14602 matches found
SportsPress < 2.7.2 - Authenticated Stored Cross-Site Scripting
Any user with the role of administrator or League Manager is able to store XSS payloads in the custom delimiter setting of events pages. This will then execute on all events pages on the website. PoC Video PoC: https://youtu.be/J8QZ8S6CiS8...
Blog2Social: Social Media Auto Post & Scheduler < 6.3.1 - Authenticated SQL Injection
SQL Injection in the Blog2Social plugin 6.3.0 for WordPress exists via Re-Share Posts feature. PoC Please refer to the video below for steps to reproduce and demonstration of automatic exploit with sqlmap. - Mega.nz: https://mega.nz/file/mt1gFYTKe3XkA-zY0cCApTYlLZktRZ4Q4vchVhbPsNqQC6CKORo -...
Page Builder: PageLayer - Drag and Drop website builder < 1.1.2 - CSRF leading to XSS
A flaw allowed attackers to forge a request on behalf of a site’s administrator to modify the settings of the plugin which could allow for malicious Javascript injection. PoC...
Page Builder by SiteOrigin < 2.10.16 - CSRF to Reflected Cross-Site Scripting (XSS)
Flaws in the live editor and actionbuildercontent functions of the plugin "allow attackers to forge requests on behalf of a site administrator and execute malicious code in the administrator’s browser. The attacker needs to trick a site administrator into executing an action, like clicking a link...
Media Library Assistant < 2.82 - Unauthenticated Limited Local File Inclusion
The Media Library Assistant plugin before 2.82 for WordPress suffers from a Local File Inclusion vulnerability in mlagallery link=download. PoC The LFI is restricted to the "wp-content" directory...
Elementor Page Builder < 2.9.6 - Authenticated Safe Mode Privilege Escalation
The Elementor WordPress plugin could allow an authenticated user to enable Safe Mode. This could allow the user to then disable plugins, which could include security plugins, which would weaken the overall security of the site...
LearnPress < 3.2.6.7 - Privilege Escalation
Any authenticated user can change its role to an instructor/teacher and gain access to otherwise restricted data...
wpCentral < 1.5.1 - Improper Access Control to Privilege Escalation
The flaw allowed anybody to escalate their privileges to those of an administrator, as long as subscriber-level registration was enabled on a given WordPress site with the vulnerable plugin installed. PoC 1. Log in as Subscriber. 2. Scrape the page /wp-admin/index.php for the connection key. i.e...
WP Database Reset < 3.15 - Privilege Escalation
This flaw "allowed any authenticated user, even those with minimal permissions, the ability to grant their account administrative privileges while dropping all other users from the table with a simple request." PoC Login as a subscriber then send the following request:...
Ultimate FAQ < 1.8.30 - Unauthenticated Reflected XSS
The HTML code generated by the FAQ shortcode does not sanitise the DisplayFAQ GET parameter, leading to an unauthenticated reflected Cross-Site Scripting issue on pages where such shortcode is used. PoC Append the following payload on a page where a FAQ is embedded: ?DisplayFAQ=...
bbPress Login Register Links On Forum Topic Pages <= 2.7.5 - CSRF to Stored XSS
Lack of CSRF checks in the plugin's settings allow arbitrary change of the settings, which can also lead to stored XSS issues. PoC The payload below will result in a stored XSS in the 'Style Customize' page...
ListingPro < 2.0.14.5 - Reflected & Persistent Cross-Site Scripting
Reflected & Persistent XSS was discovered in the 'ListingPro - WordPress Directory Theme'. Current version is 2.0.14.2 August 9th 2019. Edit WPScanTeam: November 29th, 2019 - Envato Informed November 29th, 2019 - Envato Investigating December 4th, 2019 - v2.0.14.3 Released, fixing the reflected X...
Motors Car Dealer & Classified Ads < 1.4.1 - Multiple Issues
- Unauthenticated plugin's settings import/export leading to stored XSS - Authenticated settings import - Unsanitised inputs - Authenticated options change...
Login Or Logout Menu Item <= 1.1.1 - Unauthenticated Options Change
The Login or Logout Menu Item WordPress plugin was affected by an Unauthenticated Options Change security vulnerability...
WPS Child Themes Generator <= 1.1 - Path Traversal
The WPS Child Theme Generator WordPress plugin was affected by a Path Traversal security vulnerability...
Breadcrumbs by menu <= 1.0.1 - Multiple Issues
XSS, CSRF leading to options update...
WPGraphQL <= 0.2.3 - Multiple Vulnerabilities
Without authorisation, weak access controls allow us to: Create administrative users Post comments on articles bypassing article restrictions and global moderation Retrieve content of password-protected posts/articles/pages Retrieve full list of registered users in the platform Retrieve full list...
Forminator <= 1.5.4 - Authenticated Multiple Vulnerabilities
The Forminator – Contact Form, Payment Form & Custom Form Builder WordPress plugin was affected by an Authenticated Multiple Vulnerabilities security vulnerability...
Contact Form Email <= 1.2.65 - Multiple Cross-Site Scripting (XSS) & CSRF
The Contact Form Email WordPress plugin was affected by a Multiple Cross-Site Scripting XSS & CSRF security vulnerability. PoC http://www.example.com/wp-admin/admin.php?page=cpcontactformtoemail=1=1='"...
WP Google Maps <= 7.10.41 - Cross-Site Scripting (XSS)
The WP Google Maps WordPress plugin was affected by a Cross-Site Scripting XSS security vulnerability...
Wise Chat <= 2.6.3 - Reverse Tabnabbing
The Wise Chat WordPress plugin was affected by a Reverse Tabnabbing security vulnerability...
WP Ultimate Exporter < 1.4.2 - CSRF
The Export WordPress Data with Advanced Filters WordPress plugin was affected by a CSRF security vulnerability...
Google XML Sitemaps <= 4.0.9 - Authenticated Cross-Site Scripting (XSS)
According to the changelog: 4.1.0 2018-12-18 - Fixed security issue related to escaping external URLs - Fixed security issue related to option tags in forms...
WP Payeezy Pay < 2.98 - Local File Inclusion
The WP Payeezy Pay WordPress plugin was affected by a Local File Inclusion security vulnerability...
Arigato Autoresponder and Newsletter <= 2.5.1.8 - Authenticated Blind SQL Injection & Multiple XSS
The Arigato Autoresponder and Newsletter WordPress plugin was affected by an Authenticated Blind SQL Injection & Multiple XSS security vulnerability...
LoginPress <= 1.1.13 - Unauthorized Blind SQL Injection
The Custom Login Page Customizer | LoginPress WordPress plugin was affected by an Unauthorized Blind SQL Injection security vulnerability...
Ninja Forms <= 3.3.17 - Unauthenticated Cross-Site Scripting (XSS)
According to the changelog: "Patched a redirect XSS vulnerability using code injection on our submissions page."...
Media File Manager <= 1.4.2 - Authenticated Multiple Vulnerabilities
Following the PoC you can combine the vulnerabilities to obtain PHP code execution and read sensitive file. By default the File Manager can only be used by Administrator users, however, any user role can be configured to use it. PoC Diretory Trasversal: POST /wordpress/wp-admin/admin-ajax.php...
WooCommerce <= 3.4.5 - Authenticated File Deletion to Privilege Escalation
Attackers in control of a user with the shop manager role can delete certain files on the server and then take over any victim account...
File Manager < 3.1 - CSRF to Stored Cross-Site Scripting
The plugin is lacking CSRF as well as sanitisation checks, allowing attackers to perform CSRF attacks against logged in administrators and set an XSS payload in the publicpath setting. PoC...
All In One Favicon <= 4.6 - Multiple Stored Authenticated XSS
Authenticated Stored Cross-Site Scripting XSS in 8 parameters: backendApple-Text backendGIF-Text backendICO-Text backendPNG-Text frontendApple-Text frontendGIF-Text frontendICO-Text frontendPNG-Text PoC " "...
Advanced Order Export For WooCommerce <= 1.5.4 - CSV Injection
The Advanced Order Export For WooCommerce WordPress plugin was affected by a CSV Injection security vulnerability...
wpForo Forum <= 1.4.11 - Unauthenticated Reflected Cross-Site Scripting (XSS)
Version 1.4.11, and below, of the wpForo Forum WordPress Plugin were found to be vulnerable to Reflected Cross-Site Scripting XSS. The vulnerability was due to the Plugin using the $SERVER'REQUESTURI' PHP variable to create a URL string that was later output within HTML without any output encodin...
JS Job <= 1.0.6 - CSRF
The JS Job Manager WordPress plugin was affected by a CSRF security vulnerability...
Membermouse < 2.2.9 - Blind SQL Injection
Note: It seems like the affected plugin is the premium version from https://membermouse.com, the free one has been closed as of v1.2.0...
UK Cookie Consent <= 2.3.9 - Authenticated Stored Cross-Site Scripting (XSS)
A persistent cross-site scripting vulnerability has been identified in the web interface of the plugin that allows the execution of arbitrary HTML/script code to be executed in a victim's web browser. Tested on version 2.3.9 older versions may also be affected PoC 1 Access WordPress control panel...
WordPress 3.7-4.9.4 - Remove localhost Default
Description Don't treat localhost as same host by default...
WordPress 3.7-4.9.4 - Escape Version in Generator Tag
Description Make sure the version string is correctly escaped for use in generator tags...
WP Retina 2x <= 5.2.0 - Cross-Site Scripting (XSS)
The WP Retina 2x WordPress plugin was affected by a Cross-Site Scripting XSS security vulnerability...
BuddyBoss Media <= 3.2.3 - Stored XSS
The album description does not perform input / output validation. According to the researcher: No reply from vendor. Issue not patched. Vulnerability can be exploited by any user. Form not vulnerable to CSRF. PoC '"...
AccessPress Anonymous Post Pro < 3.2.0 - Unauthenticated Arbitrary File Upload
Improper sanitization allows the attacker to override the settings for allowed file extensions and upload file size. This allows the attacker to upload anything they want, bypassing the filters. PoC OST /wp-admin/admin-ajax.php?action=apfileuploadactionuploadernonce=nonce=php=64000 HTTP/1.1...
Z-URL Preview <= 1.6.2 - Cross-Site Scripting (XSS)
The Z-URL Preview WordPress plugin was affected by a Cross-Site Scripting XSS security vulnerability...
Max Mega Menu <= 2.3.8 - Authenticated XSS
The Max Mega Menu WordPress plugin was affected by an Authenticated XSS security vulnerability...
Post Pay Counter < 2.731 - PHP Obj Injection & Access Control Issues
The Post Pay Counter WordPress plugin was affected by a PHP Obj Injection & Access Control Issues security vulnerability...
Liveforms < 3.4.0 - XSS
The Live Forms – Easy Drag and Drop Form Builder Plugin for WordPress WordPress plugin was affected by a XSS security vulnerability...
Weblibrarian < 3.4.8.6 - XSS
The WebLibrarian WordPress plugin was affected by a XSS security vulnerability...
Popup Maker <= 1.6.4 - Authenticated Cross-Site Scripting (XSS)
The Popup Maker – Popup Forms, Opt-ins & More WordPress plugin was affected by an Authenticated Cross-Site Scripting XSS security vulnerability...
WordPress Plugin IBPS Online Exam <= 1.0 - Authenticated SQL Injection / Cross-Site Scripting
Exploit Author: 8bitsec Contact Author: https://twitter.com/8bitsec Stored XSS on exam input textfields and Blind SQL Injection on 'examappUserResult' page 'id' parameter. PoC Authenticated Stored XSS: Logged as a student: Write the payload in the input textfields while attempting an exam. The...
Postman SMTP Mailer/Email Log - Cross-Site Scripting (XSS)
The postman-smtp WordPress plugin was affected by a Cross-Site Scripting XSS security vulnerability...
Easy Team Manager 1.3.2 - Authenticated Blind SQL Injection
The easy-team-manager WordPress plugin was affected by an Authenticated Blind SQL Injection security vulnerability...