Lucene search
K
WpexploitRecent

4359 matches found

wpexploit
wpexploit
added 2021/09/06 12:0 a.m.600 views

Appointment Hour Booking < 1.3.16 - Authenticated Stored Cross-Site Scripting

The plugin does not escape some of the Calendar Form settings, allowing high privilege users to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. Create a new Calendar Appointment Hour Booking Add new Put the following payload in the Form Settings...

4.8CVSS0.2AI score0.00598EPSS
Exploits2
wpexploit
wpexploit
added 2021/09/04 12:0 a.m.680 views

Media File Renamer - Auto & Manual Rename < 5.2.7 - Media Title/Filename/Locking State Update via CSRF

The plugin does not have CSRF in place, which could allow attacker to make a logged in admin change arbitrary uploaded media title, filename, as well as locking state via a CSRF attack Notes: - We were unable to reproduce the issue from an attacker point of view, the endpoints are expecting JSON...

5.4CVSS0.3AI score0.00423EPSS
Exploits1
wpexploit
wpexploit
added 2021/09/03 12:0 a.m.156 views

Support Board < 3.3.4 - Multiple Unauthenticated SQL Injections

The plugin does not escape multiple POST parameters such as statuscode, department, userid, conversationid, conversationstatuscode, and recipientid before using them in SQL statements, leading to SQL injections which are exploitable by unauthenticated users. The login-cookie parameter is needed,...

9.8CVSS0.6AI score0.05516EPSS
Exploits3References2
wpexploit
wpexploit
added 2021/09/02 12:0 a.m.512 views

Easy Social Icons < 3.1.3 - Reflected Cross-Site Scripting

The plugin does not escape user input before outputting it back in attributes, leading to Reflected Cross-Site Scripting issues Affected parameters: width, height, margin, attrid, attrclass alert/XSS/' /...

6.6AI score
Exploits0
wpexploit
wpexploit
added 2021/09/02 12:0 a.m.235 views

GeoDirectory < 2.1.1.3 - Authenticated (admin+) Stored Cross-Site Scripting (XSS)

The GeoDirectory plugin was vulnerable to Authenticated admin+ Stored Cross-Site Scripting XSS. POST /wp-admin/admin.php?page=gd-settings&tab=general&section=location HTTP/1.1 ..SNIP.. Content-Disposition: form-data; name="defaultlocationlatitude" prompt/XSS/ ..SNIP...

5.4CVSS1.4AI score0.00854EPSS
Exploits2References2
wpexploit
wpexploit
added 2021/09/02 12:0 a.m.784 views

Meow Gallery < 4.1.9 - Contributor+ SQL Injection

The plugin does not sanitise, validate or escape the ids attribute of its gallery shortcode available for users as low as Contributor before using it in an SQL statement, leading to an authenticated SQL Injection issue. The injection also allows the returned values to be manipulated in a way that...

8.1CVSS0.1AI score0.01131EPSS
Exploits2
wpexploit
wpexploit
added 2021/09/02 12:0 a.m.726 views

Meow Gallery < 4.2.0 - Unauthorised Arbitrary Options Update via REST API

The plugin does not properly check for capability in its REST API, allowing - Any authenticated user with the uploadfile capability such as author+ to call them in versions before 4.1.9 - Any unauthenticated user to call them except the restallsettings endpoint, in 4.1.9 One endpoint in...

Exploits0
wpexploit
wpexploit
added 2021/09/01 12:0 a.m.644 views

XO Event Calendar < 2.3.7 - Reflected Cross-Site Scripting

The plugin does not escape the selected-name parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting issue https://example.com/wp-admin/edit.php?posttype=xoevent&page=xo-event-holiday-settings&selected-name="alert/XSS/...

0.7AI score
Exploits0
wpexploit
wpexploit
added 2021/08/31 12:0 a.m.101 views

WooCommerce Dynamic Pricing & Discounts < 2.4.2 - Unauthenticated Settings Export

The plugin does not have authorisation check on its export feature, allowing unauthenticated users to export them. https://example.com/?rpwcdpdexportsettings=1...

2.8AI score
Exploits0References1
wpexploit
wpexploit
added 2021/08/31 12:0 a.m.544 views

Software License Manager < 4.5.0 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise or escape its License Key Prefix setting before outputting it in the Add/Edit Licenses page, leading to an Authenticated Stored Cross-Site Scripting issue Go the plugin’s settings and add "alert/XSS/ as a License Key Prefix Then go the the Add/Edit Licenses page to...

0.2AI score
Exploits0
wpexploit
wpexploit
added 2021/08/31 12:0 a.m.620 views

CF Geo Plugin < 7.13.12 - Reflected Cross-Site Scripting

The plugin does not escape the some parameter before outputting them back in admin pages, leading to a Reflected Cross-Site Scripting issue POST /wp-admin/admin.php?page=cf-geoplugin-activate HTTP/1.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/;q=0.8 Accept-Language...

0.5AI score
Exploits0
wpexploit
wpexploit
added 2021/08/31 12:0 a.m.687 views

qTranslate X <= 3.4.6.8 - Multiple Admin+ Stored Cross-Site Scripting

The plugin does not escape some of its settings before outputting them in attributes, allowing high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. Affected POST Parameters: - Settings Languages Languages:...

0.4AI score
Exploits0
wpexploit
wpexploit
added 2021/08/31 12:0 a.m.182 views

underConstruction < 1.19 - Reflected Cross-Site Scripting

The plugin does not escape the PHPSELF before outputting it in an attribute, leading to a Reflected Cross-Site Scripting issue https://example.com/wp-admin/admin.php/"alert/XSS//?page=under-construction...

6.1CVSS1AI score0.02335EPSS
Exploits1References2
wpexploit
wpexploit
added 2021/08/30 12:0 a.m.459 views

User Activity Log < 1.4.7 - Reflected Cross-Site Scripting

The plugin does not escape the txtsearch parameter before outputting it in an attribute, leading to a Reflected Cross-Site Scripting issue https://example.com/wp-admin/admin.php?page=useractionlog&txtsearch=%22+style%3Danimation-name%3Arotation+onanimationstart%3Dalert%28%2FXSS%2F%29%2F%2F...

1.1AI score
Exploits0
wpexploit
wpexploit
added 2021/08/30 12:0 a.m.667 views

WP Statistic < 13.1 - Reflected Cross-Site Scripting (XSS)

The plugin does not sanitise and escape various user input before outputting it back in pages, which could lead to Cross-Site Scripting issues https://example.com/wp-admin/admin.php?page=wpsreferrerspage&referr="alert/XSS/...

0.4AI score
Exploits0
wpexploit
wpexploit
added 2021/08/30 12:0 a.m.495 views

CoolClock < 4.3.5 - Contributor+ Stored Cross-Site Scripting

The plugin does not escape some shortcode attributes, allowing users with a role as low as Contributor toperform Stored Cross-Site Scripting attacks As a user with a role as low as contributor, put the following shortcode in a post/page and view/preview it to trigger the XSS which is specific to...

5.4CVSS0.3AI score0.00604EPSS
Exploits2
wpexploit
wpexploit
added 2021/08/30 12:0 a.m.481 views

User Activity Log < 1.4.7 - Reflected Cross Site Scripting via Query String

The plugin does not escape the $SERVER'QUERYSTRING' before outputting it back in attributes, which could lead to Reflected Cross-Site Scripting in web browsers which do not encode URL characters. With a web browser which does not encode characters or use burp suite and decode the URL via the...

0.7AI score
Exploits0
wpexploit
wpexploit
added 2021/08/30 12:0 a.m.816 views

Countdown Block < 1.1.2 - Missing Authorisation in AJAX action

The plugin does not have authorisation in the ebwriteblockcss AJAX action, which allows any authenticated user, such as Subscriber, to modify post contents displayed to users. v1.1.1 attempt to fix the issue was incomplete, still allowing it to be exploited via a CSRF attack on an admin due to a...

4.3CVSS0.0065EPSS
Exploits2
wpexploit
wpexploit
added 2021/08/30 12:0 a.m.149 views

Easy Social Icons < 3.0.9 - Reflected Cross-Site Scripting

The plugin does not escape the $SERVER'PHPSELF' input before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting issue https://example.com/wp-admin/admin.php/alert/XSS//?page=cnsssocialiconpage...

6.1CVSS0.7AI score0.0236EPSS
Exploits2References1
wpexploit
wpexploit
added 2021/08/30 12:0 a.m.166 views

TranslatePress < 2.0.9 - Authenticated Stored Cross-Site Scripting

The plugin does not implement a proper sanitisation on the translated strings. The 'trpsanitizestring' function only removes script tag with a regex, still allowing other HTML tags and attributes to execute javascript, which could lead to authenticated Stored Cross-Site Scripting issues. As admin...

4.8CVSS0.1AI score0.05432EPSS
Exploits5References1
wpexploit
wpexploit
added 2021/08/30 12:0 a.m.787 views

Cookie Notice & Compliance for GDPR / CCPA < 2.1.2 - Admin+ Stored Cross-Site Scripting

The plugin does not escape the value of its Button Text setting when outputting it in an attribute in the frontend, allowing high privilege users such as admin to perform Cross-Site Scripting even when the unfilteredhtml capability is disallowed. Put the following payload in the Button text setti...

4.8CVSS0.4AI score0.00598EPSS
Exploits2
wpexploit
wpexploit
added 2021/08/30 12:0 a.m.538 views

Docket Cache < 21.08.02 - Reflected Cross-Site Scripting

The plugin does not escape some filter parameters when the OPCache Viewer is enabled before outputting them back in attributes, leading to Reflected Cross-Site Scripting issues https://example.com/wp-admin/admin.php?page=docket-cache-opcviewer&idx=opcviewer&s=a&sf="alert/XSS-sf/&sm="alert/XSS-sm/...

0.9AI score
Exploits0
wpexploit
wpexploit
added 2021/08/30 12:0 a.m.674 views

Multiple Plugins from miniorange - Reflected Cross-Site Scripting via appId

The plugins do not escape the appId parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting issue https://example.com/wp-admin/admin.php?page=mooauthsettings&tab=config&appId="alert/XSS/...

1.2AI score
Exploits0
wpexploit
wpexploit
added 2021/08/30 12:0 a.m.782 views

Premium Addons for Elementor < 4.5.2 - Subscriber+ Arbitrary Blog Option Update

The plugin does not have any CSRF and authorisation checks in the padismissadminnotice AJAX action, available to any authenticated users, and do not validate the option key to ensure the option to update belongs to the plugin. As a result, any authenticated user, such as subscriber can update...

0.7AI score
Exploits0
wpexploit
wpexploit
added 2021/08/28 12:0 a.m.780 views

Duplicate Page < 4.4.3 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise or escape the Duplicate Post Suffix settings before outputting it, which could allow high privilege users to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. The attempt to fix the issue in 4.4.2 is insufficient and...

4.8CVSS0.0087EPSS
Exploits2References1
wpexploit
wpexploit
added 2021/08/26 12:0 a.m.559 views

PostX Gutenberg Blocks for Post Grid < 2.4.10 - Contributor+ Stored Cross-Site Scripting

The plugin allows users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks via the plugin's block. PoC can be entered with code editor the example below uses Taxonomy block; all blocks are vulnerable:...

5.4CVSS5.3AI score0.0053EPSS
Exploits1
wpexploit
wpexploit
added 2021/08/26 12:0 a.m.125 views

Woffice < 4.0.2 - Unauthenticated Disclosure of Notification Titles

The theme lacks authentication checks before returning the titles of notifications between the site's users. Any request to the wofficeNotificationGet ajax endpoint will return titles of notifications sent between users. Example:...

0.8AI score
Exploits0
wpexploit
wpexploit
added 2021/08/26 12:0 a.m.962 views

Multiple Plugins from CRM Perks - Reflected Cross-Site Scripting

Numerous plugins from the CRM Perks vendor do not escape parameters before outputting them back in attributes in admin pages, leading to a Reflected Cross-Site Scripting issues executed in the context of a logged in administrator. It first started with an obvious XSS via the vxdebug GET parameter...

1.1AI score
Exploits0
wpexploit
wpexploit
added 2021/08/26 12:0 a.m.560 views

PostX Gutenberg Blocks Saved Templates Addon < 2.4.10 - Contributor+ Stored Cross-Site Scripting

The plugin, with Saved Templates Addon enabled, allows users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks via the plugin's shortcode. Create a page as any user with the following shortcode block: gutenbergpostblocks id='a"...

5.4CVSS0.8AI score0.00517EPSS
Exploits1
wpexploit
wpexploit
added 2021/08/26 12:0 a.m.528 views

PostX Gutenberg Blocks Saved Templates Addon < 2.4.10 - Private Content Disclosure

The plugin, with Saved Templates Addon enabled, allows users with Contributor roles or higher to read password-protected or private post contents the user is otherwise unable to read, given the post ID. If the post 1234, created by other users, is set as private, save gutenbergpostblocks id="1234...

4.3CVSS0.7AI score0.00739EPSS
Exploits1
wpexploit
wpexploit
added 2021/08/25 12:0 a.m.523 views

Contact Form 7 Zoho < 1.1.8 - Reflected Cross-Site Scripting

The plugin does not escape some of its filters before outputting them back in the admin dashboard, leading to Reflected Cross-Site Scripting issues https://example.com/wp-admin/admin.php?page=vxcfzoho&tab=logs&startdate="alert/XSS-startdate/&enddate="alert/XSS-enddate/...

0.6AI score
Exploits0
wpexploit
wpexploit
added 2021/08/25 12:0 a.m.145 views

WP Map Block < 1.2.3 - Contributor+ Stored Cross-Site Scripting

The plugin does not escape some attributes of the WP Map Block, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks - As a contributor, add a WP Map Block to a post/page - Click "Show more settings" - Scroll the sidebar and click "Map Marker" -...

5.4CVSS5.3AI score0.00604EPSS
Exploits2
wpexploit
wpexploit
added 2021/08/25 12:0 a.m.583 views

Multiple Plugins - Reflected Cross-Site Scripting via PHPRelativePath Library

The plugins are using the PHPRelativePath library, which contain an example file affected a Reflected Cross-Site Scripting POST /wp-content/plugins/mpl-publisher/vendor/grandt/relativepath/RelativePath.Example1.php HTTP/1.1 Accept:...

1.7AI score
Exploits0
wpexploit
wpexploit
added 2021/08/25 12:0 a.m.507 views

Responsive Poll < 1.5.9 - Reflected Cross-Site Scripting

The TotalSoftPoll1Vote AJAX action available to both unauthenticated and unauthenticated users outputs the invalid nonce without escaping it first, leading to a Reflected Cross-Site Scripting issue. The issue was fixed in 1.5.5, however additional sanitisation and escaping was done in 1.5.5 to...

6.8AI score
Exploits0
wpexploit
wpexploit
added 2021/08/25 12:0 a.m.599 views

Block and Stop Bad Bots < 6.62 - Reflected Cross-Site Scripting

The plugin does not escape the page parameter before outputting it back in attributes, leading to a Reflected Cross-Site Scripting issues POST /wp-admin/admin.php?page=sbbmy-custom-submenu-page HTTP/1.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/;q=0.8...

0.1AI score
Exploits0
wpexploit
wpexploit
added 2021/08/25 12:0 a.m.618 views

MX Time Zone Clocks < 3.4.1 - Contributor+ Cross-Site Scripting

The plugin does not escape the timezone attribute of the mxmtzctimezoneclocks shortcode, allowing users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks mxmtzctimezoneclocks timezone='"+alertXSS-timezone+"'...

5.4CVSS3.2AI score0.00604EPSS
Exploits2
wpexploit
wpexploit
added 2021/08/24 12:0 a.m.553 views

Contact Form Entries < 1.2.1 - Reflected Cross-Site Scripting

The plugin does not escape some of its filters before outputting them back in the admin dashboard, leading to Reflected Cross-Site Scripting issues https://example.com/wp-admin/admin.php?page=vxcfleads&tab=entries&startdate="alert/XSS-startdate/&enddate="alert/XSS-enddate/...

0.8AI score
Exploits0
wpexploit
wpexploit
added 2021/08/24 12:0 a.m.504 views

TextME SMS < 1.8.9 - Authenticated Stored XSS

The plugin does not escape its settings when outputting them, allowing high privilege users to perform XSS attacks even when the unfilteredhtml capability is disallowed Put the following payload in the Account Username or Password settings of the plugin: " style=animation-name:rotation...

1AI score
Exploits0References2
wpexploit
wpexploit
added 2021/08/24 12:0 a.m.615 views

Coupon Affiliates for WooCommerce < 4.11.0.2 - Reflected Cross-Site Scripting

The plugin does not escape the page parameter in its Referral Visits dashboard before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting issue alert/XSS/' /...

0.5AI score
Exploits0
wpexploit
wpexploit
added 2021/08/24 12:0 a.m.533 views

Live Scores for SportsPress < 1.9.1 - Authenticated Local File Inclusion

The plugin does not validate or sanitise the tab parameter in the admin dashboard before using it in an include statement, leading to an Authenticated Local File Inclusion https://example.com/wp-admin/admin.php?page=live-scores-for-sportspress&tab=../../index This will include the homepage of the...

0.6AI score
Exploits0
wpexploit
wpexploit
added 2021/08/24 12:0 a.m.581 views

Recipe Card Blocks < 2.8.3 - Contributor+ Stored Cross-Site Scripting

The plugin does not properly sanitise or escape some of the properties of the Recipe Card Block such as ingredientsLayout, iconSet, steps, ingredients, recipeTitle, or settings, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks. As a...

5.4CVSS5.3AI score0.00604EPSS
Exploits2
wpexploit
wpexploit
added 2021/08/24 12:0 a.m.571 views

Live Scores for SportsPress < 1.9.1 - Reflected Cross-Site Scripting

The plugin does not sanitise the lsfsmatchdate parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting issue https://example.com/wp-admin/edit.php?posttype=spevent&page=lsfs-live-matches&lsfsmatchdate="alert/XSS/...

0.5AI score
Exploits0
wpexploit
wpexploit
added 2021/08/24 12:0 a.m.598 views

SMTP Mail < 1.2 - Reflected Cross-Site Scripting (XSS)

The plugin does not escape its page parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting issue alert/XSS/' /...

Exploits0
wpexploit
wpexploit
added 2021/08/24 12:0 a.m.613 views

Recipe Card Blocks < 2.8.1 - Reflected Cross-Site Scripting

The plugin does not escape the message parameter before outputting it back in the admin dashboard, leading to a Reflected Cross-Site Scripting issue https://example.com/wp-admin/index.php?slactivation=false&message=%3Cscript%3Ealertorigin%3C%2Fscript%3E...

6.1CVSS0.5AI score0.008EPSS
Exploits2
wpexploit
wpexploit
added 2021/08/24 12:0 a.m.696 views

SMTP Mail < 1.2.2 - Authenticated SQL Injections

The plugin does not properly validate or escape the order and orderby parameters before using them in SQL statements, leading to SQL Injections in the admin dashboard...

1.9AI score
Exploits0
wpexploit
wpexploit
added 2021/08/24 12:0 a.m.542 views

Contact List < 2.9.42 - Reflected Cross-Site Scripting

The plugin does not escape the cardheight parameter before outputting it back in a page, leading to a Reflected Cross-Site Scripting issue https://example.com/wp-admin/edit.php?posttype=contact&page=contact-list-printable&cardheight="alert/XSS/...

0.6AI score
Exploits0
wpexploit
wpexploit
added 2021/08/24 12:0 a.m.171 views

Booster for WooCommerce < 5.4.4 - Authentication Bypass

Versions up to, and including, 5.4.3, of the Booster for WooCommerce WordPress plugin are vulnerable to authentication bypass via the processemailverification function due to a random token generation weakness in the resetandmailactivationlink function found in the...

9.8CVSS0.9AI score0.50869EPSS
Exploits8References1
wpexploit
wpexploit
added 2021/08/24 12:0 a.m.702 views

Podlove Podcast Publisher < 3.5.6 - Unauthenticated SQL Injection

The plugin contains a 'Social & Donations' module not activated by default, which adds the rest route '/services/contributor/?P\d+, takes an 'id' and 'category' parameters as arguments. Both parameters can be used for the SQLi. With the 'Social & Donations' module of the plugin activated. Permali...

9.8CVSS0.6AI score0.09404EPSS
Exploits2References1
wpexploit
wpexploit
added 2021/08/23 12:0 a.m.127 views

WP Video Lightbox < 1.9.3 - Contributor+ Stored Cross-Site Scripting

The plugin does not escape the attributes of its shortcodes, allowing users with a role as low as contributor to perform Cross-Site Scripting attacks videolightboxvimeo5 videoid='"onmouseover=alert/XSS/ b="' width="640" height="480" anchor="Click here to open vimeo video" videolightboxvimeo5...

5.4CVSS1.8AI score0.00618EPSS
Exploits1References1
wpexploit
wpexploit
added 2021/08/23 12:0 a.m.130 views

Gallery Blocks with Lightbox < 2.2.1- Authenticated Stored Cross-Site Scripting

A stored cross-site scripting vulnerability has been discovered in : Simply Gallery Blocks with Lightbox Version – 2.2.0 & below . The vulnerability exists in the Lightbox functionality where a user with low privileges is allowed to execute arbitrary script code within the context of the...

5.4CVSS2.4AI score0.00618EPSS
Exploits1References1
Total number of security vulnerabilities4359