Lucene search
K
WpvulndbMost viewed

14602 matches found

WPVulnDB
WPVulnDB
added 2014/08/01 12:0 a.m.6996 views

Adserve 0.2 - adclick.php SQL Injection Exploit

The wp-adserve WordPress plugin was affected by an adclick.php SQL Injection Exploit security vulnerability...

7.5CVSS2.9AI score0.02742EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
added 2017/04/12 12:0 a.m.4279 views

Multiple BestWebSoft Plugins - Authenticated Cross-Site Scripting (XSS)

PoC http://www.example.com/wp-admin/admin.php?page=bwspanel=%22%3E%3C%2Fscript%3E%3Cscript%3Ealert%2842%29%3C%2Fscript%3E...

4.3CVSS0.6AI score0.01757EPSS
Exploits1References2Affected Software53
WPVulnDB
WPVulnDB
added 2015/02/11 12:0 a.m.3396 views

WordPress Uninstall <= 1.1 - WordPress Deletion via CSRF

Any registered user can delete all WordPress database tables and files. PoC This request makes it possible: http://wp.dev/wp-admin/admin-ajax.php?action=uninstall...

5.8CVSS0.8AI score0.0061EPSS
Exploits1Affected Software1
WPVulnDB
WPVulnDB
added 2023/05/17 12:0 a.m.2126 views

WP < 6.2.1 - Directory Traversal via Translation Files

Description WordPress is affected by a directory traversal via the wplang parameter, which could allow attacker to load arbitrary translation files...

6.1CVSS5.6AI score0.79527EPSS
Exploits7References1
WPVulnDB
WPVulnDB
added 2019/02/16 12:0 a.m.2011 views

Launcher: Coming Soon & Maintenance Mode <= 1.0.10 - Multiple Stored XSS

The Launcher: Coming Soon & Maintenance Mode WordPress plugin was affected by a Multiple Stored XSS security vulnerability...

3.5CVSS2.2AI score0.00924EPSS
Exploits1References2Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/30 12:0 a.m.1331 views

WordPress < 6.4.3 - Admin+ PHP File Upload

Description WordPress allows high privileged users Admin / Super Admin on Mulsitite to upload PHP files directly via the plugin/theme upload feature. Note: Such issue is only a concern on hardened blogs where such users are not allowed to install plugins/themes...

6.6AI score
Exploits0References1
WPVulnDB
WPVulnDB
added 2022/08/30 12:0 a.m.1066 views

WP < 6.0.2 - SQLi via Link API

Description The getbookmarks function does not validate and escape a parameter before using it in a SQL statement, which could lead to SQL injection when user input is passed to it directly or via wplistbookmarks for example...

7.9AI score
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/01/30 12:0 a.m.913 views

WordPress < 6.4.3 - Deserialization of Untrusted Data

Description WordPress does not sanitizes options when installing and upgrading itself before serializing them, which could allow high privileged users such as admin to perform PHP Object Injection attack...

7.3AI score
Exploits0References1
WPVulnDB
WPVulnDB
added 2023/05/22 12:0 a.m.800 views

Revolution Slider <= 6.6.12 - Author+ Remote Code Execution

The plugin does not check for valid image files upon import, leading to an arbitrary file upload which may be escalated to Remote Code Execution in some server configurations. By default, the import functionality is only available to Admin users. However, the plugin may be configured to allow...

8.8CVSS9.5AI score0.0254EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2024/06/25 12:0 a.m.791 views

WordPress < 6.5.5 - Contributor+ Path Traversal in Template-Part Block

Description WordPress does not properly escape the "file" attribute in the "Template Part block" allowing high-privileged users to perform Path Traversal on Windows servers, leading to arbitrary File Reads...

7.2AI score
Exploits0References1
WPVulnDB
WPVulnDB
added 2017/06/22 12:0 a.m.780 views

WP Rocket <= 2.10.3 - Local File Inclusion (LFI)

Requires older versions of PHP that are vulnerable to null byte injection...

5CVSS2.9AI score0.03327EPSS
Exploits1References2Affected Software1
WPVulnDB
WPVulnDB
added 2021/08/09 12:0 a.m.770 views

ProfilePress < 3.1.11 - Unauthenticated Cross-Site Scripting (XSS) in tabbed login/register widget

The plugin's widget for tabbed login/register was not properly escaped and could be used in an XSS attack which could lead to wp-admin access. Further, the plugin in several places assigned $POST as $GET which meant that in some cases this could be replicated with just $GET parameters and no need...

6.1CVSS0.5AI score0.01491EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2021/04/15 12:0 a.m.729 views

WordPress 5.6-5.7 - Authenticated XXE Within the Media Library Affecting PHP 8

Description A user with the ability to upload files like an Author can exploit an XML parsing issue in the Media Library leading to XXE attacks. WordPress used an audio parsing library called ID3 that was affected by an XML External Entity XXE vulnerability affecting PHP versions 8 and above. Thi...

7.1CVSS6.5AI score0.85719EPSS
Exploits20References6
WPVulnDB
WPVulnDB
added 2023/05/17 12:0 a.m.714 views

WP < 6.2.2 - Shortcode Execution in User Generated Data

Description WordPress allows shortcode to be executed in user generated data via block themes, which could allow unauthenticated users to execute shortcode via comments for instance...

7.4AI score
Exploits0References2
WPVulnDB
WPVulnDB
added 2021/09/09 12:0 a.m.695 views

WordPress 5.4 to 5.8 - Data Exposure via REST API

Description On September 9, 2021 WordPress version 5.8.1 was released fixing three vulnerabilities. The official blog post states: "Props @mdawaffe, member of the WordPress Security Team for their work fixing a data exposure vulnerability within the REST API."...

5.3CVSS5.5AI score0.02207EPSS
Exploits0References3
WPVulnDB
WPVulnDB
added 2014/08/01 10:58 a.m.613 views

tiny-url <= 1.3.2 - XSS in ZeroClipboard

The Tiny URL WordPress plugin was affected by a XSS in ZeroClipboard security vulnerability...

4.3CVSS1.7AI score0.06316EPSS
Exploits4References2Affected Software1
WPVulnDB
WPVulnDB
added 2022/12/13 12:0 a.m.570 views

WP <= 6.2 - Unauthenticated Blind SSRF via DNS Rebinding

Description WordPress is affected by an unauthenticated blind SSRF in the pingback feature. Because of a TOCTOU race condition between the validation checks and the HTTP request, attackers can reach internal hosts that are explicitly forbidden. PoC...

5.9CVSS5.7AI score0.0315EPSS
Exploits5References1
WPVulnDB
WPVulnDB
added 2021/04/15 12:0 a.m.555 views

WordPress 4.7-5.7 - Authenticated Password Protected Pages Exposure

Description The Latest Posts block in the WordPress editor can be exploited in a way that exposes password-protected posts and pages via the posts REST API when the "edit" context was used. This requires at least contributor privileges. PoC 1. As one user, create a new password protected post...

6.5CVSS5.3AI score0.02331EPSS
Exploits1References4
WPVulnDB
WPVulnDB
added 2022/10/19 12:0 a.m.538 views

WP < 6.0.3 - Email Address Disclosure via wp-mail.php

Description WordPress discloses the sender's email address via wp-mail.php...

7.1AI score
Exploits0References2
WPVulnDB
WPVulnDB
added 2022/12/27 12:0 a.m.520 views

Sitemap < 4.4 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. PoC pagelist...

5.4CVSS1.8AI score0.00471EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2015/10/13 12:0 a.m.514 views

Akismet 2.5.0-3.1.4 - Unauthenticated Stored Cross-Site Scripting (XSS)

The Akismet WordPress plugin, between versions 2.5.0 and 3.1.4, was found to be affected by an Unauthenticated Stored Cross-Site Scripting XSS vulnerability...

4.3CVSS2.5AI score0.00963EPSS
Exploits1References2Affected Software1
WPVulnDB
WPVulnDB
added 2021/05/13 12:0 a.m.510 views

WordPress 3.7 to 5.7.1 - Object Injection in PHPMailer

Description WordPress versions 3.7 to 5.7.1 were using a vulnerable version of the PHPMailer library, which was affected by a PHP Object Injection vulnerability through Phar Deserialization via addAttachment with a UNC pathname. To fix the vulnerability the PHPMailer library was updated from...

9.8CVSS8.9AI score0.03095EPSS
Exploits0References4
WPVulnDB
WPVulnDB
added 2022/10/19 12:0 a.m.456 views

WP < 6.0.3 - SQLi in WP_Date_Query

Description WP does not properly sanitize the relation passed to WPDateQuery, which could lead to SQL injection...

8.1AI score
Exploits0References2
WPVulnDB
WPVulnDB
added 2023/09/11 12:0 a.m.453 views

WooCommerce < 7.9 - Unauthenticated Sensitive Information Disclosure

Description The plugin does not properly apply CORS on some of its API endpoints, allowing attackers to leak customers PII information...

7AI score
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2022/05/03 12:0 a.m.429 views

Smush < 3.9.9 - Admin+ Reflected Cross-Site Scripting

The plugin does not sanitise and escape a configuration parameter before outputting it back in an admin page when uploading a malicious preset configuration, leading to a Reflected Cross-Site Scripting. For the attack to be successful, an attacker would need an admin to upload a malicious...

6.1CVSS1.2AI score0.00757EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2020/04/30 12:0 a.m.413 views

WordPress < 5.4.1 - Unauthenticated Users View Private Posts

Description This could have allowed unauthenticated users to view private posts by manipulating time and date queries...

7.5CVSS6.4AI score0.02334EPSS
Exploits0References4
WPVulnDB
WPVulnDB
added 2022/10/19 12:0 a.m.409 views

WP < 6.0.3 - CSRF in wp-trackback.php

Description There is no CSRF check in the wp-trackback.php which could allow attackers to make user perform unwanted actions via a CSRF attack...

7AI score
Exploits0References2
WPVulnDB
WPVulnDB
added 2024/03/13 12:0 a.m.397 views

Contact Form 7 < 5.9.2 - Reflected Cross-Site Scripting

Description The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against administrators. PoC...

6.1CVSS6.1AI score0.013EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/06/25 12:0 a.m.381 views

WordPress < 6.5.5 - Contributor+ Stored XSS in HTML API

Description WordPress does not properly escape URL attributes in the HTML API, allowing high-privileged users to perform Stored Cross-Site Scripting XSS attacks...

5.7AI score
Exploits0References1
WPVulnDB
WPVulnDB
added 2021/11/25 12:0 a.m.373 views

WordPress < 5.8 - Plugin Confusion

Description WordPress before 5.8 lacks support for the Update URI plugin header. This makes it easier for remote attackers to execute arbitrary code via a supply-chain attack against WordPress installations that use any plugin for which the slug satisfies the naming constraints of the WordPress.o...

9.8CVSS9AI score0.28983EPSS
Exploits1References1
WPVulnDB
WPVulnDB
added 2020/10/29 12:0 a.m.368 views

WordPress < 5.5.2 - XML-RPC Privilege Escalation

Description The release notes state: "Thanks to Justin Tran who reported an issue surrounding privilege escalation in XML-RPC. He also found and disclosed an issue around privilege escalation around post commenting via XML-RPC."...

9.8CVSS9.5AI score0.05016EPSS
Exploits0References3
WPVulnDB
WPVulnDB
added 2022/01/06 12:0 a.m.356 views

WordPress < 5.8.3 - Super Admin Object Injection in Multisites

Description On a multisite, users with Super Admin role can bypass explicit/additional hardening under certain conditions through object injection...

7.2CVSS7.5AI score0.03695EPSS
Exploits1References2
WPVulnDB
WPVulnDB
added 2020/06/11 12:0 a.m.355 views

WordPress < 5.4.2 - Disclosure of Password-Protected Page/Post Comments

Description Props to Carolina Nymark for discovering an issue where comments from password-protected posts and pages could be displayed under certain conditions...

5.3CVSS5.4AI score0.01932EPSS
Exploits0References2
WPVulnDB
WPVulnDB
added 2014/08/01 10:59 a.m.352 views

NOSpamPTI 2.1 - wp-comments-post.php comment_post_ID Parameter SQL Injection

The nospampti WordPress plugin was affected by a wp-comments-post.php commentpostID Parameter SQL Injection security vulnerability...

7.5CVSS2.7AI score0.02854EPSS
Exploits6References2Affected Software1
WPVulnDB
WPVulnDB
added 2020/12/17 12:0 a.m.350 views

Contact Form 7 < 5.3.2 - Unrestricted File Upload

The popular WordPress plugin, Contact Form 7 was found to be vulnerable to Unrestricted File Upload. PoC Append a unicode special character from U+0000 null to U+001F us to a filename and upload it via the ContactForm7 upload feature...

10CVSS2AI score0.89626EPSS
Exploits4References3Affected Software1
WPVulnDB
WPVulnDB
added 2023/05/17 12:0 a.m.346 views

WP < 6.2.1 - Contributor+ Content Injection

Description WordPress does not properly sanitise block attributes, which could allow users with a role of Contributor and above to perform content injection in comments on blog using a theme compatible with a block editor...

7.3AI score
Exploits0References1
WPVulnDB
WPVulnDB
added 2020/10/29 12:0 a.m.345 views

WordPress < 5.5.2 - Unauthenticated DoS Attack to RCE

Description The release notes state: "Props to Omar Ganiev who reported a method where a DoS attack could lead to RCE." The attack consisted of creating a DoS condition on the MySQL database, which would make WordPress think that it has not been installed, presenting the installation wizard. The...

9.8CVSS9.2AI score0.0774EPSS
Exploits0References4
WPVulnDB
WPVulnDB
added 2022/03/11 12:0 a.m.338 views

WordPress < 5.9.2 / Gutenberg < 12.7.2 - Prototype Pollution via Gutenberg’s wordpress/url package

Description The @wordpress/url package used in WordPress and the Gutenberg plugin is affected by a Prototype Pollution issue...

7.1AI score
Exploits0References2
WPVulnDB
WPVulnDB
added 2023/05/17 12:0 a.m.324 views

WP < 6.2.1 - Thumbnail Image Update via CSRF

Description WordPress does not have CSRF check when updating the thumbnail image associated with existing attachments, which could allow attackers to make logged in admins update them via a CSRF attack...

7AI score
Exploits0References1
WPVulnDB
WPVulnDB
added 2022/01/06 12:0 a.m.324 views

WordPress < 5.8.3 - SQL Injection via WP_Query

Description Due to improper sanitization in WPQuery, there can be cases where SQL injection is possible through plugins or themes that use it in a certain way...

8CVSS7.9AI score0.97795EPSS
Exploits14References2
WPVulnDB
WPVulnDB
added 2023/10/13 12:0 a.m.321 views

WP 5.6-6.3.1 - Reflected XSS via Application Password Requests

Description WordPress does not sanitise and escape the successurl and rejecturl parameters before outputting it back in the page when requesting application passwords, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

6.3AI score
Exploits0References1
WPVulnDB
WPVulnDB
added 2017/05/16 12:0 a.m.308 views

LayerSlider <= 6.2.0 - CSRF / Authenticated Stored XSS & SQL Injection

The LayerSlider WordPress plugin was affected by a CSRF / Authenticated Stored XSS & SQL Injection security vulnerability...

3.6AI score
Exploits0References2Affected Software1
WPVulnDB
WPVulnDB
added 2022/10/19 12:0 a.m.301 views

WP < 6.0.3 - Data Exposure via REST Terms/Tags Endpoint

Description The REST Terms/Tags Endpoint does not have proper authorisation in place, which could allow unauthorised users to access sensitive information...

6.6AI score
Exploits0References2
WPVulnDB
WPVulnDB
added 2024/04/10 12:0 a.m.301 views

WP < 6.5.2 - Unauthenticated Stored XSS

Description WordPress does not escape the Author name of its Avatar block when some settings are enabled, leading to Stored Cross-Site Scripting. In a default setup, contributor and above users could perform such attack. However, if the blog is using the mentioned settings in the comment template...

6.3AI score
Exploits0References1
WPVulnDB
WPVulnDB
added 2022/02/28 12:0 a.m.299 views

BookingPress < 1.0.11 - Unauthenticated SQL Injection

The plugin fails to properly sanitize user supplied POST data before it is used in a dynamically constructed SQL query via the bookingpressfrontgetcategoryservices AJAX action available to unauthenticated users, leading to an unauthenticated SQL Injection PoC - Create a new "category" and...

9.8CVSS3AI score0.37171EPSS
Exploits11References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/29 12:0 a.m.271 views

All in One SEO – Best WordPress SEO Plugin – Easily Improve SEO Rankings & Increase Traffic < 4.6.1.1 - Contributor+ Stored Cross-Site Scripting via Shortcode

Description The All in One SEO – Best WordPress SEO Plugin – Easily Improve SEO Rankings & Increase Traffic plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes insufficient input sanitization and output escaping on user supplied attributes. This makes it...

6.4CVSS5.7AI score0.00457EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
added 2020/04/30 12:0 a.m.270 views

WordPress < 5.4.1 - Password Reset Tokens Failed to Be Properly Invalidated

Description When a user requested a password reset link, but did not use it and instead reset their password by logging in, the password reset link would still be usable. This could give an attacker a larger attack window to obtain the password reset link. However, the attacker must first have...

8.1CVSS6.6AI score0.13625EPSS
Exploits3References4
WPVulnDB
WPVulnDB
added 2021/02/14 12:0 a.m.266 views

Zebra_Form Library <= 2.9.8 - Reflected Cross-Site Scripting (XSS)

The ZebraForm PHP library v2.9.8 latest and below, used by some WordPress plugins, is affected by reflected Cross-Site Scripting issues in its process.php file. There is currently no patch available and the removal of this library is recommended. PoC Via $GET'form': Via $GET'control': POST...

0.9AI score
Exploits0References2Affected Software5
WPVulnDB
WPVulnDB
added 2022/06/20 12:0 a.m.262 views

WP OAuth Server ( Login with WordPress ) < 4.0.1 - Authentication Bypass

The plugin is affected by an Auth Bypass security vulnerability. To bypass authentication, we only need to know the user’s username. Depending on whose username we know, which can be easily queried because it is usually public data, we may even be given an administrative role on the client’s...

9.8CVSS1.7AI score0.01025EPSS
Exploits1Affected Software1
WPVulnDB
WPVulnDB
added 2023/01/23 12:0 a.m.261 views

Lightweight Accordion < 1.5.15 - Contributor+ Stored XSS

The plugin does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks PoC Exploit Additional CSS classes for "Lightweight...

5.4CVSS5AI score0.00562EPSS
Exploits2Affected Software1
Total number of security vulnerabilities5000