Lucene search
K
WpvulndbMost viewed

14602 matches found

WPVulnDB
WPVulnDB
added 2022/10/14 12:0 a.m.28 views

WP All Import < 3.6.9 - Admin+ Directory traversal via file upload

The plugin is not validating the paths of files contained in uploaded zip archives, allowing highly privileged users, such as admins, to write arbitrary files to any part of the file system accessible by the web server via a path traversal vector. PoC 1 Download 'poc.zip' via...

7.2CVSS3.5AI score0.03187EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/09/01 12:0 a.m.28 views

WHA Crossword <= 1.1.10 - Contributor+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some parameters, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks...

5.4CVSS3AI score0.00433EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2022/07/18 12:0 a.m.28 views

YaySMTP < 2.2.2 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfilteredhtml capability is disallowed for example in multisite setup PoC Put the following payload in the From Email or From...

4.8CVSS1.7AI score0.00493EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/07/05 12:0 a.m.28 views

WP Visitor Statistics (Real Time Traffic) < 5.8 - Unauthenticated SQLi

The plugin does not properly sanitise and escape some parameters before using them in SQL statements available to unauthenticated users, leading to SQL injection...

9.8CVSS2.8AI score0.03413EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2022/05/24 12:0 a.m.28 views

Ocean Extra < 1.9.5 - Reflected Cross-Site Scripting

The plugin does not escape generated links which are then used when the OceanWP theme is active, leading to a Reflected Cross-Site Scripting issue PoC https://example.com/wp-admin/?step=demo=owpsetup"...

6.1CVSS0.3AI score0.01388EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/05/16 12:0 a.m.28 views

Video Slider - Slider Carousel < 1.4.8 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitize or escape some of its video settings, which could allow high-privileged users to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed PoC Create/edit a video from a slider and put the following payload in the Description: , then save/update the...

4.8CVSS2.3AI score0.00565EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/04/18 12:0 a.m.28 views

MapSVG < 6.2.20 - Unauthenticated SQLi

The plugin does not validate and escape a parameter via a REST endpoint before using it in a SQL statement, leading to a SQL Injection exploitable by unauthenticated users. PoC https://example.com/wp-json/mapsvg/v1/maps/2?id=1%27%20AND%20SELECT%2042%20FROM%20SELECTSLEEP5b--+...

9.8CVSS1.5AI score0.10279EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/04/11 12:0 a.m.28 views

Yoo Slider < 2.1.0 - Arbitrary Slider Creation/Edition via CSRF

The plugin does not have CSRF check in place when creating and editing sliders, which could allow attackers to make a logged in admin create and edit arbitrary slider via a CSRF attack...

4.3CVSS5.2AI score0.00407EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2022/03/28 12:0 a.m.28 views

Easy Digital Downloads < 2.11.6 - Arbitrary Payment Note Insertion via CSRF

The plugin does not have CSRF check in place when inserting payment notes, which could allow attackers to make a logged admin insert arbitrary notes via a CSRF attack PoC...

4.3CVSS5.5AI score0.00469EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2022/03/14 12:0 a.m.28 views

Amelia < 1.0.49 - Customer+ Arbitrary Appointments Status Update

The plugin does not have proper authorisation when managing appointments, allowing any customer to update other's booking status, as well as retrieve sensitive information about the bookings, such as the full name and phone number of the person who booked it. PoC 1. Make a booking to become...

5.5CVSS1.7AI score0.00788EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2022/03/01 12:0 a.m.28 views

Bank Mellat <= 1.3.7 - Reflected Cross-Site Scripting

The plugin does not sanitize and escape the orderId parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting. PoC https://example.com/wp-admin/admin.php?page=bank-mellat="...

6.1CVSS0.3AI score0.00788EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/02/22 12:0 a.m.28 views

Header Footer Code Manager < 1.1.17 - Reflected Cross-Site Scripting

The plugin does not escape the page parameter before outputting it back in an attribute in an admin page, leading to a Reflected Cross-Site Scripting...

6.1CVSS1.3AI score0.02379EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2022/02/22 12:0 a.m.28 views

Advanced Contact form 7 DB < 1.8.7 - Subscriber+ Arbitrary File Deletion

The plugin does not have authorisation nor CSRF checks in the acf7dbeditscrfiledelete AJAX action, and does not validate the file to be deleted, allowing any authenticated user to delete arbitrary files on the web server. For example, removing the wp-config.php allows attackers to trigger WordPre...

8CVSS4.1AI score0.00721EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/02/21 12:0 a.m.28 views

Team Circle Image Slider With Lightbox < 1.0.16 - Reflected Cross-Site Scripting

The plugin does not sanitize and escape the orderpos parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting. PoC https://example.com/wp-admin/admin.php?page=circlethumbnailsliderwithlightboximagemanagementpos=...

6.1CVSS6.2AI score0.00788EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/02/10 12:0 a.m.28 views

Social Media Feather < 2.0.5 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed...

4.8CVSS3.8AI score0.00576EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2022/02/02 12:0 a.m.28 views

CP Blocks < 1.0.15 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape its "License ID" settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml is disallowed. PoC Put the following payloads in the "License ID" setting of the plugin and save: "...

4.8CVSS2.1AI score0.0632EPSS
Exploits5Affected Software1
WPVulnDB
WPVulnDB
added 2021/12/13 12:0 a.m.28 views

Comment Engine Pro <= 1.0 - Editor+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some parameters, allowing high privilege users such as editor and above to perform Stored Cross-Site Scripting attacks...

5.4CVSS3.2AI score0.00552EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2021/11/29 12:0 a.m.28 views

CorreosExpress <= 2.6.0 - Sensitive Information Disclosure

The plugin generates log files which are publicly accessible, and contain sensitive information such as sender/receiver names, phone numbers, physical and email addresses PoC https://example.com/wp-content/plugins/correos-express/log/logcronfunction.txt...

5.3CVSS5AI score0.01179EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2021/10/29 12:0 a.m.28 views

Download Monitor < 4.4.7 - Admin+ Arbitrary File Download

The plugin does not validate files to be downloaded, which could allow high privilege users such as admin to access arbitrary files from the server...

6.8CVSS3.9AI score0.01391EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2021/10/25 12:0 a.m.28 views

Duplicate Post < 1.2.0 - Authenticated SQL Injection

The plugin does not properly sanitise and escape the id parameter passed to the cdpactionhandling AJAX action, which could allow user having access to the plugin by default admins to perform SQL Injection attacks PoC POST /wp-admin/admin-ajax.php HTTP/1.1 Content-Length: 229 Accept: /...

9CVSS1AI score0.09509EPSS
Exploits3References1Affected Software1
WPVulnDB
WPVulnDB
added 2021/10/15 12:0 a.m.28 views

YOP Poll < 6.3.1 - Author+ Stored Cross-Site Scripting via Preview Module

The plugin is affected by a stored Cross-Site Scripting vulnerability, which exists in the Admin preview module where a user with a role as low as author is allowed to execute arbitrary script code within the context of the application. This vulnerability is due to insufficient validation of...

5.4CVSS5.2AI score0.01092EPSS
Exploits0References2Affected Software1
WPVulnDB
WPVulnDB
added 2021/10/11 12:0 a.m.28 views

Storefront Footer Text <= 1.0.1 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitize and escape the "Footer Credit Text" added to pages, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered-html capability is disallowed. PoC The plugin requires the Storefront theme Go to Appearance Customize...

4.8CVSS0.7AI score0.00598EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2021/10/11 12:0 a.m.28 views

Asgaros Forum < 1.15.13 - Unauthenticated SQL Injection

The plugin does not validate and escape user input when subscribing to a topic before using it in a SQL statement, leading to an unauthenticated SQL injection issue PoC https://example.com/forum/?subscribetopic=1%20union%20select%201%20and%20sleep10...

9.8CVSS0.8AI score0.13285EPSS
Exploits3References1Affected Software1
WPVulnDB
WPVulnDB
added 2021/10/04 12:0 a.m.28 views

BP Better Messages < 1.9.9.41 - Reflected Cross-Site Scripting

The plugin sanitise with sanitizetextfield but does not escape the 'subject' parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting issue PoC https://example.com/chat-rooms/?subject=asd%22%20%22%20onmouseover=javascript:alert1;%20test=%22&new-message;=asd...

6.1CVSS0.00912EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2021/09/21 12:0 a.m.28 views

OptinMonster < 2.6.1 - Reflected Cross-Site Scripting (XSS)

The plugin was vulnerable to Reflected Cross-Site Scripting XSS due to insufficient input validation in the loadpreviews function found in the /OMAPI/Output.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 2.6.0...

6.1CVSS4.6AI score0.0075EPSS
Exploits0References2Affected Software1
WPVulnDB
WPVulnDB
added 2021/09/06 12:0 a.m.28 views

Bitcoin / AltCoin Payment Gateway for WooCommerce < 1.6.1 - Reflected Cross-Site Scripting

The plugin does not escape the 's' GET parameter before outputting back in the All Masking Rules page, leading to a Reflected Cross-Site Scripting issue PoC https://example.com/wp-admin/admin.php?page=cs-woo-altcoin-all-coins="...

6.1CVSS0.7AI score0.008EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2021/08/30 12:0 a.m.28 views

TranslatePress < 2.0.9 - Authenticated Stored Cross-Site Scripting

The plugin does not implement a proper sanitisation on the translated strings. The 'trpsanitizestring' function only removes script tag with a regex, still allowing other HTML tags and attributes to execute javascript, which could lead to authenticated Stored Cross-Site Scripting issues. PoC As...

4.8CVSS0.2AI score0.05432EPSS
Exploits5References1Affected Software1
WPVulnDB
WPVulnDB
added 2021/08/25 12:0 a.m.28 views

Advanced Custom Fields < 5.11 - Subscriber+ Arbitrary ACF Data/Field Groups View and Fields Move

Some of the functions did not have proper capability checks in place, allowing low privilege users such as subscribers to view arbitrary ACF data, movie fields, as well as view field groups...

5.1AI score0.02462EPSS
Exploits0References1Affected Software2
WPVulnDB
WPVulnDB
added 2021/08/25 12:0 a.m.28 views

WordPress Real Media Library < 4.14.2 - Author Stored Cross-Site Scripting

The plugin is vulnerable to Stored Cross-Site Scripting via the name parameter in the /inc/overrides/lite/rest/Folder.php file which allows author-level attackers to inject arbitrary web scripts in folder names...

6.4CVSS4.6AI score0.0056EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2021/08/16 12:0 a.m.28 views

Smash Balloon Social Post Feed < 2.19.2 - Unauthenticated Stored XSS

The plugin does not sanitise or escape the feedID POST parameter in its feedlocator AJAX action available to both authenticated and unauthenticated users before outputting a truncated version of it in the admin dashboard, leading to an unauthenticated Stored Cross-Site Scripting issue which will ...

6.1CVSS0.1AI score0.01343EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2021/08/13 12:0 a.m.28 views

Scribble Maps <= 1.2 - Reflected Cross-Site Scripting

The plugin is vulnerable to Reflected Cross-Site Scripting via the map parameter in the /includes/admin.php file which allows attackers to inject arbitrary web scripts...

6.1CVSS4.8AI score0.00895EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
added 2021/08/13 12:0 a.m.28 views

Custom Post Type Relations <= 1.0 - Reflected Cross-Site Scripting

The plugin is vulnerable to Reflected Cross-Site Scripting via the cptrname parameter found in the /pages/admin-page.php file which allows attackers to inject arbitrary web scripts...

4.3CVSS4.4AI score0.00895EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
added 2021/08/09 12:0 a.m.28 views

Titan Framework <= 1.12.1 - Reflected Cross-Site Scripting (XSS)

Description The iframe-font-preview.php file of the titan-framework does not properly escape the font-weight and font-family GET parameters before outputting them back in an href attribute, leading to Reflected Cross-Site Scripting issues Edit WPScanTeam: - The original report mentioned the issue...

6.1CVSS6.2AI score0.01785EPSS
Exploits2
WPVulnDB
WPVulnDB
added 2021/07/27 12:0 a.m.28 views

Blue Admin <= 21.06.01 - CSRF to Stored Cross-Site Scripting (XSS)

The plugin does not sanitise or escape its "Logo Title" setting before outputting in a page, leading to a Stored Cross-Site Scripting issue. Furthermore, the plugin does not have CSRF check in place when saving its settings, allowing the issue to be exploited via a CSRF attack. PoC Add the...

6.8CVSS1.8AI score0.04087EPSS
Exploits5Affected Software1
WPVulnDB
WPVulnDB
added 2021/07/18 12:0 a.m.28 views

Photo Gallery < 1.5.75 - Stored Cross-Site Scripting via Uploaded SVG

The plugin did not ensure that uploaded SVG files added to a gallery do not contain malicious content. As a result, users allowed to add images to gallery can upload an SVG file containing JavaScript code, which will be executed when accessing the image directly ie in the...

4.3CVSS6AI score0.00827EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2021/05/26 12:0 a.m.28 views

Visitors <= 0.3 - Unauthenticated Stored Cross-Site Scripting (XSS)

The plugin is affected by an Unauthenticated Stored Cross-Site Scripting XSS vulnerability. The plugin would display the user's user agent string without validation or encoding within the WordPress admin panel. PoC $ curl -i http://localhost:10008/ --user-agent "alert1...

6.1CVSS0.4AI score0.01303EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2021/04/13 12:0 a.m.28 views

Ultimate Addons for Elementor < 1.30.0 - Contributor+ Stored XSS

The “Ultimate Addons for Elementor” WordPress Plugin before 1.30.0 has several widgets that are vulnerable to stored Cross-Site Scripting XSS by lower-privileged users such as contributors, all via a similar method. These vulnerabilities were discovered and patched by Brainstorm Force after the...

3.5CVSS0.8AI score0.0059EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2021/03/26 12:0 a.m.28 views

Patreon WordPress < 1.7.2 - Reflected XSS on patreon_save_attachment_patreon_level AJAX action

The Jetpack Scan team identified a Reflected Cross-Site Scripting via the patreonsaveattachmentpatreonlevel AJAX action of the plugin. This AJAX hook is used to update the pledge level required by Patreon subscribers to access a given attachment. This action is accessible for user accounts with t...

6.8CVSS2.2AI score0.01758EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
added 2021/03/19 12:0 a.m.28 views

PhastPress < 1.111 - Open Redirect

There is an open redirect in the plugin that allows an attacker to malform a request to a page with the plugin and then redirect the victim to a malicious page. There is also a support comment from another user one year ago https://wordpress.org/support/topic/phast-php-used-for-remote-fetch/ that...

5.8CVSS0.3AI score0.03066EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2021/02/23 12:0 a.m.28 views

YITH WooCommerce Gift Cards Premium < 3.3.1 - RCE via Arbitrary File Upload

"An arbitrary file upload vulnerability in the YITH WooCommerce Gift Cards Premium before 3.3.1 allows remote attackers to achieve remote code execution on the operating system in the security context of the web server. In order to exploit this vulnerability, an attacker must be able to place a...

10CVSS5AI score0.36781EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2021/02/10 12:0 a.m.28 views

Responsive Menu < 4.0.4 - CSRF to Arbitrary File Upload

"Attackers could craft a request and trick an administrator into uploading a zip archive containing malicious PHP files. The attacker could then access those files to achieve remote code execution and further infect the targeted site." PoC...

5.9AI score0.01249EPSS
Exploits2References1Affected Software2
WPVulnDB
WPVulnDB
added 2020/10/29 12:0 a.m.28 views

WordPress < 5.5.2 - Stored XSS in Post Slugs

Description The release notes state: "Thanks to Karim El Ouerghemmi from RIPS who disclosed a method to store XSS in post slugs."...

6.1CVSS7.2AI score0.02611EPSS
Exploits0References2
WPVulnDB
WPVulnDB
added 2020/10/09 12:0 a.m.28 views

Autoptimize < 2.7.8 - Arbitrary File Upload via "Import Settings"

The plugin attempts to delete malicious files such as .php form the uploaded archive via the "Import Settings" feature, after its extraction. However, the extracted folders are not checked and it is possible to upload a zip which contained a directory with PHP file in it and then it is not remove...

1AI score0.13139EPSS
Exploits7Affected Software1
WPVulnDB
WPVulnDB
added 2020/05/18 12:0 a.m.28 views

Ajax Load More < 5.3.2 - Authenticated SQL Injection

The Ajax Load More WordPress plugin was vulnerable to SQL Injection in POST /wp-admin/admin-ajax.php with param repeater=' or sleep5=test. The attacker needs to be authenticated with the editthemeoptions capability, which only administrators have by default. PoC...

7.5AI score0.01205EPSS
Exploits1References2Affected Software1
WPVulnDB
WPVulnDB
added 2019/10/15 12:0 a.m.28 views

Broken Link Checker <= 1.11.8 - Authenticated Cross-Site Scripting (XSS)

The Broken Link Checker WordPress plugin was affected by an Authenticated Cross-Site Scripting XSS security vulnerability...

4.3CVSS2.1AI score0.01647EPSS
Exploits3References4Affected Software1
WPVulnDB
WPVulnDB
added 2019/08/27 12:0 a.m.28 views

Nextgen Gallery < 3.2.11 - SQL Injection

The WordPress Gallery Plugin – NextGEN Gallery WordPress plugin was affected by a SQL Injection security vulnerability...

7.5CVSS2.7AI score0.43353EPSS
Exploits1References2Affected Software1
WPVulnDB
WPVulnDB
added 2019/05/24 12:0 a.m.28 views

Hustle <= 6.0.7 - Unauthenticated CSV Injection

The Hustle – Email Marketing, Lead Generation, Optins, Popups WordPress plugin was affected by an Unauthenticated CSV Injection security vulnerability...

6.8CVSS2AI score0.02238EPSS
Exploits1References2Affected Software1
WPVulnDB
WPVulnDB
added 2018/04/27 12:0 a.m.28 views

PixelYourSite < 5.3.0 - XSS

The PixelYourSite – Your smart PIXEL TAG Manager WordPress plugin was affected by a XSS security vulnerability...

3.5CVSS3.3AI score0.00766EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2018/04/09 12:0 a.m.28 views

WP Live Chat Support < 8.0.06 - Unauthenticated Stored XSS

An unauthenticated user can inject arbitrary javascript code in the admin panel by using the text field "Name" of WP Live Chat Support. The arbitrary code runs on the page wplivechat-menu-history. In the file wp-live-chat-support.php there is no sanitization of $result-id row 4439. WP Live Chat...

4.3CVSS6.6AI score0.0137EPSS
Exploits1References2Affected Software1
WPVulnDB
WPVulnDB
added 2018/01/11 12:0 a.m.28 views

WPGlobus <= 1.9.6 - Stored XSS & CSRF

The WPGlobus – Multilingual Everything! WordPress plugin was affected by a Stored XSS & CSRF security vulnerability...

6.8CVSS2.4AI score0.01024EPSS
Exploits7References2Affected Software1
Total number of security vulnerabilities5000