Lucene search
K
WpvulndbMost viewed

14602 matches found

WPVulnDB
WPVulnDB
added 2021/11/22 12:0 a.m.26 views

WP Visitor Statistics (Real Time Traffic) < 4.8 - Subscriber+ SQL Injection

The plugin does not properly sanitise and escape the refUrl in the refDetails AJAX action, available to any authenticated user, which could allow users with a role as low as subscriber to perform SQL injection attacks PoC...

8.8CVSS8.9AI score0.38298EPSS
Exploits5References2Affected Software1
WPVulnDB
WPVulnDB
added 2021/11/15 12:0 a.m.26 views

Temporary Login Without Password < 1.7.1 - Subscriber+ Plugin's Settings Update

The plugin does not have authorisation and CSRF checks when updating its settings, which could allows any logged-in users, such as subscribers to update them PoC jQuery.post"https://example.com/wp-admin/index.php", "wtlwp-nonce": "foo", // Not validated tlwpsettingsdata: defaultrole: "editor",...

4.3CVSS5AI score0.00347EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2021/11/15 12:0 a.m.26 views

ProfilePress < 3.2.3 - Reflected Cross-Site Scripting

The plugin does not escape the data parameter of the ppgetformsbybuildertype AJAX action before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting issue PoC...

6.1CVSS5.7AI score0.00968EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2021/10/26 12:0 a.m.26 views

About Author Box < 1.0.2 - Contributor+ Stored Cross-Site Scripting

The plugin does not sanitise and escape the Social Profiles field values before outputting them in attributes, which could allow user with a role as low as contributor to perform Cross-Site Scripting attacks. PoC With a role as low as Contributor, put the following payloads in one of the Social...

5.4CVSS0.7AI score0.00604EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2021/10/21 12:0 a.m.26 views

Simple Job Board < 2.9.5 - Admin+ Stored Cross-Site Scripting

The plugin is vulnerable to Stored Cross-Site Scripting due to insufficient escaping on the $jobboardprivacypolicylabel variable echo’d out via the /admin/settings/class-simple-job-board-settings-privacy.php file which allowed attackers with administrative user access to inject arbitrary web...

5.5CVSS5AI score0.00886EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
added 2021/10/15 12:0 a.m.26 views

YOP Poll < 6.3.1 - Author+ Stored Cross-Site Scripting via Options Module

The plugin is affected by a stored Cross-Site Scripting vulnerability which exists in the Create Poll - Options module where a user with a role as low as author is allowed to execute arbitrary script code within the context of the application. This vulnerability is due to insufficient validation ...

5.4CVSS3AI score0.01483EPSS
Exploits0References2Affected Software1
WPVulnDB
WPVulnDB
added 2021/10/06 12:0 a.m.26 views

Formidable Form Builder < 5.0.07 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape its Form's Labels, allowing high privileged users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed PoC Create/edit a form, add the following payload to a Field Label: The XSS will be triggered when...

4.8CVSS2.1AI score0.00654EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2021/09/20 12:0 a.m.26 views

Html5 Audio Player < 2.1.3 - Contributor+ Stored Cross-Site Scripting

The plugin does not sanitise or validate the parameters from its shortcode, allowing users with a role as low as contributor to set Cross-Site Scripting payload in them which will be triggered in the page/s with the embed malicious shortcode PoC Log in as contributor and add the following shortco...

5.4CVSS2.6AI score0.00629EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2021/09/10 12:0 a.m.26 views

Appointment Hour Booking – WordPress Booking Plugin < 1.3.17 - Authenticated Stored XSS

The plugin does not properly sanitize values used when creating new calendars. PoC Open the Appointment Hour Booking Tab. Enter XSS payload like " in new calendar name field. and click on "add new" button. Go back to the Appointment Hour Booking Tab and select "Publish" for any calendar. The XSS...

5.4CVSS0.2AI score0.00604EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2021/08/17 12:0 a.m.26 views

PostX Gutenberg Blocks for Post Grid < 2.4.10 - Missing Access Controls

The plugin performs incorrect checks before allowing any logged in user to perform some ajax based requests, allowing any user to modify, delete or add ultpoptions values. PoC You can run this from a browser's javascript console:...

6.5CVSS1.3AI score0.00693EPSS
Exploits1Affected Software1
WPVulnDB
WPVulnDB
added 2021/08/13 12:0 a.m.26 views

Add Sidebar <= 2.0.0 - Reflected Cross-Site Scripting

The plugin is vulnerable to Reflected Cross-Site Scripting via the add parameter in the /wpsidebarMenu.php file which allows attackers to inject arbitrary web scripts...

6.1CVSS4.8AI score0.00844EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
added 2021/08/13 12:0 a.m.26 views

Skaut bazar < 1.3.3 - Reflected Cross-Site Scripting

The plugin is vulnerable to Reflected Cross-Site Scripting due to the use of $SERVER'PHPSELF' in the /skaut-bazar.php file which allows attackers to inject arbitrary web scripts PoC https://example.com/wp-admin/options-general.php/"/?page=skatubazaroption...

6.1CVSS2.2AI score0.02446EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2021/08/13 12:0 a.m.26 views

Smart Email Alerts <= 1.0.10 - Reflected Cross-Site Scripting

The plugin is vulnerable to Reflected Cross-Site Scripting via the apikey in the /views/settings.php file which allows attackers to inject arbitrary web scripts...

6.1CVSS4.7AI score0.00938EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
added 2021/08/13 12:0 a.m.26 views

WP SEO Tags <= 2.2.7 - Reflected Cross-Site Scripting

The plugin is vulnerable to Reflected Cross-Site Scripting via the saqtxtthefilter parameter in the /wp-seo-tags.php file which allows attackers to inject arbitrary web scripts...

6.1CVSS4.7AI score0.00844EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
added 2021/07/30 12:0 a.m.26 views

Custom Dashboard & Login Page - AGCA < 6.9.2 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its settings, which could allow high privilege users to perform Cross-Site Scripting attacks...

8.2CVSS3.4AI score0.00717EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2021/07/24 12:0 a.m.26 views

Project Status <= 1.6 - Reflected Cross-Site Scripting (XSS)

The pspinduplicatepostsaveasnewpost function of the plugin does not sanitise, validate or escape the post GET parameter passed to it before outputting it in an error message when the related post does not exist, leading to a reflected XSS issue PoC Open the below URL as any authenticated user...

3.5CVSS5.2AI score0.00675EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2021/07/12 12:0 a.m.26 views

Newsmag < 5.0 - Unauthenticated Reflected Cross-site Scripting (XSS)

Description The theme does not sanitise the tdblockid parameter in its tdajaxblock AJAX action, leading to an unauthenticated Reflected Cross-site Scripting XSS vulnerability. Due to a nonce check, this issue is only exploitable on unauthenticated users for as long as the nonce used in the reques...

6.1CVSS6AI score0.01234EPSS
Exploits2
WPVulnDB
WPVulnDB
added 2021/07/01 12:0 a.m.26 views

WP Google Map < 1.7.7 - Authenticated Stored Cross-Site Scripting (XSS)

The plugin did not sanitise or escape the Map Title before outputting them in the page, leading to a Stored Cross-Site Scripting issue by high privilege users, even when the unfilteredhtml capability is disallowed PoC Create a new map. Add an XSS payload to the title. Click "Show as map title". A...

3.5CVSS0.3AI score0.00668EPSS
Exploits2References2Affected Software1
WPVulnDB
WPVulnDB
added 2021/06/29 12:0 a.m.26 views

WP Offload SES Lite < 1.4.5 - Stored Cross-Site Scripting (XSS)

The plugin did not escape some of the fields in the Activity page of the admin dashboard, such as the email's id, subject and recipient, which could lead to Stored Cross-Site Scripting issues when an attacker can control any of these fields, like the subject when filling a contact form for exampl...

5.4CVSS1.1AI score0.00681EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2021/06/28 12:0 a.m.26 views

W3 Total Cache < 2.1.5 - Reflected XSS in Extensions Page (JS Context)

The plugin was affected by a reflected Cross-Site Scripting XSS issue within the "extension" parameter in the Extensions dashboard, when the 'Anonymously track usage to improve product quality' setting is enabled, as the parameter is output in a JavaScript context without proper escaping. This...

4.3CVSS5.8AI score0.01996EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2021/06/07 12:0 a.m.26 views

WP Hardening < 1.2.2 - Reflected XSS via historyvalue

The plugin did not sanitise or escape the historyvalue GET parameter before outputting it in a Javascript block, leading to a reflected Cross-Site Scripting issue. PoC https://example.com/wp-admin/admin.php?page=wphwpharden=...

6.1CVSS0.2AI score0.00827EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2021/05/26 12:0 a.m.26 views

Gallery From Files <= 1.6.0 - Reflected Cross-Site Scripting (XSS)

This plugin gives us the functionality of uploading images to the server. But filenames are not properly sanitized before being output in an error message when they have an invalid extension, leading to a reflected Cross-Site Scripting issue. Due to the lack of CSRF check, the attack could also b...

6.1CVSS6.1AI score0.00412EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2021/05/24 12:0 a.m.26 views

JNews < 8.0.6 - Reflected Cross-Site Scripting (XSS)

The theme did not sanitise the catid parameter in the POST request /?ajax-request=jnews with action=jnewsbuildmegacategory, leading to a Reflected Cross-Site Scripting XSS issue. PoC POST /?ajax-request=jnews HTTP/1.1 Accept: text/html, /; q=0.01 Accept-Language: en-US,en;q=0.5 Accept-Encoding:...

6.1CVSS0.6AI score0.01975EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2021/04/27 12:0 a.m.26 views

WP Fastest Cache < 0.9.1.7 - Authenticated Arbitrary File Deletion via Path Traversal

The plugin did not validate a path parameter, allowing administrators to delete arbitrary files on the server via a path traversal attack...

6.5CVSS5.3AI score0.02625EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2021/04/21 12:0 a.m.26 views

RSS for Yandex Turbo < 1.30 - Authenticated Stored Cross-Site Scripting (XSS)

The plugin did not properly sanitise the user inputs from its Счетчики settings tab before outputting them back in the page, leading to authenticated stored Cross-Site Scripting issues PoC As admin, Navigate to Setting Яндекс.Турбо Счетчики and enter a payload such as " onmouseover="alert1 into a...

3.5CVSS1.8AI score0.0062EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2021/04/20 12:0 a.m.26 views

Kaswara Modern VC Addons (0-day) - Unauthenticated Arbitrary File Upload

The plugin allows unauthenticated arbitrary file upload via the 'uploadFontIcon' AJAX action. The supplied zipfile being unzipped in the wp-content/uploads/kaswara/fontsicon directory with no checks for malicious files such as PHP. The vendor has been unresponsive to both the reporter and Envato,...

7.5CVSS3.5AI score0.4214EPSS
Exploits3References1Affected Software1
WPVulnDB
WPVulnDB
added 2021/04/19 12:0 a.m.26 views

Photo Gallery < 1.5.69 - Multiple Reflected Cross-Site Scripting (XSS)

The plugin was vulnerable to Reflected Cross-Site Scripting XSS issues via the galleryid, tag, albumid and themeid GET parameters passed to the bwgfrontenddata AJAX action available to both unauthenticated and authenticated users PoC...

4.3CVSS1.5AI score0.1445EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2021/03/26 12:0 a.m.26 views

N5 Upload Form <= 1.0 - Unauthenticated Arbitrary File Upload to RCE

The plugin suffers from an arbitrary file upload issue in page where a Form from the plugin is embed, as any file can be uploaded. The uploaded filename might be hard to guess as it's generated with md5uniqidrand, however, in the case of misconfigured servers with Directory listing enabled,...

7.5CVSS1.7AI score0.02207EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2021/03/16 12:0 a.m.27 views

WP Super Cache < 1.7.2 - Authenticated Remote Code Execution (RCE)

The plugin was affected by an authenticated admin+ RCE in the settings page due to input validation failure and weak $cachepath check in the WP Super Cache Settings - Cache Location option. Direct access to the wp-cache-config.php file is not prohibited, so this vulnerability can be exploited for...

9CVSS2.3AI score0.23844EPSS
Exploits3References3Affected Software1
WPVulnDB
WPVulnDB
added 2021/02/04 12:0 a.m.26 views

wpDataTables < 3.4.1 - Unauthenticated SQL Injection

In the default configuration, a simple table can be published in a page that does not require authentication. The table can be searched, and is vulnerable to SQL Injection via the order parameter. An unauthenticated user visiting the page where the table is published can perform a SQL injection...

10CVSS0.7AI score0.04615EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2020/11/25 12:0 a.m.26 views

WP Google Map Plugin < 4.1.5 - Authenticated SQL Injection

The Manage Locations page within the plugin settings was vulnerable to SQL Injection through a high privileged user admin+. Edit WPScanTeam: September 8th, 2020 - Confirmed & Escalated to WP plugins team September 8th, 2020 - WP plugins team investigating November 25th, 2020 - No updates,...

0.01416EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2020/10/31 12:0 a.m.26 views

WordPress < 5.5.2 - Cross-Site Request Forgery (CSRF) to Change Theme Background

Description Erwan, a security researcher from the WPScan team, discovered and responsibly disclosed a Cross-Site Request Forgery CSRF vulnerability that could allow an unauthenticated attacker to change the background image of the theme. For a successful attack, a privileged authenticated WordPre...

4.3CVSS6.7AI score0.01068EPSS
Exploits0References4
WPVulnDB
WPVulnDB
added 2020/10/29 12:0 a.m.26 views

WordPress < 5.5.2 - Disable Spam Embeds from Disabled Sites on a Multisite Network

Description The release notes state: "Props to David Binovec on a fix to disable spam embeds from disabled sites on a multisite network."...

7.5CVSS8.3AI score0.02622EPSS
Exploits0References2
WPVulnDB
WPVulnDB
added 2020/09/22 12:0 a.m.26 views

XCloner Backup and Restore 4.2.1 - 4.2.12 - Unprotected AJAX Action

"This flaw gave authenticated attackers, with subscriber-level or above capabilities, the ability to modify arbitrary files, including PHP files. Doing so would allow an attacker to achieve remote code execution on a vulnerable site’s server. Alternatively, an attacker could create an exploit cha...

6.5CVSS0.9AI score0.24937EPSS
Exploits5References1Affected Software1
WPVulnDB
WPVulnDB
added 2020/08/03 12:0 a.m.26 views

Newsletter < 6.8.2 - Authenticated PHP Object Injection

The ‘restoreoptionsfromrequest‘ function called by the AJAX function ‘tnpcrendercallback‘ runs ‘unserialize’ directly on ‘$options'inlineedits'’ which is provided by user input in the $POST‘options’ parameter. This creates the potential for an Object Injection vulnerability. For example, a user...

6CVSS2.4AI score0.02082EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
added 2020/06/11 12:0 a.m.26 views

WordPress < 5.4.2 - Authenticated Stored XSS via Theme Upload

Description An authenticated user could upload a purposely broken theme and then change the theme's directory name with a Cross-Site Scripting XSS payload. When WordPress warns the user about the broken theme, the XSS payload is then executed. This vulnerability would be difficult to exploit by a...

3.5CVSS4.6AI score0.02805EPSS
Exploits0References4
WPVulnDB
WPVulnDB
added 2020/05/28 12:0 a.m.26 views

Final Tiles Gallery < 3.4.19 - Authenticated Stored Cross-Site Scripting (XSS)

Multiple cross-site scripting vulnerabilities in Final Tiles Gallery 3.4.18 and lower allow remote attackers to inject arbitrary web script or HTML via the Title and Caption fields of an image. Successful exploitation of this vulnerability would allow an authenticated high-privileged user author+...

3.5CVSS0.5AI score0.00892EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2020/04/09 12:0 a.m.26 views

BigBlueButton < 2.2.4 - Reflected Cross-Site Scripting (XSS)

XSS via closed captions because dangerouslySetInnerHTML in React is used...

4.3CVSS1.9AI score0.00947EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2020/03/31 12:0 a.m.26 views

WordPress SEO Plugin - Rank Math < 1.0.41 - Redirect Creation via Unprotected REST API Endpoint

The WordPress SEO Plugin – Rank Math plugin includes a number of optional modules, including a module that can be used to create redirects on a site. In order to add this feature, the plugin registered a REST-API endpoint, rankmath/v1/updateRedirection, which failed to include a permissioncallbac...

5.8CVSS0.1AI score0.02072EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2020/02/25 12:0 a.m.26 views

Photo Gallery < 1.5.46 - Multiple Cross-Site Scripting (XSS) Issues

Multiple cross-site scripting vulnerabilities have been discovered in Photo Gallery Plugin version 1.5.45. The vulnerabilities are caused by improper sanitization of user input in the galleries/image edit page...

3.5CVSS2.7AI score0.01355EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2020/01/11 12:0 a.m.26 views

Houzez < 1.8.4 - Unauthenticated Cross-Site Scripting (XSS)

Two Reflected XSS vulnerability were discovered in the «Houzez - Real Estate WordPress Theme», tested version — v1.8.3.1 Edit WPScanTeam: January 11th, 2020 - Report received & Envato Contacted January 12th, 2020 - Envato Investigating January 27th, 2020 - v1.8.4 released, fixing the issue. PoC...

6.2AI score
Exploits0References2Affected Software1
WPVulnDB
WPVulnDB
added 2019/10/16 12:0 a.m.26 views

EU Cookie Law < 3.1.3 - Authenticated Stored Cross-Site Scripting (XSS)

By exploiting the documented vulnerability, an authenticated attacker with high privileges administrator can execute JavaScript code in a victim's browser. By default, in WordPress, administrator users are allowed to inject JavaScript as they have the unfilteredhtml capability. The affected form...

3.5CVSS2.2AI score0.01033EPSS
Exploits1References4Affected Software1
WPVulnDB
WPVulnDB
added 2019/08/06 12:0 a.m.26 views

Popup Builder <= 3.44 - SQL Injection

The Popup Builder – Responsive WordPress Pop up – Subscription & Newsletter WordPress plugin was affected by a SQL Injection security vulnerability...

7.5CVSS1.1AI score0.02727EPSS
Exploits0References2Affected Software1
WPVulnDB
WPVulnDB
added 2019/07/22 12:0 a.m.26 views

Ultimate Member <= 2.0.53 - Cross-Site Scripting (XSS)

The changelog states: "Added security fixes XSS"...

3.5CVSS1.5AI score0.00882EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
added 2019/06/18 12:0 a.m.26 views

Facebook for WooCommerce <= 1.9.12 - CSRF allowing Option Update

The original issue has been fixed via 1.9.14. However, as additional CSRF checks have been implemented in 1.9.15, the fixed in has been set to 1.9.15...

6.8CVSS3.4AI score0.00693EPSS
Exploits0References2Affected Software1
WPVulnDB
WPVulnDB
added 2019/06/16 12:0 a.m.26 views

WebP Express <= 0.14.10 - Multiple Issues

- Arbitrary File Viewing - CRSF - XSS including https://wpvulndb.com/vulnerabilities/9389 - Unauthorised Access...

5CVSS2AI score0.01779EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2019/05/15 12:0 a.m.26 views

WP Live Chat Support < 8.0.27 - Unauthenticated Stored XSS

The 3CX Live Chat WordPress plugin was affected by an Unauthenticated Stored XSS security vulnerability...

4.3CVSS1.9AI score0.01211EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2019/05/13 12:0 a.m.26 views

Photo Gallery by 10Web <= 1.5.22 - Authenticated XSS

The Photo Gallery by 10Web – Mobile-Friendly Image Gallery WordPress plugin was affected by an Authenticated XSS security vulnerability...

3.5CVSS2.7AI score0.01295EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2019/04/02 12:0 a.m.26 views

WP Google Maps 7.11.00-7.11.17 - Unauthenticated SQL Injection

The includes/class.rest-api.php in the REST API does not sanitize field names before a SELECT statement, leading to an unauthenticated SQL injection issue. PoC curl -k --silent "http://example.com/index.php?restroute=3D/wpgmza/v1/markers/=3D%7B%7D&=fields=3D+from+wpusers+--+-"...

7.5CVSS0.7AI score0.78699EPSS
Exploits6References3Affected Software1
WPVulnDB
WPVulnDB
added 2018/12/13 12:0 a.m.26 views

WordPress <= 5.0 - User Activation Screen Search Engine Indexing

Description According to WordPress: "Team Yoast discovered that the user activation screen could be indexed by search engines in some uncommon configurations, leading to exposure of email addresses, and in some rare cases, default generated passwords."...

7.5CVSS8.4AI score0.06679EPSS
Exploits0References1
Total number of security vulnerabilities5000