Lucene search
K
WpexploitRecent

4359 matches found

wpexploit
wpexploit
added 2021/04/27 12:0 a.m.808 views

WPGraphQL < 1.3.6 - Denial of Service

The plugin suffers from a Denial of Service vulnerability by Field Duplication. It is possible to create an expensive query by duplicating the number of fields, while simultaneously sending these requests in batches using GraphQL's Batching capability. v1.3.6 added a setting to disable batch...

6.6AI score
Exploits1References1
wpexploit
wpexploit
added 2021/04/26 12:0 a.m.111 views

Store Locator Plus <= 5.5.15 - Unauthenticated Stored Cross-Site Scripting (XSS)

There are several endpoints in the plugin that could allow unauthenticated attackers the ability to inject malicious JavaScript into pages. The PoC will be displayed once the issue has been remediated...

4.3CVSS1.3AI score0.00826EPSS
Exploits1References1
wpexploit
wpexploit
added 2021/04/26 12:0 a.m.109 views

Store Locator Plus <= 5.5.14 - Authenticated Privilege Escalation

There is functionality in the plugin that made it possible for authenticated users to update their user meta data to become an administrator on any site using the plugin. Partially unpatched because they added CSRF protection that technically blocks low-level users from using the endpoint, howeve...

6.5CVSS1.2AI score0.01149EPSS
Exploits1References1
wpexploit
wpexploit
added 2021/04/26 12:0 a.m.122 views

Goto < 2.1 - Unauthenticated Blind SQL Injection

The theme did not sanitise, validate of escape the keywords GET parameter from its listing page before using it in a SQL statement, leading to an Unauthenticated SQL injection issue sqlmap --url="https://example.com/tour-list/?keywords=13&startdate=13" --random-agent -dbs --level=3 --threads=4...

9.8CVSS1.8AI score0.0195EPSS
Exploits2References1
wpexploit
wpexploit
added 2021/04/26 12:0 a.m.149 views

Car Seller - Auto Classifieds Script <= 2.1.0 - Unauthenticated SQL Injection

The requestlistrequest AJAX call of the plugin, available to both authenticated and unauthenticated users, does not sanitise, validate or escape the orderid POST parameter before using it in a SQL statement, leading to a SQL Injection issue. curl 'https://example.com/wp-admin/admin-ajax.php' ...

9.8CVSS1.4AI score0.14697EPSS
Exploits2References1
wpexploit
wpexploit
added 2021/04/23 12:0 a.m.129 views

Redirect 404 to Parent < 1.3.1 - Reflected Cross-Site Scripting (XSS)

The settings page of the plugin did not properly sanitise the tab parameter before outputting it back, leading to a reflected Cross-Site Scripting issue https://example.com/wp-admin/options-general.php?page=moove-redirect-settings&tab=" onMouseOver="alert1;...

4.3CVSS0.2AI score0.13942EPSS
Exploits5
wpexploit
wpexploit
added 2021/04/23 12:0 a.m.104 views

Software License Manager < 4.4.6 - CSRF to Stored XSS

The plugin did not have CSRF check on its settings page, nor sanitisation when outputting user input back. Attackers could make a logged in administrator change the plugin's settings, and put XSS payload in them. alert/XSS-1/' / alert/XSS-2/' / alert/XSS-3/' / alert/XSS-4/' /...

0.3AI score
Exploits0References1
wpexploit
wpexploit
added 2021/04/23 12:0 a.m.572 views

Select All Categories and Taxonomies < 1.3.2 - Reflected Cross-Site Scripting (XSS)

The settings page of the plugin did not properly sanitise the tab parameter before outputting it back, leading to a reflected Cross-Site Scripting issue https://example.com/wp-admin/options-general.php?page=moove-taxonomy-settings&tab=" onMouseOver="alert1;...

4.3CVSS0.6AI score0.10358EPSS
Exploits5
wpexploit
wpexploit
added 2021/04/22 12:0 a.m.136 views

Multiple WP-Buy Plugins - Arbitrary Plugin Installation/Activation via CSRF

The "cppluginsdobuttonjoblatercallback" AJAX action, from multiple plugins of the WP-Buy vendor, was lacking CSRF check, allowing attackers to make a logged in administrator install and active arbitrary plugins including specific version from the WordPress repository which could lead to more...

1.5AI score
Exploits0
wpexploit
wpexploit
added 2021/04/22 12:0 a.m.149 views

Multiple WP-Buy Plugins - Arbitrary Plugin Installation/Activation via Low Privilege User

Low privileged users could use the AJAX action "cppluginsdobuttonjoblatercallback" from multiple plugins of the WP-Buy vendor, to install any plugin including a specific version from the WordPress repository, which helps attackers install vulnerable plugins and could lead to more critical...

6.5CVSS0.9AI score0.01325EPSS
Exploits9References1
wpexploit
wpexploit
added 2021/04/21 12:0 a.m.211 views

Woocommerce < 5.2.0 - Authenticated Stored Cross-Site Scripting (XSS)

When taxes are enabled, the "Additional tax classes" field was not properly sanitised or escaped before being output back in the admin dashboard, allowing high privilege users such as admin to use XSS payloads even when the unfilteredhtml is disabled Enable taxes...

3.5CVSS0.7AI score0.00743EPSS
Exploits2
wpexploit
wpexploit
added 2021/04/21 12:0 a.m.124 views

RSS for Yandex Turbo < 1.30 - Authenticated Stored Cross-Site Scripting (XSS)

The plugin did not properly sanitise the user inputs from its Счетчики settings tab before outputting them back in the page, leading to authenticated stored Cross-Site Scripting issues As admin, Navigate to Setting Яндекс.Турбо Счетчики and enter a payload such as " onmouseover="alert1 into all t...

3.5CVSS5.3AI score0.0062EPSS
Exploits2
wpexploit
wpexploit
added 2021/04/21 12:0 a.m.319 views

iThemes Security Free (< 7.9.1) & Pro (< 6.8.4) - Hide Backend Bypass

Both the iThemes Security free and pro versions were affected. - Patched in Version iThemes Security: 7.9.1 - Patched in Version iThemes Security Pro: 6.8.4 The bug allowed attackers to bypass the "Hide Backend" feature, that, when enabled, hides the WordPress wp-login.php and wp-admin pages...

7.4AI score
Exploits0References2
wpexploit
wpexploit
added 2021/04/21 12:0 a.m.634 views

Accordion < 2.2.30 - Authenticated Reflected Cross-Site Scripting (XSS)

The tab GET parameter of the settings page is not sanitised or escaped when being output back in an HTML attribute, leading to a reflected XSS issue. v 2.2.29 https://example.com/wp-admin/edit.php?posttype=accordions&page=settings&tab=a%22%3E%3Csvg%2Fonload%3Dalert%28123%29%3B%2F%2F%3E%3C%22 v...

3.5CVSS0.3AI score0.00624EPSS
Exploits2
wpexploit
wpexploit
added 2021/04/20 12:0 a.m.307 views

Redirection for Contact Form 7 < 2.3.4 - Unauthenticated Arbitrary Nonce Generation

In the plugin, unauthenticated users can use the wpcf7rgetnonce AJAX action to retrieve a valid nonce for any WordPress action/function. 'wpcf7rgetnonce', 'param' = 'ANY ACTION HERE' ; $output = curlexec$ch; curlclose$ch; printr$output; ?...

5CVSS2.9AI score0.07359EPSS
Exploits2References1
wpexploit
wpexploit
added 2021/04/20 12:0 a.m.281 views

Kaswara Modern VC Addons (0-day) - Unauthenticated Arbitrary File Upload

The plugin allows unauthenticated arbitrary file upload via the 'uploadFontIcon' AJAX action. The supplied zipfile being unzipped in the wp-content/uploads/kaswara/fontsicon directory with no checks for malicious files such as PHP. The vendor has been unresponsive to both the reporter and Envato,...

7.5CVSS1.6AI score0.4214EPSS
Exploits3References1
wpexploit
wpexploit
added 2021/04/20 12:0 a.m.112 views

Redirection for Contact Form 7 < 2.3.4 - Authenticated PHP Object Injection

In the plugin, any authenticated user, such as a subscriber, could use the importfromdebug AJAX action to inject PHP objects. $wpuser, 'pwd' = $wppass, 'rememberme' = 'forever', 'wp-submit' = 'Log+In', ; $output = curlexec$ch; curlclose$ch; // OBJI $ch = curlinit; curlsetopt$ch, CURLOPTURL, $wpur...

6.5CVSS0.7AI score0.01967EPSS
Exploits2References1
wpexploit
wpexploit
added 2021/04/20 12:0 a.m.119 views

Redirection for Contact Form 7 < 2.3.4 - Authenticated Arbitrary Post Deletion

In the plugin, any authenticated user, such as a subscriber, could use the deleteactionpost AJAX action to delete any post on a target site. $wpuser, 'pwd' = $wppass, 'rememberme' = 'forever', 'wp-submit' = 'Log+In', ; $output = curlexec$ch; curlclose$ch; // Set redirect url $ch = curlinit;...

4CVSS0.9AI score0.00663EPSS
Exploits2References1
wpexploit
wpexploit
added 2021/04/20 12:0 a.m.135 views

Redirection for Contact Form 7 < 2.3.4 - Authenticated Arbitrary Plugin Installation

In the plugin, low level users, such as subscribers, could use the importfromdebug AJAX action to install any plugin from the WordPress repository. $wpuser, 'pwd' = $wppass, 'rememberme' = 'forever', 'wp-submit' = 'Log+In', ; $output = curlexec$ch; curlclose$ch; // Install some plugins $ch =...

4CVSS1.4AI score0.00831EPSS
Exploits2References1
wpexploit
wpexploit
added 2021/04/19 12:0 a.m.523 views

Contact Form by Supsystic < 1.7.15 - Reflected Cross-Site scripting (XSS)

The plugin did not sanitise the tab parameter of its options page before outputting it in an attribute, leading to a reflected Cross-Site Scripting issue /wp-admin/admin.php?page=contact-form-supsystic&tab="onmouseover=alert1//...

4.3CVSS0.9AI score0.16044EPSS
Exploits5
wpexploit
wpexploit
added 2021/04/19 12:0 a.m.114 views

Photo Gallery < 1.5.69 - Multiple Reflected Cross-Site Scripting (XSS)

The plugin was vulnerable to Reflected Cross-Site Scripting XSS issues via the galleryid, tag, albumid and themeid GET parameters passed to the bwgfrontenddata AJAX action available to both unauthenticated and authenticated users...

4.3CVSS2.6AI score0.1445EPSS
Exploits2References1
wpexploit
wpexploit
added 2021/04/19 12:0 a.m.603 views

Ultimate Maps by Supsystic < 1.2.5 - Reflected Cross-Site scripting (XSS)

The plugin did not sanitise the tab parameter of its options page before outputting it in an attribute, leading to a reflected Cross-Site Scripting issue /wp-admin/admin.php?page=ultimate-maps-supsystic&tab="onmouseover=alert1//...

4.3CVSS1.5AI score0.17638EPSS
Exploits5
wpexploit
wpexploit
added 2021/04/19 12:0 a.m.548 views

Popup by Supsystic < 1.10.5 - Reflected Cross-Site scripting (XSS)

The plugin did not sanitise the tab parameter of its options page before outputting it in an attribute, leading to a reflected Cross-Site Scripting issue /wp-admin/admin.php?page=popup-wp-supsystic&tab="onmouseover=alert1//...

4.3CVSS1.1AI score0.18165EPSS
Exploits5
wpexploit
wpexploit
added 2021/04/17 12:0 a.m.538 views

WordPress Download Manager < 3.1.18 - Unauthorised Download Duplication

The duplicate method, hooked to the admininit action did not have any CSRF and authorisation checks, allowing unauthorised users such as unauthenticated ones to duplicate arbitrary downloads As an unauthenticated or authenticated user, open the following URL to duplicate the Download with id 717...

1AI score
Exploits0References1
wpexploit
wpexploit
added 2021/04/16 12:0 a.m.90 views

All 404 Redirect to Homepage < 1.21 - Authenticated Reflected Cross-Site Scripting (XSS)

The tab parameter of the settings page of the plugin was vulnerable to an authenticated reflected Cross-Site Scripting XSS issue as user input was not properly sanitised before being output in an attribute...

0.2AI score0.0062EPSS
Exploits2
wpexploit
wpexploit
added 2021/04/16 12:0 a.m.110 views

Easy Digital Downloads < 2.10.3 - Unauthorised Stripe Disconnect via CSRF

The plugin did not property check for CSRF when disconnecting Stripe, allowing attackers to make logged in users with the manageoptions capability disconnect the Stripe gateway via a CSRF attack. https://example.com/wp-admin/admin-post.php?page=edd-settings&edds-stripe-disconnect=1...

3.7AI score
Exploits0References1
wpexploit
wpexploit
added 2021/04/16 12:0 a.m.100 views

SEO Redirection < 6.4 - Authenticated Stored Cross-Site Scripting (XSS)

The plugin did not sanitise the Redirect From and Redirect To fields when creating a new redirect in the dashboard, allowing high privilege users even with the unfilteredhtml disabled to set XSS payloads Create a new Custom redirect /wp-admin/options-general.php?page=seo-redirection.php and set a...

0.2AI score0.00617EPSS
Exploits2
wpexploit
wpexploit
added 2021/04/16 12:0 a.m.971 views

Outdated php-mod/curl Library - Unauthenticated Reflected Cross-Site Scripting (XSS)

The original submission stated that the HT Slider Range for Amazon affiliates plugin for WordPress had a reflected XSS vulnerability. After investigation WPScanTeam, the cause was found to be test files from the php-mod/curl library, which was missing appropriate response headers before outputtin...

0.1AI score0.01261EPSS
Exploits2References1
wpexploit
wpexploit
added 2021/04/15 12:0 a.m.2159 views

WordPress 4.7-5.7 - Authenticated Password Protected Pages Exposure

Description The Latest Posts block in the WordPress editor can be exploited in a way that exposes password-protected posts and pages via the posts REST API when the "edit" context was used. This requires at least contributor privileges. 1. As one user, create a new password protected post. Ensure...

6.5CVSS5.6AI score0.02331EPSS
Exploits1References4
wpexploit
wpexploit
added 2021/04/15 12:0 a.m.1023 views

WordPress 5.6-5.7 - Authenticated XXE Within the Media Library Affecting PHP 8

Description A user with the ability to upload files like an Author can exploit an XML parsing issue in the Media Library leading to XXE attacks. WordPress used an audio parsing library called ID3 that was affected by an XML External Entity XXE vulnerability affecting PHP versions 8 and above. Thi...

7.1CVSS6.7AI score0.85719EPSS
Exploits20References6
wpexploit
wpexploit
added 2021/04/15 12:0 a.m.97 views

User Rights Access Manager < 1.0.4 - Improper Access Controls

The plugin did not properly restrict access to some paths, still allowing a restricted user to access them, and edit the Blog Options, create/edit posts and so on for example To reproduce it, install the plugin, create a new admin user and take all his privileges using the mentioned plugin block...

0.7AI score
Exploits0
wpexploit
wpexploit
added 2021/04/14 12:0 a.m.773 views

Fitness Calculators < 1.9.6 - Cross-Site Request Forgery to Cross-Site Scripting (XSS)

The plugin add calculators for Water intake, BMI calculator, protein Intake, and Body Fat and was lacking CSRF check, allowing attackers to make logged in users perform unwanted actions, such as change the calculator headers. Due to the lack of sanitisation, this could also lead to a Stored...

4.3CVSS0.3AI score0.01815EPSS
Exploits5
wpexploit
wpexploit
added 2021/04/12 12:0 a.m.111 views

Business Directory Plugin < 5.11.2 - Arbitrary Payment History Update

The plugin suffered from a Cross-Site Request Forgery issue, allowing an attacker to make a logged in administrator update arbitrary payment history, such as change their status from pending to completed to example Add a listing, don't complete payment status will be pending paymentcreatedatdate...

4.3CVSS0.6AI score0.00474EPSS
Exploits2
wpexploit
wpexploit
added 2021/04/12 12:0 a.m.105 views

WP Login Security and History <= 1.0 - CSRF to Stored Cross-Site Scripting (XSS)

The plugin did not have CSRF check when saving its settings, not any sanitisation or validation on them. This could allow attackers to make logged in administrators change the plugin's settings to arbitrary values, and set XSS payloads on them as well -- Payloads: $ " $ " -- PoC 1 | Authenticated...

0.7AI score0.00614EPSS
Exploits2References3
wpexploit
wpexploit
added 2021/04/12 12:0 a.m.109 views

WP Super Cache < 1.7.3 - Authenticated Stored Cross-Site Scripting (XSS)

The plugin did not properly sanitise its wpcachelocation parameter in its settings, which could lead to a Stored Cross-Site Scripting issue. -- Payloads: $ ";' onmouseover=alertdocument.cookie; style=position:fixed;width:100%;height:100%;margin:0;padding:0;left:0;top:0; $ ";'...

0.1AI score0.03302EPSS
Exploits2References1
wpexploit
wpexploit
added 2021/04/12 12:0 a.m.98 views

Content Copy Protection & Prevent Image Save <= 1.3 - CSRF to Stored Cross-Site Scripting (XSS)

The plugin does not check for CSRF when saving its settings, not perform any validation and sanitisation on them, allowing attackers to make a logged in administrator set arbitrary XSS payloads in them. -- PoC 1 | Authenticated Persistent XSS & XFS | Image saving disabled message text: ! POST...

0.9AI score0.008EPSS
Exploits2References3
wpexploit
wpexploit
added 2021/04/12 12:0 a.m.98 views

Business Directory Plugin < 5.11.2 - Authenticated Stored Cross-Site Scripting

The plugin suffered from lack of sanitisation in the label of the Form Fields, leading to Authenticated Stored Cross-Site Scripting issues across various pages of the plugin. Log on as an admin, create or edit a Form Field wp-admin/admin.php?page=wpbdpadminformfields and set the Field Label input...

3.5CVSS0.3AI score0.00645EPSS
Exploits2
wpexploit
wpexploit
added 2021/04/12 12:0 a.m.99 views

Business Directory Plugin < 5.11.2 - Arbitrary Listing Export

The plugin suffered from a Cross-Site Request Forgery issue, allowing an attacker to make a logged in administrator export files, which could then be downloaded by the attacker to get access to PII, such as email, home addresses etc The state is base64 encoded and will need to be adapted to the...

4.3CVSS6.4AI score0.00708EPSS
Exploits2
wpexploit
wpexploit
added 2021/04/11 12:0 a.m.108 views

Business Directory Plugin < 5.11.1 - Arbitrary Add/Edit/Delete Form Field to Stored XSS

The plugin suffered from Cross-Site Request Forgery issues, allowing an attacker to make a logged in administrator add, edit or delete form fields, which could also lead to Stored Cross-Site Scripting issues. Note WPScanTeam: The CSRF has ben fixed and proper capability checks have also been adde...

6.8CVSS8.1AI score0.00672EPSS
Exploits2
wpexploit
wpexploit
added 2021/04/11 12:0 a.m.128 views

College Publisher Import <= 0.1 - Arbitrary File Upload to RCE

The plugin does not check for the uploaded CSV file to import, allowing high privilege users to upload arbitrary files, such as PHP, leading to RCE. Due to the lack of CSRF check, the issue could also be exploited via a CSRF attack. The issue has been escalated to WordPress on April 12th, 2021 Th...

6.5CVSS1.2AI score0.01844EPSS
Exploits2References1
wpexploit
wpexploit
added 2021/04/11 12:0 a.m.335 views

Business Directory Plugin < 5.11.1 - Authenticated PHP4 Upload to RCE

The plugin did not properly check for imported files, forbidding certain extension via a blacklist approach, allowing administrator to import an archive with a .php4 inside for example, leading to RCE Create a php4 file with PHP code in it, zip it and import it via the plugin import feature...

6.5CVSS0.5AI score0.01583EPSS
Exploits2
wpexploit
wpexploit
added 2021/04/11 12:0 a.m.535 views

Business Directory Plugin < 5.11 - Arbitrary File Upload to RCE

The plugin suffered from a Cross-Site Request Forgery issue, allowing an attacker to make a logged in administrator import files. As the plugin also did not validate uploaded files, it could lead to RCE. Note WPScanTeam: CSRF check and some file validation were added in v5.11, however a blacklist...

6.8CVSS8.8AI score0.00672EPSS
Exploits2
wpexploit
wpexploit
added 2021/04/10 12:0 a.m.544 views

Contact Form Check Tester <= 1.0.2 - Broken Access Control to Cross-Site Scripting (XSS)

The plugin settings are visible to all registered users in the dashboard and are lacking any sanitisation. As a result, any registered user, such as subscriber, can leave an XSS payload in the plugin settings, which will be triggered by any user visiting them, and could allow for privilege...

3.5CVSS0.4AI score0.04682EPSS
Exploits5
wpexploit
wpexploit
added 2021/04/10 12:0 a.m.122 views

Event Banner <= 1.3 - Arbitrary File Upload to RCE

The plugin does not verify the uploaded image file, allowing admin accounts to upload arbitrary files, such as .exe, .php, or others executable, leading to RCE. Due to the lack of CSRF check, the issue can also be used via such vector to achieve the same result, or via a LFI as authorisation chec...

6.5CVSS0.7AI score0.01678EPSS
Exploits2References1
wpexploit
wpexploit
added 2021/04/10 12:0 a.m.85 views

Classyfrieds <= 3.8 - Authenticated Arbitrary File Upload to RCE

The plugin does not properly check the uploaded file when an authenticated user adds a listing, only checking the content-type in the request. This allows any authenticated user to upload arbitrary PHP files via the Add Listing feature of the plugin, leading to RCE. POST /addalisting/ HTTP/1.1...

6.5CVSS0.1AI score0.01906EPSS
Exploits2References1
wpexploit
wpexploit
added 2021/04/09 12:0 a.m.111 views

Larsens Calender <= 1.2 - Stored Cross-Site Scripting (XSS)

The plugin does not sanitise or encode the Title of the calendar entries when outputting them in the admin dashboard, leading to Stored XSS issue. Due to the lack of CSRF check, this can be exploited by a CSRF attack, making logged in administrators create malicious entries The PoC will be...

3.5CVSS0.7AI score0.00798EPSS
Exploits2References1
wpexploit
wpexploit
added 2021/04/08 12:0 a.m.129 views

WorkScout Core < 1.3.4 - Authenticated Stored XSS & XFS

The plugin, used by the WorkScout Theme did not sanitise the chat messages sent via the workscoutsendmessagechat AJAX action, leading to Stored Cross-Site Scripting and Cross-Frame Scripting issues Payloads: " " POST /wp-admin/admin-ajax.php HTTP/1.1 Content-Type: application/x-www-form-urlencode...

3.5CVSS0.4AI score0.00659EPSS
Exploits2References1
wpexploit
wpexploit
added 2021/04/08 12:0 a.m.646 views

Stop Spammers < 2021.9 - Reflected Cross-Site Scripting (XSS)

The plugin did not escape user input when blocking requests such as matching a spam word, outputting it in an attribute after sanitising it to remove HTML tags, which is not sufficient and lead to a reflected Cross-Site Scripting issue. From an IP not in the Allow List...

4.3CVSS0.2AI score0.05721EPSS
Exploits5References1
wpexploit
wpexploit
added 2021/04/08 12:0 a.m.159 views

Imagements <= 1.2.5 - Unauthenticated Arbitrary File Upload to RCE

The Imagements WordPress plugin, versions = 1.2.5, allowed images to be uploaded in comments, however, only checked for the Content-Type HTTP header for validation, which can be tampered with. This allows unauthenticated attackers to upload arbitrary files by using a valid image Content-Type head...

7.5CVSS1.6AI score0.0714EPSS
Exploits2References1
wpexploit
wpexploit
added 2021/04/07 12:0 a.m.618 views

OpenID Connect Generic Client 3.8.0-3.8.1 - Reflected Cross Site Scripting (XSS) via Login Error

The plugin did not sanitise the login error when output back in the login form, leading to a reflected Cross-Site Scripting issue. This issue does not require authentication and can be exploited with the default configuration...

4.3CVSS0.9AI score0.0163EPSS
Exploits2References1
Total number of security vulnerabilities4359