Lucene search
K
WpvulndbMost viewed

14602 matches found

WPVulnDB
WPVulnDB
added 2017/03/09 12:0 a.m.19 views

CopySafe Web Protection <= 2.5 - Cross-Site Request Forgery (CSRF)

The CopySafe Web Protection WordPress plugin was affected by a Cross-Site Request Forgery CSRF security vulnerability...

4.3CVSS2.9AI score0.00802EPSS
Exploits1References3Affected Software1
WPVulnDB
WPVulnDB
added 2017/03/07 12:0 a.m.19 views

Ninja Forms < 3.0.31 - XSS

The Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress WordPress plugin was affected by a XSS security vulnerability...

4.3CVSS2.1AI score0.00915EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2017/03/03 12:0 a.m.19 views

Adminer <= 1.4.5 - Security Bypass

The plugin is still affected and has been closed. PoC https://example.com/wp-content/plugins/adminer/inc/editor/index.php...

0.5AI score
Exploits0References2Affected Software1
WPVulnDB
WPVulnDB
added 2017/03/01 12:0 a.m.19 views

Popup by Supsystic <= 1.7.8 - Cross-Site Request Forgery (CSRF)

The Popup by Supsystic WordPress plugin was affected by a Cross-Site Request Forgery CSRF security vulnerability...

6.8CVSS2.6AI score0.0068EPSS
Exploits0References2Affected Software1
WPVulnDB
WPVulnDB
added 2017/02/24 12:0 a.m.19 views

GD Rating System < 2.1 - XSS

The GD Rating System WordPress plugin was affected by a XSS security vulnerability...

4.3CVSS2.2AI score0.00905EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2017/02/15 12:0 a.m.19 views

Posts In Page < 1.3.0 - Directory Traversal

The Posts in Page WordPress plugin was affected by a Directory Traversal security vulnerability...

5.5CVSS3.3AI score0.01976EPSS
Exploits1Affected Software1
WPVulnDB
WPVulnDB
added 2016/12/15 12:0 a.m.19 views

Quiz And Survey Master < 4.7.9 - Stored Cross-Site Scripting (XSS) & CSRF

The Quiz And Survey Master – Best Quiz, Exam and Survey Plugin for WordPress WordPress plugin was affected by a Stored Cross-Site Scripting XSS & CSRF security vulnerability...

4.3CVSS1.7AI score0.01016EPSS
Exploits1References2Affected Software1
WPVulnDB
WPVulnDB
added 2016/12/09 12:0 a.m.19 views

Multisite Post Duplicator <= 0.9.5.1 - Cross-Site Request Forgery (CSRF)

The Multisite Post Duplicator WordPress plugin was affected by a Cross-Site Request Forgery CSRF security vulnerability...

6.8CVSS2.5AI score0.00732EPSS
Exploits1References2Affected Software1
WPVulnDB
WPVulnDB
added 2016/10/10 12:0 a.m.19 views

Photoxhibit <= 2.1.8 - Reflected XSS Issues

Plugin is still affected and has been closed...

4.3CVSS2.4AI score0.03558EPSS
Exploits2References3Affected Software1
WPVulnDB
WPVulnDB
added 2016/09/22 12:0 a.m.19 views

Google Document Embedder < 2.6.1 - XSS

The Google Doc Embedder WordPress plugin was affected by a XSS security vulnerability...

4.3CVSS1.9AI score0.00951EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2016/06/06 12:0 a.m.19 views

OneLogin SAML SSO <= 2.1.8 - Provisioned User Hardcoded Password

The OneLogin SAML SSO WordPress plugin was affected by a Provisioned User Hardcoded Password security vulnerability...

5CVSS1.2AI score0.01679EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2016/05/11 12:0 a.m.19 views

enhanced-tooltipglossary <= 3.3.4 - XSS

The CM Tooltip Glossary WordPress plugin was affected by a XSS security vulnerability...

4.3CVSS1.9AI score0.04426EPSS
Exploits1References2Affected Software1
WPVulnDB
WPVulnDB
added 2016/05/10 12:0 a.m.19 views

All In One WP Security And Firewall < 4.0.9 - Multiple SQL Injections

The All In One WP Security & Firewall WordPress plugin was affected by a Multiple SQL Injections security vulnerability...

7.5CVSS1.9AI score0.01869EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2016/05/06 12:0 a.m.19 views

safe-editor <= 1.1 - Unauthenticated CSS/JS-injection

When saving JS/CSS in this plugin then both private and public ajax-hooks are being used. Because of this anyone can post JS/CSS that are saved to the db and printed to the head and footer portion of the page. PoC In the file "index.php" in root folder on line 188 and 189 you can see that both...

4.3CVSS6.5AI score0.01506EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2016/04/12 12:0 a.m.19 views

MiniMax <= 2.0.2 - Unauthenticated Reflected Cross-Site Scripting (XSS)

The page-layout-builder WordPress plugin was affected by an Unauthenticated Reflected Cross-Site Scripting XSS security vulnerability. PoC http://www.example.com/wp-content/plugins/page-layout-builder/includes/layout-settings.php?layoutsettingsid=""...

4.3CVSS0.7AI score0.03462EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2016/04/12 12:0 a.m.19 views

defa-online-image-protector <= 3.3 - Unauthenticated Reflected Cross-Site Scripting (XSS)

The defa-online-image-protector WordPress plugin was affected by an Unauthenticated Reflected Cross-Site Scripting XSS security vulnerability. PoC http://www.example.com/wp-content/plugins/defa-online-image-protector/redirect.php?r=""...

4.3CVSS0.6AI score0.03236EPSS
Exploits2References2Affected Software1
WPVulnDB
WPVulnDB
added 2016/04/12 12:0 a.m.19 views

Easy Contact Form Builder <= 1.0 - Unauthenticated Reflected Cross-Site Scripting (XSS)

The tidio-form WordPress plugin was affected by an Unauthenticated Reflected Cross-Site Scripting XSS security vulnerability. PoC http://www.example.com/wp-content/plugins/tidio-form/popup-insert-help.php?formId=""...

4.3CVSS0.4AI score0.04173EPSS
Exploits2References2Affected Software1
WPVulnDB
WPVulnDB
added 2016/03/30 12:0 a.m.19 views

IMDb Profile Widget <= 1.0.8 - Local File Inclusion (LFI)

The imdb-widget WordPress plugin was affected by a Local File Inclusion LFI security vulnerability...

5CVSS2AI score0.01645EPSS
Exploits0References2Affected Software1
WPVulnDB
WPVulnDB
added 2016/03/03 12:0 a.m.19 views

epic Theme - Arbitrary File Download

The Epic WordPress theme was affected by an Arbitrary File Download security vulnerability...

5CVSS2.7AI score0.03208EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
added 2016/02/25 12:0 a.m.19 views

WP Ultimate Exporter <= 1.1 - Unauthenticated SQL Injection

The Export WordPress Data with Advanced Filters WordPress plugin was affected by an Unauthenticated SQL Injection security vulnerability...

7.5CVSS3.7AI score0.02134EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
added 2016/01/27 12:0 a.m.19 views

IMPress Listings <= 2.0.1 - Unauthenticated Reflected Cross-Site Scripting (XSS)

The IMPress Listings WordPress plugin was affected by an Unauthenticated Reflected Cross-Site Scripting XSS security vulnerability. PoC...

4.3CVSS1.8AI score0.00985EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
added 2016/01/26 12:0 a.m.19 views

Formidable Forms <= 1.07.11 - Authenticated Blind SQL Injection

The Formidable Form Builder – Contact Form, Survey & Quiz Forms Plugin for WordPress WordPress plugin was affected by an Authenticated Blind SQL Injection security vulnerability...

2.4AI score
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2015/12/23 12:0 a.m.19 views

NextGEN Gallery < 2.1.15 - Unrestricted File Upload

The WordPress Gallery Plugin – NextGEN Gallery WordPress plugin was affected by an Unrestricted File Upload security vulnerability...

9CVSS2.7AI score0.03729EPSS
Exploits0References3Affected Software1
WPVulnDB
WPVulnDB
added 2015/12/09 12:0 a.m.19 views

YAWPP <= 1.2.2 - Unauthenticated Stored Cross-Site Scripting (XSS)

The yawpp WordPress plugin was affected by an Unauthenticated Stored Cross-Site Scripting XSS security vulnerability. PoC POST /wordpress-4.3/?p=4 HTTP/1.1 Host: wp.lab User-Agent: Mozilla/5.0 Macintosh; Intel Mac OS X 10.10; rv:42.0 Gecko/20100101 Firefox/42.0 Accept:...

4.3CVSS0.2AI score0.01321EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
added 2015/12/04 12:0 a.m.19 views

Advanced uploader - Local File Inclusion

The Advanced uploader WordPress plugin was affected by a Local File Inclusion security vulnerability. PoC http://www.example.com/wp-content/plugins/advanced-uploader/upload.php?destinations=../../../../../../../../../wp-config.php%00...

0.6AI score
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2015/12/01 12:0 a.m.19 views

Email Newsletter <= 20.15 - SQL Injection

Plugin is still affected and has been closed...

7.5CVSS2.4AI score0.02059EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2015/11/26 12:0 a.m.19 views

Auto ThickBox Plus <= 1.9 - Reflected Cross-Site Scripting (XSS)

The auto-thickbox-plus WordPress plugin was affected by a Reflected Cross-Site Scripting XSS security vulnerability. PoC http://www.example.com/wp-content/plugins/auto-thickbox-plus/download.min.php?file=%3Cscript%3Ealert%281%29%3C/script%3E...

4.3CVSS0.2AI score0.00985EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
added 2015/11/24 12:0 a.m.19 views

WP-Stats-Dashboard <= 2.9.4 - Authenticated Blind SQL Injection

The wp-stats-dashboard WordPress plugin was affected by an Authenticated Blind SQL Injection security vulnerability...

6.5CVSS2.9AI score0.01727EPSS
Exploits0References2Affected Software1
WPVulnDB
WPVulnDB
added 2015/10/21 12:0 a.m.19 views

WordPress Calls to Action <= 2.4.3 - Reflected Cross-Site Scripting (XSS)

The WordPress Calls to Action WordPress plugin was affected by a Reflected Cross-Site Scripting XSS security vulnerability...

4.3CVSS2.1AI score0.02645EPSS
Exploits3References3Affected Software1
WPVulnDB
WPVulnDB
added 2015/10/12 12:0 a.m.19 views

Font <= 7.5 - Authenticated Path Traversal

The Font - official webfonts plugin of Fonts For Web. NO CODING! Just click & change font size, color and font face visually! WordPress plugin was affected by an Authenticated Path Traversal security vulnerability...

4CVSS3.6AI score0.05003EPSS
Exploits3References1Affected Software1
WPVulnDB
WPVulnDB
added 2015/10/09 12:0 a.m.19 views

Limit Attempts < 1.1.1 - SQL Injection

The Limit Attempts by BestWebSoft WordPress plugin was affected by a SQL Injection security vulnerability...

7.5CVSS2.5AI score0.01795EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2015/09/05 12:0 a.m.19 views

SecureMoz Security Audit <= 1.0.5 - MitM PHP Object Injection

The securemoz-security-audit WordPress plugin was affected by a MitM PHP Object Injection security vulnerability...

6.8CVSS2.1AI score0.01907EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
added 2015/09/04 12:0 a.m.19 views

Memphis Documents Library < 3.0 - Multiple Issues

- Remote File Inclusion - Local File Inclusion - XSS...

7.5CVSS2.1AI score0.02714EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2015/08/28 12:0 a.m.19 views

Thumbnail Carousel Slider < 1.0.1 - Stored Cross-Site Scripting (XSS) & CSRF

The original advisory states that this vulnerability is exploitable with editor and author roles but this is incorrect. Only the administrator role by default can trigger this vulnerability. However, CSRF on the image upload form makes this exploitable by a malicious actor...

1.5AI score
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2015/08/26 12:0 a.m.19 views

Role Scoper <= 1.3.64 - Authenticated Reflected Cross-Site Scripting (XSS)

The Role Scoper Obsolete – Please install PublishPress Permissions WordPress plugin was affected by an Authenticated Reflected Cross-Site Scripting XSS security vulnerability...

1.3AI score
Exploits0References2Affected Software1
WPVulnDB
WPVulnDB
added 2015/08/24 12:0 a.m.19 views

Google Analyticator <= 6.4.9.4 - Multiple Cross-Site Scripting (XSS)

The Google Analyticator WordPress plugin was affected by a Multiple Cross-Site Scripting XSS security vulnerability...

4.3CVSS1.8AI score0.02671EPSS
Exploits2References2Affected Software1
WPVulnDB
WPVulnDB
added 2015/08/19 12:0 a.m.19 views

WP Social Bookmarking Light <= 1.7.9 - Authenticated Stored Cross-Site Scripting (XSS)

The WP Social Bookmarking Light WordPress plugin was affected by an Authenticated Stored Cross-Site Scripting XSS security vulnerability...

4.3CVSS1.4AI score0.00859EPSS
Exploits1References2Affected Software1
WPVulnDB
WPVulnDB
added 2015/08/15 12:0 a.m.19 views

WP Latest Posts < 3.7.5 - XSS

The WP Latest Posts WordPress plugin was affected by a XSS security vulnerability...

4.3CVSS1.7AI score0.00913EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2015/07/28 12:0 a.m.19 views

Email Before Download < 3.4.1 - SQL Injection

Email Before Download https://wordpress.org/plugins/email-before-download/ before version 3.4.1 was vulnerable to several SQL injections...

2.2AI score
Exploits0References2Affected Software1
WPVulnDB
WPVulnDB
added 2015/07/15 12:0 a.m.19 views

Smooth Slider <= 2.6.5 - Authenticated SQL Injection

The Smooth Slider WordPress plugin was affected by an Authenticated SQL Injection security vulnerability...

6.5CVSS3.3AI score0.01927EPSS
Exploits1References2Affected Software1
WPVulnDB
WPVulnDB
added 2015/07/12 12:0 a.m.19 views

Candidate Application Form <= 1.3 - Unauthenticated Arbitrary File Download

Plugin is still affected and has been closed. The code in downloadpdffile.php does not do any sanity checks, allowing a remote attacker to download sensitive system files. PoC $ curl...

5CVSS1.8AI score0.08833EPSS
Exploits1References3Affected Software1
WPVulnDB
WPVulnDB
added 2015/07/11 12:0 a.m.19 views

FileDownload <= 1.4 - Multiple Issues

XSS, Blind SQL Injection and Open Proxy issues...

7.5CVSS2.1AI score0.02646EPSS
Exploits3References1Affected Software1
WPVulnDB
WPVulnDB
added 2015/07/10 12:0 a.m.19 views

Sell Downloads < 1.0.8 - Insufficient Restrictions when Brute-Force Purchase IDs

The Sell Downloads WordPress plugin was affected by an Insufficient Restrictions when Brute-Force Purchase IDs security vulnerability...

5CVSS2.5AI score0.01734EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2015/07/07 12:0 a.m.19 views

NewStatPress <= 1.0.4 - Reflected Cross-Site Scripting (XSS)

The NewStatPress plugin utilizes on lines 28 and 31 of the file ‘includes/nspsearch.php’ several variables from the $GET scope, without sanitation. While WordPress automatically escapes quotes on this scope, the outputs on these lines are outside of quotes, and as such can be utilized to trigger ...

4.3CVSS0.2AI score0.01879EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
added 2015/07/03 12:0 a.m.19 views

Swim Team <= v1.44.10777 - Local File Inclusion

The code in ./wp-swimteam/include/user/download.php doesn't sanitize user input from downloading sensitive system files. PoC $ curl "http://www.vapidlabs.com/wp-content/plugins/wp-swimteam/include/user/download.php?file=/etc/passwd=/etc/passwd=text/html=1=/usr/share/wordpress"...

5CVSS0.32714EPSS
Exploits2References3Affected Software1
WPVulnDB
WPVulnDB
added 2015/06/06 12:0 a.m.19 views

SE HTML5 Album Audio Player <= 1.1.0 - Local File Include

The se-html5-album-audio-player v1.1.0 plugin for wordpress has a local file include vulnerability. The downloadaudio.php file does not check to see if the user is authenticated, it only attempts to check if the path is in /wp-content/uploads which is easily defeated with ../. PoC...

5CVSS0.1AI score0.18958EPSS
Exploits4References4Affected Software1
WPVulnDB
WPVulnDB
added 2015/05/13 12:0 a.m.19 views

Syndication Links <= 1.0.2 - DOM Cross-Site Scripting (XSS)

The Syndication Links WordPress plugin was affected by a DOM Cross-Site Scripting XSS security vulnerability. PoC http://www.example.com/wp-content/plugins/syndication-links/genericons/example.html...

4.3CVSS0.2AI score0.01011EPSS
Exploits2References2Affected Software1
WPVulnDB
WPVulnDB
added 2015/05/09 12:0 a.m.19 views

WordPress File Upload < 2.7.1 - JS File Upload

The WordPress File Upload WordPress plugin was affected by a JS File Upload security vulnerability...

5CVSS1.9AI score0.01389EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2015/05/06 12:0 a.m.19 views

ClickBank Affiliate Ads <= 1.7 - CSRF/XSS

The ClickBank Affiliate Ads WordPress plugin was affected by a CSRF/XSS security vulnerability...

3.1AI score
Exploits0References3Affected Software1
WPVulnDB
WPVulnDB
added 2015/04/26 12:0 a.m.19 views

Exquisite Ultimate Newspaper Theme <= 1.3.3 - DOM Cross-Site Scripting (XSS)

The exquisite-wp WordPress theme was affected by a DOM Cross-Site Scripting XSS security vulnerability. PoC http://www.example.com/...

4.3CVSS0.4AI score0.01078EPSS
Exploits2References2Affected Software1
Total number of security vulnerabilities5000