Lucene search
K
WpvulndbMost viewed

14602 matches found

WPVulnDB
WPVulnDB
added 2022/07/26 12:0 a.m.29 views

Transposh WordPress Translation <= 1.0.8 - Admin+ SQL Injection

The plugin does not sanitise and escape the order and orderby parameters before using them in a SQL statement, leading to a SQL injection PoC https://example.com/wp-admin/admin.php?page=tpeditor=filter-by=+AND+SELECT+42+FROM+SELECTSLEEP5b...

7.2CVSS0.3AI score0.01202EPSS
Exploits5Affected Software1
WPVulnDB
WPVulnDB
added 2022/07/11 12:0 a.m.29 views

YaySMTP < 2.2.1 - Subscriber+ SMTP Credentials Leak

The plugin does not have capability check before displaying the Mailer Credentials in JS code for the settings, allowing any authenticated users, such as subscriber to retrieve them PoC Install the plugin and configure any mailer other than Default. Access the wp-admin area with a Subscriber+ use...

6.5CVSS1.5AI score0.0077EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/06/13 12:0 a.m.29 views

Ninja Forms < 3.6.10 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape field labels, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. PoC As admin, put the following payload in a field label: The XSS will be triggered when editing the form, as well as ...

4.8CVSS2.2AI score0.00552EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/04/13 12:0 a.m.29 views

IgniteUp <= 3.4.1 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some fields when high privilege users don't have the unfilteredhtml capability, which could lead to Stored Cross-Site Scripting issues PoC Customise a template from the plugin /wp-admin/admin.php?page=cscstemplates and put the following payload in the...

5.4CVSS0.2AI score0.00584EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/04/11 12:0 a.m.29 views

HubSpot < 8.8.15 - Contributor+ Blind SSRF

The plugin does not validate the proxy URL given to the proxy REST endpoint, which could allow users with the editposts capability by default contributor and above to perform SSRF attacks PoC As an authenticated user with the editposts capability, get REST nonce via...

8.8CVSS3AI score0.01413EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/03/30 12:0 a.m.29 views

Advanced Custom Fields < 5.12.1 - Contributor+ Database Information Access

The plugin does not have proper authorisation which could allow users with a role as low as contributor to view information on the database without the access permission...

6.5CVSS4.4AI score0.01437EPSS
Exploits0References1Affected Software2
WPVulnDB
WPVulnDB
added 2022/03/29 12:0 a.m.29 views

Advanced Page Visit Counter < 6.1.6 - Subscriber+ Blind SQL injection

The plugin does not escape the artID parameter before using it in a SQL statement in the apvcresetcountart AJAX action, available to any authenticated user, leading to a SQL injection PoC v = 5.0.8 - https://example.com/wp-admin/admin-ajax.php?action=apvcresetcountart=sleep10 v 6.1.6 -...

8.8CVSS0.2AI score0.01341EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/03/29 12:0 a.m.29 views

Nimble Page Builder < 3.2.2 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape the preview-level-guid parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting PoC v 3.1.32 v 3.2.2...

6.1CVSS1.1AI score0.00788EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/03/21 12:0 a.m.29 views

Podcast Importer SecondLine < 1.3.8 - Admin+ SQLi

The plugin does not sanitise and properly escape some imported data, which could allow SQL injection attacks to be performed by imported a malicious podcast file PoC Put the XML below on a web server replacing the PAYLOAD with the correct one, then import a podcast...

7.2CVSS7.2AI score0.01461EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2022/03/07 12:0 a.m.29 views

SpeakOut! Email Petitions < 2.14.15.1 - Unauthenticated SQLi

The plugin does not sanitise and escape the id parameter before using it in a SQL statement via the dkspeakoutsendmail AJAX action, leading to an SQL Injection exploitable by unauthenticated users PoC Create a new email petition /wp-admin/admin.php?page=dkspeakoutaddnew, check x Do not send email...

9.8CVSS0.8AI score0.08785EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/02/17 12:0 a.m.29 views

WP Statistics < 13.1.6 - Multiple Unauthenticated Stored Cross-Site Scripting

The plugin is vulnerable to Cross-Site Scripting due to insufficient escaping and sanitization of the IP, browser and platform parameter found in the /includes/class-wp-statistics-hits.php file which allows attackers to inject arbitrary web scripts onto several pages that execute when site...

7.2CVSS4.5AI score0.78905EPSS
Exploits3References3Affected Software1
WPVulnDB
WPVulnDB
added 2022/02/08 12:0 a.m.29 views

PHP Everywhere < 3.0.0 - Contributor+ RCE via Metabox

The plugin allows any users with a role as low as contributor to execute PHP via the Metabox of the plugin in posts...

9.9CVSS5.5AI score0.0165EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2022/01/28 12:0 a.m.29 views

Perfect Brands for WooCommerce < 2.0.5 - Subscriber+ Sensitive Information Disclosure

The plugin does not have authorisation and CSRF checks in some of its AJAX actions, which could allow any authenticated users, such as subscriber to retrieve sensitive information about the server...

7.5CVSS3.8AI score0.0119EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2022/01/14 12:0 a.m.29 views

WHMCS Bridge < 6.3 - Subscriber+ Stored Cross-Site Scripting

The plugin is vulnerable to Stored Cross-Site Scripting via the ccwhmcsbridgeurl parameter found in the /whmcs-bridge/bridgecp.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 6.1. Due to missing authorization checks on the ccwhmcsbridgeaddadmin...

6.4CVSS4.7AI score0.00558EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2022/01/12 12:0 a.m.29 views

WP-DownloadManager < 1.68.7 - Admin+ Stored Cross-Site Scripting

The plugin does not escape some of the download settings such as downloadpath, downloadpathurl and downloadpageurl, which could allow high privilege users to perform Cross-Site Scripting attacks...

5.4CVSS3.3AI score0.00544EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2021/12/24 12:0 a.m.29 views

Advanced Custom Fields: Extended < 0.8.8.7 - Admin+ SQL Injection

The plugin does not validate the order and orderby parameters before using them in a SQL statement, leading to a SQL Injection issue PoC https://example.ocm/wp-admin/options-general.php?page=acfe-options=1%20and%20sleep0.02%23...

7.2CVSS1.6AI score0.01502EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2021/12/03 12:0 a.m.29 views

Survey Maker < 2.0.7 - Unauthenticated Store Cross-Site Scripting

The plugin is affected by an unauthenticated Stored Cross-Site Scripting issue...

6.1CVSS2.8AI score0.0082EPSS
Exploits1Affected Software1
WPVulnDB
WPVulnDB
added 2021/11/24 12:0 a.m.29 views

Hide My WP < 6.2.4 - Unauthenticated SQL Injection

The plugin does not escape the IP address retrieved via headers such as X-Forwarded-For before using it in a SQL statement, leading to an SQL injection...

9.8CVSS2.9AI score0.01802EPSS
Exploits1Affected Software1
WPVulnDB
WPVulnDB
added 2021/10/18 12:0 a.m.29 views

Simple JWT Login < 3.2.1 - Arbitrary Settings Update to Site Takeover via CSRF

The plugin does not have nonce checks when saving its settings, allowing attackers to make a logged in admin changed them. Settings such as HMAC verification secret, account registering and default user roles can be updated, which could result in site takeover. PoC The following HTML code can be...

8.8CVSS0.2AI score0.00612EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2021/09/22 12:0 a.m.29 views

WooCommerce < 5.7.0 & WooCommerce Admin < 2.6.4 - Analytics Report Leaks

The plugin was vulnerable to Analytics Report Leaks on some hosting configurations. As well as updating WooCommerce to at least version 5.7.0, and WooCommerce Admin to at least version 2.6.4, it is also recommended that directory listing is disabled on your host. Automattic updates were rolled ou...

2.2AI score
Exploits0References1Affected Software2
WPVulnDB
WPVulnDB
added 2021/08/24 12:0 a.m.29 views

Booster for WooCommerce < 5.4.4 - Authentication Bypass

Versions up to, and including, 5.4.3, of the Booster for WooCommerce WordPress plugin are vulnerable to authentication bypass via the processemailverification function due to a random token generation weakness in the resetandmailactivationlink function found in the...

9.8CVSS3AI score0.50869EPSS
Exploits8References1Affected Software1
WPVulnDB
WPVulnDB
added 2021/08/18 12:0 a.m.29 views

BuddyPress < 9.1.1 - SQL Injections

The plugin was affected by SQL Injections via the BPNotificationsNotification::getorderbysql and BPInvitation::getorderbysql functions...

4.8AI score
Exploits0References2Affected Software1
WPVulnDB
WPVulnDB
added 2021/08/03 12:0 a.m.29 views

Availability Calendar < 1.2.2 - Authenticated Stored Cross-Site Scripting

The plugin does not sanitise or escape its Category Names before outputting them in page/post where the associated shortcode is embed, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml is disallowed PoC Create a new category via the plugin...

4.8CVSS2.7AI score0.00598EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2021/07/15 12:0 a.m.29 views

Form Maker < 1.13.60 - Authenticated Stored XSS

The plugin does not escape its Form Title before outputting it in an attribute when editing a form in the admin dashboard, leading to an authenticated Stored Cross-Site Scripting issue PoC Create or edit a form and add the following payload in the Form Title field "autofocus...

3.5CVSS1.3AI score0.01091EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2021/06/02 12:0 a.m.29 views

GetPaid < 2.3.4 - Authenticated Stored XSS

In the plugin, users with the contributor role and above can create a new Payment Form, however the Label and Help Text input fields were not getting sanitized properly. So it was possible to inject malicious content such as img tags, leading to a Stored Cross-Site Scripting issue which is...

5.4CVSS0.1AI score0.00624EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2021/05/31 12:0 a.m.29 views

Admin Columns Free (< 4.3.2) & Pro (< 5.5.2) - Authenticated Stored Cross-Site Scripting (XSS) in Custom Field

The Admin Columns WordPress plugin allowed to configure individual columns for tables. Each column had a type. The type "Custom Field" allowed to choose an arbitrary database column to display in the table. There was no escaping applied to the contents of "Custom Field" columns. When a "Custom...

5.4CVSS0.6AI score0.00932EPSS
Exploits4References1Affected Software2
WPVulnDB
WPVulnDB
added 2021/04/26 12:0 a.m.29 views

Goto < 2.1 - Unauthenticated Blind SQL Injection

The theme did not sanitise, validate of escape the keywords GET parameter from its listing page before using it in a SQL statement, leading to an Unauthenticated SQL injection issue PoC sqlmap --url="https://example.com/tour-list/?keywords=13date=13" --random-agent -dbs --level=3 --threads=4...

9.8CVSS0.5AI score0.0195EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2021/04/01 12:0 a.m.29 views

Erident Custom Login and Dashboard < 3.5.9 - Authenticated Stored Cross-Site Scripting (XSS)

The plugin did not properly sanitise its settings, allowing high privilege users to use XSS payloads in them even when the unfiletedhtml is disabled PoC Use a payload such as a" in the plugin settings for example, the Powered by Text input...

1.6AI score
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2021/03/24 12:0 a.m.29 views

All Thrive Themes Legacy Themes < 2.0.0 - Unauthenticated Arbitrary File Upload and Option Deletion

Thrive “Legacy” themes register a REST API endpoint to compress images using the Kraken image optimization engine. By supplying a crafted request in combination with data inserted using the Option Update vulnerability, it was possible to use this endpoint to retrieve malicious code from a remote...

6.4CVSS0.8AI score0.03946EPSS
Exploits2References1Affected Software10
WPVulnDB
WPVulnDB
added 2021/03/19 12:0 a.m.29 views

WordPress Related Posts <= 3.6.4 - Authenticated Stored Cross-Site Scripting (XSS)

The plugin contains an authenticated admin+ stored XSS vulnerability in the title field on the settings page. By exploiting that an attacker will be able to execute JavaScript code in the user's browser. PoC Put the following payload in the "Related Posts Title" settings of the plugin...

3.5CVSS1.6AI score0.00628EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2021/03/16 12:0 a.m.29 views

wpDataTables < 3.4.2 - Blind SQL Injection via start Parameter

The plugin allows a low privilege authenticated user to perform Boolean-based blind SQL Injection in the table list page on the endpoint /wp-admin/admin-ajax.php?action=getwdtableid=1, on the 'start' HTTP POST parameter. This allows an attacker to access all the data in the database and obtain...

4CVSS2.5AI score0.01341EPSS
Exploits0References2Affected Software1
WPVulnDB
WPVulnDB
added 2021/03/08 12:0 a.m.29 views

SuperStoreFinder & SuperInteractiveMaps - Unauthenticated SQL Injections

The ssf-social-action.php and sim-wp-data.php files from the respective superstorefinder-wp = 5.0.12 AND time-based blind query SLEEP Payload: action=selectwpid=1 AND SELECT 7900 FROM SELECTSLEEP5gxXh Type: UNION query Title: Generic UNION query NULL - 7 columns Payload: action=selectwpid=1 UNION...

1.7AI score
Exploits0References3Affected Software2
WPVulnDB
WPVulnDB
added 2021/02/10 12:0 a.m.29 views

Responsive Menu 4.0.0 - 4.0.3 - Authenticated Arbitrary File Upload

"A subscriber could upload zip archives containing malicious PHP files that would get extracted to the /rmp-menu/themes/ directory. These files could then be accessed via the front end of the site to trigger remote code execution and ultimately allow an attacker to execute commands to further...

1.3AI score0.08196EPSS
Exploits2References1Affected Software2
WPVulnDB
WPVulnDB
added 2020/11/08 12:0 a.m.29 views

Abandoned Cart Lite for WooCommerce < 5.8.3 - Unauthenticated SQL Injection

The plugin is affected by an unauthenticated SQL injection via the billingfirstname parameter of the savedata AJAX call. PoC From the original researcher: ./sqlmap.py -u https://example.com/wp-admin/admin-ajax.php --cookie='cookies content here' --method='POST'...

1.1AI score
Exploits0References2Affected Software1
WPVulnDB
WPVulnDB
added 2020/09/29 12:0 a.m.29 views

Slider by 10Web < 1.2.36 - Multiple Authenticated SQL Injection

The bulkaction, exportfull and savesliderdb functionalities of the plugin were vulnerable, allowing a high privileged user Admin, or medium one such as Contributor+ if "Role Options" is turn on for other users to perform a SQL Injection attacks. PoC Vulnerable param: check Vulnerable function:...

0.4AI score0.02586EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2020/06/12 12:0 a.m.29 views

wpDiscuz < 5.3.6 - Unauthenticated SQL Injection

The Comments – wpDiscuz WordPress plugin was affected by an Unauthenticated SQL Injection security vulnerability...

7.5CVSS2.9AI score0.12706EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
added 2020/05/15 12:0 a.m.29 views

Photo Gallery by 10Web < 1.5.55 - Unauthenticated SQL Injection

SQL injection in the Photo Gallery 10Web Photo Gallery plugin before 1.5.55 exists via the frontend/models/model.php bwgsearchx parameter. Impact All gallerytype is affected by this bug and any unauthenticated remote attacker can exploit the plugin. PoC Sqlmap payload: sqlmap -u...

1.8AI score0.05418EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
added 2020/04/29 12:0 a.m.29 views

Learnpress < 3.2.6.8 - Authenticated Time Based Blind SQL Injection

This could allow a low privilege user, to perform a time based SQL Injection attack and retrieve data from the DB, such as hashed passwords...

6.5CVSS2AI score0.49231EPSS
Exploits6References1Affected Software1
WPVulnDB
WPVulnDB
added 2020/04/28 12:0 a.m.29 views

WP-Advanced-Search < 3.3.7 - Authenticated SQL Injection

The import functionality to restore plugin settings within the admin pages was vulnerable to SQL Injection through a privileged user with the editposts capability...

6.5CVSS3.6AI score0.01602EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2020/04/23 12:0 a.m.29 views

MapPress Maps < 2.53.9 - Authenticated Map Creation/Deletion Leading to Stored Cross-Site Scripting (XSS)

Both the Free and Pro versions of this plugin register AJAX actions that call functions which lack capability checks and nonce checks. It is possible for a logged-in attacker with minimal permissions, such as a subscriber, to add a map containing malicious JavaScript to an arbitrary post or page ...

6.5CVSS1.3AI score0.05606EPSS
Exploits3References1Affected Software1
WPVulnDB
WPVulnDB
added 2020/04/03 12:0 a.m.29 views

OneTone <= 3.0.6 - Unauthenticated Stored Cross-Site Scripting (XSS)

Due to missing capability checks and security nonces, an unauthenticated attacker can use the theme options import feature to inject JavaScript code into all pages and posts of the website...

5CVSS1.5AI score0.02362EPSS
Exploits2References2Affected Software1
WPVulnDB
WPVulnDB
added 2020/04/02 12:0 a.m.29 views

Contact Form 7 Datepicker <= 2.6.0 - Authenticated Stored Cross-Site Scripting (XSS)

Contact Form 7 Datepicker registers an AJAX action to save settings which calls a function that fails to perform a capability check or nonce check. As such, a logged-in attacker with minimal permissions such as a subscriber can send a crafted request which will store a malicious JavaScript in the...

3.5CVSS1.8AI score0.00712EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2020/02/25 12:0 a.m.29 views

Pricing Table by Supsystic < 1.8.2 - Unauthenticated Stored XSS

No permission check on the ImportJSONTable endpoint allows for malicious javascript to be injected by unauthenticated users. PoC...

4.9CVSS1AI score0.00778EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
added 2019/10/15 12:0 a.m.29 views

WordPress <= 5.2.3 - JSON Request Cache Poisoning

Description The fix sends the "Vary: Origin" response header for GET requests from unauthenticated users...

7.5CVSS8.6AI score0.03154EPSS
Exploits0References3
WPVulnDB
WPVulnDB
added 2019/09/20 12:0 a.m.29 views

Ultimate FAQ < 1.8.25 - Unauthenticated Options Import/Export

The Ultimate FAQ – WordPress Q Plugin WordPress plugin was affected by an Unauthenticated Options Import/Export security vulnerability...

5CVSS2.6AI score0.03518EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2019/09/05 12:0 a.m.29 views

WordPress 5.2.2 - Cross-Site Scripting (XSS) in Dashboard

Description According to the WordPress release notes: "Props to Ian Dunn of the Core Security Team for finding and disclosing a case where reflected cross-site scripting could be found in the dashboard."...

6.1CVSS6AI score0.01767EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2019/07/04 12:0 a.m.29 views

Ocean Extra <= 1.5.8 - Unauthenticated Settings change and CSS injection

The Ocean Extra WordPress plugin was affected by an Unauthenticated Settings change and CSS injection security vulnerability...

5CVSS3AI score0.01364EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
added 2019/03/16 12:0 a.m.29 views

GraceMedia Media Player 1.0 - Local File Inclusion (LFI)

The GraceMedia Media Player WordPress plugin was affected by a Local File Inclusion LFI security vulnerability...

7.5CVSS3.1AI score0.40771EPSS
Exploits5References2Affected Software1
WPVulnDB
WPVulnDB
added 2019/02/23 12:0 a.m.29 views

Peters Login Redirect <= 2.9.1 - Multiple CSRF

The Peter's Login Redirect WordPress plugin was affected by a Multiple CSRF security vulnerability...

6.8CVSS3.4AI score0.00674EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2018/12/08 12:0 a.m.29 views

Smush Image Compression and Optimization <= 2.9.1 - Authenticated Phar Deserialization

The Smush – Lazy Load Images, Optimize & Compress Images WordPress plugin was affected by an Authenticated Phar Deserialization security vulnerability...

2.9AI score
Exploits0References3Affected Software1
Total number of security vulnerabilities5000