Lucene search
K

265634 matches found

Nuclei
Nuclei
added 20 hours ago57 views

WordPress Nirweb Support <2.8.2 - SQL Injection

WordPress Nirweb support plugin before 2.8.2 contains a SQL injection vulnerability. The plugin does not sanitize and escape a parameter before using it in a SQL statement via an AJAX action. An attacker can possibly obtain sensitive information from a database, modify data, and/or execute...

9.8CVSS7.1AI score0.12408EPSS
Exploits2References5
Nuclei
Nuclei
added 20 hours ago61 views

WordPress KiviCare <2.3.9 - SQL Injection

WordPress KiviCare plugin before 2.3.9 contains a SQL injection vulnerability. The plugin does not sanitize and escape some parameters before using them in SQL statements via the ajaxpost AJAX action with the getdoctordetails route. An attacker can possibly obtain sensitive information, modify...

9.8CVSS7.1AI score0.12619EPSS
Exploits2References5
Nuclei
Nuclei
added 20 hours ago91 views

WordPress Simple File List <3.2.8 - Local File Inclusion

WordPress Simple File List before 3.2.8 is vulnerable to local file inclusion via the eeFile parameter in the /includes/ee-downloader.php due to missing controls which make it possible for unauthenticated attackers retrieve arbitrary files. id: CVE-2022-1119 info: name: WordPress Simple File List...

7.5CVSS7.1AI score0.19958EPSS
Exploits2References5
Nuclei
Nuclei
added 20 hours ago67 views

WordPress Stop Bad Bots <6.930 - SQL Injection

WordPress Stop Bad Bots plugin before 6.930 contains a SQL injection vulnerability. The plugin does not properly sanitise and escape the fingerprint parameter before using it in a SQL statement via the stopbadbotsgravafingerprint AJAX action, available to unauthenticated users. An attacker can...

9.8CVSS7.1AI score0.07867EPSS
Exploits2References5
Nuclei
Nuclei
added 20 hours ago161 views

UpdraftPlus < 1.22.9 - Cross-Site Scripting

The plugin does not sanitise and escape the updraftinterval parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting XSS vulnerability. id: CVE-2022-0864 info: name: UpdraftPlus 1.22.9 - Cross-Site Scripting author: DhiyaneshDk severity: medium description...

6.1CVSS6.4AI score0.07355EPSS
Exploits4References4
Nuclei
Nuclei
added 20 hours ago76 views

Pie Register < 3.7.1.6 - Unauthenticated Arbitrary Login

The Registration Forms User profile, Content Restriction, Spam Protection, Payment Gateways, Invitation Codes WordPress plugin before 3.1.7.6 has a flaw in the social login implementation, allowing unauthenticated attacker to login as any user on the site by only knowing their user ID or username...

8.1CVSS6.9AI score0.08377EPSS
Exploits3References3
Nuclei
Nuclei
added 20 hours ago99 views

WordPress All-in-One WP Migration <=7.62 - Cross-Site Scripting

WordPress All-in-One WP Migration plugin 7.62 and prior contains a cross-site scripting vulnerability. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials a...

4.7CVSS6.1AI score0.01204EPSS
Exploits3References5
Nuclei
Nuclei
added 20 hours ago85 views

WordPress WOOCS < 1.3.7.5 - Cross-Site Scripting

WordPress WOOCS plugin before 1.3.7.5 is susceptible to cross-site scripting. The plugin does not sanitize and escape the woocsinordercurrency parameter of the woocsgetproductspricehtml AJAX action, available to both unauthenticated and authenticated users, before outputting it back in the...

6.1CVSS6AI score0.01798EPSS
Exploits2References5
Nuclei
Nuclei
added 20 hours ago64 views

Multiple Shipping Address Woocommerce < 2.0 - SQL Injection

The Multiple Shipping Address Woocommerce plugin before 2.0 does not properly sanitize and escape numerous parameters before using them in SQL statements via some AJAX actions available to unauthenticated users, leading to unauthenticated SQL injections. id: CVE-2022-0783 info: name: Multiple...

9.8CVSS7.1AI score0.07866EPSS
Exploits2References2
Nuclei
Nuclei
added 20 hours ago62 views

WordPress WP-Ban <1.69.1 - Stored Cross-Site Scripting

WordPress WP-Ban plugin before 1.69.1 contains a stored cross-site scripting vulnerability. The plugin does not sanitize and escape some of its settings, which can allow high-privilege users to steal cookie-based authentication credentials and launch other attacks. This vulnerability can be...

4.8CVSS6AI score0.00851EPSS
Exploits2References4
Nuclei
Nuclei
added 20 hours ago70 views

WordPress Transposh <=1.0.8.1 - Information Disclosure

WordPress Transposh plugin through is susceptible to information disclosure via the AJAX action tphistory, which is intended to return data about who has translated a text given by the token parameter. However, the plugin also returns the user's login name as part of the userlogin attribute. If a...

5.3CVSS6.8AI score0.0305EPSS
Exploits4References5
Nuclei
Nuclei
added 20 hours ago117 views

WordPress Site Editor <=1.1.1 - Local File Inclusion

WordPress Site Editor through 1.1.1 allows remote attackers to retrieve arbitrary files via the ajaxpath parameter to editor/extensions/pagebuilder/includes/ajaxshortcodepattern.php. id: CVE-2018-7422 info: name: WordPress Site Editor =1.1.1 - Local File Inclusion author: LuskaBol,0x240x23elu...

7.5CVSS7.1AI score0.63102EPSS
Exploits7References5
Nuclei
Nuclei
added 20 hours ago41 views

WordPress WP Fastest Cache <= 0.9.0.2 - Authenticated Arbitrary File Deletion

The WP Fastest Cache plugin for WordPress is vulnerable to unauthorized arbitrary file deletion in versions up to, and including, 0.9.0.2 due to a lack of capability checking and insufficient path validation. This makes it possible for authenticated users with minimal permissions to delete...

8.1CVSS6.2AI score0.01367EPSS
Exploits1References4
Nuclei
Nuclei
added 20 hours ago42 views

WordPress Catch Breadcrumb <1.5.4 - Cross-Site Scripting

WordPress Catch Breadcrumb plugin before 1.5.4 contains a reflected cross-site scripting vulnerability via the s parameter a search query. Also affected are 16 themes if the plugin is enabled: Alchemist and Alchemist PRO, Izabel and Izabel PRO, Chique and Chique PRO, Clean Enterprise and Clean...

6.1CVSS6.4AI score0.03611EPSS
Exploits2References5
Nuclei
Nuclei
added 20 hours ago51 views

Adminimize 1.7.22 - Cross-Site Scripting

A cross-site scripting vulnerability in adminimize/adminimizepage.php in the Adminimize plugin before 1.7.22 for WordPress allows remote attackers to inject arbitrary web script or HTML via the page parameter. id: CVE-2011-4926 info: name: Adminimize 1.7.22 - Cross-Site Scripting author: daffainf...

4.3CVSS6.2AI score0.10911EPSS
Exploits1References5
Nuclei
Nuclei
added 20 hours ago36 views

Featurific For WordPress 1.6.2 - Cross-Site Scripting

A cross-site scripting vulnerability in cachedimage.php in the Featurific For WordPress plugin 1.6.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the snum parameter. id: CVE-2011-5265 info: name: Featurific For WordPress 1.6.2 - Cross-Site Scripting author:...

4.3CVSS6.2AI score0.09964EPSS
Exploits0References4
Nuclei
Nuclei
added 20 hours ago43 views

Good Layers LMS Plugin <= 2.1.4 - SQL Injection

An unauthenticated SQL Injection vulnerability in Good Layers LMS Plugin = 2.1.4 exists due to the usage of "wpajaxnopriv" call in WordPress, which allows any unauthenticated user to get access to the function "gdlrlmscancelbooking" where POST Parameter "id" was sent straight into SQL query witho...

9.8CVSS7.1AI score0.1064EPSS
Exploits2References3
Nuclei
Nuclei
added 20 hours ago68 views

WordPress Daily Prayer Time <2022.03.01 - SQL Injection

WordPress Daily Prayer Time plugin prior to 2022.03.01 contains a SQL injection vulnerability.. It does not sanitise and escape the month parameter before using it in a SQL statement via the getmonthlytimetable AJAX action, available to unauthenticated users, leading to SQL injection. id:...

9.8CVSS7.1AI score0.09103EPSS
Exploits2References5
Nuclei
Nuclei
added 20 hours ago67 views

WordPress Related Posts <2.1.3 - Stored Cross-Site Scripting

WordPress Related Posts plugin prior to 2.1.3 contains a cross-site scripting vulnerability in the rp4wpheadingtext parameter. User input is not properly sanitized, allowing the insertion of arbitrary code that can allow an attacker to steal cookie-based authentication credentials and launch othe...

5.5CVSS6.3AI score0.01113EPSS
Exploits1References5
Nuclei
Nuclei
added 20 hours ago102 views

Photo Gallery by 10Web < 1.6.0 - SQL Injection

The Photo Gallery by 10Web WordPress plugin before 1.6.0 does not validate and escape the bwgtagidbwgthumbnails0 parameter before using it in a SQL statement via the bwgfrontenddata AJAX action available to unauthenticated and authenticated users, leading to an unauthenticated SQL injection id:...

9.8CVSS7.1AI score0.74615EPSS
Exploits4References4
Rows per page
Query Builder