Lucene search
K
WpexploitRecent

4359 matches found

wpexploit
wpexploit
added 2024/01/23 12:0 a.m.141 views

illi Link Party! <= 1.0 - Unauthenticated Stored XSS

Description The plugin does not sanitise and escape some parameters, which could allow unauthenticated vistors to perform Cross-Site Scripting attacks. 1. Add a new link party and add its shortcode to a new post. 2. In a new private window, navigate to the post where you added the shortcode. 3...

8.9AI score0.00265EPSS
Exploits2
wpexploit
wpexploit
added 2024/01/23 12:0 a.m.128 views

Ultimate Noindex Nofollow Tool <= 1.1.2 - Settings Update via CSRF

Description The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack Have an admin open an HTML file containing the following: document.forms0.submit;...

9.4AI score0.00176EPSS
Exploits2References1
wpexploit
wpexploit
added 2024/01/22 12:0 a.m.140 views

Popup Box Pro < 20.9.0 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed Create/edit a new popup and add the following payload in the Custom Content: alert1; Save,...

5.9AI score0.0048EPSS
Exploits3
wpexploit
wpexploit
added 2024/01/22 12:0 a.m.124 views

Popup Box Pro < 7.9.0 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed Create/edit a new popup and add the following payload in the Custom Content: alert1; Save,...

5.9AI score0.0048EPSS
Exploits3
wpexploit
wpexploit
added 2024/01/19 12:0 a.m.117 views

Splashscreen <= 0.20 - Settings Update via CSRF

Description The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack document.forms0.submit;...

9.4AI score0.00221EPSS
Exploits2References1
wpexploit
wpexploit
added 2024/01/19 12:0 a.m.172 views

GigPress <= 2.3.29 - Admin+ Stored Cross Site Scripting

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup 1. Go to "GigPress Settings" 2. Enter...

5.7AI score0.00456EPSS
Exploits2
wpexploit
wpexploit
added 2024/01/19 12:0 a.m.156 views

Chart.js for WordPress <= 2023.2 - Editor+ Stored Cross-Site Scripting

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. 1. Go to "Charts Settings". 2. For th...

7.9AI score0.0039EPSS
Exploits2References1
wpexploit
wpexploit
added 2024/01/19 12:0 a.m.192 views

lasTunes <= 3.6.1 - Settings Update via CSRF

Description The plugin does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack ' ' document.forms0...

9AI score0.00199EPSS
Exploits2
wpexploit
wpexploit
added 2024/01/19 12:0 a.m.173 views

Chart.js for WordPress <= 2023.2 - Editor+ Stored Cross-Site Scripting in New Chart

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. 1. Go to Charts New Chart HTML 3...

7.9AI score0.0039EPSS
Exploits2References1
wpexploit
wpexploit
added 2024/01/18 12:0 a.m.177 views

Smart Manager < 8.28.0 - Admin+ SQL Injection

Description The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin. The vulnerability can be demonstrated using the following POST request: POST...

7.3AI score0.03301EPSS
Exploits5
wpexploit
wpexploit
added 2024/01/17 12:0 a.m.179 views

Web3 – Crypto wallet Login & NFT token gating < 3.0.0 - Authentication Bypass

Description The plugin is vulnerable to an authentication bypass due to incorrect authentication checking in the login flow in functions 'handleauthrequest' and 'hadleloginrequest'. This makes it possible for non authenticated attackers to log in as any existing user on the site, such as an...

6.8AI score0.01773EPSS
Exploits3
wpexploit
wpexploit
added 2024/01/17 12:0 a.m.183 views

MapPress Maps for WordPress < 2.88.15 - Contributor+ Stored XSS

Description The plugin does not sanitize and escape the map title when outputting it back in the admin dashboard, allowing Contributors and above roles to perform Stored Cross-Site Scripting attacks As a contributor, create/edit a map with the below payload as title and attach it to a post can be...

5.9AI score0.00462EPSS
Exploits2
wpexploit
wpexploit
added 2024/01/17 12:0 a.m.212 views

popup-builder < 4.2.6 - Admin+ SSRF & File Read

Description The plugin does not validate a parameter before making a request to it, which could allow users with the administrator role to perform SSRF attack in Multisite WordPress configurations. 1. Create a multi-site wordpress setup, i.e. using docker-containers, and setup a second "site" wit...

6.7AI score0.00812EPSS
Exploits2
wpexploit
wpexploit
added 2024/01/17 12:0 a.m.381 views

MapPress Maps for WordPress < 2.88.16 - Unauthenticated Arbitrary Private/Draft Post Disclosure

Description The plugin does not ensure that posts to be retrieve via an AJAX action is a public map, allowing unauthenticated users to read arbitrary private and draft posts. The fix made in 2.88.15 is not sufficient as it still allowed any authenticated users, such s subscriber to read arbitrary...

6.7AI score0.00568EPSS
Exploits2
wpexploit
wpexploit
added 2024/01/17 12:0 a.m.151 views

Analytics Insights for Google Analytics 4 < 6.3 - Open Redirect

Description The plugin is vulnerable to Open Redirect due to insufficient validation on the redirect oauth2callback.php file. This makes it possible for unauthenticated attackers to redirect users to potentially malicious sites if they can successfully trick them into performing an action...

6.7AI score0.01254EPSS
Exploits2
wpexploit
wpexploit
added 2024/01/16 12:0 a.m.164 views

EazyDocs < 2.4.0 - Subscriber+ Arbitrary Posts Deletion and Document Management

Description The plugin re-introduced CVE-2023-6029 https://wpscan.com/vulnerability/7a0aaf85-8130-4fd7-8f09-f8edc929597e/ in 2.3.8, allowing any authenticated users, such as subscriber to delete arbitrary posts, as well as add and delete documents/sections. The issue was partially fixed in 2.3.9....

7.5AI score0.00424EPSS
Exploits4
wpexploit
wpexploit
added 2024/01/15 12:0 a.m.235 views

FastDup – Fastest WordPress Migration & Duplicator < 2.2 - Directory Listing to Account Takeover and Sensitive Data Exposure

Description The plugin does not prevent directory listing in sensitive directories containing export files. 1 Run backup function http://yoursite/wordpress/wp-admin/admin.php?page=njt-fastdup/ 2 During backup creation, you can intercept the following paths: wordpress/wp-content/plugins/fastdup/lo...

5.3CVSS5.8AI score0.00913EPSS
Exploits1References1
wpexploit
wpexploit
added 2024/01/12 12:0 a.m.162 views

Ultimate Maps by Supsystic < 1.2.16 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed Go to the Marker Categories settings of the plugin...

4.8CVSS4.8AI score0.00416EPSS
Exploits1
wpexploit
wpexploit
added 2024/01/11 12:0 a.m.527 views

POST SMTP Mailer < 2.8.8 - Authorization Bypass via type connect-app API

Description The plugin is vulnerable to unauthorized access of data and modification of data due to a type juggling issue on the connect-app REST endpoint in all versions up to, and including, 2.8.7. This makes it possible for unauthenticated attackers to reset the API key used to authenticate to...

9.8CVSS9.6AI score0.90339EPSS
Exploits6References1
wpexploit
wpexploit
added 2024/01/11 12:0 a.m.165 views

Hubbub Lite < 1.32.0 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup As admin, enable the 'Floating Sidebar...

4.8CVSS4.7AI score0.0044EPSS
Exploits2
wpexploit
wpexploit
added 2024/01/10 12:0 a.m.163 views

WP Customer Area < 8.2.1 - Subscriber+ Account Address Update

Description The plugin does not properly validate users capabilities in some of its AJAX actions, allowing malicious users to edit other users' account address. You may get the nonce from your save address form fetch"https://example.com/wp-admin/admin-ajax.php", "headers": "content-type":...

4.3CVSS4.7AI score0.00394EPSS
Exploits1
wpexploit
wpexploit
added 2024/01/10 12:0 a.m.176 views

WP Customer Area < 8.2.1 - Subscriber+ Account Address Leak

Description The plugin does not properly validates user capabilities in some of its AJAX actions, allowing any users to retrieve other user's account address. Run the below command in the developer console of the browser when being logged in the blog as a subscriber and on your own edit account...

6.5CVSS6.5AI score0.00483EPSS
Exploits1
wpexploit
wpexploit
added 2024/01/10 12:0 a.m.171 views

EventON (Free < 2.2.7, Premium < 4.5.5) - Admin+ Stored Cross-Site Scripting

Description The plugin does not sanitize and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. 1. Go to the EventON Lite settings an...

4.8CVSS4.7AI score0.0043EPSS
Exploits2
wpexploit
wpexploit
added 2024/01/10 12:0 a.m.212 views

EventON (Free < 2.2.9, Premium < 4.5.9) - Unauthenticated Virtual Event Settings Update

Description The plugins do not have authorisation and CSRF in some AJAX actions, allowing unauthenticated users to update virtual events settings, such as meeting URL, moderator, access details etc To set the Meeting URL to https://attacker.com/ on the Virtual Event with ID 240: curl -X POST --da...

5.3CVSS5.4AI score0.00411EPSS
Exploits1
wpexploit
wpexploit
added 2024/01/10 12:0 a.m.159 views

Voting Record <= 2.0 - Settings Update to Stored XSS via CSRF

Description The plugin does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack Have an admin open an HTML page containing the following: alert1' document.forms0.submit;...

5.4CVSS5.7AI score0.00207EPSS
Exploits2References1
wpexploit
wpexploit
added 2024/01/10 12:0 a.m.147 views

EventON (Free < 2.2.8, Premium < 4.5.6) - Unauthenticated Arbitrary Post Metadata Update

Description The plugins do not have authorisation in an AJAX action, and does not ensure that the post to be updated belong to the plugin, allowing unauthenticated users to update arbitrary post metadata. Note: Such issue could lead to Unauthenticated Stored XSS due to the lack of sanitisation in...

6.1CVSS6.2AI score0.00373EPSS
Exploits1
wpexploit
wpexploit
added 2024/01/10 12:0 a.m.171 views

Voting Record <= 2.0 - Subscriber+ Stored XSS

Description The plugin is missing sanitisation as well as escaping, which could allow any authenticated users, such as subscriber to perform Stored XSS attacks Have a subscriber open an HTML file containing the following: ' ' document.forms0.submit; See the XSS when logged in as an admin and...

5.4CVSS5.7AI score0.00403EPSS
Exploits2References1
wpexploit
wpexploit
added 2024/01/10 12:0 a.m.163 views

EventON (Free < 2.2.8, Premium < 4.5.5) - Unauthenticated Virtual Event Password Disclosure

Description The plugins do not have authorisation in an AJAX action, allowing unauthenticated users to retrieve the settings of arbitrary virtual events, including any meeting password set for example for Zoom curl -X POST --data "eid=240"...

5.3CVSS5.6AI score0.00453EPSS
Exploits1
wpexploit
wpexploit
added 2024/01/10 12:0 a.m.155 views

EventON (Free < 2.2.8, Premium < 4.5.5) - Unauthenticated Email Address Disclosure

Description The plugins do not have authorisation in an AJAX action, allowing unauthenticated users to retrieve email addresses of any users on the blog To get the administrator user emails: curl -X POST --data 'userrole=administrator'...

5.3CVSS5.4AI score0.37957EPSS
Exploits3
wpexploit
wpexploit
added 2024/01/10 12:0 a.m.168 views

EventON (Free < 2.2.8, Premium < 4.5.5) - Reflected XSS

Description The plugins do not properly sanitise and escape a parameter before outputting it back in pages, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin Make a logged in admin open a page with the code below...

6.1CVSS6.1AI score0.00366EPSS
Exploits1
wpexploit
wpexploit
added 2024/01/09 12:0 a.m.128 views

Community by PeepSo < 6.3.1.2 - Reflected XSS

Description The plugin does not sanitise and escape various parameters and generated URLs before outputting them back attributes, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin Make a logged in admin open When the register your copy noti...

6.1CVSS6AI score0.00515EPSS
Exploits2
wpexploit
wpexploit
added 2024/01/09 12:0 a.m.133 views

Contact Form 7 Connector < 1.2.3 - Reflected XSS

Description The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against administrators. http://vulnerable-site.tld/wp-admin/admin.php?page=ari-cf7connector-log&format=html&log=...

6.1CVSS6.1AI score0.00458EPSS
Exploits2
wpexploit
wpexploit
added 2024/01/09 12:0 a.m.122 views

Community by PeepSo < 6.3.1.2 - User Post Creation via CSRF

Description The plugin does not have CSRF check when creating a user post visible on their wall in their profile page, which could allow attackers to make logged in users perform such action via a CSRF attack 1. Log in as a normal user. 2. Save the content below as an HTML file...

4.3CVSS6.8AI score0.00237EPSS
Exploits2
wpexploit
wpexploit
added 2024/01/08 12:0 a.m.163 views

PageLayer < 1.8.0 - Author+ Stored XSS

Description The plugin doesn't prevent attackers with administrator privileges from inserting malicious JavaScript inside a post's header or footer code, even when unfilteredhtml is disallowed, such as in multi-site WordPress configurations. - As a user with Author+ capabilities, create a new pos...

4.8CVSS6.7AI score0.00377EPSS
Exploits2
wpexploit
wpexploit
added 2024/01/08 12:0 a.m.148 views

Product Enquiry for WooCommerce < 3.2 - Reflected XSS

Description The plugin does not sanitise and escape the page parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin Make a logged in admin open a page with the code below alert/XSS/'...

6.1CVSS6AI score0.0046EPSS
Exploits2
wpexploit
wpexploit
added 2024/01/05 12:0 a.m.129 views

Restrict Usernames Emails Characters Plugin < 3.1.4 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed 1. Access the "Restrict Usernames Emails Characters" settings 2. For the field "The name of...

4.8CVSS6AI score0.00405EPSS
Exploits2References1
wpexploit
wpexploit
added 2024/01/05 12:0 a.m.157 views

WP STAGING WordPress Backup Plugin – Migration Backup Restore < 3.2.0 - Unauthorized Sensitive Data Exposure

Description The plugin allows access to cache files during the cloning process which provides unauthorized access to sensitive data 1 When an admin creates a staging site, an attacker can capture a .cache file which reveals sensitive information including: DBname, DBtables, DBcolumns. 2 These fil...

7.5CVSS6.6AI score0.00644EPSS
Exploits2
wpexploit
wpexploit
added 2024/01/05 12:0 a.m.167 views

Woostify Sites Library < 1.4.8 - Subscriber+ Arbitrary Options Update to DoS

Description The plugin does not have authorisation in an AJAX action, allowing any authenticated users, such as subscriber to update arbitrary blog options and set them to 'activated' which could lead to DoS when using a specific option name Login as subscriber, open...

7.1CVSS6.7AI score0.00493EPSS
Exploits2
wpexploit
wpexploit
added 2024/01/05 12:0 a.m.188 views

EventON < 4.4.1 - Reflected Cross-Site Scripting

Description The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin Make a logged in admin open a page containing one of the code below: 2.6.x the cmonth a...

6.1CVSS6AI score0.00426EPSS
Exploits2
wpexploit
wpexploit
added 2024/01/04 12:0 a.m.194 views

Relevanssi (Free < 4.22.0, Premium < 2.25.0) - Unauthenticated Private/Draft Post Disclosure

Description The plugin allows any unauthenticated user to read draft and private posts via a crafted request https://example.com/?poststatus=draft https://example.com/?poststatus=private...

5.3CVSS6.7AI score0.00616EPSS
Exploits2References1
wpexploit
wpexploit
added 2024/01/03 12:0 a.m.166 views

WP Plugin Lister <= 2.1.0 - Settings Update to Stored XSS via CSRF

Description The plugin does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack. Make an admin open an HTML page containing the following code: ' ' document.forms0.submit...

5.4CVSS9AI score0.00216EPSS
Exploits2References1
wpexploit
wpexploit
added 2024/01/03 12:0 a.m.307 views

Biteship for WooCommerce < 2.2.25 - Reflected Cross-Site Scripting

Description The plugin does not sanitise and escape the biteshiperror and biteshipmessage parameters before outputting them back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin Make a logged in admin open one of the URLs belo...

6.1CVSS6AI score0.0037EPSS
Exploits2
wpexploit
wpexploit
added 2024/01/03 12:0 a.m.119 views

Wp-Adv-Quiz <= 1.0.4 - Admin+ Stored XSS in Quiz Overview

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. 1. Under "WP Adv Quiz - WP Adv Quiz"...

4.8CVSS4.7AI score0.00402EPSS
Exploits2
wpexploit
wpexploit
added 2024/01/03 12:0 a.m.153 views

WP Social Bookmark Menu <= 1.2 - Settings Update via CSRF

Description The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack. document.forms0.submit;...

8.8CVSS9.4AI score0.00329EPSS
Exploits2References1
wpexploit
wpexploit
added 2024/01/03 12:0 a.m.176 views

WordPress Users <= 1.4 - Settings Update via CSRF

Description The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack. Create an HTML with the following and open it when logged in as an Editor or above: document.forms0.submit;...

8.8CVSS9.4AI score0.00329EPSS
Exploits2References1
wpexploit
wpexploit
added 2024/01/03 12:0 a.m.166 views

Easy SVG Allow <= 1.0 - Author+ Stored XSS via SVG

Description The plugin does not sanitize uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads. Upload an SVG with the following code: alert"xss"; Access the uploaded file directly to trigger the XSS...

5.4CVSS9.3AI score0.0038EPSS
Exploits2
wpexploit
wpexploit
added 2024/01/03 12:0 a.m.150 views

TJ Shortcodes <= 0.1.3 - Contributor+ Stored XSS via Shortcodes

Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. junkie-button...

5.4CVSS8.3AI score0.00406EPSS
Exploits2References1
wpexploit
wpexploit
added 2024/01/03 12:0 a.m.156 views

Wp-Adv-Quiz < 1.0.3 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed. 1. Add a new quiz. 2. Under the created quiz, click on "Questions". 3. Add a question and...

4.8CVSS6AI score0.00402EPSS
Exploits2
wpexploit
wpexploit
added 2024/01/03 12:0 a.m.153 views

Site Notes <= 2.0.0 - Admin Note Deletion via CSRF

Description The plugin does not have CSRF checks in some of its functionalities, which could allow attackers to make logged in users perform unwanted actions, such as deleting administration notes, via CSRF attacks Have an administrator open the following HTML file:...

4.3CVSS6.8AI score0.00218EPSS
Exploits2
wpexploit
wpexploit
added 2024/01/03 12:0 a.m.215 views

MapPress Maps for WordPress < 2.88.14 - Contributor+ Stored XSS

Description The plugin does not sanitize and escape the Point of Interest Title and Description options in a map, allowing Contributor and above role to perform Stored Cross-Site Scripting attacks As a contributor, add/edit a Map and search any location you want. Add XSS Payload on Location’s...

6.4CVSS5.6AI score0.00547EPSS
Exploits2References2
Total number of security vulnerabilities4359