Lucene search
K
WpexploitRecent

4359 matches found

wpexploit
wpexploit
•added 2021/08/13 12:0 a.m.•105 views

Skaut bazar < 1.3.3 - Reflected Cross-Site Scripting

The plugin is vulnerable to Reflected Cross-Site Scripting due to the use of $SERVER'PHPSELF' in the /skaut-bazar.php file which allows attackers to inject arbitrary web scripts https://example.com/wp-admin/options-general.php/"alert/XSS//?page=skatubazaroption...

6.1CVSS2.4AI score0.02446EPSS
Exploits2References1
wpexploit
wpexploit
•added 2021/08/13 12:0 a.m.•139 views

Moova for WooCommerce < 3.8 - Reflected Cross-Site Scripting

The plugin does not escape the lat parameter of the moovacustomfields AJAA action available to both unauthenticated and authenticated users before outputting it back in the response, leading to a Reflected Cross-Site Scripting issue alert/XSS/" /...

6.1CVSS0.5AI score0.00938EPSS
Exploits2References1
wpexploit
wpexploit
•added 2021/08/11 12:0 a.m.•563 views

FV Flowplayer Video Player < 7.5.3.727 - Reflected Cross-Site Scripting

The plugin does not escape or validate the playerid parameter before outputting back in the Stats page in the admin dashboard, leading to a Reflected Cross-Site Scripting issue which will be executed in the context of a logged in administrator...

2.1AI score
Exploits0
wpexploit
wpexploit
•added 2021/08/11 12:0 a.m.•709 views

Per Page Add to Head < 1.4.4 - CSRF to Stored XSS

The plugin is lacking any CSRF check when saving its settings, which could allow attackers to make a logged in admin change them. Furthermore, as the plugin allows arbitrary HTML to be inserted in one of the setting feature mentioned by the plugin, this could lead to Stored XSS issue which will b...

4.3CVSS4.5AI score0.00467EPSS
Exploits2
wpexploit
wpexploit
•added 2021/08/11 12:0 a.m.•541 views

Software License Manager < 4.4.8 - Reflected Cross-Site Scripting

The plugin does not sanitise or escape the editrecord parameter before outputting it back in the page in the admin dashboard, leading to a Reflected Cross-Site Scripting issue...

6.1CVSS0.9AI score0.00702EPSS
Exploits1
wpexploit
wpexploit
•added 2021/08/11 12:0 a.m.•838 views

Per Page Add to Head <= 1.4.4 - Authenticated Stored XSS

The plugin does not properly sanitise one of its setting, allowing malicious HTML to be inserted by high privilege users even when the unfilteredhtml capability is disallowed, which could lead to Cross-Site Scripting issues. Note: The plugin is no longer maintained. Put the following payload in t...

4.8CVSS4.8AI score0.00598EPSS
Exploits2
wpexploit
wpexploit
•added 2021/08/11 12:0 a.m.•161 views

Securimage-WP-Fixed <= 3.5.4 - Reflected Cross-Site Scripting (XSS)

The plugin is affected by a Reflected Cross-Site Scripting issue due to the use of $SERVER'PHPSELF' in the /securimage-wp.php file which allows attackers to inject arbitrary web scripts https://example.com/wp-admin/options-general.php/"alert/XSS//script%3E?page=securimage-wp-options%2F...

6.1CVSS2.1AI score0.02313EPSS
Exploits2References1
wpexploit
wpexploit
•added 2021/08/10 12:0 a.m.•107 views

Quiz And Survey Master < 7.1.14 - Reflected Cross-Site Scripting

The plugin does not sanitise or escape the 's' and paged GET parameter before outputting them in attributes, leading to Reflected Cross-Site Scripting issues https://example.com/wp-admin/admin.php?page=mlwquizlist&s="alert/XSS-s/&paged="alert/XSS-paged/...

6.1CVSS0.9AI score0.03515EPSS
Exploits1References1
wpexploit
wpexploit
•added 2021/08/10 12:0 a.m.•639 views

AddToAny Share Buttons < 1.7.48 - Admin+ Stored Cross-Site Scripting

The plugin does not escape its Image URL button setting, which could lead allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. Add the following payload in the Universal Button Image URL settings: " onerror=alert/XSS/ " The XSS...

4.8CVSS0.3AI score0.00654EPSS
Exploits2References1
wpexploit
wpexploit
•added 2021/08/10 12:0 a.m.•524 views

Picture Gallery < 1.4.4 - Authenticated Stored XSS

The plugin does not properly sanitize input on a field found in the plugin's settings page, leading to a stored cross site scripting risk where authenticated users can target other authenticated users. Enter a XSS payload like "alertdocument.location in the "Content URL" field found on the plugin...

0.4AI score
Exploits0References1
wpexploit
wpexploit
•added 2021/08/10 12:0 a.m.•541 views

Book appointment Online < 1.39 - Authenticated Stored Cross-Site Scripting (XSS)

The plugin does not sanitise or escape Service Prices before outputting it in the List, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. In the admin dashboard navigate to Services Add service and put the followi...

4.8CVSS0.5AI score0.00598EPSS
Exploits2
wpexploit
wpexploit
•added 2021/08/10 12:0 a.m.•544 views

Two Factor Authentication < 1.0.8 - Reflected Cross-Site Scripting

The plugin does not escape the user parameter before outputting it back in an attribute in the dashboard page to confirm the 2FA reset, leading to a Reflected Cross-Site Scripting issue https://example.com/wp-admin/users.php?page=reset&action=resetedit&user="alert/XSS/...

0.7AI score
Exploits0
wpexploit
wpexploit
•added 2021/08/10 12:0 a.m.•552 views

Daily Prayer Time < 2021.08.10 - Authenticated Stored XSS

The plugin does not sanitise or escape some of its settings before outputting them in the page, leading to Authenticated Stored Cross-Site Scripting issues. Put the following payload in the Fajr, Sunrise, Zuhr, Asr, Maghrib and/or Isha field of the Language settings of the plugin...

5.4CVSS5.3AI score0.006EPSS
Exploits2
wpexploit
wpexploit
•added 2021/08/10 12:0 a.m.•657 views

miniOrange's Google Authenticator < 5.4.40 - Reflected Cross-Site Scripting

The plugin does not escape the user parameter before outputting it back in an attribute in the dashboard page to confirm the 2FA reset, leading to a Reflected Cross-Site Scripting issue https://example.com/wp-admin/users.php?page=reset&action=resetedit&user="alert/XSS/...

0.6AI score
Exploits0
wpexploit
wpexploit
•added 2021/08/10 12:0 a.m.•550 views

Custom Post View Generator <= 0.4.6 - Reflected Cross-Site Scripting

The createpostpage AJAX action of the plugin available to authenticated user does not sanitise or escape user input before outputting it back in the response, leading to a Reflected Cross-Site issue '...

3.5CVSS0.3AI score0.006EPSS
Exploits2
wpexploit
wpexploit
•added 2021/08/09 12:0 a.m.•546 views

SpeakOut! Email Petitions < 2.13.3 - Reflected Cross-Site Scripting

The plugin does not escape its searchString parameter before outputting it back in an attribute in the admin dashboard, leading to a Reflected Cross-Site Scripting issue https://example.com/wp-admin/admin.php?page=dkspeakoutsignatures&action=search&searchString="alert/XSS/...

0.8AI score
Exploits0
wpexploit
wpexploit
•added 2021/08/09 12:0 a.m.•773 views

AddToAny < 1.7.46 - Authenticated Stored XSS

The plugin does not sanitise its Sharing Header setting when outputting it in frontend pages, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed Put the following payload in the Sharing Header setting of the...

5.4CVSS0.6AI score0.00624EPSS
Exploits2
wpexploit
wpexploit
•added 2021/08/09 12:0 a.m.•1103 views

Titan Framework <= 1.12.1 - Reflected Cross-Site Scripting (XSS)

Description The iframe-font-preview.php file of the titan-framework does not properly escape the font-weight and font-family GET parameters before outputting them back in an href attribute, leading to Reflected Cross-Site Scripting issues Edit WPScanTeam: - The original report mentioned the issue...

6.1CVSS6.3AI score0.01785EPSS
Exploits2
wpexploit
wpexploit
•added 2021/08/09 12:0 a.m.•782 views

Keywords & Meta <= 3.0 - CSRF to Stored Cross-Site Scripting (XSS)

The plugin does not sanitise of escape its settings before outputting them back in the page after they are saved, allowing for Cross-Site Scripting issues. Furthermore, it is also lacking any CSRF check, allowing attacker to make a logged in high privilege user save arbitrary setting via a CSRF...

5.4CVSS0.4AI score0.00319EPSS
Exploits2
wpexploit
wpexploit
•added 2021/08/09 12:0 a.m.•540 views

Stop Spammers Security < 2021.18 - Authenticated Stored XSS

The plugin does not escape some of its settings, allowing high privilege users such as admin to set Cross-Site Scripting payloads in them even when the unfilteredhtml capability is disallowed Put the following payload in any of the API field of the Web Services settings: " autofocus...

5.4CVSS0.5AI score0.00624EPSS
Exploits2
wpexploit
wpexploit
•added 2021/08/09 12:0 a.m.•2599 views

ProfilePress < 3.1.11 - Unauthenticated Cross-Site Scripting (XSS) in tabbed login/register widget

The plugin's widget for tabbed login/register was not properly escaped and could be used in an XSS attack which could lead to wp-admin access. Further, the plugin in several places assigned $POST as $GET which meant that in some cases this could be replicated with just $GET parameters and no need...

6.1CVSS0.3AI score0.01285EPSS
Exploits2References1
wpexploit
wpexploit
•added 2021/08/09 12:0 a.m.•556 views

SliceWP < 1.0.46 - Reflected Cross-Site Scripting (XSS)

The plugin does not escape the converted parameter before outputting it back in an attribute in an admin page, leading to a Reflected Cross-Site Scripting issue https://example.com/wp-admin/admin.php?page=slicewp-visits&converted="alert/XSS/...

0.7AI score
Exploits0
wpexploit
wpexploit
•added 2021/08/09 12:0 a.m.•517 views

Form Builder 1.9.8.4 - Reflected Cross-Site Scripting (XSS)

The plugin does not properly sanitise and escape its fromid parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting issue. The formid digits before the payload must be valid: https://example.com/wp-admin/admin.php?page=smuz-forms&formid=1242;alert/XSS/...

0.3AI score
Exploits0
wpexploit
wpexploit
•added 2021/08/09 12:0 a.m.•569 views

WPFront Notification Bar < 2.1.0.08087 - Authenticated Stored XSS

The plugin does not properly sanitise and escape its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. To execute the XSS on all frontend pages and plugin's setting page, add the following payload in the...

5.4CVSS5.1AI score0.00624EPSS
Exploits2
wpexploit
wpexploit
•added 2021/08/09 12:0 a.m.•561 views

Site Reviews < 5.13.1 - Authenticated Stored XSS

The plugin does not sanitise some of its Review Details when adding a review as an admin, which could allow them to perform Cross-Site Scripting attacks when the unfilteredhtml is disallowed As an admin, create a review via the Admin dashboard /wp-admin/post-new.php?posttype=site-review and add t...

5.4CVSS0.5AI score0.00624EPSS
Exploits2
wpexploit
wpexploit
•added 2021/08/09 12:0 a.m.•141 views

WP Fusion Lite < 3.37.31 - Reflected Cross-Site Scripting (XSS)

The plugin does not escape the startdate and enddate parameters before outputting them back in an admin page, leading to a Reflected Cross-Site Scripting issue. This is due to an incorrect fix of CVE-2021-34660 https://wpscan.com/vulnerability/4a4934d6-282d-4e8c-922a-6b1f12884191...

0.3AI score0.00819EPSS
Exploits2
wpexploit
wpexploit
•added 2021/08/09 12:0 a.m.•676 views

Clean Login 1.12.6.3 - Reflected Cross-Site Scripting

The plugin does not escape the url parameter in its login form page, leading to a Reflected Cross-Site Scripting issue Append the following payload on a page where the clean-login shortcode is embed: ?url="alert/XSS/ Example: https://example.com/clean-login/?url="alert/XSS/...

0.5AI score
Exploits0
wpexploit
wpexploit
•added 2021/08/09 12:0 a.m.•535 views

Tutor LMS < 1.9.6 - Reflected Cross-Site Scripting

The plugin does not escape a page parameter before outputting it back in an student dashboard page, leading to a Reflected Cross-Site Scripting issue alert/XSS/' /...

0.1AI score
Exploits0
wpexploit
wpexploit
•added 2021/08/09 12:0 a.m.•822 views

WordPress Download Manager < 3.2.13 - Email Template Setting Update via CSRF

The plugin did not have CSRF check in place before saving its Email Template setting, allowing attackers to make a logged in admin change them via a CSRF attack...

0.8AI score
Exploits0References1
wpexploit
wpexploit
•added 2021/08/09 12:0 a.m.•556 views

Form Builder < 1.9.8.4 - Authenticated Stored Cross-Site Scripting

The plugin does not sanitise or escape its Form Title, allowing high privilege users such as admin to set Cross-Site Scripting payload in them, even when the unfilteredhtml capability is disallowed Create a new Form via the plugin, go to Form Settings then add the following payload in the Title...

5.4CVSS0.1AI score0.00624EPSS
Exploits2
wpexploit
wpexploit
•added 2021/08/06 12:0 a.m.•161 views

Block and Stop Bad Bots < 6.60 - Authenticated SQL Injections

The plugin did not validate or escape the order and orderby GET parameter in some of its admin dashboard pages, leading to Authenticated SQL Injections...

8.8CVSS2AI score0.01659EPSS
Exploits2References2
wpexploit
wpexploit
•added 2021/08/06 12:0 a.m.•157 views

WP Simple Booking Calendar <= 2.0.6 (before 07/12/2021) - Authenticated SQL Injection

The plugin did not escape, validate or sanitise the orderby parameter in its Search Calendars action, before using it in a SQL statement, leading to an authenticated SQL injection issue Note WPScanTeam: The issue was fixed without bumping the version, so there are two 2.0.6 versions out there, on...

8.8CVSS2.8AI score0.01517EPSS
Exploits2References1
wpexploit
wpexploit
•added 2021/08/06 12:0 a.m.•285 views

Paid Member Subscriptions < 2.4.2 - Authenticated SQL Injection

The plugin did not sanitise, validate or escape its order and orderby parameters before using them in SQL statement, leading to Authenticated SQL Injections in the Members and Payments pages. http://www.example.com/wp-admin/admin.php?page=pms-members-page&orderby=userid&order=asc,select from...

8.8CVSS1.7AI score0.01659EPSS
Exploits2References2
wpexploit
wpexploit
•added 2021/08/06 12:0 a.m.•149 views

WP Fusion Lite < 3.37.30 - Reflected Cross-Site Scripting (XSS)

The plugin is vulnerable to Reflected Cross-Site Scripting via the startdate parameter found in the /includes/admin/logging/class-log-table-list.php file which allows attackers to inject arbitrary web scripts WPScanTeam: The issue was reported as fixed, but the fix was insufficient and a separate...

6.1CVSS2.5AI score0.00819EPSS
Exploits2References1
wpexploit
wpexploit
•added 2021/08/06 12:0 a.m.•118 views

Welcart e-Commerce < 2.2.8 - Authenticated System Information Disclosure

The uscesdownloadsysteminformation AJAX action of the plugin did not have capability check in place, allowing any authenticated user such as subscriber to can export data including WordPress settings, theme and plugins active/inactive along with their version, Welcart general settings and payment...

2.9AI score
Exploits0References1
wpexploit
wpexploit
•added 2021/08/06 12:0 a.m.•574 views

Pods < 2.7.29 - Multiple Authenticated Stored Cross-Site Scripting (XSS)

The plugin is vulnerable to an Authenticated Stored Cross-Site Scripting XSS security vulnerability in multiple parameters. 1. Go to /wp-admin/admin.php?page=pods 2. Edit one of the pods 3. Choose "Labels" menu 4. In "Label", "Singular Label", "Add New", or "All" input field, you can inject an XS...

0.5AI score
Exploits0
wpexploit
wpexploit
•added 2021/08/06 12:0 a.m.•569 views

Highlight < 0.9.3 - Authenticated Stored Cross-Site Scripting

The plugin does not sanitise its CustomCSS setting, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed Tick the "Enable Highlight" setting of the plugin, and put the following payload in the CustomCSS setting as well:...

5.4CVSS0.3AI score0.00624EPSS
Exploits2
wpexploit
wpexploit
•added 2021/08/06 12:0 a.m.•618 views

Cookie Notice & Consent Banner for GDPR & CCPA Compliance < 1.7.2 - Authenticated Stored XSS

The plugin does not properly sanitize inputs to prevent injection of arbitrary HTML within the plugin's design customization options. Go to the plugin's Customize Design page and open the "Wizard menu". Now scroll down and you will find an "Info Text" field where you can inject an XSS payload lik...

5.4CVSS0.4AI score0.00624EPSS
Exploits2
wpexploit
wpexploit
•added 2021/08/05 12:0 a.m.•710 views

User Rights Access Manager <= 1.0.5 - Access Restriction Bypass

The plugin does not properly restrict access to pages, allowing admin users with restricted access done by the plugin to still access the related pages. The issue is the same technique than https://blog.nintechnet.com/vulnerabilities-fixed-in-wordpress-controlled-admin-access-plugin/ The PoC will...

1.5AI score
Exploits0
wpexploit
wpexploit
•added 2021/08/05 12:0 a.m.•578 views

WP Mapa Politico Espana < 3.7.0 - Authenticated Stored Cross-Site Scripting

The plugin does not sanitise or escape some of its settings before outputting them in attributes, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml is disallowed Put the following payload in any of the Maps Zona setting fields such as A Coruna:...

4.8CVSS0.5AI score0.00598EPSS
Exploits2
wpexploit
wpexploit
•added 2021/08/04 12:0 a.m.•726 views

Availability Calendar < 1.2.1 - Authenticated SQL Injection

The plugin does not escape the category attribute from its shortcode before using it in a SQL statement, leading to a SQL Injection issue, which can be exploited by any user able to add shortcode to posts/pages, such as contributor+ With an account role as low as contributor, put the following in...

8.8CVSS1AI score0.01292EPSS
Exploits2
wpexploit
wpexploit
•added 2021/08/03 12:0 a.m.•562 views

Availability Calendar < 1.2.2 - Authenticated Stored Cross-Site Scripting

The plugin does not sanitise or escape its Category Names before outputting them in page/post where the associated shortcode is embed, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml is disallowed Create a new category via the plugin...

4.8CVSS0.8AI score0.00598EPSS
Exploits2
wpexploit
wpexploit
•added 2021/08/02 12:0 a.m.•527 views

StoryChief < 1.0.31 - Authenticated Stored Cross-Site Scripting (XSS)

The plugin does not sanitise and escape its StoryChief Key setting before outputting it in an attribute, leading to an Authenticated Stored Cross-Site Scripting issue Put the following payload in the StoryChief Key setting and save them: "alert/XSS/...

1AI score
Exploits0
wpexploit
wpexploit
•added 2021/08/02 12:0 a.m.•783 views

StoryChief < 1.0.31 - Reflected Cross-Site Scripting (XSS)

The plugin does not sanitise or escape its tab parameter in the Settings page before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting issue https://example.com/wp-admin/options-general.php?page=storychief&tab=%22%3E%3Cscript%3Ealert%28%2FXSS%2F%29%3C%2Fscript%3E...

1.3AI score
Exploits0
wpexploit
wpexploit
•added 2021/08/02 12:0 a.m.•186 views

VDZ Google Analytics or Google Tag Manager / GTM < 1.4.9 - Authenticated Stored XSS

The plugin does not properly sanitise or escape some of its settings, allowing high privilege users such as admin to perform XSS attacks even when the unfilteredhtml capability is disallowed Put the following payloads in the Google Analytics ID settings of the plugin...

0.3AI score
Exploits0References2
wpexploit
wpexploit
•added 2021/08/02 12:0 a.m.•778 views

WP LMS < 1.1.5 - Unauthenticated Arbitrary User Field Edition/Creation

The plugin is lacking any CSRF and capability checks when creating and editing User Fields, allowing unauthorised edition and creation of them either via CSRF or as any user including unauthenticated v1.1.5 added CSRF but still no capability check POST...

1.5AI score
Exploits0
wpexploit
wpexploit
•added 2021/08/02 12:0 a.m.•581 views

Business Hours Indicator < 2.3.5 - Authenticated Stored XSS

The plugin does not sanitise or escape its 'Now closed message" setting when outputting it in the backend and frontend, leading to an Authenticated Stored Cross-Site Scripting issue Put the following payload in the "Now closed message" setting and save them: alert/XSS/ Then refresh the setting...

5.4CVSS0.1AI score0.0062EPSS
Exploits2
wpexploit
wpexploit
•added 2021/08/02 12:0 a.m.•667 views

Bold Page Builder < 3.1.6 - PHP Object Injection

The btbbgetgrid AJAX action of the plugin passes user input into the unserialize function without any validation or sanitisation, which could lead to a PHP Object Injection. Even though the plugin did not contain a suitable gadget to fully exploit the issue, other installed plugins on the blog...

8.8CVSS9AI score0.08215EPSS
Exploits2
wpexploit
wpexploit
•added 2021/08/02 12:0 a.m.•554 views

Email Encoder < 2.1.2 - Reflected Cross Site Scripting

The plugin has an endpoint that requires no authentication and will render a user supplied value in the HTML response without escaping or sanitizing the data. The vulnerable function is nonce protected, the nonce can be found in the site's HTML source by searching for the javascript variable...

6.1CVSS0.3AI score0.00855EPSS
Exploits2
wpexploit
wpexploit
•added 2021/08/02 12:0 a.m.•531 views

Sitewide Notice WP < 2.3 - Authenticated Stored XSS

The plugin does not sanitise some of its settings before outputting them in frontend pages, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed Put the following payload in the Message setting of the plugin: alert/XSS/ The XS...

4.8CVSS4.8AI score0.00617EPSS
Exploits2
Total number of security vulnerabilities4359