Lucene search
K
WpvulndbMost viewed

14602 matches found

WPVulnDB
WPVulnDB
added 2024/01/24 12:0 a.m.27 views

GiveWP < 3.3.0 - Contributor+ Stored XSS

Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admin...

4.9CVSS5.7AI score0.00332EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/24 12:0 a.m.27 views

ColorMag < 3.1.3 - Missing Authorization to Arbitrary Plugin Installation

Description The plugin is vulnerable to unauthorized access due to a missing capability check on the pluginactioncallback function in all versions up to, allowing authenticated attackers, with subscriber-level access and above, to install and activate arbitrary plugins...

4CVSS6.9AI score0.01301EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/20 12:0 a.m.27 views

Schema & Structured Data for WP & AMP < 1.26 - Contributor+ Stored Cross-Site Scripting

Description The plugin is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 1.25 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with...

6.5CVSS5.9AI score0.0034EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/12 12:0 a.m.27 views

Taggbox < 3.2 - Unauthenticated PHP Object Injection

Description The Tagbox – UGC Galleries, Social Media Widgets, User Reviews & Analytics plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.1 via deserialization of untrusted input. This makes it possible for unauthenticated attackers to inject a PHP...

10CVSS9.7AI score0.00645EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/12 12:0 a.m.27 views

WP Job Manager < 2.1.0 - Unauthenticated Job Status Update

Description The plugin does not properly authorize the use of some endpoints, allowing an unauthenticated attacker to update job statuses...

5.3CVSS7.2AI score0.00381EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/05 12:0 a.m.27 views

Related Post < 2.0.54 - Authenticated (Contributor+) Stored Cross-Site Scripting

Description The Related Post plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 2.0.53 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

6.5CVSS5.9AI score0.00328EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/05 12:0 a.m.27 views

eCommerce Product Catalog < 3.3.27 - Sensitive Information Exposure via CSV Files

Description The eCommerce Product Catalog Plugin for WordPress plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to 3.3.27 exclusive via import and export CSV files. This makes it possible for unauthenticated attackers to extract sensitive data including full...

7.5CVSS6.8AI score0.0048EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/05 12:0 a.m.27 views

404 Solution < 2.33.1 - Sensitive Information Exposure via Log File

Description The 404 Solution plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.33.0 via the plugin's log file. This makes it possible for unauthenticated attackers to extract sensitive data including plugin configuration and debug data...

5.3CVSS5.5AI score0.00435EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/01/04 12:0 a.m.27 views

Quotes for WooCommerce < 2.0.2 - Missing Authorization

Description The Quotes for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to missing capability checks on the qwcupdatestatus and qwcsendquote functions hooked via AJAX in all versions up to, and including, 2.0.2. This makes it possible for authenticated...

6.7AI score0.00261EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/04 12:0 a.m.27 views

Anti Hacker < 4.35 - Cross-Site Request Forgery via antihacker_ajax_scan

Description The Disable Json API, Login Lockdown, XMLRPC, Pingback, Stop User Enumeration Anti Hacker Scan plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to 4.35 exclusive. This is due to missing or incorrect nonce validation on the 'antihackerajaxscan'...

8.8CVSS6.6AI score0.00196EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/04 12:0 a.m.27 views

Advanced Access Manager < 6.9.16 - Contributor+ Stored XSS

Description The plugin does not sanitise and escape some parameters, which could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks...

6.5CVSS5.9AI score0.00309EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/04 12:0 a.m.27 views

BuddyPress < 11.3.2 - Contributor+ Stored XSS

Description The plugin does not validate and escape some of its Members/Groups block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

6.5CVSS5.9AI score0.0036EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/12/26 12:0 a.m.27 views

Colibri Page Builder < 1.0.248 - Contributor+ Stored XSS

Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

6.5CVSS5.9AI score0.0037EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/12/23 12:0 a.m.27 views

Advanced Category Template <= 0.1 - Cross-Site Request Forgery

Description The Advanced Category Template plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.1. This is due to missing or incorrect nonce validation on an unknown function. This makes it possible for unauthenticated attackers to perform an...

8.8CVSS6.8AI score0.00286EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2023/12/23 12:0 a.m.27 views

Event Management Tickets Booking <= 1.3.4 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5.9CVSS5.2AI score0.00325EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2023/12/22 12:0 a.m.27 views

Backup Migration < 1.4.0 - Authenticated (Admin+) OS Command Injection via url

Description The Backup Migration plugin for WordPress is vulnerable to OS Command Injection in all versions up to, and including, 1.3.9 via the 'url' parameter. This vulnerability allows authenticated attackers, with administrator-level permissions and above, to execute arbitrary commands on the...

7.2CVSS7.9AI score0.45898EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/12/20 12:0 a.m.27 views

Limit Login Attempts Reloaded < 2.25.27 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

Description The Limit Login Attempts Reloaded plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 2.25.26 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible...

6.4CVSS5.6AI score0.0043EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/12/08 12:0 a.m.27 views

KP Fastest Tawk.to Chat <= 1.1.1 - Authenticated (Administrator+) Stored Cross-Site Scripting

Description The KP Fastest Tawk.to Chat plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

5.9CVSS5.5AI score0.00374EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2023/12/08 12:0 a.m.27 views

BigCommerce <= 5.0.7 - Unauthenticated Sensitive Information Exposure

Description The BigCommerce For WordPress plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.0.7. This makes it possible for unauthenticated attackers to extract sensitive data...

7.5CVSS7.9AI score0.00443EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2023/11/29 12:0 a.m.27 views

Enfold < 5.6.5 - Reflected Cross-Site Scripting

Description The Enfold - Responsive Multi-Purpose Theme theme for WordPress is vulnerable to Reflected Cross-Site Scripting via an unknown parameter in all versions up to, and including, 5.6.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...

7.1CVSS6.5AI score0.00403EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/29 12:0 a.m.27 views

HUSKY – Products Filter for WooCommerce (formerly WOOF) < 1.3.4.3 - Missing Authorization via woof_meta_get_keys()

Description The HUSKY – Products Filter for WooCommerce formerly WOOF plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the woofmetagetkeys function in versions up to, and including, 1.3.4.2. This makes it possible for authenticated attackers,...

6.7AI score0.00477EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/29 12:0 a.m.27 views

WP Shortcodes Plugin — Shortcodes Ultimate < 7.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

Description The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's sumeta shortcode combined with post meta data in all versions up to, and including, 5.13.3 due to insufficient input sanitization and output escaping on us...

6.4CVSS5.7AI score0.00485EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/24 12:0 a.m.27 views

Essential Blocks <= 4.2.0 - Unauthenticated PHP Object Injection via products

Description The Essential Blocks plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 4.2.0 via deserialization of untrusted input in the getproducts function. This allows unauthenticated attackers to inject a PHP Object. No POP chain is present in the...

9.8CVSS7.8AI score0.0134EPSS
Exploits3References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/24 12:0 a.m.27 views

Shortcodes and extra features for Phlox theme < 2.15.0 - Unauthenticated Local File Inclusion

Description The Shortcodes and extra features for Phlox theme plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.14.0. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution ...

8.2AI score0.00675EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/23 12:0 a.m.27 views

Actueel Financieel Nieuws – Denk Internet Solutions <= 5.2.0 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5.9CVSS5.7AI score0.00444EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2023/11/23 12:0 a.m.27 views

MainWP Dashboard < 4.5.1.3 - Authenticated(Administrator+) CSS Injection

Description The MainWP Dashboard – WordPress Manager for Multiple Websites Maintenance plugin for WordPress is vulnerable to CSS Injection via the ‘newColor’ parameter in all versions up to, and including, 4.5.1.2 due to insufficient input sanitization. This makes it possible for authenticated...

4.8CVSS7.1AI score0.00395EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/23 12:0 a.m.27 views

AI ChatBot < 4.9.1 and 4.9.2 - Authenticated (Subscriber+) Directory Traversal to Arbitrary File Write via qcld_openai_upload_pagetraining_file

Description The AI ChatBot for WordPress is vulnerable to Directory Traversal in versions up to, and including, 4.8.9 as well as 4.9.2 via the qcldopenaiuploadpagetrainingfile function. This allows subscriber-level attackers to append "...

9.6CVSS7AI score0.02066EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/20 12:0 a.m.27 views

EazyDocs < 2.3.4 - Subscriber + SQLi

Description The plugin does not properly sanitize and escape "data" parameter before using it in an SQL statement via an AJAX action, which could allow any authenticated users, such as subscribers, to perform SQL Injection attacks. PoC 1. Create a document then create some sections in the documen...

8.8CVSS7.5AI score0.00853EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2023/10/20 12:0 a.m.27 views

Form Maker by 10Web < 1.15.19 - Reflected XSS

Description The plugin does not sanitise and escape some parameters before outputting them back in the page, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

7.1CVSS6.1AI score0.00354EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/10/17 12:0 a.m.27 views

Post Gallery <= 2.3.12 - Arbitrary Settings Update via CSRF

Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...

8.8CVSS6.5AI score0.00214EPSS
Exploits0
WPVulnDB
WPVulnDB
added 2023/10/09 12:0 a.m.27 views

Timthumb Scanner <= 1.54 - Scan Initialisation via CSRF

Description The plugin does not have CSRF check when starting a scan, which could allow attackers to make logged in admins perform such action via a CSRF attack...

8.8CVSS6.4AI score0.00227EPSS
Exploits0
WPVulnDB
WPVulnDB
added 2023/10/09 12:0 a.m.27 views

Memberlite Shortcodes < 1.3.9 - Contributor+ Stored XSS via Shortcode

Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admin. Po...

5.4CVSS5.4AI score0.00449EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/08/10 12:0 a.m.27 views

Contact Form Generator < 2.6.0 - Reflected XSS

Description The plugin does not sanitise and escape some parameters before outputting them back in the page, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

7.1CVSS5.7AI score0.01231EPSS
Exploits3Affected Software1
WPVulnDB
WPVulnDB
added 2023/08/07 12:0 a.m.27 views

wpShopGermany IT-RECHT KANZLEI < 1.8 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5.9CVSS5.4AI score0.00316EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/07/29 12:0 a.m.27 views

Ninja Forms < 3.6.26 - Subscriber+ Form Entries Export

Description The plugin does not have proper authorisation check in the processing function, which could allow any authenticated users, such as subscriber to export and download submitted form entries...

6.2AI score0.00427EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/06/05 12:0 a.m.27 views

Social Media Share Buttons & Social Sharing Icons < 2.8.2 - Admin+ Stored XSS

The plugin does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example, in multisite setup. PoC Put the payload in any text field of the "8 ...

4.8CVSS8AI score0.00477EPSS
Exploits3Affected Software1
WPVulnDB
WPVulnDB
added 2023/05/24 12:0 a.m.27 views

MStore API < 3.9.3 - Authentication Bypass

The plugin does not properly verify the user provided when adding listing via its REST API, allowing unauthenticated users to login as an arbitrary user by providing their ID...

9.8CVSS7AI score0.67511EPSS
Exploits3Affected Software1
WPVulnDB
WPVulnDB
added 2023/05/22 12:0 a.m.27 views

Rank Math SEO PRO < 3.0.36 - Unauthenticated Reflected XSS

The plugin does not sanitize and escape a parameter before outputting it back in the page, allowing an unauthenticated attacker to inject web scripts that will execute when a visitor follows a crafted link to the page...

7.1CVSS7.1AI score0.00382EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/05/10 12:0 a.m.27 views

Seo By 10Web < 1.2.7 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. PoC 1. Go to SEO by 10Web » Sitemap section. 2...

4.8CVSS8AI score0.00909EPSS
Exploits3Affected Software1
WPVulnDB
WPVulnDB
added 2023/04/17 12:0 a.m.27 views

Ultimate Carousel For WPBakery Page Builder <= 2.6 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. The plugin author was made aware of this...

5.4CVSS5.4AI score0.00444EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2023/04/10 12:0 a.m.27 views

Advanced Custom Fields < 6.1.0 - Contributor+ PHP Object Injection

The plugin unserializes user controllable data, which could allow users with a role of Contributor and above to perform PHP Object Injection when a suitable gadget is present. PoC Setup As admin - To simulate a gadget chain, put the following code in a plugin: class Evil public function wakeup :...

8.8CVSS9.5AI score0.0108EPSS
Exploits3Affected Software2
WPVulnDB
WPVulnDB
added 2023/02/28 12:0 a.m.27 views

OAuth Single Sign On - SSO (OAuth Client) Standard < 28.4.9 - IdP Deletion via CSRF

The plugin does not have CSRF checks when deleting Identity Providers IdP, which could allow attackers to make logged in admins delete arbitrary IdP via a CSRF attack PoC https://example.com/wp-admin/admin.php?page=mooauthsettings=config=delete=wordpress...

6.5CVSS6.6AI score0.00442EPSS
Exploits5Affected Software1
WPVulnDB
WPVulnDB
added 2023/02/21 12:0 a.m.27 views

ProfilePress < 4.5.5 - Reflected XSS

The plugin does not sanitise and escape various parameters before outputting them back in pages, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

7.1CVSS5.7AI score0.00411EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/02/07 12:0 a.m.27 views

Wicked Folders < 2.18.17 - Folder Structure Update via CSRF

The plugin does not have CSRF checks when managing its folder structure such as moving, deleting, creating etc folders, which could allow attackers to make logged admins perform such actions via CSRF attacks...

5.4CVSS5.4AI score0.00322EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/02/06 12:0 a.m.27 views

A2 Optimized WP < 3.0.5 - Data Collection Toggle via CSRF

The plugin does not have CSRF check in place when toggling its data Collection settings, which could allow attackers to make a logged in admin enabled/disable it via a CSRF attack...

4.3CVSS5.1AI score0.00233EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/01/12 12:0 a.m.27 views

Tutor LMS < 2.0.10 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape the resetkey and userid parameters before outputting then back in attributes, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin PoC...

6.1CVSS0.7AI score0.01347EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2023/01/12 12:0 a.m.27 views

Login with Phone Number < 1.4.2 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape the ID parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin PoC https://example.com/wp-admin/admin-ajax.php?action=lwpforgotpassword=...

8.8CVSS0.7AI score0.57397EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2022/12/24 12:0 a.m.27 views

Conditional Payment Methods for WooCommerce <= 1.0 - Admin+ SQLi

The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin|users with a role as low as admin. PoC...

7.2CVSS1.8AI score0.00945EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2022/12/23 12:0 a.m.27 views

ProfilePress < 4.5.1 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitize and escape the ‘wpusercoverdefaultimageurl parameter before outputting it to the pages on the site, allowing an authenticated admin+ user to inject arbitrary web scripts even when unfilteredhtml has been disabled such as in a multisite setup...

5.5CVSS1.3AI score0.00679EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2022/12/22 12:0 a.m.27 views

3D FlipBook < 1.13.3 - Contributor+ Stored XSS

The plugin does not validate or escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks against high privilege users like administrators. PoC 1. As an administrator,...

6.1CVSS2AI score0.00534EPSS
Exploits2Affected Software1
Total number of security vulnerabilities5000