Lucene search
K
WpvulndbMost viewed

14602 matches found

WPVulnDB
WPVulnDB
•added 2023/05/22 12:0 a.m.•30 views

MStore API < 3.9.2 - Authentication Bypass

The plugin does not properly verify the user provided when syncing their cart via its REST API, allowing unauthenticated users to login as an arbitrary user by providing their ID...

9.8CVSS7AI score0.03805EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2023/05/02 12:0 a.m.•30 views

Easy Digital Downloads < 3.1.1.4.2 - Unauthenticated Privilege Escalation

The plugin does not have authorisation and CSRF in its AJAX action, allowing unauthenticated users to call it, one in particular could allow them to reset any account's password by knowing the username...

9.8CVSS9AI score0.031EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2023/04/26 12:0 a.m.•30 views

Booking Manager < 2.0.29 - Subscriber+ SSRF

The plugin does not validate URLs input in it's admin panel or in shortcodes for showing events from a remote .ics file, allowing an attacker with privileges as low as Subscriber to perform SSRF attacks on the sites internal network. PoC As an admin: Type in an internal URL for example...

6.3AI score0.00823EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2023/04/10 12:0 a.m.•30 views

Advanced Custom Fields < 5.12.5 - Contributor+ PHP Object Injection

The plugin unserializes user controllable data, which could allow users with a role of Contributor and above to perform PHP Object Injection when a suitable gadget is present. PoC Setup As admin - To simulate a gadget chain, put the following code in a plugin: class Evil public function wakeup :...

8.8CVSS9.5AI score0.0108EPSS
Exploits3Affected Software2
WPVulnDB
WPVulnDB
•added 2023/04/10 12:0 a.m.•30 views

Limit Login Attempts < 1.7.2 - Subscriber+ Stored XSS

The plugin does not sanitize and escape usernames when outputting them back in the logs dashboard, which could allow any authenticated users, such as subscriber to perform Stored Cross-Site Scripting attacks PoC import requests import sys import re if lensys.argv != 4: print'USAGE: python %s ' %...

5.4CVSS5.5AI score0.28799EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2023/02/06 12:0 a.m.•30 views

0mk Shortener <= 0.2 - Stored XSS via CSRF

Description The plugin does not have CSRF check in its settings, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack...

8.8CVSS8.3AI score0.00512EPSS
Exploits1
WPVulnDB
WPVulnDB
•added 2023/02/03 12:0 a.m.•30 views

Metform Elementor Contact Form Builder < 3.2.0 - Unauthenticated Stored XSS

The plugin does not sanitize and escape some of its submitted entry data when outputting them back in the admin dashboard, which could allow unauthenticated attackers to perform Stored XSS attacks against an admin viewing the malicious entry PoC Setup as admin: Create a new form using MetForm...

7.2CVSS6.2AI score0.28565EPSS
Exploits5References1Affected Software1
WPVulnDB
WPVulnDB
•added 2023/01/31 12:0 a.m.•30 views

ShortPixel Adaptive Images < 3.6.3 - Reflected XSS

The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against any high privilege users such as admin PoC https://example.com/?SPAIVJS=%3C/script%3E%3Cimg%20src%3D1%20onerror%3Dalert/XSS/;%3E...

6.1CVSS6AI score0.00881EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2023/01/19 12:0 a.m.•30 views

Mapwiz <= 1.0.1 - Admin+ SQLi

The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin. PoC POST /wp-admin/admin.php?page=myplug/muyplg.php HTTP/1.1...

7.2CVSS7.5AI score0.00957EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
•added 2023/01/12 12:0 a.m.•30 views

Easy Digital Downloads 3.1.0.2 & 3.1.0.3 - Unauthenticated SQLi

The plugin does not properly sanitise and escape the s parameter before using it in a SQL statement via the edddownloadsearch AJAX action , leading to a SQL injection exploitable by unauthenticated users PoC curl...

9.8CVSS1.7AI score0.11172EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
•added 2022/11/30 12:0 a.m.•30 views

Advanced Coupons for WooCommerce Coupons < 4.5.0.1 - Notice Dismiss via CSRF

The plugin does not have CSRF check when dismissing notices, which could allow attackers to make logged in users dismiss the Getting Started notice via a CSRF attack...

5.4CVSS5.4AI score0.00258EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2022/11/10 12:0 a.m.•31 views

Clerk < 4.0.0 - Authentication Bypass and API Keys Disclosure

The plugin is affected by time-based attacks in the validation function for all API requests due to the usage of comparison operators to verify API keys against the ones stored in the site options. PoC - Install the plugin and set the API creds to: - Key:...

7.5CVSS7.5AI score0.00881EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/10/10 12:0 a.m.•30 views

Ocean Extra < 2.0.5 - Admin+ PHP Objection Injection

The plugin unserialises the content of an imported file, which could lead to PHP object injections issues when a high privilege user import intentionally or not a malicious Customizer Styling file and a suitable gadget chain is present on the blog. PoC To simulate a gadget chain, put the followin...

7.2CVSS0.9AI score0.01126EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/08/17 12:0 a.m.•30 views

Download Manager < 3.2.50 - Contributor+ PHAR Deserialization

The plugin does not validate a parameter, which could allow users with a role as low as contributor to perform PHAR deserialisation when a suitable gadget chain is also present...

8.8CVSS4.1AI score0.01408EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2022/08/01 12:0 a.m.•30 views

NEX-Forms < 7.9.7 - Authenticated SQLi

The plugin does not properly sanitise and escape user input before using it in SQL statements, leading to SQL injections. The attack can be executed by anyone who is permitted to view the forms statistics chart, by default administrators, however can be configured otherwise via the plugin setting...

8.8CVSS2.5AI score0.10375EPSS
Exploits5References2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/07/26 12:0 a.m.•30 views

WPGraphQL WooCommerce <= 0.11.0 - Unauthenticated Coupon Codes Disclosure

The plugin does not prevent unauthenticated attackers from enumerating a shop's coupon codes and values via GraphQL. PoC The vulnerability exists due to the plugin only preventing users from leaking coupons using the "coupons" aggregate field, and not the regular "coupon" field. Given a valid...

1.6AI score0.00724EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
•added 2022/07/26 12:0 a.m.•30 views

Feed Them Social < 3.0.1 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting PoC Against any authenticated user: https://example.com/wp-admin/admin-ajax.php?action=ftsencrypttokenajaxtoken=%3Cimg%20src=x%20onerror=alert/XSS/%3E...

6.1CVSS0.00634EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/07/23 12:0 a.m.•30 views

Translatepress Multilinugal < 2.3.3 - Admin+ SQLi

The plugin is vulnerable to an authenticated SQL injection. By adding a new language via the settings page containing specific special characters, the backticks in the SQL query can be surpassed and a time-based blind payload can be injected. PoC To exploit the vulnerability, someone must send a...

8.8CVSS3.8AI score0.03851EPSS
Exploits5References2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/07/05 12:0 a.m.•30 views

FreeMind WP Browser <= 1.2 - Stored Cross-Site Scripting via CSRF

The plugin does not have CSRF check in place when updating its setting, and does not have sanitisation as well as escaping in some of them, which could allow attackers to make a logged in admin put a Cross-Site Scripting payload in them via CSRF attack...

6.1CVSS4.4AI score0.00893EPSS
Exploits1Affected Software1
WPVulnDB
WPVulnDB
•added 2022/07/05 12:0 a.m.•30 views

Login with phone number < 1.3.8 - Multiple Admin+ Stored XSS

The plugin does not sanitise and escape plugin settings which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. PoC Plugin settings Style Settings button border radius or other field put to input field:...

4.8CVSS2AI score0.00579EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/06/17 12:0 a.m.•30 views

GiveWP < 2.21.0 - Donor Information Disclosure

The plugin exposes a REST endpoint to unauthenticated users and disclosing donor information...

5.3CVSS1.5AI score0.00907EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2022/04/18 12:0 a.m.•30 views

Popup by Supsystic < 1.10.9 - Unauthenticated Subscriber Email Addresses Disclosure

The plugin does not have any authentication and authorisation in an AJAX action, allowing unauthenticated attackers to call it and get the email addresses of subscribed users PoC POST /wp-admin/admin-ajax.php HTTP/1.1 Content-Length: 104 Accept: application/json, text/javascript, /; q=0.01...

5.3CVSS2.2AI score0.02869EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/02/28 12:0 a.m.•30 views

SEO Plugin by Squirrly SEO < 11.1.12 - Reflected Cross-Site Scripting

The plugin does not escape the type parameter before outputting it back in an attribute in an admin page, leading to a Reflected Cross-Site Scripting PoC https://example.com/wp-admin/admin.php?page=sqbulkseo=%22+style%3Danimation-name%3Arotation+onanimationstart%3Dalert%28/XSS/%29+xxx=pp...

6.1CVSS0.5AI score0.00788EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/02/23 12:0 a.m.•30 views

WooCommerce < 6.2.1 - Subscriber+ Arbitrary Comment Deletion

The plugin does not have proper authorisation check when deleting reviews, which could allow any authenticated users, such as subscriber to delete arbitrary comment PoC Log in as any user with privileges as low as Subscriber...

3.8AI score0.00675EPSS
Exploits2References2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/02/21 12:0 a.m.•30 views

WPCargo < 6.9.0 - Unauthenticated RCE

The plugin contains a file which could allow unauthenticated attackers to write a PHP file anywhere on the web server, leading to RCE PoC import sys import binascii import requests This is a magic string that when treated as pixels and compressed using the png algorithm, will cause to be written ...

0.7AI score0.56148EPSS
Exploits3Affected Software1
WPVulnDB
WPVulnDB
•added 2022/02/16 12:0 a.m.•30 views

WP Statistics < 13.1.6 - Unauthenticated Blind SQL Injection via IP

The plugin is vulnerable to SQL Injection due to insufficient escaping and parameterization of the IP parameter found in the /includes/class-wp-statistics-hits.php file which allows attackers without authentication to inject arbitrary SQL queries to obtain sensitive information...

9.8CVSS5.1AI score0.77956EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
•added 2022/01/17 12:0 a.m.•30 views

PPOM for WooCommerce < 24.0 - Subscriber+ Settings Update to Stored XSS

The plugin does not have authorisation and CSRF checks in the ppomsettingspanelaction AJAX action, allowing any authenticated to call it and set arbitrary settings. Furthermore, due to the lack of sanitisation and escaping, it could lead to Stored XSS issues PoC 1. Use the new settings panel...

5.4CVSS0.4AI score0.00524EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/01/14 12:0 a.m.•30 views

WP Import Export < 3.9.16 - Unauthenticated Sensitive Data Disclosure

The plugins are vulnerable to unauthenticated sensitive data disclosure due to a missing capability check on the download function wpieprocessfiledownload found in the /includes/classes/class-wpie-general.php file. This made it possible for unauthenticated attackers to download any imported or...

7.5CVSS3.5AI score0.04284EPSS
Exploits2References1Affected Software2
WPVulnDB
WPVulnDB
•added 2021/11/22 12:0 a.m.•30 views

WCFM - WooCommerce Multivendor Marketplace < 3.4.12 - Unauthenticated SQL Injection

The wcfmajaxcontroller AJAX action of the plugin, available to unauthenticated and authenticated user, does not properly sanitise multiple parameters before using them in SQL statements, leading to SQL injections PoC v 3.4.11 POST /wp-admin/admin-ajax.php HTTP/1.1 Accept:...

9.8CVSS1.5AI score0.0848EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2021/10/27 12:0 a.m.•30 views

OptinMonster < 2.6.5 - Unprotected REST-API Endpoints

OptinMonster was missing appropriate capability checks on several REST-API endpoints which made it possible for unauthenticated attackers, and in some instances authenticated with low privileges, to perform unauthorized actions, as well as access sensitive information such as the...

8.2CVSS7.7AI score0.2327EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
•added 2021/10/26 12:0 a.m.•30 views

Ninja Forms < 3.6.4 - Admin+ SQL Injection

The plugin does not escape keys of the fields POST parameter, which could allow high privilege users to perform SQL injections attacks PoC POST /wp-admin/post.php HTTP/1.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: zh,en;q=0.5...

7.2CVSS7AI score0.01275EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2021/08/22 12:0 a.m.•30 views

MicroCopy <= 1.1.0 - Authenticated SQL Injection

The edit functionality in the plugin makes a get request to fetch the related option. The id parameter used is not sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection. PoC GET...

7.2CVSS1.3AI score0.01467EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
•added 2021/08/18 12:0 a.m.•30 views

Shopping Cart & eCommerce Store < 5.1.1 - CSRF to Stored Cross-Site Scripting

The plugin is vulnerable to Cross-Site Request Forgery via the savecurrencysettings function found in the /admin/inc/wpeasycartadmininitialsetup.php file which allows attackers to inject arbitrary web scripts...

8.8CVSS4.9AI score0.00638EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
•added 2021/08/13 12:0 a.m.•30 views

WP Fountain <= 1.5.9 - Reflected Cross-Site Scripting

The plugin is vulnerable to Reflected Cross-Site Scripting due to the use of $SERVER'PHPSELF' in the /wp-fountain.php file which allows attackers to inject arbitrary web scripts...

6.1CVSS4AI score0.00884EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
•added 2021/08/06 12:0 a.m.•30 views

Cookie Notice & Consent Banner for GDPR & CCPA Compliance < 1.7.2 - Authenticated Stored XSS

The plugin does not properly sanitize inputs to prevent injection of arbitrary HTML within the plugin's design customization options. PoC Go to the plugin's Customize Design page and open the "Wizard menu". Now scroll down and you will find an "Info Text" field where you can inject an XSS payload...

5.4CVSS0.3AI score0.00624EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2021/07/22 12:0 a.m.•30 views

WooCommerce Currency Switcher < 1.3.7 - Authenticated (Low Privilege) Local File Inclusion

The WooCommerce Currency Switcher plugin was vulnerable to LFI attacks via the "woocs" shortcode...

3.9AI score0.01316EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
•added 2021/06/21 12:0 a.m.•30 views

Sign-up Sheets < 1.0.14 - Authenticated CSV Injection

The plugin does not not sanitise or validate the Sheet title when generating the CSV to export, which could lead to a CSV injection issue PoC Go to the Sign-up Sheets-- Add New. Enter the following CSV Injection payload in the field "Title", "Details" and "Task" click on save button. =cmd|' /C...

8CVSS0.8AI score0.01308EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2021/06/17 12:0 a.m.•30 views

WP Fluent Forms < 3.6.67 - Cross-Site Request Forgery (CSRF)

The WP Fluent Forms WordPress plugin was vulnerable to a Cross-Site Request Forgery CSRF vulnerability that could lead to Stored Cross-Site Scripting XSS...

8.8CVSS1.7AI score0.02633EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
•added 2021/05/31 12:0 a.m.•30 views

Admin Columns Free < 4.3 & Pro < 5.5.1 - Authenticated Stored Cross-Site Scripting (XSS) in Label

The Admin Columns WordPress plugin, Free and Pro versions, rendered input on the posted pages with improper input validation on the value passed into the field Label parameter, by taking this as an advantage an authenticated attacker can supply a crafted arbitrary script and execute it...

5.4CVSS4.1AI score0.00997EPSS
Exploits1References1Affected Software2
WPVulnDB
WPVulnDB
•added 2021/05/03 12:0 a.m.•30 views

Spam protection, AntiSpam, FireWall by CleanTalk < 5.153.4 - Unauthenticated Blind SQL Injection

It was possible to exploit an Unauthenticated Time-Based Blind SQL Injection vulnerability in the Spam protection, AntiSpam, FireWall by CleanTalk WordPress Plugin before 5.153.4. The updatelog function in lib/Cleantalk/ApbctWP/Firewall/SFW.php included a vulnerable query that could be injected v...

7.5CVSS2.1AI score0.04691EPSS
Exploits1References2Affected Software1
WPVulnDB
WPVulnDB
•added 2021/03/23 12:0 a.m.•30 views

Controlled Admin Access < 1.5.2 - Improper Access Control & Privilege Escalation

An Improper Access Control vulnerability was discovered in the plugin. Uncontrolled access to the website customization functionality and global CMS settings, like /wp-admin/customization.php and /wp-admin/options.php, can lead to a complete compromise of the target resource. Even with the maximu...

10CVSS2.1AI score0.09733EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
•added 2021/02/08 12:0 a.m.•30 views

Welcart e-Commerce < 2.1.1 - Authenticated SQL Injection

The Welcart e-Commerce WordPress plugin, less than version 2.1.1 and possibly below, was vulnerable to authenticated SQLI Injection in the searchordercolumn0 POST parameter of the "/wp-admin/admin.php?page=uscesorderlist" page. PoC Refer to references...

3.6AI score
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
•added 2020/11/09 12:0 a.m.•30 views

Ultimate Member < 2.1.12 - Unauthenticated Privilege Escalation via User Roles

Due to the lack of filtering on the role parameter that could be supplied during the registration process, an attacker could supply the role parameter with a WordPress capability or any custom Ultimate Member role and effectively be granted those privileges. PoC $username, 'firstname-'. $formid =...

7.5CVSS3.2AI score0.02961EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
•added 2020/08/20 12:0 a.m.•30 views

Advanced Access Manager < 6.6.2 - Authenticated Authorization Bypass and Privilege Escalation

A low-privileged user could assign themselves or switch to any role with an equal or lesser user level, or any role that did not have an assigned user level. This could be done by sending a POST request to wp-admin/profile.php with typical profile update parameters and appending a aamuserroles...

6CVSS3AI score0.01463EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
•added 2019/07/22 12:0 a.m.•30 views

Email Subscribers & Newsletters < 4.1.8 - SQL Injection

A SQL injection vulnerability exists in the Icegram Email Subscribers & Newsletters plugin through 4.1.7 for WordPress. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system...

10CVSS6.2AI score0.03679EPSS
Exploits0References3Affected Software1
WPVulnDB
WPVulnDB
•added 2017/08/08 12:0 a.m.•30 views

Loginizer <= 1.3.5 - Blind SQL Injection

Blind SQL injection in the http-header: X-Forwarded-For and possible others...

7.5CVSS3.1AI score0.01843EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
•added 2017/05/16 12:0 a.m.•30 views

WordPress 3.4.0-4.7.4 - XML-RPC Post Meta Data Lack of Capability Checks

...

5CVSS1.9AI score0.04079EPSS
Exploits0References2Affected Software1
WPVulnDB
WPVulnDB
•added 2017/05/16 12:0 a.m.•30 views

WordPress 2.7.0-4.7.4 - Insufficient Redirect Validation

...

5CVSS2.1AI score0.03668EPSS
Exploits0References2Affected Software1
WPVulnDB
WPVulnDB
•added 2017/01/11 12:0 a.m.•30 views

WordPress 3.0-4.7 - Cryptographically Weak Pseudo-Random Number Generator (PRNG)

...

5CVSS1.8AI score0.02886EPSS
Exploits0References2Affected Software1
WPVulnDB
WPVulnDB
•added 2017/01/11 12:0 a.m.•30 views

WordPress 2.8-4.7 - Accessibility Mode Cross-Site Request Forgery (CSRF)

...

6.8CVSS4.3AI score0.0193EPSS
Exploits0References2Affected Software1
Total number of security vulnerabilities5000