Lucene search
K
WpvulndbMost viewed

14602 matches found

WPVulnDB
WPVulnDB
added 2016/05/10 12:0 a.m.30 views

Crayon Syntax Highlighter < 2.8.4 - Multiple XSS

The Crayon Syntax Highlighter WordPress plugin was affected by a Multiple XSS security vulnerability...

4.3CVSS1AI score0.01524EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2016/02/02 12:0 a.m.30 views

WordPress 3.7-4.4.1 - Local URIs Server Side Request Forgery (SSRF)

...

5CVSS2AI score0.09275EPSS
Exploits1References3Affected Software1
WPVulnDB
WPVulnDB
added 2015/10/13 12:0 a.m.30 views

WP-Piwik <= 1.0.4 - Cross-Site Scripting (XSS)

The WP-Matomo Integration WP-Piwik WordPress plugin was affected by a Cross-Site Scripting XSS security vulnerability...

4.3CVSS5.8AI score0.01493EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2015/09/02 12:0 a.m.30 views

BJ Lazy Load <= 0.7.5 - Remote File Inclusion (Timthumb)

The BJ Lazy Load WordPress plugin was affected by a Remote File Inclusion Timthumb security vulnerability...

5CVSS2.3AI score0.03399EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
added 2015/09/02 12:0 a.m.30 views

WPML 2.9.3-3.2.6 - Cross-Site Scripting (XSS) in Accept-Language Header

The sitepress-multilingual-cms WordPress plugin was affected by a Cross-Site Scripting XSS in Accept-Language Header security vulnerability...

4.3CVSS0.7AI score0.0102EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
added 2015/08/28 12:0 a.m.30 views

Job Manager <= 0.7.25 - Insecure Direct Object Reference (IDOR)

It is possible to enumerate the CV filename that is uploaded on the server and then access the CV file by performing a bruteforce attack to the wordpress upload directory structure...

5CVSS2.2AI score0.10031EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
added 2015/05/06 12:0 a.m.31 views

Twenty Fifteen Theme <= 1.1 - DOM Cross-Site Scripting (XSS)

Genericons = 3.2 vulnerable to DOM XSS in the example.html file due to using outdated version of jQuery and vulnerable code. Vulnerable Code: permalink = "genericon-" + window.location.hash.split''1; cssclass = jQuery '.' + permalink .attr'class'; PoC...

4.3CVSS0.1AI score0.03803EPSS
Exploits3References3Affected Software1
WPVulnDB
WPVulnDB
added 2015/03/18 12:0 a.m.30 views

Easy Digital Downloads < 2.3.3 - SQL Injection

The Easy Digital Downloads – Simple Ecommerce for Selling Digital Files WordPress plugin was affected by a SQL Injection security vulnerability...

7.5CVSS2.6AI score0.01953EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2015/01/14 3:31 p.m.30 views

Simple Security <= 1.1.5 - 2 x Cross-Site Scripting (XSS)

The Simple Security WordPress plugin was affected by a 2 x Cross-Site Scripting XSS security vulnerability...

4.3CVSS1.5AI score0.01618EPSS
Exploits3References3Affected Software1
WPVulnDB
WPVulnDB
added 2014/11/30 7:9 p.m.30 views

WordPress 3.9, 3.9.1, 3.9.2, 4.0 - XSS in Media Playlists

...

4.3CVSS2.6AI score0.02839EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2014/08/01 10:58 a.m.30 views

Extend 1.3.7 - Shell Upload

The extend-wordpress WordPress plugin was affected by a Shell Upload security vulnerability...

6.8CVSS2AI score0.23165EPSS
Exploits17References1Affected Software1
WPVulnDB
WPVulnDB
added 2014/08/01 12:0 a.m.30 views

WordPress 3.7.1 & 3.8.1 - Potential Authentication Cookie Forgery

...

6.4CVSS3.9AI score0.0893EPSS
Exploits0References2Affected Software1
WPVulnDB
WPVulnDB
added 2014/08/01 12:0 a.m.30 views

WordPress 3.7.1 & 3.8.1 - Privilege Escalation

Description From the researcher edik who discovered the vulnerability: Using the bulk edit feature you can publish posts and pages PUBLICLY without the publishing-cap. The problem is that there are no checks for publishing-cap's on serverside. It's only protected in UI. How to reproduce: 1. Login...

4CVSS5.8AI score0.02368EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2014/05/28 12:0 a.m.30 views

WooCommerce Swipe <= 2.7.1 - Unauthenticated Reflected XSS

The last time it was checked the plugin was still affected and had been closed. PoC http://www.example.com/wp-content/plugins/swipehq–payment–gateway–woocommerce/test-plugin.php?apiurl=apiurl%27%3E%3Cscript%3Ealert%284%29%3C/script%3E...

4.3CVSS1AI score0.04055EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2012/05/15 12:0 a.m.30 views

Sharebar <= 1.2.1 - SQL Injection & Cross-Site Scripting (XSS)

wp-admin/options-general.php status parameter XSS...

7.5CVSS2.5AI score0.01815EPSS
Exploits0References2Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/22 12:0 a.m.29 views

Contact Form Plugin by Fluent Forms < 5.1.16 - Contributor+ PHP Object Injection

Description The plugin is vulnerable to PHP Object Injection via deserialization of untrusted input in the extractDynamicValues function. This makes it possible for authenticated attackers, with contributor-level access and above, to inject a PHP Object. If a POP chain is present via an additiona...

9.8CVSS6.9AI score0.02333EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/03 12:0 a.m.29 views

Drag and Drop Multiple File Upload – Contact Form 7 < 1.3.7.8 - Sensitive Information Exposure

Description The Drag and Drop Multiple File Upload – Contact Form 7 plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.3.7.7 via the '/wp-content/uploads/wpdndcf7uploads/wpcf7-files' directory. This makes it possible for unauthenticated...

5.3CVSS6.7AI score0.0065EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/29 12:0 a.m.29 views

Rate My Post – Star Rating Plugin by FeedbackWP < 3.4.5 - Insecure Direct Object Reference

Description The Rate My Post – Star Rating Plugin by FeedbackWP plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.4.4 due to missing validation on a user controlled key. This makes it possible for unauthenticated attackers to rate priva...

5.3CVSS7AI score0.00404EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/03/27 12:0 a.m.29 views

Events Manager < 6.4.7.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

Description The Events Manager – Calendar, Bookings, Tickets, and more! plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the physical location value in all versions up to, and including, 6.4.7.1 due to insufficient input sanitization and output escaping. This makes it possibl...

6.4CVSS5.5AI score0.0034EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/03/25 12:0 a.m.29 views

WooCommerce < 8.6 - Contributor+ Private/Draft Products Access

Description The plugin does not prevent users with at least the contributor role from leaking products they shouldn't have access to. e.g. private, draft and trashed products PoC 1. ADMIN: Install WooCommerce 2. ADMIN: Add products of various visibility and statuses including Publish, Draft,...

6.2AI score0.0068EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2024/02/14 12:0 a.m.29 views

NEX-Forms – Ultimate Form Builder < 8.5.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode

Description The NEX-Forms – Ultimate Form Builder – Contact forms and much more plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 8.5.5 due to insufficient input sanitization and output escaping on user supplied...

6.5CVSS5.7AI score0.00317EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/30 12:0 a.m.29 views

Avada < 7.11.2 - Contributor+ Arbitrary File Upload

Description The theme is vulnerable to arbitrary file uploads due to missing file type validation in the 'ajaximportoptions' function, making it possible for authenticated attackers with contributor permissions to upload arbitrary files on the affected site's server which may make remote code...

8.8CVSS8.7AI score0.00528EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/01/24 12:0 a.m.29 views

FileBird < 5.6.1 - Admin+ Stored XSS

Description The plugin does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.3CVSS5.6AI score0.00404EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/17 12:0 a.m.29 views

MapPress Maps for WordPress < 2.88.15 - Contributor+ Stored XSS

Description The plugin does not sanitize and escape the map title when outputting it back in the admin dashboard, allowing Contributors and above roles to perform Stored Cross-Site Scripting attacks PoC As a contributor, create/edit a map with the below payload as title and attach it to a post ca...

5.2AI score0.00462EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/05 12:0 a.m.29 views

wpDiscuz < 7.6.13 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5.9CVSS5.9AI score0.00336EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/04 12:0 a.m.29 views

Essential Addons for Elementor < 5.9.3 - Contributor+ Stored XSS

Description The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via custom ID in all versions up to, and including, 5.9.2 due to insufficient input sanitization and output escaping...

6.4CVSS5.8AI score0.00427EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/12/26 12:0 a.m.29 views

404 Solution < 2.35.0 - Admin+ SQLi

Description The plugin does not properly sanitise and escape the orderby parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin...

7.6CVSS7.5AI score0.00541EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2023/12/23 12:0 a.m.29 views

Divi < 4.23.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

Description The Divi theme for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'etpbtext' shortcode in all versions up to, and including, 4.23.1 due to insufficient input sanitization and output escaping on user supplied custom field data. This makes it possible for...

6.4CVSS5.6AI score0.00325EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2023/12/07 12:0 a.m.29 views

Responsive Lightbox < 2.4.6 - Authenticated (Author+) Stored Cross-Site Scripting via name

Description The Responsive Lightbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘name’ parameter in versions up to, and including, 2.4.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level...

5.9CVSS5.9AI score0.00382EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/29 12:0 a.m.29 views

Perfmatters < 2.2.0 - Authenticated (Subscriber+) Stored Cross-Site Scripting

Description The Perfmatters plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an unknown parameter in all versions up to 2.2.0 exclusive due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber access or...

6.5CVSS8AI score0.00368EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/24 12:0 a.m.29 views

Contact Form for Plugin by Fluent Forms < 5.0.9 - Insecure Direct Object Reference

Description The Contact Form for Plugin by Fluent Forms plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 5.0.8 via the addIsRenderableFilter function due to missing validation on the publication status of a form. This makes it possible for...

6.8AI score0.00461EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/08/11 12:0 a.m.29 views

Leyka < 3.30.3 - Reflected XSS

Description The plugin does not sanitise and escape some parameters before outputting them back in the page, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

7.1CVSS5.7AI score0.00338EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/07/17 12:0 a.m.29 views

WPCode < 2.0.13.1 - Reflected XSS

Description The plugin does not escape generated URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting PoC Make a logged in admin open https://example.com/wp-admin/admin.php?page=wpcode"=2...

6.1CVSS6.2AI score0.00452EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2023/07/05 12:0 a.m.29 views

ShopLentor < 2.6.3 - Settings Update via CSRF

The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

8.8CVSS6.7AI score0.00214EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/07/04 12:0 a.m.29 views

Menubar < 5.9 - Cross-Site Request Forgery

The plugin does not properly implement anti-CSRF measures, potentially making it possible for unwanted actions to be performed in the user's session...

6.5CVSS6.8AI score0.00218EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/06/08 12:0 a.m.29 views

Ultimate Addons for Contact Form 7 < 3.1.24 - Subscriber+ SQL Injection

The plugin does not properly sanitize the 'id' parameter, leading to a SQL Injection vulnerability...

8.8CVSS7.8AI score0.0082EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/05/02 12:0 a.m.29 views

Image Optimizer by 10web < 1.0.27 - Admin+ Path Traversal

The plugin does not sanitize the dir parameter when handling the getsubdirs ajax action, allowing a high privileged users such as admins to inspect names of files and directories outside of the sites root. PoC - Payload: ../../../../../../../../../../../../../../../../../../../ - At the "Other...

2.7CVSS8.6AI score0.00665EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2023/04/18 12:0 a.m.29 views

CMP – Coming Soon & Maintenance < 4.1.8 - Maintenance Mode Bypass

The plugin does not properly secure maintenance mode, allowing users to bypass it by using a correct cmpbypass GET parameter in the URL...

5.3CVSS6.7AI score0.00772EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/03/31 12:0 a.m.29 views

Enhanced WP Contact Form <= 2.3 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5.9CVSS5.7AI score0.00369EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/03/22 12:0 a.m.29 views

WP Popup Banners <= 1.2.5 - Subscriber+ SQLi

The plugin does not properly sanitise and escape the value parameter before using it in a SQL statement via the getpopupdata AJAX action, leading to a SQL injection exploitable by any authenticated users, such as subscriber PoC Run the below command in the developer console of the web browser whi...

8.8CVSS9.1AI score0.00872EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/03/06 12:0 a.m.29 views

Complianz - GDPR/CCPA Cookie Consent < 6.4.2 - Contributor+ Stored XSS

The plugins do not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks PoC cmplz-consent-area...

5.4CVSS5.2AI score0.00558EPSS
Exploits2Affected Software2
WPVulnDB
WPVulnDB
added 2023/02/28 12:0 a.m.29 views

OAuth Single Sign On - SSO (OAuth Client) Enterprise < 48.4.9 - IdP Deletion via CSRF

The plugin does not have CSRF checks when deleting Identity Providers IdP, which could allow attackers to make logged in admins delete arbitrary IdP via a CSRF attack PoC https://example.com/wp-admin/admin.php?page=mooauthsettings=config=delete=wordpress...

6.5CVSS6.6AI score0.00442EPSS
Exploits5Affected Software1
WPVulnDB
WPVulnDB
added 2023/02/21 12:0 a.m.29 views

ProfilePress < 4.5.5 - Reflected XSS

The plugin does not sanitise and escape various parameters before outputting them back in pages, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

7.1CVSS6.4AI score0.00411EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/02/12 12:0 a.m.29 views

Quiz And Survey Master < 8.0.8 - Text Message Setting Update via CSRF

The plugin does not have CSRF check when updating the Quiz Text Message Setting, which could allow attackers to make logged admin perform such actions via a CSRF attack...

8.8CVSS8.2AI score0.00384EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/01/03 12:0 a.m.29 views

PDF Viewer < 1.0.0 - Contributor+ Stored XSS via Shortcode

The plugin does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack. PoC Exploit shortcode: pdfviewer height='" onmouseover="alert1"'http://localhost/file.pdf/pdfviewer...

5.4CVSS2.5AI score0.00471EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/12/27 12:0 a.m.29 views

FluentAuth < 1.0.2 - Bypass blocks by IP Spoofing

The plugin prioritizes getting a visitor's IP address from certain HTTP headers over PHP's REMOTEADDR, which makes it possible to bypass the IP-based blocks set by the plugin. PoC Set HTTPXREALIP, HTTPXFORWARDEDFOR, HTTPCFCONNECTINGIP or HTTPCLIENTIP to spoof the IP address...

7.5CVSS1.8AI score0.00727EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/12/06 12:0 a.m.29 views

WP-Ban < 1.69.1 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. PoC 1. Go to the plugin settings and set these...

4.8CVSS4.8AI score0.00851EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/11/29 12:0 a.m.29 views

Quiz and Survey Master < 8.0.5 - Unauthenticated iFrame Injection

The plugin does not sanitise and escape the questionid parameter, which could allow unauthenticated users to perform iFrame injection attack...

7.2CVSS4.9AI score0.00724EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2022/09/23 12:0 a.m.29 views

Kraken.io Image Optimizer < 2.6.6 - Settings Update via CSRF

The plugin does not have CSRF check when updating its settings, which could allow attackers to make logged in admin change them via a CSRF attack...

8.8CVSS4.5AI score0.00293EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2022/09/05 12:0 a.m.29 views

WP Popup Builder < 1.3.0 - Subscriber+ Arbitrary Popup Deletion

The plugin does not have authorisation and CSRF check in an AJAX action, allowing any authenticated users, such as subscribers to delete arbitrary Popup PoC fetch'/wordpress/wp-admin/admin-ajax.php?action=deletepopup', method: 'POST',headers:"content-type":"application/x-www-form-urlencoded", bod...

4.3CVSS3.5AI score0.00265EPSS
Exploits2Affected Software1
Total number of security vulnerabilities5000