Lucene search
K
WpvulndbMost viewed

14602 matches found

WPVulnDB
WPVulnDB
added 2024/01/04 12:0 a.m.35 views

Ecwid Ecommerce Shopping Cart < 6.12.5 - Cross-Site Request Forgery

Description The Ecwid Ecommerce Shopping Cart plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.12.4. This is due to missing nonce validation on several functions hooked via AJAX in the /includes/class-ecwid-admin-storefront-page.php. This...

6.1CVSS4.5AI score0.00217EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/12/23 12:0 a.m.34 views

Events Addon for Elementor < 2.1.3 - Missing Authorization

Description The Events Addon for Elementor plugin for WordPress is vulnerable to unauthorized modification of data due to missing capability checks on the naeventsbwsettingssavefunc, naeventsbwtogglesubmitfunc, naeventsprosettingssavefunc, naeventsprotogglesubmitfunc and naeventsuwsettingssavefun...

7.5CVSS6.8AI score0.0048EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/12/22 12:0 a.m.34 views

Backup Migration < 1.4.0 - Unauthenticated Path Traversal to Arbitrary File Deletion

Description The Backup Migration plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.3.9 via the 'content-backups' and 'content-name', 'content-manifest', or 'content-bmitmp' and 'content-identy' HTTP headers. This makes it possible for unauthenticated...

9.8CVSS8AI score0.0139EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/12/22 12:0 a.m.34 views

Photo Gallery by 10Web < 1.8.19 - Authenticated (Administrator+) Stored Cross-Site Scripting via Widget

Description The Photo Gallery by 10Web plugin for WordPress is vulnerable to Stored Cross-Site Scripting via widgets in versions up to, and including, 1.8.18 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers...

4.8CVSS5.8AI score0.00461EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/12/08 12:0 a.m.34 views

10to8 Online Appointment Booking System < 1.1.0 - Contributor+ Stored XSS

Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

6.5CVSS5.7AI score0.00377EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2023/11/30 12:0 a.m.34 views

Qode Essential Addons < 1.5.3 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Installation/Activation

Description The Qode Essential Addons plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the installplugin function in all versions up to, and including, 1.5.2. This makes it possible for authenticated attackers, with subscriber-level acce...

9.9CVSS6.8AI score0.01408EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/29 12:0 a.m.34 views

Mollie Payments for WooCommerce < 7.3.12 - Authenticated (Shop Manager+) Arbitrary File Upload

Description The Mollie Payments for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in one of its functions in all versions up to, and including, 7.3.11. This makes it possible for authenticated attackers, with Shop Manager access to...

9.1CVSS7.6AI score0.00603EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/28 12:0 a.m.34 views

Porto Theme - Functionality < 2.12.1 - Missing Authorization

Description The Porto Theme - Functionality plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on an unknown function in versions up to, and including, 2.11.1. This makes it possible for unauthenticated attackers to perform an unauthorized...

7AI score0.00374EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2023/11/06 12:0 a.m.34 views

Asgaros Forum < 2.7.1 - Unauthenticated Arbitrary File Upload

Description The plugin allows forum administrators, who may not be WordPress super-administrators, to set insecure configuration that allows unauthenticated users to upload dangerous files e.g. .php, .phtml, potentially leading to remote code execution. PoC Any user who has the rights to modify t...

9.8CVSS9.8AI score0.01964EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2023/10/09 12:0 a.m.34 views

Royal Elementor Addons and Templates < 1.3.79 - Unauthenticated Arbitrary File Upload

Description The plugin does not properly validate uploaded files, which could allow unauthenticated users to upload arbitrary files, such as PHP and achieve RCE. PoC Make sure you have Elementor installed and a page or post edited with Elementor. Here's the python script that will execute the...

9.8CVSS9.6AI score0.81695EPSS
Exploits18Affected Software1
WPVulnDB
WPVulnDB
added 2023/08/17 12:0 a.m.34 views

Cab Grid < 1.6 - Admin+ Stored XSS

Description The plugin does not validate and escape some parameters, which could allow users with the admin role and above to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5.9CVSS4.8AI score0.00389EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/07/25 12:0 a.m.34 views

Freemius SDK < 2.5.10 - Reflected Cross-Site Scripting

Description The Freemius SDK for WordPress does not adequately sanitize inputs or escape outputs, leading to Reflected Cross-Site Scripting. This directly affects over 1000 plugins and themes that use this SDK...

6.5AI score0.00284EPSS
Exploits0
WPVulnDB
WPVulnDB
added 2023/07/24 12:0 a.m.34 views

Ultimate Addons for Contact Form 7 < 3.1.29 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC 1. Ensure Contact Form 7 is...

4.8CVSS4.7AI score0.00402EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2023/06/19 12:0 a.m.34 views

PrePost SEO <= 3.0 - Admin+ Stored Cross-Site Scripting

The plugin does not properly sanitize some of its settings, which could allow high-privilege users to perform Stored Cross-Site Scripting XSS attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC 1. Add XSS payload to plugin's "Account API key" setting: ...

4.8CVSS4.9AI score0.0061EPSS
Exploits3Affected Software1
WPVulnDB
WPVulnDB
added 2023/05/15 12:0 a.m.34 views

Snow Monkey Forms < 5.0.7 - Unauthenticated Path Traversal

The plugin does not validate file path, allowing unauthenticated users to upload files to arbitrary folders...

9.8CVSS7.2AI score0.02021EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/04/06 12:0 a.m.34 views

Transbank Webpay REST < 1.6.7 - Admin+ SQLi

The plugin does not properly sanitise and escape the orderby parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin...

7.2CVSS8.3AI score0.00695EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2022/12/24 12:0 a.m.34 views

Store Locator WordPress < 1.4.9 - Contributor+ Stored XSS via Shortcode

The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. PoC Exploit...

5.4CVSS3.3AI score0.00471EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/12/02 12:0 a.m.34 views

Chained Quiz < 1.3.2.1 - Multiple Reflected Cross-Site Scripting

The plugin does not sanitise and escape the ipf, emailf, dnf, pointsf and datef parameters before outputting them back in the chainedquizlist page, leading to a Reflected Cross-Site Scripting...

6.1CVSS1.9AI score0.00824EPSS
Exploits5Affected Software1
WPVulnDB
WPVulnDB
added 2022/11/08 12:0 a.m.34 views

Blog2Social < 6.9.12 - Subscriber+ Settings Update

The plugin does not have authorisation check when updating its settings, which could allow any authenticated users, such as subscriber to update them...

4AI score0.00595EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2022/03/23 12:0 a.m.34 views

Daily Prayer Time < 2022.03.01 - Unauthenticated SQLi

The plugin does not sanitise and escape the month parameter before using it in a SQL statement via the getmonthlytimetable AJAX action available to unauthenticated users, leading to an unauthenticated SQL injection PoC curl 'https://example.com/wp-admin/admin-ajax.php' --data...

9.8CVSS3.4AI score0.09103EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/03/01 12:0 a.m.34 views

WordPress File Upload < 4.16.3 - Contributor+ Path Traversal to RCE

The plugin allows users with a role as low as Contributor to perform path traversal via a shortcode argument, which can then be used to upload a PHP code disguised as an image inside the auto-loaded directory of the plugin, resulting in arbitrary code execution. PoC As a contributor or above, add...

8.8CVSS1AI score0.02849EPSS
Exploits2References1Affected Software2
WPVulnDB
WPVulnDB
added 2022/02/16 12:0 a.m.34 views

WP Statistics < 13.1.6 - Unauthenticated Blind SQL Injection via current_page_type

The is vulnerable to SQL Injection due to insufficient escaping and parameterization of the currentpagetype parameter found in the /includes/class-wp-statistics-hits.php file which allows attackers without authentication to inject arbitrary SQL queries to obtain sensitive information...

9.8CVSS5.3AI score0.3298EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
added 2022/01/24 12:0 a.m.34 views

Popup Builder < 4.0.7 - Admin+ SQL Injection

The plugin does not validate and properly escape the orderby and order parameters before using them in a SQL statement in the admin dashboard, which could allow high privilege users to perform SQL injection PoC...

7.2CVSS1.4AI score0.05839EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2021/12/30 12:0 a.m.34 views

Custom Dashboard & Login Page < 7.0 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise some of its settings, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. Note: v6.9.5 made the settings only available to admin with the unfilteredhtml capability, however existing payloads were...

4.8CVSS1.7AI score0.00598EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2021/12/28 12:0 a.m.34 views

WOOF - Products Filter for WooCommerce < 1.2.6.3 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape the woofredrawelements before outputing back in an admin page, leading to a Reflected Cross-Site Scripting PoC https://example.com/wp-admin/admin-ajax.php?action=woofdrawproductsredrawelements=%3Cimg%20src%20onerror=alert/XSS/%3E...

6.1CVSS0.4AI score0.01651EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2021/10/18 12:0 a.m.34 views

SEO Redirection < 8.2 - Subscriber+ SQL Injection

The importFromRedirection AJAX action of the plugin, available to any authenticated user, does not properly sanitise the offset parameter before using it in a SQL statement, leading an SQL injection when the redirection plugin is also installed PoC POST /wp-admin/admin-ajax.php HTTP/1.1 Accept:...

8.8CVSS1.3AI score0.01318EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2021/05/14 12:0 a.m.34 views

WP Super Cache < 1.7.3 - Authenticated Remote Code Execution

The parameters $cachepath, $wpcachedebugip, $wpsupercachefrontpagetext, $cachescheduledtime, $cacheddirectpages used in the plugin settings result in RCE because they allow input of "$" and "\n". This is due to an incomplete fix of CVE-2021-24209. You can run the command directly to...

9CVSS7.1AI score0.23844EPSS
Exploits4References1Affected Software1
WPVulnDB
WPVulnDB
added 2021/05/12 12:0 a.m.34 views

Photo Gallery < 1.5.67 - Authenticated Stored Cross-Site Scripting via Gallery Title

The plugin did not properly sanitise the gallery title, allowing high privilege users to create one with XSS payload in it, which will be triggered when another user will view the gallery list or the affected gallery in the admin dashboard. This is due to an incomplete fix of CVE-2019-16117 PoC...

6.1CVSS1.2AI score0.04609EPSS
Exploits6Affected Software1
WPVulnDB
WPVulnDB
added 2021/04/07 12:0 a.m.34 views

OpenID Connect Generic Client 3.8.0-3.8.1 - Reflected Cross Site Scripting (XSS) via Login Error

The plugin did not sanitise the login error when output back in the login form, leading to a reflected Cross-Site Scripting issue. This issue does not require authentication and can be exploited with the default configuration. PoC...

4.3CVSS0.5AI score0.0163EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2021/02/17 12:0 a.m.34 views

Process Steps Template Designer < 1.3 - CSRF to Stored Cross-Site Scripting (XSS)

The plugin did not properly check its CSRF nonce in the FontAwesomeField.save method, which could allow attackers to make logged in users capable of editing posts change the Step Icon of arbitrary Process Steps. Due to the lack of sanitisation of the submitted Step icon value, it could also lead ...

1.5AI score
Exploits0References2Affected Software1
WPVulnDB
WPVulnDB
added 2020/06/11 12:0 a.m.34 views

WordPress < 5.4.2 - Authenticated XSS via Media Files

Description Props to Luigi – gubello.me for discovering an XSS issue where authenticated users with upload permissions are able to add JavaScript to media files...

6.8CVSS6.4AI score0.03625EPSS
Exploits0References2
WPVulnDB
WPVulnDB
added 2020/03/09 12:0 a.m.34 views

WPML < 4.3.7 - Authenticated Cross Site Request Forgery leading to Remote Code Execution

The sitepress-multilingual-cms WPML WordPress plugin before version 4.3.7 has CSRF due loose comparison, that leads to remote code execution...

6.8CVSS5AI score0.01705EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
added 2019/11/13 12:0 a.m.34 views

Email Subscribers & Newsletters < 4.2.3 - Multiple Issues

- Unauthenticated File Download leading to Information Disclosure - Blind SQL Injection in INSERT statement - Insecure Permissions on Dashboard and Settings - CSRF on Settings - Send Test Emails from the Administrative Dashboard as an Authenticated User with a role of Subscriber and above -...

6.5CVSS2.3AI score0.71399EPSS
Exploits8References2Affected Software1
WPVulnDB
WPVulnDB
added 2019/09/08 12:0 a.m.34 views

Photo Gallery by 10Web < 1.5.35 - SQL Injection & XSS

The Photo Gallery by 10Web – Mobile-Friendly Image Gallery WordPress plugin was affected by a SQL Injection & XSS security vulnerability...

7.5CVSS2.6AI score0.25438EPSS
Exploits12Affected Software1
WPVulnDB
WPVulnDB
added 2019/07/01 12:0 a.m.34 views

WP Statistics <= 12.6.6.1 - Unauthenticated Blind SQL Injection

An endpoint of the API, which is exposed when the 'use cache plugin' setting is enabled by default disabled, is vulnerable to an unauthenticated blind SQLi issue. PoC time curl -X POST 'http://host/wp-json/wpstatistics/v1/hit' --data...

7.5CVSS1.3AI score0.02605EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2018/10/31 12:0 a.m.34 views

GoUrl Bitcoin Payment Gateway < 1.4.14 - Shell Upload

The GoUrl Bitcoin Payment Gateway & Paid Downloads & Membership WordPress plugin was affected by a Shell Upload security vulnerability...

5CVSS2.8AI score0.02129EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
added 2018/01/12 12:0 a.m.34 views

Coming Soon <= 1.1.18 - Authenticated Stored XSS & CSRF

The Coming Soon Page – Responsive Coming Soon & Maintenance Mode WordPress plugin was affected by an Authenticated Stored XSS & CSRF security vulnerability...

6.8CVSS2.4AI score0.00706EPSS
Exploits10References2Affected Software1
WPVulnDB
WPVulnDB
added 2017/09/25 12:0 a.m.34 views

WordPress 2.9.2-4.8.1 - Open Redirect

Description An open redirect was discovered on the user and term edit screens. Reported by Yasin Soliman ysx...

5.4CVSS7.3AI score0.02134EPSS
Exploits0References2
WPVulnDB
WPVulnDB
added 2016/09/07 12:0 a.m.34 views

WordPress 2.5-4.6 - Authenticated Stored Cross-Site Scripting via Image Filename

...

3.5CVSS2.7AI score0.02842EPSS
Exploits0References4Affected Software1
WPVulnDB
WPVulnDB
added 2016/08/23 12:0 a.m.34 views

Mail Masta 1.0 - Unauthenticated Local File Inclusion (LFI)

Plugin is still affected and has been closed PoC http://example.com/wp-content/plugins/mail-masta/inc/campaign/countofsend.php?pl=/etc/passwd...

5CVSS0.6AI score0.10582EPSS
Exploits2References2Affected Software1
WPVulnDB
WPVulnDB
added 2015/05/21 12:0 a.m.34 views

Custom Content Type Manager <= 0.9.8.5 - Remote Code Execution

CCTM plugin can be used by an administrator to achieve arbitrary PHP remote code execution...

3.8AI score0.03214EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
added 2015/02/03 12:0 a.m.34 views

WordPress <= 1.5.1.2 - XMLRPC SQL Injection

...

7.5CVSS2AI score0.0932EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
added 2015/01/28 12:0 a.m.34 views

Photo Gallery <= 1.2.8 - Multiple Authenticated Reflected XSS

The Photo Gallery by 10Web – Mobile-Friendly Image Gallery WordPress plugin was affected by a Multiple Authenticated Reflected XSS security vulnerability. PoC /wp-admin/admin-ajax.php?action=addImages=700=550=jpg,jpeg,png,gif=bwgaddpreviewimageby=name";...

3.5CVSS1AI score0.02331EPSS
Exploits4References1Affected Software1
WPVulnDB
WPVulnDB
added 2015/01/28 12:0 a.m.34 views

Photo Gallery <= 1.2.8 - Blind SQL Injection

The Photo Gallery by 10Web – Mobile-Friendly Image Gallery WordPress plugin was affected by a Blind SQL Injection security vulnerability...

6.5CVSS2.5AI score0.01655EPSS
Exploits3References2Affected Software1
WPVulnDB
WPVulnDB
added 2014/08/01 10:59 a.m.34 views

Polylang 1.5.1 - User Description H&ling Stored XSS

The Polylang WordPress plugin was affected by an User Description H Stored XSS security vulnerability...

4.3CVSS0.5AI score0.01578EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2012/05/18 12:0 a.m.34 views

Login With Ajax - Cross-Site Scripting (XSS)

The Login With Ajax WordPress plugin was affected by a Cross-Site Scripting XSS security vulnerability...

4.3CVSS1.7AI score0.02152EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
added 2005/06/29 12:0 a.m.34 views

WordPress <= 1.5.1.2 - XMLRPC Eval Injection

...

7.5CVSS1.8AI score0.79071EPSS
Exploits5References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/05 12:0 a.m.33 views

WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels < 4.4.3 - Missing Authorization to Unauthenticated Settings Reset

Description The WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wtpklistresetsettings function in all versions up to, and including, 4.4.2. This makes it...

5.3CVSS6.7AI score0.00444EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/02/09 12:0 a.m.33 views

Royal Elementor Addons and Templates < 1.3.88 - Multiple Cross-Site Request Forgery

Description The plugin is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.87. This is due to missing or incorrect nonce validation on several functions. This makes it possible for unauthenticated attackers to perform actions on the site via forged requests grant...

4.3CVSS6.2AI score0.00244EPSS
Exploits0References5Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/30 12:0 a.m.33 views

Avada < 7.11.2 - Author+ Arbitrary File Upload via Zip Extraction

Description The theme is vulnerable to arbitrary file uploads due to missing file type validation when extracting zip files in the 'processupload' and 'regenerateiconfiles' functions. This makes it possible for authenticated attackers with author permissions to upload arbitrary files on the...

9.1CVSS9.3AI score0.00465EPSS
Exploits0References1
Total number of security vulnerabilities5000