Lucene search
K
WpvulndbMost viewed

14602 matches found

WPVulnDB
WPVulnDB
added 2024/05/02 12:0 a.m.26 views

ProfileGrid – User Profiles, Memberships, Groups and Communities < 5.8.0 - Insecure Direct Object Reference

Description The ProfileGrid – User Profiles, Memberships, Groups and Communities plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.7.9 due to missing validation on a user controlled key. This makes it possible for authenticated attacker...

8.8CVSS6.7AI score0.00448EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/24 12:0 a.m.26 views

Master Slider < 3.9.7 - Unauthenticated PHP Object Injection

Description The Master Slider – Responsive Touch Slider plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.9.5 via deserialization of untrusted input. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is...

9.6CVSS7.7AI score0.00492EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/04 12:0 a.m.26 views

Media Library Folders < 8.1.8 - Authenticated (Author+) SQL Injection

Description The Media Library Folders plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 8.1.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated...

8.8CVSS7.3AI score0.00577EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/04 12:0 a.m.26 views

MasterStudy LMS < 3.3.4 - Unauthenticated Local File Inclusion via template

Description The MasterStudy LMS plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.3.3 via the 'template' parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of...

9.8CVSS7.9AI score0.05018EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/04 12:0 a.m.26 views

wp-forecast < 9.3 - Authenticated (Contributor+) Stored Cross-Site Scripting

Description The wp-forecast plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 9.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject...

6.5CVSS5.9AI score0.00348EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/04 12:0 a.m.26 views

Webinar and Video Conference with Jitsi Meet < 2.6.4 - Authenticated (Contributor+) Stored Cross-Site Scripting

Description The Webinar and Video Conference with Jitsi Meet plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.6.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.5CVSS5.8AI score0.0036EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/02 12:0 a.m.26 views

Metform Elementor Contact Form Builder < 3.8.6 - Contributor+ Stored XSS

Description The plugin is vulnerable to Stored Cross-Site Scripting via the plugin's widgets due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web...

6.4CVSS5.8AI score0.00323EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/03/29 12:0 a.m.26 views

Ninja Forms Contact Form < 3.8.1 - Author+ Stored XSS

Description The plugin is vulnerable to Stored Cross-Site Scripting via an image title embedded into a form due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level access and above, to inject arbitrary web scripts in pages...

5.4CVSS5.8AI score0.00343EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/03/20 12:0 a.m.26 views

Pie Register <= 3.8.3.1 - Unauthenticated Arbitrary File Upload

Description The Pie Register plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the piesaveregistration function in versions up to, and including, 3.8.3.1. This makes it possible for unauthenticated attackers to upload arbitrary files on the affect...

10CVSS8.1AI score0.00612EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/03/19 12:0 a.m.26 views

Combo Blocks < 2.2.76 - Unauthenticated Password Protected Posts Access

Description The plugin does not prevent password protected posts from being displayed in the result of some unauthenticated AJAX actions, allowing unauthenticated users to read such posts PoC Open one of the below URL as an unauthenticated user and note that password protected posts are disclosed...

6.7AI score0.16906EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2024/03/19 12:0 a.m.26 views

GamiPress – The #1 gamification plugin to reward points, achievements, badges & ranks in WordPress < 6.8.7 - Authenticated (Contributor+) SQL Injection via Shortcode

Description The GamiPress – The 1 gamification plugin to reward points, achievements, badges & ranks in WordPress plugin for WordPress is vulnerable to SQL Injection via the 'achievementtypes' attribute of the gamipressearnings shortcode in all versions up to, and including, 6.8.6 due to...

8.8CVSS7.2AI score0.00956EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/03/07 12:0 a.m.26 views

Digits < 8.4.2 - Cross-Site Request Forgery to Privilege Escalation

Description The Digits plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 8.4.1. This is due to missing nonce validation in the 'digitssavesettings' function. This makes it possible for unauthenticated attackers to modify the default role of...

8.8CVSS6.6AI score0.00273EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/03/05 12:0 a.m.26 views

Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin < 1.6.6.24 - Cross-Site Request Forgery to Plugin Data Reset

Description The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.6.6.20. This is due to missing or incorrect nonce validation on the ssafactoryreset function. This...

4.7CVSS6.4AI score0.00268EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/02/15 12:0 a.m.26 views

WP Editor < 1.2.8 - Sensitive Information Exposure via log file

Description The plugin stores its logs at a predictable path, making it easy for anyone to leak their content...

5CVSS6.7AI score0.00453EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/02/08 12:0 a.m.26 views

Link Library < 7.6 - Cross-Site Request Forgery via action_admin_init

Description The Link Library plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 7.5.13. This is due to missing or incorrect nonce validation on the actionadmininit function. This makes it possible for unauthenticated attackers to dismissing a notice...

4.3CVSS6.6AI score0.00214EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/02/06 12:0 a.m.26 views

Total Upkeep < 1.15.9 - Improper Authorization to Unauthenticated Arbitrary File Download

Description The Total Upkeep – WordPress Backup Plugin plus Restore & Migrate by BoldGrid plugin for WordPress is vulnerable to unauthorized access of data due to an improper authorization check in all versions up to, and including, 1.15.8. This makes it possible for unauthenticated attackers to...

5CVSS7.1AI score0.00658EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/05 12:0 a.m.26 views

JS Help Desk < 2.8.2 - Unauthenticated SQL Injection via email and trackingid

Description The JS Help Desk – Best Help Desk & Support Plugin plugin for WordPress is vulnerable to SQL Injection via the ‘email' and 'trackingid' parameters in all versions up to 2.8.2 exclusive due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on th...

9.8CVSS7.8AI score0.02041EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/05 12:0 a.m.26 views

Uncanny Automator < 5.1.0.3 - Sensitive Information Exposure via Log File

Description The Uncanny Automator – Automate everything with the 1 no-code automation and integration plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.1.0.2 via the plugin's log file. This makes it possible for unauthenticated...

5.3CVSS6.9AI score0.00444EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/05 12:0 a.m.26 views

Beaver Builder < 2.7.2.1 - Contributor+ Stored XSS

Description The plugin does not sanitise and escape some of its settings available to Contributor and above roles, which could allow them to perform Stored Cross-Site Scripting attacks...

6.5CVSS6AI score0.00321EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/04 12:0 a.m.26 views

Sirv < 7.1.3 - Missing Authorization via sirv_disconnect

Description The Sirv plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the sirvdisconnect function hooked via AJAX in versions up to, and including, 7.1.2. This makes it possible for authenticated attackers, with subscriber-level access a...

8.8CVSS6.7AI score0.00433EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/03 12:0 a.m.26 views

Piotnet Forms Plugin < 1.0.29 - Unauthenticated Arbitrary File Upload

Description The plugin is vulnerable to arbitrary file uploads due to missing file type validation in the 'piotnetformsajaxformbuilder' function, allowing unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible...

9.8CVSS9.9AI score0.00537EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/12/01 12:0 a.m.26 views

Restricted Site Access <= 7.4.1 - IP Spoofing to Protection Mechanism Bypass

Description The Restricted Site Access plugin for WordPress is vulnerable to IP Address Spoofing in versions up to, and including, 6.3.0. This is due to insufficient restrictions on where the IP Address information is being retrieved for user IP Addresses. This makes it possible for attackers to...

7AI score0.0035EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2023/11/23 12:0 a.m.26 views

Advanced Local Pickup for WooCommerce < 1.6.0 - Authenticated (Administrator+) SQL Injection

Description The Advanced Local Pickup for WooCommerce plugin for WordPress is vulnerable to time-based SQL Injection via the id parameter in versions up to, and including, 1.5.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL quer...

7.2CVSS7.5AI score0.00602EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/23 12:0 a.m.26 views

WP Ultimate Exporter < 2.4.2 - Unauthenticated Information Disclosure

Description The WP Ultimate Exporter plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 2.4.1 due to insufficient protection on the directory in which exported files are stored in. This can allow unauthenticated attackers to extract sensitive da...

7.5CVSS7.4AI score0.00531EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/23 12:0 a.m.26 views

Login and Logout Redirect <= 2.0.2 - Open Redirect

Description The Login and Logout Redirect plugin for WordPress is vulnerable to Open Redirect in versions up to, and including, 2.0.2. This is due to insufficient validation on the redirect url supplied via the 'redirectto' parameter. This makes it possible for unauthenticated attackers to redire...

6.1CVSS7AI score0.00414EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2023/11/23 12:0 a.m.26 views

Category SEO Meta Tags <= 2.5 - Cross-Site Request Forgery via csmt_admin_options

Description The Category SEO Meta Tags plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.5. This is due to missing or incorrect nonce validation on the 'csmtadminoptions' function. This makes it possible for unauthenticated attackers to change th...

8.8CVSS6.6AI score0.00261EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2023/10/20 12:0 a.m.26 views

Icegram Express < 5.6.24 - Admin+ Directory Traversal

Description The plugin is not validating the paths of files contained in uploaded zip archives, allowing highly privileged users, such as admins, to write arbitrary files to any part of the file system accessible by the web server via a path traversal vector...

9.1CVSS6.5AI score0.01031EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/10/20 12:0 a.m.26 views

Open User Map | Everybody can add locations < 1.3.27 - Admin+ Stored XSS

Description The plugin does not validate and escape some parameters, which could allow users with the admin role and above to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5.9CVSS5.6AI score0.00316EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/09/18 12:0 a.m.26 views

nuajik CDN <= 0.1.0 - Admin+ Stored XSS

Description The plugin does not validate and escape some parameters, which could allow users with the admin role and above to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5.9CVSS5.6AI score0.00359EPSS
Exploits0
WPVulnDB
WPVulnDB
added 2023/08/30 12:0 a.m.26 views

DoLogin Security < 3.7 - IP Spoofing

Description The plugin uses headers such as the X-Forwarded-For to retrieve the IP address of the request, which could lead to IP spoofing. PoC 1. Send login request with x-forwarded-for: REDACTEDIP 2. See spoofed IP address in the "Login Attempts Log"...

5.3CVSS5.2AI score0.00624EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2023/08/17 12:0 a.m.26 views

tagDiv Composer < 4.2 - Unauthenticated Stored XSS

Description The plugin, used as a companion by the Newspaper and Newsmag themes from tagDiv, does not have authorisation in a REST route and does not validate as well as escape some parameters when outputting them back, which could allow unauthenticated users to perform Stored Cross-Site Scriptin...

6.1CVSS6.1AI score0.01582EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2023/06/20 12:0 a.m.26 views

WooCommerce Bulk Stock Management < 2.2.34 - Reflected XSS

The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin PoC Make a logged in admin open the URL below...

7.1CVSS8.4AI score0.00424EPSS
Exploits1Affected Software1
WPVulnDB
WPVulnDB
added 2023/06/19 12:0 a.m.26 views

Simple Iframe < 1.2.0 - Contributor+ Stored XSS

The plugin does not properly validate one of its WordPress block attribute's content, which may allow users whose role is at least that of a contributor to conduct Stored Cross-Site Scripting attacks. PoC POST /wp-json/wp/v2/posts/60?locale=user HTTP/1.1 Host: 127.0.0.1 Content-Length: 378...

5.4CVSS8.4AI score0.00452EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2023/06/07 12:0 a.m.26 views

Directorist < 7.5.5 - Subscriber+ Arbitrary User Password Reset to Privilege Escalation

The plugin does not properly validates a user sent a valid password reset token, enabling attackers to take over other user accounts, like administrators...

8.8CVSS6.9AI score0.00984EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/06/05 12:0 a.m.26 views

Aajoda Testimonials < 2.2.2 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. PoC 1. In Aajoda » Optional Aajoda Style, insert...

4.8CVSS7.9AI score0.00773EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2023/06/05 12:0 a.m.26 views

KiviCare Management System < 3.2.1 - Subscriber+ Sensitive Information Disclosure

The plugin does not restrict the information returned in a response and returns all user data, allowing low privilege users such as subscriber to retrieve sensitive information such as the user email and hashed password of other users PoC Run the below command in the developer console of the web...

6.5CVSS8.8AI score0.00754EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2023/05/23 12:0 a.m.26 views

ReviewX < 1.6.14 - Subscriber+ Privilege Escalation

The plugin does not validate parameters passed to the rxsetscreenoptions function, allowing any authenticated users, such as subscriber to set themselves as administrators...

8.8CVSS6.7AI score0.1748EPSS
Exploits4References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/05/23 12:0 a.m.26 views

Go Pricing - WordPress Responsive Pricing Tables < 3.4 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admin...

6.4CVSS5.8AI score0.00365EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/05/03 12:0 a.m.26 views

OSM – OpenStreetMap <= 6.01 - Contributor+ Stored XSS via Shortcode

The plugin does not validate and escape some of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack. PoC osmmap mapborder='3px solid black;background:red;width:100px;height:100px;" onmouseover="alert1"'...

5.4CVSS8.3AI score0.00444EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2023/05/02 12:0 a.m.26 views

Login Rebuilder < 2.8.1 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. PoC 1. Go to Settings » Login rebuilder 2. In...

4.8CVSS8.2AI score0.00552EPSS
Exploits3Affected Software1
WPVulnDB
WPVulnDB
added 2023/04/25 12:0 a.m.27 views

Shield Security < 17.0.18 - Unauthenticated Stored XSS

The plugin does not escape the User Agent header retrieved via audit log records, which could allow unauthenticated attackers to perform Stored XSS attacks...

7.2CVSS6.2AI score0.93046EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/04/20 12:0 a.m.26 views

Form Block < 1.0.2 - Form Submission via CSRF

The plugin does not have CSRF checks when submitting forms, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...

6.5CVSS6.3AI score0.00295EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/04/19 12:0 a.m.26 views

Bit Form < 1.9 - RCE via Unauthenticated Arbitrary File Upload

The plugin does not validate the file types uploaded via it's file upload form field, allowing unauthenticated users to upload arbitrary files types such as PHP or HTML files to the server, leading to Remote Code Execution. PoC As an unauthenticated user access a form containing a File Upload for...

9.8CVSS6.9AI score0.01785EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2023/03/27 12:0 a.m.26 views

Continuous Image Carousel With Lightbox < 1.0.16 - Reflected XSS

The plugin does not sanitise and escape some parameters before outputting them back, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

7.1CVSS6.5AI score0.00382EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/03/22 12:0 a.m.26 views

W4 Post List < 2.4.6 - Subscriber+ Password Protected Post Content Disclosure

The plugin does not ensure that password protected posts can be accessed before displaying their content, which could allow any authenticated users to access them PoC Setup: Create a default Post list, and create a password protected post with secret content Then, run the below command in the...

6.5CVSS6.7AI score0.00654EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2023/03/17 12:0 a.m.26 views

WP Popup Banners <= 1.2.5 - Subscriber+ SQLi

The plugin does not properly sanitise and escape the bannerid parameter before using it in a SQL statement, leading to a SQL injection exploitable by any authenticated users, such as subscribers...

8.8CVSS7.7AI score0.0094EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/03/03 12:0 a.m.26 views

Watu Quiz < 3.3.9.1 - Reflected XSS

The plugin does not sanitise and escape some parameters such as email, dn, date and points before outputting then back in a page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin PoC...

6.1CVSS6AI score0.01252EPSS
Exploits3Affected Software1
WPVulnDB
WPVulnDB
added 2023/01/31 12:0 a.m.26 views

WP Statistics < 13.2.11 - Subscriber+ SQLi

The plugin does not properly sanitise and escape some parameters before using them in SQL statements, leading to a SQL injection exploitable by users with a role as low as subscriber...

9.9CVSS2.9AI score0.00731EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/01/28 12:0 a.m.26 views

ShopLentor < 2.5.4 - PHP Object Injection

The plugin unserializes user input from cookies in order to track viewed products and user data, which could lead to PHP Object Injection...

9.8CVSS8.9AI score0.03317EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/01/20 12:0 a.m.26 views

VikRentCar < 1.3.1 - Admin+ Stored XSS

The plugin does not sanitise and escape some parameters, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5.9CVSS4.8AI score0.00392EPSS
Exploits0Affected Software1
Total number of security vulnerabilities5000