Lucene search
K
WpexploitRecent

4359 matches found

wpexploit
wpexploit
added 2021/07/05 12:0 a.m.136 views

CRM: Contact Management Simplified – UkuuPeople <= 1.6.3 - Unauthorised Favourite Addition/Deletion

The plugin does not properly check for CSRF in its ukuuaddtofav AJAX action, allowing attacker to make logged in users call them them and add or delete arbitrary favourite post. To delete a favourite To Add a favourite...

0.7AI score
Exploits0
wpexploit
wpexploit
added 2021/07/05 12:0 a.m.146 views

Speed Booster Pack 4.2.0-beta - Authenticated (admin+) RCE

The plugin did not validate its cachingexcludeurls and cachingincludequerystrings settings before outputting them in a PHP file, which could lead to RCE PoC | Authenticated RCE | Caching Exclude URLs / Cached query strings: POST /wp-admin/admin.php?page=sbp-settings HTTP/2 Host: example.com Cooki...

6.5CVSS7AI score0.01721EPSS
Exploits2References1
wpexploit
wpexploit
added 2021/07/05 12:0 a.m.543 views

Filter Gallery < 0.0.7 - Unauthorised AJAX Calls

The plugin had a logic flaw in the CSRF checks of its AJAX calls, allowing them to be passed by not providing the related parameter in the request. This could allow attacker to make logged in users do unwanted actions. Furthermore, the AJAX calls are also lacking capability checks, allowing any...

0.1AI score
Exploits0
wpexploit
wpexploit
added 2021/07/03 12:0 a.m.111 views

Forms < 1.12.3 - Authenticated Stored Cross-Site Scripting (XSS)

The plugin did not sanitise its input fields, leading to Stored Cross-Site scripting issues. The plugin was vulnerable to an Authenticated Stored Cross-Site Scripting XSS vulnerability within the Forms "Add new" field. Step 1: Install and activate the plugin. Step 2: Go to the Forms-- Add New. St...

3.5CVSS0.5AI score0.0062EPSS
Exploits2References1
wpexploit
wpexploit
added 2021/07/02 12:0 a.m.192 views

Workreap < 2.2.2 - Multiple CSRF + IDOR Vulnerabilities

Several AJAX actions available in the theme lacked CSRF protections, as well as allowing insecure direct object references that were not validated. This allows an attacker to trick a logged in user to submit a POST request to the vulnerable site, potentially modifying or deleting arbitrary object...

5.8CVSS0.6AI score0.00646EPSS
Exploits2References1
wpexploit
wpexploit
added 2021/07/02 12:0 a.m.100 views

Community Event < 1.4.8 - Reflected Cross-Site Scripting (XSS)

The plugin does not sanitise, validate or escape its importrowscount and successimportcount GET parameters before outputting them back in an admin page, leading to a reflected Cross-Site Scripting issue which will be executed in the context of a logged in administrator...

4.3CVSS2.4AI score0.00827EPSS
Exploits2
wpexploit
wpexploit
added 2021/07/02 12:0 a.m.156 views

Workreap < 2.2.2 - Unauthenticated Upload Leading to Remote Code Execution

The theme's AJAX actions workreapawardtempfileuploader and workreaptempfileuploader did not perform nonce checks, or validate that the request is from a valid user in any other way. The endpoints allowed for uploading arbitrary files to the uploads/workreap-temp directory. Uploaded files were...

7.5CVSS0.7AI score0.60113EPSS
Exploits9References1
wpexploit
wpexploit
added 2021/07/02 12:0 a.m.170 views

Workreap < 2.2.2 - Missing Authorization Checks in Ajax Actions

The theme had several AJAX actions missing authorization checks to verify that a user was authorized to perform critical operations such as modifying or deleting objects. This allowed a logged in user to modify or delete objects belonging to other users on the site. log in as arbitrary freelancer...

5.5CVSS1AI score0.01251EPSS
Exploits2References1
wpexploit
wpexploit
added 2021/07/01 12:0 a.m.157 views

WP Google Map < 1.7.7 - Authenticated Stored Cross-Site Scripting (XSS)

The plugin did not sanitise or escape the Map Title before outputting them in the page, leading to a Stored Cross-Site Scripting issue by high privilege users, even when the unfilteredhtml capability is disallowed Create a new map. Add an XSS payload to the title. Click "Show as map title". Add t...

3.5CVSS0.1AI score0.00668EPSS
Exploits2References2
wpexploit
wpexploit
added 2021/07/01 12:0 a.m.286 views

Leaflet Map < 3.0.0 - Contributor+ Stored XSS

The plugin does not escape some shortcode attributes before they are used in JavaScript code or HTML, which could allow users with a role as low as Contributors to exploit stored XSS issues Most of the shortcode attributes are not escaped, so these are just one of them: leaflet-map...

3.5CVSS5.3AI score0.00624EPSS
Exploits2
wpexploit
wpexploit
added 2021/07/01 12:0 a.m.585 views

Cooked < 1.7.9.1- Unauthenticated Reflected Cross-Site Scripting (XSS)

The plugin was vulnerable to Unauthenticated Reflected Cross-Site Scripting XSS. For clarification, this vulnerability is separate to the similar vulnerability CVE-2021-24233. The PoC will be displayed once the issue has been remediated...

0.6AI score0.01749EPSS
Exploits3References2
wpexploit
wpexploit
added 2021/07/01 12:0 a.m.252 views

Leaflet Map < 3.0.0 - Arbitrary Settings Update via CSRF Leading to Stored XSS

The plugin does not verify the CSRF nonce when saving its settings, which allows attackers to make a logged in admin update the settings via a Cross-Site Request Forgery attack. This could lead to Cross-Site Scripting issues by either changing the URL of the JavaScript library being used, or usin...

4.3CVSS1.4AI score0.0056EPSS
Exploits2
wpexploit
wpexploit
added 2021/06/30 12:0 a.m.128 views

SEO Wizard <= 4.0.2 - Unauthorised robots.txt & .htaccess Edit via CSRF

The plugin does not properly check for CSRF in its wswedithtaccessfile, wswcreaterobotstext and wswupdatecontentrobots AJAX actions, allowing attackers to make logged in admin write arbitrary data to the robots.txt and .htaccess files...

1.4AI score
Exploits0
wpexploit
wpexploit
added 2021/06/30 12:0 a.m.126 views

WooCommerce Custom Registration Form <= 1.0.4 - Arbitrary Field Deletion and Form Modification via CSRF

The plugin does not properly check for CSRF in its delfield and savealldata AJAX actions, allowing attacker to make logged in user call them via a CSRF attack To delete a field from the Registration Form: To change the whole Registration Form: input type=...

1.3AI score
Exploits0
wpexploit
wpexploit
added 2021/06/30 12:0 a.m.109 views

Woocommerce Tabs Plugin, Add Custom Product Tabs <= 1.0.1 - Arbitrary Tab Deletion/Edition via CSRF

The plugin does not properly check for CSRF in its tabsession, tabsessiondel, tabsessionedit and ptabsubmit AJAX actions, allowing attacker to make logged in user call them via a CSRF attack To delete a tab:...

0.9AI score
Exploits0
wpexploit
wpexploit
added 2021/06/30 12:0 a.m.93 views

MZ Mindbody API < 2.8.3 - Unauthorised AJAX Calls

The plugin did not properly check for CSRF and authorisation in various AJAX actions, allowing attacker to make users call them and perform unwanted actions, as well as allow low privilege users to call them As a low privilege user such as subscriber...

2.9AI score
Exploits0
wpexploit
wpexploit
added 2021/06/30 12:0 a.m.121 views

Fontsampler < 0.4.13 - CSRF to Authenticated Reflected Cross-Site Scripting (XSS)

The plugin did not properly check for CSRF and authorisation in its ajaxgetmockfontsampler AJAX action, which could lead to an authenticated reflected XSS issue as user input was then output without being sanitised first. POST /wp-admin/admin-ajax.php HTTP/1.1 Accept: / Accept-Language:...

0.2AI score
Exploits0
wpexploit
wpexploit
added 2021/06/30 12:0 a.m.113 views

Strong Testimonials < 2.51.3 - Unauthorised AJAX Call

The plugin did not propely check for CSRF and authorisation in all the wpmtstaddfieldfunction functions, allowing unauthorised call of the associated AJAX actions either via low privilege users or CSRF attack https://example.com/wp-admin/admin-ajax.php?action=wpmtstgetcatcount...

4.9AI score
Exploits0
wpexploit
wpexploit
added 2021/06/30 12:0 a.m.124 views

Title Field Validation <= 1.1 - Unauthorised AJAX Calls

The plugin does not properly check for CSRF in its findposttype, savevalidation, editvalidation, updatevalidation and deletevalidation AJAX actions. Additionally, the actions were also missing any capability checks. As a result, any authenticated user such as subscriber could call them to create,...

Exploits0
wpexploit
wpexploit
added 2021/06/30 12:0 a.m.24 views

YITH Request a Quote for WooCommerce < 1.6.4 - Unauthorised AJAX call via CSRF

The ajax method did not properly check for CSRF, allowing attackers to make users call the ajaxadditem, ajaxremoveitem or ajaxvariationexist actions, which will tamper with their session quote. POST /wp-admin/admin-ajax.php HTTP/1.1 Accept: application/json, text/javascript, /; q=0.01...

1.4AI score
Exploits0
wpexploit
wpexploit
added 2021/06/30 12:0 a.m.703 views

BuddyPress Customer.io Analytics Integration <= 1.1.6 - Arbitrary Plugin Settings Update via CSRF

The plugin does not properly perform the CSRF check when saving its settings, allowing attackers to make logged in admin change them to arbitrary values...

1.8AI score
Exploits0
wpexploit
wpexploit
added 2021/06/30 12:0 a.m.140 views

Cognitive Content Analyzer < 2.3 - Unauthorised AJAX call via CSRF

The plugin did not properly check for CSRF in its blobinatoranalyze AJAX action, allowing attacker to make a logged in administrator call the blobinatorprocesstext method with arbitrary parameters and update the related post with the results. POST /wordpress/wp-admin/admin-ajax.php HTTP/1.1 Accep...

1.3AI score
Exploits0
wpexploit
wpexploit
added 2021/06/30 12:0 a.m.742 views

MailOptin < 1.2.35.2 - Unauthorised AJAX Call

The fetchcustomfields and fetchtags function did not have proper CSRF check and authorisation, allowing unauthorised users to call the related AJAX action via either low privilege account or CSRF attack POST /wp-admin/admin-ajax.php HTTP/1.1 Accept: application/json, text/javascript, /; q=0.01...

2.2AI score
Exploits0
wpexploit
wpexploit
added 2021/06/30 12:0 a.m.120 views

SEO Wizard <= 4.0.2 - Unauthorised AJAX Calls

The plugin does not properly check for CSRF in its ajaxsaveglobalsettings and ajaxsavepostsettings AJAX actions, as well as other AJAX actions. Furthermore, capability checks were also missing, resulting in any authenticated users as low as subscriber being able to call those actions and modify t...

1.3AI score
Exploits0
wpexploit
wpexploit
added 2021/06/30 12:0 a.m.138 views

Newspaper < 11 - Reflected Cross-Site Scripting (XSS)

Description The theme does not sanitise the tdatts.modulescategory parameter in its tdajaxsearch AJAX action, leading to a Reflected Cross-Site Scripting XSS vulnerability. POST /wp-admin/admin-ajax.php HTTP/1.1 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type...

6.1CVSS6AI score0.00828EPSS
Exploits1
wpexploit
wpexploit
added 2021/06/30 12:0 a.m.617 views

WP SMS < 5.4.9.1 - Reflected Cross-Site Scripting (XSS)

The plugin does not sanitise or escape some of its parameter before outputting them back in the pages, leading to reflected Cross-Site Scripting issues which will be executed in the context of a logged in admin. alert/XSS/' / alert/XSS/' / alert/XSS/' /...

Exploits0
wpexploit
wpexploit
added 2021/06/30 12:0 a.m.128 views

Adapta RGPD < 1.3.3 - Unauthorised Consent via CSRF

The acceptcookieconsent AJAX action did not properly check for CSRF, allowing attackers to make users consent via a CSRF attack. https://example.com/wp-admin/admin-ajax.php?action=acceptcookieconsent...

4.5AI score
Exploits0
wpexploit
wpexploit
added 2021/06/30 12:0 a.m.649 views

TaxoPress < 3.0.7.2 - Authenticated Stored Cross-Site Scripting (XSS)

The plugin does not sanitise its Taxonomy description field, allowing high privilege users to set JavaScript payload in them even when the unfilteredhtml capability is disallowed, leading to an authenticated Stored Cross-Site Scripting issue. Add or edit a Taximony...

3.5CVSS0.4AI score0.02315EPSS
Exploits5
wpexploit
wpexploit
added 2021/06/30 12:0 a.m.155 views

Profile Builder < 3.4.8 - Authenticated Stored XSS

The plugin does not sanitise or escape its 'Modify default Redirect Delay timer' setting, allowing high privilege users to use JavaScript code in it, even when the unfilteredhtml capability is disallowed, leading to an authenticated Stored Cross-Site Scripting issue As admin, put the following...

3.5CVSS4.7AI score0.00613EPSS
Exploits2
wpexploit
wpexploit
added 2021/06/29 12:0 a.m.108 views

Multiple Plugins from AYS Pro - Reflected Cross-Site Scripting (XSS)

The plugins did not properly sanitise and escape some GET parameters before outputting them back in attributes, leading to reflected Cross-Site Scripting issues which will be executed in the context of a logged in administrator...

1.3AI score
Exploits0
wpexploit
wpexploit
added 2021/06/29 12:0 a.m.120 views

Super Progressive Web Apps < 2.1.13 - Authenticated (High Privileged) Arbitrary File Upload to RCE

When the Apple Touch Icons & Splash Screen add-on is active, its superpwasplashscreenuploader AJAX action, did not properly check for authorisation and the content of the uploaded archive file. This allows high privilege users admin+ to upload an archive with a PHP file, leading to RCE. v2.1.12...

0.1AI score
Exploits0
wpexploit
wpexploit
added 2021/06/29 12:0 a.m.122 views

Handsome Testimonials & Reviews < 2.1.1 - Authenticated (Subscriber+) SQL Injection

The hndtstactioninstancecallback AJAX call of the plugin, available to any authenticated users, does not sanitise, validate or escape the hndtstpreviewShortcodeInstanceId POST parameter before using it in a SQL statement, leading to an SQL Injection issue. curl -i -s -k -X $'POST' \ -H...

6.5CVSS0.8AI score0.01599EPSS
Exploits2References1
wpexploit
wpexploit
added 2021/06/29 12:0 a.m.154 views

WP Offload SES Lite < 1.4.5 - Stored Cross-Site Scripting (XSS)

The plugin did not escape some of the fields in the Activity page of the admin dashboard, such as the email's id, subject and recipient, which could lead to Stored Cross-Site Scripting issues when an attacker can control any of these fields, like the subject when filling a contact form for exampl...

5.4CVSS0.3AI score0.00681EPSS
Exploits2References1
wpexploit
wpexploit
added 2021/06/29 12:0 a.m.765 views

Portfolio Responsive Gallery < 1.1.8 - Authenticated Blind SQL Injections

The getportfolios and getportfolioattributes functions in the class-portfolio-responsive-gallery-list-table.php and class-portfolio-responsive-gallery-attributes-list-table.php files of the plugin did not use whitelist or validate the orderby parameter before using it in SQL statements passed to...

6.5CVSS0.3AI score0.01373EPSS
Exploits2
wpexploit
wpexploit
added 2021/06/29 12:0 a.m.703 views

Image Slider by Ays - Responsive Slider and Carousel < 2.5.0 - Authenticated Blind SQL Injection

The getsliders function in the plugin did not use whitelist or validate the orderby parameter before using it in SQL statements passed to the getresults DB calls, leading to SQL injection issues in the admin dashboard SQLMAP: python sqlmap.py -r r.txt -p orderby --level 5 --risk 3 --dbms MySQL...

6.5CVSS0.3AI score0.01362EPSS
Exploits2
wpexploit
wpexploit
added 2021/06/29 12:0 a.m.716 views

Popup Like box - Page Plugin < 3.5.3 - Authenticated Blind SQL Injections

The getfblikeboxes function in the plugin did not use whitelist or validate the orderby parameter before using it in SQL statements passed to the getresults DB calls, leading to SQL injection issues in the admin dashboard SQLMAP: python sqlmap.py -r r.txt -p orderby --level 5 --risk 3 --dbms MySQ...

6.5CVSS0.6AI score0.01362EPSS
Exploits2
wpexploit
wpexploit
added 2021/06/29 12:0 a.m.163 views

FAQ Builder < 1.3.6 - Authenticated Blind SQL Injections

The getfaqs function in the plugin did not use whitelist or validate the orderby parameter before using it in SQL statements passed to the getresults DB calls, leading to SQL injection issues in the admin dashboard SQLMAP: python sqlmap.py -r r.txt -p orderby --level 5 --risk 3 --dbms MySQL...

6.5CVSS0.6AI score0.01362EPSS
Exploits2
wpexploit
wpexploit
added 2021/06/29 12:0 a.m.720 views

Poll Maker < 3.2.1 - Authenticated Blind SQL Injections

The getpollcategories, getpolls and getreports functions in the plugin did not use whitelist or validate the orderby parameter before using it in SQL statements passed to the getresults DB calls, leading to SQL injection issues in the admin dashboard SQLMAP: python sqlmap.py -r r.txt -p orderby...

6.5CVSS0.7AI score0.01409EPSS
Exploits2
wpexploit
wpexploit
added 2021/06/29 12:0 a.m.717 views

Quiz Maker < 6.2.0.9 - Multiple Authenticated Blind SQL Injections

The plugin did not properly sanitise and escape the order and orderby parameters before using them in SQL statements, leading to SQL injection issues in the admin dashboard When we WPScanTeam confirmed the issues, more SQL Injections were identified, reported and fixed by the vendor but have not...

6.5CVSS0.7AI score0.01292EPSS
Exploits1
wpexploit
wpexploit
added 2021/06/29 12:0 a.m.90 views

Super Progressive Web Apps < 2.1.12 - Authenticated (Low Privileged) Arbitrary File Upload to RCE

When the Apple Touch Icons & Splash Screen add-on is active, its superpwasplashscreenuploader AJAX action, does not properly check for CSRF, authorisation and the content of the uploaded archive file. This allows attackers to upload an archive with a PHP file, leading to RCE by either using a low...

Exploits0
wpexploit
wpexploit
added 2021/06/29 12:0 a.m.705 views

Photo Gallery by Ays - Responsive Image Gallery < 4.4.4 - Authenticated Blind SQL Injections

The getgallerycategories and getgalleries functions in the plugin did not use whitelist or validate the orderby parameter before using it in SQL statements passed to the getresults DB calls, leading to SQL injection issues in the admin dashboard SQLMAP: python sqlmap.py -r r.txt -p orderby --leve...

6.5CVSS0.5AI score0.01362EPSS
Exploits2
wpexploit
wpexploit
added 2021/06/29 12:0 a.m.288 views

RSVPMaker < 8.7.3 - Authenticated (admin+) SSRF

The Import feature of the plugin /wp-admin/tools.php?page=rsvpmakerexportscreen takes an URL input and calls curl on it, without first validating it to ensure it's a remote one. As a result, a high privilege user could use that feature to scan the internal network via a SSRF attack. Go to the...

4CVSS0.7AI score0.01012EPSS
Exploits2References1
wpexploit
wpexploit
added 2021/06/29 12:0 a.m.809 views

Popup box < 2.3.4 - Authenticated Blind SQL Injections

The getayspopupboxes and getpopupcategories functions of the plugin did not use whitelist or validate the orderby parameter before using it in SQL statements passed to the getresults DB calls, leading to SQL injection issues in the admin dashboard Exploit All of them with same technique. SQLMAP:...

6.5CVSS0.5AI score0.01362EPSS
Exploits2
wpexploit
wpexploit
added 2021/06/29 12:0 a.m.679 views

Secure Copy Content Protection and Content Locking < 2.6.7 - Authenticated Blind SQL Injections

The getreports function in the plugin did not use whitelist or validate the orderby parameter before using it in SQL statements passed to the getresults DB calls, leading to SQL injection issues in the admin dashboard SQLMAP: python sqlmap.py -r r.txt -p orderby --level 5 --risk 3 --dbms MySQL...

6.5CVSS0.3AI score0.01344EPSS
Exploits2
wpexploit
wpexploit
added 2021/06/29 12:0 a.m.751 views

Survey Maker < 1.5.6 - Authenticated Blind SQL Injections

The getresults and getitems functions in the plugin did not use whitelist or validate the orderby parameter before using it in SQL statements passed to the getresults DB calls, leading to SQL injection issues in the admin dashboard Note WPScanTeam: Other SQLi were identified when confirming the...

6.5CVSS0.5AI score0.01362EPSS
Exploits2
wpexploit
wpexploit
added 2021/06/28 12:0 a.m.158 views

Event Geek <= 2.5.2 - Stored Cross-site Scripting (XSS)

The plugin does not sanitise or escape its "Use your own theme" setting before outputting it in the page, leading to an authenticated admin+ stored Cross-Site Scripting issue As admin, put the following payload in the "Use your own theme enter URL:" option...

3.5CVSS0.2AI score0.00613EPSS
Exploits2
wpexploit
wpexploit
added 2021/06/28 12:0 a.m.113 views

Migrate Users <= 1.0.1 - CSRF to Stored Cross-Site Scripting (XSS)

The plugin does not sanitise or escape its Delimiter option before outputting in a page, leading to a Stored Cross-Site Scripting issue. Furthermore, the plugin does not have CSRF check in place when saving its options, allowing the issue to be exploited via a CSRF attack. Add the following paylo...

4.3CVSS0.1AI score0.00412EPSS
Exploits2
wpexploit
wpexploit
added 2021/06/28 12:0 a.m.129 views

ProfilePress 3.0 - 3.1.3 - Arbitrary File Upload in Image Uploader Component

The cover photo and profile photo upload functionalities of the plugin were vulnerable to arbitrary file uploads due to the use of exifimagetype for filetype checking. 'Hax0r2', 'regemail' = '[email protected]', 'regpassword' = 'password', 'regpasswordpresent' = 'true', 'regfirstname' = 'Hax0r2',...

9.8CVSS0.7AI score0.02101EPSS
Exploits2References1
wpexploit
wpexploit
added 2021/06/28 12:0 a.m.134 views

ProfilePress 3.0 - 3.1.3 - Unauthenticated Privilege Escalation

The user registration functionality of the plugin allowed arbitrary user meta to be supplied, including wpcapabilities, during registration which made it possible for users to register as an administrator. 'Hax0r', 'regemail' = '[email protected]', 'regpassword' = 'password', 'regpasswordpresent' =...

9.8CVSS1.8AI score0.68862EPSS
Exploits8References1
wpexploit
wpexploit
added 2021/06/28 12:0 a.m.137 views

DrawBlog <= 0.90 - Authenticated Stored Cross-Site Scripting (XSS)

The plugin does not sanitise or validate some of its settings before outputting them back in the page, leading to an authenticated stored Cross-Site Scripting issue As admin, put the following payload in the "Checkbox reminder" setting of the plugin: "alert/XSS/...

3.5CVSS0.2AI score0.00613EPSS
Exploits2
Total number of security vulnerabilities4359