Lucene search
K
WpexploitRecent

4359 matches found

wpexploit
wpexploit
added 2020/08/04 12:0 a.m.113 views

Elegant Themes (Divi 3.0 - 4.5.2, Extra 2.0 - 4.5.2, Divi Builder 2.0 - 4.5.2) - Authenticated Arbitrary File Upload

Description This flaw gave authenticated attackers, with contributor-level or above capabilities, the ability to upload arbitrary files, including PHP files, and achieve remote code execution on a vulnerable site’s server. Usage: php poc.php url username password filetoupload Once the file is...

9.9CVSS9.4AI score0.02422EPSS
Exploits2References2
wpexploit
wpexploit
added 2020/08/03 12:0 a.m.36 views

Product Input Fields for WooCommerce < 1.2.7 - Unauthenticated File Download

The lack of authorisation checks in the handledownloads function, hooked to admininit could allow unauthenticated users to download arbitrary files from the blog using a path traversal payload. /wp-admin/admin-post.php?algwcpifdownloadfile=../../../../../wp-config.php...

3.5AI score
Exploits0References1
wpexploit
wpexploit
added 2020/07/31 12:0 a.m.26 views

JobCareer < 3.5 - Multiple Cross-Site Scripting (XSS)

An Unauthenticated Reflected & Authenticated Persistent XSS vulnerabilities were discovered in the JobCareer theme through 3.4 for WordPress. Unauthenticated Reflected XSS - Vulnerable parameters: jobtitle, specialisms, location Authenticated Persistent XSS on Employer Profile - «Complete Address...

Exploits0References2
wpexploit
wpexploit
added 2020/07/29 12:0 a.m.16 views

Reality < 2.5.6 - Multiple Reflected Cross-Site Scripting (XSS)

An Unauthenticated & Authenticated Reflected XSS vulnerabilities was discovered in the Reality theme through 2.5.3 and 2.5.5 for WordPress. Unauthenticated Reflected XSS: http://reality.inwavethemes.com/properties/?status=&keyword=1%22--%3E&label=1%22--%3E%3Cimg%20src=x%20onerror=alertXSS%3E v...

0.7AI score
Exploits0References3
wpexploit
wpexploit
added 2020/07/28 12:0 a.m.66 views

Comments - wpDiscuz 7.0.0 - 7.0.4 - Unauthenticated Arbitrary File Upload

This flaw gave unauthenticated attackers the ability to upload arbitrary files, including PHP files, and achieve remote code execution on a vulnerable site’s server. POST /wp-admin/admin-ajax.php HTTP/1.1 Host: URL Content-Length: 774 Accept: / X-Requested-With: XMLHttpRequest User-Agent:...

7.5CVSS1AI score0.94535EPSS
Exploits19References2
wpexploit
wpexploit
added 2020/07/27 12:0 a.m.20 views

Real Estate 7 < 3.0.4 - Unauthenticated Reflected XSS

An Unauthenticated Reflected XSS vulnerability was discovered in the Real Estate 7 theme v3.0.2 and v3.0.3 for WordPress. 3.0.3 - https://example.com/?ctkeyword=%22%3E%3Cimg%20src%20onerror%3Dalert%28%2FXSS%2F%29%3E 3.0.4 -...

2AI score
Exploits0References2
wpexploit
wpexploit
added 2020/07/27 12:0 a.m.26 views

CarePlus <= 1.2 - Unauthenticated Reflected Cross-Site Scripting (XSS)

An Unauthenticated Reflected XSS vulnerability was discovered in the CarePlus theme through 1.2 for WordPress. https://example.com/?s=%22%20autofocus%20onfocus=alertXSS;%20%22%3E...

1.3AI score
Exploits0References2
wpexploit
wpexploit
added 2020/07/24 12:0 a.m.21 views

JobSearch < 1.5.6 - Unauthenticated Reflected XSS

An Unauthenticated Reflected XSS vulnerability was discovered in the JobSearch plugin v1.5.5 for WordPress. https://example.com/?%22%3E%3C%2Fa%3E%3C%2Fli%3E%3C%2Ful%3E%3Cscript%3Ealert%28%2FXSS%2F%29%3B%3C%2Fscript%3E=%3E...

1.2AI score
Exploits0References2
wpexploit
wpexploit
added 2020/07/24 12:0 a.m.26 views

Careerfy < 4.4.0 - Unauthenticated Reflected XSS

An Unauthenticated Reflected XSS vulnerability was discovered in the Careerfy Job Board theme v4.3.0 for WordPress. https://example.com/jobs-listing/?%22%3E%3C%2Fa%3E%3C%2Fli%3E%3C%2Ful%3E%3Cscript%3Ealert%28%2FXSS%2F%29%3B%3C%2Fscript%3E=%3E...

1.9AI score
Exploits0References2
wpexploit
wpexploit
added 2020/07/21 12:0 a.m.35 views

Elementor < 2.9.14 - Authenticated Stored Cross-Site Scripting

The template name is not properly sanitised when output back, leading to a stored XSS issue. Go to templates tab, click on "add new', and select page or section Then add XSS payload such as " on "name your template" field and hit create template...

3.5CVSS0.4AI score0.00691EPSS
Exploits2References1
wpexploit
wpexploit
added 2020/07/18 12:0 a.m.22 views

JobSearch < 1.5.5 - Unauthenticated Reflected Cross-Site Scripting

An Unauthenticated Reflected XSS vulnerability was discovered in the JobSearch plugin v1.5.4 for WordPress. https://eyecix.com/plugins/jobsearch/?jobtype=%3Cimg%20src%3Dx%20onerror%3Dalert%28%60XSS%60%29%3E...

0.8AI score
Exploits0References2
wpexploit
wpexploit
added 2020/07/18 12:0 a.m.19 views

Careerfy < 4.3.0 - Unauthenticated Reflected Cross-Site Scripting

An Unauthenticated Reflected XSS vulnerability was discovered in the Careerfy Job Board theme v4.2.0 for WordPress. https://careerfy.net/careerbooster/jobs-listing/?jobtype=%3Cimg%20src=x%20onerror=alertXSS;%3E...

1.5AI score
Exploits0References2
wpexploit
wpexploit
added 2020/07/18 12:0 a.m.17 views

Email Subscribers & Newsletters < 4.5.1 - Cross-site Request Forgery in send_test_email()

An attacker could exploit this issue by convincing a user to click a specially crafted URL, which will send emails from the affected user’s WordPress email account. function run var targetUrl = "http://example.com/webpage"; var email = "[email protected]"; var subject = "PoC"; var content = "add...

4.3CVSS0.3AI score0.00917EPSS
Exploits2References1
wpexploit
wpexploit
added 2020/07/18 12:0 a.m.20 views

Email Subscribers & Newsletters < 4.5.1 - Authenticated SQL injection in es_newsletters_settings_callback()

An authenticated high privilege attacker could exploit this issue an gain access to the DBMS. import requests import time import sys def loginurl, username, password: wplogin = "%s/wp-login.php" % url wpadmin = "%s/wp-admin/" % url s = requests.Session headers = 'Cookie':'wordpresstestcookie=WP...

4CVSS2.2AI score0.01966EPSS
Exploits2References1
wpexploit
wpexploit
added 2020/07/16 12:0 a.m.41 views

All in One SEO Pack < 3.6.2 - Authenticated Stored Cross-Site Scripting

This flaw allowed authenticated users with contributor level access or above the ability to inject malicious scripts that would be executed if a victim accessed the wp-admin panel’s ‘all posts’ page. "Exploit Post", "content" = "\nTest2\n", "status"="pending"; $postdata = jsonencode$data; //Get...

3.5CVSS5.3AI score0.00837EPSS
Exploits2References1
wpexploit
wpexploit
added 2020/07/15 12:0 a.m.18 views

Golo < 1.3.3 - Unauthenticated Reflected XSS

An Unauthenticated Reflected XSS vulnerability was discovered in the Golo theme v1.3.2 for WordPress. https://example.com/?s=%22%3E%3Cimg+src%3Dx+onerror%3DalertXSS%2F%2F%22%3E&posttype=place...

1.5AI score
Exploits0References3
wpexploit
wpexploit
added 2020/07/14 12:0 a.m.178 views

Email Verification for WooCommerce < 1.8.2 - Loose Comparison to Authentication Bypass

The plugin is affected by a loose comparison issue, which could allow any user to log in as administrator. An attacker can manipulate $GET'algwcevverifyemail' and set this payload: eyJpZCI6MSwiY29kZSI6MH0= Example: https://example.com/my-account/?algwcevverifyemail=eyJpZCI6MSwiY29kZSI6MH0= after...

1AI score
Exploits0References1
wpexploit
wpexploit
added 2020/07/13 12:0 a.m.76 views

Workup – Job Board < 2.1.6 - Unauthenticated Reflected XSS

Unauthenticated Reflected XSS vulnerability was discovered in the «Workup – Job Board WordPress Theme», tested version — v2.1.5...

1.8AI score
Exploits0References2
wpexploit
wpexploit
added 2020/07/13 12:0 a.m.18 views

Findus - Directory Listing < 1.1.15 - Authenticated Persistent XSS

Authenticated Persistent XSS vulnerability was discovered in the «Findus - Directory Listing WordPress Theme», tested version — v1.1.14. Injected payload will trigger in the admin dashboard, in the «My listings» page and on listing page itself. POST /submit-listing/ HTTP/1.1 Host: example.com...

0.5AI score
Exploits0References2
wpexploit
wpexploit
added 2020/07/13 12:0 a.m.19 views

Workio – Job Board < 1.0.3 - Unauthenticated Reflected XSS

Unauthenticated Reflected XSS vulnerability was discovered in the «Workio – Job Board WordPress Theme», tested version — v1.0.1. https://www.demoapus-wp1.com/workio/jobs-grid-v1/?filter-title=%22%3E%3Cimg%20src=x%20onerror=alertXSS%3E...

2.1AI score
Exploits0References2
wpexploit
wpexploit
added 2020/07/13 12:0 a.m.13 views

Kormosala – Job Board < 1.0.23 - Unauthenticated Reflected XSS

Unauthenticated Reflected XSS vulnerability was discovered in the «Kormosala – Job Board WordPress Theme», tested version — v1.0.22...

2.6AI score
Exploits0References2
wpexploit
wpexploit
added 2020/07/13 12:0 a.m.14 views

Prolisting - Directory Listing < 1.27 - Unauthenticated Reflected XSS

Unauthenticated Reflected XSS vulnerability was discovered in the «Prolisting - Directory Listing WordPress Theme», tested version — v1.2. https://demoapus.com/prolisting/listings/?searchdistance=%22%3E%3Cimg%20src=x%20onerror=alertXSS%3E...

2.3AI score
Exploits0References2
wpexploit
wpexploit
added 2020/07/13 12:0 a.m.13 views

Jetapo < 1.1 - Unauthenticated Reflected Cross-Site Scripting (XSS)

An Unauthenticated Reflected XSS vulnerability was discovered in the Jetapo theme through 1.0.0 for WordPress. https://jetapo.inwavethemes.com/jobs/?location=%22%20autofocus%20onfocus=alertXSS;%20%22%3E...

1.3AI score
Exploits0References2
wpexploit
wpexploit
added 2020/07/13 12:0 a.m.11 views

Findgo - Directory Listing < 1.3.32 - Unauthenticated Reflected and Authenticated Stored XSS

Multiple Cross-Site Scripting XSS vulnerabilities were discovered in the «Findgo - Directory Listing WordPress Theme», tested version — v1.3.30. PoC Unauthenticated Reflected XSS: https://demoapus.com/findgo/listings/?searchdistance=%22%3E%3Cimg%20src=x%20onerror=alertXSS%3E PoC Authenticated...

Exploits0References2
wpexploit
wpexploit
added 2020/07/13 12:0 a.m.28 views

SendPress Newsletter < 1.20.7.13 - Authenticated Stored Cross-Site Scripting (XSS)

Multiple Stored Cross-Site Scripting within SendPress Newsletter Settings due to improper input sanitation. The vulnerable fields are: - From Name - From Email - Where to send Test Email https://www.dropbox.com/s/slnc6oj1ryssvuz/sendpress-xss.mp4?dl=0 Payloads - v alert1337/// - v 1.20.7.13: "...

0.1AI score
Exploits0References1
wpexploit
wpexploit
added 2020/07/12 12:0 a.m.34 views

WP-Live Chat by 3CX < 8.2.0 - Authenticated Stored Cross-Site Scripting

There is a Stored Cross-Site Scripting XSS in WP-Live Chat by 3CX v. 8.1.9 By 3CX within the Quick Response function. Due to the nature of this vulnerability, a malicious attack with access to a WordPress multisite and permissions to this plugin can craft a malformed JavaScript payload...

1.2AI score
Exploits0References1
wpexploit
wpexploit
added 2020/07/12 12:0 a.m.38 views

Form Maker by 10Web < 1.13.40 - Authenticated Reflected XSS

The 'Form Maker by 10Web' WordPress plugin is vulnerable to XSS in the 'blockedipsfm' page. A logged-in site administrator who follows a crafted link will trigger arbitrary JavaScript code to be run in their browser in the context of their privileged account on the WordPress site...

1.3AI score
Exploits0References1
wpexploit
wpexploit
added 2020/07/12 12:0 a.m.41 views

Newsletter < 6.7.7 - Authenticated Stored Cross-Site Scripting

An Authenticated Stored Cross-Site Scripting XSS was discovered within the Company Info "Motto" field. When creating a new newsletter using an empty template with the header module, the XSS would execute. This was later fixed in version: 6.7.7...

2AI score
Exploits0References1
wpexploit
wpexploit
added 2020/07/10 12:0 a.m.34 views

InJob < 3.4.1 - Authenticated Reflected Cross-Site Scripting (XSS)

An Authenticated subscriber+ Reflected XSS vulnerability was discovered in the InJob theme through 3.4.0 for WordPress. https://example.com/dashboard/?iwjtab=%22%3E%3Cimg%20src=x%20onerror=alertXSS;%3E...

1.7AI score
Exploits0References2
wpexploit
wpexploit
added 2020/07/10 12:0 a.m.36 views

SRS Simple Hits Counter <= 1.0.4 - Unauthenticated Blind SQL Injection

Alex Peña from Tenable discovered a blind SQL injection which could allow unauthenticated remote attackers to retrieve data from the DBMS. Note: The vendor attempted a fix in v1.0.4, which is incomplete. The PoC will be displayed once the issue has been remediated...

5CVSS2.4AI score0.06052EPSS
Exploits3References1
wpexploit
wpexploit
added 2020/07/09 12:0 a.m.30 views

Travel Booking < 2.8.4 - Unauthenticated SQL Injection

Unauthenticated SQL Injection via the locationid parameter sqlmap --url="https://example.com/search-rental-full-map/?locationid=1" -dbs --random-agent --time-sec=8 03:13:37 INFO resuming back-end DBMS 'mysql' sqlmap resumed the following injection points from stored session: --- Parameter:...

1.6AI score
Exploits0References3
wpexploit
wpexploit
added 2020/07/09 12:0 a.m.16 views

Travel Booking < 2.8.4 - Unauthenticated Cross-Site Scripting (XSS)

Unauthenticated Reflected XSS via the childnumber parameter https://example.com/search-on-sidebar/?childnumber=%22%20autofocus%20%27--%3E--!%3E%3CInput/Autofocus//Onfocus=alertXSS//%3E...

2.3AI score
Exploits0References3
wpexploit
wpexploit
added 2020/07/08 12:0 a.m.21 views

Monalisa < 2.1.3 - Unauthenticated Reflected Cross-Site Scripting (XSS)

An Unauthenticated Reflected XSS vulnerability was discovered in the Monalisa theme through 2.1.2 for WordPress. https://example.com/reservation/?state=1%22--%3E%3Cimg%20src=x%20onerror=alertXSS;%3E...

1.4AI score
Exploits0References2
wpexploit
wpexploit
added 2020/07/08 12:0 a.m.13 views

Mailster Gravity Forms < 2.4.9 - Unauthenticated Stored Cross-Site Scripting (XSS)

Mailster 1 is a newsletter plugin for WordPress. It allows to create, send and track the newsletter campaigns. Compass Security identified a stored Cross-Site Scripting XSS vulnerability affecting the administration interface. Successful exploitation requires no authentication and can be performe...

6.1AI score
Exploits0References2
wpexploit
wpexploit
added 2020/07/05 12:0 a.m.47 views

JobSearch < 1.5.3 - Multiple Cross-Site Scripting Issues

An Unauthenticated Reflected & Multiple Authenticated Persistent XSS vulnerabilities was discovered in the JobSearch plugin through 1.5.1 and 1.5.2 for WordPress. Authenticated Persistent XSS on the Candidate and Employer Profile pages. An Authenticated Persistent XSS @ Job Page will trigger on t...

0.1AI score
Exploits0References3
wpexploit
wpexploit
added 2020/07/05 12:0 a.m.42 views

Careerfy < 4.1.0 - Multiple Cross-Site Scripting (XSS) Issues

An Unauthenticated Reflected & Multiple Authenticated Persistent XSS vulnerabilities was discovered in the Careerfy Job Board theme through 3.9.0 and 4.0.0 for WordPress. Authenticated Persistent XSS on the Candidate and Employer Profile pages. An Authenticated Persistent XSS @ Job Page will...

6.7AI score
Exploits0References3
wpexploit
wpexploit
added 2020/07/03 12:0 a.m.20 views

CareerUp < 2.3.1 - Unauthenticated Reflected Cross-Site Scripting

There are unauthenticated reflected Cross-Site Scripting XSS vulnerabilities in CareerUp theme, via the filter parameters. Edit WPScanTeam May 27th, 2020 - Vendor Contacted by Original Submitter. May 29th, 2020 - v2.3.0 Released. Unclear if issue fixed. June 18th, 2020 - Another submitter Vlad...

1.1AI score
Exploits0References1
wpexploit
wpexploit
added 2020/07/03 12:0 a.m.533 views

Testimonials Widget < 4.0.0 - Multiple Authenticated Stored XSS

Multiple cross-site scripting vulnerabilities in Testimonials Widget 3.5.1 and lower allow remote attackers to inject arbitrary Javascript code or HTML via the below parameters: - Author - Job Title - Location - Company - Email - URL Successful exploitation of this vulnerability would allow...

5.6AI score0.00822EPSS
Exploits2
wpexploit
wpexploit
added 2020/07/02 12:0 a.m.64 views

Payment Form For Paypal Pro < 1.1.65 - Unauthenticated SQL Injection

The 'query' parameter allowed for any unauthenticated user to perform SQL queries with result output to a web page in JSON format. https://example.com/?cffaction=getdatafromdatabase&query=SELECT%20%20from%20wpposts...

7.5CVSS2AI score0.9453EPSS
Exploits1References1
wpexploit
wpexploit
added 2020/06/28 12:0 a.m.174 views

ACF to REST API < 3.3.0 - Unauthenticated Arbitrary wp_options Disclosure

The plugin does not properly check for authorisation and allowed options to be retrieved from the wp-json/acf/v3/options/ endpoint. This could allow unauthenticated attacker to retrieve arbitrary values from the wpoptions table, such as a list of active plugins. List all active plugins of the blo...

5CVSS2.2AI score0.12955EPSS
Exploits2References2
wpexploit
wpexploit
added 2020/06/28 12:0 a.m.55 views

Nexos - Real Estate < 1.8 - Unauthenticated Reflected XSS & SQL Injection

Unauthenticated Reflected XSS and SQL Injection vulnerabilities were discovered in the «Nexos - Real Estate WordPress Theme», tested version — v1.7. June 17th, 2020 - Confirmed & Escalated to Envato. June 19th, 2020 - v1.8 released. Fixing the issues. PoC Unauthenticated Reflected XSS:...

5CVSS0.4AI score0.05901EPSS
Exploits7References1
wpexploit
wpexploit
added 2020/06/25 12:0 a.m.37 views

Coming Soon Page, Under Construction & Maintenance Mode by SeedProd < 5.1.2 - Authenticated Stored Cross Site Scripting (XSS)

Authenticated stored cross-site scripting issues in some of the plugin settings, requiring high privileges. Affected fields are in the settings of the plugin and will be triggered when the common soon page is displayed either the preview or normal one: Logo: x' onerror='alert/XSS/ Headlines:...

3.5CVSS0.3AI score0.03757EPSS
Exploits5References3
wpexploit
wpexploit
added 2020/06/22 12:0 a.m.33 views

WP-Pro-Quiz <= 0.37 - CSRF Leading to Arbitrary Quiz Deletion

Abusing this Cross-Site Request Forgery CSRF issue, an unauthenticated attacker could make a logged in admin delete any quiz on vulnerable website. The PoC will be displayed once the issue has been remediated...

1.8AI score
Exploits0References1
wpexploit
wpexploit
added 2020/06/21 12:0 a.m.32 views

All in One Support Button < 1.8.8 - Authenticated Stored Cross-Site Scripting

The lack of CSRF and Capability checks on AJAX calls, such as arcontactussavemenuitem, could allow low-privilege users to perform stored XSS attacks. The payloads will then be triggered in frontend pages. The Vendor attempted a fix with v1.8.1, by adding capability and some sanitisation checks...

6.2AI score
Exploits0References1
wpexploit
wpexploit
added 2020/06/19 12:0 a.m.20 views

Travel Booking < 2.8.2 - Unauthenticated Reflected XSS

Unauthenticated Reflected XSS vulnerability was discovered in the «Travel Booking WordPress Theme», tested version — v2.8.1. Edit WPScanTeam June 17th, 2020 - Confirmed & Escalated to Envato. June 18th, 2020 - v2.8.2 released, fixing the issue...

1.8AI score
Exploits0References2
wpexploit
wpexploit
added 2020/06/19 12:0 a.m.20 views

CityBook < 2.4.4 - Unauthenticated Reflected XSS

Unauthenticated Reflected XSS vulnerability was discovered in the «CityBook - Directory & Listing WordPress Theme», tested version — v2.4.3. Edit WPScanTeam June 17th, 2020 - Confirmed & Escalated to Envato June 18th, 2020 - v2.4.4 released, fixing the issue...

1.7AI score
Exploits0References1
wpexploit
wpexploit
added 2020/06/19 12:0 a.m.25 views

TownHub < 1.3.0 - Unauthenticated Reflected XSS

Unauthenticated Reflected XSS vulnerability was discovered in the «TownHub - Directory & Listing WordPress Theme», tested version — v1.2.9. Edit WPScanTeam June 17th, 2020 - Confirmed & Escalated to Envato June 18th, 2020 - v1.3.0 released, fixing the issue...

2AI score
Exploits0References1
wpexploit
wpexploit
added 2020/06/17 12:0 a.m.35 views

Testimonial Rotator < 3.0.3 - Authenticated Stored Cross-Site Scripting (XSS)

A Stored XSS vulnerability has been found in the 'Author Information' textarea in testimonials from the plugin, which could allow an authenticated medium-privileged user contributor+ to inject arbitrary JavaScript. The XSS will be triggered for anyone visiting public posts or testimonial page...

3.5CVSS5.3AI score0.00708EPSS
Exploits2
wpexploit
wpexploit
added 2020/06/07 12:0 a.m.19 views

SportsPress < 2.7.2 - Authenticated Stored Cross-Site Scripting

Any user with the role of administrator or League Manager is able to store XSS payloads in the custom delimiter setting of events pages. This will then execute on all events pages on the website. Video PoC: https://youtu.be/J8QZ8S6CiS8...

3.5CVSS0.6AI score0.00696EPSS
Exploits1
wpexploit
wpexploit
added 2020/06/05 12:0 a.m.19 views

Elementor Page Builder < 2.9.10 - Authenticated Stored XSS

The Elementor Page Builder plugin is susceptible to stored XSS. An author user can create custom links containing XSS payloads or apply custom attributes to widgets which results in XSS. javascript:alert1, JaVaScript:alert1, javas cript:alert1 @keyframes x...

3.5CVSS0.3AI score0.00761EPSS
Exploits3References1
Total number of security vulnerabilities4359