Lucene search
K
WpvulndbMost viewed

14602 matches found

WPVulnDB
WPVulnDB
added 2024/04/16 12:0 a.m.32 views

Premmerce Product Filter for WooCommerce < 3.7.3 - Missing Authorization

Description The Premmerce Product Filter for WooCommerce plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in versions up to, and including, 3.7.2. This makes it possible for authenticated attackers, with subscriber-level access and above, t...

8.8CVSS6.4AI score0.00314EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/12 12:0 a.m.32 views

InstaWP Connect – 1-click WP Staging & Migration < 0.1.0.23 - Unauthenticated Arbitrary File Upload

Description The InstaWP Connect – 1-click WP Staging & Migration plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file validation in the /wp-json/instawp-connect/v1/config REST API endpoint in all versions up to, and including, 0.1.0.22. This makes it possible for...

9.8CVSS6.7AI score0.05747EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/02/29 12:0 a.m.32 views

WPvivid Backup and Migration < 0.9.69 - Unauthenticated SQLi & DoS

Description The plugin is vulnerable to unauthorized access due to a missing capability check on the getrestoreprogress and restore functions, allowing unauthenticated attackers to exploit a SQL injection vulnerability or trigger a DoS...

9.8CVSS8.1AI score0.01075EPSS
Exploits2References2Affected Software1
WPVulnDB
WPVulnDB
added 2023/12/23 12:0 a.m.32 views

Currency Converter Widget < 3.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode

Description The Currency Converter Widget – Exchange Rates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 3.0.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes i...

6.5CVSS5.7AI score0.00303EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2023/12/08 12:0 a.m.32 views

JetEngine < 3.2.5 - Authenticated (Contributor+) Privilege Escalation

Description The JetEngine plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 3.2.4. This is due to an unknown issue. This makes it possible for authenticated attackers, with contributor-level access and above, to gain elevated privileges...

7.4AI score0.00553EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/12/04 12:0 a.m.32 views

MW WP Form < 5.0.2 - Unauthenticated Arbitrary File Upload

Description The plugin does not properly handle unauthorised files from being uploaded, only logging the issue without stopping the process, allowing unauthenticated users to upload arbitrary files to the server when the 'Saving inquiry data in database' settings is enabled in the plugin...

9.8CVSS6.7AI score0.01448EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/24 12:0 a.m.32 views

Astra Bulk Edit < 1.2.8 - Missing Authorization

Description The Astra Bulk Edit plugin for WordPress is vulnerable to unauthorized missing authorization due to a missing capability check on the savepostbulkedit function in versions up to, and including, 1.2.7. This makes it possible for attackers with contributor-level access or higher to bulk...

6.8AI score0.00387EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/23 12:0 a.m.32 views

UserPro < 5.1.2 - Sensitive Information Disclosure via Shortcode

Description The UserPro plugin for WordPress is vulnerable to sensitive information disclosure via the 'userpro' shortcode in versions up to, and including 5.1.1. This is due to insufficient restriction on sensitive user meta values that can be called via that shortcode. This makes it possible fo...

6.5CVSS6.4AI score0.00849EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/23 12:0 a.m.32 views

UserPro < 5.1.2 - Authentication Bypass to Administrator

Description The UserPro plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 5.1.1. This is due to insufficient verification on the user being supplied during a Facebook login through the plugin. This makes it possible for unauthenticated attackers to log ...

9.8CVSS7.2AI score0.06801EPSS
Exploits4References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/23 12:0 a.m.32 views

Garden Gnome Package < 2.2.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

Description The Garden Gnome Package plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ggpkg' shortcode in all versions up to, and including, 2.2.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS7.3AI score0.00557EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/21 12:0 a.m.32 views

Autocomplete Location field Contact Form 7 < 3.0 - Admin+ Store Cross-Site Scripting

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC 1. Go to "Contact Google Place API...

4.8CVSS7.7AI score0.00442EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2023/10/02 12:0 a.m.32 views

wordpress publish post email notification < 1.0.2.3 - Admin+ Stored XSS

Description The plugin does not validate and escape some parameters, which could allow users with the admin role and above to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5.9CVSS6AI score0.0031EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/08/30 12:0 a.m.32 views

Forminator < 1.25.0 - Unauthenticated Arbitrary File Upload

Description The plugin does not validate files to be uploaded before writing them on the server, allowing unauthenticated users to upload arbitrary files and lead to RCE...

9.8CVSS7.2AI score0.12749EPSS
Exploits3References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/07/20 12:0 a.m.32 views

what3words Address Field < 4.0.0 - Admin+ Sensitive Information Disclosure

Description A vulnerability has been found in what3words Autosuggest Plugin up to 4.0.0 on WordPress and classified as problematic. Affected by this vulnerability is the function enqueuescripts of the file w3w-autosuggest/public/class-w3w-autosuggest-public.php of the component Setting Handler. T...

7.5CVSS5.4AI score0.15808EPSS
Exploits2
WPVulnDB
WPVulnDB
added 2023/07/18 12:0 a.m.32 views

Booking Calendar Contact Form < 1.2.41 - Unauthenticated Reflected Cross-Site Scripting

Description Unauth. Reflected Cross-Site Scripting XSS vulnerability in CodePeople Booking Calendar Contact Form plugin = 1.2.40 versions...

7.1CVSS6.1AI score0.00351EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/07/10 12:0 a.m.32 views

LMS by Masteriyo < 1.6.8 - Information Exposure

The plugin does not properly safeguards sensitive user information, like other user's email addresses, making it possible for any students to leak them via some of the plugin's REST API endpoints. PoC curl -i -s -k -X $'GET' \ -H $'Host: localhost:8000' -H $'sec-ch-ua: ' -H $'Accept:...

8.8AI score0.01926EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2023/06/13 12:0 a.m.32 views

WooCommerce Stripe Payment Gateway < 7.4.1 - Unauthenticated PII Disclosure via IDOR

The plugin does not ensure that the order details to be displayed belongs to the user making the request, allows unauthenticated users to access sensitive information about the reorder details such as first/last names, email and address PoC As unauthenticated, see the source of...

7.5CVSS7.3AI score0.01214EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/06/12 12:0 a.m.32 views

Forminator < 1.24.1 - Unauthenticated Race Condition on poll vote

The plugin does not use an atomic operation to check whether a user has already voted, and then update that information. This leads to a Race Condition that may allow a single user to vote multiple times on a poll. PoC 1. Create a poll and publish a page with a poll. 2. Visit the page with the...

3.1CVSS8.5AI score0.00359EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2023/06/05 12:0 a.m.32 views

WP ERP < 1.12.4 - Admin+ SQL Injection

The plugin does not properly sanitise and escape the type parameter in the erp/v1/accounting/v1/people REST API endpoint before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin. PoC Sign in as an admin. In WP Admin, run the following code i...

7.2CVSS7.7AI score0.02632EPSS
Exploits5Affected Software1
WPVulnDB
WPVulnDB
added 2023/06/02 12:0 a.m.32 views

Premium Addons PRO < 2.8.25 - Reflected XSS

The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

7.1CVSS6AI score0.00382EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/02/27 12:0 a.m.32 views

GN Publisher < 1.5.6 - Reflected XSS

The plugin does not sanitise and escape the tab parameter before outputting it back in a page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin PoC...

6.1CVSS6AI score0.0126EPSS
Exploits3Affected Software1
WPVulnDB
WPVulnDB
added 2023/01/24 12:0 a.m.32 views

Intuitive Custom Post Order < 3.1.4 - Arbitrary Menu Order Update via CSRF

The plugin lacks CSRF protection in its update-menu-order ajax action, allowing an attacker to trick any user to change the menu order via a CSRF attack PoC...

4.3CVSS4.9AI score0.00267EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2023/01/19 12:0 a.m.32 views

GiveWP < 2.24.1 - Unauthenticated SQLi

The plugin does not properly escape user input before it reaches SQL queries, which could let unauthenticated attackers perform SQL Injection attacks PoC 1 Create a post/page that contains the "Donor Wall" block. 2 Using the default donation form, send a test donation 3 In a terminal, edit and ru...

3.1AI score0.03742EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2022/08/01 12:0 a.m.32 views

Duplicator < 1.4.7 - Unauthenticated Backup Download

The plugin discloses the url of the a backup to unauthenticated visitors accessing the main installer endpoint of the plugin, if the installer script has been run once by an administrator, allowing download of the full site backup without authenticating. PoC Find the URL of the actual installer...

7.5CVSS7.4AI score0.12485EPSS
Exploits5References2Affected Software1
WPVulnDB
WPVulnDB
added 2022/04/05 12:0 a.m.32 views

Advanced Page Visit Counter < 6.1.2 - Unauthenticated Stored Cross-Site Scripting

The plugin does not sanitise and escape some input before outputting it in an admin dashboard page, allowing unauthenticated attackers to perform Cross-Site Scripting attacks against admins viewing it PoC As unauthenticated: wget "https://example.com/?p=1" --header "Referer: " -O- The XSS will be...

6.1CVSS0.4AI score0.01277EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/03/30 12:0 a.m.32 views

Videos sync PDF <= 1.7.4 - Unauthenticated LFI

The plugin does not validate the p parameter before using it in an include statement, which could lead to Local File Inclusion issues PoC https://example.com/wp-content/plugins/video-synchro-pdf/reglages/MenuPlugins/tout.php?p=LFI...

7.5CVSS0.5AI score0.11088EPSS
Exploits2References2Affected Software1
WPVulnDB
WPVulnDB
added 2022/03/16 12:0 a.m.32 views

iQ Block Country < 1.2.13 - Admin+ Arbitrary File Deletion via Zip Slip

The settings of the plugin can be exported or imported using its backup functionality. An authorized user can import preconfigured settings of the plugin by uploading a zip file. After the uploading process, files in the uploaded zip file are extracted one by one. During the extraction process,...

4.9CVSS5AI score0.03315EPSS
Exploits5Affected Software1
WPVulnDB
WPVulnDB
added 2022/03/08 12:0 a.m.32 views

Ninja Forms File Uploads Extension < 3.3.13 - Unauthenticated Stored Cross-Site Scripting

The plugin is vulnerable to stored cross-site scripting due to missing sanitization of the files filename parameter found in the /includes/ajax/controllers/uploads.php file which can be used by unauthenticated attackers to add malicious web scripts to vulnerable WordPress sites...

7.2CVSS2.4AI score0.00748EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2022/03/07 12:0 a.m.32 views

Akismet Privacy Policies <= 2.0.1- Reflected Cross-Site Scripting

The plugin does not sanitise and escape the translation parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting PoC https://example.com/wp-admin/options-general.php?page=akismetprivacynoticesettingsgroup=%22%3E%3Cscript%3Ealert%281%29%3B%3C%2Fscript%3E...

6.1CVSS0.6AI score0.00788EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/01/28 12:0 a.m.32 views

Perfect Brands for WooCommerce < 2.0.5 - Subscriber+ Arbitrary Brand Creation

The plugin does not have authorisation and CSRF checks in some of its AJAX actions, which could allow any authenticated users, such as subscriber to create arbitrary brands...

4.3CVSS4.5AI score0.00621EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2022/01/19 12:0 a.m.32 views

WP HTML Mail < 3.1 - Unprotected REST-API Endpoint

The plugin is vulnerable to setting changes and stored cross-site scripting due to misconfigured authorization controls on the /themesettings REST API endpoint...

8.3CVSS0.6AI score0.70511EPSS
Exploits3References1Affected Software1
WPVulnDB
WPVulnDB
added 2021/11/30 12:0 a.m.32 views

LiteSpeed Cache < 4.4.4 - Admin+ Reflected Cross-Site Scripting

The plugin does not escape the qcres parameter before outputting it back in the JS code of an admin page, leading to a Reflected Cross-Site Scripting PoC As admin, enter the following payload in the Domain Key setting of the plugin: Then open...

4.8CVSS0.1AI score0.00654EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2021/11/29 12:0 a.m.32 views

WP Mail Logging < 1.10.0 - Outdated Redux Framework

The plugin uses an outdated version of the Redux Framework, which is know to be affected by security issues CVE-2021-38312 and CVE-2021-38314, and could allow unauthenticated attackers to change some of the Framework settings by using CVE-2021-38314 PoC The first endpoint we can identify is...

7.1CVSS0.28961EPSS
Exploits7Affected Software1
WPVulnDB
WPVulnDB
added 2021/07/15 12:0 a.m.32 views

WooCommerce Blocks 2.5 to 5.5 - Unauthenticated SQL Injection

The plugin was reported to be affected by a critical Unauthenticated SQL Injection vulnerability...

5CVSS8AI score0.17227EPSS
Exploits2References5Affected Software1
WPVulnDB
WPVulnDB
added 2021/06/28 12:0 a.m.32 views

ProfilePress 3.0 - 3.1.3 - Unauthenticated Privilege Escalation

The user registration functionality of the plugin allowed arbitrary user meta to be supplied, including wpcapabilities, during registration which made it possible for users to register as an administrator. PoC 'Hax0r', 'regemail' = '[email protected]', 'regpassword' = 'password', 'regpasswordpresen...

9.8CVSS4.2AI score0.68862EPSS
Exploits8References1Affected Software1
WPVulnDB
WPVulnDB
added 2021/06/07 12:0 a.m.32 views

Smart Slider 3 < 3.5.0.9 - Authenticated Stored Cross-Site Scripting (XSS)

The plugin did not sanitise the Project Name before outputting it back in the page, leading to a Stored Cross-Site Scripting issue. By default, only administrator users could access the affected functionality, limiting the exploitability of the vulnerability. However, some WordPress admins may...

5.4CVSS1.5AI score0.00676EPSS
Exploits2References3Affected Software2
WPVulnDB
WPVulnDB
added 2021/05/19 12:0 a.m.32 views

WP Statistics < 13.0.8 - Unauthenticated SQL Injection

The plugin relied on using the WordPress escsql function on a field not delimited by quotes and did not first prepare the query. Additionally, the page, which should have been accessible to administrator only, was also available to any visitor, including unauthenticated ones. PoC...

7.5CVSS1.2AI score0.29776EPSS
Exploits3References2Affected Software1
WPVulnDB
WPVulnDB
added 2021/04/13 12:0 a.m.32 views

ElementsKit and ElementsKit Pro < 2.2.0 - Contributor+ Stored XSS

The Elements kit lite and Elements kit pro WordPress Plugins 2.2.0 have a number of widgets that are vulnerable to stored Cross-Site Scripting XSS by lower-privileged users such as contributors, all via a similar method. The “fun fact” widget accepts an “ekitfunfacttitlesize” parameter. Although...

4CVSS0.00626EPSS
Exploits0References1Affected Software2
WPVulnDB
WPVulnDB
added 2021/02/06 12:0 a.m.32 views

Paid Membership Pro < 2.5.3 - Unauthorised Order Information Disclosure

The pmprogetorderjson AJAX action, available to authenticated user did not check for authorisation, allowing any authenticated users to retrieve arbitrary order information such as customer names, email addresses, and order numbers via the orderid parameter. PoC...

2.7AI score
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2021/01/29 12:0 a.m.32 views

Modern Events Calendar Lite < 5.16.5 - Authenticated Arbitrary File Upload leading to RCE

The plugin did not properly check the imported file, allowing PHP ones to be uploaded by administrator by using the 'text/csv' content-type in the request. The issue could also be exploited via a CRSF attack, as such check was also missing. PoC...

2.8AI score0.88158EPSS
Exploits9Affected Software1
WPVulnDB
WPVulnDB
added 2020/12/14 12:0 a.m.32 views

Limit Login Attempts Reloaded < 2.17.4 - Login Rate Limiting Bypass

When the plugin is configured with a custom header in its Trusted IP Origins setting e.g X-Forwarded-For, attackers could bypass the protection offered by tampering the header sent in requests...

5CVSS2.6AI score0.04348EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
added 2020/08/24 12:0 a.m.32 views

Autoptimize < 2.7.7 - Authenticated Arbitrary File Upload

The aoccssimport AJAX call does not ensure that the file provided is a legitimate Zip file, allowing high privilege users to upload arbitrary files, such as PHP, leading to RCE. PoC https://drive.google.com/file/d/1siZsDiJsYRCw58Ksram5zBJOVbs-Hio1/view?usp=sharing POST /wp-admin/admin-ajax.php...

6.5CVSS0.5AI score0.13139EPSS
Exploits6References1Affected Software1
WPVulnDB
WPVulnDB
added 2020/05/28 12:0 a.m.32 views

bbPress < 2.6.5 - Unauthenticated Privilege Escalation when New User Registration enabled

Raphael Karger discovered an unauthenticated privilege escalation issue when new user registration is enabled...

7.5CVSS3.4AI score0.43879EPSS
Exploits7References2Affected Software1
WPVulnDB
WPVulnDB
added 2019/02/14 12:0 a.m.32 views

WP Cost Estimation < 9.644 - Arbitrary File Upload and Delete

The WPEstimationForm WordPress plugin was affected by an Arbitrary File Upload and Delete security vulnerability...

2.3AI score
Exploits0References2Affected Software1
WPVulnDB
WPVulnDB
added 2018/11/09 12:0 a.m.32 views

Buddyforms < 2.2.8 - SQL Injection

The Contact – Registration – Post Form Builder & FrontEnd Editor BuddyForms – Making WordPress Forms A Breeze WordPress plugin was affected by a SQL Injection security vulnerability...

7.5CVSS2AI score0.01833EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2018/02/06 12:0 a.m.32 views

flickrRSS <= 5.3.1 - XSS and CSRF

The flickr-rss WordPress plugin was affected by a XSS and CSRF security vulnerability...

6.8CVSS3.9AI score0.00918EPSS
Exploits4References1Affected Software1
WPVulnDB
WPVulnDB
added 2016/04/12 12:0 a.m.32 views

WordPress <= 4.4.2 - Script Compression Option CSRF

...

6.8CVSS1.7AI score0.02489EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2016/04/12 12:0 a.m.32 views

WordPress <= 4.4.2 - SSRF Bypass using Octal & Hexedecimal IP addresses

...

5CVSS1.1AI score0.04565EPSS
Exploits0References2Affected Software1
WPVulnDB
WPVulnDB
added 2016/02/25 12:0 a.m.32 views

User Submitted Posts <= 20151113 - Stored Cross-Site Scripting (XSS)

The User Submitted Posts WordPress plugin was affected by a Stored Cross-Site Scripting XSS security vulnerability...

4.3CVSS0.7AI score0.01177EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
added 2015/07/25 12:0 a.m.32 views

Music Store <= 1.0.14 - Referer Header Open Redirect

The Music Store – WordPress eCommerce WordPress plugin was affected by a Referer Header Open Redirect security vulnerability. PoC GET /wp-content/plugins/music-store/ms-core/ms-submit.php HTTP/1.1 Host: localhost Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8 Accept-Languag...

0.4AI score
Exploits0References3Affected Software1
Total number of security vulnerabilities5000