4359 matches found
Essential Real Estate <= 1.7.1 - XSS
Multiple XSS across the plugin Example: https:///wp-admin/edit.php?poststatus=all&posttype=userpackage&packageuser="&filteraction=Filter&paged=1 https:///wp-admin/edit.php?poststatus=all&posttype=property&propertyauthor="&propertyidentity&filteraction=Filter&paged=1...
Export Users to CSV <= 1.1.1 - CSV Injection
WordPress Export users to CSV plugin version 1.1.1. and before are affected by Remote Code Execution through the CSV injection vulnerability. This allows an application user to inject commands as part of the fields of his profile and these commands are executed when a user with greater privilege...
Photo Gallery by WD <= 1.3.66 - Cross-Site Scripting (XSS)
User input gets first escaped with eschtml and then urldecoded. This leads to the possibility of reflected XSS with a double url encoded payload...
RegistrationMagic - Custom Registration Forms <= 3.8.0.4 - Authenticated Reflected XSS
The RegistrationMagic – Custom Registration Forms and User Login WordPress plugin was affected by a Custom Registration Forms = 3.8.0.4 - Authenticated Reflected XSS security vulnerability. GET...
Invite Anyone <= 1.3.18 - Unauthenticated PHP Object Injection
The plugin invite-anyone insecurely trusts serialized data submitted over HTTP requests. This opens up the site to a PHP object injection vulnerability potential exploit vector. Similar to previous attacks, you send a cookie named "invite-anyone" with serialized data for your target object...
Task Manager Pro <= 1.3.1 - Authenticated Cross-Site Scripting (XSS)
Multiple authenticated XSS vulnerabilities found logged as a low privileged user. Authenticated Stored XSS: Logged as a follower, the lowest privileged user. Write the payload in the 'Add a comment' section Authenticated Reflected XSS On task-edit, task-details, project-details pages:...
Viral Optins - Arbitrary File Upload
Affected versions and whether the issue has been remediated is unclear as the vendor website does not exist anymore. Upload!...
Photo Gallery by WD <= 1.3.35 - Authenticated SQL Injection
http://www.defensecode.com/advisories/DC-2017-02-011WordPressWebDoradoGalleryPluginAdvisory.pdf http://www.vulnerablesite.com/wp-admin/admin-ajax.php?action=addAlbumsGalleries&albumid=0%20AND%20SELECT%20%20FROM%20SELECTSLEEP5VvZV&width=700&height=550&bwgitemsperpage=20&bwgnonce=b939983df9&TBifram...
Mini Cart Plugin 1.00.1 - Authenticated SQL Injection
$REQUESTitem is not escaped. Url is accessible for user collaborator above. Url vulnerable : http://target/wp-admin/edit.php?page=mini-cart/itemform.php=0=edit...
W3 Total Cache <= 0.9.4.1 – Authenticated Arbitrary File Download
When you're creating a support ticket in the plugin page, you can add one or more of your your template themes. Then this file will be send to the author to help him resolving the issue. Now you select one, you send the form and same as for the files before, you will send it to the author to help...
Truemag Theme - Unauthenticated Reflected Cross-Site Scripting (XSS)
The truemag WordPress theme was affected by an Unauthenticated Reflected Cross-Site Scripting XSS security vulnerability. http://WP/?s="%20alertdocument.cookie...
WP Multiple Meta Box 1.0 - Authenticated Blind SQL Injection
The multi-meta-box WordPress plugin was affected by an Authenticated Blind SQL Injection security vulnerability. http://www.example.com/wp-admin/admin.php?page=multimetaboxlisting&action=edit&id=1 AND SELECT FROM SELECTSLEEP5Etmx...
Royal Slider <= 3.2.6 - Authenticated Cross-Site Scripting (XSS)
The vulnerability exists due to insufficient sanitation of user-supplied data in "rstype" HTTP GET parameter when creating / editing a slider. A remote attacker can trick a logged-in administrator to open a specially crafted link and execute arbitrary HTML and script code in browser in context of...
WP-Polls <= 2.70 - Stored Cross-Site Scripting (XSS)
The /wp-admin/admin.php?page=wp-polls%2Fpolls-add.php page is vulnerable to XSS within the pollqquestion and pollaanswers parameters. Add a new poll with the question or answer as...
Image Export <= 1.1.0 - Directory Traversal
The image-export WordPress plugin was affected by a Directory Traversal security vulnerability. $ curl http://www.example.com/wp-content/plugins/image-export/download.php?file=/etc/passwd...
Multiple Themes - Privilige Escalation
The themes suffer from a privilege escalation vulnerability, any authenticated user can trigger this vulnerability due to weak permissions checking. An attacker can update options, such as changing user's default role, registration state and others, which may lead to executing commands/code on th...
wp-instance-rename <= 1.0 - Arbitrary File Download
The wp-instance-rename WordPress plugin was affected by an Arbitrary File Download security vulnerability. url --data "dbname=wp&dumpfname=/etc/passwd&backupfolder=." http://www.example.com/wp-instance-rename/mysqldumpdownload.php -o p.zip...
Zip Attachments <= 1.1.4 - Arbitrary File Download
The zip-attachments plugin allows arbitrary file downloads because it does not check the download path of the requested file. http://www.example.com/wp-content/plugins/zip-attachments/download.php?zafile=../../../../../etc/passwd&zafilename=passwd...
Visual Form Builder <= 2.8.2 - SQL Injection & Reflected XSS
The Visual Form Builder WordPress plugin was affected by a SQL Injection & Reflected XSS security vulnerability. SQL Injection ------------- http://www.example.com/wp-admin/admin.php?page=visual-form-builder&form-filter=1+or+1%3D2...
Modern Theme <= 1.4.1 - DOM Cross-Site Scripting (XSS)
The Modern WordPress theme was affected by a DOM Cross-Site Scripting XSS security vulnerability. http://www.example.com/wp-content/themes/modern/genericons/example.html...
N-Media Website Contact Form with File Upload <= 1.3.4 - Arbitrary File Upload
The "uploadfile" ajax function is affected from unrestricted file upload vulnerability. curl -k -X POST -F "action=upload" -F "Filedata=@./backdoor.php" -F "action=nmwebcontactuploadfile" http://www.example.com/wp-admin/admin-ajax.php Response:...
WPtouch <= 3.6.6 - Unvalidated Open Redirect
The WPtouch WordPress plugin was affected by an Unvalidated Open Redirect security vulnerability. http://www.example.com/?wptouchswitch=mobile&redirect=http%3A%2F%2Fdomain.com...
5star by Templatic - CSRF File Upload
Description The 5star WordPress theme was affected by a Templatic Theme CSRF File Upload security vulnerability. File Access: https://example.com/wp-content/themes/5star/images/tmp/yourshell.php...
Video Posts Webcam Recorder < 1.55.5 - Unauthenticated Reflected Cross-Site Scripting (XSS)
The Video Posts Webcam Recorder WordPress plugin was affected by a Cross-Site Scripting XSS security vulnerability. https://example.com/wp-content/plugins/video-posts-webcam-recorder/posts/videowhisper/rlogout.php?message=message'//...
Barclaycart - Unauthenticated Shell Upload
The Barclaycart WordPress plugin was found to be vulnerable to an Unauthenticated Shell Upload security vulnerability, due to using a vulnerable version of the third-party uploadify dependency. This issue has been seen exploited in the wild. "@$uploadfile",...
Community Events <= 1.2.1 - SQL Injection
The Community Events WordPress plugin was affected by a SQL Injection security vulnerability. curl --data "id=-1 AND EXTRACTVALUE1, CONCATCHAR58,@@version,CHAR58-- " http://www.site.com/wp-content/plugins/community-events/tracker.php...
Quick Chat <= 4.14 - Authenticated Stored Cross-Site Scripting
An Authenticated Persistent XSS vulnerability is present in the the plugin options page /wp-admin/options-general.php?page=quick-chat/quick-chat.php, vulnerable fields: «Chat name prefix for guest users», «Advertisement code for your AdSense». The PoC will be displayed once the issue has been...
Quick Chat <= 4.14 - Unauthenticated Stored Cross-Site Scripting
An Unauthenticated Persistent XSS vulnerability was discovered in the Quick Chat plugin v4.14 for WordPress. The PoC will be displayed once the issue has been remediated...
NextGEN Gallery Sell Photo <= 1.0.4 - Authenticated Stored Cross-Site Scripting
The Button Text/Image field in Settings page of Sell Photos Plugin was found to be vulnerable to stored XSS, as they did not sanitize user given input properly. It is triggered when a users loads a page where the plugin is used, and when an admin opens settings page of the plugin. The PoC will be...
Konzept < 2.5 - Unauthenticated Reflected XSS
An Unauthenticated Reflected XSS vulnerability was discovered in the Konzept theme through 2.3 for WordPress. /?s=%22%3E%3Cimg+src%3Dx+onerror%3Dalert%60XSS%60%3B%3E...
Kormosala – Job Board < 1.0.23 - Unauthenticated Reflected XSS
Unauthenticated Reflected XSS vulnerability was discovered in the «Kormosala – Job Board WordPress Theme», tested version — v1.0.22...
Jetapo < 1.1 - Unauthenticated Reflected Cross-Site Scripting (XSS)
An Unauthenticated Reflected XSS vulnerability was discovered in the Jetapo theme through 1.0.0 for WordPress. https://jetapo.inwavethemes.com/jobs/?location=%22%20autofocus%20onfocus=alertXSS;%20%22%3E...
Mailster Gravity Forms < 2.4.9 - Unauthenticated Stored Cross-Site Scripting (XSS)
Mailster 1 is a newsletter plugin for WordPress. It allows to create, send and track the newsletter campaigns. Compass Security identified a stored Cross-Site Scripting XSS vulnerability affecting the administration interface. Successful exploitation requires no authentication and can be performe...
Brizy - Page Builder < 1.0.114 - Unauthenticated Site Settings Update
Edit WPscanTeam The plugin fails to restrict access to the site settings page, allowing unauthenticated users to change them, such as site title, description as well as put XSS payload in the footer, leading to Unauthenticated Stored XSS issues. As we saw probes in the wild checking for the issue...
Portfolio Filter Gallery < 1.1.3 - CSRF & Reflected XSS
Lack of CSRF checks on the Filters page could allow attackers to add/edit/update/delete categories and delete all categories, as well as perform reflected XSS attacks. v1.0.8 fixed the reflected XSS, however no CSRF check on delete and deleteallcategory actions v1.1.0 released, no additional fix...
bbPress Members Only <= 1.2.1 - CSRF on Optional Settings page
The plugin does not prevent Cross-Site Request Forgery attacks on its 'Optional Settings' page...
Groundhogg <= 1.3.11.3 - Authenticated SQL Injection
Wordpress Groundhogg plugin with a version lower than 1.3.11.3 is affected by an Authenticated SQL Injection vulnerability. Exploit Title: Wordpress Groundhogg /wp-admin/admin.php?page=ghbulkjobs&action=ghexportcontacts&optinstatus%5B0%5D=selectfromselectsleep20a&optinstatus%5B1%5D=0 - The respon...
Image Intense <= 3.2.5 - Authenticated SQL Injection in shortcodes
The vendor does not consider it to be a vulnerability, it remains unfixed. SQL Injection in handling of the "etpbimagen10s" shortcode. The last version at the time of the original advisory, 3.2.5, is known to be affected. etpbsection bbbuilt="1"etpbrowetpbcolumn type="44"etpbimagen10s...
Supreme Directory Theme <= 1.1.8 - Unauthenticated Cross-Site Scripting (XSS)
This theme has a parameter, s, that allows execute a xss payload: " 1. Install the theme 2. Access the web on another browser 3. Write this uri: website.com/?s="alert0...
Church Admin 0.33.2.1 - Unauthenticated Directory Traversal
The "key" parameter of download.php from plugins/church-admin/display/download.php is not sanitized and is vulnerable to a directory traversal type of attack. http:///wp-content/plugins/church-admin/display/download.php?key=../../../../../../../etc/passwd...
woocommerce-csvimport 3.3.6 – Authenticated Arbitrary File Deletion
Type user access: any user registered. $POST'filename' is not escaped. Code File: wp-content/plugins/woocommerce-csvimport/export/include/classes/woocsvExport.php Line:64 public function deleteexportfile if isset $POST'filename' @unlink $POST'filename' ; wpdie 0 ; Result: wp-config.php file delet...
Ultimate Instagram Feed <= 1.3.1 - Authenticated Cross-Site Scripting (XSS)
In regards to https://wpvulndb.com/vulnerabilities/8947, the XSS vulnerability remains in 1.3 and 1.3.1 as the author passes GET'accesstoken' to sanitizetextfield. However, the value is inserted into an attribute of an element, and sanitizetextfield does not filter for quotes single or double...
Simple Events Calendar <= 1.3.5 - Authenticated SQL Injection
Type user access: administrator user. $POST‘eventid’ is not escaped. File / Code: Path Request: /wp-content/plugins/simple-events-calendar/simple-events-calendar.php Line : 467 $editevent = $POST'eventid'; $update = $wpdb-getresults " SELECT FROM $tablename WHERE id = $editevent ", "ARRAYA" ;...
WP Statistics <= 12.0.8.1 - Authenticated Reflected Cross-Site Scripting (XSS)
Version 12.0.8.1 and below of the WP Statistics WordPress Plugin was found to be vulnerable to Authenticated Reflected Cross-Site Scripting XSS. The 'ip' GET parameter on the 'wpsvisitorspage' page is output to a page without first being validated, sanitised or output encoded. This leads to...
All-in-One WP Migration <= 6.45 - Reflected Cross-Site Scripting (XSS)
All-in-One WP Migration is vulnerable to Reflected Cross-Site Scripting on secretkey parameter. http://example.com/wp-admin/admin-ajax.php?action=ai1wmstatus&secretkey="!--...
Javo Spot Premium Theme - Unauthenticated Directory Traversal
Print out any file in the via an unauthenticated AJAX request. /wp-admin/admin-ajax.php? jvfrmspotgetjson&fn=../../wp-config.php&callback=jQuery...
WP Support Plus Responsive Ticket System < 8.0.0 – Authenticated SQL Injection
Type user access: any user. $POST‘catid’ is not escaped. Is accessible for any user...
Single Personal Message 1.0.3 – Authenticated SQL Injection
Type user access: any user. $GET‘message’ is not escaped. Is accessible for every registered user. http://www.example.com/wp-admin/admin.php?page=simple-personal-message-outbox&action=view&message=0%20UNION%20SELECT%201,2.3,name,5,slug,7,8,9,10,11,12%20FROM%20wpterms%20WHERE%20termid=1...
Form Lightbox - Arbitrary Option Update Leading to Admin Account
This is a plugin that is no longer in the WordPress repository, however, is still in use on some sites. With this vulnerability an attacker can update any option in the WordPress database. This includes gaining an admin access. Using the file ajax.php that contains the following line: updateoptio...
Indexisto WordPress Site Search <= 1.0.5 - Unauthenticated Reflected Cross-Site Scripting (XSS)
The indexisto WordPress plugin was affected by an Unauthenticated Reflected Cross-Site Scripting XSS security vulnerability. http://www.example.com/wp-content/plugins/indexisto/assets/js/indexisto-inject.php?indexistoindex="alert1;"...