Lucene search
K
WpexploitRecent

4359 matches found

wpexploit
wpexploit
added 2019/09/08 12:0 a.m.30 views

Reality < 2.4.0 - Multiple Persistent XSS

----- Persistent XSS on any property page: ----- Vulnerable input fields: 1 - Description & Price - 'PRICE POSTFIX TEXT' and 'SECOND PRICE POSTFIX TEXT'; 2 - Additional Information - 'TITLE' and 'VALUE'; 3 - Location & Map - 'ADDRESS '. Payload Sample: ----- Persistent XSS on user profile page:...

6.5AI score
Exploits0References1
wpexploit
wpexploit
added 2019/09/08 12:0 a.m.21 views

Nexos - Real Estate < 1.6.1 - SQL Injection & Persistent XSS

----- SQL Injection: ----- Vulnerable 'id' parameter is https://listing-themes.com/nexos-wp/wp-admin/admin.php?page=ownlistingaddlisting=8 ----- Persistent XSS: ----- You need a new user account, then go to any property listing on the website and use «ENQUIRY FORM» on the right sidebar...

8.1AI score
Exploits0References1
wpexploit
wpexploit
added 2019/09/08 12:0 a.m.18 views

Selio - Real Estate Directory <= 1.1 - SQL Injection & Persistent XSS

----- SQL Injection: ----- Vulnerable 'id' parameter is https://listing-themes.com/selio-wp/wp-admin/admin.php?page=ownlistingaddlisting=21 ----- Persistent XSS: ----- You need a new user account, then go to any property listing on the website and use 'ENQUIRY FORM' on the right sidebar. Or you...

7.8AI score
Exploits0References1
wpexploit
wpexploit
added 2019/09/07 12:0 a.m.10 views

Qwiz Online Quizzes And Flashcards <= 3.36 - Unauthenticated Reflected Cross Site Scripting

The qname, iqwiz, sessionid and username parameters passed to the registrationcomplete.php file are affected by XSS issues. Plugin has been closed while the issue is being fixed. /wp-content/plugins/qwiz-online-quizzes-and-flashcards/registrationcomplete.php?&qname=alert"XSS"...

1.7AI score
Exploits0References1
wpexploit
wpexploit
added 2019/09/07 12:0 a.m.29 views

Ellipsis Human Presence Technology <= 2.0.8 - Unauthenticated Reflected Cross Site Scripting (XSS)

The 'page' GET parameter of the inc/protected-forms-table.php file was affected by a reflected XSS vulnerability. http://www.example.com/wp-content/plugins/ellipsis-human-presence-technology/inc/protected-forms-table.php?&page="%20alert"XSS"...

0.4AI score
Exploits0References2
wpexploit
wpexploit
added 2019/09/05 12:0 a.m.37 views

Advanced Access Manager < 5.9.9 - Arbitrary File Access/Download

Advanced Access Manager before Version 5.9.9 allows reading arbitrary files without checking whether a user is allowed to read the given file. This way one can download the wp-config.php file and get access to the database, which is publicly reachable on many servers...

4AI score
Exploits0
wpexploit
wpexploit
added 2019/09/05 12:0 a.m.73 views

WordPress <= 5.2.2 - Cross-Site Scripting (XSS) in URL Sanitisation

Description According to the WordPress release notes: "Props to Soroush Dalili @irsdl from NCC Group for disclosing an issue with URL sanitization that can lead to cross-site scripting XSS attacks." Thanks to @irsdl's Hacker1 disclosure: JS - Numerical Entities JS - Hex Entities...

6.1CVSS6.3AI score0.02198EPSS
Exploits2References3
wpexploit
wpexploit
added 2019/09/05 12:0 a.m.22 views

ECPay Logistics for WooCommerce <= 1.2.181030 - Unauthenticated Reflected XSS

The CVSStoreName, CVSAddress, CVSTelephone and CVSStoreID from the getChangeResponse.php are affected by reflected XSS issues. The PoC will be displayed once the issue has been remediated...

1.3AI score
Exploits0References1
wpexploit
wpexploit
added 2019/09/05 12:0 a.m.18 views

API Bearer Auth <= 20181229 - Unauthenticated Reflected XSS

The server GET parameter of the swagger/swagger-config.yaml.php file is affected by a reflected XSS issue. /wp-content/plugins/api-bearer-auth/swagger/swagger-config.yaml.php?&server=alert"XSS"...

4.3CVSS1.7AI score0.05698EPSS
Exploits2References1
wpexploit
wpexploit
added 2019/09/03 12:0 a.m.12 views

Portrait-Archiv.com Photostore <= 3.1 - Unauthenticated Reflected XSS

The 'pDetails' GET parameter from the js/imageDetails.php was vulnerable to an unauthenticated reflected XSS attack. http://www.example.com/wp-content/plugins/portrait-archiv-shop/js/imageDetails.php?pDetails=;;alert"XSS"...

1.6AI score
Exploits0References2
wpexploit
wpexploit
added 2019/08/25 12:0 a.m.18 views

UserPro <= 4.9.34 - Unauthenticated Reflected XSS

Edit WPscanTeam: August 26th, 2019 - Envato Notified September 2nd, 2019 - v4.9.34 released, still vulnerable September 24th, 2019 - v4.9.35 and 4.9.35.1 released, fixing the issue...

4.3CVSS1.8AI score0.82962EPSS
Exploits6References2
wpexploit
wpexploit
added 2019/08/09 12:0 a.m.23 views

Woody Ad Snippets < 2.2.6 - Arbitrary Post Deletion

The adminInit function of the admin/includes/class.actions.snippets.php file, registered as an admininit hook did not have any CSRF or capability checks for its close action, allowing unauthenticated users to delete arbitrary posts from the blog...

6.4CVSS3AI score0.0163EPSS
Exploits2
wpexploit
wpexploit
added 2019/08/04 12:0 a.m.11 views

Rencontre < 3.2 - Authenticated Stored XSS via textmail & textanniv Parameters

An authenticated persistent cross-site scripting vulnerability has been found in the web interface of the plugin that allows the execution of arbitrary HTML/script code to be executed in the victim's browser when they visit the web site. Affected Version Version: alert'XSS'// Encoded-Payload:...

Exploits0References1
wpexploit
wpexploit
added 2019/08/03 12:0 a.m.18 views

Rencontre < 3.2.2 - Authenticated Stored XSS via facebook parameter & SQL Injection

An authenticated persistent cross-site scripting vulnerability has been found in the web interface of the plugin that allows the execution of arbitrary HTML/script code to be executed in the victim's browser when they visit the web site. Affected Version Version: alert'XSS'// Encoded-Payload:...

0.6AI score
Exploits0References1
wpexploit
wpexploit
added 2019/07/29 12:0 a.m.15 views

Real Estate 7 < 2.9.1 - Stored XSS & IDOR

The 'Real Estate 7' premium WordPress theme is vulnerable to persistent XSS injection that allows an attacker to inject JavaScript or HTML code into the website front-end. There is also an Insecure Direct Object Reference issue, allowing unauthorized users to edit listings they should not have...

6.7AI score
Exploits0References3
wpexploit
wpexploit
added 2019/07/27 12:0 a.m.18 views

Simple Membership <= 3.8.4 - Cross-Site Request Forgery (CSRF)

CSRF issue in the Bulk Operation menu tab https://youtu.be/HkTD8DhhwhM https://gofile.io/?c=zWYnLM - CSRF html files...

6.8CVSS1.3AI score0.0315EPSS
Exploits6References1
wpexploit
wpexploit
added 2019/07/27 12:0 a.m.17 views

Custom Simple RSS <= 2.0.6 - CSRF

CSRF issue in the Custom Simple Rss Plugin https://youtu.be/R0VrTpjaRg https://gofile.io/?c=jmVseA - CSRF html file...

4.3CVSS1.4AI score0.00623EPSS
Exploits1
wpexploit
wpexploit
added 2019/07/17 12:0 a.m.74 views

WP Code Highlight.js < 0.6.3 - CSRF to Stored XSS

Lack of CSRF checks could allow attackers to make a logged in admin create XSS payloads. document.getElementById'hljs'.submit;...

6.8CVSS0.8AI score0.01343EPSS
Exploits2References1
wpexploit
wpexploit
added 2019/07/17 12:0 a.m.17 views

All-in-One WP Migration <= 6.97 - Authenticated Cross-Site Scripting (XSS)

An attacker would already have to be able to either compromise the database or gain access to a user account with high enough privileges to view the backup history, so some damage has already been done, but such an attacker could then also insert some XSS in order to compromise other admin users...

Exploits0References2
wpexploit
wpexploit
added 2019/07/15 12:0 a.m.27 views

Ad Inserter <= 2.4.21 - Authenticated Remote Code Execution

The Ad Inserter – Ad Manager & AdSense Ads WordPress plugin was affected by an Authenticated Remote Code Execution security vulnerability. The nonce aicheck in the final request can be obtained by querying the homepage with the AIWPDEBUGGING cookie set to 2. Then, use an account with a role as lo...

6.5CVSS0.7AI score0.03635EPSS
Exploits2References2
wpexploit
wpexploit
added 2019/07/11 12:0 a.m.23 views

One Click SSL <= 1.4.6 - Multiple Issues

Lack of CSRF and authorisation checks in the settings page, as well as AJAX methods such as ajaxenablessl, ajaxscan and so on could allow unauthorised settings change as well as call of the AJAX methods by a low privileged user. Additionally, it could also allow arbitrary site options update due ...

6.8CVSS0.6AI score0.00795EPSS
Exploits2References1
wpexploit
wpexploit
added 2019/07/11 12:0 a.m.20 views

School Management < 57.0 - CSRF and Stored XSS

CSRF and Stored XSS Cross Site Scripting Edit WPScanTeam: June 17th - Issue Reported to Envato June 17th - Envato Support confirmed they are investigating the issue June 28th - New version released, fixing the XSS but not the CSRF. Envato notified July 5th - Demo fixed, new version to be released...

1.1AI score
Exploits0References1
wpexploit
wpexploit
added 2019/07/10 12:0 a.m.12 views

Hybrid Composer <= 1.4.6 - Unauthenticated Options Update

This plugin has a function to update Wordpress options via Ajax and it's set with the following: addaction'wpajaxnoprivhcajaxsaveoption', 'hcajaxsaveoption'; Which means it does not require authentication and is exploitable by anyone on the internet. I've already spoken to the plugin author about...

2.2AI score
Exploits0References2
wpexploit
wpexploit
added 2019/07/09 12:0 a.m.18 views

Gallery Photoblocks < 1.1.43 - Authenticated Reflected XSS

The Gallery PhotoBlocks WordPress plugin was affected by an Authenticated Reflected XSS security vulnerability. When logged in with an account with administrator capabilities: https:///wp-admin/admin.php?page=photoblocks-edit&id="...

3.5CVSS1.2AI score0.01318EPSS
Exploits1References1
wpexploit
wpexploit
added 2019/07/09 12:0 a.m.21 views

Appointment Hour Booking <= 1.1.45 - Stored Cross-Site Scripting (XSS)

It is possible for an unauthenticated user to inject malicious JavaScript into a booking form, which will then be executed when an authenticated user views the booking in the WordPress admin interface. POST /booking-form/ HTTP/1.1 Host: test.local User-Agent: Mozilla/5.0 Macintosh; Intel Mac OS X...

4.3CVSS6.2AI score0.01376EPSS
Exploits2References3
wpexploit
wpexploit
added 2019/07/08 12:0 a.m.12 views

WP Slimstat <= 4.8.3 - CSRF to Stored XSS and Setting Updates

Lack of CSRF check and sanitisation in the updatesettings function can lead to settings update, as well as Stored XSS issues /wp-admin/admin.php?page=slimconfig&tab=1" method="POST" ' /...

0.3AI score
Exploits0References1
wpexploit
wpexploit
added 2019/07/08 12:0 a.m.9 views

WP Custom Body Class <= 0.7.0 - CSRF to Stored XSS and Settings Update

Lack of CSRF check and sanitisation when updating the plugin's settings could lead to unauthorised settings update as well as stored XSS issues XSS fixed in 0.7.0. CSRF still there - vendor contacted CSRF fixed in 0.7.1 /wp-admin/options-general.php?page=custombodyclass" method="POST" ' /...

0.3AI score
Exploits0References1
wpexploit
wpexploit
added 2019/07/05 12:0 a.m.10 views

Gallery Photoblocks < 1.1.41 - Unauthenticated Reflected XSS

Also Full Path Disclosure depending on the configuration of the server https:///wp-content/plugins/photoblocks-grid-gallery/admin/partials/photoblocks-edit.php?id="...

1.1AI score
Exploits0References1
wpexploit
wpexploit
added 2019/07/05 12:0 a.m.18 views

Zoner - Real Estate <= 4.1 - Reflected & Stored XSS

Weak security measures like bad input fields data filtering has been discovered in the 'Zoner - Real Estate WordPress Theme'. PoC Stored XSS Injection: Register on the demo website and go to https://zoner.fruitfulcode.com/author/yourlogin/?profile-page=myprofile page. Inside any text field type "...

0.7AI score
Exploits0References1
wpexploit
wpexploit
added 2019/07/04 12:0 a.m.26 views

Appointment Booking Calendar < 1.3.19 - Unauthenticated Stored XSS

Lack of authorisation check in the cpabcappointmentssaveedition function can lead to stored XSS via the editionarea parameter when cfwppedit is set to 'js' or 'css' /wp-admin/admin-ajax.php" method="POST" "/ /wp-admin/admin-ajax.php" method="POST" "/ The payload will be triggered in all pages wit...

4.3CVSS1.2AI score0.01389EPSS
Exploits2References1
wpexploit
wpexploit
added 2019/07/03 12:0 a.m.14 views

Simple Mail Address Encoder <= 1.6.1 - Reflected Authenticated XSS

Reflected XSS in the base64 encoded fwurl parameter when the plugin has been used for 30 days and shows a donation notice https:///wp-admin/options-general.php?page=smae&smaeaction=remind&fwurl=Iyc7YWxlcnQoL1hTUy8pOy8v...

4.3CVSS1.9AI score0.00985EPSS
Exploits1References1
wpexploit
wpexploit
added 2019/07/02 12:0 a.m.23 views

Insert or Embed Articulate Content into WordPress <= 4.2999 - Authenticated Arbitrary Folder Deletion and Rename

The lack of CSRF, Authorisation and Path Traversal checks in wpajaxdeldir and wpajaxrenamedir AJAX methods in functions.php make it possible for an authenticated user with a role as low as subscriber to delete and rename arbitrary folders. CSRF attacks against such authenticated users is also...

5.5CVSS0.4AI score0.00625EPSS
Exploits2References1
wpexploit
wpexploit
added 2019/07/01 12:0 a.m.36 views

Server Status by Hostname/IP <= 4.6 - Authenticated SQL Injection

The last time it was checked the plugin was still affected and had been closed. http://www.example.com/wp-admin/admin.php?page=all-servers&id=2+UNION+SELECT+1%2C2%2C3%2C%40%40version+&action=edit...

6.5CVSS2.3AI score0.01733EPSS
Exploits2References1
wpexploit
wpexploit
added 2019/07/01 12:0 a.m.28 views

Newsletter Lite < 4.6.19 - Multiple Issues

- Lack of CSRF, Authorisation and sanitisation checks in the ajaxloadneweditor function, registered as an AJAX method, can lead to an authenticated reflected XSS issue. - Authenticated Directory Traversal leading to RCE XSS: As an authenticated user with a role as low as a Subscriber, open...

6.5CVSS0.5AI score0.03711EPSS
Exploits3
wpexploit
wpexploit
added 2019/07/01 12:0 a.m.208 views

WP Statistics <= 12.6.6.1 - Unauthenticated Blind SQL Injection

An endpoint of the API, which is exposed when the 'use cache plugin' setting is enabled by default disabled, is vulnerable to an unauthenticated blind SQLi issue. time curl -X POST 'http://host/wp-json/wpstatistics/v1/hit' --data...

7.5CVSS1.1AI score0.02605EPSS
Exploits2References1
wpexploit
wpexploit
added 2019/06/29 12:0 a.m.14 views

Essential Real Estate <= 1.7.1 - XSS

Multiple XSS across the plugin Example: https:///wp-admin/edit.php?poststatus=all&posttype=userpackage&packageuser="&filteraction=Filter&paged=1 https:///wp-admin/edit.php?poststatus=all&posttype=property&propertyauthor="&propertyidentity&filteraction=Filter&paged=1...

1.4AI score
Exploits0References1
wpexploit
wpexploit
added 2019/06/28 12:0 a.m.11 views

Watu Quizz <= 3.1.2.5 - Reflected XSS via question-form.html.php

The Watu Quiz WordPress plugin was affected by a Reflected XSS via question-form.html.php security vulnerability. /wp-admin/admin.php?page=watuquestion&question=1&action=edit&quiz=1"...

3.3AI score
Exploits0References1
wpexploit
wpexploit
added 2019/06/27 12:0 a.m.17 views

Block WP Login <= 1.3.0 - CSRF and Unauthorised Settings Update

Lack of CSRF and authorisation checks in the bwplconfigureslug function registered as an admininit action could allow attacker via CSRF, or unauthenticated using the admin-ajax.php to change the plugin settings located at /wp-admin/options-permalink.php and disable the protection offered. v1.3.1...

0.6AI score
Exploits0References1
wpexploit
wpexploit
added 2019/06/26 12:0 a.m.23 views

WebP Express <= 0.14.4 - Authenticated Stored XSS

Edit - WPScanTeam: The reported issue has been fixed in 0.14.5. Other sanitisation checks have been implemented in newest versions such as 0.14.6 and 0.14.8 while the plugin was closed, so the fixed in is set to 0.14.8 Video POC :...

3.5CVSS1.4AI score0.00787EPSS
Exploits2References1
wpexploit
wpexploit
added 2019/06/26 12:0 a.m.26 views

Live Chat Unlimited <= 2.8.3 - Stored Cross-Site Scripting (XSS)

Weak security measures like bad input field data filtering has been discovered in the 'Live Chat Unlimited'. Go to the demo website https://screets.com/try/lcx/night-bird/ and open chat window by clicking on «Open/close» link, then click on «Online mode» to go online. Use your payload inside inpu...

0.4AI score
Exploits0References2
wpexploit
wpexploit
added 2019/06/26 12:0 a.m.18 views

LiveChat <= 3.7.2 - Unauthenticated Option Update/Reset and Stored XSS

The lack of proper CSRF and Authorisation checks could allow an unauthenticated attacker to update or reset the plugin's settings. Furthermore, when updating the livechatemail option, no sanitisation is performed, leading to a Stored XSS issue in the plugin's settings page. CSRF and XSS fixed in...

6.5AI score
Exploits0References1
wpexploit
wpexploit
added 2019/06/25 12:0 a.m.26 views

iLive <= 1.0.4 - Stored Cross-Site Scripting (XSS)

Info: Weak security measures like bad textarea data filtering has been discovered in the 'iLive - Intelligent WordPress Live Chat Support Plugin'. Current version of this premium WordPress plugin is 1.0.4. Demo Website: https://codecanyon.net/item/ilive-wordpress-live-chat-support-plugin/20496563...

7.2AI score
Exploits0References2
wpexploit
wpexploit
added 2019/06/24 12:0 a.m.27 views

Ultimate Member < 2.0.52 - CSRF and Stored XSS issues

A CSRF vulnerability in adding/editing user roles in Ultimate Member 2.0.49. It also lead to stored XSS. Edit WPScanTeam: July 9th, 2019 - v2.0.50 released and still affected. Escalated to WP Plugins Team July 9th, 2019 - v2.0.51 released, fixing the CSRF but not the XSS July 11th, 2019 - Escalat...

3.5CVSS5.3AI score0.00886EPSS
Exploits3
wpexploit
wpexploit
added 2019/06/24 12:0 a.m.22 views

Custom 404 Pro < 3.2.9 - Authenticated Reflected XSS

The Custom 404 Pro WordPress plugin was affected by an Authenticated Reflected XSS security vulnerability. Version...

4.3CVSS2.1AI score0.01919EPSS
Exploits2References1
wpexploit
wpexploit
added 2019/06/23 12:0 a.m.28 views

CP Contact Form with Paypal <= 1.3.01 - Multiple XSS

The CP Contact Form with PayPal WordPress plugin was affected by a Multiple XSS security vulnerability. Version &r=1 fixed in 1.2.98...

4.3CVSS1.3AI score0.0094EPSS
Exploits2References1
wpexploit
wpexploit
added 2019/06/21 12:0 a.m.19 views

Seo By Rank Math <= 1.0.27 - Authenticated Settings Reset

Allows any authenticated user with a role as low as subscriber to reset Settings of the plugin. https://plugins.trac.wordpress.org/browser/seo-by-rank-math/tags/1.0.27/includes/admin/class-options.phpL91...

4CVSS2.1AI score0.01381EPSS
Exploits2References1
wpexploit
wpexploit
added 2019/06/13 12:0 a.m.30 views

WP-Members <= 3.2.7 - Cross-Site Request Forgery (CSRF)

No CSRF Protection on Add new Fields. Can also Edit and Delete fields the same way. 1.Download csrfwp-members.html 2.Change URL in html file.FORM ACTION. 3.Submit Request. Video POC : https://drive.google.com/file/d/1TuJK0NjxznjTDmoJF5wbGu2vMAXXikw/view?usp=sharing HTMLFILE :...

6.8CVSS0.8AI score0.0068EPSS
Exploits1References1
wpexploit
wpexploit
added 2019/06/11 12:0 a.m.46 views

Support Board - Chat And Help Desk | Support & Chat <= 1.2.8 Stored XSS

Info: Weak security measures like bad textarea data filtering has been discovered in the «Support Board - Chat And Help Desk | Support & Chat». Demo Website: https://codecanyon.net/item/support-board-chat-and-help-desk/20752085 Backend: https://board.support/desk-demo/?login=true Login / Password...

7.3AI score
Exploits0References1
wpexploit
wpexploit
added 2019/05/28 12:0 a.m.19 views

Slick Popup <= 1.7.1 - Privilege Escalation

Subscriber users are able to create an administrator account with hardcoded login credentials. Hardcoded username "slickpopupteam" and its password is OmakPass13...

6.5CVSS1.9AI score0.02071EPSS
Exploits2References2
wpexploit
wpexploit
added 2019/05/20 12:0 a.m.19 views

FV Flowplayer Video Player <= 7.3.13.727 - Unauthenticated Stored XSS

The vulnerable function is exposed to unauthenticated users over wpajaxnoprivfvwpflowplayeremailsignup ajax hook. It saves anything that user provides in email POST parameter. Send POST request to wp-admin/admin-ajax.php with body content: "action=fvwpflowplayeremailsignup&list=1&[email protected]"...

4.3CVSS1AI score0.02022EPSS
Exploits2References2
Total number of security vulnerabilities4359