Lucene search
K
WpexploitRecent

4359 matches found

wpexploit
wpexploit
added 2020/01/15 12:0 a.m.38 views

LearnDash < 3.1.2 - Reflected Cross Site Scripting (XSS) issue on the [ld_profile] search field.

Reflected Cross Site Scripting XSS issue on the ldprofile search field. First reported to Learndash on January 14, 2020, and update 3.1.2 to fix it was released same day. This report is based on an email LearnDash sent out to their users on January 14, 2020. From the Original Researcher Jinson...

4.3CVSS0.03458EPSS
Exploits6References3
wpexploit
wpexploit
added 2020/01/15 12:0 a.m.20 views

ListingPro < 2.5.4 - Unauthenticated Reflected Cross-Site Scripting

Reflected XSS was discovered in the «ListingPro - WordPress Directory Theme», tested version — v2.5.3 Edit - WPScanTeam: January 13th, 2020 - Report Received & Envato Contacted January 13th, 2020 - Envato Investigating January 15th, 2020 - Theme updated, v2.5.4, fixing the issue ----- Info: -----...

0.6AI score
Exploits0References1
wpexploit
wpexploit
added 2020/01/14 12:0 a.m.111 views

Real Estate 7 < 2.9.5 - Multiple Vulnerabilities

Multiple vulnerabilities was discovered in the 'Real Estate 7 WordPress', tested version — v2.9.4: - Unauthenticated Reflected XSS - Authenticated Persistent XSS - Authenticated Persistent Self-XSS - IDOR - Information Exposure Edit WPScanTeam: January 12th - Report Received & Envato Contacted...

6.6AI score
Exploits0References2
wpexploit
wpexploit
added 2020/01/14 12:0 a.m.22 views

Backup and Staging by WP Time Capsule < 1.21.16 - Authentication Bypass

It is possible to login as an administrator on the site due to logical mistakes in the code. The issue resides in wptc-cron-functions.php line 12 where it parses the request. This parserequest function calls the function decodeserverrequestwptc which check if the raw POST payload contains a certa...

7.5CVSS0.9AI score0.46454EPSS
Exploits2References2
wpexploit
wpexploit
added 2020/01/14 12:0 a.m.49 views

InfiniteWP Client < 1.9.4.5 - Authentication Bypass

As per agreement between the researcher and developer, details will be released on January 14th. It is possible to login as any administrator on the site due to logical mistakes in the code. The issue resides in the function iwpmmbsetrequest which is located in the init.php file. This checks if t...

7.5CVSS0.4AI score0.8787EPSS
Exploits2References3
wpexploit
wpexploit
added 2020/01/13 12:0 a.m.34 views

Travel Booking < 2.7.8.6 - Reflected & Persistent XSS Issues

Reflected & Persistent XSS vulnerability was discovered in the 'Travel Booking WordPress Theme', tested version — v2.7.8.5 Edit WPScanTeam: January 11th, 2020 - Report received & Envato contacted January 12th, 2020 - Report updated with Reflected XSS, Envato notified again. January 12th, 2020 -...

0.1AI score
Exploits0References2
wpexploit
wpexploit
added 2020/01/13 12:0 a.m.17 views

Computer Repair Shop < 2.0 - Authenticated Stored XSS

Computer Repair Shop is vulnerable to stored XSS. When a user has admin capabilities, malicious code can be submitted through the plugin's options. Fixed in version 2.0. The plugin's options provided a basic HTML validation, which could be bypassed by copying + pasting malicious code into the...

0.6AI score
Exploits0References1
wpexploit
wpexploit
added 2020/01/11 12:0 a.m.33 views

Houzez < 1.8.4 - Unauthenticated Cross-Site Scripting (XSS)

Two Reflected XSS vulnerability were discovered in the «Houzez - Real Estate WordPress Theme», tested version — v1.8.3.1 Edit WPScanTeam: January 11th, 2020 - Report received & Envato Contacted January 12th, 2020 - Envato Investigating January 27th, 2020 - v1.8.4 released, fixing the issue. -Demo...

0.2AI score
Exploits0References2
wpexploit
wpexploit
added 2020/01/11 12:0 a.m.29 views

Video on Admin Dashboard < 1.1.4 - Authenticated Stored XSS

Video on Admin Dashboard is vulnerable to stored XSS. When a user has admin capabilities, malicious code can be submitted through the plugin's options. A user can insert a simple script in the Widget Title text field, e.g. "alert'XSS';. Every specified user role by the plugin will now be targeted...

0.6AI score
Exploits0References1
wpexploit
wpexploit
added 2020/01/10 12:0 a.m.40 views

EasyBook < 1.2.2 - Multiple Vulnerabilities

Multiple vulnerabilities was discovered in the 'EasyBook – Directory & Listing WordPress Theme', tested version — v1.2.1: - Unauthenticated Reflected XSS - Authenticated Persistent XSS - IDOR December 27th, 2019 - Envato Contacted January 6th, 2020 - Envato Investigating January ??th, 2020 -...

6.4CVSS6.5AI score0.03243EPSS
Exploits7References1
wpexploit
wpexploit
added 2020/01/09 12:0 a.m.67 views

TownHub < 1.0.6 - Multiple Vulnerabilities

Multiple vulnerabilities was discovered in the 'TownHub - Directory & Listing WordPress Theme', tested version — v1.0.2: - Unauthenticated XSS - Authenticated Persistent XSS - IDOR Edit WPScanTeam: December 27h, 2019 - Envato Contacted January 5th, 2020 - Envato Investigating January 6th, 2020 -...

6.4CVSS6.5AI score0.03243EPSS
Exploits7References1
wpexploit
wpexploit
added 2020/01/09 12:0 a.m.45 views

CityBook < 2.3.4 - Multiple Vulnerabilities

Multiple vulnerabilities was discovered in the 'CityBook - Directory & Listing WordPress Theme', tested version — v2.3.3: - Unauthenticated Reflected XSS - Authenticated Persistent XSS - IDOR Edit WPScanTeam: December 27h, 2019 - Envato Contacted January 6th, 2020 - Envato Investigating January...

6.4CVSS6.5AI score0.03243EPSS
Exploits7References1
wpexploit
wpexploit
added 2020/01/08 12:0 a.m.43 views

Minimal Coming Soon & Maintenance Mode < 2.15 - CSRF to Stored XSS and Setting Changes

This plugin had no nonce checks on any of the settings to verify that a request came from a legitimate source, such as a logged in administrative user. Therefore, creating a CSRF to stored XSS in addition to significant setting changes. alert1" /...

6.8CVSS0.4AI score0.00924EPSS
Exploits2References1
wpexploit
wpexploit
added 2020/01/08 12:0 a.m.31 views

Minimal Coming Soon & Maintenance Mode < 2.15 - Insecure Permissions: Enable and Disable Maintenance Mode

There was a flaw that allowed any authenticated user with subscriber permissions or above the ability to enable and disable maintenance mode on a vulnerable site by sending a simple request. Login as a user with subscriber or above permissions and send the following request to enable maintenance...

6.5CVSS0.5AI score0.01953EPSS
Exploits2References1
wpexploit
wpexploit
added 2020/01/08 12:0 a.m.26 views

Minimal Coming Soon & Maintenance Mode < 2.17 - Insecure permissions: Export Settings/Theme Change

There was a flaw that would allow any user logged in as a subscriber or above to export the plugin settings as a .txt file or modify the theme of the maintenance page on a vulnerable site. Login with subscriber or above permissions and send the following request to export the plugin settings:...

5.5CVSS5.4AI score0.0107EPSS
Exploits2References1
wpexploit
wpexploit
added 2020/01/06 12:0 a.m.22 views

Ultimate FAQ < 1.8.30 - Unauthenticated Reflected XSS

The HTML code generated by the FAQ shortcode does not sanitise the DisplayFAQ GET parameter, leading to an unauthenticated reflected Cross-Site Scripting issue on pages where such shortcode is used. Append the following payload on a page where a FAQ is embedded: ?DisplayFAQ=...

4.3CVSS0.3AI score0.02195EPSS
Exploits1References1
wpexploit
wpexploit
added 2020/01/06 12:0 a.m.23 views

WP Simple Spreadsheet Fetcher For Google < 0.3.7 - Arbitrary API Key update via CSRF

The lack of Cross-Site Request Forgery CSRF checks on the plugin's settings page could allow CSRF attacks to set an arbitrary API key...

1.2AI score
Exploits0References1
wpexploit
wpexploit
added 2020/01/04 12:0 a.m.428 views

WordPress <= 5.3 - wp_kses_bad_protocol() Colon Bypass

Description A JavaScript payload such as "javascript:alert1" in a URL could cause a Cross-Site Scripting XSS vulnerability. According to the commit message see references: "wpksesbadprotocol makes sure to validate that uri attributes don’t contain invalid/or not allowed protocols. While this work...

9.8CVSS8.6AI score0.04654EPSS
Exploits1References2
wpexploit
wpexploit
added 2020/01/03 12:0 a.m.9 views

WooCommerce Conversion Tracking < 2.0.5 - CSRF to XSS

The settings page of the plugin is lacking CSRF checks as well as input sanitisation, leading to stored XSS. ' /...

1.2AI score
Exploits0References1
wpexploit
wpexploit
added 2019/12/31 12:0 a.m.17 views

Donorbox 7.1~7.1.1 - Stored Cross-Site Scripting via Shortcode

In Donorbox WordPress plugin, one can perform an XSS attack via the included shortcode by inserting arbitrary HTML attributes. This vulnerability was introduced in v7.1 and fixed in v7.1.2. donate url='/?" autofocus onfocus="alertwindow" abitraryAttributeToValidateShortcodeParsing="'...

1AI score
Exploits0References1
wpexploit
wpexploit
added 2019/12/26 12:0 a.m.8 views

WP Accessibility < 1.7.0 - Minor Authenticated Stored XSS in custom CSS

A minor authenticated stored XSS vulnerability was found in the "Styles for Skiplinks when they have focus" section of the WP Accessibility plugin. 1 Navigate to the Settings page of the plugin https://example.com/wp-admin/options-general.php?page=wp-accessibility/wp-accessibility.php 2 Select th...

0.4AI score
Exploits0References1
wpexploit
wpexploit
added 2019/12/26 12:0 a.m.13 views

bbPress Members Only <= 1.2.1 - CSRF on Optional Settings page

The plugin does not prevent Cross-Site Request Forgery attacks on its 'Optional Settings' page...

0.9AI score
Exploits0References1
wpexploit
wpexploit
added 2019/12/25 12:0 a.m.25 views

bbPress Login Register Links On Forum Topic Pages <= 2.7.5 - CSRF to Stored XSS

Lack of CSRF checks in the plugin's settings allow arbitrary change of the settings, which can also lead to stored XSS issues. The payload below will result in a stored XSS in the 'Style Customize' page. " /...

0.1AI score
Exploits0References1
wpexploit
wpexploit
added 2019/12/24 12:0 a.m.12 views

Featured Image from URL <= 2.7.7 - Missing Access Controls on REST routes

The REST routes are missing permission callbacks, allowing unauthenticated/unauthorised users to call them. Affected endpoints: - wp-json/featured-image-from-url/v2/enablefakeapi - wp-json/featured-image-from-url/v2/disablefakeapi - wp-json/featured-image-from-url/v2/nonefakeapi -...

0.9AI score
Exploits0References1
wpexploit
wpexploit
added 2019/12/22 12:0 a.m.21 views

Rencontre <= 3.2.2 - Multiple CSRF

The plugins is affected by multiple CSRF issues, allowing arbitrary changes of the plugin's settings. November 3rd, 2019 - WordPress Plugin Team Notified November 5th, 2019 - WP Plugins Team acknowledgments of the issue. December 2nd, 2019 - v3.2.2 released, none of the CSRF have been fixed as th...

0.7AI score
Exploits0References1
wpexploit
wpexploit
added 2019/12/19 12:0 a.m.20 views

301 Redirects - Easy Redirect Manager <= 2.40 - Authenticated Arbitrary Redirect Injection and Modification, XSS, and CSRF

The weaknesses allow for any authenticated user, even subscribers, to modify, delete, and inject redirect rules that could potentially result in a loss of site availability, in addition to XSS and CSRF. " /...

6CVSS1.6AI score0.00859EPSS
Exploits2References1
wpexploit
wpexploit
added 2019/12/13 12:0 a.m.111 views

WordPress <= 5.3 - Authenticated Stored XSS via Crafted Links

Description The function wptargetedlinkrel can be used in a particular way to result in a Stored Cross-Site Scripting XSS vulnerability. This is a PoC for a Stored XSS...

6.1CVSS7AI score0.02762EPSS
Exploits1References4
wpexploit
wpexploit
added 2019/12/02 12:0 a.m.10 views

Superlist <= 2.9.2 - Stored Cross-Site Scripting (XSS)

Persistent XSS was discovered in the 'Superlist - Directory WordPress Theme', the version tested was v2.9.2. Edit WPScanTeam: December 2nd, 2019 - Envato Contacted December 2nd, 2019 - Envato Investigating December 12th, 2019 - No updates, disclosing The PoC will be displayed once the issue has...

0.7AI score
Exploits0References1
wpexploit
wpexploit
added 2019/11/29 12:0 a.m.32 views

ListingPro < 2.0.14.5 - Reflected & Persistent Cross-Site Scripting

Reflected & Persistent XSS was discovered in the 'ListingPro - WordPress Directory Theme'. Current version is 2.0.14.2 August 9th 2019. Edit WPScanTeam: November 29th, 2019 - Envato Informed November 29th, 2019 - Envato Investigating December 4th, 2019 - v2.0.14.3 Released, fixing the reflected X...

4.3CVSS0.00934EPSS
Exploits4References1
wpexploit
wpexploit
added 2019/11/19 12:0 a.m.48 views

WP Maintenance <= 5.0.5 - Cross-Site Request Forgery to Stored Cross-Site Scripting

No nonce protection on form submissions leading to CSRF and no input/output sanitization allowing for XSS when CSRF is exploited. input type="hidden" name="wpmaintenancesocialop...

6.8CVSS0.1AI score0.0063EPSS
Exploits2References2
wpexploit
wpexploit
added 2019/11/17 12:0 a.m.14 views

Sassy Social Share <= 3.3.3 - Cross-Site Scripting (XSS)

AJAX endpoints which returns JSON data has no Content-Type header set, and uses default text/html. Any JSON that has HTML will be rendered as such. PoC URL uses unauthenticated action "heateorssssharingcount": http://WORDPRESSDOMAINHERE/wp-admin/admin-ajax.php?action=heateorssssharingcount&urls=...

Exploits0
wpexploit
wpexploit
added 2019/11/13 12:0 a.m.26 views

Quiz And Survey Master < 6.3.5 - Authenticated Reflected XSS

The Quiz And Survey Master – Best Quiz, Exam and Survey Plugin for WordPress WordPress plugin was affected by an Authenticated Reflected XSS security vulnerability. https://domain.tld/wp-admin/admin.php?page=mlwquizoptions&quizid=...

4.3CVSS1.9AI score0.01663EPSS
Exploits2References1
wpexploit
wpexploit
added 2019/11/08 12:0 a.m.8 views

Safe SVG < 1.9.6 - XSS Protection Bypass

By using entities in payload XSS will success to bypass the protection of the Safe SVG Plugin Video POC for Video PoC for v1.9.5 : https://www.youtube.com/watch?v=hnQA2hc-4k...

0.9AI score
Exploits0References2
wpexploit
wpexploit
added 2019/11/05 12:0 a.m.32 views

Tidio Live Chat <= 4.1.0 - CSRF to Stored XSS

A CSRF vulnerability in the Tidio Live Chat WordPress Plugin var xhr = new XMLHttpRequest; xhr.open"POST", "https://wordpress.local/wp-admin/admin-ajax.php?action=tidiochatsavekeys", true; xhr.setRequestHeader"Accept", "text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8";...

1.5AI score
Exploits0References2
wpexploit
wpexploit
added 2019/10/31 12:0 a.m.17 views

WP Google Review Slider <= 6.1 - Authenticated SQL Injection

tid parameter vulnerable to SQLi. Note WPScanTeam: v6.1 has been pathed directly in the tags https://plugins.trac.wordpress.org/browser/wp-google-places-review-slider/tags/6.1/admin/partials/templatesposts.phpL58. However the the issue can be verified with v6.0 sqlmap identified the following...

0.2AI score
Exploits0
wpexploit
wpexploit
added 2019/10/25 12:0 a.m.20 views

About Author <= 1.3.9 - Authenticated Stored Cross-Site Scripting (XSS)

Wordpress About Author plugin with a version lower or equal with 1.3.9 is affected by an authenticated Stored Cross-site scripting XSS vulnerability. Stored Cross-site scripting XSS: - Using an Wordpress user, access /wp-admin/post-new.php?posttype=aboutauthor About Author Add new - Insert in...

0.1AI score
Exploits0References1
wpexploit
wpexploit
added 2019/10/24 12:0 a.m.16 views

JobMonster < 4.5.2.9 - Unauthenticated Reflected Cross-Site Scripting

In the theme JobMonster there is a XSS vulnerability as the input for the search form is provided through unsanitized GET requests. Note WPScanTeam: It's unclear which exact version fixed the issue, but the lowest we were able to test and confirm remediation was 4.5.2.9...

3.4AI score
Exploits0References1
wpexploit
wpexploit
added 2019/10/23 12:0 a.m.13 views

Groundhogg <= 1.3.11.3 - Authenticated SQL Injection

Wordpress Groundhogg plugin with a version lower than 1.3.11.3 is affected by an Authenticated SQL Injection vulnerability. Exploit Title: Wordpress Groundhogg /wp-admin/admin.php?page=ghbulkjobs&action=ghexportcontacts&optinstatus%5B0%5D=selectfromselectsleep20a&optinstatus%5B1%5D=0 - The respon...

0.8AI score
Exploits0References1
wpexploit
wpexploit
added 2019/10/23 12:0 a.m.12 views

Groundhogg <= 2.0.8.1 - Authenticated Reflected XSS

Wordpress Groundhogg plugin with a version lower than 2.0.8.1 is affected by an authenticated Reflected Cross-site scripting XSS vulnerability. Exploit Title: Wordpress Groundhogg /wp-admin/admin.php?page=ghbulkjobs&action=ghexportcontactsalert1 - The response will contain: bulkaction:...

0.2AI score
Exploits0References1
wpexploit
wpexploit
added 2019/10/17 12:0 a.m.16 views

Sliced Invoices <= 3.8.2 - Multiple Vulnerabilities

- Unauthenticated information disclosure, allowing attackers to access arbitrary invoices and quotes containing PII - Authenticated SQL injection and information disclosure - Additional issues, such as lack of CSRF and Authorisation checks on AJAX methods used to search invoices. -...

5CVSS0.2AI score0.01744EPSS
Exploits2References2
wpexploit
wpexploit
added 2019/10/15 12:0 a.m.482 views

WordPress <= 5.2.3 - Unauthenticated View Private/Draft Posts

Description This vulnerability could allow an unauthenticated user to view private or draft posts due to an issue within WPQuery. http://wordpress.local/?static=1&order=asc...

5.3CVSS7.3AI score0.36503EPSS
Exploits2References4
wpexploit
wpexploit
added 2019/10/14 12:0 a.m.133 views

Popup-Maker < 1.8.12 - Multiple Vulnerabilities

An attacker can partially control the arguments of the doaction, during the initialization of the PUMSite . Because of this, an attacker can call any method which contains an action starting from popmake or pum . This will lead to successful execution of functions which do not require arguments...

6.4CVSS1.6AI score0.09232EPSS
Exploits2References1
wpexploit
wpexploit
added 2019/10/08 12:0 a.m.30 views

All In One WP Security & Firewall <= 4.4.1 - Open Redirect & Hidden Login Page Exposure

The All In One WP Security & Firewall plugin suffers from open redirect and exposure of the actual URL of the "hidden login page" feature. Edit WPScanTeam October 3rd, 2019 - Email sent to dev via https://wpsolutions-hq.com/contact/ October 8th - Dev ACK & investigating it October 8th - v4.4.2...

7.3AI score
Exploits0
wpexploit
wpexploit
added 2019/09/28 12:0 a.m.28 views

Visualizer < 3.3.1 - Stored Cross-Site Scripting (XSS)

By abusing a lack of access controls on the /wp-json/visualizer/v1/update-chart WP-JSON API endpoint, an attacker can arbitrarily modify meta data of an existing chart, and inject a XSS payload to be stored and later executed when an admin goes to edit the chart. curl -i -s -k -X $'POST' \ -H...

4.3CVSS1.8AI score0.03342EPSS
Exploits2References1
wpexploit
wpexploit
added 2019/09/28 12:0 a.m.16 views

Visualizer < 3.3.1 - Blind Server-Side Request Forgery (SSRF)

This plugin suffers from a blind SSRF vulnerability in the /wp-json/visualizer/v1/upload-data endpoint. curl -i -s -X $'POST' \ -H $'Host: 192.168.158.128:8000' \ --data-binary $'"url":"http://db:3306"' \ $'http://192.168.158.128:8000/wp-json/visualizer/v1/upload-data' See the references for...

5.8CVSS1.9AI score0.39137EPSS
Exploits2References1
wpexploit
wpexploit
added 2019/09/27 12:0 a.m.26 views

Zoner < 4.2 - Persistent XSS & IDOR

----- Persistent XSS: ----- 'Address' input field on the 'Local information' block is vulnerable so you can use your payload to steal admin cookies or do some redirects etc. ----- IDOR: ----- POST request https://zoner.fruitfulcode.com/wp-admin/admin-ajax.php?action=deletepropertyactid=XXX=YYY...

7.3AI score
Exploits0References2
wpexploit
wpexploit
added 2019/09/18 12:0 a.m.11 views

Social Metrics Tracker <= 1.6.8 - Unauthorised Data Export

The lack of proper authorisation when exporting data from the plugin could allow unauthenticated users to get information about the posts and page of the blog, including their author's username and email. The plugin is still affected and has been closed. curl...

1.9AI score
Exploits0
wpexploit
wpexploit
added 2019/09/16 12:0 a.m.39 views

InJob < 3.3.8 - Reflected & Persistent XSS

Multiple XSS vulnerabilities have been founded in the 'InJob | Multi-purpose for recruitment WordPress Theme' theme v3.3.6. Edit WPScanTeam: September 16th, 2019 - Envato Contacted September 16th, 2019 - v3.3.7 released. XSS still present October 11th, 2019 - Envato contacted again for updates...

Exploits0References1
wpexploit
wpexploit
added 2019/09/16 12:0 a.m.22 views

Poll, Survey, Form & Quiz Maker by OpinionStage < 19.6.25 - Unauthenticated Cross-Site Scripting (XSS)

This vulnerability has been seen actively exploited in the wild. http://www.example.com/wp-admin/admin-post.php?page=opinionstage-content-login-callback-page&email="alert1...

1AI score
Exploits0References2
wpexploit
wpexploit
added 2019/09/10 12:0 a.m.16 views

Checklist <= 1.1.5 - Unauthenticated Reflected XSS

The fill parameter of the images/checklist-icon.php file is affected by a reflected XSS issue wp-content/plugins/checklist/images/checklist-icon.php?&fill="alert"XSS"...

4.3CVSS1.7AI score0.05549EPSS
Exploits2References1
Total number of security vulnerabilities4359