Lucene search
K
WpexploitRecent

4359 matches found

wpexploit
wpexploit
•added 2021/02/08 12:0 a.m.•450 views

Data Tables Generator by Supsystic < 1.10.1 - Authenticated Stored Cross-Site Scripting (XSS)

The "Editor" tab under the "Tables" section is vulnerable to stored XSS. It is possible to store XSS in all input fields as the code does not sanitise any of the user input. Open a Table, go to the editor and enter a payload below in a cell, then save the Table...

0.2AI score
Exploits0References1
wpexploit
wpexploit
•added 2021/02/06 12:0 a.m.•201 views

Wyzi < 2.4.3 - Reflected Cross-Site Scripting (XSS)

The Wyzi Theme was affected by reflected XSS vulnerabilities in the business search feature https://example.com/business/?keyword=%22%3E%3Cimg%20src=x%20onerror=alert/XSS/%3Easd&wyz-loc-filter-txt=&loc-filter-txt=&loc-filter-lat=&loc-filter-lng=&category=&radius=0...

1.2AI score
Exploits0
wpexploit
wpexploit
•added 2021/02/06 12:0 a.m.•196 views

Paid Membership Pro < 2.5.3 - Unauthorised Order Information Disclosure

The pmprogetorderjson AJAX action, available to authenticated user did not check for authorisation, allowing any authenticated users to retrieve arbitrary order information such as customer names, email addresses, and order numbers via the orderid parameter...

3.3AI score
Exploits0References1
wpexploit
wpexploit
•added 2021/02/06 12:0 a.m.•378 views

Like Button Rating < 2.6.32 - Unauthenticated Full-Read SSRF

The LikeBtn WordPress plugin was vulnerable to Unauthenticated Full-Read Server-Side Request Forgery SSRF. On line 7493 in likebtnlikebutton.php a hook is set to allow unauthenticated ajax calls which will call the function likebtnprx. As the name suggests, this function works as a proxy and can ...

7.5AI score0.04337EPSS
Exploits1
wpexploit
wpexploit
•added 2021/02/04 12:0 a.m.•135 views

wpDataTables < 3.4.1 - Unauthenticated SQL Injection

In the default configuration, a simple table can be published in a page that does not require authentication. The table can be searched, and is vulnerable to SQL Injection via the order parameter. An unauthenticated user visiting the page where the table is published can perform a SQL injection...

10CVSS1AI score0.04615EPSS
Exploits2References1
wpexploit
wpexploit
•added 2021/02/04 12:0 a.m.•335 views

Contact Form 7 Style <= 3.1.9 - Cross-Site Request Forgery to Stored Cross-Site Scripting

Due to the lack of sanitization and lack of nonce protection on the custom CSS feature, an attacker could craft a request to inject malicious JavaScript on a site using the plugin. If an attacker successfully tricked a site’s administrator into clicking a link or attachment, then the request coul...

0.3AI score0.00593EPSS
Exploits1References1
wpexploit
wpexploit
•added 2021/02/02 12:0 a.m.•133 views

Popup Builder < 3.74 - Authenticated Reflected Cross-Site Scripting (XSS)

The "All Subscribers" setting page of Popup Builder was vulnerable to reflected Cross-Site Scripting. http://example.com/wp-admin/edit.php?posttype=popupbuilder&page=sgpbSubscribers&sgpb-subscribers-date=%22%3E%3Cscript%3Ealert%28origin%29%3C%2Fscript%3E Video:...

0.9AI score0.00734EPSS
Exploits1
wpexploit
wpexploit
•added 2021/02/02 12:0 a.m.•1108 views

MStore API < 3.2.0 - Authentication Bypass With Sign In With Apple

The plugin had an authentication bypass with Sign In With Apple allowing unauthenticated users to recover an authentication cookie with only an email address. The plugin must have a valid purchase code for the request to work curl -X GET --header 'Content-Type: application/json' --header 'Accept:...

1.6AI score0.03373EPSS
Exploits1References2
wpexploit
wpexploit
•added 2021/02/01 12:0 a.m.•805 views

WP Editor < 1.2.7 - Authenticated SQL injection

The plugin did not sanitise or validate its setting fields leading to an authenticated admin+ blind SQL injection issue via an arbitrary parameter when making a request to save the settings. https://drive.google.com/file/d/1KT4lHePmYuX36jvA4AEQ1MVDwJBlZOO/view?usp=sharing payload:...

2.5AI score0.00771EPSS
Exploits2
wpexploit
wpexploit
•added 2021/02/01 12:0 a.m.•640 views

Ivory Search < 4.5.11 - Authenticated Reflected Cross-Site Scripting (XSS)

The setting page of Ivory Search 4.5.10 is vulnerable to reflected XSS when a logged in administrator visit a malicious link or page, as it does not sanitise or escape the GET post parameter before outputting it in a tag attribute As an admin user, open:...

0.2AI score
Exploits0
wpexploit
wpexploit
•added 2021/01/29 12:0 a.m.•572 views

Modern Events Calendar Lite < 5.16.5 - Unauthenticated Events Export

The plugin did not properly restrict access to the export files, allowing unauthenticated users to exports all events data in CSV or XML format for example. https://drive.google.com/file/d/1lLEXDyPp4LcKoCOqYS7A-0YgpIQD-ND/view?usp=sharing...

2.8AI score0.31043EPSS
Exploits5
wpexploit
wpexploit
•added 2021/01/29 12:0 a.m.•612 views

Modern Events Calendar Lite < 5.16.6 - Authenticated SQL Injection

The plugin did not sanitise the mecpostid POST parameter in the mecfesform AJAX action when logged in as an author+, leading to an authenticated SQL Injection issue. If the Frontend Event Submission form is embed in a public page, then it could lead to any authenticated user, like subscribers to...

0.01505EPSS
Exploits2
wpexploit
wpexploit
•added 2021/01/29 12:0 a.m.•642 views

Modern Events Calendar Lite < 5.16.5 - Authenticated Arbitrary File Upload leading to RCE

The plugin did not properly check the imported file, allowing PHP ones to be uploaded by administrator by using the 'text/csv' content-type in the request. The issue could also be exploited via a CRSF attack, as such check was also missing...

1AI score0.88158EPSS
Exploits9
wpexploit
wpexploit
•added 2021/01/29 12:0 a.m.•589 views

Modern Events Calendar Lite < 5.16.5 - Authenticated Stored Cross-Site Scripting (XSS)

The plugin did not sanitise the miccomment field Notes on time when adding/editing an event, allowing users with privilege as low as author to add events with a Cross-Site Scripting payload in them, which will be triggered in the frontend when viewing the event. Edit WPScanTeam January 22nd, 2021...

0.1AI score0.00748EPSS
Exploits2
wpexploit
wpexploit
•added 2021/01/28 12:0 a.m.•125 views

Super Forms < 4.9.703 - Unauthenticated PHP File Upload to RCE

The plugin uses the jQuery File Upload library, but does not properly ensure that PHP files are forbidden. Note: Exploitation of the issue is not as easy as the original advisory in the references states. If a form from the plugin with an upload field is present on the blog, and is used to upload...

7.3AI score
Exploits0References1
wpexploit
wpexploit
•added 2021/01/25 12:0 a.m.•755 views

Contact Form 7 Database Addon < 1.2.5.6 - CSV Injection

The plugin was prone to a vulnerability that lets remote attackers inject arbitrary formulas into CSV files. Attackers can possibly exploit this issue to execute arbitrary commands on the victim's system, by the use of Microsoft Excel DDE function, or to leak data via maliciously injected...

1.5AI score0.01244EPSS
Exploits1References1
wpexploit
wpexploit
•added 2021/01/22 12:0 a.m.•99 views

Doneren met Mollie < 2.8.5 - Unauthorised CSV Export leading to Sensitive Data Disclosure

The plugin did not check for user capability in the dmmexportdonations function, allowing any authenticated user to export a CSV file containing all donors personal information. GET /wp-admin/admin-post.php?action=dmmexport...

2.5AI score
Exploits0References2
wpexploit
wpexploit
•added 2021/01/21 12:0 a.m.•120 views

Digital Climate Strike WP <= 1.0.0 - Redirect to Malicious Website due to Compromised JS Asset

The plugin loads a JavaScript asset from a remote website which seems to have been compromised. The widget.js file, loaded from https://assets.digitalclimatestrike.net/widget.js, redirects users to gladdiatordotio and is being flagged as malicious. I've reported this to the plugin authors but hav...

0.5AI score
Exploits0References1
wpexploit
wpexploit
•added 2021/01/21 12:0 a.m.•95 views

Contact Form 7 Database Addon < 1.2.5.4 - Authenticated SQL Injections

The plugin did not properly sanitise the formids from the contactform POST array parameter before using them in a SQL statement in the processbulkaction function. This could allow high privilege users, such as admin to perform SQL Injection against the DBMS via the bulk actions: delete, read and...

1.8AI score
Exploits0References1
wpexploit
wpexploit
•added 2021/01/20 12:0 a.m.•119 views

Stockdio Historical Chart < 2.8.1 - Reflected Cross-Site Scripting (XSS)

The plugin was affected by a Reflected Cross-Site Scripting issue via the postMessage event. Use the following code on another website var popup = window.open'https://VULNERABLE.PAGE/'; var msg = ; msg.method = "alertdocument.domain"; function postpopup.postMessagemsg,'' setIntervalpost,1000;...

4.3CVSS0.8AI score0.0135EPSS
Exploits2References1
wpexploit
wpexploit
•added 2021/01/20 12:0 a.m.•96 views

Advanced Custom Field Pro < 5.9.1 - Reflected Cross-Site Scripting (XSS)

The plugin did not properly escape the generated update URL when outputting it in an attribute, leading to a reflected Cross-Site Scripting issue in the update settings page. The PoC will be displayed on April 16, 2021, to give users the time to update...

0.3AI score0.01387EPSS
Exploits2References2
wpexploit
wpexploit
•added 2021/01/20 12:0 a.m.•84 views

Under Construction < 3.86 - Authenticated Stored Cross-Site Scripting (XSS)

The Underconstruction plugin admin configuration is vulnerable to stored XSS issues which will be triggered in the main page of the site, even when the unfilteredhtml is disabled. Edit WPScanTeam A fix was attempted in v3.80, but was insufficient. In the meantime, more fields were found to be...

0.2AI score
Exploits0References2
wpexploit
wpexploit
•added 2021/01/19 12:0 a.m.•125 views

e-signature < 1.5.6.8 - Unauthenticated Arbitrary File Upload leading to RCE

The AJAX sifuploadfile allowed the authorised extensions to be provided in the request, which result in unauthenticated arbitrary file upload and lead to RCE /wp-admin/admin-ajax.php?action=sifuploadfile...

3.6AI score
Exploits0References1
wpexploit
wpexploit
•added 2021/01/18 12:0 a.m.•661 views

WP Shieldon 1.6.3 - Unauthenticated Cross-Site Scripting (XSS)

The WP Shieldon WordPress plugin, versions 1.6.3 and below, were vulnerable to Unauthenticated Reflected Cross-Site Scripting XSS when the CAPTCHA page is shown. This was due to $SERVER'REQUESTURI' being echoed to a page without any encoding. http://www.example.com/?alert1...

1.2AI score0.01148EPSS
Exploits2
wpexploit
wpexploit
•added 2021/01/18 12:0 a.m.•806 views

301 Redirects - Easy Redirect Manager < 2.51 - Authenticated SQL Injection

The plugin does not sanitise its "Redirect From" column when importing a CSV file, allowing high privilege users to perform SQL injections. The PoC video provided mentioned 2.53 as vulnerable, however v2.45 was installed and used. The issue has been verified to have been fixed in 2.51 POST...

0.9AI score0.01238EPSS
Exploits1References1
wpexploit
wpexploit
•added 2021/01/15 12:0 a.m.•93 views

Easy Contact Form Pro < 1.1.1.9 - Authenticated Stored Cross-Site Scripting (XSS)

The plugin did not properly sanitise the text fields such as Email Subject, Email Recipient, etc when creating or editing a form, leading to an authenticated author+ stored cross-site scripting issue. This could allow medium privilege accounts such as author and editor to perform XSS attacks...

5.8AI score
Exploits0References1
wpexploit
wpexploit
•added 2021/01/15 12:0 a.m.•193 views

Simple Job Board < 2.9.4 - Authenticated Path Traversal Leading to Arbitrary File Download

The plugin does not validate the sjbfile parameter when viewing a resume, allowing authenticated user with the downloadresume capability such as HR users to download arbitrary files from the web-server via a path traversal attack The sjbfile parameter to use may depends on the configuration of th...

4CVSS0.4AI score0.30479EPSS
Exploits7References2
wpexploit
wpexploit
•added 2021/01/13 12:0 a.m.•113 views

Elementor Contact Form DB < 1.6 - Unauthenticated & Unauthorised Form Submissions Export

The sbelemcfddownloadcsv function, registered as an admininit hook does not have capability and CSRF checks, allowing unauthenticated attackers to download arbitrary form submissions as a CSV. The data will include PII such as email addresses. A CSRF check was added, but no capability one, so the...

2.9AI score
Exploits0References1
wpexploit
wpexploit
•added 2021/01/12 12:0 a.m.•121 views

Orbit Fox by ThemeIsle < 2.10.3 - Authenticated Stored Cross Site Scripting

Orbit Fox by ThemeIsle has a feature to add custom scripts to the header and footer of a page or post. There were no checks to verify that a user had the unfilteredhtml capability prior to saving the script tags, thus allowing lower-level users to inject scripts that could potentially be maliciou...

5.5AI score0.00687EPSS
Exploits2References1
wpexploit
wpexploit
•added 2021/01/12 12:0 a.m.•121 views

Orbit Fox by ThemeIsle < 2.10.3 - Authenticated Privilege Escalation

Orbit Fox by ThemeIsle has a feature to add a registration form to both the Elementor and Beaver Builder page builders functionality. As part of the registration form, administrators can choose which role to set as the default for users upon registration. This field is hidden from view for...

6.5AI score0.009EPSS
Exploits2References1
wpexploit
wpexploit
•added 2021/01/11 12:0 a.m.•117 views

Custom Global Variables <= 1.0.5 - Stored Cross-Site Scripting (XSS)

The plugin does not sanitise the 'name' field of the variable added in its settings, leading to a Stored Cross-Site Scripting issue. Attackers could also used the lack of CSRF nonce and check to make a logged in administrator add the payload and make them perform further unwanted actions. The PoC...

0.7AI score
Exploits0References1
wpexploit
wpexploit
•added 2021/01/08 12:0 a.m.•102 views

Modal Survey < 2.0.1.8.2 - Authenticated Reflected Cross-Site Scripting (XSS)

The plugin did not sanitise the msuid parameter from the survey participants page in the admin Dashboard, leading to a reflected Cross-Site Scripting issue https://example.com/wp-admin/admin.php?page=modalsurveyparticipants&msuid=%27%3E%3Cscript%3Ealert%28123%29%3B%3C%2Fscript%3E...

1AI score
Exploits0References1
wpexploit
wpexploit
•added 2021/01/08 12:0 a.m.•59 views

Modal Survey < 2.0.1.8.2 - Authenticated PHP Object Injection

The Unserialize function is used multiple times in the code, for example when importing custom surveys. This could allow a malicious administrator to import a crafted JSON to trigger a PHP Object Injection vulnerability "name":"Open Text Answer Sample", "id":"924478511", "options":"", "global":"0...

0.5AI score
Exploits0References1
wpexploit
wpexploit
•added 2021/01/08 12:0 a.m.•207 views

Modal Survey < 2.0.1.8.2 - Unauthenticated Arbitrary Survey Update, Deletion and Creation

The plugin AJAX calls including unauthenticated ones did not have capabilities and CSRF checks, allowing unauthenticated users to update, delete or create arbitrary surveys. curl --url https://exmple.com/wp-admin/admin-ajax.php --data "action=ajaxsurvey&sspcmd=delete&surveyid=110251535" curl --ur...

3.1AI score
Exploits0References1
wpexploit
wpexploit
•added 2021/01/06 12:0 a.m.•88 views

WP24 Domain Check < 1.6.3 - Authenticated Stored Cross-Site Scripting (XSS)

The plugin version 1.6.2 and possibly below, was vulnerable to Stored Cross-Site Scripting XSS in the plugin's fieldnameDomain settings parameter. The form did require a valid CSRF nonce, limiting the exploitability of the vulnerability. In the plugin's advanced settings...

0.7AI score
Exploits0References1
wpexploit
wpexploit
•added 2021/01/05 12:0 a.m.•87 views

WP Paginate < 2.1.4 - Authenticated Stored Cross-Site Scripting (XSS)

The WP Paginate WordPress plugin, version 2.1.3 and possibly below, was vulnerable to Stored Cross-Site Scripting XSS in the plugin's preset settings parameter. The form did require a valid CSRF nonce, limiting the exploitability of the vulnerability. POST...

0.2AI score
Exploits0References2
wpexploit
wpexploit
•added 2021/01/03 12:0 a.m.•113 views

Contact Form Submissions <= 1.6.4 - Authenticated Double Query SQL injection

The plugin is affected by a double query SQL injection, which could allow high privileged users to access data from the DBMS. Edit WPScanTeam October 26th, 2020 - Confirmed & Escalated to WP October 27th, 2020 - WP Investigating January 3rd, 2021 - No updates, disclosing The PoC will be displayed...

0.9AI score
Exploits0
wpexploit
wpexploit
•added 2021/01/03 12:0 a.m.•1075 views

Contact Form Submissions <= 1.6.4 - Authenticated SQL Injection

The wpcf7contactform GET parameter is vulnerable to SQL injection when submitting a filter request as a high privilege user admin+ Edit WPScanTeam September 28th, 2020 - Escalated to WP & WP Investigating October 26th, 2020 - Received another submission related a SQL injection in the same paramet...

0.6AI score0.01456EPSS
Exploits2
wpexploit
wpexploit
•added 2020/12/28 12:0 a.m.•374 views

WooCommerce < 4.7.0 - Arbitrary Order Status Disclosure via IDOR

"The WooCommerce plugin before 4.7.0 for WordPress allows remote attackers to view the status of arbitrary orders via the orderid parameter in a fetchorderstatus action." https://example.com/wp-admin/admin-ajax.php?action=fetchorderstatus&orderid=XX...

5CVSS4.5AI score0.04026EPSS
Exploits2References1
wpexploit
wpexploit
•added 2020/12/26 12:0 a.m.•116 views

LiteSpeed Cache < 3.6.1 - Authenticated Stored Cross-Site Scripting

The plugin does not sanitise invalid IPs given in its Toolbox page before displaying them in an error message. Submit a payload such as in the Admin IPs section of the Toolbox /wp-admin/admin.php?page=litespeed-toolbox...

4.3CVSS0.3AI score0.0093EPSS
Exploits1References1
wpexploit
wpexploit
•added 2020/12/24 12:0 a.m.•117 views

WP Postratings < 1.86.1 - Authenticated Stored Cross-Site Scripting

The plugin does not sanitise the postratingsimage parameter from its options page wp-admin/admin.php?page=wp-postratings/postratings-options.php. Even though the page is only accessible to administrators, and protected against CSRF attacks, the issue is still exploitable when the unfilteredhtml...

1.3AI score
Exploits0References1
wpexploit
wpexploit
•added 2020/12/19 12:0 a.m.•574 views

Envira Gallery Lite < 1.8.3.3 - Authenticated Stored Cross-Site Scripting

The plugin does not properly sanitise the images metadata namely title before outputting them in the generated gallery. This allows privileged accounts such as editor+ to perform XSS attacks even without the unfilteredhtml capability against users visiting the gallery in the frontend. As an...

1.3AI score0.00661EPSS
Exploits2References1
wpexploit
wpexploit
•added 2020/12/18 12:0 a.m.•93 views

Simple Social Buttons < 3.2.1 - Unauthenticated Reflected Cross-Site Scripting

The version 3.2.0 attempted to fix a reflected Cross-Site Scripting issue, by adding a CSRF check, which does not fully remediate it as unauthenticated users will all have the same nonce generated and valid for 12h to 24h, or 2 WP ticks. Only unauthenticated users can be attacked with this issue...

6.8AI score
Exploits0References1
wpexploit
wpexploit
•added 2020/12/18 12:0 a.m.•117 views

Simple Social Buttons < 3.2.0 - Reflected Cross-Site Scripting

Simple Social Buttons version 3.1.1 has a reflected Cross-Site Scripting vulnerability in the POST parameter "sharecounts". Both unauthenticated and authenticated attacks are possible Edit WPScanTeam The original report stated the issue as being fixed in 3.2.0, however a CSRF nonce has been added...

6.6AI score
Exploits0References2
wpexploit
wpexploit
•added 2020/12/17 12:0 a.m.•644 views

Contact Form 7 < 5.3.2 - Unrestricted File Upload

The popular WordPress plugin, Contact Form 7 was found to be vulnerable to Unrestricted File Upload. Append a unicode special character from U+0000 null to U+001F us to a filename and upload it via the ContactForm7 upload feature...

10CVSS1.2AI score0.89626EPSS
Exploits4References3
wpexploit
wpexploit
•added 2020/12/15 12:0 a.m.•805 views

Redux Framework < 4.1.21 - CSRF Nonce Validation Bypass

The plugin did not properly validate some nonces, only checking them if their value was set. As a result, CSRF attacks could still be performed by not submitting the nonce in the request, bypassing the protection they are supposed to provide. Just don't send the parameters: $POST'nonce' or...

0.7AI score
Exploits0References4
wpexploit
wpexploit
•added 2020/12/14 12:0 a.m.•50 views

Total Upkeep by BoldGrid < 1.14.10 - Sensitive Data Disclosure (Server IP Address, UID etc)

The plugin does not restrict access to a file containing sensitive information, such as the real server IP address, UID and so on, which may help attackers in further attacks. GET /wp-content/plugins/boldgrid-backup/cli/env-info.php ..., "phpuname":"Linux wordpress-server X.X.X-XX-generic XX-Ubun...

1.3AI score
Exploits0References1
wpexploit
wpexploit
•added 2020/12/14 12:0 a.m.•81 views

Limit Login Attempts Reloaded < 2.16.0 - Authenticated Reflected Cross-Site Scripting

The plugin does not properly sanitise user input in its options page, which could allow attackers to perform XSS attacks against logged in administrator by making them open a malicious URL The issue was partially fixed in 2.15.1, and fully remediated in 2.16.0...

3.5CVSS3.4AI score0.00767EPSS
Exploits2References1
wpexploit
wpexploit
•added 2020/12/14 12:0 a.m.•82 views

Total Upkeep by BoldGrid < 1.14.10 - Unauthenticated Backup Download

The plugin does not restrict access to a file containing sensitive information, such as the internal path of backups, which may then allow unauthenticated users to download them. The filepath in /wp-content/plugins/boldgrid-backup/cron/restore-info.json will reveal the internal path of the backup...

0.8AI score
Exploits0References1
wpexploit
wpexploit
•added 2020/12/12 12:0 a.m.•77 views

Directories Pro < 1.3.46 - Authenticated Self-Reflected Cross-Site Scripting

The plugin did not sanitise the column names when importing a malicious CSV file, allowing for HTML or JavaScript injection. Iimport a CSV file containing the following in the header: 'term" autofocus onfocus=alert'Complex\u0020XSS';alertdocument.cookie;//'"...

4.3CVSS6.5AI score0.05483EPSS
Exploits3References1
Total number of security vulnerabilities4359