Lucene search
K
WpvulndbMost viewed

14602 matches found

WPVulnDB
WPVulnDB
added 2022/10/19 12:0 a.m.257 views

WP < 6.0.3 - Content from Multipart Emails Leaked

Description When sending multiple emails within one request thus resuing the PHPMailer instance, the plain text content of the first multipart email leaks to the subsequent non-multipart emails as AltBody/plaintext email...

7.1AI score
Exploits0References2
WPVulnDB
WPVulnDB
added 2017/03/01 12:0 a.m.252 views

Admin Custom Login <= 2.4.7.1 - Authenticated Stored Cross-Site Scripting (XSS)

The Admin Custom Login WordPress plugin was affected by an Authenticated Stored Cross-Site Scripting XSS security vulnerability...

1.9AI score
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/07/25 12:0 a.m.248 views

Freemius SDK < 2.5.10 - Reflected Cross-Site Scripting

Description The Freemius SDK for WordPress does not adequately sanitize inputs or escape outputs, leading to Reflected Cross-Site Scripting. This directly affects over 1000 plugins and themes that use this SDK...

7AI score0.00284EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2019/02/06 12:0 a.m.248 views

Parallax Scroll <= 2.0.1 - Cross-Site Scripting (XSS)

The Parallax Scroll by adamrob.co.uk WordPress plugin was affected by a Cross-Site Scripting XSS security vulnerability...

4.3CVSS1.6AI score0.00932EPSS
Exploits0References2Affected Software1
WPVulnDB
WPVulnDB
added 2016/07/29 12:0 a.m.245 views

Clicky by Yoast <= 1.5 - Minor Security Improvements

From the changelog: - Only allow expected characters in user settings thanks to a report by Netsparker. - Proper escaping of translated string in image attributes...

4.1AI score
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2022/03/10 12:0 a.m.242 views

WooCommerce < 6.3.1 - Orders Marked as Paid (via PayPal Standard Gateway)

The PayPal Standard payment gateway deprecated since July 2021 of the plugin could allow attackers to mark an order as paid without actually making a payment, when PDT is enabled...

4.6AI score
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/05/12 12:0 a.m.238 views

Elementor Website Builder < 3.13.2 - Missing Authorization

The plugin does not check user capabilities on several functions, allowing authenticated attackers with a low amount of privilege such as Subscribers to perform actions that should only be available to users with higher privileges...

6.8AI score
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2022/02/23 12:0 a.m.237 views

WooCommerce < 6.2.1 - Path Traversal via Importers

The plugin does not properly check for path traversal when importing tax rates. There are limited details at this stage and this advisory will be updated later on...

4.3AI score
Exploits0References2Affected Software1
WPVulnDB
WPVulnDB
added 2021/02/18 12:0 a.m.234 views

Backup Guard < 1.6.0 - Authenticated Arbitrary File Upload

The plugin did not ensure that the imported files are of the SGBP format and extension, allowing high privilege users admin+ to upload arbitrary files, including PHP ones, leading to RCE. Additional Info, and Bypass of .htaccess protection found by WPScanTeam, while confirming the issue: There is...

0.1AI score0.84112EPSS
Exploits9Affected Software1
WPVulnDB
WPVulnDB
added 2023/06/22 12:0 a.m.230 views

WPBakery Page Builder < 6.13.0 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

6.5CVSS5.8AI score0.00383EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/05/17 12:0 a.m.222 views

WP < 6.2.1 - Contributor+ Stored XSS via Open Embed Auto Discovery

Description WordPress does not validate the protocol when processing oEmbed discovery, which could allow users with the Contributor role and above to perform Stored Cross-Site Scripting attacks...

6.2AI score
Exploits0References1
WPVulnDB
WPVulnDB
added 2023/04/06 12:0 a.m.219 views

WP Data Access < 5.3.8 - Subscriber+ Privilege Escalation

The plugin does not have authorisation in the multiplerolesupdate function, allowing any authenticated users, such as subscriber to update their role and set themselves as admin for example, when the 'Enable role management' setting is enabled...

8.8CVSS8.3AI score0.02726EPSS
Exploits3References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/12/08 12:0 a.m.218 views

Elementor < 3.18.2 - Contributor+ Arbitrary File Upload to RCE via Template Import

Description The plugin is vulnerable to Remote Code Execution via file upload via the template import functionality, allowing authenticated attackers, with contributor-level access and above, to upload files and execute code on the server. PoC 1. Edit a post in Elementor. 2. Import a template...

9.9CVSS9.7AI score0.041EPSS
Exploits3References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/05/11 12:0 a.m.216 views

Essential Addons for Elementor 5.4.0-5.7.1 - Unauthenticated Privilege Escalation

The plugin does not validate the password reset key, which could allow unauthenticated attackers to reset arbitrary account's password to anything they want, by knowing the related email or username, gaining access to them...

9.8CVSS7.2AI score0.75531EPSS
Exploits8Affected Software1
WPVulnDB
WPVulnDB
added 2020/01/04 12:0 a.m.213 views

WordPress <= 5.3 - wp_kses_bad_protocol() Colon Bypass

Description A JavaScript payload such as "javascript:alert1" in a URL could cause a Cross-Site Scripting XSS vulnerability. According to the commit message see references: "wpksesbadprotocol makes sure to validate that uri attributes don’t contain invalid/or not allowed protocols. While this work...

9.8CVSS8.4AI score0.04654EPSS
Exploits1References2
WPVulnDB
WPVulnDB
added 2014/08/01 10:59 a.m.212 views

Paid Memberships Pro 1.4.7 - adminpages/memberslist-csv.php Direct Request Member Personal Information Disclosure

The Paid Memberships Pro WordPress plugin was affected by an adminpages/memberslist-csv.php Direct Request Member Personal Information Disclosure security vulnerability...

2AI score
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2022/12/16 12:0 a.m.207 views

Vision Interactive For WordPress < 1.5.4 - Contributor+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow users such as contributor+ to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. PoC 1. Create a new vision item with whatever role, even if it's an Administrator 2...

5.4CVSS1.3AI score0.00471EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/01/06 12:0 a.m.206 views

WordPress 4.1-5.8.2 - SQL Injection via WP_Meta_Query

Description Due to lack of proper sanitization in WPMetaQuery, there's potential for blind SQL Injection...

8.8CVSS8.1AI score0.04013EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2020/01/27 12:0 a.m.193 views

blnmrpb - Webshell in Fake Plugin

Sucuri Labs found that a fake plugin, which is a Webshell...

1.2AI score
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2022/10/19 12:0 a.m.189 views

WP < 6.0.3 - Reflected XSS via SQLi in Media Library

Description WordPress does not properly escape input in the Media Library, which could lead to a Reflected Cross-Site Scripting issue...

6.5AI score
Exploits0References2
WPVulnDB
WPVulnDB
added 2024/03/27 12:0 a.m.186 views

Elementor Website Builder < 3.20.3 - Contributor+ DOM Stored XSS

Description The plugin is vulnerable to Stored Cross-Site Scripting via the plugin's Path Widget due to insufficient output escaping on user supplied attributes, allowingnauthenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execut...

6.4CVSS6.1AI score0.00462EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2021/09/13 12:0 a.m.184 views

Comments - wpDiscuz < 7.3.2 - Admin+ Stored Cross-Site Scripting

The plugin does not properly sanitise or escape the Follow and Unfollow messages before outputting them in the page, which could allow high privilege users to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. Timeline: May 18th, 2021 - Vendor...

4.8CVSS4.8AI score0.00598EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2023/10/13 12:0 a.m.181 views

WP < 6.3.2 - Subscriber+ Arbitrary Shortcode Execution

Description WordPress does not restrict which shortcode can be excuted via the parsemediashortcode AJAX action, allowing any authenticated user, such as subscriber to execute arbitrary shortcodes...

7.6AI score
Exploits0References1
WPVulnDB
WPVulnDB
added 2023/02/16 12:0 a.m.181 views

WoodMart < 7.1.2 - Unauthenticated Arbitrary Shortcode Injection

The theme could allow arbitrary shortcode to be injected when the "Display results from blog" settings is enabled, which could lead to Reflected XSS for example, when using a shortcode vulnerable to XSS PoC When the "Display results from blog" settings is enabled:...

0.6AI score0.00523EPSS
Exploits3References1Affected Software1
WPVulnDB
WPVulnDB
added 2021/09/09 12:0 a.m.179 views

WordPress 5.4 to 5.8 - Authenticated XSS in Block Editor

Description On September 9, 2021 WordPress version 5.8.1 was released fixing three vulnerabilities. The official blog post states: "Props to Michał Bentkowski of Securitum for reporting a XSS vulnerability in the block editor." Further details: The issue allows an authenticated but low-privileged...

7.6CVSS6AI score0.01615EPSS
Exploits0References2
WPVulnDB
WPVulnDB
added 2019/04/09 12:0 a.m.175 views

WP Statistics <= 12.6.3 - Referer Cross-Site Scripting (XSS)

The WP Statistics WordPress plugin was affected by a Referer Cross-Site Scripting XSS security vulnerability...

4.3CVSS1.6AI score0.01391EPSS
Exploits0References2Affected Software1
WPVulnDB
WPVulnDB
added 2022/01/31 12:0 a.m.168 views

Essential Addons for Elementor < 5.0.5 - Unauthenticated LFI

The plugin does not validate and sanitise some template data before it them in include statements, which could allow unauthenticated attackers to perform Local File Inclusion attack and read arbitrary files on the server, this could also lead to RCE via user uploaded files or other LFI to RCE...

9.8CVSS0.6AI score0.01989EPSS
Exploits1Affected Software1
WPVulnDB
WPVulnDB
added 2023/06/19 12:0 a.m.167 views

Call Now Accessibility Button < 1.1 - Admin+ Stored Cross Site Scripting

Description The plugin does not properly sanitize some of its settings, which could allow high-privilege users to perform Stored Cross-Site Scripting XSS attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. PoC 1. In the plugin's "Quick Start" field, add...

4.8CVSS4.7AI score0.00423EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2020/09/01 12:0 a.m.163 views

File Manager 6.0-6.9 - Unauthenticated Arbitrary File Upload leading to RCE

Seravo noticed multiple cases where WordPress sites were breached using 0-day in wp-file-manager confirmed with v6.8, which was the latest version available in wordpress.org. File lib/php/connector.minimal.php can be by default opened directly, and this file loads...

7.5CVSS0.97328EPSS
Exploits14References5Affected Software1
WPVulnDB
WPVulnDB
added 2023/07/19 12:0 a.m.159 views

Elementor < 3.5.5 - Iframe Injection

Description The plugin does not filter out user-controlled URLs from being loaded into the DOM. This could be used to inject rogue iframes that point to malicious URLs. PoC...

6.1CVSS6.1AI score0.02027EPSS
Exploits5References1Affected Software1
WPVulnDB
WPVulnDB
added 2022/10/03 12:0 a.m.159 views

WP Super Cache < 1.9 - Unauthenticated Cache Poisoning

The plugin is affected by a cache poisoning issue PoC curl 'https://example.com//?s=12333'...

2.3AI score
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/21 12:0 a.m.154 views

Elementor Website Builder < 3.21.6 - Contributor+ DOM Stored XSS

Description The plugin is vulnerable to DOM-Based Stored Cross-Site Scripting via the ‘hoveranimation’ parameter due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web...

6.4CVSS5.9AI score0.00401EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2021/01/06 12:0 a.m.154 views

Elementor < 3.0.14 - SVG Upload Allowed by Default

The plugin allowed SVG files to be uploaded by default, which might lead to security issues, such as Cross-Site Scripting...

4.3CVSS1.4AI score0.00819EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2019/05/06 12:0 a.m.153 views

W3 Total Cache <= 0.9.7.3 - Blind SSRF and RCE via phar

The implementation of opcacheflushfile calls fileexists with a parameter fully controlled by the user. PoC curl 'http://x.x.x.x/wp-content/plugins/w3-total-cache/pub/opcache.php' --data 'nonce=974ca6ad15021a6668e7ae02e1be551c=flushfile=ftp://y.y.y.y:zzzz/' Note: The nonce value is given by...

2.2AI score
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2022/01/06 12:0 a.m.149 views

WordPress < 5.8.3 - Author+ Stored XSS via Post Slugs

Description Low-privileged authenticated users like author in WordPress core are able to execute JavaScript/perform stored XSS attack via post slugs, which can affect high-privileged users...

8CVSS6.5AI score0.63418EPSS
Exploits0References3
WPVulnDB
WPVulnDB
added 2022/04/19 12:0 a.m.148 views

Fusion Builder < 3.6.2 - Unauthenticated SSRF

Description The plugin, used in the Avada theme, does not validate a parameter in its forms which could be used to initiate arbitrary HTTP requests. The data returned is then reflected back in the application's response. This could be used to interact with hosts on the server's local network...

9.8CVSS9.2AI score0.71722EPSS
Exploits6References2
WPVulnDB
WPVulnDB
added 2021/10/05 12:0 a.m.148 views

Perfect Survey < 1.5.2 - Unauthenticated SQL Injection

The plugin does not validate and escape the questionid GET parameter before using it in a SQL statement in the getquestion AJAX action, allowing unauthenticated users to perform SQL injection. PoC The questionid must start with an existing post ID...

1.9AI score0.86896EPSS
Exploits7Affected Software1
WPVulnDB
WPVulnDB
added 2020/10/07 12:0 a.m.148 views

WPBakery Page Builder < 6.4.1 - Authenticated Stored Cross-Site Scripting (XSS)

Wordfence discovered an Authenticated Stored Cross-Site Scripting XSS security vulnerability within the WPBakery Page Builder WordPress plugin. The vulnerability could allow a low privileged user, such as contributor, to inject malicious JavaScript into posts. PoC "Exploit Post", "content" = "\n...

3.5CVSS0.7AI score0.00691EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/03/20 12:0 a.m.144 views

Avada < 7.11.7 - Unauthenticated Sensitive Information Exposure via Form Uploads Directory Listing

Description The Avada theme for WordPress is vulnerable to Sensitive Information Exposure via the '/wp-content/uploads/fusion-forms/' directory. This makes it possible for unauthenticated attackers to extract sensitive data uploaded via an Avada created form with a file upload mechanism. PoC Acce...

5.3CVSS5.5AI score0.27997EPSS
Exploits1References1
WPVulnDB
WPVulnDB
added 2021/11/10 12:0 a.m.143 views

WordPress < 5.8.2 - Expired DST Root CA X3 Certificate

Description The wp-includes/certificates/ca-bundle.crt file contains a DST Root CA X3 which expired on September 30th, 2021, raising security warning in some cases...

7.2AI score
Exploits0References2
WPVulnDB
WPVulnDB
added 2019/11/13 12:0 a.m.141 views

Email Subscribers & Newsletters < 4.3.1 - Unauthenticated Blind SQL Injection

The Email Subscribers & Newsletters – Simple and Effective Email Marketing WordPress Plugin WordPress plugin was affected by an Unauthenticated Blind SQL Injection security vulnerability...

7.5CVSS2.8AI score0.8511EPSS
Exploits7References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/03/28 12:0 a.m.136 views

Astra < 4.6.5 - Editor+ Stored XSS via Theme Header/Footer

Description The theme is vulnerable to Stored Cross-Site Scripting via the theme header and footer content due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with editor-level access, to inject arbitrary web scripts in pages that will...

5.9CVSS5.8AI score0.00359EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/10/13 12:0 a.m.135 views

WP < 6.3.2 - Contributor+ Comment Disclosure

Description WordPress does not properly restrict comments to be accessed, allowing contributor to read comments on private and password protect posts they don't have access to...

4.3CVSS4.7AI score0.01045EPSS
Exploits1References1
WPVulnDB
WPVulnDB
added 2023/03/20 12:0 a.m.134 views

JetEngine < 3.1.3.1 - Author+ Remote Code Execution

The plugin includes uploaded files without adequately ensuring that they are not executable, leading to a remote code execution vulnerability. PoC fetch"/wp-admin/admin.php?action=jetengineformsimport", "headers": "accept": "text/html", "content-type": "multipart/form-data;...

8.8CVSS8.9AI score0.01519EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2023/02/15 12:0 a.m.133 views

Zeno Font Resizer < 1.8.0 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5.9CVSS4.8AI score0.00442EPSS
Exploits1Affected Software1
WPVulnDB
WPVulnDB
added 2022/10/19 12:0 a.m.132 views

WP < 6.0.3 - Open Redirect via wp_nonce_ays

Description WordPress does not validate the URL to redirect the user to when displaying the nonce error via wpnonceays, which could lead to an Open Redirect issue...

7AI score
Exploits0References2
WPVulnDB
WPVulnDB
added 2022/04/13 12:0 a.m.132 views

Elementor 3.6.0-3.6.2 - Subscriber+ Arbitrary File Upload

The plugin is lacking capability check in a function hooked to admininit introduced in v3.6.0, and only relying on a CSRF check. As the nonce is available to any authenticated users, they could call it and upload a malicious zip archive containing arbitrary files via a subsequent call, leading to...

8.8CVSS0.5AI score0.92658EPSS
Exploits10References2Affected Software1
WPVulnDB
WPVulnDB
added 2016/06/22 12:0 a.m.129 views

Cherry Plugin < 1.2.7 - Unauthenticated Arbitrary File Upload and Download

The cherry plugin WordPress plugin was affected by an unauthenticated file upload and download vulnerability, allowing attackers to upload and download arbitrary files. This could result in attacker uploading backdoor shell scripts or downloading the wp-config.php file. PoC Upload: The following...

1.3AI score
Exploits0References3Affected Software1
WPVulnDB
WPVulnDB
added 2023/04/16 12:0 a.m.127 views

WPML Multilingual CMS < 4.6.1 - Reflected Cross-Site Scripting

The plugin does not escape some URL attributes before outputting them to a page, leading to a Reflected Cross-Site Scripting vulnerability. PoC After setting up the plugin, visit the following URL: /wp-login.php?wplang=%20=id=x+type=image%20id=xss%20onfoc%3C!%3Eusin+alert0%0c...

6.1AI score
Exploits0References2Affected Software1
WPVulnDB
WPVulnDB
added 2023/05/02 12:0 a.m.126 views

Elementor Website Builder < 3.12.2 - Admin+ SQLi

The plugin does not properly sanitize and escape the Replace URL parameter in the Tools module before using it in a SQL statement, leading to a SQL injection exploitable by users with the Administrator role. PoC 1. Go to Elementor Tools Replace URL 2. Fill the first field with...

7.2CVSS7.3AI score0.19695EPSS
Exploits7Affected Software1
Total number of security vulnerabilities5000