Lucene search
K
WpexploitRecent

4359 matches found

wpexploit
wpexploit
added 2021/06/28 12:0 a.m.714 views

Side Menu Lite < 2.2.1 - Authenticated SQL Injection

The plugin does not properly sanitize input values from the browser when building an SQL statement. Users with the administrator role or permission to manage this plugin could perform an SQL Injection attack...

6.5CVSS0.6AI score0.01587EPSS
Exploits2References1
wpexploit
wpexploit
added 2021/06/28 12:0 a.m.144 views

Post Grid < 2.1.8 - Reflected Cross-Site Scripting (XSS)

The slider import search feature and tab parameter of the plugin settings are not properly sanitised before being output back in the pages, leading to Reflected Cross-Site Scripting issues https://example.com/wp-admin/edit.php?posttype=postgrid&page=post-grid-settings&tab="alert1...

4.3CVSS6.1AI score0.11241EPSS
Exploits5
wpexploit
wpexploit
added 2021/06/28 12:0 a.m.272 views

W3 Total Cache < 2.1.5 - Reflected XSS in Extensions Page (JS Context)

The plugin was affected by a reflected Cross-Site Scripting XSS issue within the "extension" parameter in the Extensions dashboard, when the 'Anonymously track usage to improve product quality' setting is enabled, as the parameter is output in a JavaScript context without proper escaping. This...

4.3CVSS5.9AI score0.01996EPSS
Exploits2
wpexploit
wpexploit
added 2021/06/28 12:0 a.m.134 views

Any Hostname <= 1.0.6 - Authenticated Stored Cross-Site Scripting (XSS)

The plugin does not sanitise or escape its "Allowed hosts" setting, leading to an authenticated stored XSS issue as high privilege users are able to set XSS payloads in it As admin, put the following payload in the "Allowed host" setting of the plugin /wp-admin/options-general.phpany-hostname:...

3.5CVSS0.2AI score0.00613EPSS
Exploits2
wpexploit
wpexploit
added 2021/06/28 12:0 a.m.111 views

Yada Wiki < 3.4.1 - Contributor+ Stored XSS

The plugin did not sanitise, validate or escape the anchor attribute of its shortcode, leading to a Stored Cross-Site Scripting issue - Create a wiki page. If there is already a page, you can skip. The page can be a draft. - Add this shortcode to a post/page, view it and move the mouse over the...

3.5CVSS0.2AI score0.00547EPSS
Exploits1
wpexploit
wpexploit
added 2021/06/28 12:0 a.m.119 views

Bookshelf <= 2.0.4 - Authenticated Stored Cross-Site Scripting (XSS)

The plugin does not sanitise or escape its "Paypal email address" setting before outputting it in the page, leading to an authenticated Stored Cross-Site Scripting issue Add the following payload in the "Paypal email address" setting of the plugin /wp-admin/admin.php?page=bookshelf-settings:...

3.5CVSS0.2AI score0.0062EPSS
Exploits2
wpexploit
wpexploit
added 2021/06/28 12:0 a.m.152 views

Awesome Weather Widget <= 3.0.2 - Reflected Cross-site Scripting (XSS)

The plugin does not sanitize the id parameter of its awesomeweatherrefresh AJAX action, leading to an unauthenticated Reflected Cross-Site Scripting XSS Vulnerability. Note WPScanTeam: The issue was reported to the WP plugins team on May 4th, 2021, then June 7th, 2021 due to lack of update...

4.3CVSS6.1AI score0.00726EPSS
Exploits1
wpexploit
wpexploit
added 2021/06/28 12:0 a.m.170 views

ProfilePress 3.0 - 3.1.3 - Authenticated Privilege Escalation

The user profile update functionality of the plugin allowed arbitrary user meta to be supplied, including wpcapabilities, during a profile update which made it possible for users to escalate their privileges to that of an an administrator. 'Hax0r3', 'regemail' = '[email protected]', 'regpassword'...

9.8CVSS0.7AI score0.0412EPSS
Exploits2References1
wpexploit
wpexploit
added 2021/06/28 12:0 a.m.170 views

User Profile Picture < 2.6.0 - Arbitrary User Picture Change/Deletion via IDOR

The plugin was affected by an IDOR issue, allowing users with the uploadimage capability by default author and above to change and delete the profile pictures of other users including those with higher roles. Use a proxy such as Burp Suite to capture the request made when change your own profile...

5.5CVSS0.1AI score0.00775EPSS
Exploits2
wpexploit
wpexploit
added 2021/06/28 12:0 a.m.134 views

ProfilePress < 3.1.8 - Authenticated Stored XSS

The plugin did not sanitise or escape some of its settings before saving them and outputting them back in the page, allowing high privilege users such as admin to set JavaScript payloads in them even when the unfilteredhtml capability is disallowed, leading to an authenticated Stored Cross-Site...

3.5CVSS0.5AI score0.00652EPSS
Exploits2
wpexploit
wpexploit
added 2021/06/28 12:0 a.m.181 views

ProfilePress 3.0 - 3.1.3 - Arbitrary File Upload in File Uploader Component

There is functionality in the plugin to add file uploads to user registrations and profile updates that had no file type checking in place making it possible for arbitrary files to be uploaded. fh = open'shell.php', 'wb' fh.writeb'\xFF\xD8\xFF\xE0' + b'' fh.close 'Hax0r', 'regemail' =...

9.8CVSS0.06744EPSS
Exploits2References1
wpexploit
wpexploit
added 2021/06/28 12:0 a.m.287 views

Onair2 < 3.9.9.2 & KenthaRadio < 2.0.2 - Unauthenticated RFI and SSRF

The theme and plugin have exposed proxy functionality to unauthenticated users, sending requests to this proxy functionality will have the web server fetch and display the content from any URI, this would allow for SSRF Server Side Request Forgery and RFI Remote File Inclusion vulnerabilities on...

7.5CVSS3.3AI score0.56614EPSS
Exploits2
wpexploit
wpexploit
added 2021/06/28 12:0 a.m.134 views

Steam Group Viewer <= 2.1 - Authenticated Stored Cross-Site Scripting (XSS)

The plugin does not sanitise or escape its "Steam Group Address" settings before outputting it in the page, leading to an authenticated Stored Cross-Site Scripting issue Enter the following payload in the "Steam Group Adrdess" setting of the plugin: "alert/XSS/...

3.5CVSS0.3AI score0.0062EPSS
Exploits2
wpexploit
wpexploit
added 2021/06/28 12:0 a.m.435 views

Tutor LMS < 1.9.2 - Authenticated Stored Cross-Site Scripting (XSS)

The plugin did not escape the Summary field of Announcements when outputting it in an attribute, which can be created by users as low as Tutor Instructor. This lead to a Stored Cross-Site Scripting issue, which is triggered when viewing the Announcements list, and could result in privilege...

3.5CVSS0.6AI score0.00747EPSS
Exploits2
wpexploit
wpexploit
added 2021/06/28 12:0 a.m.311 views

W3 Total Cache < 2.1.4 - Reflected XSS in Extensions Page (Attribute Context)

The plugin was vulnerable to a reflected Cross-Site Scripting XSS security vulnerability within the "extension" parameter in the Extensions dashboard, which is output in an attribute without being escaped first. This could allow an attacker, who can convince an authenticated admin into clicking a...

4.3CVSS1.4AI score0.01905EPSS
Exploits2
wpexploit
wpexploit
added 2021/06/25 12:0 a.m.125 views

Event Espresso Core < 4.10.7.p - Reflected Cross-Site Scripting (XSS)

The adminpages/messages/templates/eemsgadminoverview.template.php file of the plugin did not escape user input before outputting back in an attribute in the page, leading to a reflected Cross-Site Scripting issue...

6.1CVSS0.1AI score0.03796EPSS
Exploits2References1
wpexploit
wpexploit
added 2021/06/24 12:0 a.m.1438 views

ZoomSounds < 6.05 - Unauthenticated Arbitrary File Upload

The plugin contained a PHP file, allowing unauthenticated users to upload an arbitrary file anywhere on the web server. Note WPScanTeam: It's unclear which version fixed the issue exactly, however we were able to confirm the issue on version as high as v5.96 and that the related file has been...

0.4AI score
Exploits0
wpexploit
wpexploit
added 2021/06/23 12:0 a.m.893 views

WP Image Zoom < 1.47 - Local File Inclusion

The plugin did not validate its tab parameter before using it in the includeonce function, leading to a local file inclusion issue in the admin dashboard PoC: https://example.com/wp-admin/admin.php?page=zoooomsettings&tab=whatever This URL shows includeonce error, which indicates that the paramet...

5CVSS0.4AI score0.01375EPSS
Exploits2
wpexploit
wpexploit
added 2021/06/22 12:0 a.m.126 views

Poll, Survey, Questionnaire and Voting system < 1.5.3 - Unauthenticated Blind SQL Injection

The plugin did not sanitise, escape or validate the dateanswers POST parameter before using it in a SQL statement when sending a Poll result, allowing unauthenticated users to perform SQL Injection attacks v 1.5.3 POST /wp-admin/admin-ajax.php?action=pollinsertvalues HTTP/1.1 Accept: /...

9.8CVSS0.6AI score0.46921EPSS
Exploits2References1
wpexploit
wpexploit
added 2021/06/21 12:0 a.m.115 views

myStickymenu < 2.5.2 - Authenticated Stored XSS

The plugin does not sanitise or escape its Bar Text settings, allowing hight privilege users to use malicious JavaScript in it, leading to a Stored Cross-Site Scripting issue, which will be triggered in the plugin's setting, as well as all front-page of the blog when the Welcome bar is active Put...

3.5CVSS4.9AI score0.00626EPSS
Exploits2References1
wpexploit
wpexploit
added 2021/06/21 12:0 a.m.551 views

Simple Sort&Search <= 0.0.3 - Ccontributor+ Stored XSS

The plugin does not make sure that the indexurl parameter of the shortcodes "categorysims", "ordersims", "orderbysims", "periodsims", and "tagsims" use allowed URL protocols, which can lead to stored cross-site scripting by users with a role as low as Contributor As a contributor, add one of the...

0.5AI score0.00431EPSS
Exploits2
wpexploit
wpexploit
added 2021/06/21 12:0 a.m.734 views

Glass <= 1.3.2 - CSRF to Stored Cross-Site Scripting (XSS)

The plugin does not sanitise or escape its "Glass Pages" setting before outputting in a page, leading to a Stored Cross-Site Scripting issue. Furthermore, the plugin did not have CSRF check in place when saving its settings, allowing the issue to be exploited via a CSRF attack. Add the following...

6.1CVSS0.00412EPSS
Exploits2
wpexploit
wpexploit
added 2021/06/21 12:0 a.m.199 views

Sign-up Sheets < 1.0.14 - Authenticated CSV Injection

The plugin does not not sanitise or validate the Sheet title when generating the CSV to export, which could lead to a CSV injection issue Go to the Sign-up Sheets-- Add New. Enter the following CSV Injection payload in the field "Title", "Details" and "Task" click on save button. =cmd|' /C...

8CVSS0.01308EPSS
Exploits2
wpexploit
wpexploit
added 2021/06/21 12:0 a.m.734 views

Export Users With Meta < 0.6.5 - Authenticated SQL Injection

The plugin did not escape the list of roles to export before using them in a SQL statement in the export functionality, available to admins, leading to an authenticated SQL Injection. POST /wp-admin/users.php?page=uewmsettings HTTP/1.1 Accept:...

7.2CVSS1AI score0.01416EPSS
Exploits2
wpexploit
wpexploit
added 2021/06/21 12:0 a.m.551 views

Prismatic < 2.8 - Contributor+ Stored XSS

The plugin does not sanitise or validate some of its shortcode parameters, allowing users with a role as low as Contributor to set Cross-Site payload in them. A post made by a contributor would still have to be approved by an admin to have the XSS trigger able in the frontend, however, higher...

5.4CVSS0.3AI score0.00624EPSS
Exploits2
wpexploit
wpexploit
added 2021/06/21 12:0 a.m.629 views

Sign-up Sheets < 1.0.14 - Authenticated Stored Cross-Site Scripting (XSS)

The plugin did not sanitise or escape some of its fields when creating a new sheet, allowing high privilege users to add JavaScript in them, leading to a Stored Cross-Site Scripting issue. The payloads will be triggered when viewing the 'All Sheets' page in the admin dashboard As admin, add a new...

4.8CVSS0.5AI score0.00617EPSS
Exploits2
wpexploit
wpexploit
added 2021/06/21 12:0 a.m.917 views

Include Me <= 1.2.1 - Authenticated Remote Code Execution (RCE) via LFI log poisoning

The plugin is vulnerable to path traversal / local file inclusion, which can lead to Remote Code Execution RCE of the system due to log poisoning and therefore potentially a full compromise of the underlying structure RCE through chaining LFI with log poisoning 1. Path Traversal / Local File...

9CVSS0.4AI score0.04956EPSS
Exploits2
wpexploit
wpexploit
added 2021/06/21 12:0 a.m.560 views

Salon Booking System < 6.3.1 - Unauthenticated Stored Cross-Site Scripting (XSS)

The plugin does not properly sanitise and escape the First Name field when booking an appointment, allowing low privilege users such as subscriber to set JavaScript in them, leading to a Stored Cross-Site Scripting XSS vulnerability. The Payload will then be triggered when an admin visits the...

6.1CVSS0.2AI score0.01242EPSS
Exploits2References1
wpexploit
wpexploit
added 2021/06/21 12:0 a.m.548 views

Browser Screenshots < 1.7.6 - Contributor+ Stored XSS

The plugin allowed authenticated users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks as the imageclass parameter of the browser-shot shortcode was not escaped. Add the following shortcode in a page, then view the page either published or as preview to trigger th...

5.4CVSS0.3AI score0.0062EPSS
Exploits2
wpexploit
wpexploit
added 2021/06/21 12:0 a.m.538 views

Prismatic < 2.8 - Reflected Cross-Site Scripting (XSS)

The plugin does not escape the 'tab' GET parameter before outputting it back in an attribute, leading to a reflected Cross-Site Scripting issue which will be executed in the context of a logged in administrator...

6.1CVSS1.1AI score0.01793EPSS
Exploits2
wpexploit
wpexploit
added 2021/06/16 12:0 a.m.137 views

WP YouTube Lyte < 1.7.16 - Authenticated Stored XSS

The plugin did not sanitise or escape its lyteytapikey and lytenotification settings before outputting them back in the page, allowing high privilege users to set XSS payload on them and leading to stored Cross-Site Scripting issues. PoC 1 | Authenticated Persistent XSS | Your YouTube API key: PO...

4.8CVSS0.3AI score0.00626EPSS
Exploits2References1
wpexploit
wpexploit
added 2021/06/16 12:0 a.m.127 views

WP JobSearch < 1.7.4 - Authenticated Stored XSS

The plugin did not sanitise or escape multiple of its parameters from the my-resume page before outputting them in the page, allowing low privilege users to use JavaScript payloads in them and leading to a Stored Cross-Site Scripting issue Vulnerable parameters: &jobsearchfieldeducationtitle=,...

5.4CVSS0.2AI score0.00633EPSS
Exploits2References2
wpexploit
wpexploit
added 2021/06/16 12:0 a.m.283 views

Filebird 4.7.3 - Unauthenticated SQL Injection

The Filebird Plugin 4.7.3 introduced a SQL injection vulnerability as it is making SQL queries without escaping user input data from a HTTP post request. This is a major vulnerability as the user input is not escaped and passed directly to the getcol function and it allows SQL injection. The Rest...

9.8CVSS0.2AI score0.02793EPSS
Exploits2References1
wpexploit
wpexploit
added 2021/06/16 12:0 a.m.159 views

Backup by 10Web <= 1.0.20 - Reflected Cross-Site Scripting (XSS)

The plugin does not sanitise or escape the tab parameter before outputting it back in the page, leading to a reflected Cross-Site Scripting issue http://example.com/wp-admin/admin.php?page=buwdrestore&tab=general%22%3E%3Cimg%20src=x%20onerror=alertdocument.domain;%20m0ze...

4.8CVSS0.9AI score0.00626EPSS
Exploits2References1
wpexploit
wpexploit
added 2021/06/16 12:0 a.m.505 views

W3 Total Cache < 2.1.3 - Authenticated Stored XSS

The plugin did not sanitise or escape some of its CDN settings, allowing high privilege users to use JavaScript in them, which will be output in the page, leading to an authenticated Stored Cross-Site Scripting issue Vulnerable parameters: &cdncnames= 1, cdncnames= 2, cdncnames= 3. CDN Type:...

4.8CVSS0.1AI score0.00622EPSS
Exploits2References1
wpexploit
wpexploit
added 2021/06/16 12:0 a.m.540 views

Request a Quote < 2.3.4 - Authenticated Stored XSS

The plugin did not sanitise and escape some of its quote fields when adding/editing a quote as admin, leading to Stored Cross-Site scripting issues when the quote is output in the 'All Quotes" table. Note: By default, admins and editors are allowed to use JavaScript in posts and page, unless the...

5.4CVSS0.3AI score0.00624EPSS
Exploits2
wpexploit
wpexploit
added 2021/06/16 12:0 a.m.556 views

WP Reset < 1.90 - Authenticated Stored XSS

The plugin did not sanitise or escape its extradata parameter when creating a snapshot via the admin dashboard, leading to an authenticated Stored Cross-Site Scripting issue PoC | Authenticated Persistent XSS | Enter snapshot name or brief description:...

5.4CVSS0.7AI score0.00629EPSS
Exploits2References1
wpexploit
wpexploit
added 2021/06/15 12:0 a.m.164 views

RSS for Yandex Turbo <= 1.30 - Authenticated Stored XSS

The plugin does not sanitise or escape some of its settings before saving and outputing them in the admin dashboard, leading to an Authenticated Stored Cross-Site Scripting issue even when the unfilteredhtml capability is disallowed. Vulnerable parameters: &ytnetw=, &ytnetwspan=, &ytfeedbacknetw=...

3.5CVSS0.7AI score0.00547EPSS
Exploits1References1
wpexploit
wpexploit
added 2021/06/15 12:0 a.m.100 views

Smooth Scroll Page Up/Down Buttons <= 1.4 - Authenticated Stored XSS via psb_positioning

The plugin does not properly sanitise and validate its psbpositioning settings, allowing high privilege users such as admin to set an XSS payload in it, which will be executed in all pages of the blog -- Payloads: $ m0ze"...

4.8CVSS1.4AI score0.00626EPSS
Exploits2References1
wpexploit
wpexploit
added 2021/06/14 12:0 a.m.102 views

10Web Map Builder for Google Maps < 1.0.70 - Authenticated Stored XSS

The plugin does not validate or escape its MAP API Key, Center Address, Center Lat, Center Lng and Zoom Level settings in the admin dashboard, allowing high privilege users such as admin to use JavaScript payload in them, leading to Stored Cross-Site Scripting issues even when the unfilteredhtml...

6.2AI score
Exploits0References1
wpexploit
wpexploit
added 2021/06/14 12:0 a.m.136 views

FoodBakery < 2.2 - Reflected Cross-Site Scripting (XSS)

The plugin, used in the theme did not properly sanitize the foodbakeryradius parameter before outputting it back in the response, leading to an unauthenticated Reflected Cross-Site Scripting XSS vulnerability...

6.1CVSS1AI score0.04348EPSS
Exploits2
wpexploit
wpexploit
added 2021/06/14 12:0 a.m.214 views

wpForo Forum < 1.9.7 - Open Redirect

The plugin did not validate the redirectto parameter in the login form of the forum, leading to an open redirect issue after a successful login. Such issue could allow an attacker to induce a user to use a login URL redirecting to a website under their control and being a replica of the legitimat...

6.1CVSS0.9AI score0.03379EPSS
Exploits2
wpexploit
wpexploit
added 2021/06/14 12:0 a.m.122 views

Woocommerce Stock Manager < 2.6.0 - CSRF to Arbitrary File Upload

The plugin is vulnerable to CSRF leading to Arbitrary File Upload due to missing nonce and file validation in the /admin/views/import-export.php file. File will upload to: /wp-content/plugins/woocommerce-stock-manager/admin/views/upload/PoC.php history.pushState'', '', '/' function submitRequest...

6.8CVSS0.5AI score0.00719EPSS
Exploits2References1
wpexploit
wpexploit
added 2021/06/14 12:0 a.m.788 views

BCS BatchLine Book Importer < 1.5.8 - Unauthenticated Product Import

The plugin did not correctly check for permission in its wc/v3/bcsbertlinebookimport REST route, allowing unauthenticated to import arbitrary products or update existing ones POST /wp-json/wc/v3/bcsbertlinebookimport HTTP/1.1 Accept: / Accept-Language: en-GB,en;q=0.5 Accept-Encoding: gzip, deflat...

0.4AI score
Exploits0References1
wpexploit
wpexploit
added 2021/06/14 12:0 a.m.252 views

Jannah < 5.4.5 - Reflected Cross-Site Scripting (XSS)

The theme did not properly sanitize the 'query' POST parameter in its tieajaxsearch AJAX action, leading to a Reflected Cross-site Scripting XSS vulnerability. POST /demo/wp-admin/admin-ajax.php HTTP/1.1 Host: jannah.tielabs.com User-Agent: Mozilla/5.0 Windows NT 10.0; Win64; x64; rv:89.0...

6.1CVSS0.7AI score0.02697EPSS
Exploits2
wpexploit
wpexploit
added 2021/06/14 12:0 a.m.658 views

WP SVG Images < 3.4 - Authenticated (author+) Stored XSS via SVG

The plugin did not sanitise the SVG files uploaded, which could allow low privilege users such as author+ to upload a malicious SVG and then perform XSS attacks by inducing another user to access the file directly. In v3.4, the plugin restricted such upload to editors and admin, with an option to...

5.4CVSS0.2AI score0.00659EPSS
Exploits2
wpexploit
wpexploit
added 2021/06/14 12:0 a.m.96 views

Vik Rent Car < 1.1.7 - CSRF to Stored XSS

In the plugin, there is a custom filed option by which we can manage all the fields that the users will have to fill in before saving the order. However, the field name is not sanitised or escaped before being output back in the page, leading to a stored Cross-Site Scripting issue. There is also ...

5.4CVSS5.4AI score0.00319EPSS
Exploits2
wpexploit
wpexploit
added 2021/06/13 12:0 a.m.113 views

Async JavaScript < 2.21.06.29 - Authenticated (admin+) Stored XSS

The plugin does not validate or escape its Username and API Key from the Wizard tab of its settings, allowing high privilege users such as admin to set JavaScript payload in them, even when the unfilteredhtml capability is disallowed, leading to Stored Cross-Site Scripting issues Set the payload...

0.1AI score
Exploits0References1
wpexploit
wpexploit
added 2021/06/13 12:0 a.m.128 views

WP DoNotTrack <= 0.8.8 - Authenticated (admin+) Stored XSS

The plugin does not validate or escape its Blacklist and Whitelist settings, allowing high privilege users such as admin to set JavaScript payload in them, even when the unfilteredhtml capability is disallowed, leading to Stored Cross-Site Scripting issues Add the payload below in the Blacklist o...

0.8AI score
Exploits0References1
wpexploit
wpexploit
added 2021/06/11 12:0 a.m.623 views

Easy Cookie Policy <= 1.6.2 - Broken Access Control to Stored Cross-Site Scripting

The plugin is lacking any capability and CSRF check when saving it's settings, allowing any authenticated users such as subscriber to change them. If users can't register, this can be done through CSRF. Furthermore, the cookie banner setting is not sanitised or validated before being output in al...

6.5CVSS6AI score0.10703EPSS
Exploits5
Total number of security vulnerabilities4359