Lucene search
K
WpexploitRecent

4359 matches found

wpexploit
wpexploit
added 2018/06/27 12:0 a.m.34 views

Open Graph for Facebook, Google+ and Twitter Card Tags <= 2.2.4.1 - Unauthenticated Cross-Site Scripting (XSS)

The Open Graph and Twitter Card Tags WordPress plugin was affected by an Unauthenticated Cross-Site Scripting XSS security vulnerability...

1.2AI score
Exploits0References2
wpexploit
wpexploit
added 2018/06/22 12:0 a.m.38 views

iThemes Security <= 7.0.2 - Authenticated SQL Injection

The iThemes Security better-wp-security plugin before 7.0.3 for WordPress allows SQL Injection by attackers with Admin privileges via the logs page. Vulnerability description: iThemes Security appears to be vulnerable to time-based SQL-Injection. Parameter orderby is vulnerable because backend...

6.5CVSS1.5AI score0.30118EPSS
Exploits4References1
wpexploit
wpexploit
added 2018/06/20 12:0 a.m.25 views

Open Graph for Facebook, Google+ and Twitter Card Tags <= 2.2.4 - Authenticated Reflected XSS

There is a reflected XSS vulnerability caused by "Open Graph for Facebook, Google+ and Twitter Card Tags" in the wdfbogerror parameter on a GET request when editing a post. This can be exploited by tricking an authenticated Wordpress administrator into clicking a malicious link. This vulnerabilit...

4.3CVSS0.7AI score0.01085EPSS
Exploits1References2
wpexploit
wpexploit
added 2018/06/01 12:0 a.m.20 views

wpForo Forum <= 1.4.11 - Unauthenticated Reflected Cross-Site Scripting (XSS)

Version 1.4.11, and below, of the wpForo Forum WordPress Plugin were found to be vulnerable to Reflected Cross-Site Scripting XSS. The vulnerability was due to the Plugin using the $SERVER'REQUESTURI' PHP variable to create a URL string that was later output within HTML without any output encodin...

4.3CVSS6.2AI score0.0363EPSS
Exploits1References1
wpexploit
wpexploit
added 2018/05/27 12:0 a.m.27 views

wpForo Forum <= 1.4.9 - Unauthenticated SQL Injection

The wpForo Forum WordPress plugin was affected by an Unauthenticated SQL Injection security vulnerability. http://www.example.com/index.php/community/?wpfd=0&wpfob=relevancy&wpfo=desc%2cselectfromselectsleep20a&wpfs=fff&wpfin=entire-posts...

5CVSS2.4AI score0.0165EPSS
Exploits2References3
wpexploit
wpexploit
added 2018/05/22 12:0 a.m.17 views

Loginizer 1.3.8-1.3.9 - Unauthenticated Stored Cross-Site Scripting (XSS)

Versions 1.3.8 to 1.3.9 the Loginizer WordPress Plugin were found to be vulnerable to Stored Cross-Site Scripting XSS. The vulnerability was due to the Plugin’s logging functionality using the $SERVER'REQUESTURI' PHP variable to create a URL string that was logged to the database without any inpu...

4.3CVSS6.2AI score0.02191EPSS
Exploits2References2
wpexploit
wpexploit
added 2018/05/18 12:0 a.m.18 views

ProfileGrid – User Profiles, Groups and Communities <= 2.8.5 - Authenticated Code Execution

The plugin ProfileGrid – User Profiles, Groups and Communities versions prior to 2.8.6 is vulnerable to Arbitrary Code Execution. An authenticated user with a role as low as Subscriber can execute arbitrary PHP code on websites using the plugin. Send an authenticated POST request to...

6.5CVSS2.1AI score0.03883EPSS
Exploits2References1
wpexploit
wpexploit
added 2018/05/01 12:0 a.m.16 views

WF Cookie Consent <= 1.1.3 - Authenticated Persistent Cross-Site Scripting (XSS)

The WF Cookie Consent WordPress plugin was affected by an Authenticated Persistent Cross-Site Scripting XSS security vulnerability. 1 Access WordPress control panel. 2 Navigate to the 'Pages'. 3 Add a new page and insert the script you wish to inject into the page title. 4 Now navigate to...

4.3CVSS0.8AI score0.0641EPSS
Exploits6References2
wpexploit
wpexploit
added 2018/04/25 12:0 a.m.16 views

WP with Spritz 1.0 - Unauthenticated File Inclusion

The WP with Spritz WordPress plugin was affected by an Unauthenticated File Inclusion security vulnerability. http://www.example.com/wp-content/plugins/wp-with-spritz/wp.spritz.content.filter.php?url=/../../../..//etc/passwd...

2.3AI score
Exploits0References1
wpexploit
wpexploit
added 2018/04/24 12:0 a.m.19 views

UK Cookie Consent <= 2.3.9 - Authenticated Stored Cross-Site Scripting (XSS)

A persistent cross-site scripting vulnerability has been identified in the web interface of the plugin that allows the execution of arbitrary HTML/script code to be executed in a victim's web browser. Tested on version 2.3.9 older versions may also be affected 1 Access WordPress control panel. 2...

3.5CVSS0.6AI score0.03892EPSS
Exploits5References1
wpexploit
wpexploit
added 2018/04/24 12:0 a.m.17 views

Responsive Cookie Consent <= 1.7 - Authenticated Stored Cross-Site Scripting (XSS)

A persistent cross-site scripting vulnerability has been found in the web interface of the plugin that allows the execution of arbitrary HTML/script code to be executed in the victim's browser when they visit the web site. Tested on version 1.5, 1.6 and 1.7 older versions may also be affected 1...

3.5CVSS5.4AI score0.02855EPSS
Exploits5References1
wpexploit
wpexploit
added 2018/04/23 12:0 a.m.8 views

Outdated VRView Library Used, Leading to Reflected XSS

The vrview = 1.1.3 and wp-vr-view = 1.6 plugins are using an outdated version of the VRView library 2.0.2, which is affected by a reflected cross-site scripting issue. The PoC will be displayed once the issue has been remediated...

1.4AI score
Exploits0References1
wpexploit
wpexploit
added 2018/04/06 12:0 a.m.28 views

WP Background Takeover <= 4.1.4 - Directory Traversal

Allows for an attacker to browse files via the download.php file http://target.com/wp-content/plugins/wpsite-background-takeover/exports/download.php?filename=../../../../wp-config.php...

5CVSS4AI score0.48158EPSS
Exploits4References2
wpexploit
wpexploit
added 2018/03/28 12:0 a.m.17 views

WP Security Audit Log Plugin <= 3.1.1 - Sensitive Information Disclosure

No protection on the wp-content/uploads/wp-security-audit-log/ which is indexed by google and allows for attackers to possibly find user information bad login attempts Google Dork: inurl:/wp-content/uploads/wp-security-audit-log/...

5CVSS3.3AI score0.15782EPSS
Exploits6References1
wpexploit
wpexploit
added 2018/03/03 12:0 a.m.25 views

Super Socializer <= 7.10.6 - Authentication Bypass

You can log in to the site with any user if you know the user's email address. // Steps: // Fill this 3 variable var url = 'http://my-site.com/wordpress/', //website url. Closing slash required email = '[email protected]', //The admin email address to exploit nonce = 'e86377d05a'; // View the...

Exploits0References2
wpexploit
wpexploit
added 2018/03/02 12:0 a.m.18 views

File Manager <= 5.0.0 - Information Disclosure

The Giribaz File Manager plugin logged activity related to the plugin in /wp-content/uploads/file-manager/log.txt. If user edits wp-config.php file using this plugin, the wp-config.php contents get added to the file which is not protected and contains database credentials, salts, etc. These files...

5CVSS1.1AI score0.02872EPSS
Exploits1References2
wpexploit
wpexploit
added 2018/02/28 12:0 a.m.19 views

Category Order and Taxonomy Terms Order <= 1.5.2.2 - Authenticated PHP Object Injection

Usage of unserialize on user input in the saving request of the orders leads to PHP object injection vulnerability. Send POST request to "URL/wp-admin/admin-ajax.php" with parameters "action=update-taxonomy-order&order=SERIALIZED-OBJECT"...

1.6AI score
Exploits0References1
wpexploit
wpexploit
added 2018/02/22 12:0 a.m.9 views

Custom Permalinks <= 1.1 - Authenticated SQL Injection

Missing checking of user controllable input during Bulk Action in the Custom Permalinks backend page leads to SQL injection vulnerability. Send authenticated POST request to "URL/wp-admin/admin.php?page=custom-permalinks-post-permalinks" with parameters "action=delete&permalinks=1 PAYLOAD -- "...

1AI score
Exploits0
wpexploit
wpexploit
added 2018/02/22 12:0 a.m.16 views

WP Fastest Cache <= 0.8.7.4 - Blind SQL Injection

Improper escaping of user input when deleting the cache of specific pages leads to SQL injection vulnerability. escsql was used on input but the result was used unquoted in the constructed SQL query. Send GET request to "URL/wp-admin/admin-ajax.php?action=wpfcclearcachecolumn&id=1 PAYLOAD"...

1.5AI score
Exploits0References3
wpexploit
wpexploit
added 2018/02/22 12:0 a.m.16 views

Custom Permalinks <= 1.1 - Cross-Site Scripting (XSS)

User controllable input in the admin page of Custom Permalinks gets output without any escaping. URL/wp-admin/admin.php?page=custom-permalinks-post-permalinks&s=alert1...

0.7AI score
Exploits0
wpexploit
wpexploit
added 2018/02/22 12:0 a.m.14 views

Photo Gallery by WD <= 1.3.66 - Cross-Site Scripting (XSS)

User input gets first escaped with eschtml and then urldecoded. This leads to the possibility of reflected XSS with a double url encoded payload...

1.2AI score
Exploits0References1
wpexploit
wpexploit
added 2018/02/08 12:0 a.m.26 views

Swape Theme - Authentication Bypass and Stored XSS

Similar to https://wpvulndb.com/vulnerabilities/8061, but with no authentication The theme suffers from a privilege escalation vulnerability, any user can trigger this vulnerability due to weak permissions checking. An attacker can update options, such as changing user's default role, registratio...

7.5CVSS0.8AI score0.01987EPSS
Exploits2References2
wpexploit
wpexploit
added 2018/01/24 12:0 a.m.22 views

Email Subscribers & Newsletters < 3.4.8 - Unauthenticated Subscriber Download

The Email Subscribers & Newsletters – Simple and Effective Email Marketing WordPress Plugin WordPress plugin was affected by an Unauthenticated Subscriber Download security vulnerability. POST /?es=export ... option=viewallsubscribers...

5CVSS3AI score0.03277EPSS
Exploits2References3
wpexploit
wpexploit
added 2018/01/17 12:0 a.m.20 views

BuddyBoss Media <= 3.2.3 - Stored XSS

The album description does not perform input / output validation. According to the researcher: No reply from vendor. Issue not patched. Vulnerability can be exploited by any user. Form not vulnerable to CSRF. '"alert"test";...

3.5CVSS1AI score0.00723EPSS
Exploits2References1
wpexploit
wpexploit
added 2018/01/10 12:0 a.m.20 views

Smooth Slider <= 2.8.6 - Authenticated SQL Injection

During the security analysis, ThunderScan discovered SQL injection vulnerability in Smooth Slider WordPress plugin. The easiest way to reproduce the vulnerability is to visit the provided URL while being logged in as administrator or another user that is authorized to access the plugin settings...

6.5CVSS1.2AI score0.01202EPSS
Exploits2References3
wpexploit
wpexploit
added 2018/01/10 12:0 a.m.15 views

Service Finder Booking < 3.2 - Unauthenticated Local File Disclosure

The premium Service Finder Booking WordPress plugin was vulnerable to a Local File Disclosure vulnerability that could allow unauthenticated users to include arbitrary files on the server. http://victim.com/wp-content/plugins/sf-booking/lib/downloads.php?file=/index.php...

2.3AI score
Exploits0References2
wpexploit
wpexploit
added 2018/01/04 12:0 a.m.18 views

buddypress-xprofile-custom-fields-type 2.6.3 - Authenticated Arbitrary File Deletion

Type user access: any user registered used in BuddyPress. $POST 'field' . $fieldid . 'hiddenfile' is not escaped. $POST 'field' . $fieldid . 'deleteimg' is not escaped. Code File: wp-conent/plugin/buddypress-xprofile-custom-fields-type/bp-xprofile-custom-fields-type.php Lines: 452, 472, 496, 513,...

7.5AI score
Exploits0References1
wpexploit
wpexploit
added 2017/12/28 12:0 a.m.13 views

Church Admin 0.33.2.1 - Unauthenticated Directory Traversal

The "key" parameter of download.php from plugins/church-admin/display/download.php is not sanitized and is vulnerable to a directory traversal type of attack. http:///wp-content/plugins/church-admin/display/download.php?key=../../../../../../../etc/passwd...

2.8AI score
Exploits0
wpexploit
wpexploit
added 2017/12/27 12:0 a.m.13 views

woocommerce-csvimport 3.3.6 – Authenticated Arbitrary File Deletion

Type user access: any user registered. $POST'filename' is not escaped. Code File: wp-content/plugins/woocommerce-csvimport/export/include/classes/woocsvExport.php Line:64 public function deleteexportfile if isset $POST'filename' @unlink $POST'filename' ; wpdie 0 ; Result: wp-config.php file delet...

0.3AI score
Exploits0References1
wpexploit
wpexploit
added 2017/12/19 12:0 a.m.16 views

AccessPress Anonymous Post Pro < 3.2.0 - Unauthenticated Arbitrary File Upload

Improper sanitization allows the attacker to override the settings for allowed file extensions and upload file size. This allows the attacker to upload anything they want, bypassing the filters. OST...

7.5CVSS1.2AI score0.19151EPSS
Exploits6References2
wpexploit
wpexploit
added 2017/12/14 12:0 a.m.40 views

Multiple Mediaburst/Clockwork Plugins - Cross-Site Scripting (XSS)

Reflected XSS via GET parameter "to". Vulnerable Plugins: ------------------------------------------ 1. Clockwork Free and Paid SMS Notifications URL: https://wordpress.org/plugins/mediaburst-email-to-sms/ Version 2.0.3 | By Clockwork 2. Two-Factor Authentication - Clockwork SMS URL:...

4.3CVSS0.00951EPSS
Exploits2References1
wpexploit
wpexploit
added 2017/12/10 12:0 a.m.14 views

RegistrationMagic - Custom Registration Forms <= 3.8.0.4 - Authenticated Reflected XSS

The RegistrationMagic – Custom Registration Forms and User Login WordPress plugin was affected by a Custom Registration Forms = 3.8.0.4 - Authenticated Reflected XSS security vulnerability. GET...

2.1AI score
Exploits0References2
wpexploit
wpexploit
added 2017/12/10 12:0 a.m.25 views

RegistrationMagic - Custom Registration Forms <= 3.8.0.4 - Authenticated SQL Injection

The RegistrationMagic – Custom Registration Forms and User Login WordPress plugin was affected by a Custom Registration Forms = 3.8.0.4 - Authenticated SQL Injection security vulnerability. GET...

2.3AI score
Exploits0References2
wpexploit
wpexploit
added 2017/12/05 12:0 a.m.35 views

Smart Marketing SMS and Newsletters Forms <= 1.1.1 - Unauthenticated Cross-Site Scripting (XSS)

The Smart Marketing SMS and Newsletters Forms WordPress plugin was affected by an Unauthenticated Cross-Site Scripting XSS security vulnerability. POST /wordpress/wp-content/plugins/smart-marketing-for-wp/admin/partials/custom/egoi-for-wp-formegoi.php HTTP/1.1 Host: 127.0.0.1 Content-Type:...

4.3CVSS1.7AI score0.01374EPSS
Exploits2References1
wpexploit
wpexploit
added 2017/11/22 12:0 a.m.16 views

InLinks 1.0 - Authenticated SQL Injection

SQL injection is POST parameter "keyword" Affected file inlinks/inlinks.php Affected lines: 58 $Keyword = trim$POST'keyword'; 59 $URL = trim$POST'url'; 60 $Rel = trim$POST'rel'; 61 $Target = trim$POST'target'; 62 $tablename = $wpdb-prefix ."URLKeywordsMapping"; 63 $SelectKeywordURLMappingDetails ...

6.5CVSS1.1AI score0.02002EPSS
Exploits1References1
wpexploit
wpexploit
added 2017/11/21 12:0 a.m.22 views

Emag Marketplace Connector 1.0 - Unauthenticated Cross-Site Scripting (XSS)

The Emag Marketplace Connector WordPress plugin was affected by an Unauthenticated Cross-Site Scripting XSS security vulnerability. http://www.example.com/wp-content/plugins/emag-marketplace-connector/templates/order/awb-meta-box.php?post= "/alert"XSS"...

4.3CVSS1.3AI score0.05096EPSS
Exploits2References3
wpexploit
wpexploit
added 2017/11/12 12:0 a.m.24 views

WP Support Plus Responsive Ticket System < 8.0.8 - Remote Code Execution

WP Support Plus Responsive Ticket System Choose a file ending with .phtml: After doing this, an uploaded file can be accessed at, say: http://example.com/wp-content/uploads/wpsp/1510248571filename.phtml...

7.5AI score
Exploits0References1
wpexploit
wpexploit
added 2017/11/11 12:0 a.m.15 views

WP Support Plus Responsive Ticket System < 8.0.8 - Remote Code Execution (RCE)

WP Support Plus Responsive Ticket System Choose a file ending with .phtml: After doing this, an uploaded file can be accessed at, say: http://example.com/wp-content/uploads/wpsp/1510248571filename.phtml...

7.5AI score
Exploits0References1
wpexploit
wpexploit
added 2017/11/10 12:0 a.m.24 views

UserPro <= 4.9.17 - Authentication Bypass

The userpro plugin has the ability to bypass login authentication for the user 'admin'. If the site does not use the standard username 'admin' it is not affected. 1 - Google Dork inurl:/plugins/userpro 2 - Browse to a site that has the userpro plugin installed. 3 - Append ?upautolog=true to the...

7.5CVSS9.4AI score0.27369EPSS
Exploits3References2
wpexploit
wpexploit
added 2017/11/10 12:0 a.m.13 views

Ultimate Instagram Feed <= 1.3.1 - Authenticated Cross-Site Scripting (XSS)

In regards to https://wpvulndb.com/vulnerabilities/8947, the XSS vulnerability remains in 1.3 and 1.3.1 as the author passes GET'accesstoken' to sanitizetextfield. However, the value is inserted into an attribute of an element, and sanitizetextfield does not filter for quotes single or double...

0.4AI score
Exploits0References1
wpexploit
wpexploit
added 2017/11/08 12:0 a.m.29 views

Ultimate Instagram Feed <= 1.3 - Authenticated Cross-Site Scripting (XSS)

Author: OmarK The vulnerability lies in the "accesstoken" parameter and can cause reflected XSS vulnerability. The issue is on the file ultimate-instagram-feed/admin/partials/uif-access-token-display.php line 19: the vulnerable code is the following: echo $GET'accesstoken'; There is an echo of th...

3.5CVSS5.1AI score0.01028EPSS
Exploits2References2
wpexploit
wpexploit
added 2017/11/03 12:0 a.m.21 views

JTRT Responsive Tables <= 4.1 – Authenticated SQL Injection

Type user access: single user. $POST‘tableId’ is not escaped. File / Code: Path: /wp-content/plugins/jtrt-responsive-tables/admin/class-jtrt-responsive-tables-admin.php Line : 183 $getTableId = $POST'tableId'; ... $retrievedata = $wpdb-getresults "SELECT FROM $jtrttablesname WHERE jttableIDD = "...

6.5CVSS0.01911EPSS
Exploits2References1
wpexploit
wpexploit
added 2017/11/03 12:0 a.m.22 views

Active Directory Integration <= 1.1.8 - Authenticated SQL Injection

Type user acces: administrator user. Target need have configured ldap and active. Path Request: /wp-content/plugins/active-directory-integration/syncback.php Line : 135 $result = $ADI-bulksyncback $GET'userid' ; $GET‘userid’ is not escaped. Path Method:...

2.2AI score
Exploits0References1
wpexploit
wpexploit
added 2017/11/03 12:0 a.m.13 views

Simple Events Calendar <= 1.3.5 - Authenticated SQL Injection

Type user access: administrator user. $POST‘eventid’ is not escaped. File / Code: Path Request: /wp-content/plugins/simple-events-calendar/simple-events-calendar.php Line : 467 $editevent = $POST'eventid'; $update = $wpdb-getresults " SELECT FROM $tablename WHERE id = $editevent ", "ARRAYA" ;...

0.8AI score
Exploits0References1
wpexploit
wpexploit
added 2017/11/03 12:0 a.m.15 views

Events <= 2.3.4 - Authenticated SQL Injection

Type user access: administrator user. $GET‘editevent’ is not escaped. File / Code: Path Request: /wp-content/plugins/wp-events/wp-events.php Line : 450 – 468 if isset $GET'editevent' $eventeditid = escattr $GET'editevent' ; ... $editevent = $wpdb-getrow "SELECT FROM $wpdb-prefixevents WHERE id =...

2AI score
Exploits0References1
wpexploit
wpexploit
added 2017/11/02 12:0 a.m.11 views

Like Button Rating < 2.5.4 - Unauthenticated Arbitrary Blog Settings Change

In the init action, this plugin checked to see if $POST'likebtnimportconfig' is empty. If it’s not empty then it base64-decodes the string, parses it as JSON, and starts changing options. This could allow attackers to change blog settings such as the Site Title. The below form will set the “Site...

1.3AI score
Exploits0References2
wpexploit
wpexploit
added 2017/10/31 12:0 a.m.24 views

Shortcodes Ultimate <= 5.0.0 - Authenticated Contributor Code Execution

The Shortcodes Ultimate plugin does not sanitize the "filter" argument to the "sumeta", "suuser", and "supost" shortcodes, allowing the filter to be set to the "system" function which runs arbitrary code. This is being exploited in the wild; I discovered this though analysis of modsecurity audit...

7.5CVSS9.6AI score0.12092EPSS
Exploits1References2
wpexploit
wpexploit
added 2017/10/20 12:0 a.m.22 views

Multiple Plugins - jQueryFileTree - Unauthenticated Path Traversal

Since no authentication or authorisation checks for direct access to the jqueryFileTree.php are made, the vulnerability allows for browsing the file system on a host out of an unauthenticated context. Even though no file content can be exfiltrated this way, "hidden" files e.g. in the web...

5CVSS1.9AI score0.57608EPSS
Exploits7References3
wpexploit
wpexploit
added 2017/10/12 12:0 a.m.16 views

pootle button <= 1.1.1 - Authenticated Cross-Site Scripting (XSS)

The pootle button WordPress plugin was affected by an Authenticated Cross-Site Scripting XSS security vulnerability. http://example.com/wp-admin/admin-ajax.php?action=pbtndialog&assetsurl=%22%3E%3Cimg%20src=x%20onerror=alert1%3E...

3.5CVSS1.5AI score0.0097EPSS
Exploits1References2
wpexploit
wpexploit
added 2017/10/12 12:0 a.m.14 views

Invite Anyone <= 1.3.18 - Unauthenticated PHP Object Injection

The plugin invite-anyone insecurely trusts serialized data submitted over HTTP requests. This opens up the site to a PHP object injection vulnerability potential exploit vector. Similar to previous attacks, you send a cookie named "invite-anyone" with serialized data for your target object...

0.5AI score
Exploits0References1
Total number of security vulnerabilities4359