Lucene search
K
WpvulndbMost viewed

14602 matches found

WPVulnDB
WPVulnDB
added 2019/12/13 12:0 a.m.38 views

WordPress <= 5.3 - Authenticated Stored XSS via Crafted Links

Description The function wptargetedlinkrel can be used in a particular way to result in a Stored Cross-Site Scripting XSS vulnerability. PoC This is a PoC for a Stored XSS...

6.1CVSS6.8AI score0.02762EPSS
Exploits1References4
WPVulnDB
WPVulnDB
added 2019/12/13 12:0 a.m.38 views

WordPress <= 5.3 - Authenticated Stored XSS via Block Editor Content

Description WordPress users with lower privileges like contributors can inject JavaScript code in the block editor using a specific payload, which is executed within the dashboard. This can lead to XSS if an admin opens the post in the editor. Execution of this attack does require an authenticate...

5.8CVSS5.5AI score0.01718EPSS
Exploits0References2
WPVulnDB
WPVulnDB
added 2019/09/26 12:0 a.m.38 views

GiveWp < 2.5.5 - Authentication Bypass

The weakness allowed unauthenticated users to bypass API authentication methods and potentially access personally identifiable user information PII like names, addresses, IP addresses, and email addresses which should not be publicly accessible...

5CVSS4.5AI score0.02456EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
added 2015/03/25 12:0 a.m.38 views

NextGEN Gallery < 2.0.77.3 - CSRF & Arbitrary File Upload

There are two vulnerabilities which can allow an attacker to gain full access over the web application. The vulnerabilities lie in how the application validates user uploaded files and lack of security measures preventing unwanted HTTP requests...

1.4AI score0.01927EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2014/08/01 10:59 a.m.38 views

allure-real-estate-theme-for-placester <= 0.1.1 - XSS in ZeroClipboard.swf

The Allure Real Estate Theme for Placester WordPress theme was affected by a XSS in ZeroClipboard.swf security vulnerability...

2.1AI score
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2014/08/01 10:58 a.m.38 views

java-trackback <= 0.2 - XSS in ZeroClipboard

The java-trackback WordPress plugin was affected by a XSS in ZeroClipboard security vulnerability...

4.3CVSS1.8AI score0.06316EPSS
Exploits4References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/14 12:0 a.m.37 views

Insert or Embed Articulate Content into WordPress <= 4.3000000023 - Author+ Upload to RCE

Description The plugin is not properly filtering which file extensions are allowed to be imported on the server, allowing the uploading of malicious code within zip files PoC Note: This must be tested on a web server running Apache 1 Create a new post 2 Add e-Learning block to the post and upload...

6.5AI score0.00936EPSS
Exploits3References1
WPVulnDB
WPVulnDB
added 2024/02/26 12:0 a.m.37 views

NotificationX – Best FOMO, Social Proof, WooCommerce Sales Popup & Notification Bar Plugin With Elementor < 2.8.3 - Unauthenticated SQL Injection

Description The NotificationX – Best FOMO, Social Proof, WooCommerce Sales Popup & Notification Bar Plugin With Elementor plugin for WordPress is vulnerable to SQL Injection via the 'type' parameter in all versions up to, and including, 2.8.2 due to insufficient escaping on the user supplied...

9.8CVSS7.8AI score0.77434EPSS
Exploits3References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/17 12:0 a.m.37 views

popup-builder < 4.2.6 - Admin+ SSRF & File Read

Description The plugin does not validate a parameter before making a request to it, which could allow users with the administrator role to perform SSRF attack in Multisite WordPress configurations. PoC 1. Create a multi-site wordpress setup, i.e. using docker-containers, and setup a second "site"...

6.5AI score0.00812EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2023/12/21 12:0 a.m.37 views

Essential Blocks < 4.4.3 - Unauthenticated Local File Inclusion

Description The plugin does not prevent unauthenticated attackers from overwriting local variables when rendering templates over the REST API, which may lead to Local File Inclusion attacks. PoC curl --url...

9.8CVSS6.5AI score0.50673EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/12/08 12:0 a.m.37 views

PowerPack Pro for Elementor < 2.9.24 - Reflected Cross-Site Scripting

Description The PowerPack Pro for Elementor plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 2.9.23 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web script...

7.1CVSS6.5AI score0.00416EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/12/08 12:0 a.m.37 views

JetElements For Elementor < 2.6.13.1 - Missing Authorization to Unauthenticated Arbitrary Attachment Download

Description The JetElements plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on an unknown function in all versions up to, and including, 2.6.13. This makes it possible for unauthenticated attackers to download arbitrary attachments...

7.1AI score0.00399EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/29 12:0 a.m.37 views

Booster for WooCommerce < 7.1.2 - Authenticated (Subscriber+) Information Disclosure via Shortcode

Description The Booster for WooCommerce for WordPress is vulnerable to Information Disclosure via the 'wcjgetoption' shortcode in versions up to, and including, 7.1.1 due to insufficient controls on the information retrievable via the shortcode. This makes it possible for authenticated attackers,...

6.5CVSS6.3AI score0.00615EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/23 12:0 a.m.37 views

UserPro < 5.1.2 - Insecure Password Reset Mechanism

Description The UserPro plugin for WordPress is vulnerable to unauthorized password resets in versions up to, and including 5.1.1. This is due to the plugin using native password reset functionality, with insufficient validation on the password reset function userproprocessform. The function uses...

9.8CVSS8.2AI score0.00903EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/23 12:0 a.m.37 views

UserPro < 5.1.5 - Authenticated (Subscriber+) Privilege Escalation

Description The UserPro plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 5.1.4 due to insufficient restriction on the 'userproupdateuserprofile' function. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber,...

8.8CVSS7AI score0.00923EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/09/11 12:0 a.m.37 views

WooCommerce < 8.1.1 - Shop Manager+ User Metadata Disclosure

Description The plugin returns all user metadata via an AJAX action, which could allow users with a role as low as Shop Manager to access an arbitrary user's metadata which could include tokens and other potentially sensitive data PoC As a shop manager or product vendor admin: Edit an order/creat...

7.1AI score
Exploits0References2Affected Software1
WPVulnDB
WPVulnDB
added 2023/07/06 12:0 a.m.37 views

FluentSMTP < 2.2.5 - Unauthenticated Stored Cross-Site Scripting

The plugin does not adequately sanitize and escape input in the email subject, making it possible to inject arbitrary web scripts that execute when a user accesses the affected page...

7.2CVSS6.9AI score0.00599EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/05/04 12:0 a.m.37 views

Metform Elementor Contact Form Builder < 3.3.2 - Unauthenticated Permalink Structure Update

The plugin does not properly implement capability checks on the permalinksetup function, leading to unauthorized permalink structure updates...

6.5CVSS6.8AI score0.00629EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/03/22 12:0 a.m.37 views

LiteSpeed Cache <= 5.3 - CSRF

The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...

8.8CVSS6.7AI score0.00264EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/01/30 12:0 a.m.37 views

BackupBuddy < 8.8.3 - Multiple Reflected Cross-Site Scripting

The plugin does not sanitise and escape some parameters before outputting them back in various places, leading to Reflected Cross-Site Scripting PoC Make a logged in admin/SA open one of the URL below: v -...

6.1CVSS6.3AI score0.00858EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2023/01/26 12:0 a.m.37 views

Bootstrap Shortcodes <= 3.4.0 - Contributor+ Stored XSS via Shortcode

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks PoC As a Contributor+ create a new post and...

5.4CVSS5AI score0.00471EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2023/01/12 12:0 a.m.37 views

Html5 Audio Player < 2.1.12 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. PoC h5apinlineplayer src="invalid'...

5.4CVSS2.8AI score0.00573EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/11/07 12:0 a.m.37 views

Checkout Field Editor for WooCommerce < 1.8.0 - Admin+ PHP Object Injection

The plugin unserialize user input provided via the settings, which could allow high privilege users such as admin to perform PHP Object Injection when a suitable gadget is present PoC To simulate a gadget chain, put the following code in a plugin class Evil public function wakeup : void...

7.2CVSS2.3AI score0.01141EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/08/30 12:0 a.m.37 views

WP < 6.0.2 - Authenticated Stored Cross-Site Scripting

Description There is a lack of escaping of the meta keys and values in themeta function, which could lead to Cross-Site Scripting issue...

6.5AI score
Exploits0References1
WPVulnDB
WPVulnDB
added 2022/08/23 12:0 a.m.37 views

All-in-One WP Migration < 7.63 - Unauthenticated Reflected XSS

The plugin uses the wrong content type for, and does not properly escape the response from the ai1wmexport action, allowing an attacker to craft a request that when submitted by any visitor will inject arbitrary html or javascript into the response that will be executed in the victims session. Po...

1.3AI score0.01204EPSS
Exploits3Affected Software1
WPVulnDB
WPVulnDB
added 2022/08/01 12:0 a.m.37 views

Duplicator < 1.4.7.1 - Unauthenticated System Information Disclosure

The plugin does not authenticate or authorize visitors before displaying information about the system such as server software, php version and full file system path to the site. PoC 1. curl 'http://example.com/wp-content/backups-dup-lite/dup-installer/main.installer.php?view=1' 2. curl -d view...

5.3CVSS2.6AI score0.08415EPSS
Exploits5References2Affected Software1
WPVulnDB
WPVulnDB
added 2022/05/19 12:0 a.m.37 views

Google Tag Manager for WordPress < 1.15.1 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape the s parameter before outputting it back in a page when the search data is included in the data layer related settings is Basic data Search data...

6.1CVSS1AI score0.90154EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2022/03/28 12:0 a.m.37 views

Tatsu < 3.3.12 - Unauthenticated RCE

The plugin addcustomfont action can be used without prior authentication to upload a rogue zip file which is uncompressed under the WordPress's upload directory. By adding a PHP shell with a filename starting with a dot ".", this can bypass extension control implemented in the plugin. Moreover,...

8.1CVSS8.3AI score0.83535EPSS
Exploits9References1Affected Software1
WPVulnDB
WPVulnDB
added 2022/02/01 12:0 a.m.37 views

MasterStudy LMS < 2.7.6 - Unauthenticated Admin Account Creation

The plugin does to validate some parameters given when registering a new account, allowing unauthenticated users to register as an admin PoC The nonce value of the stmlmsregister request must be retrieved from the ajax page. for this you should check the home page POST...

9.8CVSS0.7AI score0.84943EPSS
Exploits8References1Affected Software1
WPVulnDB
WPVulnDB
added 2022/02/01 12:0 a.m.37 views

Conversios.io < 4.6.2 - Subscriber+ SQL Injection

The plugin does not sanitise, validate and escape the syncprogressivedata parameter for the tvcajaxproductsyncbantchwise AJAX action before using it in a SQL statement, allowing any authenticated user to perform SQL injection attacks. Note: The vendor was notified multiple times since November 6t...

8.8CVSS1.1AI score0.01297EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2019/12/13 12:0 a.m.37 views

WordPress <= 5.3 - Authenticated Improper Access Controls in REST API

Description An unprivileged user could make a post sticky via the REST API. Authenticated users who do not have the rights to publish a post were able to mark posts as sticky or unsticky via the REST API. For example, the contributor role does not have such rights, but this allowed them to bypass...

5CVSS6.5AI score0.02475EPSS
Exploits0References2
WPVulnDB
WPVulnDB
added 2018/04/04 12:0 a.m.37 views

WordPress 3.7-4.9.4 - Use Safe Redirect for Login

Description Use safe redirects when redirecting the login page if SSL is forced...

6.1CVSS6.2AI score0.03398EPSS
Exploits0References2
WPVulnDB
WPVulnDB
added 2017/09/27 12:0 a.m.37 views

WordPress 4.2.3-4.8.1 - Authenticated Cross-Site Scripting (XSS) in Visual Editor

Description A cross-site scripting XSS vulnerability was discovered in the visual editor. Reported by Rodolfo Assis @brutelogic of Sucuri Security...

6.1CVSS6.3AI score0.02657EPSS
Exploits0References3
WPVulnDB
WPVulnDB
added 2023/12/09 12:0 a.m.36 views

Download Manager < 3.2.83 - Unauthenticated Protected File Download Password Leak

Description The plugin does not protect file download's passwords, leaking it upon receiving an invalid one. PoC 223 being the ID of a password protected download: curl -X POST --data 'wpdmID=223=json=wpdmgetlink=wpdmajaxcall=123322' https://example.com/wp-json/wpdm/validate-password The response...

7.5CVSS6.7AI score0.02437EPSS
Exploits3Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/24 12:0 a.m.36 views

Elements kit Elementor addons < 2.9.2 - Missing Authorization

Description The plugin is vulnerable to unauthorized admin notice dismissal due to a missing capability check on the dismissajaxcall function, making it possible for authenticated attackers, with subscriber-level access and above, to dismiss notices intended for admins...

6.8AI score0.00296EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/23 12:0 a.m.36 views

ProductX – Gutenberg WooCommerce Blocks < 3.0.0 - Missing Authorization via option_data_save

Description The ProductX – Gutenberg WooCommerce Blocks plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the optiondatasave function in versions up to, and including, 2.7.8. This makes it possible for authenticated attackers, with...

6.7AI score0.0033EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/23 12:0 a.m.36 views

Tilda Publishing <= 0.3.21 - Missing Authorization

Description The Tilda Publishing plugin for WordPress is vulnerable to unauthorized access, modification, and loss of data due to missing capability checks on several functions hooked via AJAX actions such as 'ajaxexportfile,' 'ajaxsync,' 'ajaxgetkeys,' 'ajaxswitcherstatus,' and more in versions ...

6.7AI score0.00333EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2023/11/23 12:0 a.m.36 views

WooCommerce <= 8.1.1 & WooCommerce Blocks <= 11.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Featured Image alt Attribute

Description The WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a featured image 'alt' attribute in versions up to, and including, 8.1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.5CVSS5.9AI score0.00697EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/06/19 12:0 a.m.36 views

tagDiv Cloud Library < 2.7 - Unauthenticated Arbitrary User Metadata Update to Privilege Escalation

The plugin does not have authorisation and CSRF in an AJAX action accessible to both unauthenticated and authenticated users, allowing unauthenticated users to change arbitrary user metadata, which could lead to privilege escalation by setting themselves as an admin of the blog. PoC To set the us...

8.8CVSS9.2AI score0.00474EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2023/06/19 12:0 a.m.36 views

WooCommerce Product Vendors < 2.1.79 - ShopManager+ SQLi

The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as ShopManager PoC As ShopManager, open the URL below...

7.4AI score0.00579EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/04/03 12:0 a.m.36 views

WPCode Lite < 2.0.9 - Arbitrary Log File Deletion via CSRF

The plugin has a flawed CSRF when deleting log, and does not ensure that the file to be deleted is inside the expected folder. This could allow attackers to make users with the wpcodeactivatesnippets capability delete arbitrary log files on the server, including outside of the blog folders PoC Ma...

6.5CVSS6.7AI score0.00307EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2023/02/14 12:0 a.m.36 views

NextGEN Gallery < 3.29 - Thumbnail Deletion via CSRF

The plugin does not have CSRF checks when deleting Thumbnail, which could allow attackers to make logged in users with the editPost capability to perform such action via a CSRF attack...

4.3CVSS5.7AI score0.00229EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/02/07 12:0 a.m.36 views

Wicked Folders < 2.18.17 - Subscriber+ Folder Structure Update

The plugin does not have authorisation check when managing its folder structure such as moving, deleting, creating etc folders, which could allow any authenticated users, such as subscriber to perform such actions...

5.4CVSS5.3AI score0.00601EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2022/12/23 12:0 a.m.36 views

MonsterInsights < 8.9.1 - Stored Cross-Site Scripting via Google Analytics

The plugin does not sanitize or escape page titles in the top posts/pages section, allowing an unauthenticated attacker to inject arbitrary web scripts into the titles by spoofing requests to google analytics. PoC 1. Open a WP page with the plugin and Google analytics installed and search for...

6.1CVSS6.1AI score0.01339EPSS
Exploits3Affected Software1
WPVulnDB
WPVulnDB
added 2022/12/22 12:0 a.m.36 views

Carousel, Slider, Gallery by WP Carousel < 2.5.3 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. PoC Exploit...

5.4CVSS1.8AI score0.00471EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/10/10 12:0 a.m.36 views

Newspaper < 12 - Reflected Cross-Site Scripting

Description The theme does not sanitise a parameter before outputting it back in an HTML attribute via an AJAX action, leading to a Reflected Cross-Site Scripting PoC Affected parameter: acts.tdatts.imagesize...

6.1CVSS6.1AI score0.00551EPSS
Exploits2
WPVulnDB
WPVulnDB
added 2022/07/26 12:0 a.m.36 views

Coming Soon - Under Construction <= 1.2.0 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitize and escape some of its settings, which could allow high-privileged users to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed PoC As admin, put the following payload in the "More text information" settings of the plugin: The XSS will be...

4.8CVSS2.1AI score0.00513EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2021/10/11 12:0 a.m.36 views

Pie Register < 3.7.1.6 - Unauthenticated Arbitrary Login

The plugin has a flaw in the social login implementation, allowing unauthenticated attacker to login as any user on the site by only knowing their user ID or username PoC /pie-register-login/ is the login page of the plugin, ie the one with pieregisterlogin v 3.7.1.5 POST /pie-register-login/...

8.1CVSS2.8AI score0.08377EPSS
Exploits3Affected Software1
WPVulnDB
WPVulnDB
added 2021/09/13 12:0 a.m.36 views

EditorsKit < 1.31.6 - Contributor+ Arbitrary PHP Code Execution

The plugin does not sanitise and validate the Conditional Logic of the Custom Visibility settings, allowing users with a role as low contributor to execute Arbitrary PHP code PoC As a contributor, create/edit a post and put the below code while in Code Editor mode: \n aa \n Save or Preview the...

8.8CVSS2.4AI score0.01753EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2021/06/14 12:0 a.m.36 views

wpForo Forum < 1.9.7 - Open Redirect

The plugin did not validate the redirectto parameter in the login form of the forum, leading to an open redirect issue after a successful login. Such issue could allow an attacker to induce a user to use a login URL redirecting to a website under their control and being a replica of the legitimat...

6.1CVSS0.7AI score0.03379EPSS
Exploits2Affected Software1
Total number of security vulnerabilities5000