Lucene search
K
WpexploitRecent

4359 matches found

wpexploit
wpexploit
•added 2021/07/23 12:0 a.m.•574 views

Simple Post <= 1.1 - Authenticated Stored Cross-Site Scripting (XSS)

The plugin does not sanitize user input when an authenticated user Text value, then it does not escape these values when outputting to the browser leading to an Authenticated Stored XSS Cross-Site Scripting issue. 1. Install WordPress 5.7.2 2. Install and activate Simple Post 3. Navigate to...

5.2AI score0.00506EPSS
Exploits2References1
wpexploit
wpexploit
•added 2021/07/23 12:0 a.m.•165 views

GTranslate < 2.8.65 - Reflected Cross-Site Scripting (XSS)

In the Pro and Enterprise versions of GTranslate alert123;...

4.3CVSS1.6AI score0.01572EPSS
Exploits2References1
wpexploit
wpexploit
•added 2021/07/21 12:0 a.m.•120 views

NewsPlugin < 1.1.0 - CSRF to Stored Cross-Site Scripting

The NewsPlugin WordPress plugin is vulnerable to Cross-Site Request Forgery via the handlesavestyle function found in the /news-plugin.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.0.18. Note: v1.1.0 Added CSRF to the affected function, but see...

6.8CVSS2.6AI score0.0056EPSS
Exploits1References1
wpexploit
wpexploit
•added 2021/07/21 12:0 a.m.•568 views

Grid Gallery < 1.2.5 - Authenticated Stored Cross Site Scripting (XSS)

The plugin does not properly sanitize the title field for image galleries when adding them via the admin dashboard, resulting in an authenticated Stored Cross-Site Scripting vulnerability. Step 1: Install Grid Gallery - Photo Image Grid Gallery plugin in word press and activate the plugin. Step 2...

3.5CVSS0.0062EPSS
Exploits2
wpexploit
wpexploit
•added 2021/07/21 12:0 a.m.•543 views

Charitable - Donation Plugin < 1.6.51 - Unauthenticated Stored Cross-Site Scripting

While fixing an Authenticated Stored Cross-Site Scripting issue https://wpscan.com/vulnerability/a5837621-ee6e-4876-9f65-82658fc0341f, the vendor identified another Cross-Site Scripting issue, which could be exploited by unauthenticated users and would be triggered in the context of a logged in...

Exploits0References2
wpexploit
wpexploit
•added 2021/07/21 12:0 a.m.•640 views

Maintenance < 4.03 - Authenticated Stored XSS

The plugin does not sanitise or escape some of its settings, allowing high privilege users such as admin to se Cross-Site Scripting payload in them even when the unfilteredhtml capability is disallowed, which will be triggered in the frontend POST /wp-admin/admin.php?page=maintenance HTTP/1.1...

3.5CVSS0.4AI score0.00617EPSS
Exploits2
wpexploit
wpexploit
•added 2021/07/21 12:0 a.m.•262 views

SendGrid <= 1.11.8 - Authenticated Authorization Bypass

The plugin is vulnerable to authorization bypass via the getajaxstatistics function found in the /lib/class-sendgrid-statistics.php file which allows authenticated users to export statistics for a WordPress multi-site main site in versions up to 1.11.8. This vulnerability only affects the main si...

4CVSS2.2AI score0.00698EPSS
Exploits1References1
wpexploit
wpexploit
•added 2021/07/21 12:0 a.m.•548 views

Charitable – Donation Plugin < 1.6.51 - Authenticated Stored Cross-Site Scripting (XSS)

The plugin is affected by an authenticated stored cross-site scripting vulnerability which was found in the add donation feature. 1. Go to /wp-admin/edit.php?posttype=donation 2. Add new donation 3. In the first or last name forms, add the XSS payload 4. Save and the XSS payload will be executed...

3.5CVSS0.7AI score0.00576EPSS
Exploits1References1
wpexploit
wpexploit
•added 2021/07/20 12:0 a.m.•155 views

NEX Forms < 7.8.8 - Authentication Bypass for Excel Reports

The plugin was vulnerable to Authentication Bypass for Excel Reports allowing unauthenticated attackers to download Excel reports. http://www.example.com/wp-admin/admin.php?page=nex-forms-dashboard&exportcsv=true...

5CVSS4AI score0.01822EPSS
Exploits2References3
wpexploit
wpexploit
•added 2021/07/20 12:0 a.m.•143 views

KN Fix Your Title <= 1.0.1 - Authenticated Stored XSS

The plugin was vulnerable to Authenticated Stored XSS in the separator field. 1. Install WordPress 5.7.2 2. Install and activate KN Fix Your Title 3. Navigate to Fix Title under Settings Tab Click on I have done this and enter the XSS payload into the Separator input field. 4. Click Save Changes...

3.5CVSS0.0062EPSS
Exploits2References1
wpexploit
wpexploit
•added 2021/07/20 12:0 a.m.•793 views

HM Multiple Roles < 1.3 - Arbitrary Role Change

The plugin does not have any access control to prevent low privilege users to set themselves as admin via their profile page As any authenticated user, go to your Profile page and Tick the Administrator Role checkbox. In v1.2, the checkboxes are disabled in the UI but can be tampered with by eith...

6.5CVSS1.5AI score0.01509EPSS
Exploits2References2
wpexploit
wpexploit
•added 2021/07/20 12:0 a.m.•155 views

NEX Forms < 7.8.8 - Authentication Bypass for PDF Reports

The plugin was vulnerable to Authentication Bypass for PDF Reports allowing unauthenticated attackers to download PDF reports. http://www.example.com/wp-content/uploads/submissionreport.pdf...

5CVSS4AI score0.01822EPSS
Exploits2References3
wpexploit
wpexploit
•added 2021/07/20 12:0 a.m.•711 views

Giveaway <= 1.2.2 - Authenticated SQL Injection

The plugin is vulnerable to an SQL Injection issue which allows an administrative user to execute arbitrary SQL commands via the $postid on the options.php page. 1. Navigate in Wordpress panel to Settings - Giveaway 2. Intercept the request in Burp Suite 3. Click on "Select" button at the very to...

6.5CVSS1.4AI score0.01344EPSS
Exploits2
wpexploit
wpexploit
•added 2021/07/19 12:0 a.m.•691 views

Wonder Video Embed < 1.8 - Contributor+ Stored XSS

The plugin does not escape parameters of its wonderpluginvideo shortcode, which could allow users with a role as low as Contributor to perform Stored XSS attacks. wonderpluginvideo iframe='youtube.com?v=dQw4w9WgXcQ" onload="alert1' videocss='animation-name:twentytwentyone-close-button-transition"...

3.5CVSS2.1AI score0.00624EPSS
Exploits2
wpexploit
wpexploit
•added 2021/07/19 12:0 a.m.•593 views

My Site Audit <= 1.2.4 - Authenticated Stored Cross-Site Scripting (XSS)

The plugin does not sanitise or escape the Audit Name field when creating an audit, allowing high privilege users to set JavaScript payloads in them, even when he unfilteredhtml capability is disallowed, leading to an authenticated Stored Cross-Site Scripting issue Create an audit with the...

3.5CVSS0.1AI score0.00656EPSS
Exploits2
wpexploit
wpexploit
•added 2021/07/19 12:0 a.m.•814 views

Light Messages <= 1.0 - CSRF to Stored XSS

The plugin is lacking CSRF check when updating it's settings, and is not sanitising its Message Content in them even with the unfilteredhtml disallowed. As a result, an attacker could make a logged in admin update the settings to arbitrary values, and set a Cross-Site Scripting payload in the...

4.3CVSS6AI score0.00412EPSS
Exploits2
wpexploit
wpexploit
•added 2021/07/19 12:0 a.m.•829 views

Profile Builder < 3.4.9 - Admin Access via Password Reset

The plugin has a bug allowing any user to reset the password of the admin of the blog, and gain unauthorised access, due to a bypass in the way the reset key is checked. Furthermore, the admin will not be notified of such change by email for example. The password reset key is checked against the...

10CVSS0.4AI score0.07696EPSS
Exploits2
wpexploit
wpexploit
•added 2021/07/19 12:0 a.m.•762 views

Verse-O-Matic <= 4.1.1 - CSRF to Stored XSS

The plugin does not have any CSRF checks in place, allowing attackers to make logged in administrators do unwanted actions, such as add/edit/delete arbitrary verses and change the settings. Due to the lack of sanitisation in the settings and verses, this could also lead to Stored Cross-Site...

4.3CVSS0.00412EPSS
Exploits2
wpexploit
wpexploit
•added 2021/07/19 12:0 a.m.•151 views

Mimetic Books <= 0.2.13 - Authenticated Stored Cross-Site Scripting (XSS)

The plugin was vulnerable to Authenticated Stored Cross-Site Scripting XSS in the "Default Publisher ID" field on the plugin's settings page. 1. Install WordPress 5.7.2 2. Install and activate Mimetic Books 3. Navigate to Settings Mimetic Books API and enter the XSS payload into the Default...

3.5CVSS0.4AI score0.0062EPSS
Exploits2References1
wpexploit
wpexploit
•added 2021/07/19 12:0 a.m.•843 views

Shantz WordPress QOTD <= 1.2.2 - Arbitrary Setting Update via CSRF

The plugin is lacking any CSRF check when updating its settings, allowing attackers to make logged in administrators change them to arbitrary values...

4.3CVSS1.3AI score0.0045EPSS
Exploits2
wpexploit
wpexploit
•added 2021/07/19 12:0 a.m.•598 views

Vik Rent Car < 1.1.10 - Authenticated Stored Cross-Site Scripting (XSS)

The plugin does not sanitise the 'Text Next to Icon' field when adding or editing a Characteristic, allowing high privilege users such as admin to use XSS payload in it, leading to an authenticated Stored Cross-Site Scripting issue Add or Edit a Characteristic...

3.5CVSS0.6AI score0.00613EPSS
Exploits2
wpexploit
wpexploit
•added 2021/07/19 12:0 a.m.•832 views

Custom Login Redirect <= 1.0.0 - CSRF to Stored XSS

The plugin does not have CSRF check in place when saving its settings, and do not sanitise or escape user input before outputting them back in the page, leading to a Stored Cross-Site Scripting issue alert/XSS/' /...

4.3CVSS6AI score0.00412EPSS
Exploits2
wpexploit
wpexploit
•added 2021/07/19 12:0 a.m.•904 views

Telugu Bible Verse Daily <= 1.0 - CSRF to Stored XSS

The plugin is lacking any CSRF check when saving its settings and verses, and do not sanitise or escape them when outputting them back in the page. This could allow attackers to make a logged in admin change the settings, as well as add malicious verses containing JavaScript code in them, leading...

4.3CVSS6.2AI score0.00412EPSS
Exploits2
wpexploit
wpexploit
•added 2021/07/19 12:0 a.m.•720 views

RestroPress < 2.8.3.1 - Unauthorised AJAX Calls

The plugin did not check for CSRF as well as capability in some of its AJAX calls which should only be accessible by admin. As a result, any authenticated user can change arbitrary order status, as well as access arbitrary order details including PII such as phone number and address Change the...

0.7AI score
Exploits0
wpexploit
wpexploit
•added 2021/07/19 12:0 a.m.•572 views

PhoneTrack Meu Site Manager <= 0.1 - Authenticated Stored XSS

The plugin does not sanitise or escape its "phpid" setting before outputting it back in an attribute in the page, leading to a stored Cross-Site Scripting issue. Put the following payload in the "phpid" field in the plugin's settings /wp-admin/options-general.php?page=phtmanager: "alert/XSS/...

3.5CVSS0.2AI score0.00624EPSS
Exploits2
wpexploit
wpexploit
•added 2021/07/19 12:0 a.m.•541 views

Wonder PDF Embed < 1.7 - Contributor+ Stored XSS

The plugin does not escape parameters of its wonderpluginpdf shortcode, which could allow users with a role as low as Contributor to perform Stored XSS attacks. wonderpluginpdf src="a" onload="alert1"...

3.5CVSS2.6AI score0.00624EPSS
Exploits2
wpexploit
wpexploit
•added 2021/07/19 12:0 a.m.•592 views

Photo Gallery < 1.5.79 - Stored XSS via Uploaded SVG in Zip

The plugin did not ensure that uploaded SVG files inside a Zipped archive added to a gallery do not contain malicious content. As a result, users allowed to add images to gallery can upload an SVG file containing JavaScript code, which will be executed when accessing the image directly ie in the...

0.3AI score
Exploits0
wpexploit
wpexploit
•added 2021/07/19 12:0 a.m.•695 views

RestroPress < 2.8.3 - Cart Manipulation via CSRF

The plugin does not properly check for CSRF in some of its AJAX calls, allowing attackers to make users do unwanted actions, such as add arbitrary products to their cart, or empty it completely To clear the cart of the current user authenticated or not:...

2.2AI score
Exploits0
wpexploit
wpexploit
•added 2021/07/19 12:0 a.m.•728 views

Social Tape <= 1.0 - CSRF to Stored XSS

The plugin does not have CSRF checks in place when saving its settings, and do not sanitise or escape them before outputting them back in the page, leading to a stored Cross-Site Scripting issue via a CSRF attack alert/XSS/' /...

4.3CVSS0.1AI score0.00412EPSS
Exploits2
wpexploit
wpexploit
•added 2021/07/18 12:0 a.m.•184 views

Photo Gallery < 1.5.75 - Stored Cross-Site Scripting via Uploaded SVG

The plugin did not ensure that uploaded SVG files added to a gallery do not contain malicious content. As a result, users allowed to add images to gallery can upload an SVG file containing JavaScript code, which will be executed when accessing the image directly ie in the...

4.3CVSS0.3AI score0.00827EPSS
Exploits2
wpexploit
wpexploit
•added 2021/07/18 12:0 a.m.•147 views

Photo Gallery < 1.5.75 - File Upload Path Traversal

The plugin did not ensure that uploaded files are kept inside its uploads folder, allowing high privilege users to put images/SVG anywhere in the filesystem via a path traversal vector The below requests will put the xss.svg file into the /wp-content/uploads/ folder rather than...

4CVSS0.8AI score0.01893EPSS
Exploits2
wpexploit
wpexploit
•added 2021/07/17 12:0 a.m.•568 views

VDZ Verification < 1.4 - Authenticated Stored XSS

The plugin does not sanitise its Meta Tag settings, allowing high privilege users such as admin to perform XSS attacks even when the unfilteredhtml capability is disallowed Put the following payload in any of the Meta Tag field in the plugin's Settings...

0.6AI score
Exploits0References1
wpexploit
wpexploit
•added 2021/07/15 12:0 a.m.•1259 views

Woocommerce 3.3 to 5.5 - Authenticated Blind SQL Injection

The plugin was reported to be affected by a critical Authenticated Blind SQL Injection vulnerability. http://www.example.com/wp-json/wc/store/products/collection-data?calculateattributecounts0taxonomy=a%252522%252529%252520or%252520sleep%25252810.1%252529%252523...

4CVSS6.4AI score0.01265EPSS
Exploits2References6
wpexploit
wpexploit
•added 2021/07/15 12:0 a.m.•550 views

Form Maker < 1.13.60 - Authenticated Stored XSS

The plugin does not escape its Form Title before outputting it in an attribute when editing a form in the admin dashboard, leading to an authenticated Stored Cross-Site Scripting issue Create or edit a form and add the following payload in the Form Title field "autofocus onmouseover=alert/XSS///...

3.5CVSS0.3AI score0.01091EPSS
Exploits2
wpexploit
wpexploit
•added 2021/07/14 12:0 a.m.•155 views

Current Book <= 1.0.1 - Authenticated Stored Cross-Site Scripting (XSS)

The plugin does not sanitize user input when an authenticated user adds Author or Book Title, then does not escape these values when outputting to the browser leading to an Authenticated Stored XSS Cross-Site Scripting issue. 1. Install WordPress 5.7.2 2. Install and activate Custom Book 3...

3.5CVSS5.2AI score0.0062EPSS
Exploits2References1
wpexploit
wpexploit
•added 2021/07/14 12:0 a.m.•163 views

Video Posts Webcam Recorder < 3.2.4 - Authenticated Reflected XSS

The plugin has an authenticated reflected cross site scripting XSS vulnerability in one of the administrative functions for handling deletion of videos. .../wp-content/plugins/video-posts-webcam-recorder/posts/videowhisper/recordedvideos.php?delete=%3Cscript%3Ealert1%3C/script%3E...

3.5CVSS1.1AI score0.0062EPSS
Exploits2
wpexploit
wpexploit
•added 2021/07/12 12:0 a.m.•113 views

WOWRestro < 1.1 - CSRF Bypass

The plugin does not properly check for CSRF in numerous of its AJAX actions, allowing attacker to make logged in users call them and perform unwanted actions, such as add/remove an item from their basket and empty it as well. To empty a user basket:...

2.6AI score
Exploits0
wpexploit
wpexploit
•added 2021/07/12 12:0 a.m.•703 views

Advanced Menu Manager < 3.0 - Unauthorised Menu Edition via CSRF

The plugin does not properly check for CSRF in its ammsaveexistingmenu function, allowing attackers to make logged in high privilege users edit menus via a CSRF attack...

2AI score
Exploits0
wpexploit
wpexploit
•added 2021/07/12 12:0 a.m.•57 views

Page View Counts < 2.4.9 - Contributor+ Stored XSS

The plugin does not escape the postid parameter of pvcstats shortcode, allowing users with a role as low as Contributor to perform Stored XSS attacks. A post made by a contributor would still have to be approved by an admin to have the XSS triggered in the frontend, however, higher privilege user...

3.5CVSS1.7AI score0.00624EPSS
Exploits2
wpexploit
wpexploit
•added 2021/07/12 12:0 a.m.•175 views

Newsmag < 5.0 - Unauthenticated Reflected Cross-site Scripting (XSS)

Description The theme does not sanitise the tdblockid parameter in its tdajaxblock AJAX action, leading to an unauthenticated Reflected Cross-site Scripting XSS vulnerability. Due to a nonce check, this issue is only exploitable on unauthenticated users for as long as the nonce used in the reques...

6.1CVSS6.1AI score0.01234EPSS
Exploits2
wpexploit
wpexploit
•added 2021/07/12 12:0 a.m.•723 views

Advanced Menu Manager <= 3.0 - Unauthorised Menu Creation/Deletion

The plugin is lacking any capability and CSRF checks in its myactiondeletemenu and myactioncreatemenuajax AJAX actions, allowing any authenticated users such as subscriber to call them. Such attack could also be performed via a CSRF vector against any logged in user. - To delete a menu: POST...

0.8AI score
Exploits0
wpexploit
wpexploit
•added 2021/07/11 12:0 a.m.•257 views

WPFront Notification Bar < 2.0.0.07176 - Authenticated Stored XSS

The plugin does not sanitise or escape its Custom CSS setting, allowing high privilege users such as admin to set XSS payload in it even when the unfilteredhtml capability is disallowed, leading to an authenticated Stored Cross-Site Scripting issue v alert/XSS/ v alert/XSS/...

3.5CVSS0.3AI score0.00695EPSS
Exploits2References2
wpexploit
wpexploit
•added 2021/07/10 12:0 a.m.•567 views

VDZ CallBack < 1.14.6 - Authenticated Stored XSS

The plugin does not properly sanitise or escape some of its settings, allowing high privilege users such as admin to perform XSS attacks even when the unfilteredhtml capability is disallowed Put the following payload in the Title setting of the plugin...

0.5AI score
Exploits0References1
wpexploit
wpexploit
•added 2021/07/08 12:0 a.m.•214 views

Astra Pro Addon < 3.5.2 - Unauthenticated SQL Injection

The plugin did not properly sanitise or escape some of the POST parameters from the astrapaginationinfinite and astrashoppaginationinfinite AJAX action available to both unauthenticated and authenticated user before using them in SQL statement, leading to an SQL Injection issues Via...

7.5CVSS0.9AI score0.11004EPSS
Exploits2References1
wpexploit
wpexploit
•added 2021/07/06 12:0 a.m.•133 views

Marmoset Viewer < 1.9.3 - Reflected Cross Site Scripting

The plugin does not property sanitize, validate or escape the 'id' parameter before outputting back in the page, leading to a reflected Cross-Site Scripting issue. https://example.com/wp-content/plugins/marmoset-viewer/mviewer.php?id=http://%3C/script%3E%3Csvg/onload=alert1%3E WPScanTeam Reporter...

4.3CVSS6.1AI score0.02897EPSS
Exploits2References1
wpexploit
wpexploit
•added 2021/07/05 12:0 a.m.•127 views

Haxcan <= 1.0.0 - Arbitrary File Access

The plugin does not properly ensure that the file to be accessed is within the blog, allowing high privilege users to read any file on the web server. POST /wp-admin/admin-ajax.php HTTP/1.1 Accept: / Accept-Language: en-GB,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type:...

0.6AI score
Exploits0
wpexploit
wpexploit
•added 2021/07/05 12:0 a.m.•115 views

Popular Brand SVG Icons - Simple Icons < 2.7.8 - Contributor+ Stored XSS

The plugin does not sanitise or validate some of its shortcode parameters, such as "color", "size" or "class", allowing users with a role as low as Contributor to set Cross-Site payload in them. A post made by a contributor would still have to be approved by an admin to have the XSS triggered in...

3.5CVSS0.4AI score0.00624EPSS
Exploits2
wpexploit
wpexploit
•added 2021/07/05 12:0 a.m.•472 views

Calendar Event Multi View < 1.4.01 - Unauthenticated Reflected Cross-Site Scripting (XSS)

The plugin does not sanitise or escape the 'start' and 'end' GET parameters before outputting them in the page via php/edit.php, leading to a reflected Cross-Site Scripting issue...

4.3CVSS1.8AI score0.03065EPSS
Exploits2References1
wpexploit
wpexploit
•added 2021/07/05 12:0 a.m.•100 views

Magic Post Thumbnail < 3.3.7 - Reflected Cross-Site Scripting (XSS)

The plugin does not sanitise or escape its ids GET parameter before outputting it back in the bulk generation page, leading to a reflected Cross-Site Scripting issue https://example.com/wp-admin/admin.php?page=magicpostthumbnail%2Finc%2Fadmin%2Fbulkgeneration.php&ids=alert/XSS/...

0.5AI score
Exploits0
wpexploit
wpexploit
•added 2021/07/05 12:0 a.m.•135 views

Haxcan <= 1.0.0 - CSRF Bypass

The plugin does not properly check for CSRF in its getajaxresponse AJAX action, allowing attacker to make logged in admin call them it via CSRF attack and add arbitrary files in quarantine for example. Add an arbitrary file to quarantine...

0.8AI score
Exploits0
Total number of security vulnerabilities4359