Lucene search
K
WpvulndbMost viewed

14602 matches found

WPVulnDB
WPVulnDB
added 2021/05/07 12:0 a.m.36 views

Autoptimize < 2.8.4 - Authenticated Stored Cross-Site Scripting (XSS)

The plugin was missing proper escaping and sanitisation in some of its settings, allowing high privilege users to set XSS payloads in them, leading to stored Cross-Site Scripting issues PoC Adds the following payloads in the API Key settings /wp-admin/options-general.php?page=aocritcss " -- PoC 1...

4.8CVSS0.9AI score0.00626EPSS
Exploits2References2Affected Software1
WPVulnDB
WPVulnDB
added 2020/09/17 12:0 a.m.36 views

Discount Rules for WooCommerce < 2.2.1 - Multiple Authorization Bypass

On August 20th 2020 WebARX disclosed multiple vulnerabilities affecting the Discount Rules for WooCommerce WordPress plugin, which were patched in version 2.1.0 see references. Some time after, the Wordfence Threat Intelligence Team discovered several additional authorization bypass vulnerabiliti...

2.1AI score
Exploits0References2Affected Software1
WPVulnDB
WPVulnDB
added 2020/03/24 12:0 a.m.36 views

Data Tables Generator By Supsystic < 1.9.92 - Insecure Permissions on AJAX Actions

The Data Tables Generator by Supsystic WordPress plugin was affected by an Insecure Permissions on AJAX Actions security vulnerability...

6.8CVSS2.6AI score0.01042EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
added 2020/03/12 12:0 a.m.36 views

Popup Builder < 3.64.1 - Multiple Issues

"One vulnerability allowed an unauthenticated attacker to inject malicious JavaScript into any published popup, which would then be executed whenever the popup loaded. The other vulnerability allowed any logged-in user, even those with minimal permissions such as a subscriber, to export a list of...

6.5CVSS1.6AI score0.01421EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2019/10/16 12:0 a.m.36 views

All In One SEO Pack < 3.2.7 - Stored Cross-Site Scripting (XSS)

The All in One SEO Pack WordPress plugin was affected by a Stored Cross-Site Scripting XSS security vulnerability...

3.5CVSS1.6AI score0.01532EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
added 2019/08/02 12:0 a.m.36 views

Woody Ad Snippets <= 2.2.4 - Multiple issues leading to RCE

Unauthenticated options import and unauthenticated stored XSS issues which could lead to Remote Code Execution...

6.8CVSS2.7AI score0.20813EPSS
Exploits2References2Affected Software1
WPVulnDB
WPVulnDB
added 2018/03/16 12:0 a.m.36 views

Site Editor <= 1.1.1 - Local File Inclusion (LFI)

The site-editor WordPress plugin was affected by a Local File Inclusion LFI security vulnerability...

5CVSS1.9AI score0.63102EPSS
Exploits7References2Affected Software1
WPVulnDB
WPVulnDB
added 2017/01/11 12:0 a.m.36 views

WordPress 3.4-4.7 - Stored Cross-Site Scripting (XSS) via Theme Name fallback

...

4.3CVSS2.4AI score0.02436EPSS
Exploits0References3Affected Software1
WPVulnDB
WPVulnDB
added 2014/11/25 12:0 a.m.36 views

WordPress <= 4.0 - CSRF in wp-login.php Password Reset

Description WordPress 4.0.1 adds a CSRF token called 'rpkey' to the password reset form on wp-login.php. Prior versions are vulnerable to CSRF...

6.8CVSS6.1AI score0.01964EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2014/11/20 8:2 p.m.36 views

WordPress <= 4.0 - Long Password Denial of Service (DoS)

...

5CVSS2.3AI score0.82702EPSS
Exploits7References4Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/01 12:0 a.m.35 views

Customify Site Library <= 0.0.9 - Unauthenticated Remote Code Execution

Description The Customify Site Library plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 0.0.9. This makes it possible for unauthenticated attackers to execute code on the server...

9.9CVSS8.2AI score0.01117EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/04/04 12:0 a.m.35 views

Molongui < 4.7.8 - Authenticated (Author+) Insecure Direct Object Reference

Description The Author Box, Guest Author and Co-Authors for Your Posts – Molongui plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.7.7 due to missing validation on a user controlled key. This makes it possible for authenticated...

2.7CVSS6.7AI score0.00436EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/01 12:0 a.m.35 views

Essential Addons for Elementor < 5.9.14 - Unauthenticated Private/Draft Posts Access

Description The plugin is vulnerable to Sensitive Information Exposure via the loadmore function. This can allow unauthenticated attackers to extract sensitive data including private and draft posts...

5.3CVSS6.5AI score0.00496EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/03/26 12:0 a.m.35 views

Astra < 4.6.9 - Contributor+ Stored XSS

Description The theme for WordPress is vulnerable to Stored Cross-Site Scripting via a user's display name due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in...

6.4CVSS5.7AI score0.00353EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/24 12:0 a.m.35 views

Ninja Tables < 5.0.7 - Contributor+ Table Data Access

Description The plugin is vulnerable to unauthorized access of data due to a missing capability check on the dragAndDropExport function. This makes it possible for authenticated attackers, with contributor-level access and above, to export table data...

6.2AI score0.00325EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/12/26 12:0 a.m.35 views

All In One WP Security < 5.2.5 - Protection Bypass of Renamed Login Page via URL Encoding

Description The All-In-One Security AIOS – Security and Firewall plugin for WordPress is vulnerable to protection bypass on the login page in all versions up to and including 5.2.4. This makes it possible for unauthenticated attackers to visit the login page in cases where it has been renamed by...

7.1AI score0.00322EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/12/19 12:0 a.m.35 views

AMP for WP – Accelerated Mobile Pages < 1.0.92.1 - Authenticated (Contributor+) Cross-Site Scripting via Shortcode

Description The AMP for WP – Accelerated Mobile Pages plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 1.0.92 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

6.4CVSS5.9AI score0.00449EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/12/19 12:0 a.m.35 views

Enable Media Replace < 4.1.5 - Reflected Cross-Site Scripting

Description The Enable Media Replace plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the SHORTPIXELDEBUG parameter in all versions up to, and including, 4.1.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers ...

6.1CVSS6.2AI score0.00493EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/29 12:0 a.m.35 views

Contact Form to Any API < 1.1.7 - Subscriber+ API Entry Record Deletion

Description The plugin does not have authorisation check when deleting CF7 API entry records, which could allow any authenticated users, such as subscriber to delete them...

9.3AI score0.00465EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/23 12:0 a.m.35 views

Pre-Publish Checklist < 1.1.2 - Insecure Direct Object Reference to Arbitrary Post '_ppc_meta_key' Update

Description The Pre-Publish Checklist plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 1.1.1 via the ppcmetaboxajaxaddhandler and ppcmetaboxajaxdeletehandler functions due to missing validation on a user controlled key. This can allow...

6.9AI score0.00351EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/23 12:0 a.m.35 views

Slider Revolution < 6.6.15 - Authenticated (Contributor+) Stored Cross-Site Scripting

Description The Slider Revolution plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 6.6.14 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to...

6.5CVSS5.9AI score0.00386EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/10/24 12:0 a.m.35 views

LiteSpeed Cache < 5.7 - Contributor+ Stored XSS

Description The plugin does not escape the cache attribute of its esi shortcode before outputting it back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

6.4CVSS5.6AI score0.19684EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/04/19 12:0 a.m.35 views

Simple Tooltips <= 2.1.4 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5.9CVSS5.7AI score0.00392EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/03/17 12:0 a.m.35 views

Bookly < 21.6 - Unauthenticated Stored XSS

The plugin does not sanitise and escape some parameters, which could allow unauthenticated users to perform Stored Cross-Site Scripting attacks...

7.2CVSS6.3AI score0.00464EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/01/24 12:0 a.m.35 views

LearnPress Plugin < 4.2.0 - Unauthenticated SQLi

The plugin does not properly sanitise and escape the order by parameter before using it in a SQL statement, leading to a SQL injection exploitable by unauthenticated users...

9.9CVSS9.8AI score0.04269EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/12/02 12:0 a.m.35 views

Chained Quiz < 1.3.2.3 - Admin+ Stored XSS

The plugin does not sanitise and escape its facebookappid and apikey settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5.5CVSS2.3AI score0.00642EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/07/18 12:0 a.m.35 views

Directorist - Business Directory Plugin < 7.2.3 - Admin+ Arbitrary File Upload

The plugin allows administrators to download other plugins from the same vendor directly to the site, but does not check the URL domain it gets the zip files from. This could allow administrators to run code on the server, which is a problem in multisite configurations. PoC 1. Craft a custom zip...

4.9CVSS0.1AI score0.00764EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2022/06/16 12:0 a.m.35 views

Comment License < 1.4.0 - Arbitrary Settings Update via CSRF

The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack PoC...

4.3CVSS4.8AI score0.00412EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/05/11 12:0 a.m.35 views

WP Fundraising Donation and Crowdfunding Platform < 1.5.0 - Unauthenticated SQLi

The plugin does not sanitise and escape a parameter before using it in a SQL statement via one of it's REST route, leading to an SQL injection exploitable by unauthenticated users PoC curl 'https://example.com/index.php?restroute=/xs-donate-form/payment-redirect/3' \ --data '"id": "SELECT 1 FROM...

9.8CVSS3.5AI score0.07879EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/03/14 12:0 a.m.35 views

Library File Manager < 5.2.3 - Subscriber+ Arbitrary File Creation/Upload/Deletion

The plugin is using an outdated version of the elFinder library, which is know to be affected by security issues CVE-2021-32682, and does not have any authorisation as well as CSRF checks in its connector AJAX action, allowing any authenticated users, such as subscriber to call it. Furthermore, a...

9.8CVSS0.8AI score0.69934EPSS
Exploits6Affected Software1
WPVulnDB
WPVulnDB
added 2022/02/17 12:0 a.m.35 views

Sync iCloud COS < 2.0.1 - Admin+ Stored Cross-Site Scripting

The plugin does not escape some of its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed PoC Put the following payload in the 本地文件夹 or URL前缀 settings of the plugin: " style=animation-name:rotation...

2.4AI score0.00588EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/01/31 12:0 a.m.35 views

TI WooCommerce Wishlist < 1.40.1 - Unauthenticated Blind SQL Injection

The plugins do not sanitise and escape the itemid parameter before using it in a SQL statement via the wishlist/removeproduct REST endpoint, allowing unauthenticated attackers to perform SQL injection attacks PoC time wget...

9.8CVSS3.8AI score0.73998EPSS
Exploits2References1Affected Software2
WPVulnDB
WPVulnDB
added 2022/01/17 12:0 a.m.35 views

Noptin < 1.6.5 - Open Redirect

The plugin does not validate the to parameter before redirecting the user to its given value, leading to an open redirect issue PoC https://example.com/?noptinns=emailclick=https://wpscan.com...

6.1CVSS0.3AI score0.02682EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2022/01/10 12:0 a.m.35 views

GTranslate < 2.9.7 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape the body parameter in the urladdon/gtranslate-email.php file before outputting it back in the page, leading to a Reflected Cross-Site Scripting issue. Note: exploitation of the issue requires knowledge of the NONCESALT and NONCEKEY PoC...

4.7CVSS2.2AI score0.00752EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2021/12/13 12:0 a.m.35 views

The Plus Addons for Elementor Pro < 5.0.7 - Unauthenticated SQL Injection

The "WP Search Filters" widget of the plugin does not sanitise and escape the option parameter before using it in a SQL statement, which could lead to SQL injection PoC The request requires a nonce created with wpcreatenonce"theplus-searchfilter” which can be retrieved from a page where the widge...

9.8CVSS0.6AI score0.01704EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2021/10/13 12:0 a.m.36 views

Simple JWT Login < 3.3.0 - Insecure Password Creation

The plugin can be used to create new WordPress user accounts with a randomly generated password. The password is generated using the strshuffle PHP function that "does not generate cryptographically secure values, and should not be used for cryptographic purposes" according to PHP's documentation...

7.5CVSS1.2AI score0.01186EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2021/02/02 12:0 a.m.35 views

MStore API < 3.2.0 - Authentication Bypass With Sign In With Apple

The plugin had an authentication bypass with Sign In With Apple allowing unauthenticated users to recover an authentication cookie with only an email address. PoC The plugin must have a valid purchase code for the request to work curl -X GET --header 'Content-Type: application/json' --header...

2.3AI score0.03373EPSS
Exploits1References2Affected Software1
WPVulnDB
WPVulnDB
added 2020/04/01 12:0 a.m.35 views

Login by Auth0 < 4.0.0 - Multiple Vulnerabilities

CVE-2020-5391 - CSRF controls missing for domain field CVE-2020-5392 - Stored XSS in Settings page CVE-2020-6753 - Stored XSS in multiple pages CVE-2020-7947 - CSV injection vulnerabilities CVE-2020-7948 - Insecure direct object reference...

7.5CVSS1.8AI score0.02842EPSS
Exploits0References2Affected Software1
WPVulnDB
WPVulnDB
added 2019/11/05 12:0 a.m.35 views

Safe SVG <= 1.9.4 - Denial of Service

The Safe SVG WordPress plugin was affected by a Denial of Service security vulnerability...

5CVSS3.1AI score0.02605EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2019/07/26 12:0 a.m.35 views

Photo Gallery by 10Web <= 1.5.30 - SQL Injection

The Photo Gallery by 10Web – Mobile-Friendly Image Gallery WordPress plugin was affected by a SQL Injection security vulnerability...

10CVSS2.8AI score0.04482EPSS
Exploits0References2Affected Software1
WPVulnDB
WPVulnDB
added 2018/10/26 12:0 a.m.35 views

Elementor Pro < 2.0.10 - XSS

The elementor-pro WordPress plugin was affected by a XSS security vulnerability...

4.3CVSS2.2AI score0.01303EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2018/07/20 12:0 a.m.35 views

Multi Step Form <= 1.2.5 - Multiple Unauthenticated Reflected XSS

WordPress Plugin Multi Step Form before 1.2.5 allows remote users to execute JavaScript code through Reflected XSS attacks. This issue can be exploited by unauthenticated attackers, by the use of CSRF, for example. PoC The following parameters are vulnerable in fwsenddata function: fwdataid1...

4.3CVSS0.01255EPSS
Exploits2References2Affected Software1
WPVulnDB
WPVulnDB
added 2017/05/16 12:0 a.m.35 views

WordPress 2.5.0-4.7.4 - Filesystem Credentials Dialog CSRF

...

6.8CVSS2.7AI score0.01742EPSS
Exploits0References3Affected Software1
WPVulnDB
WPVulnDB
added 2016/04/05 12:0 a.m.35 views

Lightbox Plus <= 2.7.2 - CSRF to XSS

The lightbox-plus WordPress plugin was affected by a CSRF to XSS security vulnerability...

4.3CVSS1.9AI score0.00515EPSS
Exploits1Affected Software1
WPVulnDB
WPVulnDB
added 2015/09/25 12:0 a.m.35 views

WP Super Cache <= 1.4.4 - PHP Object Injection

The WP Super Cache WordPress plugin was affected by a PHP Object Injection security vulnerability...

2AI score
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2015/08/25 12:0 a.m.35 views

Post video players <= 1.136 - Authenticated Stored Cross-Site Scripting (XSS)

The Post video players, slideshow albums, photo galleries and music / podcast playlist WordPress plugin was affected by an Authenticated Stored Cross-Site Scripting XSS security vulnerability...

3AI score
Exploits0References2Affected Software1
WPVulnDB
WPVulnDB
added 2014/08/01 10:58 a.m.35 views

WordPress 3.0 - 3.6 Crafted String URL Redirect Restriction Bypass

...

7.5CVSS2.3AI score0.07493EPSS
Exploits2References4Affected Software1
WPVulnDB
WPVulnDB
added 2014/08/01 12:0 a.m.35 views

XCloner - Backup and Restore < 3.1.1 - Multiple Actions CSRF

The Backup, Restore and Migrate WordPress Sites With the XCloner Plugin WordPress plugin was affected by a Backup and Restore 3.1.1 - Multiple Actions CSRF security vulnerability...

7.6CVSS2.2AI score0.0621EPSS
Exploits11References4Affected Software1
WPVulnDB
WPVulnDB
added 2007/04/29 12:0 a.m.35 views

myGallery <= 1.4b4 - Unauthenticated File Inclusion

The MySliderGallery WordPress plugin was affected by an Unauthenticated File Inclusion security vulnerability. PoC This vulnerability has been seen exploited in the wild with the following payload:...

7.5CVSS1.1AI score0.62871EPSS
Exploits2References2Affected Software1
WPVulnDB
WPVulnDB
added 2024/03/29 12:0 a.m.34 views

Pods < 3.1 - Contributor+ Remote Code Execution

Description The plugin is vulnerable to Remote Code Execution via shortcode, allowing authenticated attackers, with contributor level access or higher, to execute code on the server...

8.8CVSS8AI score0.01291EPSS
Exploits0References1Affected Software1
Total number of security vulnerabilities5000