Lucene search
K
WpexploitRecent

4359 matches found

wpexploit
wpexploit
added 2020/09/22 12:0 a.m.50 views

Ninja Forms < 3.4.27.1 - CSRF leading to Arbitrary Plugin Installation

The plugin is affected by a Cross-Site Request Forgery CSRF which could allow attackers to make a logged administrator install an arbitrary plugin from the WordPress repository. http://example.com/wp-admin/admin-ajax.php?action=nfservicesinstall&plugin=wpscan&installpath=wpscan/wpscan.php...

4.3CVSS4.3AI score0.00593EPSS
Exploits1References1
wpexploit
wpexploit
added 2020/09/22 12:0 a.m.111 views

XCloner Backup and Restore 4.2.1 - 4.2.12 - Unprotected AJAX Action

"This flaw gave authenticated attackers, with subscriber-level or above capabilities, the ability to modify arbitrary files, including PHP files. Doing so would allow an attacker to achieve remote code execution on a vulnerable site’s server. Alternatively, an attacker could create an exploit cha...

6.5CVSS1.4AI score0.24937EPSS
Exploits5References1
wpexploit
wpexploit
added 2020/09/22 12:0 a.m.26 views

Coditor <= 1.1 - Arbitrary File Edition, Deletion and Internal Directory Listing in wp-content

The coditorprocessajax AJAX call is missing any CSRF and authorisation checks, allowing low privilege users subscriber+ to read and edit any files in the wp-content folder, as well as list its content. The PoC will be displayed once the issue has been remediated...

1.9AI score
Exploits0References1
wpexploit
wpexploit
added 2020/09/21 12:0 a.m.21 views

JobMonster < 4.6.6.1 - Directory Listing in Upload Folder

The JobMonster Theme was vulnerable to Directory Listing in the /wp-content/uploads/jobmonster/ folder, as it did not include a default PHP file, or .htaccess file. This could expose personal data such as people's resumes. Although Directory Listing can be prevented by securely configuring the we...

0.9AI score
Exploits0References1
wpexploit
wpexploit
added 2020/09/21 12:0 a.m.32 views

Drag and Drop Multiple File Upload – Contact Form 7 < 1.3.5.5 - Unauthenticated Remote Code Execution

The Drag and Drop Multiple File Upload – Contact Form 7 WordPress plugin was vulnerable to Remote Code Execution via file upload. The plugin used a blacklist of dangerous file extensions that it did not allow to be uploaded, however, the extensions .phar and .phpt were not within the blacklist,...

1.7AI score
Exploits1References2
wpexploit
wpexploit
added 2020/09/14 12:0 a.m.16 views

Affiliate Manager < 2.7.8 - Unauthenticated Stored Cross-Site Scripting (XSS)

The plugin does not properly validate and sanitise data passed to the affiliate-register form, allowing unauthenticated user to set XSS payloads in some of its fields. The payloads will then be triggered when privileged users, such as admin, will view the created affiliate in the backend. As an...

1.2AI score
Exploits0References1
wpexploit
wpexploit
added 2020/09/11 12:0 a.m.25 views

10Web Social Post Feed < 1.1.27 - Authenticated SQL Injection

Authenticated SQL injection in the 10Web Social Post Feed WordPress Plugin 1.1.26 via the /wordpress/wp-admin/admin.php?page=infoffwd searchvalue parameter. https://drive.google.com/file/d/1Hndhdy3leYTzutx-DJvu1B-tW5Y5teBB/view...

3.1AI score
Exploits0References1
wpexploit
wpexploit
added 2020/09/10 12:0 a.m.28 views

Email Subscribers & Newsletters < 4.5.6 - Unauthenticated email forgery/spoofing

It allows a remote unauthenticated attacker to send forged emails to all recipients from the available lists of contacts or subscribers, with complete control over the content and subject of the email. POST /wp-admin/admin-ajax.php HTTP/1.1 Host: example.com Content-Type:...

5CVSS2.4AI score0.01634EPSS
Exploits2References2
wpexploit
wpexploit
added 2020/09/06 12:0 a.m.693 views

ActiveCampaign < 8.0.2 - Cross-Site Request Forgery in Settings

The ActiveCampaign 8.0.1 plugin is lacking CSRF check on its Settings form, which could allow attacker to make a logged-in administrator change API Credentials to attacker's account. When a logged-in administrator accesses an HTML page embedded below content, the plugin's setting will be changed...

1AI score0.00474EPSS
Exploits2References1
wpexploit
wpexploit
added 2020/09/06 12:0 a.m.538 views

Constant Contact Forms < 1.8.8 - Multiple Authenticated Stored XSS

Multiple stored cross-site scripting vulnerabilities in Constant Contact Forms for WordPress 1.8.7 and lower allow high-privileged user Editor+ to inject arbitrary Javascript code or HTML in posts where the malicious form is embed. High-privileged user Editor+ can exploit XSS via Add New Form's...

5.3AI score0.00654EPSS
Exploits2References1
wpexploit
wpexploit
added 2020/09/06 12:0 a.m.847 views

Advanced Database Cleaner < 3.0.2 - Authenticated SQL injection

The plugin did not properly sanitise user input given, allowing high privilege users admin+ to perform SQL injection attacks. https://drive.google.com/file/d/1ljyMPfcwLXP2VS8lbAKNR9SzNfX1sm3W/view?usp=sharing...

3.8AI score0.01205EPSS
Exploits1References1
wpexploit
wpexploit
added 2020/09/01 12:0 a.m.282 views

File Manager 6.0-6.9 - Unauthenticated Arbitrary File Upload leading to RCE

Seravo noticed multiple cases where WordPress sites were breached using 0-day in wp-file-manager confirmed with v6.8, which was the latest version available in wordpress.org. File lib/php/connector.minimal.php can be by default opened directly, and this file loads...

7.5CVSS10AI score0.97328EPSS
Exploits14References5
wpexploit
wpexploit
added 2020/08/31 12:0 a.m.17 views

Ceceppa Multilingua <= 1.5.17 - Authenticated Reflected Cross-Site Scripting

The tab GET parameter in the plugin's settings is vulnerable to reflected XSS attacks. The PoC will be displayed once the issue has been remediated...

0.7AI score
Exploits0References1
wpexploit
wpexploit
added 2020/08/31 12:0 a.m.34 views

Recall Products <= 0.8 - Authenticated SQL Injection

The Manufacturer POST parameter is vulnerable to SQL injection when submitting a deletion request. The PoC will be displayed once the issue has been remediated...

6.5CVSS1.5AI score0.01928EPSS
Exploits2References1
wpexploit
wpexploit
added 2020/08/31 12:0 a.m.33 views

WP Floating Menu < 1.4.1 - Authenticated Reflected Cross-Site Scripting

The id GET parameter used by WP Floating menu does not correctly sanitise user input before reflecting the parameter back to the user, resulting in a reflected XSS vulnerability. Other sanitisation have been added to prevent other XSS issues as well as potential SQL injections...

4.3CVSS1.1AI score0.00934EPSS
Exploits2References2
wpexploit
wpexploit
added 2020/08/31 12:0 a.m.19 views

Bulk Change <= 1.0 - Authenticated Reflected Cross-Site Scripting

The Bulk Change page under Tools Bulk Posts Change has an 's' GET parameter echoed to a text input tag value without being sanitised, leading to a cross-site scripting issue. /wp-admin/tools.php?page=bulk-change%2Fbulk-change.php&perpage=10&dosearch=Search+...&changeposttype&bctpaction&s="alertXS...

0.4AI score
Exploits0References1
wpexploit
wpexploit
added 2020/08/31 12:0 a.m.23 views

Subscribe Sidebar <= 1.3.1 - Authenticated Reflected Cross-Site Scripting

The 'status' GET parameter in subscribesidebar.php, which is displayed in the plugin's option page, is vulnerable to reflected XSS attacks. /wp-admin/options-general.php?page=subscribesidebar.php&status=%3Cscript%3Ealert%28document.cookie%29%3C%2Fscript%3E...

4.3CVSS1.7AI score0.00977EPSS
Exploits1References1
wpexploit
wpexploit
added 2020/08/31 12:0 a.m.26 views

Chamber Dashboard Business Directory < 3.3.1 - Authenticated Stored Cross-Site Scripting

The plugin does not sanitise user input when creating or editing a business in the dashboard, allowing high privilege users Editor+ to set XSS payloads in various fields. Login as an editor or admin, then add/edit a business and set the phone number as " The payload will then be executed in the...

4.3CVSS0.01011EPSS
Exploits2References1
wpexploit
wpexploit
added 2020/08/29 12:0 a.m.22 views

Real Estate 7 < 3.0.5 - Unauthenticated Reflected XSS

An Unauthenticated Reflected XSS vulnerability was discovered in the Real Estate 7 theme v3.0.4 for WordPress. Vulnerable parameters: ctsqftfrom, ctsqftto, ctlotsizefrom, ctlotsizeto, ctmls. Edit WPScanTeam: The issue has been hot-fixed in 3.0.4. So the fixed in has been set to 3.0.5 the next...

2.9AI score
Exploits0References3
wpexploit
wpexploit
added 2020/08/29 12:0 a.m.22 views

Quiz and Survey Master < 7.0.2 - Unauthenticated Arbitrary File Upload

Because the plugin doesn't validate the name of the uploaded file, an unauthenticated user could upload a PHP script with a double extension, e.g., script.php.jpg, and execute it on HTTP servers running a configuration such as Apache + PHP FastCGI. Edit WPScanTeam: This appears to be due to an...

0.8AI score
Exploits0References1
wpexploit
wpexploit
added 2020/08/24 12:0 a.m.25 views

Autoptimize < 2.7.7 - Authenticated Arbitrary File Upload

The aoccssimport AJAX call does not ensure that the file provided is a legitimate Zip file, allowing high privilege users to upload arbitrary files, such as PHP, leading to RCE. https://drive.google.com/file/d/1siZsDiJsYRCw58Ksram5zBJOVbs-Hio1/view?usp=sharing POST /wp-admin/admin-ajax.php HTTP/1...

6.5CVSS0.2AI score0.13139EPSS
Exploits6References1
wpexploit
wpexploit
added 2020/08/22 12:0 a.m.29 views

RSVPMaker < 7.8.2 - Unauthenticated SQL Injection

The plugin does not sanitise user input before using it in a SQL statement in the signedupajax AJAX action. Note: Even though the reported SQL Injection was fixed in v7.8.2, other additional sanitisation was implemented in v7.8.3 to 7.8.6. sqlmap -u "https://localhost/?action=signedup&eventcount=...

1.6AI score
Exploits0References1
wpexploit
wpexploit
added 2020/08/21 12:0 a.m.22 views

WooCommerce - NAB Transact < 2.1.2 - Payment Bypass

The plugin does not validate the origin of payment processor status requests, allowing orders to be marked as fully paid by issuing a specially crafted GET request during the ordering workflow. When presented with a payment screen, instead of submitting payment information, issue the following GE...

5CVSS0.6AI score0.01152EPSS
Exploits4References2
wpexploit
wpexploit
added 2020/08/20 12:0 a.m.600 views

WP Customer Reviews < 3.4.3 - Multiple Unauthenticated and Low Priv Authenticated Stored XSS

Multiple stored cross-site scripting vulnerabilities in WP Customer Reviews 3.4.2 and lower allow remote attackers to inject arbitrary JavaScript code or HTML. If WP Customer Reviews is enabled on a page, an unauthenticated attacker can exploit XSS via review form's parameters: - Reviewer Name -...

0.3AI score0.01085EPSS
Exploits2
wpexploit
wpexploit
added 2020/08/19 12:0 a.m.30 views

Elegant Testimonial <= 1.1.6 - Multiple Authenticated Stored Cross-Site Scripting

The name, company and text fields used while adding a testimonial to a page was found to be vulnerable to stored XSS, as they did not sanitize user given input properly before publishing the post. It is triggered when a user loads a page where the plugin shortcode is used. All WordPress websites...

0.5AI score
Exploits0References2
wpexploit
wpexploit
added 2020/08/19 12:0 a.m.210 views

Change WordPress Login Logo < 1.1.5 - Authenticated Stored Cross-Site Scripting

The height, and width fields used to update the custom logo was found to be vulnerable to stored XSS, as they did not sanitize user input properly before publishing the changes. It is triggered when a user loads the login page. Set the following payload as Height or Width in the plugin's settings...

6.8AI score
Exploits0References2
wpexploit
wpexploit
added 2020/08/19 12:0 a.m.15 views

Click to Top < 1.2.8 - Authenticated Stored Cross-Site Scripting

The Type scroll text field in the plugin settings page was found to be vulnerable to stored XSS, as they did not sanitize user given input properly before publishing the changes. It is triggered when a user loads any page on the website. All WordPress websites using Click to top WordPress Plugin...

6.8AI score
Exploits0References2
wpexploit
wpexploit
added 2020/08/18 12:0 a.m.522 views

Internal Links Manager < 2.1.1 - Multiple Authenticated Stored Cross-Site Scripting (XSS)

Due to lack of user input filtering and validation, the "Add New Link" and "All Links" features are vulnerable to cross-site scripting. The following fields are vulnerable: Internal Title title, Link Title titleattr. Issues were reported to vendor and WP plugins team by reporter. Edit WPScanTeam:...

6.9AI score
Exploits0References1
wpexploit
wpexploit
added 2020/08/17 12:0 a.m.42 views

Home Villas <= 2.2 - Multiple Cross-Site Scripting Issues

An Unauthenticated Reflected & Authenticated Persistent XSS vulnerabilities were discovered in the Home Villas theme through 2.2 for WordPress. Edit WPScanTeam: July 27th, 2020 - Confirmed & Escalated to Envato July 28th, 2020 - Envato Investigating August 17th, 2020 - No updates, disclosing...

0.1AI score
Exploits0References2
wpexploit
wpexploit
added 2020/08/17 12:0 a.m.16 views

Responsive Lightbox2 < 1.0.3 - Authenticated Stored Cross-Site Scripting

The ‘hyperlink’ field in used while linking an image from a URL was found to be vulnerable to stored XSS, as they did not sanitize user given input properly before publishing the post. It is triggered when a users loads a page where the plugin shortcode is used. All WordPress websites using...

6.8AI score
Exploits0References2
wpexploit
wpexploit
added 2020/08/17 12:0 a.m.33 views

Geo Magazine <= 2.0 - Unauthenticated Reflected XSS

An Unauthenticated Reflected XSS vulnerability was discovered in the Geo Magazine theme through 2.0 for WordPress. Edit WPScanTeam: July 27th, 2020 - Confirmed & Escalated to Envato July 28th, 2020 - Envato Investigating August 17th, 2020 - No updates, disclosing The PoC will be displayed once th...

0.8AI score
Exploits0References2
wpexploit
wpexploit
added 2020/08/17 12:0 a.m.14 views

Sell Photo <= 1.0.5 - Authenticated Stored Cross-Site Scripting

The Button Text/Image field in Settings page of Sell Photos Plugin was found to be vulnerable to stored XSS, as they did not sanitize user given input properly. It is triggered when a users loads a page where the plugin is used, and when an admin opens settings page of the plugin. The PoC will be...

0.3AI score
Exploits0References2
wpexploit
wpexploit
added 2020/08/17 12:0 a.m.14 views

Colorbox Lightbox <= 1.1.2 - Authenticated Stored Cross-Site Scripting

The ‘hyperlink’ field in used while linking an image from a URL was found to be vulnerable to stored XSS, as they did not sanitize user given input properly before publishing the post. It is triggered when a users loads a page where the plugin shortcode is used. All WordPress websites using...

6.9AI score
Exploits0References3
wpexploit
wpexploit
added 2020/08/17 12:0 a.m.16 views

Fancy Lightbox < 1.0.2 - Authenticated Stored Cross-Site Scripting

The ‘hyperlink’ field in used while linking a remote resource Image, Video or web page from a URL was found to be vulnerable to stored XSS, as they did not sanitize user given input properly before publishing the post. It is triggered when a users loads a page where the plugin shortcode is used...

6.9AI score
Exploits0References2
wpexploit
wpexploit
added 2020/08/17 12:0 a.m.16 views

Easy Media Download < 1.1.5 - Authenticated Stored Cross-Site Scripting

The ‘Button Text’ field in used while posting a file download was found to be vulnerable to stored XSS, as they did not sanitize user given input properly before publishing the post. It is triggered when a users loads a page where the plugin shortcode is used. All WordPress websites using Easy...

0.5AI score
Exploits0References2
wpexploit
wpexploit
added 2020/08/17 12:0 a.m.13 views

NextGEN Gallery Sell Photo <= 1.0.4 - Authenticated Stored Cross-Site Scripting

The Button Text/Image field in Settings page of Sell Photos Plugin was found to be vulnerable to stored XSS, as they did not sanitize user given input properly. It is triggered when a users loads a page where the plugin is used, and when an admin opens settings page of the plugin. The PoC will be...

0.2AI score
Exploits0References2
wpexploit
wpexploit
added 2020/08/14 12:0 a.m.25 views

Sell Media < 2.4.2 - Unauthenticated Reflected Cross-Site Scripting (XSS)

A Cross-site scripting XSS vulnerability in /inc/class-search.php in the Sell Media plugin v2.4.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the keyword parameter aka $searchterm or the Search field. https://example.com/sell-media-search/?keyword="alert/XSS/...

4.3CVSS1.9AI score0.09221EPSS
Exploits1References1
wpexploit
wpexploit
added 2020/08/13 12:0 a.m.26 views

Quiz and Survey Master < 7.0.1 - Unauthenticated Arbitrary File Deletion

This flaw allows users to delete arbitrary files like a site’s wp-config.php file which could effectively take a site offline and allow an attacker to take over the vulnerable site. history.pushState'', '', '/'...

6.4CVSS1.1AI score0.76328EPSS
Exploits2References1
wpexploit
wpexploit
added 2020/08/13 12:0 a.m.26 views

Quiz and Survey Master < 7.0.1 - Arbitrary File Upload

This flaw made it possible for unauthenticated attackers to upload arbitrary files and achieve remote code execution. Set-up quiz that accepts file uploads, then upload file and change content-type to one set as approved. history.pushState'', '', '/' function submitRequest var xhr = new...

7.5CVSS1.8AI score0.04934EPSS
Exploits2References1
wpexploit
wpexploit
added 2020/08/13 12:0 a.m.31 views

Nova Lite < 1.3.9 - Unauthenticated Reflected Cross-Site Scripting (XSS)

The theme did not properly sanitise the search query, leading to an unauthenticated reflected Cross-Site Scripting issue /?s=%3Cimg%20src%20onerror=alert/XSS/%3E...

4.3CVSS1.9AI score0.02873EPSS
Exploits1
wpexploit
wpexploit
added 2020/08/12 12:0 a.m.25 views

Ultimate Member < 2.1.7 - Unauthenticated Open Redirect

The Ultimate Member WordPress plugin was vulnerable to an Unauthenticated Open Redirect vulnerability, affecting the registration and login pages where the "redirectto" GET parameter was used. https://www.example.com/register/?redirectto=https://www.evil.com/...

2.2AI score
Exploits0References2
wpexploit
wpexploit
added 2020/08/11 12:0 a.m.24 views

Add From Server <= 3.3.3 - Authenticated Path Traversal to Arbitrary File Access

An authenticated attacker with low permission can read arbitrary files on server using Path Traversal. The plugin author states that this is by design and that the plugin should not be used. Please refer to the references. http://example.com/wp-admin/upload.php?page=add-from-server&adirectory=/...

3.6AI score
Exploits0References2
wpexploit
wpexploit
added 2020/08/10 12:0 a.m.50 views

File Manager < 6.5 - Backup File Directory Listing

The File Manager WordPress plugin could expose backup files if the web server had Directory Listing enabled. The File Manager WordPress plugin, version 6.4 and lower, failed to restrict external access to the fmbackups directory with a .htaccess file. This resulted in the ability for...

5CVSS1AI score0.16327EPSS
Exploits2References2
wpexploit
wpexploit
added 2020/08/10 12:0 a.m.22 views

Cardoza WordPress Poll <= 36 - Authenticated SQL Injection

The Cardoza WordPress Poll plugin was vulnerable to authenticated SQL Injection in the "pollid" POST parameter when submitting a poll deletion request. action=deletepoll&pollid=SELECT 2822 FROM SELECTSLEEP5gsJu...

1.7AI score
Exploits0References1
wpexploit
wpexploit
added 2020/08/10 12:0 a.m.28 views

RSS Feed Widget < 2.8.1 - Authenticated Cross-Site Scripting (XSS)

The RSS Feed Widget WordPress plugin version 2.8.0 and below was vulnerable to Authenticated Cross-Site Scripting XSS within the "t" GET parameter. http://www.example.com/wp-admin/admin.php?page=rfwoptions&t=1"alert"xss"...

4.3CVSS1.2AI score0.00866EPSS
Exploits2References2
wpexploit
wpexploit
added 2020/08/10 12:0 a.m.16 views

Admin Menu <= 1.1 - Authenticated Cross-Site Scripting (XSS)

The Admin Menu WordPress plugin, versions 1.1 and below, were vulnerable to Authenticated Cross-Site Scripting XSS within the "role" GET parameter. http://www.example.com/wp-admin/admin.php?page=admin-menu-pro&role=alertString.fromCharCode88,83,83...

1.5AI score
Exploits0References1
wpexploit
wpexploit
added 2020/08/10 12:0 a.m.16 views

Ultimate Appointment Booking & Scheduling < 1.1.10 - Authenticated Cross-Site Scripting (XSS)

The Ultimate Appointment Booking & Scheduling WordPress plugin, versions 1.1.9 and older, were vulnerable to Authenticated Cross-Site Scripting XSS within multiple parameters...

4.3CVSS1AI score0.01151EPSS
Exploits2References2
wpexploit
wpexploit
added 2020/08/06 12:0 a.m.13 views

Konzept < 2.5 - Unauthenticated Reflected XSS

An Unauthenticated Reflected XSS vulnerability was discovered in the Konzept theme through 2.3 for WordPress. /?s=%22%3E%3Cimg+src%3Dx+onerror%3Dalert%60XSS%60%3B%3E...

1.7AI score
Exploits0References2
wpexploit
wpexploit
added 2020/08/05 12:0 a.m.24 views

FoodBakery < 2.0 - Unauthenticated Reflected XSS

An Unauthenticated Reflected XSS vulnerability was discovered in the FoodBakery theme through 1.9 for WordPress. Note: The issue was hot patched in 1.9. As a result, there are two 1.9 versions out there, one vulnerable and one with the patch...

2.5AI score
Exploits0References2
wpexploit
wpexploit
added 2020/08/04 12:0 a.m.54 views

The Official WordPress Facebook Chat Plugin < 1.6 - Authenticated Options Change to Chat Takeover

This flaw made it possible for low-level authenticated attackers to connect their own Facebook Messenger account to any site running the vulnerable plugin and engage in chats with site visitors on affected sites. Obtain PageID from a test Facebook Page found under page - about - pageID. Use this...

0.9AI score
Exploits0References1
Total number of security vulnerabilities4359