Lucene search
K
WpexploitRecent

4359 matches found

wpexploit
wpexploit
•added 2024/02/20 12:0 a.m.•172 views

Innovs HR <= 1.0.3.4 - Employee Creation via CSRF

Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks such as adding them as employees. input type="hidden" name="maritalstatus" value="Single"...

6.8AI score0.00366EPSS
Exploits2
wpexploit
wpexploit
•added 2024/02/20 12:0 a.m.•133 views

Error Log Viewer < 1.1.3 - Directory Listing to Sensitive Data Exposure

Description The plugin contains a vulnerability that allows you to read and download PHP logs without authorization 1 Admin should click on "Save as TXT file" in http://yoursite/wordpress/wp-admin/admin.php?page=rrrlgvwr-monitor.php 2 Then someone else can go to...

8.7AI score0.00587EPSS
Exploits2References1
wpexploit
wpexploit
•added 2024/02/20 12:0 a.m.•179 views

Buttons Shortcode and Widget <= 1.16 - Stored XSS via shortcode

Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. otwshortcodebutton...

5.9AI score0.00413EPSS
Exploits2
wpexploit
wpexploit
•added 2024/02/20 12:0 a.m.•129 views

Fancy Product Designer < 6.1.5 - Admin+ SQL Injection

Description The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by adminstrators. - Log in as an administrator, and visit /wp-admin/. - Add a Catalog Product in /wp-admin/admin.php?page=fancyproductdesigner - Sear...

7.4AI score0.00641EPSS
Exploits2
wpexploit
wpexploit
•added 2024/02/19 12:0 a.m.•177 views

Formidable Registration < 2.12 - Contributor+ Arbitrary User Password Reset To Account Takeover

Description The plugin does not prevent users with at least the contributor role from rendering sensitive shortcodes, allowing them to generate, and leak, valid password reset URLs, which they can use to take over any accounts. 1. ADMIN: Install Formidable Pro plugin 2. ADMIN: Install Formidable...

6.8AI score0.00554EPSS
Exploits2
wpexploit
wpexploit
•added 2024/02/17 12:0 a.m.•155 views

Login as User or Customer <= 3.8 - Admin Account Takeover

Description The plugin does not prevent users to log in as any other user on the site. 1. As an admin, log in as some user. Note the user ID. 2. Run the following curl command, filling in the ADMINID and the USERID: curl -v https://example.com/wp-admin/admin-ajax.php -H 'Cookie:...

6.6AI score0.00636EPSS
Exploits2References2
wpexploit
wpexploit
•added 2024/02/17 12:0 a.m.•130 views

404 Solution < 2.35.8 - Admin+ SQL Injection

Description The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admins. 1. navigate to logs "https://example.com/wp-admin/options-general.php?page=abj404solution&subpage=abj404logs"...

7.2CVSS7.2AI score0.00756EPSS
Exploits2
wpexploit
wpexploit
•added 2024/02/17 12:0 a.m.•175 views

Seriously Simple Podcasting < 3.0.0 - Unauthenticated Administrator Email Disclosure

Description The plugin discloses the Podcast owner's email address which by default is the admin email address via an unauthenticated crafted request. This was fixed in 3.0.0 for new plugin installation, however when upgrading, users will have to unset the "Owner email address" in the Feed Detail...

6.9AI score0.02463EPSS
Exploits3
wpexploit
wpexploit
•added 2024/02/16 12:0 a.m.•140 views

Paid Memberships Pro < 2.12.9 - Contributor+ Arbitrary User Custom Field Disclosure

Description The plugin does not prevent user with at least the contributor role from leaking other users' sensitive metadata. As a contributor, - Add shortcode to any post and specify/guess any user ID and meta key and save - Preview the post and see custom field value outputs from any user Examp...

6.7AI score0.00548EPSS
Exploits2
wpexploit
wpexploit
•added 2024/02/14 12:0 a.m.•169 views

Bricks < 1.9.6.1 - Unauthenticated Remote Code Execution

Description The plugin does not prevent unauthenticated visitors from running code on vulnerable sites. Run the following JS on any site using the theme: await fetch"/wp-json/bricks/v1/renderelement", "credentials": "include", "headers": "Content-Type": "application/json" , "body":...

7.7AI score
Exploits0References2
wpexploit
wpexploit
•added 2024/02/14 12:0 a.m.•126 views

Photos and Files Contest Gallery < 21.3.1 - Author+ Stored Cross Site Scripting

Description The plugin does not sanitize and escape some parameters, which could allow users with a role as low as author to perform Cross-Site Scripting attacks. 1. Add a New gallery, and click on the "Add files" button to add content. 2. Now add a description for this content with the XSS paylo...

6.1AI score0.00398EPSS
Exploits1
wpexploit
wpexploit
•added 2024/02/13 12:0 a.m.•137 views

Enhanced Text Widget < 1.6.6 - Admin+ Stored XSS

Description The plugin does not validate and escape some of its Widget options before outputting them back in attributes, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in...

5.7AI score0.00497EPSS
Exploits2References1
wpexploit
wpexploit
•added 2024/02/13 12:0 a.m.•132 views

Ultimate Posts Widget < 2.3.1 - Admin+ Stored XSS

Description The plugin does not validate and escape some of its Widget options before outputting them back in attributes, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in...

7.9AI score0.00442EPSS
Exploits2References1
wpexploit
wpexploit
•added 2024/02/13 12:0 a.m.•143 views

Starbox < 3.5.0 - Contributor+ Stored XSS

Description The plugin does not sanitise and escape some parameters, which could allow users with a role as low as Contributor to perform Cross-Site Scripting attacks http://132" onmouseover='alert1'...

6.1AI score0.00442EPSS
Exploits2References1
wpexploit
wpexploit
•added 2024/02/12 12:0 a.m.•156 views

Login Lockdown – Protect Login Form < 2.09 - Subscriber+ Options Leak

Description The plugin does not prevent logged-in users of any role e.g. subscribers from leaking its settings, which may include allowlisted IP addresses as well as a global unlock key, with which they could add their own IP address to the plugin's list. As a logged-in subscriber, visit the...

5.4CVSS9.4AI score0.00393EPSS
Exploits1References1
wpexploit
wpexploit
•added 2024/02/08 12:0 a.m.•151 views

Event Tickets and Registration < 5.8.1 - Contributor+ Arbitrary Events Access

Description The plugin does not prevent users with at least the contributor role from leaking the existence of certain events they shouldn't have access to. e.g. draft, private, pending review, pw-protected, and trashed events. 1. ADMIN: Install Event Tickets 2. ADMIN: Install Event Tickets Plus...

6.8AI score0.00604EPSS
Exploits2
wpexploit
wpexploit
•added 2024/02/08 12:0 a.m.•139 views

Event Tickets Plus < 5.9.1 - Contributor+ Attendees Lists Disclosure

Description The plugin does not prevent users with at least the contributor role from leaking the attendees list on any post type regardless of status. e.g. draft, private, pending review, password-protected, and trashed posts. 1. ADMIN: Install Event Tickets 2. ADMIN: Install Event Tickets Plus ...

6.8AI score0.00456EPSS
Exploits2
wpexploit
wpexploit
•added 2024/02/05 12:0 a.m.•150 views

Shariff Wrapper < 4.6.10 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup Put the following payload in the...

7.9AI score0.00417EPSS
Exploits2References1
wpexploit
wpexploit
•added 2024/02/02 12:0 a.m.•335 views

PageLayer < 1.8.1 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup 1. Enter the following payload in the...

5.7AI score0.00402EPSS
Exploits2
wpexploit
wpexploit
•added 2024/02/02 12:0 a.m.•281 views

JobSearch WP Job Board < 2.3.4 - Authentication Bypass

Description The plugin does not prevent attackers from logging-in as any users with the only knowledge of that user's email address. Browse to the site, paste the following in your browser's console replace the email address with that site's administrator's email address:...

6.8AI score0.00549EPSS
Exploits2
wpexploit
wpexploit
•added 2024/02/02 12:0 a.m.•162 views

Smart Forms < 2.6.87 - Subscriber+ Arbitrary Entry Deletion

Description The plugin does not have authorisation in various AJAX actions, which could allow users with a role as low as subscriber to call them and perform unauthorised actions such as deleting entries. The plugin also lacks CSRF checks in some places which could allow attackers to make logged ...

6.7AI score0.00217EPSS
Exploits2
wpexploit
wpexploit
•added 2024/02/02 12:0 a.m.•214 views

JobSearch WP Job Board < 2.3.4 - Arbitrary File Upload to RCE

Description The plugin does not validate files to be uploaded, which could allow unauthenticated attackers to upload arbitrary files such as PHP on the server Navigate to the site, and paste the following in your browser's console: fetch'/wp-admin/admin-ajax.php', method: 'POST', headers:...

7.2AI score0.00602EPSS
Exploits2
wpexploit
wpexploit
•added 2024/02/02 12:0 a.m.•296 views

JetBackup < 2.0.9.9 - Directory Listing Exposing Backups

Description The plugin doesn't use index files to prevent public directory listing of sensitive directories in certain configurations, which allows malicious actors to leak backup files. A partial fix was released in 2.0.9.6, removing the ability to list the directory but still allowing direct...

9.2AI score0.01915EPSS
Exploits2References1
wpexploit
wpexploit
•added 2024/02/02 12:0 a.m.•314 views

Spiffy Calendar < 4.9.9 - Broken Access Control

Description The plugin doesn't check the eventauthor parameter, and allows any user to alter it when creating an event, leading to deceiving users/admins that a page was created by a Contributor+. Using a Contributor+ account and a proxy interceptor such as Burp Suite, create an event. Change the...

6.7AI score0.00482EPSS
Exploits2
wpexploit
wpexploit
•added 2024/02/02 12:0 a.m.•300 views

WPDashboardNotes < 1.0.11 - Unauthorised Deletion of Private Notes

Description The plugin is vulnerable to Insecure Direct Object References IDOR in postid= parameter. Authenticated users are able to delete private notes associated with different user accounts. This poses a significant security risk as it violates the principle of least privilege and compromises...

6.7AI score0.00402EPSS
Exploits2
wpexploit
wpexploit
•added 2024/02/01 12:0 a.m.•201 views

Website Builder by SeedProd < 6.15.22 - Unauthenticated Plugin Page Content Update

Description The plugin does not have authorisation in its seedprodlitenewlpage function, allowing unauthenticated attackers to update the contents of coming-soon, maintenance pages, login and 404 pages set up with the plugin to a blank state As unauthenticated, open the following URL to put the...

5CVSS7.7AI score0.0068EPSS
Exploits1References1
wpexploit
wpexploit
•added 2024/02/01 12:0 a.m.•212 views

Fancy Comments WordPress < 1.2.15 - Contributor+ Stored XSS

Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admin Put...

6.3AI score
Exploits0
wpexploit
wpexploit
•added 2024/01/31 12:0 a.m.•145 views

MapPress < 2.88.17 - Contributor+ Stored XSS via Map Settings

Description The plugin is vulnerable to Stored Cross-Site Scripting via the width and height parameters, allowing with contributor access and above to perform Stored XSS attacks - Go to Plugin’s page /wp-admin/admin.php?page=mappressmaps - Add New Map and search any location you want. - Add XSS...

4.9CVSS5.8AI score0.00491EPSS
Exploits2References2
wpexploit
wpexploit
•added 2024/01/31 12:0 a.m.•142 views

Cookie Information < 2.0.23 - Subscriber+ Arbitrary Options Update

Description The plugin is vulnerable to arbitrary option updates due to a missing capability check on its AJAX request handler, allowing any authenticated users, such as subscriber to update arbitrary site options Run the below command in the developer console of the web browser while being on th...

6.5CVSS8.7AI score0.0147EPSS
Exploits2References1
wpexploit
wpexploit
•added 2024/01/30 12:0 a.m.•130 views

Persian Fonts <= 1.6 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. 1. Navigate to:...

7.9AI score0.00396EPSS
Exploits2
wpexploit
wpexploit
•added 2024/01/30 12:0 a.m.•114 views

Fatal Error Notify < 1.5.3 - Subscriber+ Test Error Email Sending

Description The plugin does not have authorisation and CSRF checks in its testerror AJAX action, allowing any authenticated users, such as subscriber to call it and spam the admin email address with error messages. The issue is also exploitable via CSRF As a subscriber, open...

6.4AI score0.00228EPSS
Exploits3References1
wpexploit
wpexploit
•added 2024/01/30 12:0 a.m.•119 views

Fatal Error Notify < 1.5.3 - Subscriber+ Test Error Email Sending

Description The plugin does not have authorisation and CSRF checks in its testerror AJAX action, allowing any authenticated users, such as subscriber to call it and spam the admin email address with error messages. The issue is also exploitable via CSRF As a subscriber, open...

9.3AI score0.00228EPSS
Exploits3References1
wpexploit
wpexploit
•added 2024/01/29 12:0 a.m.•162 views

User Activity Tracking and Log < 4.1.4 - IP Spoofing

Description This plugin retrieves client IP addresses from potentially untrusted headers, allowing an attacker to manipulate its value. 1. Add X-Forwarded-For: 11.11.11.11 to any request which will be in activity log. For example in creation of new post. 2. View the activity log and see that the...

9.5AI score0.0031EPSS
Exploits2References1
wpexploit
wpexploit
•added 2024/01/27 12:0 a.m.•150 views

Allow SVG < 1.2.0 - Author+ Stored XSS via SVG

Description The plugin does not sanitize uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads. Upload an SVG with the following code: alert"xss"; Access the uploaded file directly to see the XSS...

9.3AI score0.00319EPSS
Exploits2
wpexploit
wpexploit
•added 2024/01/26 12:0 a.m.•157 views

Travelpayouts < 1.1.13 - Settings Update via CSRF

Description The plugin does not have CSRF check in place when importing settings from the v1, which could allow attackers to make a logged in admin update some settings via a CSRF attack Make a logged in admin open a page containing the HTML code below, this will make them update the plugin's...

6.7AI score0.00213EPSS
Exploits2
wpexploit
wpexploit
•added 2024/01/26 12:0 a.m.•138 views

coreActivity < 1.8.1 - Unauthenticated Stored XSS

Description The plugin does not escape some request data when outputting it back in the admin dashboard, allowing unauthenticated users to perform Stored XSS attack against high privilege users such as admin As unauthenticated: curl 'https://example.com/alertXSS' The XSS will be triggered when an...

9AI score0.00577EPSS
Exploits2
wpexploit
wpexploit
•added 2024/01/26 12:0 a.m.•132 views

wp-dashboard-notes < 1.0.11 - Contributor+ Arbitrary Private Notes Update via IDOR

Description The plugin does not validate that the user has access to the postid parameter in its wpdnupdatenote AJAX action. This allows users with a role of contributor and above to update notes created by other users. 1. Create a note as an admin. View the source of the page to get the Note ID...

9.5AI score0.00456EPSS
Exploits2
wpexploit
wpexploit
•added 2024/01/23 12:0 a.m.•149 views

illi Link Party! <= 1.0 - Settings Update via CSRF

Description The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack. Make an admin open the following HTML: See that the support the plugin option is toggled on/off...

9.4AI score0.00153EPSS
Exploits2
wpexploit
wpexploit
•added 2024/01/23 12:0 a.m.•158 views

Add SVG Support for Media Uploader | inventivo <= 1.0.5 - Author+ Stored XSS via SVG

Description The plugin does not sanitize uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads. Upload an SVG with the following code: alert"xss"; Access the uploaded file directly to see the XSS...

9.3AI score0.00243EPSS
Exploits2
wpexploit
wpexploit
•added 2024/01/23 12:0 a.m.•141 views

WP-Reply Notify <= 1.1 - Settings Update via CSRF

Description The plugin does not have a CSRF check in place when updating its settings, which could allow attackers to make a logged-in admin change them via a CSRF attack. Make an admin open an HTML page containing the following: document.forms0.submit;...

9.4AI score0.00176EPSS
Exploits2References1
wpexploit
wpexploit
•added 2024/01/23 12:0 a.m.•155 views

Advanced Page Visit Counter <= 8.0.6 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup 1. Visit the "Settings" interface...

5.7AI score0.00318EPSS
Exploits2
wpexploit
wpexploit
•added 2024/01/23 12:0 a.m.•127 views

illi Link Party! <= 1.0 - Unauthenticated Arbitrary Link Deletion

Description The plugin lacks proper access controls, allowing unauthenticated visitors to delete links. http://example.com/?page=illi3/includes/functions.php&action=deletesubmission&id=INSERTID Replace "INSERTID" with an ID of a link and hit enter. The link will be deleted...

9.6AI score0.00374EPSS
Exploits3
wpexploit
wpexploit
•added 2024/01/23 12:0 a.m.•128 views

illi Link Party! <= 1.0 - Admin+ Stored Cross-Site Scripting

Description The plugin does not sanitize and escape some parameters, which could allow users with a role as low as admin to perform Cross-Site Scripting attacks. 1. Go to "Settings Link Party!". 2. Under "Add a New Party", enter the payload for either the "Party Name" or "Party Description":...

8.8AI score0.00319EPSS
Exploits2
wpexploit
wpexploit
•added 2024/01/23 12:0 a.m.•145 views

Advanced Schedule Posts <= 2.1.8 - Reflected XSS

Description The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admins...

8.7AI score0.00265EPSS
Exploits2
wpexploit
wpexploit
•added 2024/01/23 12:0 a.m.•177 views

SVG Uploads Support <= 2.1.1 - Author+ Stored XSS via SVG

Description The plugin does not sanitize uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads. Upload an SVG with the following code: alert"xss"; Access the uploaded file directly to see the XSS...

9.3AI score0.00243EPSS
Exploits2
wpexploit
wpexploit
•added 2024/01/23 12:0 a.m.•159 views

Marketing Twitter Bot <= 1.11 - Settings Update to Stored XSS via CSRF

Description The plugin does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack Have an admin open an HTML page containing the following: ' document.forms0.submit;...

9AI score0.0014EPSS
Exploits2References1
wpexploit
wpexploit
•added 2024/01/23 12:0 a.m.•137 views

Travelpayouts < 1.1.14 - Reflected XSS

Description The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin Make a logged in admin open the URL below:...

6AI score0.00318EPSS
Exploits2
wpexploit
wpexploit
•added 2024/01/23 12:0 a.m.•174 views

WolfNet IDX for WordPress <= 1.19.1 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup 1. In the settings of the plugin, ente...

7.9AI score0.00305EPSS
Exploits2
wpexploit
wpexploit
•added 2024/01/23 12:0 a.m.•141 views

illi Link Party! <= 1.0 - Unauthenticated Stored XSS

Description The plugin does not sanitise and escape some parameters, which could allow unauthenticated vistors to perform Cross-Site Scripting attacks. 1. Add a new link party and add its shortcode to a new post. 2. In a new private window, navigate to the post where you added the shortcode. 3...

8.9AI score0.00265EPSS
Exploits2
wpexploit
wpexploit
•added 2024/01/23 12:0 a.m.•128 views

Ultimate Noindex Nofollow Tool <= 1.1.2 - Settings Update via CSRF

Description The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack Have an admin open an HTML file containing the following: document.forms0.submit;...

9.4AI score0.00176EPSS
Exploits2References1
Total number of security vulnerabilities4359