Lucene search
K
WpvulndbMost viewed

14602 matches found

WPVulnDB
WPVulnDB
added 2022/10/19 12:0 a.m.126 views

WP < 6.0.3 - Stored XSS via the Customizer

Description WordPress does not escape some input in the Customizer, which could lead to Stored Cross-Site Scripting issue...

6.2AI score
Exploits0References2
WPVulnDB
WPVulnDB
added 2023/10/13 12:0 a.m.123 views

WP < 6.3.2 - Denial of Service via Cache Poisoning

Description A Denial of Service could occur via Cache Poisoning when the X-HTTP-Method-Override header is sent in a request to the REST API in an heavily cached configuration...

7AI score
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/05/07 12:0 a.m.121 views

Yoast SEO < 22.6 - Reflected Cross-Site Scripting

Description The Yoast SEO plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via URLs in all versions up to, and including, 22.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in...

6.1CVSS6.4AI score0.00832EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/10/17 12:0 a.m.121 views

Snap Pixel <= 1.5.7 - Arbitrary Settings Update via CSRF

Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...

8.8CVSS6.5AI score0.00204EPSS
Exploits0
WPVulnDB
WPVulnDB
added 2017/08/26 12:0 a.m.121 views

Multiple Plugins - Unauthenticated RCE via PHPUnit

There was an Unauthenticated Remote Code Execution RCE vulnerability in PHPUnit, a widely used testing framework for PHP. This vulnerability has been seen exploited in the wild. PoC curl -X POST --data ""...

7.5CVSS1.9AI score0.99999EPSS
Exploits19References2Affected Software3
WPVulnDB
WPVulnDB
added 2023/05/29 12:0 a.m.120 views

Gravity Forms < 2.7.4 - Unauthenticated PHP Object Injection

The plugin unserializes user input via the getfieldinput, which could allow unauthenticated users to perform PHP Object Injection when a suitable gadget is present on the blog...

7AI score0.00616EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2022/10/24 12:0 a.m.118 views

tagDiv Composer < 3.5 - Unauthenticated Account Takeover

Description The plugin, required by the themes, does not properly implement the Facebook login feature, allowing unauthenticated attackers to login as any user by just knowing their email address PoC Run the below command in the developer console of the web browser while being on the blog as an...

9.8CVSS9.6AI score0.03546EPSS
Exploits2
WPVulnDB
WPVulnDB
added 2018/12/11 12:0 a.m.118 views

WP AutoSuggest 0.24 - Unauthenticated SQL Injection

The wp-autosuggest WordPress plugin was affected by an Unauthenticated SQL Injection security vulnerability. PoC sqlmap -u "http://URL/wp-content/plugins/wp-autosuggest/autosuggest.php?wpasaction=querykeys=1" --technique BT --dbms MYSQL --risk 3 --level 5 -p wpaskeys --tamper space2comment...

0.8AI score
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2019/10/15 12:0 a.m.117 views

WordPress <= 5.2.3 - Unauthenticated View Private/Draft Posts

Description This vulnerability could allow an unauthenticated user to view private or draft posts due to an issue within WPQuery. PoC http://wordpress.local/?static=1ℴ=asc...

5.3CVSS6.9AI score0.36503EPSS
Exploits2References4
WPVulnDB
WPVulnDB
added 2021/06/28 12:0 a.m.116 views

ProfilePress 3.0 - 3.1.3 - Arbitrary File Upload in File Uploader Component

There is functionality in the plugin to add file uploads to user registrations and profile updates that had no file type checking in place making it possible for arbitrary files to be uploaded. PoC fh = open'shell.php', 'wb' fh.writeb'\xFF\xD8\xFF\xE0' + b'' fh.close 'Hax0r', 'regemail' =...

9.8CVSS1.4AI score0.06744EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/12/01 12:0 a.m.115 views

Contact Form 7 < 5.8.4 - Authenticated (Editor+) Arbitrary File Upload

Description The Contact Form 7 plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'validate' function and insufficient blocklisting on the 'wpcf7antiscriptfilename' function in versions up to, and including, 5.8.3. This makes it possible f...

7.2CVSS7.6AI score0.01732EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2022/05/18 12:0 a.m.114 views

The School Management < 9.9.7 - Unauthenticated RCE via REST api

The plugin contains an obfuscated backdoor injected in it's license checking code that registers a REST API handler, allowing an unauthenticated attacker to execute arbitrary PHP code on the site. PoC curl -d 'blowfish=1' -d "blowf=system'id';" 'https://examples.com/wp-json/am-member/license'...

5.4AI score0.64321EPSS
Exploits6Affected Software1
WPVulnDB
WPVulnDB
added 2023/03/23 12:0 a.m.113 views

WooCommerce Payments < 5.6.2 - Unauthenticated Privilege Escalation

The plugin has a flaw allowing unauthenticated attackers to create an admin account and take over the blog PoC POST /wp-json/wp/v2/users HTTP/1.1 Host: 127.0.0.1 Upgrade-Insecure-Requests: 1 Accept:...

9.8CVSS9AI score0.86919EPSS
Exploits9References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/29 12:0 a.m.111 views

Yoast SEO < 21.1 - Authenticated (Seo Manager+) Stored Cross-Site Scripting

Description The Yoast SEO plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 21.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with seo manager-level access and above, to inject...

5.9CVSS5.9AI score0.00427EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2022/04/28 12:0 a.m.111 views

All-in-One WP Migration < 7.59 - Admin+ File Deletion on Windows Hosts via Path Traversal

The plugin is vulnerable to arbitrary file deletion via directory traversal due to insufficient file validation via the /lib/model/class-ai1wm-backups.php file which can be exploited by administrative users, and users who have access to the site’s secret key on WordPress instances with Windows...

6.6CVSS4.4AI score0.47495EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2019/10/15 12:0 a.m.109 views

WordPress <= 5.2.3 - Admin Referrer Validation

Description The fix changes the PHP equal identifier == to the identical identifier ===...

8.8CVSS9.2AI score0.02802EPSS
Exploits0References3
WPVulnDB
WPVulnDB
added 2018/12/04 12:0 a.m.107 views

All in One SEO Pack <= 2.9.1.1 - Authenticated Stored Cross-Site Scripting (XSS)

The All in One SEO Pack WordPress plugin was affected by an Authenticated Stored Cross-Site Scripting XSS security vulnerability...

2.1AI score
Exploits0References3Affected Software1
WPVulnDB
WPVulnDB
added 2020/05/07 12:0 a.m.101 views

Ultimate Addons for Elementor < 1.24.2 - Registration Bypass

"The Ultimate Addons for Elementor plugin recently patched a vulnerability in version 1.24.2 that allows attackers to create subscriber-level users, even if registration is disabled on a WordPress site." This vulnerability is being used in conjunction with a 0-day vulnerability in Elementor PRO...

6.4CVSS4.3AI score0.02307EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/06/25 12:0 a.m.100 views

WordPress < 6.5.5 - Contributor+ Stored XSS in Template-Part Block

Description WordPress does not properly escape the "tagName" attribute in the "Template Part block" allowing high-privileged users to perform Stored Cross-Site Scripting XSS attacks. PoC As a contributor, add a "Template Part" block to a post, click on "Start Blank" and then Create. Go into Edito...

5.8AI score
Exploits0References1
WPVulnDB
WPVulnDB
added 2023/10/12 12:0 a.m.100 views

Smarty for WordPress <= 3.1.35 - Settings Update via CSRF

Description The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

8.8CVSS6.4AI score0.00204EPSS
Exploits0
WPVulnDB
WPVulnDB
added 2021/02/08 12:0 a.m.99 views

NextGen Gallery < 3.5.0 - CSRF allows File Upload, Stored XSS, and RCE

It was possible to bypass the "isauthorizedrequest" function used to control access to plugin settings by sending a request without a nonce parameter. This could be used to upload arbitrary code to a CSS file with a double extension e.g. file.php.css, and could also be used to include the uploade...

6.8CVSS1.6AI score0.01375EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
added 2021/04/05 12:0 a.m.98 views

Tutor LMS < 1.8.8 - Authenticated Local File Inclusion

The plugin is affected by a local file inclusion vulnerability through the maliciously constructed subpage parameter of the plugin's Tools, allowing high privilege users to include any local php file PoC https://your.domain/wp-admin/admin.php?page=tutor-tools⊂page=..%2F..%2F..%2F..%2F..%2F..%2Fin...

5.5CVSS2.1AI score0.00778EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2019/03/13 12:0 a.m.98 views

WordPress 3.9-5.1 - Comment Cross-Site Scripting (XSS)

Description According to WordPress: "This release also includes a pair of security fixes that handle how comments are filtered and then stored in the database. With a maliciously crafted comment, a WordPress post was vulnerable to cross-site scripting."...

8.8CVSS8.3AI score0.4375EPSS
Exploits4References3
WPVulnDB
WPVulnDB
added 2021/08/06 12:0 a.m.97 views

Highlight < 0.9.3 - Authenticated Stored Cross-Site Scripting

The plugin does not sanitise its CustomCSS setting, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed PoC Tick the "Enable Highlight" setting of the plugin, and put the following payload in the CustomCSS setting as well:...

5.4CVSS1.3AI score0.00624EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2016/04/19 12:0 a.m.96 views

Google Language Translator <= 5.0.05 - XSS

The Translate WordPress – Google Language Translator WordPress plugin was affected by a XSS security vulnerability...

4.3CVSS1.9AI score0.00951EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2022/10/19 12:0 a.m.95 views

WP < 6.0.3 - Stored XSS via RSS Widget

Description WP does not escape the error messages in the RSS Widget, which could lead to Stored Cross-Site Scripting issue...

6.2AI score
Exploits0References2
WPVulnDB
WPVulnDB
added 2022/03/11 12:0 a.m.93 views

WordPress < 5.9.2 - Prototype Pollution in jQuery

Description The jQuery library used in WordPress is affected by a Prototype Pollution issue...

7.1AI score
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/06/05 12:0 a.m.90 views

Contact Form 7 < 5.9.5 - Unauthenticated Open Redirect

Description The plugin has an open redirect that allows an attacker to utilize a false URL and redirect to the URL of their choosing. PoC 1. Add a form to a footer widget area 2. Disable JavaScript 3. Access the URL: https://example.com/%0a/google.com 4. Fill out the form and submit 5. The...

6.4AI score0.00449EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/23 12:0 a.m.90 views

Slider Revolution < 6.6.16 - Authenticated (Author+) Arbitrary File Upload

Description The Slider Revolution plugin for WordPress is vulnerable to arbitrary file uploads in all versions up to, and including, 6.6.15. This makes it possible for attackers with author-level access and higher to upload arbitrary files on the affected site's server which may make remote code...

8.8CVSS8.1AI score0.0069EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2014/08/01 10:59 a.m.89 views

Jetpack <= 2.9.2 - class.jetpack.php XML-RPC Access Control Bypass

The Jetpack – WP Security, Backup, Speed, & Growth WordPress plugin was affected by a class.jetpack.php XML-RPC Access Control Bypass security vulnerability...

5.8CVSS2.9AI score0.02263EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
added 2020/03/25 12:0 a.m.87 views

Product Lister for Walmart <= 1.0.0 - Unauthenticated RCE via Outdated PHPUnit

The plugin uses an outdated PHPUnit library, which is known to be affected by an unauthenticated RCE issue. February 28th, 2020 - Ticket sent to vendor via https://support.cedcommerce.com/open.php March 6th, 2020 - Update requested to vendor also realised that the ticket was closed w/o reason giv...

7.5CVSS0.3AI score0.99999EPSS
Exploits19References1Affected Software1
WPVulnDB
WPVulnDB
added 2019/09/05 12:0 a.m.87 views

WordPress 5.2.2 - Authenticated Cross-Site Scripting (XSS) in Post Previews

Description From the WordPress version release: "Props to Simon Scannell of RIPS Technologies for finding and disclosing two issues. The first, a cross-site scripting XSS vulnerability found in post previews by contributors. The second was a cross-site scripting vulnerability in stored comments."...

5.4CVSS5.5AI score0.05181EPSS
Exploits3References1
WPVulnDB
WPVulnDB
added 2015/05/19 12:0 a.m.86 views

Simple Backup <= 2.7.10 - Arbitrary File Download

The simple-backup WordPress plugin was affected by an Arbitrary File Download security vulnerability...

2.9AI score
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/29 12:0 a.m.85 views

BuddyForms < 2.8.9 - Unauthenticated Arbitrary File Read and Server-Side Request Forgery

Description The Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions UGC plugin for WordPress is vulnerable to Arbitrary File Read and Server-Side Request Forgery in all versions up to, and including, 2.8.8. This makes it possible for...

8.6CVSS7.1AI score0.00583EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
added 2017/01/26 12:0 a.m.85 views

WordPress 3.5-4.7.1 - WP_Query SQL Injection

...

7.5CVSS1.8AI score0.09933EPSS
Exploits0References2Affected Software1
WPVulnDB
WPVulnDB
added 2023/02/23 12:0 a.m.83 views

BuddyForms < 2.7.8 - Unauthenticated PHAR Deserialization

The plugin does not validate the url parameter of its uploadimagefromurl AJAX action, which could allow unauthenticated attackers to perform PHAR deserialisation granted they an upload a file to the server and a suitable gadget chain is present as well PoC 1. Create a malicious phar file. 2...

9.8CVSS9AI score0.03824EPSS
Exploits5Affected Software1
WPVulnDB
WPVulnDB
added 2022/07/22 12:0 a.m.81 views

VR Calendar < 2.3.2 - Unauthenticated Arbitrary Function Call

The plugin lets any user execute arbitrary PHP functions on the site. PoC https://example.com/wp-admin/admin-post.php?vrccmd=phpinfo...

9.8CVSS1.3AI score0.12442EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/11 12:0 a.m.80 views

POST SMTP Mailer < 2.8.8 - Authorization Bypass via type connect-app API

Description The plugin is vulnerable to unauthorized access of data and modification of data due to a type juggling issue on the connect-app REST endpoint in all versions up to, and including, 2.8.7. This makes it possible for unauthenticated attackers to reset the API key used to authenticate to...

9.8CVSS9.5AI score0.90339EPSS
Exploits6References1Affected Software1
WPVulnDB
WPVulnDB
added 2018/12/10 12:0 a.m.80 views

Contact Form by WPForms < 1.4.8.1 - Unauthenticated Cross-Site Scripting (XSS)

RIPS Technologies identified an Unauthenticated Cross-Site Scripting XSS vulnerability within the WPForms WordPress plugin during their WordPress Security Calendar 2018 research. The date parameter was embedded within JavaScript code without any validation or encoding...

1.2AI score
Exploits0References3Affected Software1
WPVulnDB
WPVulnDB
added 2014/08/01 10:58 a.m.80 views

W3 Total Cache 0.9.2.4 - Username & Hash Extract

The W3 Total Cache WordPress plugin was affected by an Username & Hash Extract security vulnerability...

5CVSS1.6AI score0.02318EPSS
Exploits1References2Affected Software1
WPVulnDB
WPVulnDB
added 2024/02/26 12:0 a.m.79 views

Ultimate Member 2.1.3 - 2.8.2 - Unauthenticated SQL Injection

Description The plugin does not sanitize and escape the sorting parameter before using it in a SQL statement, allowing unauthenticated users to perform SQL injection attacks when the "Enable custom table for usermeta" option is enabled. PoC Requirement: "Enable custom table for usermeta" option t...

9.8CVSS9.7AI score0.89431EPSS
Exploits8References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/24 12:0 a.m.78 views

Elementor Website Builder < 3.16.5 - Missing Authorization to Arbitrary Attachment Read

Description The Elementor Website Builder plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the getinlinesvg function in all versions up to, and including, 3.16.4. This makes it possible for authenticated attackers, with contributor-level acces...

6.7AI score0.01452EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
added 2021/09/09 12:0 a.m.78 views

WordPress 5.4 to 5.8 - Lodash Library Update

Description On September 9, 2021 WordPress version 5.8.1 was released fixing three vulnerabilities. The official blog post states: "The Lodash library has been updated to version 4.17.21 in each branch to incorporate upstream security fixes." The Lodash changelog states that a command injection...

7.8AI score
Exploits0References3
WPVulnDB
WPVulnDB
added 2017/01/11 12:0 a.m.77 views

WordPress 4.3-4.7 - Remote Code Execution (RCE) in PHPMailer

...

6.9AI score0.99714EPSS
Exploits59References5Affected Software1
WPVulnDB
WPVulnDB
added 2024/02/29 12:0 a.m.76 views

Download Manager < 3.2.85 - Unauthenticated File Download

Description The plugin is vulnerable to unauthorized file download of files added via the plugin, allowing unauthenticated attackers to download files added with the plugin even when privately published...

5.3CVSS7.1AI score0.00546EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2016/02/18 12:0 a.m.76 views

ElegantThemes - Privilege Escalation

Description An information disclosure vulnerability was found in the Divi Builder included in our Divi and Extra themes, as well as our Divi Builder plugin which resulted in the potential for user privilege escalation. If properly exploited, it could allow registered users, regardless of role, on...

8.8CVSS8.1AI score0.01865EPSS
Exploits0References2
WPVulnDB
WPVulnDB
added 2023/01/24 12:0 a.m.75 views

LearnPress Plugin < 4.2.0 - Unauthenticated LFI

The plugin does not validate various parameters in the lp/v1/courses/archive-course REST endpoints before using them in include statement, which could lead to LFI issues...

9.8CVSS8.8AI score0.05063EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2020/06/11 12:0 a.m.75 views

WordPress < 5.4.2 - Open Redirection

Description Props to Ben Bidner of the WordPress Security Team for finding an open redirect issue in wpvalidateredirect...

5.7CVSS6AI score0.02328EPSS
Exploits0References3
WPVulnDB
WPVulnDB
added 2019/02/28 12:0 a.m.75 views

WordPress 3.7-5.0 (except 4.9.9) - Authenticated Code Execution

Description An attacker with author privileges can execute arbitrary code by uploading a crafted image containing PHP code in the Exif metadata...

8.8CVSS7.7AI score0.91985EPSS
Exploits10References2
WPVulnDB
WPVulnDB
added 2023/04/03 12:0 a.m.74 views

Ajax Search Lite < 4.11.1, Pro < 4.26.2 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape a parameter before outputting it back in a response of an AJAX action, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin PoC Make a logged in admin open a page with the code below...

6.1CVSS6.2AI score0.00493EPSS
Exploits2Affected Software2
Total number of security vulnerabilities5000