Lucene search
K
WpvulndbMost viewed

14602 matches found

WPVulnDB
WPVulnDB
•added 2023/01/19 12:0 a.m.•26 views

YARPP - Yet Another Related Posts Plugin < 5.30.3 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks PoC v 5.30.3 yarpp template="'...

6.8CVSS4.9AI score0.00707EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2023/01/11 12:0 a.m.•26 views

ResponsiveVoice Text To Speech < 1.7.7 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. PoC responsivevoicebutton voice='"; alert1;...

5.4CVSS2.3AI score0.00623EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2023/01/05 12:0 a.m.•26 views

CPO Companion < 1.1.0 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5.5CVSS2.2AI score0.00537EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2022/12/23 12:0 a.m.•26 views

ProfilePress < 4.5.1 - Admin+ Stored Cross-Site Scripting via Form Settings

The plugin does not sanitize and escape several form fields before outputting them to pages on the site, allowing authenticated admin+ users to inject arbitrary web scripts even when unfiltered html has been disabled such as in a multisite setup...

5.5CVSS1.8AI score0.00634EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
•added 2022/12/20 12:0 a.m.•26 views

Mesmerize Companion < 1.6.135 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. PoC Required...

5.4CVSS0.8AI score0.00575EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/12/09 12:0 a.m.•26 views

WP RSS By Publishers <= 0.1 - Admin+ SQLi

The plugin does not properly sanitize and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin PoC https://example.com/wp-admin/admin.php?page=wsysadminrules=delete=0,1+AND+SELECT+5926+FROM+SELECTSLEEP5erUA...

7.2CVSS1.1AI score0.00983EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
•added 2022/12/05 12:0 a.m.•26 views

Welcart e-Commerce < 2.8.6 - Subscriber+ PHAR Deserialisation

The plugin does not validate user input before using it in fileexist functions via various AJAX actions available to any authenticated users, which could allow users with a role as low as subscriber to perform PHAR deserialisation when they can upload a file and a suitable gadget chain is present...

8.8CVSS2.3AI score0.01073EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/12/05 12:0 a.m.•26 views

Booster for WooCommerce - Reflected Cross-Site Scripting

The plugins do not escape some URLs and parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting...

6.1CVSS2.3AI score0.00406EPSS
Exploits0Affected Software3
WPVulnDB
WPVulnDB
•added 2022/12/02 12:0 a.m.•26 views

Chained Quiz < 1.3.2.4 - Multiple Reflected Cross-Site Scripting

The plugin does not sanitise and escape the ip and date parameters before outputting them back in the chainedquizlist page, which could lead to reflected Cross-Site Scripting...

6.1CVSS1.5AI score0.00881EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/11/28 12:0 a.m.•26 views

Photo Gallery < 1.8.3 - Stored XSS via CSRF

The plugin does not validate and escape some parameters before outputting them back in in JS code later on in another page, which could lead to Stored XSS issue when an attacker makes a logged in admin open a malicious URL or page under their control. Note: The XSS will only trigger for the...

5.4CVSS0.00244EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/11/22 12:0 a.m.•26 views

BeTheme < 26.6.3 - Subscriber+ Stored XSS

The plugin does not sanitise and escape some parameters, which could allow users with a role as low as Subscriber to perform Stored Cross-Site Scripting attacks...

5.4CVSS2.7AI score0.00383EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2022/10/30 12:0 a.m.•26 views

Appointment Booking Calendar < 1.3.70 - Feedback Submission via CSRF

The plugin does not have CSRF check when submitting feedback, which could allow attackers to make logged in users do such action on their behalf via a CSRF attack...

8.8CVSS4.9AI score0.00494EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2022/10/30 12:0 a.m.•26 views

Advanced Dynamic Pricing for WooCommerce < 4.1.6 - Rule Type Migration via CSRF

The plugin does not have CSRF check when migrating rule types, which could allow attackers to make logged in admin perform such action via a CSRF attack...

5.4CVSS5AI score0.00243EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2022/10/30 12:0 a.m.•26 views

Soledad < 8.2.6 - Subscriber+ Cross-Site Scripting

The plugin does not sanitise and escape a parameter, which could allow users with a role as low as subscriber to perform Cross-Site Scripting attacks...

5.4CVSS2.8AI score0.00397EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2022/10/20 12:0 a.m.•26 views

Welcart eCommerce < 2.7.8 - Unauthenticated Arbitrary File Access

The plugin does not validate user input used in a path, which could allow unauthenticated users to read arbitrary files via a traversal attack...

9.8CVSS5AI score0.05116EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/10/05 12:0 a.m.•26 views

LearnPress < 4.1.7.2 - Unauthenticated PHP Object Injection via REST API

The plugin unserialises user input in a REST API endpoint available to unauthenticated users, which could lead to PHP Object Injection when a suitable gadget is present, leadint to remote code execution RCE. To successfully exploit this vulnerability attackers must have knowledge of the site...

8.1CVSS3.5AI score0.01786EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/09/25 12:0 a.m.•27 views

Activity Log < 2.8.4 - CSV Injection

The plugin does not validate data when output it back in a CSV file, which could lead to CSV injection...

9.8CVSS1.9AI score0.00804EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2022/09/05 12:0 a.m.•26 views

All in One SEO < 4.2.4 - Multiple CSRF

The plugin does not have CSRF check in some places, which could allow attackers to make logged in users perform unwanted actions...

8.8CVSS4.3AI score0.00322EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2022/08/29 12:0 a.m.•26 views

Zephyr Project Manager < 3.2.5 - Multiple Unauthenticated SQLi

The plugin does not sanitise and escape various parameters before using them in SQL statements via various AJAX actions available to both unauthenticated and authenticated users, leading to SQL injections PoC POST /wp-admin/admin-ajax.php HTTP/1.1 Accept:...

9.8CVSS1.5AI score0.09675EPSS
Exploits5Affected Software1
WPVulnDB
WPVulnDB
•added 2022/08/25 12:0 a.m.•26 views

About Me <= 1.0.12 - Subscriber+ Arbitrary Network Creation/Deletion

The plugin does not have authorisation and CRSF when adding and deleting networks via AJAX actions, which could allow any authenticated users, such as subscriber to create and delete arbitrary networks...

9.8CVSS4.4AI score0.00779EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2022/08/09 12:0 a.m.•26 views

amCharts: Charts and Maps < 1.4.1 - Contributor+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its parameters, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks...

5.4CVSS3AI score0.00449EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2022/08/09 12:0 a.m.•26 views

Simple Single Sign On <= 4.1.0 - Authentication Bypass

The plugin leaks its OAuth clientsecret, which could be used by attackers to gain unauthorized access to the site. PoC When we click the "Single Sign On" button, the plugin redirects us to the OAuth server to authenticate ourselves if we are not logged in. The button invokes the following URL:...

7.5CVSS0.5AI score0.00619EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
•added 2022/08/08 12:0 a.m.•26 views

String Locator < 2.6.0 - Authenticated PHAR Deserialization

The plugin does not validate a parameter, which could lead to PHAR deserialisation when an attacker manage to upload a malicious file crafted with a suitable gadget chain and having a logged in admin open a malicious link...

8.8CVSS2.9AI score0.01279EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2022/08/01 12:0 a.m.•26 views

LinkWorth Plugin < 3.3.4 - Arbitrary Setting Update via CSRF

The plugin does not implement nonce checks, which could allow attackers to make a logged in admin change settings via a CSRF attack. PoC...

4.3CVSS4.7AI score0.00317EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
•added 2022/08/01 12:0 a.m.•26 views

Enable SVG, WebP & ICO Upload <= 1.0.1 - Author+ Arbitrary File Upload

The plugin does not validate upload files, which could allow users with a role as low as author to upload arbitrary files...

8.8CVSS3.4AI score0.00998EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2022/07/26 12:0 a.m.•26 views

Directorist < 7.3.0 - Subscriber+ Arbitrary E-mail Sending

The plugin does not have authorisation and CSRF checks in an AJAX action, allowing any authenticated users to send arbitrary emails on behalf of the blog PoC fetch"/wp-admin/admin-ajax.php", "headers": "content-type": "application/x-www-form-urlencoded", , "method": "POST", "body":...

4.3CVSS3.8AI score0.00308EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/07/20 12:0 a.m.•27 views

Beaver Builder < 2.5.4.4 - Subscriber+ Arbitrary Post Builder Layout Disabling

The plugin does not have authorisation and CSRF checks in the flbuilderdisable AJAX action, which could allow any authenticated users, such as subscriber to disable the builder layout of arbitrary posts Note: The original advisory mentions the issue has been fixed, however only a CSRF check has...

9.8CVSS3.6AI score0.00751EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2022/07/14 12:0 a.m.•26 views

Slide Anything < 2.3.47 - Author+ Cross Site Scripting in slide title

The plugin does not properly sanitize or escape the slide title before outputting it in the admin pages, allowing a logged in user with roles as low as Author to inject a javascript payload into the slide title even when the unfilteredhtml capability is disabled. An incomplete fix was introduced ...

0.9AI score0.0053EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/06/28 12:0 a.m.•26 views

Request a Quote <= 2.3.7 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. PoC Put the following payload in the Misc No Access Message setting of the plugin: The XSS will ...

4.8CVSS3.2AI score0.00532EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/06/10 12:0 a.m.•26 views

Age Gate < 2.17.1 - Unauthenticated Stored Cross-Site Scripting

The plugin does not sanitise and escape some parameters, which could allow unauthenticated attackers to perform Stored Cross-Site Scripting attacks...

6.1CVSS4.2AI score0.00763EPSS
Exploits1Affected Software1
WPVulnDB
WPVulnDB
•added 2022/06/09 12:0 a.m.•26 views

Social Share Buttons < 2.2.4 - Subscriber+ SQLi

The plugin does not properly sanitise and escape some parameters before using them in SQL statements available to any authenticated users, leading to SQL injections...

8.8CVSS3AI score0.00765EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2022/06/03 12:0 a.m.•26 views

Form - Contact Form <= 1.2.4 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitize and escape Custom text fields, which could allow high-privileged users such as admin to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed PoC Create/edit a form, add a Custom Text field, put the following payload in it: , save the field and...

4.8CVSS2AI score0.00552EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/05/30 12:0 a.m.•26 views

Events Made Easy < 2.2.81 - Unauthenticated SQLi

The plugin does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection PoC Obtain a valid nonce visit the "Events" page, default is /events/, and extract it from the source while looking for...

9.8CVSS0.4AI score0.37369EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/05/18 12:0 a.m.•26 views

HC Custom WP-Admin URL <= 1.4 - Unauthenticated Secret URL Disclosure

The plugin leaks the secret login URL when sending a specific crafted request PoC curl -sIXGET -H "Cookie: validloginslug=1" https://example.com/wp-login.php HTTP/2 302 x-redirect-by: WordPress location: secret...

5.3CVSS5.2AI score0.02621EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/05/09 12:0 a.m.•26 views

User Meta < 2.4.3 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape the Form Name, as well as Shared Field Labels before outputting them in the admin dashboard when editing a form, which could allow high privilege users to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed PoC An an admin -...

4.8CVSS0.7AI score0.00565EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/05/02 12:0 a.m.•26 views

Tabs Responsive < 2.2.8 - Editor+ Stored Cross-Site Scripting

The plugin does not sanitise and escape Tab descriptions, which could allow high privileged users with a role as low as editor to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed PoC Create/edit a Tab via the plugin, and put the following payload in a Tab...

4.8CVSS3.6AI score0.00565EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/05/02 12:0 a.m.•26 views

WP Meta SEO < 4.4.7 - Admin+ Stored Cross-Site Scripting via breadcrumbs

The plugin does not sanitise or escape the breadcrumb separator before outputting it to the page, allowing a high privilege user such as an administrator to inject arbitrary javascript into the page even when unfiltered html is disallowed. PoC As admin, put the following payload in the Breadcrumb...

4.8CVSS0.4AI score0.00646EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/04/28 12:0 a.m.•26 views

Countdown & Clock <= 2.3.2 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfilteredhtml capability is disallowed...

5.9CVSS2.6AI score0.00533EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2022/04/21 12:0 a.m.•26 views

VikBooking Hotel Booking Engine & PMS < 1.5.7 - Stored Cross-Site Scripting via CSRF

The plugin does not have CSRF check in place when adding a tracking campaign, and does not escape the campaign fields when outputting them In attributes. As a result, attackers could make a logged in admin add tracking campaign with XSS payloads in them via a CSRF attack PoC XSS will be triggered...

6.5CVSS1.9AI score0.00513EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/04/13 12:0 a.m.•26 views

BadgeOS <= 3.7.0 - Unauthenticated SQLi

The plugin does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action, leading to an SQL Injection exploitable by unauthenticated users PoC curl 'https://example.com/wp-admin/admin-ajax.php' --data 'action=get-achievementsonly=trueid=11 AND SELECT 9628 FROM...

9.8CVSS2.6AI score0.11725EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/04/04 12:0 a.m.•26 views

Social comments by WpDevArt < 2.5.0 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when unfilteredhtml is disallowed PoC Put the following payload in any of the plugin's text field settings such as Title , Title font-size etc: "...

4.8CVSS3AI score0.00577EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/04/04 12:0 a.m.•26 views

LifterLMS PayPal < 1.4.0 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape some parameters from the payment confirmation page before outputting them back in the page, leading to a Reflected Cross-Site Scripting issue PoC https://example.com/purchase/confirm-payment/?order=order-xxxxxxx=aa"...

6.1CVSS0.6AI score0.00918EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
•added 2022/03/21 12:0 a.m.•26 views

Salon booking system < 7.6.3 - Customer+ Bookings/Customers Data Disclosure

The plugin does not have proper authorisation in some of its endpoints, which could allow customers to access all bookings and other customer's data PoC Make a booking to get a customer account Login via API and get access token: curl...

7.5CVSS0.9AI score0.01431EPSS
Exploits2Affected Software2
WPVulnDB
WPVulnDB
•added 2022/03/21 12:0 a.m.•26 views

Easy Smooth Scroll Links < 2.23.1 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed PoC Put the following payload in any text field settings of the plugin for example Scroll Speed...

4.8CVSS2.1AI score0.00588EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/03/16 12:0 a.m.•26 views

Download Manager < 3.2.39 - Unauthenticated brute force of files master key

The plugin uses the uniqid php function to generate the master key for a download, allowing an attacker to brute force the key with reasonable resources giving direct download access regardless of role based restrictions or password protections set for the download. PoC...

7.5CVSS2.9AI score0.0151EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/03/07 12:0 a.m.•26 views

Wow Countdowns <= 3.1.2 - Admin+ SQLi

The plugin does not sanitize user input into the 'did' parameter and uses it in a SQL statement, leading to an authenticated SQL Injection. PoC https://example.com/wp-admin/admin.php?page=mwp-countdown=del=1+AND+SELECT+5382+FROM+SELECTSLEEP5PpNt...

7.2CVSS0.01306EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/02/16 12:0 a.m.•26 views

Login with phone number < 1.3.7 - Unauthenticated remote plugin deletion

The plugin includes a file delete.php with no form of authentication or authorization checks placed in the plugin directory, allowing unauthenticated user to remotely delete the plugin files leading to a potential Denial of Service situation. PoC...

6.5CVSS1.7AI score0.01419EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
•added 2022/01/26 12:0 a.m.•26 views

LearnPress < 4.1.5 - Arbitrary Image Renaming

Users of the plugin can upload an image as a profile avatar after the registration. After this process the user crops and saves the image. Then a "POST" request that contains user supplied name of the image is sent to the server for renaming and cropping of the image. As a result of this request,...

4.3CVSS4.5AI score0.03205EPSS
Exploits5References2Affected Software1
WPVulnDB
WPVulnDB
•added 2021/12/28 12:0 a.m.•26 views

UpdraftPlus < 1.16.69 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape the updraftrestore parameter before outputting it back in the Restore page, leading to a Reflected Cross-Site Scripting PoC...

6.1CVSS0.2AI score0.008EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2021/11/22 12:0 a.m.•26 views

WP Visitor Statistics (Real Time Traffic) < 4.8 - Subscriber+ SQL Injection

The plugin does not properly sanitise and escape the refUrl in the refDetails AJAX action, available to any authenticated user, which could allow users with a role as low as subscriber to perform SQL injection attacks PoC...

8.8CVSS8.9AI score0.38298EPSS
Exploits5References2Affected Software1
Total number of security vulnerabilities5000