Lucene search
K
WpvulndbMost viewed

14602 matches found

WPVulnDB
WPVulnDB
added 2024/01/15 12:0 a.m.28 views

Barcode Scanner with Inventory & Order Manager < 1.5.2 - Unauthenticated SQL Injection via userToken

Description The Simple Inventory Management – just scan barcode to manage products and orders. For WooCommerce plugin for WordPress is vulnerable to SQL Injection via the ‘userToken’ parameter in all versions up to 1.5.2 exclusive due to insufficient escaping on the user supplied parameter and la...

9.8CVSS7.8AI score0.00553EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/05 12:0 a.m.28 views

BookingPress < 1.0.75 - Unauthenticated Booking Price Manipulation

Description The plugin does not have proper validation in its bookingpressconfirmbooking, allowing unauthenticated user to modify the price of an appointment...

5CVSS7.1AI score0.00655EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/05 12:0 a.m.28 views

YITH WooCommerce Product Add-Ons < 4.3.1 - Authenticated(Shop Manager+) PHP Object Injection

Description The YITH WooCommerce Product Add-Ons plugin for WordPress is vulnerable to PHP Object Injection in all versions up to 4.3.1 exclusive via deserialization of untrusted input in the 'saveaddon' function. This makes it possible for authenticated attackers, with Shop Manager access and...

9.1CVSS7.4AI score0.0069EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/05 12:0 a.m.28 views

Simple Job Board < 2.10.6 - Missing Authorization

Description The Simple Job Board plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 2.10.5. This makes it possible for unauthenticated attackers to perform an unauthorized action...

7AI score0.00436EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/03 12:0 a.m.28 views

POST SMTP Mailer < 2.8.8 - Unauthenticated Stored Cross-Site Scripting via device

Description The plugin is vulnerable to Stored Cross-Site Scripting via the ‘device’ header due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an...

7.2CVSS6.2AI score0.00941EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/12/09 12:0 a.m.28 views

Astra Pro < 4.3.2 - Authenticated(Contributor+) Remote Code Execution via Metabox

Description The Astra Pro Addon plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 4.3.1 via the ast-advanced-hook-php-code meta field. This makes it possible for authenticated attackers, with contributor access and above, to execute code on the serv...

9.9CVSS7.6AI score0.00661EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/12/09 12:0 a.m.28 views

Adifier System < 3.1.4 - Unauthenticated SQL Injection

Description The Adifier System plugin for WordPress is vulnerable to SQL Injection in versions up to 3.1.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append...

9.8CVSS7.8AI score0.00588EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/12/01 12:0 a.m.28 views

Hotel Booking Lite < 4.8.5 - Unauthenticated Arbitrary File Download & Deletion

Description The plugin does not validate file paths provided via user input, as well as does not have proper CSRF and authorisation checks, allowing unauthenticated users to download and delete arbitrary files on the server PoC To download /etc/passwd: curl...

9.8CVSS6.8AI score0.03313EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/24 12:0 a.m.28 views

Give - Donation Plugin < 2.33.1 - Authenticated(Give Manager+) Privilege Escalation

Description The Give - Donation Plugin plugin for WordPress is vulnerable to privilege escalation due to an insufficient capability check when updating default roles in versions up to, and including, 2.33.0. This makes it possible for authenticated attackers with Give Manager privileges to elevat...

7AI score0.00605EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/24 12:0 a.m.28 views

Jetpack < 12.7 - Authenticated(Contributor+) Clickjacking via Iframe Injection

Description The Jetpack – WP Security, Backup, Speed, & Growth plugin for WordPress is vulnerable to Clickjacking via iframe injection due to an unknown parameter in all versions up to and including 12.6.2 due to insufficient input sanitization and output escaping. This makes it possible for...

7AI score0.00272EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/23 12:0 a.m.28 views

LuckyWP Scripts Control <= 1.2.1 - Missing Authorization via multiple AJAX actions

Description The LuckyWP Scripts Control plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on multiple AJAX functions in versions up to, and including, 1.2.1. This makes it possible for authenticated attackers, with...

6.7AI score0.0035EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2023/11/23 12:0 a.m.28 views

Slider - Ultimate Responsive Image Slider < 3.5.12 - Subscriber+ Arbitrary Post Access

Description The plugin does not ensure that posts to be accessed via an AJAX action are slides and can be viewed by the user making the request, allowing any authenticated users, such as subscriber to access the content arbitrary post such as private, draft and password protected PoC Run the belo...

6.5CVSS6.7AI score0.00665EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/23 12:0 a.m.28 views

SmartCrawl WordPress SEO checker < 3.8.3 - Unauthenticated Password Protected Post Disclosure

Description The plugin does not prevent unauthorised users from accessing password-protected posts' content. PoC As unauthenticated, view the source via the web browser of any password protected post and find The content of the post will be disclosed in the meta and script tags after this, exampl...

7.5CVSS6.7AI score0.00756EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/23 12:0 a.m.28 views

Theater for WordPress < 0.18.4 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5.9CVSS4.9AI score0.00394EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/23 12:0 a.m.28 views

Jetpack < 12.8-a.3 - Contributor+ Stored XSS via block attribute

Description The plugin does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

6.5CVSS6.1AI score0.00521EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/14 12:0 a.m.28 views

Qi Addons For Elementor < 1.6.5 - Contributor+ Stored XSS

Description The plugin does not validate and escape some parameters, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

6.5CVSS6.1AI score0.00409EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/10/24 12:0 a.m.28 views

AI ChatBot < 4.9.1 - Subscriber+ Arbitrary File Deletion

Description The plugin does not properly validate files to be deleted in the qcldopenaideletetrainingfile function, allowing users with roles as low as subscriber to delete arbitrary files on the server...

9.6CVSS6.2AI score0.01626EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/10/24 12:0 a.m.28 views

AI ChatBot < 4.9.3 - Subscriber+ Arbitrary File Deletion

Description The plugin does not properly validate files to be deleted in the qcldopenaideletetrainingfile function, allowing users with roles as low as subscriber to delete arbitrary files on the server. This vulnerability is the same as CVE-2023-5212 but was accidentally reintroduced in version...

8AI score0.01626EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/10/20 12:0 a.m.28 views

ChatBot < 4.9.1 - Unauthenticated Blind SQL Injection

Description The plugin is vulnerable to SQL Injection via the $strid parameter in versions up to, and including...

9.8CVSS7.6AI score0.06888EPSS
Exploits4Affected Software1
WPVulnDB
WPVulnDB
added 2023/10/20 12:0 a.m.28 views

wpDiscuz < 7.6.4 - Post Rating Increase/Decrease iva IDOR

Description The plugin is vulnerable to unauthorized modification of data due to a missing authorization check on the userRate function...

5.3CVSS6.4AI score0.00401EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/09/28 12:0 a.m.28 views

Essential Blocks < 4.2.1 - Unauthenticated Object Injection

Description The plugin doesn't prevent unauthenticated attackers from deserializing user input, which could allow them to run code on the server if they have a POP chain allowing them to do so...

9.8CVSS7.3AI score0.0134EPSS
Exploits3References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/07/10 12:0 a.m.28 views

BigContact <= 1.5.8 - Cross-Site Request Forgery

Cross-Site Request Forgery CSRF vulnerability in Arian Khosravi, Norik Davtian BigContact Contact Page plugin = 1.5.8 versions...

8.8CVSS6.9AI score0.00312EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/06/19 12:0 a.m.28 views

EventON < 2.1.2 - Unauthenticated Event Access

The plugin lacks authentication and authorization in its eventonicsdownload ajax action, allowing unauthenticated visitors to access private and password protected Events by guessing their numeric id. PoC https://example.com/wp-admin/admin-ajax.php?action=eventonicsdownloadid=value...

5.3CVSS9.3AI score0.37468EPSS
Exploits5Affected Software1
WPVulnDB
WPVulnDB
added 2023/06/13 12:0 a.m.28 views

MStore API < 3.9.7 - Multiple CSRF

The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks, such as Order Status Update, Order Title Update, Product Limit Update, Order Message Update, and Firebase Server Key Update...

4.3CVSS6.7AI score0.00316EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/06/02 12:0 a.m.28 views

WooCommerce Box Office < 1.1.52 - Unauthenticated Ticket Barcode Update

The plugin does not have authorisation and CSRF when updating a ticket bar-code, allowing unauthenticated users to perform such action PoC curl https://example.com/wp-admin/admin-ajax.php -d "action=saveticketbarcodebarcodeimage=xxxbarcodetext=xxxxxid=86"...

6.5AI score0.00348EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/06/01 12:0 a.m.28 views

Bookly < 21.8 - Admin+ Stored Cross-Site Scripting via service titles

The plugin does not sanitize and escape service titles in the plugin settings, which could allow high-privilege users such as an administrator to inject arbitrary web scripts even when the unfilteredhtml capability is disallowed for example in a multisite setup...

4.8CVSS6.6AI score0.00373EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/05/30 12:0 a.m.28 views

Feather Login Page < 1.1.2 - Missing Authorization to Authentication Bypass and Privilege Escalation

The plugin lacks authorization checks in the ftlpp-ext-expirable-get-users ajax action, allowing logged in users with roles as low as subscriber to access the login links for the temporary users created by the plugin, which can be used for privilege escalation. PoC GET...

8.8CVSS8.3AI score0.00714EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/05/24 12:0 a.m.28 views

WooCommerce Product Vendors < 2.1.77 - Unauthenticated Reflected XSS

The plugin does not sanitize and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high-privilege users such as admin...

7.1CVSS6.1AI score0.00382EPSS
Exploits1References2Affected Software1
WPVulnDB
WPVulnDB
added 2023/05/22 12:0 a.m.28 views

Duplicator Pro < 4.5.11.1 - Unauthenticated Reflected XSS

The plugin does not sanitize and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high-privilege users such as admin...

7.1CVSS6.1AI score0.00382EPSS
Exploits0References2Affected Software1
WPVulnDB
WPVulnDB
added 2023/05/15 12:0 a.m.28 views

WooCommerce Ship to Multiple Addresses < 3.8.4 - Subscriber+ Shipping Address Disclosure via IDOR

The plugin does not ensure that the order to display the shipping address from belong to the user making the request, allowing any authenticated users, such as subscriber to view other shipping addresses via an IDOR PoC https://example.com/checkout/shipping-addresses/?orderid=106...

6.3AI score0.00545EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/05/03 12:0 a.m.28 views

WCFM Membership < 2.11.0 - Unauthenticated Arbitrary Password Update via IDOR

The plugin allows unauthenticated attackers to update the password of arbitrary account via an IDOR attack, which could allow them to gain access to high privilege ones such as administrator...

9.8CVSS7.6AI score0.01093EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/04/20 12:0 a.m.28 views

CMS Tree Page View < 1.6.8 - Reflected XSS

The plugin does not sanitise and escape some parameters before outputting them back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

7.1CVSS6AI score0.03995EPSS
Exploits3Affected Software1
WPVulnDB
WPVulnDB
added 2023/04/17 12:0 a.m.28 views

Ultimate Carousel For Elementor <= 2.1.7 - Contributor+ Stored XSS

The plugin does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. The plugin author was made aware of this vulnerability...

5.4CVSS5.4AI score0.00444EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2023/04/14 12:0 a.m.28 views

ZM Ajax Login & Register <= 2.0.2 - Unauthenticated Authentication Bypass

The plugin does not validate that users are allowed to login through the Facebook feature, allowing unauthenticated to be authenticate as any user such as admin by simply knowing the username...

9.8CVSS9AI score0.00989EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/04/13 12:0 a.m.28 views

Betheme < 26.8 - Reflected XSS

The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

7.1CVSS6AI score0.00382EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/03/27 12:0 a.m.28 views

Easy Forms for MailChimp < 6.8.7 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks PoC As a contributor, put the below shortcod...

5.4CVSS5.2AI score0.00529EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2023/03/21 12:0 a.m.28 views

User Registration < 2.3.3 - Subscriber+ PHP Object Injection

The plugin unserializes user input via the urgetuserextrafields and userregistrationformfield function, which could allow any authenticated users, such as subscriber to perform PHP Object Injection when a suitable gadget is present on the blog...

9.4AI score0.00611EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/02/13 12:0 a.m.28 views

UpQode Google Maps <= 1.0.5 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. PoC Exploit: vcugmmap mapheight='100px;...

2.5AI score0.0053EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2023/01/26 12:0 a.m.28 views

Video.js - HTML5 Video Player for WordPress <= 4.5.0 - Contributor+ Stored XSS via Shortcode

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks PoC videojs mp4='" onerror="alert/XSS/"'...

5.4CVSS5AI score0.00471EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2023/01/17 12:0 a.m.28 views

YaMaps for WordPress Plugin < 0.6.26 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. PoC yamap height='100px;"...

5.4CVSS5AI score0.00477EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2023/01/10 12:0 a.m.28 views

PPWP – WordPress Password Protect Page < 1.8.6 - Contributor+ Stored XSS in Shortcode

The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. PoC Exploit...

5.4CVSS1.7AI score0.00649EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2023/01/04 12:0 a.m.28 views

AAWP < 3.12.3 - Unsafe URL Handling

The plugin can be used to abuse trusted domains to load malware or other files through it Reflected File Download to bypass firewall rules in companies. PoC wp-content/aawp/public/image.php?url=base64-url will load and download the file from the base64-decoded URL...

7.5CVSS0.9AI score0.00797EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/12/27 12:0 a.m.28 views

HashBar – WordPress Notification Bar < 1.3.6 - Contributor+ Stored XSS via Shortcode

The plugin does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack. PoC Exploit shortcode: hashbarbtn btntarget='" onmouseover="alert1"'...

5.4CVSS3.5AI score0.00534EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/12/27 12:0 a.m.28 views

WordPress Simple Shopping Cart < 4.6.2 - Contributor+ Stored XSS via Shortcode

The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. PoC Exploit...

5.4CVSS2.8AI score0.00534EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/12/23 12:0 a.m.28 views

Welcart e-Commerce < 2.8.9 - Contributor+ Stored XSS via Shortcode

The plugin does not validate and escapes one of its shortcode attributes, which could allow users with a role as low as a contributor to perform a Stored Cross-Site Scripting attack. PoC 1. Add a product item to the plugin. The item name, for example, "first". You will also use this in the...

5.4CVSS3AI score0.00471EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/12/07 12:0 a.m.28 views

Login with Cognito < 1.4.9 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. PoC 1. Go to "Cognito Login » Configure OAuth",...

4.8CVSS0.9AI score0.00532EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/12/05 12:0 a.m.28 views

Kwayy HTML Sitemap < 4.0 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. PoC 1. Click the 'Settings' button of this plugin...

4.8CVSS0.6AI score0.00532EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/11/29 12:0 a.m.28 views

WP CSV Exporter < 1.3.7 - CSV Injection

The plugin does not properly escape the fields when exporting data as CSV, leading to a CSV injection vulnerability. PoC - create a post using =5+5 as the title - export the data as CSV - open the CSV with a spreadsheet application Excel, Libre Office - the CSV formula gets executed...

7.8CVSS1.2AI score0.0041EPSS
Exploits1Affected Software1
WPVulnDB
WPVulnDB
added 2022/11/21 12:0 a.m.28 views

Listingo < 3.2.7 - Unauthenticated Arbitrary File Upload

The theme does not validate files to be uploaded via an AJAX action available to unauthenticated users, which could allow them to upload arbitrary files and lead to RCE PoC Upload a File: The response give the path to the file uploaded:...

9.8CVSS1.8AI score0.21205EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/10/31 12:0 a.m.28 views

Popup Maker < 1.16.11 - Contributor+ Stored Cross Site Scripting

The plugin does not sanitise and escape some of its Popup options, which could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks, which could be used against admins PoC Create a New popup Insert pop-up name, title, and body text. Add a new trigger with...

5.5CVSS0.9AI score0.00622EPSS
Exploits2Affected Software1
Total number of security vulnerabilities5000