Lucene search
K
WpexploitRecent

4359 matches found

wpexploit
wpexploit
added 2021/08/23 12:0 a.m.720 views

Timetable and Event Schedule by MotoPress < 2.4.2 - Unauthorised Event TimeSlot Update

The plugin does not have proper access control when updating a timeslot, allowing any user with the editposts capability contributor+ to update arbitrary timeslot from any events. Furthermore, no CSRF check is in place as well, allowing such attack to be perform via CSRF against a logged in with...

5.4CVSS5.4AI score0.00489EPSS
Exploits2
wpexploit
wpexploit
added 2021/08/23 12:0 a.m.558 views

OMGF < 4.5.4 - Subscriber+ Arbitrary File/Folder Deletion

The plugin does not enforce path validation, authorisation and CSRF checks in the omgfajaxemptydir AJAX action, which allows any authenticated users to delete arbitrary files or folders on the server. As an authenticated user, with a role as low as subscriber, viewing the admin the dashboard...

8.1CVSS1.1AI score0.00883EPSS
Exploits2
wpexploit
wpexploit
added 2021/08/23 12:0 a.m.867 views

Simple School Staff Directory <= 1.1 - Admin+ Arbitrary File Upload

The plugin does not validate uploaded logo pictures to ensure that are indeed images, allowing high privilege users such as admin to upload arbitrary file like PHP, leading to RCE As admin, upload a PHP file via the Add Logo page of the plugin...

7.2CVSS1.3AI score0.01442EPSS
Exploits2
wpexploit
wpexploit
added 2021/08/23 12:0 a.m.573 views

Fonts Plugin < 3.0.3 - Contributor+ Stored Cross-Site Scripting

The plugin does not escape and sanitise some of its block settings, allowing users with as role as low as Contributor to perform Stored Cross-Site Scripting attacks via blockType combined with content, align, color, variant and fontID argument of a Gutenberg block. As a contributor, put the...

5.4CVSS0.3AI score0.00604EPSS
Exploits2
wpexploit
wpexploit
added 2021/08/23 12:0 a.m.598 views

OMGF < 4.5.4 - Unauthenticated Path Traversal in REST API

The plugin does not escape or validate the handle parameter of the REST API, which allows unauthenticated users to perform path traversal and overwrite arbitrary CSS file with Google Fonts CSS, or download fonts uploaded on Google Fonts website. Access the URL below as unauthenticated...

9.1CVSS9.5AI score0.01762EPSS
Exploits2
wpexploit
wpexploit
added 2021/08/23 12:0 a.m.807 views

Timetable and Event Schedule by MotoPress < 2.4.0 - Arbitrary User's Hashed Password/Email/Username Disclosure

The plugin outputs the Hashed Password, Username and Email Address along other less sensitive data of the user related to the Even Head of the Timeslot in the response when requesting the event Timeslot data with a user with the editposts capability. Combined with the other Unauthorised Event...

6.5CVSS0.01139EPSS
Exploits2
wpexploit
wpexploit
added 2021/08/23 12:0 a.m.625 views

Shortcodes Ultimate < 5.10.2 - Contributor+ Stored XSS

The plugin allows users with Contributor roles to perform stored XSS via shortcode attributes. Note: the plugin is inconsistent in its handling of shortcode attributes; some do escape, most don't, and there are even some attributes that are insecure by design like subutton's onclick attribute...

5.4CVSS3.7AI score0.00604EPSS
Exploits2
wpexploit
wpexploit
added 2021/08/23 12:0 a.m.592 views

Limit Login Attempts < 4.0.50 - Unauthenticated Stored Cross-Site Scripting

The plugin does not escape the IP addresses which can be controlled by attacker via headers such as X-Forwarded-For of attempted logins before outputting them in the reports table, leading to an Unauthenticated Stored Cross-Site Scripting issue. POST /wp-login.php HTTP/1.1 Accept:...

6.1CVSS0.6AI score0.0157EPSS
Exploits2
wpexploit
wpexploit
added 2021/08/23 12:0 a.m.777 views

Comment Link Remove and Other Comment Tools < 2.1.6 - Arbitrary Comment Deletion via CSRF

The plugin does not have CSRF check in its 'Delete comments easily', which could allow attackers to make logged in admin delete arbitrary comments POST /wp-admin/admin.php?page=comment-link-remove HTTP/1.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/;q=0.8...

4.3CVSS2.7AI score0.00471EPSS
Exploits2References1
wpexploit
wpexploit
added 2021/08/23 12:0 a.m.707 views

Timetable and Event Schedule by MotoPress < 2.4.2 - Unauthorised Event TimeSlot Deletion

The plugin does not have proper access control when deleting a timeslot, allowing any user with the editposts capability contributor+ to delete arbitrary timeslot from any events. Furthermore, no CSRF check is in place as well, allowing such attack to be performed via CSRF against a logged in wit...

4.3CVSS0.2AI score0.01568EPSS
Exploits2
wpexploit
wpexploit
added 2021/08/23 12:0 a.m.533 views

Timetable and Event Schedule by MotoPress < 2.3.19 - Author+ Stored Cross-Site Scripting

The plugin does not sanitise some of its parameters, which could allow low privilege users such as author to perform XSS attacks against frontend and backend users when viewing the related event/s Create an event with the following payload in the description of a timeslot: The XSS will be execute...

5.4CVSS1AI score0.0086EPSS
Exploits2References2
wpexploit
wpexploit
added 2021/08/23 12:0 a.m.656 views

Post Views Counter < 1.3.5 - Authenticated Stored XSS

The plugin does not sanitise or escape its Post Views Label settings, which could allow high privilege users to perform Cross-Site Scripting attacks in the frontend even when the unfilteredhtml capability is disallowed Put the following payload in the Post Views Label settings of the plugin...

4.8CVSS0.4AI score0.00598EPSS
Exploits2
wpexploit
wpexploit
added 2021/08/22 12:0 a.m.118 views

WP iCommerce <= 1.1.1 - Authenticated (contributor+) SQL Injection

The Orders functionality in the plugin has an orderid parameter which is not sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection. The feature is available to low privilege users such as contributors GET...

7.2CVSS2.1AI score0.04501EPSS
Exploits2References1
wpexploit
wpexploit
added 2021/08/22 12:0 a.m.104 views

WP-Board <= 1.1 (beta) - Unauthenticated SQL Injection

The options.php file of the plugin accepts a postid parameter which is not sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection. This is a time based SQLI and in the same function vulnerable parameter is passed twice so if we pass time as 5 seconds it take...

8.8CVSS0.8AI score0.04561EPSS
Exploits2References1
wpexploit
wpexploit
added 2021/08/22 12:0 a.m.118 views

WP Domain Redirect <= 1.0 - Authenticated SQL Injection

The Edit domain functionality in the plugin has an editid parameter which is not sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection. POST /wp-admin/admin.php?page=add&action=edit&id=1 HTTP/1.1 Content-Length: 102 Cache-Control: max-age=0...

7.2CVSS0.7AI score0.04501EPSS
Exploits2References1
wpexploit
wpexploit
added 2021/08/22 12:0 a.m.131 views

GSEOR <= 1.3 - Authenticated SQL Injection

A pageid GET parameter of the plugin is not sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection. GET /wp-admin/admin.php?page=gseor.php&search=1&pageid=1%20AND%20SELECT%206449%20FROM%20SELECTSLEEP5wwdQ HTTP/1.1 Cache-Control: max-age=0...

7.2CVSS1.2AI score0.01467EPSS
Exploits2References1
wpexploit
wpexploit
added 2021/08/22 12:0 a.m.154 views

Responsive 3D Slider <= 1.2 - Authenticated SQL Injection

The Add new scene functionality in the plugin uses an id parameter which is not sanitised, escaped or validated before being inserted to a SQL statement, leading to SQL injection. This is a time based SQLI and in the same function vulnerable parameter is passed twice so if we pass time as 5 secon...

7.2CVSS0.6AI score0.01467EPSS
Exploits2References1
wpexploit
wpexploit
added 2021/08/22 12:0 a.m.155 views

WordPress Page Contact <= 1.0 - Authenticated (editor+) SQL Injection

The Orders functionality in the plugin has an orderid parameter which is not sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection. The feature is available to low privilege users such as contributors POST /wp-admin/admin.php?page=wpagecontact-plugin HTTP/1...

7.2CVSS2.2AI score0.01467EPSS
Exploits2References1
wpexploit
wpexploit
added 2021/08/22 12:0 a.m.111 views

Display users <= 2.0.0 - Authenticated SQL Injection

The Edit Role functionality in the plugin had an id parameter which is not sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection. GET /wp-admin/admin.php?page=display-users&tab=manage-role&action=edit&id=-4476+UNION+ALL+SELECT+NULL%2Cuser%28%29%2CNULL--+-...

7.2CVSS1.5AI score0.01467EPSS
Exploits2References1
wpexploit
wpexploit
added 2021/08/22 12:0 a.m.145 views

Create WooCommerce Product Feeds For 40+ Merchants < 3.3.1.0 - Authenticated SQL Injection

The fetchproductajax functionality in the plugin uses a productid POST parameter which is not properly sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection. POST /wp-admin/admin-ajax.php HTTP/1.1 Content-Length: 162 Accept: / X-Requested-With: XMLHttpReque...

6.5CVSS0.6AI score0.01484EPSS
Exploits2References1
wpexploit
wpexploit
added 2021/08/22 12:0 a.m.128 views

The Sorter <= 1.0 - Authenticated SQL Injection

The checkorder function of the plugin uses an areaid parameter which is not sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection. GET /wp-admin/admin.php?page=thesorterareas&areaid=1%20AND%20SELECT%207667%20FROM%20SELECTSLEEP5DWBj HTTP/1.1 Cache-Control:...

7.2CVSS1.4AI score0.01467EPSS
Exploits2References1
wpexploit
wpexploit
added 2021/08/22 12:0 a.m.143 views

MicroCopy <= 1.1.0 - Authenticated SQL Injection

The edit functionality in the plugin makes a get request to fetch the related option. The id parameter used is not sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection. GET...

7.2CVSS1.2AI score0.01467EPSS
Exploits2References1
wpexploit
wpexploit
added 2021/08/19 12:0 a.m.611 views

Donate With QRCode < 1.4.5 - Stored Cross-Site Scripting

The plugin does not sanitise or escape its QRCode Image setting, which result into a Stored Cross-Site Scripting XSS. Furthermore, the plugin also does not have any CSRF and capability checks in place when saving such setting, allowing any authenticated user as low as subscriber, or unauthenticat...

5.4CVSS5.3AI score0.00374EPSS
Exploits2
wpexploit
wpexploit
added 2021/08/19 12:0 a.m.728 views

Donate With QRCode <= 1.4.5 - Plugin's Setting Update via CSRF

The plugin does not have CSRF check in place when saving its settings, which could allow attackers to make a logged in admin update them...

0.5AI score
Exploits0
wpexploit
wpexploit
added 2021/08/18 12:0 a.m.566 views

ThinkTwit < 1.7.1 - Authenticated Stored Cross-Site Scripting (XSS)

The plugin did not sanitise or escape its "Consumer key" setting before outputting it its settings page, leading to a Stored Cross-Site Scripting issue. Put the following payload in the "Consumer key" setting of the plugin /wp-admin/options-general.php?page=thinktwit: - v alert/XSS/ - v 1.7.1 : "...

5.4CVSS5.3AI score0.00604EPSS
Exploits2
wpexploit
wpexploit
added 2021/08/18 12:0 a.m.707 views

Print My Blog < 3.4.2 - Plugin Deactivation via CSRF

The plugin does not enforce nonce CSRF checks, which allows attackers to make logged in administrators deactivate the Print My Blog plugin and delete all saved data for that plugin by tricking them to open a malicious link...

8.1CVSS3.3AI score0.00519EPSS
Exploits2
wpexploit
wpexploit
added 2021/08/18 12:0 a.m.583 views

Jock on air now < 5.6.3 - Authenticated Stored Cross-Site Scripting

The plugin does not properly sanitise and escape some Show parameters before outputting them in pages, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed Vulnerable parameters: linkURL some validation is done and...

6.3AI score
Exploits0
wpexploit
wpexploit
added 2021/08/18 12:0 a.m.553 views

Jock on air now < 5.6.2 - Arbitrary Plugin's Settings Update via CSRF

The plugin does not have CSRF check in place when saving its settings, allowing attackers to make logged in admin change them to arbitrary values via a CSRF attack...

1AI score
Exploits0
wpexploit
wpexploit
added 2021/08/18 12:0 a.m.826 views

Visual Link Preview < 2.2.3 - Unauthorised AJAX Calls

The plugin does not enforce authorisation on several AJAX actions and has the CSRF nonce displayed for all authenticated users, allowing any authenticated user such as subscriber to call them and 1 Get and search through title and content of Draft post, 2 Get title of a password-protected post as...

5.5CVSS0.4AI score0.00615EPSS
Exploits2
wpexploit
wpexploit
added 2021/08/18 12:0 a.m.571 views

Jock on air now < 5.6.2 - Reflected Cross-Site Scripting

The plugin does not escape the $SERVER'PHPSELF' before outputting it back in an attribute in its settings, leading to a Reflected Cross-Site Scripting issue https://example.com/wp-admin/admin.php/"alert/XSS//?page=joansettings...

0.4AI score
Exploits0
wpexploit
wpexploit
added 2021/08/18 12:0 a.m.572 views

Gutenslider < 5.2.0 - Contributor+ Stored XSS

The plugin does not escape the minWidth attribute of a Gutenburg block, which could allow users with a role as low as contributor to perform Cross-Site Scripting attacks As a contributor or above, create/edit a post, put the below code while in Code Editor mode, and view/preview the post The...

5.4CVSS0.00604EPSS
Exploits2
wpexploit
wpexploit
added 2021/08/17 12:0 a.m.520 views

PostX Gutenberg Blocks for Post Grid < 2.4.10 - Missing Access Controls

The plugin performs incorrect checks before allowing any logged in user to perform some ajax based requests, allowing any user to modify, delete or add ultpoptions values. You can run this from a browser's javascript console:...

6.5CVSS0.1AI score0.00693EPSS
Exploits1
wpexploit
wpexploit
added 2021/08/17 12:0 a.m.554 views

MF Gig Calendar <= 1.1 - Reflected Cross-Site Scripting (XSS)

The plugin does not sanitise or escape the id GET parameter before outputting back in the admin dashboard when editing an Event, leading to a reflected Cross-Site Scripting issue...

6.1CVSS0.9AI score0.0231EPSS
Exploits1
wpexploit
wpexploit
added 2021/08/17 12:0 a.m.763 views

Fileviewer <= 2.2 - Arbitrary File Upload/Deletion via CSRF

The plugin does not have CSRF checks in place when performing actions such as upload and delete files. As a result, attackers could make a logged in administrator delete and upload arbitrary files via a CSRF attack To delete /phpinfo.php:...

8.8CVSS0.9AI score0.0069EPSS
Exploits2
wpexploit
wpexploit
added 2021/08/17 12:0 a.m.779 views

Shopp eCommerce <= 1.4 - Unauthenticated Arbitrary File Upload

The shoppuploadfile AJAX action of the plugin, available to both unauthenticated and authenticated user does not have any security measure in place to prevent upload of malicious files, such as PHP, allowing unauthenticated users to upload arbitrary files and leading to RCE...

9.8CVSS0.6AI score0.01914EPSS
Exploits2
wpexploit
wpexploit
added 2021/08/16 12:0 a.m.136 views

SP Project & Document Manager < 4.26 - Reflected Cross-Site Scripting

The plugin is vulnerable to attribute-based Reflected Cross-Site Scripting via the from and to parameters in the /functions.php file which allows attackers to inject arbitrary web scripts https://example.com/wp-admin/admin.php?page=sp-client-document-manager&from=" style=animation-name:rotation...

6.1CVSS2.7AI score0.00938EPSS
Exploits2References1
wpexploit
wpexploit
added 2021/08/16 12:0 a.m.477 views

Email Artillery <= 4.1 - Multiple Reflected Cross-Site Scripting

The plugin does not sanitise, validate or escape some user input before outputting back in pages leading to Reflected Cross-Site Scripting issues which will be executed in the context of a logged in admin...

0.6AI score
Exploits0
wpexploit
wpexploit
added 2021/08/16 12:0 a.m.505 views

WP Courses LMS < 2.0.44 - Reflected Cross-Site Scripting

The plugin does not escape some parameters before outputting them back in admin pages, leading to Reflected Cross-Site Scripting issues https://example.com/wp-admin/admin.php?page=managestudents&courseid=1&studentid="alert/XSS/...

0.7AI score
Exploits0
wpexploit
wpexploit
added 2021/08/16 12:0 a.m.591 views

Afterpay Gateway for WooCommerce < 3.2.1 - Reflected Cross-Site Scripting

The plugin has sample files form the https://github.com/afterpay/sdk-php library, which do not escape some parameters before outputting them in attributes, leading to Reflected Cross-Site Scripting issues...

0.8AI score
Exploits0
wpexploit
wpexploit
added 2021/08/16 12:0 a.m.518 views

WP Courses LMS < 2.0.44 - Authenticated Stored XSS via Video Embed Code

The plugin does not sanitise its Video Embed Code, allowing malicious code to be injected in it by high privilege users, even when the unfilteredhtml capability is disallowed, which could lead to Stored Cross-Site Scripting issues 1. On the dashboard, navigate to WP Courses Courses Add New Video...

4.8CVSS0.7AI score0.00598EPSS
Exploits2
wpexploit
wpexploit
added 2021/08/16 12:0 a.m.666 views

WordPress Advanced Ticket System < 1.0.64 - Authenticated Stored Cross-Site Scripting (XSS)

The plugin does not sanitize or escape form values before saving to the database or when outputting, which allows high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. Navigate to Tickets Add New add all information on the title, post,...

4.8CVSS1AI score0.00598EPSS
Exploits2
wpexploit
wpexploit
added 2021/08/16 12:0 a.m.509 views

Email Artillery <= 4.1 - CSRF to Stored XSS

The plugin does not sanitise, validate or escape its settings, and is lacking any CSRF check before saving them. As a result, an attacker could make a logged in admin change them and put malicious JavaScript code as well, leading to Stored Cross-Site Scripting issues. alert/XSS/' /...

0.2AI score
Exploits0
wpexploit
wpexploit
added 2021/08/16 12:0 a.m.542 views

Email Artillery <= 4.1 - Multiple Authenticated SQL Injections

The plugin does not sanitise, validate or escape some user input before using it in SQL statements in the admin dashboard, leading to SQL Injections https://example.com/wp-admin/admin.php?page=etmbu-all-posts&s=yes&postid=1%20AND%20SELECT%2042%20FROM%20SELECTSLEEP5aa...

1.3AI score
Exploits0
wpexploit
wpexploit
added 2021/08/16 12:0 a.m.154 views

SEOPress 5.0.0 – 5.0.3 - Authenticated Stored Cross-Site Scripting

The plugin is vulnerable to Stored Cross-Site-Scripting via the processPut function found in the /src/Actions/Api/TitleDescriptionMeta.php file which allows authenticated attackers to inject arbitrary web scripts. $wpuser, 'pwd' = $wppass, 'rememberme' = 'forever', 'wp-submit' = 'Log+In', ; $outp...

6.4CVSS0.9AI score0.00651EPSS
Exploits2References1
wpexploit
wpexploit
added 2021/08/16 12:0 a.m.725 views

Simple eCommerce <= 2.2.5 - Arbitrary File Upload

The plugin does not check for the uploaded Downloadable Digital product file, allowing any file, such as PHP to be uploaded by an administrator. Furthermore, as there is no CSRF in place, attackers could also make a logged admin upload a malicious PHP file, which would lead to RCE...

8.8CVSS0.4AI score0.00612EPSS
Exploits2
wpexploit
wpexploit
added 2021/08/16 12:0 a.m.734 views

Smash Balloon Social Post Feed < 2.19.2 - Unauthenticated Stored XSS

The plugin does not sanitise or escape the feedID POST parameter in its feedlocator AJAX action available to both authenticated and unauthenticated users before outputting a truncated version of it in the admin dashboard, leading to an unauthenticated Stored Cross-Site Scripting issue which will ...

6.1CVSS0.01322EPSS
Exploits2
wpexploit
wpexploit
added 2021/08/16 12:0 a.m.547 views

CBX Bookmark & Favorite < 1.6.9 - Reflected Cross-Site Scripting

The plugin does not escape a page parameter before outputting it back in attributes, leading to Reflected Cross-Site Scripting issues alert/XSS/' / alert/XSS/' /...

6.6AI score
Exploits0
wpexploit
wpexploit
added 2021/08/16 12:0 a.m.784 views

Language Bar Flags <= 1.0.8 - CSRF to Stored XSS

The plugin does not have any CSRF in place when saving its settings and did not sanitise or escape them when generating the flag bar in the frontend. This could allow attackers to make a logged in admin change the settings, and set Cross-Site Scripting payload in them, which will be executed in t...

4.3CVSS0.3AI score0.00467EPSS
Exploits2
wpexploit
wpexploit
added 2021/08/16 12:0 a.m.579 views

Email Artillery <= 4.1 - Arbitrary File Upload

The plugin does not properly check the uploaded files from the Import Emails feature, allowing arbitrary files to be uploaded. Furthermore, the plugin is also lacking any CSRF check, allowing such issue to be exploited via a CSRF attack as well. However, due to the presence of a .htaccess, denyin...

6.8CVSS6.6AI score0.0054EPSS
Exploits2
wpexploit
wpexploit
added 2021/08/16 12:0 a.m.549 views

Amazon Auto Links < 4.6.20 - Reflected Cross-Site Scripting

The plugin does not escape some parameters before outputting them back in attributes in an admin page, leading to Reflected Cross-Site Scripting issues alert/XSS-page/' / alert/XSS-tab/' /...

0.5AI score
Exploits0
Total number of security vulnerabilities4359