Lucene search
K
WpexploitRecent

4359 matches found

wpexploit
wpexploit
added 2017/04/27 12:0 a.m.20 views

NextGEN Gallery geo <= 1.0 - Unauthenticated PHP Object Injection

The plugin nextgen-gallery-geo insecurely trusts serialized data submitted over AJAX requests. This opens up the site to a PHP object injection vulnerability potential exploit vector. The original researcher notified the WordPress Plugins team. Attack is exploitable over AJAX calls sites with the...

1.2AI score
Exploits0References1
wpexploit
wpexploit
added 2017/04/27 12:0 a.m.32 views

SiteBuilder Dynamic Components <= 1.0 - Unauthenticated PHP Object Injection

The plugin sitebuilder-dynamic-components insecurely trusts serialized data submitted over AJAX requests. This opens up the site to a PHP object injection vulnerability potential exploit vector. Attack is exploitable over AJAX calls sites with the sitebuilder-dynamic-components Plugin...

5CVSS1.3AI score0.01637EPSS
Exploits2References1
wpexploit
wpexploit
added 2017/04/27 12:0 a.m.18 views

My Geo Posts Free <= 1.2 - Unauthenticated PHP Object Injection

The plugin my-geo-posts-free insecurely trusts serialized data submitted over HTTP requests. This opens up the site to a PHP object injection vulnerability potential exploit vector. Attack is exploitable over HTTP requests to sites with the my-geo-posts-free Plugin. The original researcher notifi...

0.5AI score
Exploits0References1
wpexploit
wpexploit
added 2017/04/27 12:0 a.m.16 views

AJAX Random Posts <= 0.3.3 - Unauthenticated PHP Object Injection

The plugin ajax-random-posts insecurely trusts serialized data submitted over HTTP requests. This opens up the site to a PHP object injection vulnerability potential exploit vector. The original researcher notified WordPress Plugins team. Attack is exploitable over AJAX calls on sites with the...

0.6AI score
Exploits0References1
wpexploit
wpexploit
added 2017/04/24 12:0 a.m.9 views

Answer My Question 1.3 - Cross-Site Scripting (XSS)

The answer-my-question WordPress plugin was affected by a Cross-Site Scripting XSS security vulnerability. Host: 10.194.0.44 URL: http://10.194.0.44/wp-content/plugins/answer-my-question/modal.php Parameter: Hidden Field id Payload: "alert1...

0.3AI score
Exploits0References1
wpexploit
wpexploit
added 2017/04/19 12:0 a.m.9 views

AccessPress Social Icons < 1.6.8 - Authenticated SQL Injections

During the security analysis, ThunderScan discovered SQL injection vulnerabilities in AccessPress Social Icons WordPress plugin. The easiest way to reproduce the vulnerability is to visit the provided URL while being logged in as administrator or another user that is authorized to access the plug...

3.9AI score
Exploits0References2
wpexploit
wpexploit
added 2017/04/12 12:0 a.m.38 views

Multiple BestWebSoft Plugins - Authenticated Cross-Site Scripting (XSS)

http://www.example.com/wp-admin/admin.php?page=bwspanel&category=%22%3E%3C%2Fscript%3E%3Cscript%3Ealert%2842%29%3C%2Fscript%3E...

4.3CVSS1.4AI score0.01757EPSS
Exploits1References2
wpexploit
wpexploit
added 2017/04/10 12:0 a.m.21 views

Slideshow Gallery <= 1.6.5 - Multiple Authenticated Cross-Site Scripting (XSS)

The Slideshow Gallery WordPress plugin was affected by a Multiple Authenticated Cross-Site Scripting XSS security vulnerability. http://vulnerablesite.com/wp-admin/admin.php?page=slideshowgalleries&method=view&id=1%5C%22%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E...

4.3CVSS1.7AI score0.00844EPSS
Exploits1References2
wpexploit
wpexploit
added 2017/04/04 12:0 a.m.21 views

WordPress Ad Widget <= 2.11.0 - Authenticated Local File Inclusion (LFI)

The WordPress Ad Widget WordPress plugin was affected by an Authenticated Local File Inclusion LFI security vulnerability. http://www.example.com/wp-content/plugins/ad-widget/views/modal/index.php?step=php://filter/convert.base64-encode/resource=../wp-config...

1.6AI score
Exploits0References1
wpexploit
wpexploit
added 2017/03/10 12:0 a.m.12 views

Profile Builder < 2.5.8 - Authenticated Stored Cross-Site Scripting (XSS)

Stored Cross-Site Scripting XSS in field minimum password length. history.pushState'', '', '/'...

0.2AI score
Exploits0References1
wpexploit
wpexploit
added 2017/03/03 12:0 a.m.24 views

Adminer <= 1.4.5 - Security Bypass

The plugin is still affected and has been closed. https://example.com/wp-content/plugins/adminer/inc/editor/index.php...

2AI score
Exploits0References2
wpexploit
wpexploit
added 2017/02/28 12:0 a.m.20 views

Mobile App Native <= 3.0 - Remote File Upload

The code in file ./zen-mobile-app-native/server/images.php doesn't require authentication or check that the user is allowed to upload content. It also doesn't sanitize the file upload against executable code. $ curl -F "file=@/var/www/shell.php"...

5CVSS1.5AI score0.07325EPSS
Exploits8References2
wpexploit
wpexploit
added 2017/02/27 12:0 a.m.25 views

Kama Click Counter <= 3.4.9 - Authenticated Blind SQL Injection

The Kama Click Counter WordPress plugin was affected by an Authenticated Blind SQL Injection security vulnerability. http://www.example.com/wp-admin/admin.php?page=kama-clic-counter&orderby=linkname&order=ASC%2cselectfromselectsleep30a&paged=1...

9.3CVSS2AI score0.0201EPSS
Exploits2References1
wpexploit
wpexploit
added 2017/02/18 12:0 a.m.29 views

Mail Masta 1.0 - Multiple SQL Injection

Multiple SQL Injection vulnerabilities in Mail Masta Plugin version 1.0 for WordPress. The plugin is still affected and has been closed. Please refer to: https://github.com/hamkovic/Mail-Masta-Wordpress-Plugin...

7.5CVSS2.5AI score0.05643EPSS
Exploits19References2
wpexploit
wpexploit
added 2017/02/10 12:0 a.m.13 views

Javo Spot Premium Theme - Unauthenticated Directory Traversal

Print out any file in the via an unauthenticated AJAX request. /wp-admin/admin-ajax.php? jvfrmspotgetjson&fn=../../wp-config.php&callback=jQuery...

4.7AI score
Exploits0References2
wpexploit
wpexploit
added 2017/02/07 12:0 a.m.17 views

Raygun4WP <= 1.8.0 - Unauthenticated Reflected XSS

The Raygun4WP WordPress plugin was affected by an Unauthenticated Reflected XSS security vulnerability. http://www.example.com/wp-content/plugins/raygun4wp/sendtesterror.php?backurl="...

4.3CVSS1.6AI score0.03984EPSS
Exploits2References2
wpexploit
wpexploit
added 2017/01/15 12:0 a.m.17 views

Stop User Enumeration 1.3.5-1.3.7 - Unauthenticated Reflected Cross-Site Scripting (XSS)

The Stop User Enumeration WordPress plugin was affected by an Unauthenticated Reflected Cross-Site Scripting XSS security vulnerability. http://www.example.com/?author=1...

4.3CVSS1.2AI score0.0203EPSS
Exploits1References1
wpexploit
wpexploit
added 2017/01/11 12:0 a.m.122 views

WordPress 4.7 - User Information Disclosure via REST API

http://www.example.com/wp-json/wp/v2/users...

5CVSS7.7AI score0.87299EPSS
Exploits7References3
wpexploit
wpexploit
added 2017/01/04 12:0 a.m.12 views

ByREV WP-PICShield - Cross-Site Request Forgery (CSRF)

The ByREV WP-PICShield WordPress plugin is vulnerable to CSRF. When updating the plugin options, several parameters in the issued POST request are written directly to the .htaccess file within the WordPress root directory. An attacker may be able to insert arbitrary lines into the .htaccess file,...

7.2AI score
Exploits0
wpexploit
wpexploit
added 2016/12/31 12:0 a.m.9 views

XCloner - Backup and Restore < 3.1.5 - Authenticated Path Traversal

Authenticated users are able to perform directory listings at any location available to the Wordpress user, leaking filenames of previous backups. This was found in XCloner - Backup and Restore version 3.1.4, but may have been introduced in earlier versions. Attackers can leverage directory...

7.3AI score
Exploits0References2
wpexploit
wpexploit
added 2016/12/14 12:0 a.m.19 views

Xtreme Locator Dealer Locator Plugin 1.5 – Authenticated SQL Injection

Type user access: admins user. $GET‘id’ is not escaped. Is accessible for only admins user. 1 - logged with admin user; 2 - send resquest get; http://www.example.com/wp-admin/admin.php?page=xtreme-locator-settings&id=0+UNION+ALL+SELECT+1%2Cslug%2Cname%2C4%2C5+FROM+wpterms+WHERE+termid%3D1...

6.5CVSS1.3AI score0.01598EPSS
Exploits2References1
wpexploit
wpexploit
added 2016/12/14 12:0 a.m.16 views

ZM Gallery 1.0 – Authenticated Blind SQL Injection

The plugin is still affected and has been closed. Type user access: admin user. $GET‘order’ is escaped wrong. Attack with Blind Injection python sqlmap.py -u "http://www.example.com/wp-admin/admin.php?page=zmgallery&orderby=name&order=desc" --dbs --cookie="cookie of admin user" --level=5...

6.5CVSS0.7AI score0.05523EPSS
Exploits2References1
wpexploit
wpexploit
added 2016/12/12 12:0 a.m.19 views

ZX_CSV Upload 1 – Authenticated SQL Injection

Type user access: admin user. $GET‘id’ is not escaped. URL is accessible for every registered user. 1 – Login with admin user. 2 - Send request post:...

6.5CVSS1.1AI score0.01902EPSS
Exploits2References1
wpexploit
wpexploit
added 2016/12/12 12:0 a.m.13 views

WP Support Plus Responsive Ticket System < 8.0.0 – Authenticated SQL Injection

Type user access: any user. $POST‘catid’ is not escaped. Is accessible for any user...

0.7AI score
Exploits0References3
wpexploit
wpexploit
added 2016/12/12 12:0 a.m.12 views

WP Private Messages 1.0.1 – Authenticated SQL Injection

Type user access: registered user. $GET‘id’ is not escaped. URL is accessible for every registered user. http://www.example.com/wp-admin/users.php?page=wp-private-messages%2Fwpuprivatemessages.php&wpu=read&id=0+UNION+SELECT+1,2,2,name,slug,6,7,8,9,10,11,12+FROM+wpterms+WHERE++termid%3D1&r=recieve...

1.5AI score
Exploits0References1
wpexploit
wpexploit
added 2016/12/09 12:0 a.m.15 views

BP Profile Search <= 4.5.3 - PHP Object Injection

The plugin bp-profile-search insecurely trusts serialized data submitted over HTTP requests. This opens up the site to a PHP object injection vulnerability potential exploit vector. This vulnerability was patched in version 4.6, information is being released now as a disclosure period has expired...

0.5AI score
Exploits0References1
wpexploit
wpexploit
added 2016/12/08 12:0 a.m.30 views

WooCommerce Email Test 1.5 - Order Information Disclosure

When this plugin is installed, any anonymous user can open this url https://www.domainname.de/?woocommerceemailtest=WCEmailCustomerCompletedOrder ..which shows the last most recent order along with all customer details, email address and cart content. This is a severe security/data privacy breach...

7.2AI score
Exploits0References1
wpexploit
wpexploit
added 2016/12/05 12:0 a.m.8 views

WA Form Builder 1.1 - Unauthenticated SQL Injection

$POST ‘waformsId’ is not escaped. WAFormBuilderuioutput is accessible to any user...

2AI score
Exploits0References1
wpexploit
wpexploit
added 2016/12/05 12:0 a.m.13 views

Single Personal Message 1.0.3 – Authenticated SQL Injection

Type user access: any user. $GET‘message’ is not escaped. Is accessible for every registered user. http://www.example.com/wp-admin/admin.php?page=simple-personal-message-outbox&action=view&message=0%20UNION%20SELECT%201,2.3,name,5,slug,7,8,9,10,11,12%20FROM%20wpterms%20WHERE%20termid=1...

2.9AI score
Exploits0References2
wpexploit
wpexploit
added 2016/11/28 12:0 a.m.18 views

WP Whois Domain <= 1.0.0 - Unauthenticated Cross-Site Scripting (XSS)

The plugin is still affected and has been closed...

4.3CVSS0.9AI score0.00966EPSS
Exploits2References1
wpexploit
wpexploit
added 2016/11/28 12:0 a.m.9 views

Product Catalog 8 1.2 - Unauthenticated SQL Injection

$POST ‘selectedCategory’ is not escaped. UpdateCategoryList is accessible for any user...

0.6AI score
Exploits0References2
wpexploit
wpexploit
added 2016/11/17 12:0 a.m.12 views

Answer My Question 1.3 - SQL Injection

$POST'id' is not escaped. Url is accessible for any user. Url vulnerable : http://target/wp-content/plugins/answer-my-question/modal.php...

0.6AI score
Exploits0References2
wpexploit
wpexploit
added 2016/11/12 12:0 a.m.12 views

BBS e-Franchise 1.1.1 - Unauthenticated SQL Injection

$GET‘uid’ is not escaped, the URL is accessible for any user. You will have find a post or page that uses the plugin's shortcode...

1AI score
Exploits0References2
wpexploit
wpexploit
added 2016/11/11 12:0 a.m.14 views

Mini Cart Plugin 1.00.1 - Authenticated SQL Injection

$REQUESTitem is not escaped. Url is accessible for user collaborator above. Url vulnerable : http://target/wp-admin/edit.php?page=mini-cart/itemform.php=0=edit...

0.7AI score
Exploits0References1
wpexploit
wpexploit
added 2016/11/10 12:0 a.m.12 views

FireStorm Shopping Cart eCommerce Plugin 2.07.02 - Authenticated SQL Injection

$POST ‘pid’ is not escaped. Url is accessible for administrator user. Url with problem: http://localhost:1406/wp/wp-admin/admin.php?page=fssc-products=general=edit=0=0 http://target/wp-admin/admin.php?page=fssc-products&fp=general&f=edit&cid=0&pid=0+UNION+SELECT+name+FROM+wpterms+WHERE+termid=1...

6.5CVSS0.4AI score0.01918EPSS
Exploits2References1
wpexploit
wpexploit
added 2016/11/10 12:0 a.m.20 views

Sirv <= 1.3.1 - Authenticated SQL Injection

$POST ‘id’ is not escaped. sirvgetrowbyid is accessible for every registered user. $id = $POST'rowid'; $row = $wpdb-getrow"SELECT FROM $tablename WHERE id = $id", ARRAYA; $row'images' = unserialize$row'images'; echo jsonencode$row;...

6.5CVSS0.4AI score0.01944EPSS
Exploits2References2
wpexploit
wpexploit
added 2016/10/06 12:0 a.m.20 views

iThemes Security <= 5.6.1 - Unauthenticated Stored Cross-Site Scripting (XSS)

The 404 detection module needs to be enabled. curl "http://ithemesprotected.target/index.php/2016/09/22/trigger-404/?x=String/YWxlcnQoInRlc3QiKQ==/;x=x.substring1,x.length-1;evalatobx;" -H 'Accept-Encoding: gzip, deflate, sdch' -H 'Accept-Language: en-US,en;q=0.8' -H 'Upgrade-Insecure-Requests: 1...

0.3AI score
Exploits0References1
wpexploit
wpexploit
added 2016/09/30 12:0 a.m.12 views

Appointment Calendar - Stored Cross-Site Scripting (XSS)

When user submist data from appointments there is no validation which leads to stored XSS. curl 'Path to page where appointments calendar short-code is used' -H 'Accept: text/html, /; q=0.01' -H 'Accept-Encoding: gzip, deflate' -H 'Accept-Language: en-US,en;q=0.5' -H 'Content-Type:...

0.2AI score
Exploits0References1
wpexploit
wpexploit
added 2016/09/26 12:0 a.m.20 views

W3 Total Cache <= 0.9.4.1 – Unauthenticated Security Token Bypass

The /pub/apc.php file is used to empty the OPCache/APC. The script seems protected by a nonce aka security token: $nonce = W3Request::getstring'nonce'; $uri = $SERVER'REQUESTURI'; if wphash$uri == $nonce But the flaw stays in the == operator which is not the one to use when you want to compare...

7.2AI score
Exploits0References1
wpexploit
wpexploit
added 2016/09/26 12:0 a.m.14 views

W3 Total Cache <= 0.9.4.1 – Authenticated Arbitrary File Download

When you're creating a support ticket in the plugin page, you can add one or more of your your template themes. Then this file will be send to the author to help him resolving the issue. Now you select one, you send the form and same as for the files before, you will send it to the author to help...

0.5AI score
Exploits0References1
wpexploit
wpexploit
added 2016/09/21 12:0 a.m.11 views

W3 Total Cache <= 0.9.4.1 - Authenticated Reflected Cross-Site Scripting (XSS)

The W3 Total Cache WordPress plugin was affected by an Authenticated Reflected Cross-Site Scripting XSS security vulnerability...

0.8AI score
Exploits0References4
wpexploit
wpexploit
added 2016/09/19 12:0 a.m.18 views

N-Media Website Contact Form with File Upload - Arbitrary File Upload

The website-contact-form-with-file-upload WordPress plugin was affected by an Arbitrary File Upload security vulnerability...

0.8AI score
Exploits0References1
wpexploit
wpexploit
added 2016/09/14 12:0 a.m.24 views

WP Front End Profile <= 0.2.1 - Privilege Escalation & Stored Cross-Site Scripting (XSS)

It is possible to modify a POST request to overwrite user meta including 'wpcapabilities' and 'wpuserlevel' which results in a privilege escalation vulnerability. User input is not sanitised or escaped on output resulting in a stored XSS vulnerability. Timeline: 2016-09-12: Vulnerability found...

7.5CVSS0.4AI score0.02076EPSS
Exploits1References1
wpexploit
wpexploit
added 2016/08/29 12:0 a.m.19 views

404 to 301 <= 2.3.0 - Unauthenticated Stored Cross-Site Scripting (XSS)

Description There is a stored XSS in the 404-to-301 WP plugin alertdocument.cookie HTTP/1.1 Host: wordpress Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 Windows NT 6.1; WOW64 AppleWebKit/537.36 KHTML, like Gecko Chrome/51.0.2704.103 Safari/537.36 Accept:...

6.1AI score
Exploits0References4
wpexploit
wpexploit
added 2016/08/24 12:0 a.m.15 views

WordPress Zero Spam <= 2.1.1 - Unauthenticated Blind SQL Injection

The WordPress Zero Spam WordPress plugin was affected by an Unauthenticated Blind SQL Injection security vulnerability. HTTP request header: Client-IP: '+select0fromselectsleep10v+'...

1.4AI score
Exploits0References3
wpexploit
wpexploit
added 2016/08/24 12:0 a.m.19 views

CYSTEME Finder <= 1.3 - Unauthenticated LFI and Unauthenticated File Upload

CYSTEME does not properly check SESSION Cookies allowing a remote attacker to upload, view, or delete files from any location on the remote file system. - Retrieve all data in the root wordpress directory. This will return JSON. Exploit:...

7.5CVSS0.4AI score0.02433EPSS
Exploits2References1
wpexploit
wpexploit
added 2016/08/23 12:0 a.m.38 views

Mail Masta 1.0 - Unauthenticated Local File Inclusion (LFI)

Plugin is still affected and has been closed http://example.com/wp-content/plugins/mail-masta/inc/campaign/countofsend.php?pl=/etc/passwd...

5CVSS2.2AI score0.10582EPSS
Exploits2References2
wpexploit
wpexploit
added 2016/08/22 12:0 a.m.21 views

Akal Theme - Reflected Cross-Site Scripting (XSS)

The premium theme, Akal, suffers from a Reflected Cross-Site Scripting XSS vulnerability in the preview.php file located in framework/brad-shortcodes/tinymce...

4.3CVSS1.5AI score0.0102EPSS
Exploits2References1
wpexploit
wpexploit
added 2016/07/26 12:0 a.m.10 views

Woo Custom Checkout Field <= 1.3.4 - CSRF & Stored XSS

Due to a lack of CSRF mitigation and entity encoding in the ccfinsert function found on line 118 of include/ccf.php and in the output generated by template/datagrid.php, it is possible to store and execute scripts in the context of an admin user...

7.5AI score
Exploits0References3
wpexploit
wpexploit
added 2016/07/19 12:0 a.m.16 views

Woo Email Control <= 1.01 - Reflected Cross-Site Scripting (XSS) & CSRF

Due to a lack of encoding and CSRF mitigation in the testemail function found on line 106 of classes/class-wooctrl.php, it is possible to automate a request to the AJAX handler for the wooctrlsendtestemail action which will reflect the specified script back to the end user...

7.3AI score
Exploits0References1
Total number of security vulnerabilities4359