Lucene search
K
WpexploitRecent

4359 matches found

wpexploit
wpexploit
added 2017/10/11 12:0 a.m.33 views

Qards - Server Side Request Forgery (SSRF)

Google Dork: inurl:"plugins/qards" Qards provides you easy option to drag and edit every part and element of your site in the front-end, you will never have to write any code to change the layout or to change any part of the site like the traditional WordPress way. The vulnerable script...

Exploits0References2
wpexploit
wpexploit
added 2017/10/11 12:0 a.m.256 views

Qards - Stored Cross-Site Scripting (XSS)

Google Dork: inurl:"plugins/qards" Qards provides you easy option to drag and edit every part and element of your site in the front-end, you will never have to write any code to change the layout or to change any part of the site like the traditional WordPress way. The vulnerable script...

4.3CVSS6.4AI score0.01933EPSS
Exploits2References2
wpexploit
wpexploit
added 2017/10/01 12:0 a.m.18 views

MarketPress <= 3.2.6 - PHP Object Injection

The MarketPress plugin installs to a directory named wordpress-ecommerce versions 3.2.6 and prior are vulnerable to a PHP Object Injection attack from the cart cookie value stored in connection with this plugin. Send an object to the site using the mpglobalcart cookie value and it will be...

1.4AI score
Exploits0References2
wpexploit
wpexploit
added 2017/09/26 12:0 a.m.30 views

Content Timeline <= 4.4.2 - Multiple Blind SQL Injection

Multiple Blind SQL injections in the premium 'Content Timeline' Plugin. One unauthenticated and two authenticated injections. Contacted the author twice without any response. History: 09-16-2017 Contacted the author 09-16-2017 Requested CVE-ID 09-18-2017 CVE-ID Received 09-18-2017 Contacted the...

7.5CVSS0.3AI score0.05248EPSS
Exploits4References2
wpexploit
wpexploit
added 2017/09/21 12:0 a.m.29 views

Student Result or Employee Database <= 1.6.3 - Auth Bypass

The Student Result or Employee Database WordPress plugin was affected by an Auth Bypass security vulnerability. curl -i -s -k -X 'POST' -H 'User-Agent: Mozilla/5.0' -H 'Content-Type: application/x-www-form-urlencoded; charset=UTF-8' -H 'X-Requested-With: XMLHttpRequest' -H 'Referer:...

6.4CVSS1.3AI score0.01801EPSS
Exploits2References2
wpexploit
wpexploit
added 2017/09/12 12:0 a.m.17 views

Pinfinity Theme <= 1.9.2 - Reflected Cross-site Scripting (XSS)

The pinfinity WordPress theme was affected by a Reflected Cross-site Scripting XSS security vulnerability. https://website.com/wp/?s=alert1...

4.3CVSS0.4AI score0.00907EPSS
Exploits1References1
wpexploit
wpexploit
added 2017/09/09 12:0 a.m.23 views

WPHRM <= 1.0 - Authenticated SQL Injection

The vulnerability allows an employee users to inject SQL commands. http://localhost/PATH/?hr-dashboard=user&page=message&tab=viewmessage&from=inbox&id=SQL-23+union+select 1,2,3,4,5,SELECT+GROUPCONCATtablename+SEPARATOR+0x3c62723e+FROM+INFORMATIONSCHEMA.TABLES+WHERE+TABLESCHEMA=DATABASE,7,8--%20-...

6.5CVSS3.2AI score0.03029EPSS
Exploits5References2
wpexploit
wpexploit
added 2017/09/08 12:0 a.m.15 views

MailChimp for WordPress <= 4.1.6 - Authenticated Cross-Site Scripting (XSS)

Usage of the output of addqueryarg without escaping in various places in the WordPress Backend leads to reflected XSS vulnerability. URL/wp-admin/admin.php?page=mailchimp-for-wp-integrations&"alert1...

0.7AI score
Exploits0References2
wpexploit
wpexploit
added 2017/09/08 12:0 a.m.20 views

Caldera Forms <= 1.5.4 - Authenticated Cross-Site Scripting (XSS)

Version 1.5.4 and earlier of Caldera Forms is vulnerable to a reflected cross-site scripting vulnerability in the "edit" parameter, which is not properly escaped before being printed in an HTML attribute. An attacker can use this to craft URLs that, when clicked, result in malicious JavaScript...

1.1AI score
Exploits0References1
wpexploit
wpexploit
added 2017/09/06 12:0 a.m.31 views

Participants Database <= 1.7.5.9 - Cross-Site Scripting

Cross site scripting XSS vulnerability in the Wordpress Participants Database plugin 1.7.59 allows attackers to inject arbitrary javascript via the Name parameter. curl -k -F action=signup -F subsource=participants-database -F shortcodepage=/?pageid=1 -F thankspage=/?pageid=1 -F instanceindex=2 -...

4.3CVSS2.1AI score0.02302EPSS
Exploits4References1
wpexploit
wpexploit
added 2017/09/02 12:0 a.m.20 views

SQL Shortcode <= 1.1 - Authenticated SQL Execution

It's not an SQL injection actually, it's just executing SQL with an account as low-privileged as a subscriber. The plugin description says it all. This https://blog.sucuri.net/2016/08/sql-injection-vulnerability-ninja-forms.html great article will help understanding how to exploit shortcodes and...

0.5AI score
Exploits0References1
wpexploit
wpexploit
added 2017/08/26 12:0 a.m.133 views

Multiple Plugins - Unauthenticated RCE via PHPUnit

There was an Unauthenticated Remote Code Execution RCE vulnerability in PHPUnit, a widely used testing framework for PHP. This vulnerability has been seen exploited in the wild. curl -X POST --data ""...

7.5CVSS1.6AI score0.99999EPSS
Exploits19References2
wpexploit
wpexploit
added 2017/08/25 12:0 a.m.16 views

WP Like Post <= 1.5.2 - Authenticated SQL Injection

It's possible to inject SQL via several points Client-IP Header for example when using the gslplikepost shortcode. A low-privileged account is necessary for this; subscriber is enough. Found by: Paul Dannewitz Other vulnerabilities submitted to wpvulndb:...

0.3AI score
Exploits0
wpexploit
wpexploit
added 2017/08/17 12:0 a.m.18 views

Embed Images in Comments <= 0.5 - Unauthenticated Stored XSS

Unescaped src and href attribute replacements allows breaking out of the generated replacement tags. A comment containing the following "image" http://codeseekah.com/1.jpg"onload="alert1".jpg will generate an alert box...

4.3CVSS0.4AI score0.00905EPSS
Exploits1References1
wpexploit
wpexploit
added 2017/08/14 12:0 a.m.16 views

I Recommend This <= 3.8.1 - Authenticated SQL Injection

Plugin description: "This plugin allows your visitors to simply like/recommend your posts instead of comment on it." Active installs according to https://wordpress.org/plugins/i-recommend-this/: 40.000+ It's possible to inject SQL into the dotrecommends shortcode, if the check for IP addresses is...

Exploits0References2
wpexploit
wpexploit
added 2017/08/14 12:0 a.m.16 views

Link-Library <= 5.9.13.26 – Authenticated SQL Injection

Type user access: admin user. $GET‘linkid’ is not escaped. http://localhost:8080/wp-admin/admin.php?page=link-library&genthumbsingle=1&linkid=1+UNION+SELECT+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,CONCATuserlogin,char58,userpass,17,18,19,20,21,22,23,24,25,26+FROM+wpusers+WHERE+ID=1...

2.3AI score
Exploits0References2
wpexploit
wpexploit
added 2017/08/07 12:0 a.m.23 views

Easy Modal <= 2.0.17 - Authenticated SQL Injection

This can only be exploited by a user who already has access to the admin with a valid nonce. During the security analysis, ThunderScan discovered SQL injection vulnerabilities in the Easy Modal WordPress Plugin. The easiest way to reproduce the vulnerability is to visit the provided URL while bei...

6.5CVSS2.8AI score0.01262EPSS
Exploits1References2
wpexploit
wpexploit
added 2017/08/07 12:0 a.m.17 views

Podlove Podcast Publisher <= 2.5.3 - Authenticated SQL Injection

During the security analysis, ThunderScan discovered SQL injection vulnerability in Podlove Podcast Publisher WordPress plugin. The easiest way to reproduce the vulnerability is to visit the provided URL while being logged in as administrator or another user that is authorized to access the plugi...

6.5CVSS1.7AI score0.01109EPSS
Exploits1References1
wpexploit
wpexploit
added 2017/08/07 12:0 a.m.21 views

Pressforward <= 5.2.3 - Reflected Cross-Site Scripting (XSS)

The plugin does not sanitise the $SERVER'QUERYSTRING' before outputting it back in the page, leading to a reflected Cross-Site Scripting issue. The issue was initially reported in v4.3.0 but was never fixed, and is still affecting v5.2.3...

4.3CVSS0.7AI score0.00757EPSS
Exploits1References1
wpexploit
wpexploit
added 2017/08/01 12:0 a.m.17 views

WP Support Plus Responsive Ticket System < 8.0.0 - Privilege Escalation

You can login as anyone without knowing password because of incorrect usage of wpsetauthcookie. Username:...

0.6AI score
Exploits0References2
wpexploit
wpexploit
added 2017/07/30 12:0 a.m.21 views

WP Live Chat Support < 7.1.05 - Cross-Site Scripting (XSS)

WP Live Chat Support is vulnerable by sending XSS payloads through chat...

4.3CVSS0.6AI score0.00915EPSS
Exploits1References1
wpexploit
wpexploit
added 2017/07/26 12:0 a.m.17 views

Ultimate Affiliate Pro WordPress Plugin <= v3.6 - Authenticated Stored XSS

Multiple Stored XSS vulnerabilities found logged as a low privileged user. Authenticated Stored XSS: Logged as an affiliate, a low privileged user. Profile Edit Account. Write the payload in the 'Last Name' input area: jaVasCript:/-///'/"/// /oNMouseoVer=alertdocument.domain Other fields may be...

0.9AI score
Exploits0References1
wpexploit
wpexploit
added 2017/07/26 12:0 a.m.18 views

FormCraft - Premium WordPress Form Builder <= v3.2.31 - Authenticated Stored XSS

WordPress FormCraft Premium WordPress Form Builder versions 3.2.31 and below suffer from a persistent Cross-Site Scripting XSS vulnerability. Authenticated Stored XSS: New Form Heading Heading Text input field is vulnerable. The payload will execute when the form is displayed...

3.5CVSS0.5AI score0.00696EPSS
Exploits1References2
wpexploit
wpexploit
added 2017/07/21 12:0 a.m.21 views

WordPress Plugin IBPS Online Exam <= 1.0 - Authenticated SQL Injection / Cross-Site Scripting

Exploit Author: 8bitsec Contact Author: https://twitter.com/8bitsec Stored XSS on exam input textfields and Blind SQL Injection on 'examappUserResult' page 'id' parameter. Authenticated Stored XSS: Logged as a student: Write the payload in the input textfields while attempting an exam. The payloa...

6.5CVSS0.1AI score0.01576EPSS
Exploits3
wpexploit
wpexploit
added 2017/07/20 12:0 a.m.23 views

Arabic Font - CSRF & Stored XSS

Due to a lack of CSRF mitigation and entity encoding in the output generated by arabic-font.php and /inc/panel.php, it is possible to store and execute scripts in the context of an admin user...

0.3AI score
Exploits0References1
wpexploit
wpexploit
added 2017/07/19 12:0 a.m.14 views

Task Manager Pro <= 1.3.1 - Authenticated Cross-Site Scripting (XSS)

Multiple authenticated XSS vulnerabilities found logged as a low privileged user. Authenticated Stored XSS: Logged as a follower, the lowest privileged user. Write the payload in the 'Add a comment' section Authenticated Reflected XSS On task-edit, task-details, project-details pages:...

0.4AI score
Exploits0References2
wpexploit
wpexploit
added 2017/07/19 12:0 a.m.9 views

WordPress Task Manager Pro <= 1.3.1 - Authenticated SQL Injection

Blind SQL Injection on task-details page task parameter. Logged as a follower: https://localhost/wp/wp-admin/admin.php?page=task-details&task=6+and+sleep1+and+1%3D1...

1.8AI score
Exploits0References2
wpexploit
wpexploit
added 2017/07/07 12:0 a.m.22 views

WP Statistics <= 12.0.9 - Authenticated Cross-Site Scripting (XSS)

The WP Statistics WordPress plugin was affected by an Authenticated Cross-Site Scripting XSS security vulnerability. http://mywordpress.com/wp-admin/admin.php?page=wpsreferrerspage&rangeend=123123"alert1a a="...

4.3CVSS1AI score0.0076EPSS
Exploits1References2
wpexploit
wpexploit
added 2017/07/06 12:0 a.m.11 views

DSubscribers <= 1.2 - Authenticated SQL Injection

The DSubscribers WordPress plugin was affected by an Authenticated SQL Injection security vulnerability. Proof of Concept: 1 – Login with admin user: 2 – Url attack: http://target/wp-admin/admin.php?page=dsubscribers&action=edit&dsubscribers=0 UNION SELECT 1,2,CONCATuserlogin,char58,userpass FROM...

1.1AI score
Exploits0References1
wpexploit
wpexploit
added 2017/07/03 12:0 a.m.13 views

WP Statistics <= 12.0.8.1 - Authenticated Reflected Cross-Site Scripting (XSS)

Version 12.0.8.1 and below of the WP Statistics WordPress Plugin was found to be vulnerable to Authenticated Reflected Cross-Site Scripting XSS. The 'ip' GET parameter on the 'wpsvisitorspage' page is output to a page without first being validated, sanitised or output encoded. This leads to...

1.9AI score
Exploits0References2
wpexploit
wpexploit
added 2017/06/27 12:0 a.m.10 views

Ultimate Product Catalogue <= 4.2.2 - Authenticated SQL Injection

Type user access: subscriber upwards. $POST‘CatID’ is not escaped. File / Code: Path: /wp-content/plugins/ultimate-product-catalogue/Functions/ProcessAjax.php...

0.7AI score
Exploits0References1
wpexploit
wpexploit
added 2017/06/21 12:0 a.m.9 views

Email Before Download < 4.0 - SMTP Header Injection

Email Before Download https://wordpress.org/plugins/email-before-download/ before version 4.0 was vulnerable to an SMTP header injection which allows abuse of vulnerable website to send spam or phishing emails. In email-before-download.php, the "emailFrom" variable comes directly from the...

1.8AI score
Exploits0References1
wpexploit
wpexploit
added 2017/06/20 12:0 a.m.13 views

All-in-One WP Migration <= 6.45 - Reflected Cross-Site Scripting (XSS)

All-in-One WP Migration is vulnerable to Reflected Cross-Site Scripting on secretkey parameter. http://example.com/wp-admin/admin-ajax.php?action=ai1wmstatus&secretkey="!--...

1.4AI score
Exploits0References1
wpexploit
wpexploit
added 2017/06/13 12:0 a.m.14 views

Viral Optins - Arbitrary File Upload

Affected versions and whether the issue has been remediated is unclear as the vendor website does not exist anymore. Upload!...

1.6AI score
Exploits0References1
wpexploit
wpexploit
added 2017/05/31 12:0 a.m.8 views

Simple Slideshow Manager <= 2.3 – Multiple Vulnerabilities

The Simple Slideshow Manager WordPress plugin was affected by security vulnerability. 3.1 Cross-Site Scripting Vulnerable Function: echo Vulnerable Variable: $GET'name' Vulnerable URL: http://www.vulnerablesite.com/wp-admin/admin.php?page=Acurax-Slideshow-AddImages&name="alert42 3.2 Cross-Site...

0.6AI score
Exploits0References1
wpexploit
wpexploit
added 2017/05/31 12:0 a.m.20 views

WP No External Links <= 3.5.18 – Authenticated Cross-Site Scripting (XSS)

The wp-noexternallinks WordPress plugin was affected by security vulnerability. Cross-Site Scripting: Vulnerable Function: echo Vulnerable Variable: $REQUEST'date1', $REQUEST'date2' Vulnerable URLs:...

4.3CVSS0.5AI score0.00954EPSS
Exploits2References1
wpexploit
wpexploit
added 2017/05/31 12:0 a.m.11 views

Tribulant Newsletters <= 4.6.4.2 – Multiple Vulnerabilities

The Newsletters WordPress plugin was affected by security vulnerability. 3.1 File disclosure Vulnerable URL: http://vulnerablesite.com/wp-admin/admin.php?page=newslettershistory&wpmlmethod=exportdownload&file=..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5cWIN DOWS%5cwin.ini 3.2 Cross-Site...

0.6AI score
Exploits0References1
wpexploit
wpexploit
added 2017/05/24 12:0 a.m.17 views

All In One Schema.org Rich Snippets <= 1.4.4 - Authenticated Cross-Site Scripting (XSS)

The Schema – All In One Schema Rich Snippets WordPress plugin was affected by an Authenticated Cross-Site Scripting XSS security vulnerability. http://vulnerablesite.com/wp-admin/admin.php?page=richsnippetdashboard&bsfforcesend=true&bsfsendlabel=alert1...

4.3CVSS0.9AI score0.00897EPSS
Exploits1References2
wpexploit
wpexploit
added 2017/05/24 12:0 a.m.9 views

AffiliateWP <= 2.0.9 - Authenticated Cross-Site Scripting (XSS)

The AffiliateWP WordPress plugin was affected by an Authenticated Cross-Site Scripting XSS security vulnerability. http://vulnerablesite.com//wp-admin/admin.php?page=affiliate-wp-referrals&filterfrom=%27%3C%2Fscript%3E%3Cscript%3Ealert%2842%29%3C%2Fscript%3E...

1.7AI score
Exploits0References1
wpexploit
wpexploit
added 2017/05/11 12:0 a.m.18 views

User Access Manager <= 2.0.8 - Authenticated Reflected Cross-Site Scripting (XSS)

Not patched in 2.0.0 despite what the advisory states. http://www.example.com/wp-admin/admin.php?page=uamusergroup&uamaction=editusergroup&userGroupId=1%22%3E%3Cimg+src%3Dx+onerror%3Dalert%281%29%3E%3C%22...

1.8AI score
Exploits0References2
wpexploit
wpexploit
added 2017/05/11 12:0 a.m.36 views

Delightful Downloads <= 1.6.6 - Unauthenticated Path Traversal

Since no authentication or authorisation checks for direct access to the jqueryFileTree.php are made, the vulnerability allows for browsing the file system on a host out of an unauthenticated context. Even though no file content can be exfiltrated this way, "hidden" files e.g. in the web...

5CVSS0.6AI score0.57608EPSS
Exploits7References1
wpexploit
wpexploit
added 2017/05/05 12:0 a.m.192 views

WordPress 2.3-4.8.3 - Host Header Injection in Password Reset

Description Attacker may be able to set the 'From' email header in password reset emails. curl -H "Host: www.evil.com" --data "userlogin=admin&redirectto=&wp-submit=Get+New+Password" http://example.com/wp-login.php?action=lostpassword...

5.9CVSS6.2AI score0.26699EPSS
Exploits7References2
wpexploit
wpexploit
added 2017/05/05 12:0 a.m.19 views

Clean Login <= 1.7.12 - Change Redirect URL CSRF

The Clean Login WordPress plugin was affected by a Change Redirect URL CSRF security vulnerability...

4.3CVSS0.5AI score0.00618EPSS
Exploits2References1
wpexploit
wpexploit
added 2017/05/02 12:0 a.m.11 views

Calendar by WD <= 1.5.51 - Authenticated SQL injection

http://www.defensecode.com/advisories/DC-2017-01-017WordPressSpiderEventCalendarPluginAdvisory.pdf Vulnerable POST URL: http://www.vulnerablesite.com/wpadmin/admin.php?page=SpiderCalendar&task=showmanageevent&calendarid=1 Vulnerable POST Body:...

0.7AI score
Exploits0References2
wpexploit
wpexploit
added 2017/05/02 12:0 a.m.11 views

WordPress Facebook <= 1.0.13 - Authenticated SQL Injection

http://www.defensecode.com/advisories/DC-2017-04-011WordPressFacebookPluginAdvisory.pdf Vulnerable POST URL: http://vulnerablesite.com/wp-admin/admin.php?page=SpiderFacebookmanage Vulnerable POST Body: searcheventsbytitle=&pagenumber=1&serchornot=&ascordesc=1&orderby=type AND SELECT FROM...

0.7AI score
Exploits0References2
wpexploit
wpexploit
added 2017/05/02 12:0 a.m.14 views

Photo Gallery by WD <= 1.3.35 - Authenticated SQL Injection

http://www.defensecode.com/advisories/DC-2017-02-011WordPressWebDoradoGalleryPluginAdvisory.pdf http://www.vulnerablesite.com/wp-admin/admin-ajax.php?action=addAlbumsGalleries&albumid=0%20AND%20SELECT%20%20FROM%20SELECTSLEEP5VvZV&width=700&height=550&bwgitemsperpage=20&bwgnonce=b939983df9&TBifram...

0.8AI score
Exploits0References1
wpexploit
wpexploit
added 2017/05/02 12:0 a.m.66 views

Avada Theme <= 5.1.4 - Stored Cross-Site Scripting (XSS) & CSRF

Description The Avada WordPress theme was affected by a Stored Cross-Site Scripting XSS & CSRF security vulnerability. http://cdn.wphutte.com/Avada/5.1.4/xss.html http://cdn.wphutte.com/Avada/5.1.4/csrf.html...

8.8CVSS6.8AI score0.00907EPSS
Exploits1References2
wpexploit
wpexploit
added 2017/04/27 12:0 a.m.9 views

Row Seats Core <= 2.66 - Unauthenticated PHP Object Injection

The plugin row-seats insecurely trusts serialized data submitted over HTTP requests. This opens up the site to a PHP object injection vulnerability potential exploit vector. This vulnerability was patched in version 2.68, information is being released now as a disclosure period has expired. Attac...

1AI score
Exploits0References1
wpexploit
wpexploit
added 2017/04/27 12:0 a.m.25 views

Referrer Detector <= 4.2.1.0 - Unauthenticated PHP Object Injection

The plugin referrer-detector insecurely trusts serialized data submitted over HTTP requests. This opens up the site to a PHP object injection vulnerability potential exploit vector. The original researcher notified the WordPress Plugins team. Attack is exploitable over HTTP requests to sites with...

0.6AI score
Exploits0References1
wpexploit
wpexploit
added 2017/04/27 12:0 a.m.23 views

Gravitate QA Tracker <= 1.2.1 - Unauthenticated PHP Object Injection

The plugin gravitate-qa-tracker insecurely trusts serialized data submitted over HTTP requests. This opens up the site to a PHP object injection vulnerability potential exploit vector. Attack is exploitable over HTTP requests to sites with the gravitate-qa-tracker Plugin. The original researcher...

7.5CVSS0.8AI score0.02339EPSS
Exploits1References1
Total number of security vulnerabilities4359