Lucene search
K
WpvulndbMost viewed

14603 matches found

WPVulnDB
WPVulnDB
added 2016/04/12 12:0 a.m.32 views

WordPress <= 4.4.2 - Script Compression Option CSRF

...

6.8CVSS1.7AI score0.02489EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2016/04/12 12:0 a.m.32 views

WordPress <= 4.4.2 - SSRF Bypass using Octal & Hexedecimal IP addresses

...

5CVSS1.1AI score0.04565EPSS
Exploits0References2Affected Software1
WPVulnDB
WPVulnDB
added 2015/07/25 12:0 a.m.32 views

Music Store <= 1.0.14 - Referer Header Open Redirect

The Music Store – WordPress eCommerce WordPress plugin was affected by a Referer Header Open Redirect security vulnerability. PoC GET /wp-content/plugins/music-store/ms-core/ms-submit.php HTTP/1.1 Host: localhost Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8 Accept-Languag...

0.4AI score
Exploits0References3Affected Software1
WPVulnDB
WPVulnDB
added 2015/06/04 12:0 a.m.32 views

zM Ajax Login & Register 1.0.9 - Local File Inclusion & XSS

The ZM Ajax Login & Register WordPress plugin was affected by a Local File Inclusion & XSS security vulnerability...

5CVSS2.3AI score0.13405EPSS
Exploits5References2Affected Software1
WPVulnDB
WPVulnDB
added 2015/05/25 12:0 a.m.32 views

Free Counter 1.1 - Cross-Site Scripting (XSS)

The Free counter WordPress plugin was affected by a Cross-Site Scripting XSS security vulnerability...

4.3CVSS1.6AI score0.04579EPSS
Exploits5References2Affected Software1
WPVulnDB
WPVulnDB
added 2014/12/20 12:0 a.m.32 views

Post to Twitter <= 0.7 - CSRF & XSS

The post-to-twitter WordPress plugin was affected by a CSRF & XSS security vulnerability...

6.8CVSS2.1AI score0.01015EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2014/12/12 12:0 a.m.32 views

WP-ViperGB 1.3.10 - XSS Weakness & CSRF

The WP-ViperGB WordPress plugin was affected by a XSS Weakness & CSRF security vulnerability...

6.8CVSS2.3AI score0.01151EPSS
Exploits1References3Affected Software1
WPVulnDB
WPVulnDB
added 2014/08/01 10:58 a.m.32 views

AdRotate <= 3.9.4 - clicktracker.php track Parameter SQL Injection

The AdRotate – Ad manager & AdSense Ads WordPress plugin was affected by a clicktracker.php track Parameter SQL Injection security vulnerability...

7.5CVSS2.9AI score0.05412EPSS
Exploits7References2Affected Software1
WPVulnDB
WPVulnDB
added 2014/08/01 10:58 a.m.32 views

WordPress 3.4 - 3.5.1 DoS in class-phpass.php

...

4.3CVSS0.9AI score0.03373EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2014/08/01 12:0 a.m.32 views

Duplicate Post 2.5 - duplicate-post-admin.php User Login Cookie Value SQL Injection

The Yoast Duplicate Post WordPress plugin was affected by a duplicate-post-admin.php User Login Cookie Value SQL Injection security vulnerability...

7.5CVSS2.2AI score0.01795EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2013/06/21 12:0 a.m.32 views

WordPress 3.5-3.5.1 Multiple Role Remote Privilege Escalation

...

4CVSS2.5AI score0.01765EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2024/06/11 12:0 a.m.31 views

YITH WooCommerce Wishlist < 3.33.0 - Authenticated (Admin+) Stored Cross-Site Scripting

Description The YITH WooCommerce Wishlist plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to 3.33.0 exclusive due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

5.9CVSS5.7AI score0.00261EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/03/21 12:0 a.m.31 views

Advanced Access Manager < 6.9.21 - Admin+ Stored Cross-Site Scripting

Description The plugin does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5.9CVSS6AI score0.00375EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/03/13 12:0 a.m.31 views

WooCommerce < 8.4.0 - Reflected Cross-Site Scripting

Description The plugin does not properly sanitize user-input provided by the addqueryarg function when echoed back into JavaScript code context. PoC http://vulnerable-site.tld/wp-admin/edit-comments.php?%27;alert1//...

7.3AI score
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/03/01 12:0 a.m.31 views

Master Slider <= 3.9.10 - Contributor+ Stored XSS

Description The plugin is vulnerable to Stored Cross-Site Scripting via the plugin's msslide shortcode due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject...

6.4CVSS5.9AI score0.00433EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/02/16 12:0 a.m.31 views

MasterStudy LMS WordPress Plugin – for Online Courses and Education < 3.2.6 - Unauthenticated SQL Injection

Description The MasterStudy LMS WordPress Plugin – for Online Courses and Education plugin for WordPress is vulnerable to union based SQL Injection via the 'user' parameter of the /lms/stm-lms/order/items REST route in all versions up to, and including, 3.2.5 due to insufficient escaping on the...

9.8CVSS7.5AI score0.77729EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/02/14 12:0 a.m.31 views

Canto < 3.0.7 - Unauthenticated RCE

Description The plugin is vulnerable to Remote Code Execution via the 'abspath' parameter due to the use of the includeonce statement on the parameter allowing remote file inclusion. This makes it possible for unauthenticated attackers to execute code on the server...

10CVSS9.9AI score0.00687EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/02/13 12:0 a.m.31 views

Enhanced Text Widget < 1.6.6 - Admin+ Stored XSS

Description The plugin does not validate and escape some of its Widget options before outputting them back in attributes, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in...

5.1AI score0.00497EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/12/22 12:0 a.m.31 views

Paid Memberships Pro < 2.12.6 - Missing Authorization via API

Description The Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions plugin for WordPress is vulnerable to unauthorized modification of membership levels created by the plugin due to an incorrectly implemented capability check in the pmprorestapigetpermissionscheck...

5.3CVSS6.7AI score0.00508EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/23 12:0 a.m.31 views

Comment Blacklist Updater < 1.2.0 - Cross-Site Request Forgery via update_blacklist_manual

Description The Comment Blacklist Updater plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.0. This is due to missing or incorrect nonce validation on the 'updateblacklistmanual' function. This makes it possible for unauthenticated attackers to...

6.6AI score0.00485EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/23 12:0 a.m.31 views

Olive One Click Demo Import <= 1.0.9 - Authenticated (Administrator+) Arbitrary File Upload in olive_one_click_demo_import_save_file

Description The Olive One Click Demo Import plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the oliveoneclickdemoimportsavefile function in versions up to, and including, 1.0.9. This makes it possible for authenticated attackers, with...

9.1CVSS8AI score0.0064EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2023/11/03 12:0 a.m.31 views

LearnDash LMS < 4.5.3.1 - SQL Injection

Description The plugin does not properly neutralize special elements used in an SQL command, leading to potential SQL injection vulnerability...

8.8CVSS7.5AI score0.00684EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/10/20 12:0 a.m.31 views

Ad Inserter – Ad Manager & AdSense Ads < 2.7.31 - Unauthenticated Sensitive Information Exposure

Description The plugin is vulnerable to Sensitive Information Exposure via the ai-debug-processing-fe URL parameter...

7.5CVSS6.4AI score0.00512EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/10/20 12:0 a.m.31 views

Slimstat Analytics < 5.0.10 - Contributor+ SQL Injection

Description The plugin is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 5.0.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers wit...

8.8CVSS6.6AI score0.00916EPSS
Exploits4Affected Software1
WPVulnDB
WPVulnDB
added 2023/08/09 12:0 a.m.31 views

eaSYNC <= 1.3.8 - Reflected Cross-Site Scripting

Description The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

7.1CVSS5.8AI score0.00331EPSS
Exploits0
WPVulnDB
WPVulnDB
added 2023/07/24 12:0 a.m.31 views

WP-EMail < 2.69.1 - Admin+ Stored Cross-Site Scripting

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC 1. In the "Email Options" section...

4.8CVSS4.7AI score0.00402EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2023/05/30 12:0 a.m.31 views

Ultimate Member < 2.6.1 - Form Duplication via CSRF

The plugin does not have CSRF checks when duplicating a form, which could allow attackers to make logged in admins perform such actions via a CSRF attack...

8.8CVSS6.7AI score0.00227EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/05/16 12:0 a.m.31 views

PixelYourSite < 9.6.2 - Admin+ Stored Cross-Site Scripting

The plugin does not properly sanitize input and escape output in admin settings, leading to Stored Cross-Site Scripting vulnerabilities. This issue affects multi-site installations and installations with disabled unfilteredhtml...

4.8CVSS5.9AI score0.00516EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/05/10 12:0 a.m.31 views

Google Analytics by Monster Insights < 8.14.1- Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

6.5CVSS5.8AI score0.0037EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/05/04 12:0 a.m.31 views

Advanced Custom Fields < 6.1.6 - Reflected XSS

The plugins do not escape the poststatus parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin PoC Make a logged in admin open...

7.1CVSS6.1AI score0.38768EPSS
Exploits3Affected Software2
WPVulnDB
WPVulnDB
added 2023/04/13 12:0 a.m.31 views

FooGallery < 2.2.41 - Reflected XSS

The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

7.1CVSS6AI score0.01747EPSS
Exploits1Affected Software1
WPVulnDB
WPVulnDB
added 2023/03/10 12:0 a.m.31 views

RapidLoad Power-Up for Autoptimize < 1.7.2 - Multiple Subscriber+ Unauthorised AJAX Calls

The plugin does not have authorisation and CSRF checks in multiple AJAX actions, which could allow users with a role as low as subscriber or an attacker making any authenticated user open a malicious page to call them and modify the plugins cache, add a new license, delete logs files, update cach...

6.3CVSS5.2AI score0.01024EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/03/08 12:0 a.m.31 views

Drag and Drop Multiple File Upload PRO - Contact Form 7 with Remote Storage Integrations < 5.0.6.3 - Path Traversal

The plugin does not properly check the value of the input "uploaddir", which is modifiable by the user. As a result, by changing the value of this input, it's possible to upload a file anywhere writable in the webserver. PoC 1. Create a contact form and add a "multiple file upload" field. 2. Add...

9.8CVSS8.9AI score0.03004EPSS
Exploits3Affected Software1
WPVulnDB
WPVulnDB
added 2023/02/27 12:0 a.m.31 views

Slimstat Analytics < 4.9.3.3 - Subscriber+ SQL Injection

The plugin does not prevent subscribers from rendering shortcodes that concatenates attributes directly into an SQL query. PoC While logged in as a subscriber, send the following request: await fetch'/wp-admin/admin-ajax.php',method:'POST', headers: 'Content-Type':...

8.8CVSS8.7AI score0.05141EPSS
Exploits3Affected Software1
WPVulnDB
WPVulnDB
added 2023/01/06 12:0 a.m.31 views

miniOrange WordPress SAML SSO Premium < 12.1.0 - Open Redirect in SSO login

The plugin does not validate that the redirect parameter to its SSO login endpoint points to an internal site URL, making it vulnerable to an Open Redirect issue when the user is already logged in...

6.1CVSS2AI score0.0061EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2022/12/27 12:0 a.m.31 views

Mongoose Page Plugin < 1.9.0 - Contributor+ Stored XSS via Shortcode

The plugin does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack. PoC Exploit shortcode: facebook-page-plugin href='test.js' method='sdk' language='" onerror="alert1"'...

5.4CVSS4.1AI score0.00471EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/12/08 12:0 a.m.31 views

White Label CMS < 2.5 - Admin+ PHP Object Injection

The plugin unserializes user input provided via the settings, which could allow high-privilege users such as admin to perform PHP Object Injection when a suitable gadget is present. PoC To simulate a gadget chain, put the following code in a plugin: class Evil public function wakeup : void...

7.2CVSS0.5AI score0.17686EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/11/09 12:0 a.m.31 views

WPML < 4.5.14 - CSRF

The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks such as change the status of a translation job...

8.8CVSS4.5AI score0.00298EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2022/09/05 12:0 a.m.31 views

OAuth client Single Sign On for WordPress < 3.0.4 - Unauthenticated Settings Update to Authentication Bypass

The plugin does not have authorisation and CSRF when updating its settings, which could allow unauthenticated attackers to update them and change the OAuth endpoints to ones they controls, allowing them to then be authenticated as admin if they know the correct email address PoC POST / HTTP/1.1...

7.5CVSS3.5AI score0.00368EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/07/18 12:0 a.m.31 views

MultiSafepay < 4.16.0 - Unauthenticated Arbitrary File Access

The plugin does not validate a parameter which could allow unauthenticated users to read arbitrary files on the web server...

7.5CVSS4.2AI score0.02193EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2022/07/12 12:0 a.m.31 views

weForms < 1.6.14 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. PoC On the dashboard navigate to weForms All Forms Add Form Choose Contact Form; Click Create Form...

4.8CVSS0.7AI score0.00493EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/07/11 12:0 a.m.31 views

GiveWP < 2.21.3 - Admin+ Stored Cross-Site Scripting

The plugin does not properly sanitise and escape the currency settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfilteredhtml capability is disallowed for example in multisite setup PoC Get a REST nonce logged in as admin:...

4.8CVSS4.8AI score0.00511EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/06/17 12:0 a.m.31 views

Popup Builder < 4.1.1 - Popup Status Change via CSRF

The plugin does not have CSRF check in place when updating Popup status, which could allow attackers to make a logged in admin update them via a CSRF attack...

5.4CVSS4.5AI score0.00273EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2022/05/16 12:0 a.m.31 views

Photo Gallery < 1.6.4 - Admin+ Stored Cross-Site Scripting

The plugin does not properly validate and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks when unfilteredhtml is disallowed PoC Go to Photo Gallery Global Settings Watermark Using the web browser inspector, change the input...

4.8CVSS0.7AI score0.00995EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/03/02 12:0 a.m.31 views

Amelia < 1.0.47 - Unauthenticated Stored XSS via lastName

The plugin is vulnerable to Cross-Site Scripting due to insufficient escaping and sanitization of the lastName parameter found in the /src/Application/Controller/User/Customer/AddCustomerController.php file which allows attackers to inject arbitrary web scripts onto a pages that executes whenever...

7.2CVSS4.9AI score0.00519EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2022/02/28 12:0 a.m.31 views

Formcraft3 < 3.8.28 - Unauthenticated SSRF

The plugin does not validate the URL parameter in the formcraft3get AJAX action, leading to SSRF issues exploitable by unauthenticated users PoC https://example.com/wp-admin/admin-ajax.php?action=formcraft3get=https://wpscan.com...

9.1CVSS1.5AI score0.20249EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/02/17 12:0 a.m.31 views

UpdraftPlus Free < 1.22.3 & Premium < 2.22.3 - Subscriber+ Backup Download

The plugins do not properly validate a user has the required privileges to access a backup's nonce identifier, which may allow any users with an account on the site such as subscriber to download the most recent site & database backup. PoC from io import StringIO import requests import gzip impor...

6.5CVSS1.1AI score0.0201EPSS
Exploits3References2Affected Software1
WPVulnDB
WPVulnDB
added 2022/02/16 12:0 a.m.31 views

WP Statistics < 13.1.6 - Unauthenticated Blind SQL Injection via current_page_id

The plugin is vulnerable to SQL Injection due to insufficient escaping and parameterization of the currentpageid parameter found in the /includes/class-wp-statistics-hits.php file which allows attackers without authentication to inject arbitrary SQL queries to obtain sensitive information...

9.8CVSS5.2AI score0.81363EPSS
Exploits4References1Affected Software1
WPVulnDB
WPVulnDB
added 2022/02/14 12:0 a.m.31 views

Video Conferencing with Zoom < 3.8.17 - E-mail Address Disclosure

The plugin does not have authorisation in its vczapigetwpusers AJAX action, allowing any authenticated users, such as subscriber to download the list of email addresses registered on the blog PoC Open the following URL as a subscriber:...

4.3CVSS1.4AI score0.0099EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2022/02/02 12:0 a.m.31 views

Advanced iFrame < 2022 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape the aiconfigid parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting issue PoC...

6.1CVSS1.7AI score0.00788EPSS
Exploits2Affected Software1
Total number of security vulnerabilities5000