Lucene search
K
WpvulndbMost viewed

14602 matches found

WPVulnDB
WPVulnDB
added 2024/01/05 12:0 a.m.33 views

WP Chat App < 3.4.5 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5.9CVSS5.9AI score0.00336EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/05 12:0 a.m.33 views

Ultimate Addons for WPBakery < 3.19.18 - Cross-Site Request Forgery

Description The Ultimate Addons for WPBakery plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.19.17. This is due to missing or incorrect nonce validation on an unknown function. This makes it possible for unauthenticated attackers to perform...

8.8CVSS6.8AI score0.00222EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/12/23 12:0 a.m.33 views

Sayfa Sayaç <= 2.6 - Unauthenticated SQL Injection

Description The Sayfa Sayaç plugin for WordPress is vulnerable to SQL Injection via the in versions up to, and including, 2.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated...

9.8CVSS7.8AI score0.00629EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2023/12/15 12:0 a.m.33 views

E2Pdf < 1.20.26 - Admin+ Arbitrary File Upload

Description The plugin does not properly validate upload files via the importaction function, allowing users having access to the plugin by default admin to upload arbitrary files...

7.2CVSS7AI score0.01274EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/12/12 12:0 a.m.33 views

Google Calendar Events < 3.2.8 - Contributor+ Stored XSS via shortcode

Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

6.5CVSS6.1AI score0.00401EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/29 12:0 a.m.33 views

Contact Form Email < 1.3.42 - Captcha Bypass

Description The Contact Form Email plugin for WordPress is vulnerable to CAPTCHA Bypass in versions up to, and including, 1.3.41. This makes it possible for unauthenticated attackers to bypass the Captcha Verification...

7.1AI score0.00312EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/24 12:0 a.m.33 views

ProfilePress < 4.13.2 Cross-Site Request Forgery via 'admin_notice'

Description The ProfilePress plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.13.1. This is due to missing or incorrect nonce validation on the 'adminnotice' function. This makes it possible for unauthenticated attackers to dismiss admin notices...

6.5AI score0.00403EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/23 12:0 a.m.33 views

Popup by Supsystic < 1.10.20 - Missing Authorization to Sensitive Information Exposure

Description The Popup by Supsystic plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.10.19 via the getWpCsvList action. This makes it possible for authenticated attackers with subscriber level access or higher to extract sensitive data...

6.1AI score0.01267EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/09/26 12:0 a.m.33 views

WoodMart < 7.2.5 - Reflected XSS

Description The plugin does not sanitise and escape some parameters before outputting them back in the page, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

7.1CVSS5.7AI score0.00331EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/04/05 12:0 a.m.33 views

WCFM Marketplace < 3.4.12 - Subscriber+ Unauthorised AJAX Calls

The plugin does not have authorisation in various AJAX actions, allowing any authenticated users, such as subscriber to call them and modify shipping method details/products, delete arbitrary posts, as well as lead to privilege escalation...

8.8CVSS8.8AI score0.00723EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/02/24 12:0 a.m.33 views

All in One SEO Pack < 4.3.0 - Contributor+ Stored XSS

The plugin does not sanitise and escape multiple parameters, which could allow users with a role as low as contributor to perform Stored XSS attacks...

6.4CVSS5.1AI score0.02526EPSS
Exploits1Affected Software1
WPVulnDB
WPVulnDB
added 2023/01/11 12:0 a.m.33 views

Cloak Front End Email < 1.9.2 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks PoC email name='" onmouseover="alert1"...

5.4CVSS2.6AI score0.00649EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2023/01/11 12:0 a.m.33 views

Hide My WP < 6.2.9 - Unauthenticated SQLi

The plugin does not properly sanitize and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection. PoC curl -k --location --request GET "http://localhost:10008" --header "X-Forwarded-For:...

9.8CVSS1.2AI score0.03824EPSS
Exploits5Affected Software1
WPVulnDB
WPVulnDB
added 2022/12/23 12:0 a.m.33 views

User Post Gallery <= 2.19 - Unauthenticated RCE

The plugin does not limit what callback functions can be called by users, making it possible to any visitors to run code on sites running it. PoC Invoke the following curl command to execute the "id" command via PHP's exec function: curl -i...

9.8CVSS4.9AI score0.42723EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/12/19 12:0 a.m.33 views

Table of Contents Plus < 2212 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. PoC toc...

5.4CVSS1.2AI score0.00575EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/11/22 12:0 a.m.33 views

Videojs HTML5 Player < 1.1.9 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks PoC As a contributor, put the following shortcode in a page/post videojsvideo...

5.4CVSS2.3AI score0.00471EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/07/18 12:0 a.m.33 views

WP OAuth2 Server <= 1.0.1 - Authentication Bypass

The plugin does not properly check for authentication, which could allow attackers to bypass it...

9.8CVSS4.8AI score0.0088EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2022/07/18 12:0 a.m.33 views

Feed Them Social < 2.9.8.6 - Unauthenticated PHAR Deserialisation

The plugin does not validate the ftsurl parameter, which could lead to PHAR deserialisation when an attacker manage to upload a malicious file and a suitable gadget chain is present...

9.8CVSS2.6AI score0.0134EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2022/03/29 12:0 a.m.33 views

uDraw < 3.3.3 - Unauthenticated Arbitrary File Access

The plugin does not validate the url parameter in its udrawconverturltobase64 AJAX action available to both unauthenticated and authenticated users before using it in the filegetcontents function and returning its content base64 encoded in the response. As a result, unauthenticated users could re...

7.5CVSS1.3AI score0.07736EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/02/16 12:0 a.m.33 views

Page Builder KingComposer <= 2.9.6 - Open Redirect

The plugin does not validate the id parameter before redirecting the user to it via the kcgetthumbn AJAX action available to both unauthenticated and authenticated users PoC https://example.com/wp-admin/admin-ajax.php?action=kcgetthumbn=https://wpscan.com...

6.1CVSS2.8AI score0.0428EPSS
Exploits4Affected Software1
WPVulnDB
WPVulnDB
added 2022/01/17 12:0 a.m.33 views

Popup | Custom Popup Builder < 1.3.1 - Unauthenticated Denial of Service

The plugin autoload data from its popup on every pages, as such data can be sent by unauthenticated user, and is not validated in length, this could cause a denial of service on the blog PoC 1 Create a popup as admin and access the popup page as unauthenticated 2 Send data on the form and interce...

7.5CVSS0.6AI score0.01589EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2021/12/14 12:0 a.m.33 views

All In One SEO < 4.1.5.3 - Authenticated Privilege Escalation

The plugin is affected by a Privilege Escalation issue, which was discovered during an internal audit by the Jetpack Scan team, and may grant bad actors access to protected REST API endpoints they shouldn’t have access to. This could ultimately enable users with low-privileged accounts, like...

8.8CVSS4.9AI score0.02975EPSS
Exploits1References2Affected Software1
WPVulnDB
WPVulnDB
added 2021/09/27 12:0 a.m.33 views

WordPress Contact Forms by Cimatti < 1.4.12 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape the Form Title before outputting it in some admin pages. which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml is disallowed. PoC 1. go to Forms. 2. go to Add New Form 3. In th title put 4. Save...

4.8CVSS0.4AI score0.00598EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2021/09/21 12:0 a.m.33 views

Request a Quote < 2.3.5 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise, validate or escape some of its settings in the admin dashboard, leading to authenticated Stored Cross-Site Scripting issues even when the unfilteredhtml capability is disallowed. PoC As admin, put the below payloads in the related vulnerable field/s and save them the...

4.8CVSS1.3AI score0.00622EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2021/09/09 12:0 a.m.33 views

3D Cover Carousel <= 1.0 - Reflected Cross-Site Scripting

Description The plugin is vulnerable to Reflected Cross-Site Scripting via the id parameter in the /cover-carousel.php file which allows attackers to inject arbitrary web scripts...

6.1CVSS6.1AI score0.00895EPSS
Exploits1References1
WPVulnDB
WPVulnDB
added 2021/07/08 12:0 a.m.33 views

Astra Pro Addon < 3.5.2 - Unauthenticated SQL Injection

The plugin did not properly sanitise or escape some of the POST parameters from the astrapaginationinfinite and astrashoppaginationinfinite AJAX action available to both unauthenticated and authenticated user before using them in SQL statement, leading to an SQL Injection issues PoC Via...

7.5CVSS9.8AI score0.11004EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2021/04/23 12:0 a.m.33 views

Select All Categories and Taxonomies < 1.3.2 - Reflected Cross-Site Scripting (XSS)

The settings page of the plugin did not properly sanitise the tab parameter before outputting it back, leading to a reflected Cross-Site Scripting issue PoC https://example.com/wp-admin/options-general.php?page=moove-taxonomy-settings=" onMouseOver="alert1;...

4.3CVSS0.10358EPSS
Exploits5Affected Software1
WPVulnDB
WPVulnDB
added 2021/04/22 12:0 a.m.33 views

Multiple WP-Buy Plugins - Arbitrary Plugin Installation/Activation via Low Privilege User

Low privileged users could use the AJAX action "cppluginsdobuttonjoblatercallback" from multiple plugins of the WP-Buy vendor, to install any plugin including a specific version from the WordPress repository, which helps attackers install vulnerable plugins and could lead to more critical...

6.5CVSS2.3AI score0.01325EPSS
Exploits9References1Affected Software8
WPVulnDB
WPVulnDB
added 2021/04/13 12:0 a.m.33 views

WP Smart Import < 1.0.1 - Auhenticated Server-side Request Forgery

The plugin is affected by an authenticated server-side request forgery SSRF vulnerability in versions before 1.0.1...

6.4CVSS4.3AI score0.01612EPSS
Exploits0References2Affected Software1
WPVulnDB
WPVulnDB
added 2020/06/11 12:0 a.m.33 views

WordPress < 5.4.2 - Authenticated XSS in Block Editor

Description Props to Sam Thomas jazzy2fives for finding an XSS issue where authenticated users with low privileges are able to add JavaScript to posts in the block editor...

5.4CVSS5.4AI score0.02359EPSS
Exploits0References3
WPVulnDB
WPVulnDB
added 2020/04/28 12:0 a.m.33 views

LearnPress < 3.2.6.9 - Privilege Escalation to "LP Instructor"

The LearnPress plugin through 3.2.6.8 for WordPress allows remote attackers to escalate the privileges of any user to LP Instructor via the accept-to-be-teacher action parameter. The "LP Instructor" role grants the "unfilteredhtml" capability, allowing an escalated user to insert posts containing...

4.2AI score0.03209EPSS
Exploits5References1Affected Software1
WPVulnDB
WPVulnDB
added 2019/03/21 12:0 a.m.33 views

Social Warfare <= 3.5.2 - Unauthenticated Arbitrary Settings Update

Malicious eval is being inserted into the wpoptions table, in the optionname: socialwafaresettings, in the Twitter field. When the plugin is active, it causes the site to issue a JavaScript redirect to porn sites. Deactivating the plugin disables the redirect, but the malicious eval is still in t...

4.3CVSS0.4AI score0.73543EPSS
Exploits20References5Affected Software1
WPVulnDB
WPVulnDB
added 2018/08/26 12:0 a.m.33 views

Plainview Activity Monitor <= 20161228 - Remote Command Execution (RCE)

The Plainview Activity Monitor WordPress plugin was affected by a Remote Command Execution RCE security vulnerability...

9CVSS3.9AI score0.7699EPSS
Exploits11References1Affected Software1
WPVulnDB
WPVulnDB
added 2018/01/12 12:0 a.m.33 views

Booking Calendar <= 2.1.7 - Authenticated Stored XSS & CSRF

The Booking calendar, Appointment Booking System WordPress plugin was affected by an Authenticated Stored XSS & CSRF security vulnerability...

6.8CVSS2.9AI score0.00768EPSS
Exploits4References2Affected Software1
WPVulnDB
WPVulnDB
added 2017/06/22 12:0 a.m.33 views

Newspaper Theme 6.4–6.7.1 - Privilege Escalation

Description The Newspaper WordPress theme was affected by a Privilege Escalation security vulnerability...

9.8CVSS9.5AI score0.09268EPSS
Exploits2References2
WPVulnDB
WPVulnDB
added 2017/03/06 12:0 a.m.33 views

WordPress 2.8.1-4.7.2 - Control Characters in Redirect URL Validation

...

5.8CVSS3AI score0.02995EPSS
Exploits0References2Affected Software1
WPVulnDB
WPVulnDB
added 2016/11/08 12:0 a.m.33 views

YITH WooCommerce Compare <= 2.0.9 - Unauthenticated PHP Object injection

The YITH WooCommerce Compare WordPress plugin was affected by an Unauthenticated PHP Object injection security vulnerability...

2.7AI score
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2015/10/21 12:0 a.m.33 views

Gwolle Guestbook <= 1.5.3 - Remote File Inclusion (RFI)

The Gwolle Guestbook WordPress plugin was affected by a Remote File Inclusion RFI security vulnerability...

6.8CVSS2.4AI score0.37032EPSS
Exploits4References2Affected Software1
WPVulnDB
WPVulnDB
added 2015/09/15 12:0 a.m.33 views

WordPress <= 4.3 - Publish Post & Mark as Sticky Permission Issue

...

4CVSS1.3AI score0.06389EPSS
Exploits2References3Affected Software1
WPVulnDB
WPVulnDB
added 2015/05/10 12:0 a.m.33 views

XCloner - Backup and Restore 3.1.2 - XSS & Command Execution

The Backup, Restore and Migrate WordPress Sites With the XCloner Plugin WordPress plugin was affected by a Backup and Restore 3.1.2 - XSS & Command Execution security vulnerability...

6.5CVSS2.5AI score0.02669EPSS
Exploits3References2Affected Software1
WPVulnDB
WPVulnDB
added 2015/05/03 12:0 a.m.33 views

WordPress Slider Revolution Shell Upload

Description Note: The Construct, Echelon, Fusion, Method, Modular and Myriad affected themes are from the Mysitemyway, who went out of business, and the themes have been forked by BackStop Themes who does not use Revslider...

7.5CVSS6.4AI score0.75256EPSS
Exploits2References2
WPVulnDB
WPVulnDB
added 2015/03/12 12:0 a.m.33 views

WPML <= 3.1.7.2 - Multiple Vulnerabilities (Including SQLi)

The sitepress-multilingual-cms WordPress plugin was affected by a Multiple Vulnerabilities Including SQLi security vulnerability...

7.5CVSS2.5AI score0.13386EPSS
Exploits3References5Affected Software1
WPVulnDB
WPVulnDB
added 2015/02/26 12:0 a.m.33 views

Import any XML or CSV File to WordPress <= 3.2.3 - RCE

WP All Import does not properly verify that a user has permission to execute functions. Coupled with an interesting method that allows arbitrary functions in specific objects to be called allows this to be leveraged in many ways...

5CVSS2.8AI score0.01428EPSS
Exploits1References3Affected Software1
WPVulnDB
WPVulnDB
added 2014/12/11 12:0 a.m.33 views

WP Symposium <= 14.11 - Unauthenticated Shell Upload

The wp-symposium WordPress plugin was affected by an Unauthenticated Shell Upload security vulnerability...

7.5CVSS2.4AI score0.59968EPSS
Exploits1References5Affected Software1
WPVulnDB
WPVulnDB
added 2014/11/26 12:0 a.m.33 views

WP Symposium <= 14.10 - XSS & SQL Injection

The wp-symposium WordPress plugin was affected by a XSS & SQL Injection security vulnerability...

6.5CVSS2.1AI score0.03721EPSS
Exploits5References2Affected Software1
WPVulnDB
WPVulnDB
added 2014/09/17 12:0 a.m.33 views

WordPress Slider Revolution - Local File Disclosure

Description Note: The Construct, Echelon, Fusion, Method, Modular and Myriad affected themes are from the Mysitemyway, who went out of business, and the themes have been forked by BackStop Themes who does not use Revslider...

5CVSS9.5AI score0.22055EPSS
Exploits5References3
WPVulnDB
WPVulnDB
added 2014/08/01 10:59 a.m.33 views

Magazine Basic - wp-content/themes/magazine-basic/view_artist.php id Parameter SQL Injection

The Magazine Basic WordPress theme was affected by a wp-content/themes/magazine-basic/viewartist.php id Parameter SQL Injection security vulnerability...

2.5AI score
Exploits0References2Affected Software1
WPVulnDB
WPVulnDB
added 2014/08/01 10:58 a.m.33 views

WordPress 1.5 wp-trackback.php tb_id Parameter SQL Injection

...

7.5CVSS3.2AI score0.02299EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/01 12:0 a.m.32 views

Smart Recent Posts Widget <= 1.0.3 - Authenticated (Admin+) Stored Cross-Site Scripting

Description The Smart Recent Posts Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.0.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

5.9CVSS5.7AI score0.00338EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/04/23 12:0 a.m.32 views

Poll Maker <= 3.4 - Authenticated (Subscriber+) Arbitrary File Upload

Description The WP Poll Maker – Best WordPress Poll Plugin for Voting Contest plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 3.4. This makes it possible for authenticated attackers, with subscriber-level acces...

9.9CVSS9.6AI score0.0065EPSS
Exploits0References1
Total number of security vulnerabilities5000