPSS
Exploits8References1
wpexploit
wpexploit
•added 2024/02/21 12:0 a.m.•152 views

Widget for Social Page Feeds < 6.4 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup 1. Create a new Facebook like widget. ...

7.3AI score0.00396EPSS
Exploits2References1
wpexploit
wpexploit
•added 2024/02/21 12:0 a.m.•134 views

Jobs for WordPress < 2.7.4 - Contributor+ Stored XSS

Description The plugin does not sanitise and escape some parameters, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks 1. As a Contributor, navigate to "Add new position" 2. On the page to create a post, in the "Working Hours" add: 3. When a...

5.9AI score0.00457EPSS
Exploits2
wpexploit
wpexploit
•added 2024/02/20 12:0 a.m.•124 views

Tabs Shortcode and Widget <= 1.17 - Contributor+ Stored Cross-Site Scripting

Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks otwshortcodetabslayout tabs="2"...

7.7AI score0.00431EPSS
Exploits2References1
wpexploit
wpexploit
•added 2024/02/20 12:0 a.m.•159 views

Scalable Vector Graphics (SVG) <= 3.4 - Author+ Stored XSS via SVG

Description The plugin does not sanitize uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads. Upload an SVG with the following code: alert"xss"; Access the uploaded file directly to see the XSS...

8.5AI score0.00371EPSS
Exploits2
wpexploit
wpexploit
•added 2024/02/20 12:0 a.m.•127 views

Advanced Social Feeds Widget & Shortcode <= 1.7 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup When creating a new widget, insert the...

7.3AI score0.00379EPSS
Exploits2References1
wpexploit
wpexploit
•added 2024/02/20 12:0 a.m.•127 views

Enjoy Social Feed <= 6.2.2 - Subscriber+ Plugin Database Reset

Description The plugin does not have authorisation when resetting its database, allowing any authenticated users, such as subscriber to perform such action Log in as a subscriber, access the Diagnostic tab of the plugin /wp-admin/admin.php?page=enjoyinstagrampluginoptions&tab=diagnostic and click...

6.6AI score0.0077EPSS
Exploits2
wpexploit
wpexploit
•added 2024/02/20 12:0 a.m.•160 views

Enjoy Social Feed <= 6.2.2 - Unauthenticated Arbitrary Instagram Account Unlinking

Description The plugin does not have authorisation and CSRF in various function hooked to admininit, allowing unauthenticated users to call them and unlink arbitrary users Instagram Account for example As unauthenticated, open the following URL to unlink the Instagram account of the user with ID ...

7.1AI score0.00351EPSS
Exploits2
wpexploit
wpexploit
•added 2024/02/20 12:0 a.m.•148 views

Backup Bolt < 1.4.0 - Sensitive Data Exposure

Description The plugin is vulnerable to Information Exposure via the unprotected access of debug logs. This makes it possible for unauthenticated attackers to retrieve the debug log which may contain information like system errors which could contain sensitive information. Access the error log at...

9.3AI score0.0055EPSS
Exploits2References1
Total number of security vulnerabilities4359