Lucene search
K
WpexploitRecent

4359 matches found

wpexploit
wpexploit
added 2021/06/11 12:0 a.m.154 views

Welcart e-Commerce < 2.2.4 - Cross-Site Scripting (XSS)

The plugin did not sanitise or validate the orderid parameter before outputting in the page of the admin dashboard, leading to a reflected Cross-Site Scripting issue http://wp.lab/wordpress/wp-admin/admin.php?page=uscesorderlist&orderaction=edit&orderid=1"alert/XSS/...

6.1CVSS0.4AI score0.01044EPSS
Exploits1References1
wpexploit
wpexploit
added 2021/06/10 12:0 a.m.199 views

Real Estate 7 < 3.1.1 - Reflected Cross-Site Scripting (XSS)

The theme did not properly sanitise the ctcommunity parameter in its search listing page before outputting it back in it, leading to a reflected Cross-Site Scripting which can be triggered in both unauthenticated or authenticated user context...

6.1CVSS0.4AI score0.03677EPSS
Exploits2References1
wpexploit
wpexploit
added 2021/06/09 12:0 a.m.175 views

Motor theme < 3.1.0 - Unauthenticated Local File Inclusion

Lack of authentication or validation in motorloadmore, motorgalleryloadmore, motorquickview and motorprojectquickview AJAX handlers of the theme allows an unauthenticated attacker access to arbitrary files in the server file system, and to execute arbitrary php scripts found on the server file...

9.8CVSS0.5AI score0.02633EPSS
Exploits2References1
wpexploit
wpexploit
added 2021/06/09 12:0 a.m.134 views

Advanced AJAX Product Filters < 1.5.4.7 - Unauthenticated Reflected Cross-Site Scripting (XSS)

The braapfgetchild AJAX action of the plugin, available to both unauthenticated and authenticated users does not sanitise the 'termid' POST parameter before outputting it in the page, leading to reflected Cross-Site Scripting issue. "' / POST /wp-admin/admin-ajax.php HTTP/1.1 Accept:...

6.1AI score0.00449EPSS
Exploits2
wpexploit
wpexploit
added 2021/06/08 12:0 a.m.541 views

JoomSport < 5.1.8 - Unauthenticated PHP Object Injection

The joomsportmdload AJAX action of the plugin, registered for both unauthenticated and unauthenticated users, unserialised user input from the shattr POST parameter, leading to a PHP Object Injection issue. Even though the plugin does not have a suitable gadget chain to exploit this, other...

9.8CVSS2.1AI score0.02068EPSS
Exploits2
wpexploit
wpexploit
added 2021/06/08 12:0 a.m.134 views

WP Prayer < 1.6.7 - Arbitrary Plugin Settings Update via CSRF

The plugin did not properly check for CSRF in some of its module functions, allowing attacker to make logged in admin change all plugin's settings including the email settings for example. v1.6.6 fixed most of CSRF checks, but the one in model.emailsettings.php was improperly fixed bypass still...

Exploits0
wpexploit
wpexploit
added 2021/06/07 12:0 a.m.600 views

WP Google Maps < 8.1.12 - Authenticated Stored Cross-Site Scripting (XSS)

The plugin did not sanitise, validate of escape the Map Name when output in the Map List of the admin dashboard, leading to an authenticated Stored Cross-Site Scripting issue Note: The vendor attributed the issue in the changelog to the wrong reporter us, WPScan, as we reported it on behalf of th...

5.4CVSS5.2AI score0.02339EPSS
Exploits5
wpexploit
wpexploit
added 2021/06/07 12:0 a.m.93 views

Recently < 3.0.5 - Authenticated Stored Cross-Site Scripting (XSS)

The plugin did not properly sanitise or escape its default Thumbnail setting before outputting back in the page, leading to a stored Cross-Site Scripting issue POST /wp-admin/options-general.php?page=recently&tab=tools HTTP/1.1 Accept:...

0.3AI score
Exploits0References1
wpexploit
wpexploit
added 2021/06/07 12:0 a.m.160 views

Jannah < 5.4.4 - Reflected Cross-Site Scripting (XSS)

The theme did not properly sanitize the options JSON parameter in its tiegetuserweather AJAX action before outputting it back in the page, leading to a Reflected Cross-Site Scripting XSS vulnerability. via GET:...

6.1CVSS0.3AI score0.01975EPSS
Exploits2
wpexploit
wpexploit
added 2021/06/07 12:0 a.m.538 views

Stripe Payment Gateway for WooCommerce < 3.6.0 - Reflected Cross-Site Scripting (XSS)

The plugin did not sanitise or escape the page parameter before outputting back in an attribute, leading to a reflected Cross-Site Scripting issue alert/XSS/"' /...

6.5AI score
Exploits0References1
wpexploit
wpexploit
added 2021/06/07 12:0 a.m.153 views

WordPress Popular Posts < 5.3.3 - Authenticated Stored Cross-Site Scripting (XSS)

The plugin did not properly sanitise or escape its Default Thumbnail setting before outputting back in the page, leading to a stored Cross-Site Scripting issue POST /wp-admin/options-general.php?page=wordpress-popular-posts&tab=tools HTTP/1.1 Accept:...

5.4CVSS0.6AI score0.01442EPSS
Exploits1References2
wpexploit
wpexploit
added 2021/06/07 12:0 a.m.214 views

Smart Slider 3 < 3.5.0.9 - Authenticated Stored Cross-Site Scripting (XSS)

The plugin did not sanitise the Project Name before outputting it back in the page, leading to a Stored Cross-Site Scripting issue. By default, only administrator users could access the affected functionality, limiting the exploitability of the vulnerability. However, some WordPress admins may...

5.4CVSS0.2AI score0.00676EPSS
Exploits2References3
wpexploit
wpexploit
added 2021/06/07 12:0 a.m.178 views

WP Hardening < 1.2.2 - Reflected XSS via URI

The plugin did not sanitise or escape the $SERVER'REQUESTURI' before outputting it in an attribute, leading to a reflected Cross-Site Scripting issue. https://example.com/wp-admin/plugins.php?%22%3E%3Cscript%3Ealertdocument.domain%3C/script%3Cv=...

6.1CVSS0.7AI score0.00827EPSS
Exploits2
wpexploit
wpexploit
added 2021/06/07 12:0 a.m.670 views

WP Hardening < 1.2.2 - Reflected XSS via historyvalue

The plugin did not sanitise or escape the historyvalue GET parameter before outputting it in a Javascript block, leading to a reflected Cross-Site Scripting issue. https://example.com/wp-admin/admin.php?page=wphwpharden&historyvalue=alertdocument.domain//...

6.1CVSS0.2AI score0.00827EPSS
Exploits2
wpexploit
wpexploit
added 2021/06/07 12:0 a.m.762 views

Comments Like Dislike < 1.1.4 - Add Like/Dislike Bypass

The plugin allows users to like/dislike posted comments, however does not prevent them from replaying the AJAX request to add a like. This allows any user even unauthenticated to add unlimited like/dislike to any comment. The plugin appears to have some Restriction modes, such as Cookie...

5.3CVSS0.8AI score0.00981EPSS
Exploits2
wpexploit
wpexploit
added 2021/06/04 12:0 a.m.603 views

GeoDirectory Location Manager < 2.1.0.10 - Multiple Unauthenticated SQL Injections

In the plugin, the AJAX action gdpopularlocationlist did not properly sanitise or validate some of its POST parameters, which are then used in a SQL statement, leading to unauthenticated SQL Injection issues. The prerequisite to exploiting this vulnerability is finding a page on the vulnerable si...

9.8CVSS0.1AI score0.01832EPSS
Exploits2References1
wpexploit
wpexploit
added 2021/06/03 12:0 a.m.549 views

Quiz And Survey Master < 7.1.19 - Unauthenticated Stored Cross-Site Scripting (XSS)

When the "Disable collecting and storing IP addresses?" setting is not used, the plugin retrieves the IP address of the submitting user via various methods, such as $SERVER'REMOTEADDR' but also arbitrary headers which can be tampered with. The final IP is not sanitised or validated, before being...

5.9AI score
Exploits0References1
wpexploit
wpexploit
added 2021/06/03 12:0 a.m.1396 views

Jetpack < 9.8 - Carousel Module Non-Published Page/Post Attachment Comment Leak

The Jetpack Carousel module allows users to create a "carousel" type image gallery and allows users to comment on the images. A security vulnerability was found within the Jetpack Carousel module by nguyenhgvcs that allowed the comments of non-published page/posts to be leaked. Please refer to th...

5.3CVSS0.3AI score0.01494EPSS
Exploits2References2
wpexploit
wpexploit
added 2021/06/03 12:0 a.m.528 views

Quiz And Survey Master < 7.1.18 - Reflected Cross-Site Scripting (XSS)

The plugin did not sanitise or escape its resultid parameter when displaying an existing quiz result page, leading to a reflected Cross-Site Scripting issue. This could allow for privilege escalation by inducing a logged in admin to open a malicious link...

6.1CVSS0.3AI score0.00827EPSS
Exploits2
wpexploit
wpexploit
added 2021/06/02 12:0 a.m.224 views

Stock in & out <= 1.0.4 - Authenticated SQL Injection

The plugin lacks proper sanitization before passing variables to an SQL request, making it vulnerable to SQL Injection attacks. Users with a role of contributor or higher can exploit this vulnerability...

6.5CVSS2.7AI score0.01568EPSS
Exploits2References1
wpexploit
wpexploit
added 2021/06/02 12:0 a.m.624 views

GetPaid < 2.3.4 - Authenticated Stored XSS

In the plugin, users with the contributor role and above can create a new Payment Form, however the Label and Help Text input fields were not getting sanitized properly. So it was possible to inject malicious content such as img tags, leading to a Stored Cross-Site Scripting issue which is...

5.4CVSS0.00624EPSS
Exploits2
wpexploit
wpexploit
added 2021/06/01 12:0 a.m.990 views

MC4WP: Mailchimp for WordPress < 4.8.5 - Unauthorised Actions via CSRF

The plugin did not properly check for CSRF in some of its actions handled by the listenforactions method hooked as admininit, allowing attackers to make logged in users with the manageoptions capability do unwanted actions such as empty the logs, dismiss notice and so on...

4.4AI score
Exploits0
wpexploit
wpexploit
added 2021/06/01 12:0 a.m.130 views

MC4WP: Mailchimp for WordPress < 4.8.5 - Authenticated Arbitrary Redirect

The plugin did not properly check for CSRF in some of its actions handled by the listenforactions method hooked as admininit, allowing attackers to make logged in users with the manageoptions capability do unwanted actions and redirect them to an arbitrary website after...

3.3AI score
Exploits0
wpexploit
wpexploit
added 2021/06/01 12:0 a.m.515 views

All 404 Redirect to Homepage < 2.1 - Authenticated Stored Cross-Site Scripting (XSS)

The plugin v1.21 attempted to fix a Stored Cross-Site scripting issue in its "Redirect All 404 page to" settings, however the fix is insufficient, still allowing the issue to be triggered. This could allow high privilege users even with the unfilteredhtml disabled to use malicious payloads in it,...

0.2AI score
Exploits0
wpexploit
wpexploit
added 2021/06/01 12:0 a.m.393 views

WordPress Bitcoin Payments - Blockonomics < 3.3 - Reflected Cross-Site Scripting (XSS)

The plugin does not properly sanitise its filter action when viewing Orders before outputting it back in an attribute, leading to a reflected Cross-Site Scripting vulnerability. v alert/XSS/...

0.7AI score
Exploits0References1
wpexploit
wpexploit
added 2021/06/01 12:0 a.m.250 views

Fancy Product Designer < 4.6.9 - Unauthenticated Arbitrary File Upload and RCE

The plugin allows unauthenticated attackers to upload arbitrary files, resulting in remote code execution. The issue is being actively exploited, and no patch is available. Further details will be made available once pathed. The Custom Product Designer plugin for WordPress offers the ability for...

9.8CVSS1.3AI score0.47091EPSS
Exploits2References1
wpexploit
wpexploit
added 2021/05/31 12:0 a.m.829 views

The Plus Addons for Elementor Page Builder < 4.1.11 - Arbitrary Reset Pwd Email Sending

The plugin did not properly check that a user requesting a password reset was the legitimate user, allowing an attacker to send an arbitrary reset password email to a registered user on behalf of the WordPress site. Such issue could be chained with an open redirect...

5.3CVSS5.4AI score0.0111EPSS
Exploits2References1
wpexploit
wpexploit
added 2021/05/31 12:0 a.m.788 views

Yes/No Chart < 1.0.12 - Authenticated (contributor+) Blind SQL Injection

The plugin did not sanitise its sid shortcode parameter before using it in a SQL statement, allowing medium privilege users contributor+ to perform Blind SQL Injection attacks To exploit, the site administrator must add a question set and a question first. This requirement is usually met for all...

6.5CVSS0.5AI score0.01164EPSS
Exploits2
wpexploit
wpexploit
added 2021/05/31 12:0 a.m.641 views

The Plus Addons for Elementor < 4.1.12 - Reflected Cross-Site Scripting (XSS)

The theplusmorepost AJAX action of the plugin did not properly sanitise some of its fields, leading to a reflected Cross-Site Scripting exploitable on both unauthenticated and authenticated users POST /wp-admin/admin-ajax.php HTTP/1.1 Accept: application/json, text/javascript, /; q=0.01...

6.1CVSS0.1AI score0.02483EPSS
Exploits2References1
wpexploit
wpexploit
added 2021/05/31 12:0 a.m.602 views

FooGallery < 2.0.35 - Authenticated Stored Cross-Site Scripting

In the plugin, the Custom CSS field of each gallery is not properly sanitised or validated before being being output in the page where the gallery is embed, leading to a stored Cross-Site Scripting issue. Create or edit a gallery and add the following payload in the Custom CSS field: Then, view t...

5.4CVSS0.2AI score0.00624EPSS
Exploits2
wpexploit
wpexploit
added 2021/05/31 12:0 a.m.153 views

WP Config File Editor <= 1.7.1 - Authenticated Stored Cross-Site Scripting (XSS)

The WP Config File Editor WordPress plugin was affected by an Authenticated Stored Cross-Site Scripting XSS vulnerability. By default, only administrator users could access the affected functionality, limiting the exploitability of the vulnerability. However, some WordPress admins may allow lesse...

5.4CVSS0.5AI score0.0062EPSS
Exploits2
wpexploit
wpexploit
added 2021/05/31 12:0 a.m.777 views

The Plus Addons for Elementor Page Builder < 4.1.10 - Open Redirect

The plugin did not validate a redirect parameter on a specifically crafted URL before redirecting the user to it, leading to an Open Redirect issue. The vulnerable code leading to the open redirect is in the function "redirecttotpcustompasswordreset" in...

6.1CVSS0.6AI score0.02295EPSS
Exploits2References1
wpexploit
wpexploit
added 2021/05/31 12:0 a.m.127 views

Admin Columns Free (< 4.3.2) & Pro (< 5.5.2) - Authenticated Stored Cross-Site Scripting (XSS) in Custom Field

The Admin Columns WordPress plugin allowed to configure individual columns for tables. Each column had a type. The type "Custom Field" allowed to choose an arbitrary database column to display in the table. There was no escaping applied to the contents of "Custom Field" columns. When a "Custom...

5.4CVSS0.1AI score0.00932EPSS
Exploits4References1
wpexploit
wpexploit
added 2021/05/27 12:0 a.m.110 views

Stock in & out <= 1.0.4 - Reflected Cross-Site Scripting (XSS)

The plugin has a search functionality, the lowest accessible level to it being contributor. The srch POST parameter is not validated, sanitised or escaped before using it in the echo statement, leading to a reflected XSS issue POST /wp-admin/admin.php?page=stockin HTTP/1.1 Content-Length: 66...

5.4CVSS0.7AI score0.00675EPSS
Exploits2References1
wpexploit
wpexploit
added 2021/05/27 12:0 a.m.171 views

Sendit WP Newsletter <= 2.5.1 - Authenticated (admin+) SQL Injection

The page lists-management feature of the plugin, available to Administrator users does not sanitise, validate or escape the idlista POST parameter before using it in SQL statement, therefore leading to Blind SQL Injection. time curl -i -s -k -X $'POST' \ -H $'Upgrade-Insecure-Requests: 1' -H...

6.6CVSS0.4AI score0.01338EPSS
Exploits2References1
wpexploit
wpexploit
added 2021/05/27 12:0 a.m.142 views

Xllentech English Islamic Calendar < 2.6.8 - Authenticated SQL Injection

When deleting a date in the plugin, the yearnumber and monthnumber POST parameters are not sanitised, escaped or validated before being used in a SQL statement, leading to SQL injection. POST /wp-admin/options-general.php?page=xllentechoptionstab4 HTTP/1.1 Content-Length: 220 Cache-Control:...

8.8CVSS1.2AI score0.01586EPSS
Exploits2References1
wpexploit
wpexploit
added 2021/05/27 12:0 a.m.170 views

Side Menu < 3.1.5 - Authenticated (admin+) SQL Injection

The menu delete functionality of the plugin, available to Administrator users takes the did GET parameter and uses it into an SQL statement without proper sanitisation, validation or escaping, therefore leading to a SQL Injection issue GET...

7.2CVSS0.9AI score0.01565EPSS
Exploits2References1
wpexploit
wpexploit
added 2021/05/26 12:0 a.m.114 views

Simple 301 Redirects by BetterLinks - 2.0.0 – 2.0.3 - Unauthenticated Redirect Export

The exportdata function of the plugin had no capability or nonce checks making it possible for unauthenticated users to export a site's redirects. curl -X POST --url "URL/wp-admin/admin-post.php?page=301options&export=true"...

8.8CVSS2.5AI score0.01169EPSS
Exploits2References1
wpexploit
wpexploit
added 2021/05/26 12:0 a.m.123 views

Simple 301 Redirects by BetterLinks - 2.0.0 – 2.0.3 - Unauthenticated Redirect Import

The importdata function of the plugin had no capability or nonce checks making it possible for unauthenticated users to import a set of site redirects. curl -i -s -k -X $'POST' \ -H $'Host: URLHERE' -H $'Content-Length: 379' -H $'Cache-Control: max-age=0' -H $'Upgrade-Insecure-Requests: 1' -H...

8.8CVSS1.5AI score0.01107EPSS
Exploits2References1
wpexploit
wpexploit
added 2021/05/26 12:0 a.m.107 views

Multivendor Marketplace Solution for WooCommerce < 3.7.4 - Unauthenticated Arbitrary Product Comment

The plugin did not properly check for CSRF when saving a product comment, and took the user ID to link the comment to from user input. As a result, attackers can post arbitrary comment, as another user as well by manipulating the currentuserid parameter. POST / HTTP/1.1 Accept: application/json,...

1.5AI score
Exploits0
wpexploit
wpexploit
added 2021/05/26 12:0 a.m.140 views

Simple 301 Redirects by BetterLinks - 2.0.0 – 2.0.3 - Arbitrary Plugin Activation

In the plugin, a lack of capability checks and insufficient nonce check on the AJAX action, simple301redirects/admin/activateplugin, made it possible for authenticated users to activate arbitrary plugins installed on vulnerable sites. $wpuser, 'pwd' = $wppass, 'rememberme' = 'forever', 'wp-submit...

8.8CVSS1.9AI score0.02997EPSS
Exploits3References1
wpexploit
wpexploit
added 2021/05/26 12:0 a.m.112 views

Simple 301 Redirects by BetterLinks - 2.0.0 – 2.0.3 - Arbitrary Plugin Installation

A lack of capability checks and insufficient nonce check on the AJAX action in the plugin, made it possible for authenticated users to install arbitrary plugins on vulnerable sites. $wpuser, 'pwd' = $wppass, 'rememberme' = 'forever', 'wp-submit' = 'Log+In', ; $output = curlexec$ch; curlclose$ch;...

8.8CVSS1.7AI score0.0148EPSS
Exploits2References1
wpexploit
wpexploit
added 2021/05/26 12:0 a.m.177 views

Visitors <= 0.3 - Unauthenticated Stored Cross-Site Scripting (XSS)

The plugin is affected by an Unauthenticated Stored Cross-Site Scripting XSS vulnerability. The plugin would display the user's user agent string without validation or encoding within the WordPress admin panel. $ curl -i http://localhost:10008/ --user-agent "alert1" The payload will be executed o...

6.1CVSS0.1AI score0.01303EPSS
Exploits2
wpexploit
wpexploit
added 2021/05/26 12:0 a.m.132 views

Simple 301 Redirects by BetterLinks - 2.0.0 – 2.0.3 - Update and Retrieve Wildcard Value

In the plugin, the lack of capability checks and insufficient nonce check on the AJAX actions, simple301redirects/admin/getwildcard and simple301redirects/admin/wildcard, made it possible for authenticated users to retrieve and update the wildcard value for redirects. $wpuser, 'pwd' = $wppass,...

4.3CVSS1.9AI score0.0072EPSS
Exploits2References1
wpexploit
wpexploit
added 2021/05/26 12:0 a.m.580 views

Gallery From Files <= 1.6.0 - Reflected Cross-Site Scripting (XSS)

This plugin gives us the functionality of uploading images to the server. But filenames are not properly sanitized before being output in an error message when they have an invalid extension, leading to a reflected Cross-Site Scripting issue. Due to the lack of CSRF check, the attack could also b...

6.1CVSS6.1AI score0.00412EPSS
Exploits2
wpexploit
wpexploit
added 2021/05/26 12:0 a.m.598 views

Gallery From Files <= 1.6.0 - Unauthenticated RCE

The upload feature of the plugin does not properly check for the allowed extensions, allowing them to be set in the request and attempting to remove the dangerous ones such as .php and .js, but forgetting about .php4, .html etc. As a result, unauthenticated users could upload arbitrary .php4 file...

0.2AI score
Exploits0
wpexploit
wpexploit
added 2021/05/25 12:0 a.m.723 views

SP Project & Document Manager < 4.22 - Authenticated Shell Upload

The plugin allows users to upload files, however, the plugin attempts to prevent php and other similar files that could be executed on the server from being uploaded by checking the file extension. It was discovered that php files could still be uploaded by changing the file extension's case, for...

8.8CVSS8.7AI score0.52007EPSS
Exploits8References2
wpexploit
wpexploit
added 2021/05/25 12:0 a.m.113 views

Cookie Law Bar <= 1.2.1 - Authenticated Stored Cross-Site Scripting (XSS)

The plugin does not properly sanitise its Bar Message setting, allowing high privilege users to set an XSS payload in it, which will be triggered in all frontend page of the blog. As admin, go the plugin settings /wp-admin/options-general.php?page=clb and set a payload such as alert/XSS/ in the B...

6.2AI score
Exploits0References2
wpexploit
wpexploit
added 2021/05/24 12:0 a.m.96 views

WP LMS < 1.1.3 - Unauthenticated Stored Cross-Site Scripting (XSS)

The plugin does not properly sanitise or validate its User Field Titles, allowing XSS payload to be used in them. Furthermore, no CSRF and capability checks were in place, allowing such attack to be performed either via CSRF or as any user including unauthenticated v1.1.3 fixed the XSS by escapin...

4.3CVSS0.4AI score0.00762EPSS
Exploits2
wpexploit
wpexploit
added 2021/05/24 12:0 a.m.182 views

iFlyChat – WordPress Chat <= 4.6.4 - Authenticated Stored Cross-Site Scripting (XSS)

The plugin does not sanitise its APP ID setting before outputting it back in the page, leading to an authenticated Stored Cross-Site Scripting issue Step1: Install and activate the plugin "iFlyChat – WordPress Chat-4.6.4" Step2: Enter the following payload in the "APP ID" field of the plugin...

4.8CVSS0.00613EPSS
Exploits2
Total number of security vulnerabilities4359