Lucene search
K
WpexploitRecent

4359 matches found

wpexploit
wpexploit
•added 2021/05/24 12:0 a.m.•293 views

JNews < 8.0.6 - Reflected Cross-Site Scripting (XSS)

The theme did not sanitise the catid parameter in the POST request /?ajax-request=jnews with action=jnewsbuildmegacategory, leading to a Reflected Cross-Site Scripting XSS issue. POST /?ajax-request=jnews HTTP/1.1 Accept: text/html, /; q=0.01 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip,...

6.1CVSS0.2AI score0.01975EPSS
Exploits2
wpexploit
wpexploit
•added 2021/05/24 12:0 a.m.•158 views

Easy Preloader <= 1.0.0 - Authenticated Stored Cross-Site Scripting (XSS)

The plugin does not sanitise its setting fields, leading to authenticated admin+ Stored Cross-Site scripting issues Step 1: Install the plugin "Easy Preloader" Step 2: Enter the payload below in the text field "Choose overlay color" or any other text fields in the plugin's settings...

4.8CVSS0.5AI score0.00542EPSS
Exploits1
wpexploit
wpexploit
•added 2021/05/19 12:0 a.m.•984 views

WP Statistics < 13.0.8 - Unauthenticated SQL Injection

The plugin relied on using the WordPress escsql function on a field not delimited by quotes and did not first prepare the query. Additionally, the page, which should have been accessible to administrator only, was also available to any visitor, including unauthenticated ones...

7.5CVSS2.5AI score0.29776EPSS
Exploits3References2
wpexploit
wpexploit
•added 2021/05/19 12:0 a.m.•161 views

Video Embed <= 1.0 - Authenticated (subscriber+) SQL Injection

The id GET parameter of one of the plugin's page available via forced browsing is not sanitised, validated or escaped before being used in a SQL statement, allowing low privilege users, such as subscribers, to perform SQL injection. Note: The URL /wp-admin/admin.php?page=edit-video-embed&id=1 is...

8.8CVSS0.6AI score0.01568EPSS
Exploits2References1
wpexploit
wpexploit
•added 2021/05/19 12:0 a.m.•159 views

FlightLog <= 3.0.2 - Authenticated (editor+) SQL Injection

The plugin does not sanitise, validate or escape various POST parameters before using them a SQL statement, leading to SQL injections exploitable by editor and administrator users 1. to and from parameters Editor Level Tools - Flightlog - add a record POST...

7.2CVSS0.1AI score0.01547EPSS
Exploits2References1
wpexploit
wpexploit
•added 2021/05/17 12:0 a.m.•88 views

Related Posts for WordPress < 2.0.5 - Authenticated Stored XSS & XFS

The plugin does not sanitise its headingtext and css settings, allowing high privilege users admin to set XSS payloads in them, leading to Stored Cross-Site Scripting issues. Payloads: $ m0ze"div x PoC 1 | Authenticated Persistent XSS & XFS | Heading text: ! POST /wp-admin/options.php HTTP/2 Host...

3.5CVSS0.1AI score0.00687EPSS
Exploits2References2
wpexploit
wpexploit
•added 2021/05/17 12:0 a.m.•730 views

LifterLMS < 4.21.2 - Access Other Student Grades/Answers via IDOR

The plugin was affected by an IDOR issue, allowing students to see other student answers and grades - Add 2 users with Student role for the scenario . - Create A course With a quiz I picked True or Flase question for my quiz - Set Enrol on Free for the ease of scenario - Enrol into the Course wit...

5CVSS0.8AI score0.01625EPSS
Exploits2References1
wpexploit
wpexploit
•added 2021/05/17 12:0 a.m.•190 views

WP Prayer < 1.6.2 - Authenticated Stored Cross-Site Scripting (XSS)

The plugin provides the functionality to store requested prayers/praises and list them on a WordPress website. These stored prayer/praise requests can be listed by using the WP Prayer engine. An authenticated WordPress user with any role can fill in the form to request a prayer. The form to reque...

5.4CVSS5.2AI score0.00698EPSS
Exploits5References2
wpexploit
wpexploit
•added 2021/05/17 12:0 a.m.•397 views

Car Repair Services < 4.0 - Unauthenticated Reflected XSS & XFS

The theme did not properly sanitise its serviceestimatekey search parameter before outputting it back in the page, leading to a reflected Cross-Site Scripting issue https://smartdata.tonytemplates.com/car-repair-service-v4/car1/estimateresult/result?s=&serviceestimatekey=...

6.1CVSS0.9AI score0.03884EPSS
Exploits2References2
wpexploit
wpexploit
•added 2021/05/17 12:0 a.m.•570 views

Funnel Builder by CartFlows < 1.6.13 - Authenticated Stored XSS via FB Pixel ID and Google Analytics ID

The plugin did not sanitise its facebookpixelid and googleanalyticsid settings, allowing high privilege users to set XSS payload in them, which will either be executed on pages generated by the plugin, or the whole website depending on the settings used. -- Payloads: $ 'm0ze'; alertdocument.cooki...

4.8CVSS0.1AI score0.00652EPSS
Exploits2References1
wpexploit
wpexploit
•added 2021/05/17 12:0 a.m.•540 views

Instant Images WordPress Plugin < 4.4.0.1 - Authenticated Stored XSS & XFS

The plugin did not properly validate and sanitise its unsplashdownloadw and unsplashdownloadh parameter settings /wp-admin/upload.php?page=instant-images, only validating them client side before saving them, leading to a Stored Cross-Site Scripting issue. -- Payloads: $ "div x -- PoC 1 |...

5.4CVSS0.1AI score0.00659EPSS
Exploits2References1
wpexploit
wpexploit
•added 2021/05/17 12:0 a.m.•552 views

Smooth Scroll Page Up/Down Buttons < 1.4 - Authenticated Stored XSS

The plugin did not properly sanitise and validate its settings, such as psbdistance, psbbuttonsize, psbspeed, only validating them client side. This could allow high privilege users such as admin to set XSS payloads in them -- Payloads: $ " autofocus=autofocus onfocus=alertdocument.cookie; " $ "...

4.8CVSS0.4AI score0.00652EPSS
Exploits2References1
wpexploit
wpexploit
•added 2021/05/16 12:0 a.m.•532 views

Database Backup for WordPress < 2.4 - Authenticated Persistent Cross-Site Scripting (XSS)

The plugin did not escape the backuprecipient POST parameter in before output it back in the attribute of an HTML tag, leading to a Stored Cross-Site Scripting issue. POST /wp-admin/tools.php?page=wp-db-backup HTTP/1.1 Host: example.com User-Agent: Mozilla/5.0 Content-Type:...

5.4CVSS0.3AI score0.00703EPSS
Exploits2References1
wpexploit
wpexploit
•added 2021/05/16 12:0 a.m.•151 views

Bello < 1.6.0 - Authenticated Cross-Site Scripting (XSS) and XFS

The theme did not properly sanitise its postexcerpt parameter before outputting it back in the shop/my-account/bello-listing-endpoint/ page, leading to a Cross-Site Scripting issue -- Payloads: $ $ -- PoC | Authenticated XFS | My Listings: ! POST...

5.4CVSS0.1AI score0.01681EPSS
Exploits2References1
wpexploit
wpexploit
•added 2021/05/16 12:0 a.m.•118 views

Listeo < 1.6.11 - Multiple Authenticated IDOR Vulnerabilities

The theme did not ensure that the Post/Page and Booking to delete belong to the user making the request, allowing any authenticated users to delete arbitrary page/post and booking via an IDOR vector. -- PoC 1 | Authenticated IDOR | Permanent post/page deletion: !...

6.5CVSS0.7AI score0.00986EPSS
Exploits2References1
wpexploit
wpexploit
•added 2021/05/16 12:0 a.m.•135 views

Bello < 1.6.0 - Unauthenticated Blind SQL Injection

The theme did not sanitise the btbblistingfieldpricerangeto, btbblistingfieldnowopen, btbblistingfieldmylng, listinglistview and btbblistingfieldmylat parameters before using them in a SQL statement, leading to SQL Injection issues -- Payload: $ -4034 OR 4877=4877 AND 2369=2369 -- PoC 1 |...

9.8CVSS9.8AI score0.66576EPSS
Exploits2References1
wpexploit
wpexploit
•added 2021/05/16 12:0 a.m.•92 views

Mediumish <= 1.0.47 - Unauthenticated Reflected Cross-Site Scripting (XSS)

The search feature of the theme does not properly sanitise it's 's' GET parameter before output it back the page, leading to the Cross-SIte Scripting issue. The vendor has been unresponsive to any form of contact https://example.com/?posttype=post&s=%22%3E%3Cscript%3Ealert/XSS/%3C/script%3E...

6.1CVSS0.8AI score0.06442EPSS
Exploits2References2
wpexploit
wpexploit
•added 2021/05/16 12:0 a.m.•210 views

Listeo < 1.6.11 - Multiple XSS & XFS vulnerabilities

The theme did not properly sanitise some parameters in its Search, Booking Confirmation and Personal Message pages, leading to Cross-Site Scripting issues - Unauthenticated Reflected XSS | Search query, vulnerable parameters: keywordsearch and locationsearch - Authenticated Persistent XSS & XFS |...

6.1CVSS0.2AI score0.00932EPSS
Exploits2References1
wpexploit
wpexploit
•added 2021/05/16 12:0 a.m.•105 views

Bello < 1.6.0 - Unauthenticated Reflected XSS & XFS

The theme did not properly sanitise and escape its listinglistview, btbblistingfieldmylat, btbblistingfieldmylng, btbblistingfielddistancevalue, btbblistingfieldmylatdefault, btbblistingfieldkeyword, btbblistingfieldlocationautocomplete, btbblistingfieldpricerangefrom and...

6.1CVSS0.4AI score0.10769EPSS
Exploits2References1
wpexploit
wpexploit
•added 2021/05/14 12:0 a.m.•263 views

WP Super Cache < 1.7.3 - Authenticated Remote Code Execution

The parameters $cachepath, $wpcachedebugip, $wpsupercachefrontpagetext, $cachescheduledtime, $cacheddirectpages used in the plugin settings result in RCE because they allow input of "$" and "\n". This is due to an incomplete fix of CVE-2021-24209. You can run the command directly to...

9CVSS1.6AI score0.23844EPSS
Exploits4References1
wpexploit
wpexploit
•added 2021/05/13 12:0 a.m.•99 views

External Media < 1.0.34 - Authenticated Arbitrary File Upload

The wpajaxupload-remote-file AJAX action of the plugin was vulnerable to arbitrary file uploads via any authenticated users. $wpuser, 'pwd' = $wppass, 'rememberme' = 'forever', 'wp-submit' = 'Log+In', ; $output = curlexec$ch; curlclose$ch; // Upload File $ch = curlinit; curlsetopt$ch, CURLOPTURL,...

6.5CVSS1.3AI score0.01775EPSS
Exploits2References1
wpexploit
wpexploit
•added 2021/05/12 12:0 a.m.•526 views

Weekly Schedule < 3.4.3 - Authenticated Stored XSS

The "Schedule Name" input in the plugin general options did not properly sanitize input, allowing a user to inject javascript code using the Go to Weekly Schedule - General Options /wp-admin/admin.php?page=weekly-schedule - Schedule Name - Fill the field with a payload such as alertxss...

5.4CVSS5.5AI score0.0065EPSS
Exploits2
wpexploit
wpexploit
•added 2021/05/12 12:0 a.m.•98 views

Photo Gallery < 1.5.67 - Authenticated Stored Cross-Site Scripting via Gallery Title

The plugin did not properly sanitise the gallery title, allowing high privilege users to create one with XSS payload in it, which will be triggered when another user will view the gallery list or the affected gallery in the admin dashboard. This is due to an incomplete fix of CVE-2019-16117 Creat...

6.1CVSS1.4AI score0.04609EPSS
Exploits6
wpexploit
wpexploit
•added 2021/05/10 12:0 a.m.•93 views

LifterLMS < 4.21.1 - Authenticated Stored XSS in Edit Profile

The 'State' field of the Edit profile page of the plugin is not properly sanitised when output in the About section of the profile page, leading to a stored Cross-Site Scripting issue. This could allow low privilege users such as students to elevate their privilege via an XSS attack when an admin...

5.4CVSS0.2AI score0.03249EPSS
Exploits5References1
wpexploit
wpexploit
•added 2021/05/09 12:0 a.m.•126 views

ReDi Restaurant Reservations < 21.0426 - Unauthenticated Stored Cross-Site Scripting (XSS)

The ReDi Restaurant Reservations plugin provides the functionality to let users make restaurant reservations. These reservations are stored and can be listed on an 'Upcoming' page provided by the plugin. An unauthenticated user can fill in the form to make a restaurant reservation. The form to ma...

6.1CVSS0.05501EPSS
Exploits5References2
wpexploit
wpexploit
•added 2021/05/09 12:0 a.m.•97 views

Simple Giveaways < 2.36.2 - Unauthenticated Reflected Cross-Site Scripting (XSS)

The method and share GET parameters of the Giveaway pages were not sanitised, validated or escaped before being output back in the pages, thus leading to reflected XSS https://example.com/giveaway/mygiveaways/?share=%3Cscript%3Ealertdocument.domain%3C/script%3E...

6.1CVSS1.6AI score0.03451EPSS
Exploits2References1
wpexploit
wpexploit
•added 2021/05/09 12:0 a.m.•1282 views

All in One SEO Pack < 4.1.0.2 - Admin RCE via unserialize

The plugin enables authenticated users with "aioseotoolssettings" privilege most of the time admin to execute arbitrary code on the underlying host. Users can restore plugin's configuration by uploading a backup .ini file in the section "Tool Import/Export". However, the plugin attempts to...

9CVSS0.3AI score0.53274EPSS
Exploits3References1
wpexploit
wpexploit
•added 2021/05/08 12:0 a.m.•694 views

ThemeHigh WooCommerce Wishlist and Comparison < 1.0.5 - Unauthorised AJAX call

Some AJAX actions did not have proper CSRF and authorisation checks, allowing unauthorised call either via unauthenticated/low privilege users or CSRF, which could allow attackers to reset or change the settings of the plugin for example Reset arbitrary option in the plugin v 1.0.5 POST...

1.2AI score
Exploits0
wpexploit
wpexploit
•added 2021/05/07 12:0 a.m.•110 views

Ultimate Member < 2.1.20 - Authenticated Reflected Cross-Site Scripting (XSS)

The plugin did not properly sanitise, validate or encode the query string when generating a link to edit user's own profile, leading to an authenticated reflected Cross-Site Scripting issue. Knowledge of the targeted username is required to exploit this, and attackers would then need to make the...

5.4CVSS0.5AI score0.0062EPSS
Exploits2
wpexploit
wpexploit
•added 2021/05/07 12:0 a.m.•76 views

Leads-5050 Visitor Insights < 1.1.0 - Unauthorised License Change

The leads5050setlicense AJAX action is available to authenticated users, but is missing any capability and CSRF checks. This could allow any low privilege users subscriber+ to set an arbitrary license in the plugins settings POST /wordpress/wp-admin/admin-ajax.php HTTP/1.1 Accept: application/jso...

1.5AI score
Exploits0
wpexploit
wpexploit
•added 2021/05/07 12:0 a.m.•107 views

DSGVO All in one for WP < 4.0 - Unauthenticated Stored Cross-Site Scripting (XSS)

The dsgvoaiowritelog AJAX action of the plugin did not sanitise or escape some POST parameter submitted before outputting them in the Log page in the administrator dashboard wp-admin/admin.php?page=dsgvoaiofree-show-log. This could allow unauthenticated attackers to gain unauthorised access by...

6.1CVSS0.7AI score0.01186EPSS
Exploits2References1
wpexploit
wpexploit
•added 2021/05/07 12:0 a.m.•66 views

Leads-5050 Visitor Insights < 1.0.4 - Unauthenticated License Change

The leads5050setlicense AJAX action was available to unauthenticated users allowing them to set an arbitrary license in the plugins settings POST /wordpress/wp-admin/admin-ajax.php HTTP/1.1 Accept: application/json, text/javascript, /; q=0.01 Accept-Language: en-GB,en;q=0.5 Accept-Encoding: gzip,...

1.3AI score
Exploits0References1
wpexploit
wpexploit
•added 2021/05/07 12:0 a.m.•97 views

Autoptimize < 2.8.4 - Authenticated Stored Cross-Site Scripting (XSS)

The plugin was missing proper escaping and sanitisation in some of its settings, allowing high privilege users to set XSS payloads in them, leading to stored Cross-Site Scripting issues Adds the following payloads in the API Key settings /wp-admin/options-general.php?page=aocritcss "alert/XSS/ --...

4.8CVSS0.1AI score0.00626EPSS
Exploits2References2
wpexploit
wpexploit
•added 2021/05/06 12:0 a.m.•558 views

PickPlugins Product Slider for WooCommerce < 1.13.22 - Reflected Cross-Site Scripting (XSS)

The slider import search feature of the plugin settings did not properly sanitised the keyword GET parameter, leading to reflected Cross-Site Scripting issue https://example.com/wp-admin/edit.php?posttype=wcps&page=importlayouts&keyword="onmouseover=alert1;//...

6.1CVSS1AI score0.10587EPSS
Exploits5
wpexploit
wpexploit
•added 2021/05/05 12:0 a.m.•723 views

Simple Admin Language Change < 2.0.2 - Arbitrary User Locale Change

The plugin did not have proper capability and CSRF checks in its changeuserlocale AJAX action, and was also affected by an IDOR issue, allowing any authenticated user to change the locale of another user. v2.0.1 fixed the authorisation and IDOR but still had an incorrect CSRF logic which was fixe...

2.7AI score
Exploits0
wpexploit
wpexploit
•added 2021/05/05 12:0 a.m.•752 views

Parcel Tracker eCourier < 1.0.2 - Plugin's Settings Update via CSRF

The plugin did not properly check for CSRF, allowing attackers to make a logged in administrator update the plugin's settings...

1.5AI score
Exploits0
wpexploit
wpexploit
•added 2021/05/05 12:0 a.m.•95 views

Target First Plugin 2.0 - Unauthenticated Stored XSS via Licence Key

The Target First WordPress Plugin, also previously known as Watcheezy, suffered from a critical unauthenticated stored XSS vulnerability. An attacker could change the licence key value through a POST on any URL with the "weeWzKey" parameter that will be save as the "weeID" option. The input value...

6.1CVSS0.9AI score0.01188EPSS
Exploits2References2
wpexploit
wpexploit
•added 2021/05/05 12:0 a.m.•739 views

Ship To Ecourier < 1.0.2 - Plugin's Settings Update via CSRF

The plugin did not properly check for CSRF, allowing attackers to make a logged in administrator update the plugin's settings...

1.3AI score
Exploits0
wpexploit
wpexploit
•added 2021/05/05 12:0 a.m.•617 views

Hana Flv Player <= 3.1.3 - Authenticated Stored Cross-Site Scripting (XSS)

The plugin was vulnerable to an Authenticated Stored Cross-Site Scripting XSS vulnerability within the "Default Skin" field. Step1: Install and activate the plugin. Step2: Go to the plugin setting. Step3: Enter the following payload in the field "Default Skin" xss"alert1input type='text'...

5.4CVSS5.2AI score0.0062EPSS
Exploits2
wpexploit
wpexploit
•added 2021/05/04 12:0 a.m.•536 views

WP Customer Reviews < 3.5.6 - Authenticated Stored Cross-Site Scripting (XSS)

The plugin did not sanitise some of its settings, allowing high privilege users such as administrators to set XSS payloads in them which will then be triggered in pages where reviews are enabled 1. Login to WordPress as an Administrator 2. Install and Activate plugin "WP Customer Reviews" 3. Clic...

4.8CVSS0.1AI score0.00617EPSS
Exploits2References1
wpexploit
wpexploit
•added 2021/05/04 12:0 a.m.•121 views

Goto < 2.1 - Reflected Cross-Site Scripting (XSS)

The theme did not properly sanitize the formvalue JSON POST parameter in its tlfilter AJAX action, leading to an unauthenticated Reflected Cross-site Scripting XSS vulnerability. POST /wp-admin/admin-ajax.php HTTP/1.1 Accept: / Accept-Language: en-GB,en;q=0.5 Accept-Encoding: gzip, deflate...

6.1CVSS0.3AI score0.00822EPSS
Exploits2
wpexploit
wpexploit
•added 2021/05/04 12:0 a.m.•904 views

Hotjar Connecticator <= 1.1.1 - Authenticated Stored Cross-Site Scripting (XSS)

The plugin was vulnerable to Stored Cross-Site Scripting XSS in the "hotjar script" textarea. The request did include a CSRF nonce that was properly verified by the server and this vulnerability could only be exploited by administrator users. Step 1: Install and activate the plugin "Hotjar...

5.4CVSS0.2AI score0.00624EPSS
Exploits2
wpexploit
wpexploit
•added 2021/05/03 12:0 a.m.•32 views

Activity Log < 2.7.0 - Authenticated SQL Injection

The plugin was vulnerable to SQL Injection in the order column of the past events table. time curl 'http://www.example.com/wp-admin/admin.php?page=activitylogpage&orderby=histtime%20AND%20SLEEP%280%29' -H 'Cookie: ...'...

2.2AI score
Exploits0References1
wpexploit
wpexploit
•added 2021/04/30 12:0 a.m.•79 views

Give WP < 2.10.4 - Authenticated Stored Cross-Site Scripting (XSS)

The plugin did not sanitise or escape the Background Image field of its Stripe Checkout Setting and Logo field in its Email settings, leading to authenticated admin+ Stored XSS issues. Notes WPScanTeam - The original reporter mentioned the issue being fixed in 2.10.2, but we could still trigger i...

4.8CVSS0.1AI score0.00664EPSS
Exploits2References1
wpexploit
wpexploit
•added 2021/04/30 12:0 a.m.•83 views

Download Manager < 3.1.22 - Plugin Settings Change via CSRF

The wpdmsettings AJAX action, used the section POST parameter to call the associated settings handler methods dynamically. However, the pluginUpdate section=plugin-update and Privacy section=privacy were missing CSRF checks. Furthermore, the Privacy function did not ensure that the options to be...

0.2AI score
Exploits0
wpexploit
wpexploit
•added 2021/04/30 12:0 a.m.•108 views

Download Manager < 3.1.23 - Unauthorised Asset Manager Usage

The majority of the AJAX actions related to the Asset Manager use the same nonce action ie the NONCEKEY constant, and are lacking any authorisation checks. Given that the nonce is available in other pages, accessible by low priviledge users such as author, or even subscribers depending on the...

7.2AI score
Exploits0
wpexploit
wpexploit
•added 2021/04/30 12:0 a.m.•247 views

Download Manager < 3.1.19 - Authenticated (author+) PHP4 File Upload to RCE

The wpdmadminuploadfile AJAX action used a blacklist approach to forbid potential dangerous files, such as PHP, from being uploaded. However, other dangerous extensions, like .php4 were not forbidden. As an author or any account with the uploadfiles capability, attach a .php4 file to a download...

7AI score
Exploits0
wpexploit
wpexploit
•added 2021/04/29 12:0 a.m.•122 views

AcyMailing < 7.5.0 - Open Redirect

When subscribing using AcyMailing, the "redirect" parameter isn't properly sanitized. Turning the request from POST to GET, an attacker can craft a link containing a potentially malicious landing page and send it to the victim. When using acymailing to subscribe to a newsletter, you make a POST...

6.1CVSS0.2AI score0.01939EPSS
Exploits2
wpexploit
wpexploit
•added 2021/04/27 12:0 a.m.•102 views

404 SEO Redirection <= 1.3 - CSRF to Stored Cross-Site Scripting (XSS)

Description The plugin is lacking CSRF checks in all its settings, allowing attackers to make a logged in user change the plugin's settings. Due to the lack of sanitisation and escaping in some fields, it could also lead to Stored Cross-Site Scripting issues The PoC will be displayed once the iss...

6.5CVSS6.1AI score0.0056EPSS
Exploits2
wpexploit
wpexploit
•added 2021/04/27 12:0 a.m.•111 views

404 SEO Redirection <= 1.3 - Reflected Cross-Site Scripting (XSS)

Description The tab parameter of the settings page of the plugin is vulnerable to a reflected Cross-Site Scripting XSS issue as user input is not properly sanitised or escaped before being output in an attribute. The PoC will be displayed once the issue has been remediated...

6.1CVSS6AI score0.00827EPSS
Exploits2
Total number of security vulnerabilities4359