Lucene search
K
WpvulndbMost viewed

14602 matches found

WPVulnDB
WPVulnDB
added 2021/04/17 12:0 a.m.31 views

WordPress Download Manager < 3.1.18 - Unauthorised Download Duplication

The duplicate method, hooked to the admininit action did not have any CSRF and authorisation checks, allowing unauthorised users such as unauthenticated ones to duplicate arbitrary downloads PoC As an unauthenticated or authenticated user, open the following URL to duplicate the Download with id...

2.5AI score
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2021/04/16 12:0 a.m.31 views

Outdated php-mod/curl Library - Unauthenticated Reflected Cross-Site Scripting (XSS)

The original submission stated that the HT Slider Range for Amazon affiliates plugin for WordPress had a reflected XSS vulnerability. After investigation WPScanTeam, the cause was found to be test files from the php-mod/curl library, which was missing appropriate response headers before outputtin...

0.9AI score0.01261EPSS
Exploits2References1Affected Software5
WPVulnDB
WPVulnDB
added 2021/02/06 12:0 a.m.31 views

Wyzi < 2.4.3 - Reflected Cross-Site Scripting (XSS)

The Wyzi Theme was affected by reflected XSS vulnerabilities in the business search feature PoC https://example.com/business/?keyword=%22%3E%3Cimg%20src=x%20onerror=alert/XSS/%3Easd&wyz-loc-filter-txt;=&loc-filter-txt;=&loc-filter-lat;=&loc-filter-lng;===0...

0.4AI score
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2020/11/12 12:0 a.m.31 views

Good LMS < 2.1.5 - Unauthenticated SQL Injection

The Good LMS WordPress plugin was vulnerable to Unauthenticated SQL Injection in its 'id' parameter of the gdlrlmscancelbooking action. PoC POST /wp-admin/admin-ajax.php HTTP/1.1 action=gdlrlmscancelbooking=SELECT 1337 FROM SELECTSLEEP10MrMV...

7.5CVSS2.3AI score0.1064EPSS
Exploits2References2Affected Software1
WPVulnDB
WPVulnDB
added 2020/01/02 12:0 a.m.31 views

Postie <= 1.9.40 - Post Submission Spoofing & Stored XSS

"The Postie plugin for WordPress only allows posting of articles submitted by authorized users through a mailing list registered in the plugin settings. However through the email sender's spoofing technique, it was possible to bypass the plugin settings and publish a post as having been sent by a...

5CVSS1.6AI score0.03376EPSS
Exploits6References1Affected Software1
WPVulnDB
WPVulnDB
added 2019/07/27 12:0 a.m.31 views

Animate It < 2.3.6 - XSS

The Animate It! WordPress plugin was affected by a XSS security vulnerability...

6.8CVSS2.5AI score0.00941EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2019/07/03 12:0 a.m.31 views

Visitors Traffic Real Time Statistics < 1.13 - CSRF to Stored XSS/SQLi

A CSRF vulnerability in the plugin gives attackers the possibility to craft an AJAX request, which lets blog administrators alter plugin settings. Due to a lack of encoding for malicious data when displaying it in the admin backend, there is a Stored XSS. Also, as the user input coming from the...

6.8CVSS3AI score0.00795EPSS
Exploits1References2Affected Software1
WPVulnDB
WPVulnDB
added 2017/11/08 12:0 a.m.31 views

WPML Translation Management <= 2.4.1 - PHP Object Injection

The wpml-translation-management WordPress plugin was affected by a PHP Object Injection security vulnerability...

1.8AI score
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2017/01/11 12:0 a.m.31 views

WordPress 2.9-4.7 - Authenticated Cross-Site scripting (XSS) in update-core.php

...

4.3CVSS1.9AI score0.01755EPSS
Exploits0References2Affected Software1
WPVulnDB
WPVulnDB
added 2016/08/15 12:0 a.m.31 views

Peter's Login Redirect <= 2.9.0 - Cross-Site Scripting (XSS) & CSRF

The Peter's Login Redirect WordPress plugin was affected by a Cross-Site Scripting XSS & CSRF security vulnerability...

4.3CVSS1.9AI score0.00923EPSS
Exploits0References2Affected Software1
WPVulnDB
WPVulnDB
added 2015/08/05 12:0 a.m.31 views

WordPress <= 4.2.3 - Timing Side Channel Attack

...

5CVSS1.7AI score0.08354EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2015/08/04 12:0 a.m.31 views

WordPress <= 4.2.3 - wp_untrash_post_comments SQL Injection

...

7.5CVSS1.8AI score0.10986EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2015/07/08 12:0 a.m.31 views

SEO SearchTerms Tagging 2 <= 1.535 - XSS & Authenticated SQL Injection

Plugin is still affected and has been closed...

6.5CVSS2.1AI score0.01756EPSS
Exploits2References2Affected Software1
WPVulnDB
WPVulnDB
added 2015/06/09 12:0 a.m.31 views

Aviary Image Editor Add-on For Gravity Forms <= 3.0beta - Unauthenticated File Upload

There is a remote file upload vulnerability in aviary-image-editor-add-on-for-gravity-forms/includes/upload.php. An unauthenticated user can upload any file to the system, including PHP files. upload.php does not check that the user is authenticated and a simple POST request will allow arbitrary...

7.5CVSS4.2AI score0.40595EPSS
Exploits3References3Affected Software1
WPVulnDB
WPVulnDB
added 2015/05/15 12:0 a.m.31 views

Awesome Support < 3.1.7 - XSS & Shortcodes Allowed in Replies

The Awesome Support – WordPress HelpDesk & Support Plugin WordPress plugin was affected by a XSS & Shortcodes Allowed in Replies security vulnerability...

5CVSS1.3AI score0.01389EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2015/04/21 12:0 a.m.31 views

WordPress 3.9-4.1.1 - Same-Origin Method Execution

...

4.3CVSS1.8AI score0.06044EPSS
Exploits1References2Affected Software1
WPVulnDB
WPVulnDB
added 2015/04/20 12:0 a.m.31 views

WordPress SEO by Yoast <= 2.0.1 - Cross-Site Scripting (XSS)

The wordpress-seo-premium WordPress plugin was affected by a Cross-Site Scripting XSS security vulnerability...

1.7AI score
Exploits0References2Affected Software1
WPVulnDB
WPVulnDB
added 2015/03/29 12:0 a.m.31 views

VideoWhisper Video Presentation 3.31.17 - Remote File Upload

Vendor marked as won't fix. See references...

7.5CVSS3AI score0.04989EPSS
Exploits1References5Affected Software1
WPVulnDB
WPVulnDB
added 2014/10/23 12:0 a.m.31 views

Creative Contact Form <= 0.9.7 - Shell Upload

The Creative Contact Form WordPress plugin was affected by a Shell Upload security vulnerability...

7.5CVSS1.7AI score0.91656EPSS
Exploits2References2Affected Software1
WPVulnDB
WPVulnDB
added 2014/08/01 10:59 a.m.31 views

Social Sharing Toolkit 2.1.1 - Unspecified XSS

The Social Sharing Toolkit WordPress plugin was affected by an Unspecified XSS security vulnerability...

4.3CVSS2.4AI score0.01602EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2014/08/01 10:58 a.m.31 views

CommentLuv 2.92.3 - Cross Site Scripting

The CommentLuv WordPress plugin was affected by a Cross Site Scripting security vulnerability...

4.3CVSS2.1AI score0.04546EPSS
Exploits3References4Affected Software1
WPVulnDB
WPVulnDB
added 2014/08/01 10:58 a.m.31 views

GD Star Rating 1.9.22 - Cross-Site Request Forgery (CSRF)

The gd-star-rating WordPress plugin was affected by a Cross-Site Request Forgery CSRF security vulnerability...

6.8CVSS3.4AI score0.01014EPSS
Exploits1References3Affected Software1
WPVulnDB
WPVulnDB
added 2012/04/23 12:0 a.m.31 views

Organizer <= 1.2.1 - Cross Site Scripting / Path Disclosure

Plugin is still affected and has been closed...

5CVSS1.6AI score0.03254EPSS
Exploits2References3Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/21 12:0 a.m.30 views

Contact Form Plugin by Fluent Forms < 5.1.17 - Unauthenticated Limited Privilege Escalation

Description The plugin is vulnerable to privilege escalation due to a missing capability check on the /wp-json/fluentform/v1/managers REST API endpoint. This makes it possible for unauthenticated attackers to grant users with Fluent Form management permissions which gives them access to all of th...

9.8CVSS6.6AI score0.02333EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/07 12:0 a.m.30 views

WP Migrate Pro < 2.6.11 - Unauthenticated PHP Object Injection

Description The WP Migrate Pro plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.6.10 via deserialization of untrusted input. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present in the vulnerab...

10CVSS7.4AI score0.00683EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/25 12:0 a.m.30 views

LoginPress Pro < 3.0.0 - Captcha Bypass

Description The plugin is vulnerable to Bypass, allowing unauthenticated attackers to bypass the Captcha Verification...

5.3CVSS5.3AI score0.0043EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/03 12:0 a.m.30 views

WP SMS < 6.6.3 - Cross-Site Request Forgery

Description The WP SMS plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 6.6.2. This is due to missing or incorrect nonce validation. This makes it possible for unauthenticated attackers to perform an unauthorized action via a forged request grante...

8.8CVSS6.7AI score0.00241EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/03/13 12:0 a.m.30 views

Malware Scanner < 4.7.3 and Web Application Firewall < 2.1.2 - Unauthenticated Privilege Escalation

Description The plugin does not prevent unauthenticated users from resetting any account's password, allowing them to takeover sites by resetting one of its administrators' password. PoC curl --url 'http://vulnerable-site.tld/wp-login.php' --data...

9.8CVSS9.6AI score0.01712EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/26 12:0 a.m.30 views

File Manager < 7.2.2 - Sensitive Information Exposure via Backup Filenames

Description The plugin is vulnerable to Sensitive Information Exposure due to insufficient randomness in the backup filenames, which use a timestamp plus 4 random digits. This makes it possible for unauthenticated attackers, to extract sensitive data including site backups in configurations where...

5CVSS6.5AI score0.01029EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/05 12:0 a.m.30 views

Brave Popup Builder < 0.6.3 - Authenticated (Administrator+) Stored Cross-Site Scripting

Description The Brave – Create Popup, Optins, Lead Generation, Survey, Sticky Elements & Interactive Content plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 0.6.2 due to insufficient input sanitization and output escaping...

5.9CVSS5.9AI score0.00336EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/05 12:0 a.m.30 views

E2Pdf < 1.20.24 - Authenticated(Administrator+) SQL Injection

Description The E2Pdf – Export To Pdf Tool for WordPress plugin for WordPress is vulnerable to SQL Injection via an unknown parameter in all versions up to 1.20.24 exclusive due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query...

7.6CVSS7.4AI score0.00534EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/03 12:0 a.m.30 views

Frontend Admin by DynamiApps Plugin < 3.18.4 - Unauthenticated Arbitrary File Upload

Description The plugin is vulnerable to arbitrary file uploads due to missing file type validation in the 'ajaxaddattachment' function, allowing unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible...

10CVSS9.9AI score0.00617EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/12/26 12:0 a.m.30 views

Menu Image, Icons made easy < 3.11 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5.9CVSS4.7AI score0.00352EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/12/23 12:0 a.m.30 views

Simple Counter <= 1.0.2 - Authenticated (Administrator+) Stored Cross-Site Scripting via settings

Description The Simple Counter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...

5.9CVSS5.7AI score0.00325EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2023/12/15 12:0 a.m.30 views

Duplicator < 1.3.0 - Unauthenticated RCE

Description The plugin does not properly escape values when its installer script replaces values in WordPress configuration files. If this installer script is left on the site after use, it could be use to run arbitrary code on the server. PoC Steps to Reproduce Setup Download WAMP with the...

9.8CVSS6.9AI score0.00916EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2023/12/02 12:0 a.m.30 views

JetBlocks For Elementor < 1.3.8.1 - Reflected Cross Site Scripting

Description The JetBlocks for Elementor plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 1.3.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in...

7.1CVSS6.2AI score0.00412EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/28 12:0 a.m.30 views

Porto Theme - Functionality < 2.12.1 - Unauthenticated SQL Injection

Description The Porto Theme - Functionality plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 2.11.1 due to insufficient escaping on a user supplied parameter and lack of sufficient preparation on an existing SQL query. This makes it possible for unauthenticate...

9.8CVSS7.8AI score0.00774EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2023/11/23 12:0 a.m.30 views

UserPro < 5.1.5 - Missing Authorization to Arbitrary Shortcode Execution via userpro_shortcode_template

Description The UserPro plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'userproshortcodetemplate' function in versions up to, and including, 5.1.4. This makes it possible for unauthenticated attackers to arbitrary shortcode execution. An...

6.5CVSS6.8AI score0.00903EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/23 12:0 a.m.30 views

User Submitted Posts < 20230914 - Unauthenticated Arbitrary File Upload

Description The User Submitted Posts plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the uspattachimages function in versions up to, and including, 20230902. This makes it possible for unauthenticatedattackers to upload arbitrary files as long a...

9.8CVSS8.1AI score0.00903EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/23 12:0 a.m.30 views

Master Slider Pro <= 3.6.5 - Unauthenticated PHP Object Injection

Description The Master Slider Pro plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.6.5 via deserialization of untrusted input. This makes it possible for unauthenticated attackers to inject a PHP Object. No POP chain is present in the vulnerable...

9.8CVSS9.1AI score0.00388EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2023/11/18 12:0 a.m.30 views

Paid Memberships Pro < 2.12.4 - Subscriber+ Arbitrary File Upload

Description The plugin does not properly validate file type in its pmpropaypalexpresssessionvarsforuserfields function, which could allow any authenticated users, such as subscriber to upload arbitrary files on the server. Note: Exploitation of the issue requires 2Checkout deprecated since versio...

8.8CVSS7AI score0.51535EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/08/16 12:0 a.m.30 views

Canto < 3.0.5 - Unauthenticated Remote File Inclusion

Description The Canto WordPress plugin was affected by an Unauthenticated File Inclusion security vulnerability...

9.8CVSS7AI score0.0562EPSS
Exploits7Affected Software1
WPVulnDB
WPVulnDB
added 2023/07/29 12:0 a.m.30 views

Ninja Forms < 3.6.26 - Reflected Cross-Site Scripting

Description The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

7.1CVSS5.8AI score0.0601EPSS
Exploits6Affected Software1
WPVulnDB
WPVulnDB
added 2023/06/26 12:0 a.m.30 views

AN_GradeBook <= 5.0.1 - Subscriber+ SQLi

The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as subscriber PoC Access the following URL to demonstrate SQLi:...

8.8CVSS9.6AI score0.0464EPSS
Exploits5Affected Software1
WPVulnDB
WPVulnDB
added 2023/06/06 12:0 a.m.30 views

Getwid < 1.8.4 - Subscriber+ SSRF

The plugin does not validate a parameter via the getremotecontent REST API endpoint before making a request to it, which could allow any authenticated users, such as subscriber to perform SSRF attack. Note: We do not consider flushing of cache to be a security issue, therefore CVE-2023-1910 has n...

9.6CVSS10AI score0.00606EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/06/06 12:0 a.m.30 views

Abandoned Cart Lite for WooCommerce < 5.15.0 - Authentication Bypass

The plugin does not use adequate cryptographic practices to secure its cart link decoding process, allowing unauthenticated attackers to bypass authentication and login as customers who have abandoned their carts...

9.8CVSS7.3AI score0.41077EPSS
Exploits5Affected Software1
WPVulnDB
WPVulnDB
added 2023/06/05 12:0 a.m.30 views

Formidable Forms < 6.3.1 - Subscriber+ Remote Code Execution

The plugin does not adequately authorize the user or validate the plugin URL in its functionality for installing add-ons. This allows a user with a role as low as Subscriber to install and activate arbitrary plugins of arbitrary versions from the WordPress.org plugin repository onto the site,...

8.8CVSS6.6AI score0.22452EPSS
Exploits3Affected Software1
WPVulnDB
WPVulnDB
added 2023/05/24 12:0 a.m.30 views

Drag and Drop Multiple File Upload – Contact Form 7 < 1.3.6.6 - File Upload and File deletion via CSRF

The plugin is lacking CSRF and validation when uploading or deleting files, which could allow attackers to make a logged-in admin upload or delete files via a CSRF attack...

8.8CVSS6.9AI score0.00248EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/05/22 12:0 a.m.30 views

MStore API < 3.9.2 - Authentication Bypass

The plugin does not properly verify the user provided when syncing their cart via its REST API, allowing unauthenticated users to login as an arbitrary user by providing their ID...

9.8CVSS7AI score0.03805EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/05/02 12:0 a.m.30 views

Easy Digital Downloads < 3.1.1.4.2 - Unauthenticated Privilege Escalation

The plugin does not have authorisation and CSRF in its AJAX action, allowing unauthenticated users to call it, one in particular could allow them to reset any account's password by knowing the username...

9.8CVSS9AI score0.031EPSS
Exploits0Affected Software1
Total number of security vulnerabilities5000