Lucene search
K
WpexploitRecent

4359 matches found

wpexploit
wpexploit
added 2020/03/27 12:0 a.m.17 views

CM Pop-Up banners < 1.4.11 - Authenticated Stored XSS

When saving a new campaign, a user with editpages capabilities can store scripts in the campaign’s pop-up content. The code can then be executed on every page on the website. A user with the editpages capability can store any script in the pop-up's content. The content is serialized and then save...

7.4AI score
Exploits0References1
wpexploit
wpexploit
added 2020/03/26 12:0 a.m.16 views

Xenon Theme <= 1.3 - Unauthenticated Cross-Site Scripting (XSS)

The premium Xenon WordPress theme was found to be vulnerable to Unauthenticated Cross-Site Scripting XSS in the "q" parameter of the /data/typeahead-generate.php page. The affected version of the plugin was 1.3 and below, however, the vendor fixed the vulnerability but did not bump the version...

4.3CVSS0.9AI score0.00934EPSS
Exploits2References2
wpexploit
wpexploit
added 2020/03/25 12:0 a.m.124 views

Product Lister for Walmart <= 1.0.0 - Unauthenticated RCE via Outdated PHPUnit

The plugin uses an outdated PHPUnit library, which is known to be affected by an unauthenticated RCE issue. February 28th, 2020 - Ticket sent to vendor via https://support.cedcommerce.com/open.php March 6th, 2020 - Update requested to vendor also realised that the ticket was closed w/o reason giv...

7.5CVSS0.4AI score0.99999EPSS
Exploits19References1
wpexploit
wpexploit
added 2020/03/24 12:0 a.m.50 views

Multiple plugins - Unauthenticated Dompdf Local File Inclusion (LFI)

Multiple plugins were found to be vulnerable to the Dompdf unauthenticated Local File Inclusion LFI vulnerability CVE-2014-2383...

4.3CVSS1.9AI score0.39374EPSS
Exploits6References1
wpexploit
wpexploit
added 2020/03/24 12:0 a.m.22 views

Grimag < 1.1.1 - Open Redirection

Description The Grimag WordPress theme was affected by an Open Redirection security vulnerability. /wp-content/themes/Grimag/go.php?https://example.com...

7.4AI score
Exploits0References2
wpexploit
wpexploit
added 2020/03/18 12:0 a.m.22 views

Gutenberg & Elementor Templates Importer For Responsive < 2.2.6 - Unprotected AJAX Endpoints

These flaws allowed any authenticated user, regardless of privilege level, the ability to execute various AJAX actions 23 that could reset site data, inject malicious JavaScript in pages, modify theme customizer data, import .xml and .json files, and activate plugins, among many other actions. Al...

6.5CVSS0.5AI score0.01581EPSS
Exploits2References1
wpexploit
wpexploit
added 2020/03/17 12:0 a.m.46 views

Custom Post Type UI < 1.7.4 - CSRF to Stored XSS

The Custom Post Type UI WordPress plugin was vulnerable to Cross-Site Request Forgery CSRF and Stored Cross-Site Scripting XSS within the "Import Post Types" functionality in the "Tools" tab. This functionality allows users to import "Post Types" from other websites, or from backup, as JSON. This...

6.1AI score
Exploits0References1
wpexploit
wpexploit
added 2020/03/11 12:0 a.m.26 views

Import Export WordPress Users < 1.3.9 - Authenticated Arbitrary User Creation

"The flaw allowed anybody with subscriber-level access or above to import new users via a CSV file, including administrative-level users" providing subscriber-level users and above with the ability to escalate their privileges. POST /wp-admin/admin-ajax.php?importpage=wordpresshfusercsv&step=3...

6.5CVSS0.1AI score0.01727EPSS
Exploits2References2
wpexploit
wpexploit
added 2020/03/05 12:0 a.m.13 views

Brizy - Page Builder < 1.0.114 - Unauthenticated Site Settings Update

Edit WPscanTeam The plugin fails to restrict access to the site settings page, allowing unauthenticated users to change them, such as site title, description as well as put XSS payload in the footer, leading to Unauthenticated Stored XSS issues. As we saw probes in the wild checking for the issue...

Exploits0
wpexploit
wpexploit
added 2020/03/05 12:0 a.m.800 views

WP Advanced Search < 3.3.4 - Unauthenticated Database Access and Remote Code Execution (RCE)

Arbitrary database queries can be executed in an unauthenticated context of the "WP-Advanced-Search Plugin". E.g. a new administrative account could be added to the WordPress instance, a malicious plugin deployed and therefore Remote Code Execution RCE would be possible in the end. PoC: Update th...

2AI score
Exploits0References1
wpexploit
wpexploit
added 2020/02/29 12:0 a.m.60 views

Booked < 2.2.6 - Broken Authentication to Export Users Data in CSV

The plugin allows users to Book Appointment by providing their PII such as Email, Name, Phone Number and Personal Message. The vulnerability allows anyone to Dump all records of users and their appointment details in CSV as an unauthenticated user. The user also gets registered as a WP User after...

7.3AI score
Exploits0References2
wpexploit
wpexploit
added 2020/02/26 12:0 a.m.22 views

Export Users to CSV <= 1.4.2 - CSV Injection

An attacker can register themselves as a subscriber in a WordPress website and provide malicious payloads formula into the user account details field. When an authenticated admin uses the Export Users to CSV plugin to export the details of all the users into a CSV file and open it, the payload ge...

5.8CVSS0.1AI score0.01318EPSS
Exploits1References2
wpexploit
wpexploit
added 2020/02/25 12:0 a.m.43 views

Pricing Table by Supsystic < 1.8.2 - Unauthenticated Stored XSS

No permission check on the ImportJSONTable endpoint allows for malicious javascript to be injected by unauthenticated users...

4.9CVSS1.8AI score0.00778EPSS
Exploits1References1
wpexploit
wpexploit
added 2020/02/25 12:0 a.m.23 views

Pricing Table by Supsystic < 1.8.1 - Cross-Site Request Forgery to XSS and Setting Changes

CSRF can be exploited against any of the functionalities in the Pricing Table by Supsystic WordPress plugin in vulnerable versions. One example:...

0.2AI score
Exploits1References1
wpexploit
wpexploit
added 2020/02/25 12:0 a.m.20 views

Hero Maps Premium < 2.2.3 - Unauthenticated Reflected Cross-Site Scripting (XSS)

The hmapsprem WordPress plugin was affected by an Unauthenticated Reflected Cross-Site Scripting XSS security vulnerability...

4.3CVSS0.9AI score0.05651EPSS
Exploits2References2
wpexploit
wpexploit
added 2020/02/25 12:0 a.m.30 views

Pricing Table by Supsystic < 1.8.2 - Insecure Permissions on AJAX Actions

An issue was discovered in the pricing-table-by-supsystic plugin before 1.8.2 for WordPress. Because there is no permission check on the ImportJSONTable, createFromTpl, and getJSONExportTable endpoints, unauthenticated users can retrieve pricing table information, create new tables, or...

7.5CVSS1.8AI score0.01677EPSS
Exploits2References1
wpexploit
wpexploit
added 2020/02/24 12:0 a.m.20 views

Ultimate Membership Pro < 8.7 - Cross-Site Request Forgery allowing Arbitrary Account Deletion and Creation

While confirming the issues from https://wpvulndb.com/vulnerabilities/10086 have been remediated, two CSRF issues were identified, allowing attackers to make logged in administrator delete arbitrary accounts, as well as create a new administrator account. Other CSRF may be present but haven't bee...

0.5AI score
Exploits0References2
wpexploit
wpexploit
added 2020/02/24 12:0 a.m.24 views

Ultimate Membership Pro < 8.6.2 - Multiple CSRF Issues via AJAX Calls, Insufficient Filename Entropy

Version 8.6.1 attempted fo fix multiple critical issues mainly lack of authorisation checks, allowing low privileges users to call the admin functions of the plugin, leading to PII disclosure and login bypasses. However, the fixes were not sufficient: - An indeedIsAdmin check was added to all AJA...

Exploits0References2
wpexploit
wpexploit
added 2020/02/22 12:0 a.m.40 views

CardGate < 3.1.16 - Unauthorised Payments Hijacking and Order Status Spoofing

Lack of origin authentication CWE-346 at IPN callback processing function allow even unauthorized attacker to remotely replace critical plugin settings merchant id, secret key etc with known to him and therefore bypass payment process eg. spoof order status by manually sending IPN callback reques...

5.5CVSS0.04541EPSS
Exploits6References2
wpexploit
wpexploit
added 2020/02/21 12:0 a.m.19 views

Chained Quiz < 1.1.9.1 - Authenticated Stored XSS

WordPress Plugin Plugin Chained Quiz latest 1.1.9 and before suffers from a Stored XSS vulnerability in the sendername, adminsubject and usersubject POST parameter when an admin completes the setting for plugin as a result, the severity is very low POST /wp-admin/admin.php?page=chainedquizoptions...

0.8AI score
Exploits0References1
wpexploit
wpexploit
added 2020/02/19 12:0 a.m.109 views

Duplicator 1.3.24 & 1.3.26 - Unauthenticated Arbitrary File Download

The issue is being actively exploited, and allows attackers to download arbitrary files, such as the wp-config.php file. According to the vendor, the vulnerability was only in two versions v1.3.24 and v1.3.26, the vulnerability wasn't present in versions 1.3.22 and before...

5CVSS4.1AI score0.97822EPSS
Exploits11References5
wpexploit
wpexploit
added 2020/02/18 12:0 a.m.265 views

ThemeREX Addons - Remote Code Execution

"This flaw allows attackers to remotely execute code on a site with the plugin installed, including the ability to execute code that can inject administrative user accounts." Note WPScanTeam: There are major version inconsistencies in the trxaddons shipped with the affected themes. As a result, a...

7.5CVSS2.9AI score0.08877EPSS
Exploits2References3
wpexploit
wpexploit
added 2020/02/17 12:0 a.m.17 views

wpCentral < 1.5.1 - Improper Access Control to Privilege Escalation

The flaw allowed anybody to escalate their privileges to those of an administrator, as long as subscriber-level registration was enabled on a given WordPress site with the vulnerable plugin installed. 1. Log in as Subscriber. 2. Scrape the page /wp-admin/index.php for the connection key. i.e. vie...

9CVSS0.5AI score0.08173EPSS
Exploits2References1
wpexploit
wpexploit
added 2020/02/17 12:0 a.m.14 views

Fruitful Theme < 3.8.1 - Unauthenticated Reflected Cross-Site Scripting (XSS)

The Fruitful WordPress theme, version 3.8 and possibly below, was affected by an unauthenticated Reflected Cross-Site Scripting XSS vulnerability. The vulnerability was patched in version 3.8.1 of the Theme, although the changelog file only mentions: "Bug fix: Fixed issues on comment form" Add a...

0.1AI score
Exploits0References3
wpexploit
wpexploit
added 2020/02/16 12:0 a.m.12 views

ThemeGrill Demo Importer < 1.6.3 - Auth Bypass & Database Wipe

There is a vulnerability that allows any unauthenticated user to wipe the entire database to its default state after which they are automatically logged in as an administrator. Edit WPScanTeam: v1.6.2 was released with an insufficient fix, allowing attackers to still exploit the issue using a CSR...

1.5AI score
Exploits0References2
wpexploit
wpexploit
added 2020/02/10 12:0 a.m.25 views

Profile Builder and Profile Builder Pro < 3.1.1 - User Registration With Administrator Role

The plugin is affected by a broken authentication vulnerability, allowing unauthenticated users to register or edit their account and gain the Administrator role using the plugin's forms. The vulnerability only exists in the Plugin's own generated Registration Form or Profile Edit Form. This mean...

Exploits0References1
wpexploit
wpexploit
added 2020/02/10 12:0 a.m.34 views

Participants Database < 1.9.5.6 - Authenticated Time Based SQL Injection

Authenticated time-based SQL injection via the ascdesc, listfiltercount, and sortBy parameters. Form the original advisory see references: POST /wp-admin/admin.php?page=participants-database HTTP/1.1 Host: redacted....cause User-Agent: Mozilla/5.0 X11; Linux x8664; rv:68.0 Gecko/20100101...

6CVSS1.6AI score0.01624EPSS
Exploits1References1
wpexploit
wpexploit
added 2020/02/06 12:0 a.m.23 views

Ultimate Membership Pro < 8.6.1 - Multiple Critical Vulnerabilities

Multiple Critical Vulnerabilities found in Ultimate Membership Pro could leads to Authenticated using a low privilege account, such as subscriber Remote Code Execution on default Installation, as well as PII disclosure such as emails, IP addresses, hashed passwords, usernames, User-Agent and so o...

8.1AI score
Exploits0References2
wpexploit
wpexploit
added 2020/02/05 12:0 a.m.8 views

WP Fastest Cache < 0.9.0.3 - Cross-Site Request Forgery (CSRF) Arbitrary File Deletion

The plugin did not have a CSRF nonce check on the "wpfcdeletecurrentpagecache" action, allowing CSRF attacks against authenticated users to delete arbitrary files, including the wp-config.php file. document.form.submit;...

1.4AI score
Exploits0References2
wpexploit
wpexploit
added 2020/02/05 12:0 a.m.16 views

Merge + Minify + Refresh < 1.10.7 - Authenticated Arbitrary File Delete

The plugin relied on the isadmin check, without checking the user's capabilities, when deleting arbitrary files. The functionality was also vulnerable to Cross-site Request Forgery CSRF allowing attackers to delete arbitrary files by tricking authenticated users into visiting a page they...

1.5AI score
Exploits0References2
wpexploit
wpexploit
added 2020/02/04 12:0 a.m.36 views

Tutor LMS < 1.5.3 - Cross-Site Request Forgery (CSRF)

Tutor LMS WordPress plugin is vulnerable to Cross-Site Request Forgery CSRF attacks. As the requests for the approval and blocking of instructors are sent using the GET method, the CSRF attack to approve an attacker-controlled instructor account can be performed by having the admin visit...

2.6CVSS0.9AI score0.0883EPSS
Exploits6References2
wpexploit
wpexploit
added 2020/02/01 12:0 a.m.30 views

Htaccess by BestWebSoft < 1.8.2 - CSRF to edit .htaccess

The Htaccess by BestWebSoft WordPress plugin was affected by a CSRF to edit .htaccess security vulnerability...

6.8CVSS0.6AI score0.09918EPSS
Exploits2References1
wpexploit
wpexploit
added 2020/01/31 12:0 a.m.16 views

Auth0 < 3.11.3 - Unauthenticated Reflected XSS via wle Parameter

XSS via a wle parameter associated with wp-login.php. WP/wp-login.php?wle=%22%20onEvent%3DX186697040Y2Z%20...

4.3CVSS3.8AI score0.02462EPSS
Exploits1References1
wpexploit
wpexploit
added 2020/01/30 12:0 a.m.16 views

Registration Magic < 4.6.0.3 - Authenticated SQL Injection via Form_id

The RegistrationMagic – Custom Registration Forms and User Login WordPress plugin was affected by an Authenticated SQL Injection via Formid security vulnerability. https://example.com/wp-admin/admin.php?page=rmanalyticsshowform&rmformid=selectfromselectsleep20a&rmtr=30...

4.3CVSS2.4AI score0.01353EPSS
Exploits2References1
wpexploit
wpexploit
added 2020/01/29 12:0 a.m.27 views

Elementor Page Builder < 2.8.5 - Authenticated Reflected XSS

The Elementor Website Builder WordPress plugin was affected by an Authenticated Reflected XSS security vulnerability. /wp-admin/admin.php?page=elementor-system-info&lndan%22%3e%3cscript%0csrc%3d//0x7f000001%3e%3c/script%3e=1...

3.5CVSS2.1AI score0.01288EPSS
Exploits2References1
wpexploit
wpexploit
added 2020/01/29 12:0 a.m.13 views

Portfolio Filter Gallery < 1.1.3 - CSRF & Reflected XSS

Lack of CSRF checks on the Filters page could allow attackers to add/edit/update/delete categories and delete all categories, as well as perform reflected XSS attacks. v1.0.8 fixed the reflected XSS, however no CSRF check on delete and deleteallcategory actions v1.1.0 released, no additional fix...

0.3AI score
Exploits0References2
wpexploit
wpexploit
added 2020/01/29 12:0 a.m.26 views

Code Snippets < 2.14.0 - CSRF to RCE

This "flaw allowed anybody to forge a request on behalf of an administrator and inject executable code on a vulnerable site." function submitRequest var xhr = new XMLHttpRequest; xhr.open"POST", "http://waftesting.vhx.cloud:8080/wp-admin/admin.php?page=import-snippets", true;...

6.8CVSS0.6AI score0.11905EPSS
Exploits2References1
wpexploit
wpexploit
added 2020/01/27 12:0 a.m.42 views

CarSpot < 2.2.3 - Multiple Vulnerabilities

Multiple vulnerabilities was discovered in the 'CarSpot – Dealership Wordpress Classified Theme', tested version — v2.2.0: - Authenticated Persistent XSS - Registration Form/User Profile - Authenticated Persistent XSS - Ad Post - IDOR leading to arbitrary deletion of ads Edit WPScanTeam: January...

Exploits0References1
wpexploit
wpexploit
added 2020/01/24 12:0 a.m.18 views

WP DS FAQ Plus < 1.4.2 - Stored Cross-Site Scripting (XSS)

Weak security checks in the Question form. https://www.youtube.com/watch?v=UPYitCT9xtk...

0.7AI score
Exploits0References1
wpexploit
wpexploit
added 2020/01/24 12:0 a.m.37 views

wpCentral < 1.4.8 - Privilege Escalation

There’s a vulnerability that allows anyone who is logged in with any user role to escalate their privilege, or alter/upload any file, or adjust any plugin and interact with the site in many other ways. In wpcentral.php, AJAX actions are registered. However, it's only checking whether or not the...

0.6AI score
Exploits0References1
wpexploit
wpexploit
added 2020/01/22 12:0 a.m.26 views

Contact Form Clean and Simple < 4.7.1 - Authenticated Stored XSS

The Contact Form Clean and Simple WordPress plugin was vulnerable to Authenticated stored XSS. When a user has admin capabilities, malicious code can be submitted through the plugin's options. This code will then be executed on every page with the contact form on the front-end. By checking the...

0.5AI score
Exploits0References2
wpexploit
wpexploit
added 2020/01/21 12:0 a.m.17 views

AccessAlly < 3.3.2 - Unauthenticated Arbitrary PHP Code Execution

Prior to version 3.3.2, this plugin allowed arbitrary PHP code execution through the loginerror function. This exploit is out in the wild now and actively being exploited. curl -Ls http://www.example.com/login/?loginerror=%3C?%20$a%20=%20getcwd;%20echo%20$a;%20?%3E...

3.4AI score
Exploits0References1
wpexploit
wpexploit
added 2020/01/19 12:0 a.m.17 views

Contextual Adminbar Color < 0.3 - Authenticated Stored Cross-Site Scripting Issue

The variable $message is not escaped : $message = sanitizetextfield $currentsettings'message' ; Then, it's printed in a value attribute : value="" Edit WPScanTeam: Put the payload below in the custom message field in the plugin's settings page Tools Adminbar Settings: " onfocus=alert2...

0.9AI score
Exploits0References1
wpexploit
wpexploit
added 2020/01/19 12:0 a.m.25 views

Batch-Move Posts <= 1.5 - Broken Authentication leading to Unauthenticated Stored XSS

An attacker can add a Cross-Site Scripting XSS payload remotely without any authentication. The Payload gets triggered when an Admin visits the settings page of the plugin. Edit WPScanTeam: The plugin is still affected and has been closed. Vulnerable code is from lines 68 to 84. The code gets the...

6.3AI score
Exploits0
wpexploit
wpexploit
added 2020/01/17 12:0 a.m.68 views

Marketo Forms and Tracking <= 1.0.2 - CSRF to XSS

Lack of CSRF checks and sanitisation on the plugin's settings page could allow XSS attacks via CSRF. document.getElementById'csrf'.submit;...

6.8CVSS1AI score0.0132EPSS
Exploits2References1
wpexploit
wpexploit
added 2020/01/16 12:0 a.m.23 views

WP Database Reset < 3.15 - Privilege Escalation

This flaw "allowed any authenticated user, even those with minimal permissions, the ability to grant their account administrative privileges while dropping all other users from the table with a simple request." Login as a subscriber then send the following request:...

6.5CVSS1.9AI score0.02463EPSS
Exploits2References1
wpexploit
wpexploit
added 2020/01/16 12:0 a.m.27 views

Chained Quiz < 1.1.8.2 - Unauthenticated Reflected XSS

WordPress Plugin Plugin Chained Quiz before 1.1.8.2 suffers from a Reflected XSS vulnerability in the 'totalquestions' POST parameter when a user completes a quiz. The code in question accepts the 'totalquestions' parameter without escaping the special characters: models/quiz.php $output =...

4.3CVSS0.2AI score0.01607EPSS
Exploits2References2
wpexploit
wpexploit
added 2020/01/16 12:0 a.m.16 views

Resim Ara <= 3.0 - Unauthenticated Reflected XSS

The WordPress plugin team was notified on January 17th, 2020. Note: There were inconsistencies between the versions from the readme.txt 3.0, the plugin file 1.0 as well as tags 1.0 to 3.0...

3.5AI score
Exploits0References1
wpexploit
wpexploit
added 2020/01/16 12:0 a.m.26 views

Reality < 2.5.3 - Unauthenticated Reflected XSS

Reflected XSS was discovered in the «Reality | Estate Multipurpose WordPress Theme», tested version — v2.5.1 Edit WPScanTeam: January 16th, 2020 - Report Received & Envato Contacted January 17th, 2020 - Envato Investigating February 6th, 2020 - Envato Contacted Again for Updates February 7th, 202...

0.4AI score
Exploits0References1
wpexploit
wpexploit
added 2020/01/16 12:0 a.m.26 views

WP Database Reset < 3.15 - Unauthenticated Database Reset

This flaw "allowed any unauthenticated user to reset any table from the database to the initial WordPress set-up state." URL/wp-admin/admin-post.php?db-reset-tables%5B%5D=comments&db-reset-code=11111&db-reset-code-confirm=11111 Where you can set db-reset-tables%5B%5D to any database table you wan...

6.4CVSS1.6AI score0.22928EPSS
Exploits2References1
Total number of security vulnerabilities4359