Lucene search
K
WpvulndbMost viewed

14602 matches found

WPVulnDB
WPVulnDB
added 2018/09/19 12:0 a.m.26 views

Wechat Broadcast <= 1.2.0 - Local/Remote File Inclusion

This bug was found in the file: /wechat-broadcast/wechat/Image.php echo filegetcontentsisset$GET"url" ? $GET"url" : ''; The parameter "url" it is not sanitized allowing include local or remote files To exploit the vulnerability only is needed use the version 1.0 of the HTTP protocol to interact...

7.5CVSS1AI score0.6307EPSS
Exploits4References2Affected Software1
WPVulnDB
WPVulnDB
added 2018/07/06 12:0 a.m.26 views

Ninja Forms < 3.3.9 - Insufficient Restrictions during Export Personal Data requests

The Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress WordPress plugin was affected by an Insufficient Restrictions during Export Personal Data requests security vulnerability...

6.4CVSS2.9AI score0.01744EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2017/11/08 12:0 a.m.26 views

Simple Membership < 3.5.7 - XSS

The Simple Membership WordPress plugin was affected by a XSS security vulnerability...

4.3CVSS2.5AI score0.00916EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2017/09/08 12:0 a.m.26 views

Mailchimp For WP < 4.1.8 - XSS

The MC4WP: Mailchimp for WordPress WordPress plugin was affected by a XSS security vulnerability...

4.3CVSS1.8AI score0.00905EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2017/03/06 12:0 a.m.26 views

WordPress 4.2-4.7.2 - Press This CSRF DoS

...

4.3CVSS6.3AI score0.02343EPSS
Exploits1References5Affected Software1
WPVulnDB
WPVulnDB
added 2016/12/29 12:0 a.m.26 views

Nelio Ab Testing < 4.5.11 - SSRF

The Nelio AB Testing WordPress plugin was affected by a SSRF security vulnerability...

6.4CVSS3AI score0.01649EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2016/07/19 12:0 a.m.26 views

Icegram <= 1.9.18 - Cross-Site Request Forgery (CSRF) & XSS

The Popups, Welcome Bar, Optins and Lead Generation Plugin – Icegram WordPress plugin was affected by a Cross-Site Request Forgery CSRF & XSS security vulnerability...

4.3CVSS2.3AI score0.00904EPSS
Exploits0References3Affected Software1
WPVulnDB
WPVulnDB
added 2016/05/06 12:0 a.m.26 views

WordPress <= 4.5.1 - Pupload Same Origin Method Execution (SOME)

Description Affects 'wp-includes/js/plupload/plupload.flash.swf'...

6.1CVSS6.4AI score0.05361EPSS
Exploits0References3
WPVulnDB
WPVulnDB
added 2016/05/04 12:0 a.m.26 views

Ninja Forms 2.9.36 to 2.9.42 - Multiple Vulnerabilities

The Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress WordPress plugin was affected by a Multiple Vulnerabilities security vulnerability...

7.5CVSS1.9AI score0.61612EPSS
Exploits4References2Affected Software1
WPVulnDB
WPVulnDB
added 2016/04/13 12:0 a.m.26 views

Admin Font Editor <= 1.8 - Unauthenticated Reflected Cross-Site Scripting (XSS)

The admin-font-editor WordPress plugin was affected by an Unauthenticated Reflected Cross-Site Scripting XSS security vulnerability. PoC http://www.example.com/wp-content/plugins/admin-font-editor/css.php?size=""...

4.3CVSS0.5AI score0.03223EPSS
Exploits2References2Affected Software1
WPVulnDB
WPVulnDB
added 2016/02/03 12:0 a.m.26 views

WP-Invoice <= 4.1.0 - Multiple Vulnerabilities

WP-Invoice plugin = 4.1.0 contains multiple security vulnerabilities that include information disclosure, unauthorised updating of meta data, and privilege escalation...

5CVSS3AI score0.01972EPSS
Exploits6References1Affected Software1
WPVulnDB
WPVulnDB
added 2016/01/06 12:0 a.m.26 views

WordPress 3.7-4.4 - Authenticated Cross-Site Scripting (XSS)

PoC http://www.example.com/wp-admin/customize.php?theme= source: https://twitter.com/brutelogic/status/685105483397619713...

4.3CVSS0.2AI score0.02694EPSS
Exploits2References2Affected Software1
WPVulnDB
WPVulnDB
added 2015/08/29 12:0 a.m.26 views

Captain Slider 1.0.6 - Cross-Site Scripting (XSS)

The captain-slider WordPress plugin was affected by a Cross-Site Scripting XSS security vulnerability...

4.3CVSS1.5AI score0.01177EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
added 2015/06/24 12:0 a.m.26 views

Nextend Facebook Connect <= 1.5.4 - Reflected Cross-Site Scripting (XSS)

The Nextend Social Login and Register WordPress plugin was affected by a Reflected Cross-Site Scripting XSS security vulnerability...

4.3CVSS1.8AI score0.02719EPSS
Exploits1References2Affected Software1
WPVulnDB
WPVulnDB
added 2015/05/02 12:0 a.m.26 views

Slideshow 2.2.8-2.2.21 - Option Value Disclosure

The SlideshowPluginSlideshowStylesheet::loadStylesheetByAJAX function, accessible by unauthenticated users as an AJAX action, can be abused to force the disclosure of arbitrary Wordpress option values...

5CVSS4.1AI score0.03488EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2015/03/24 12:0 a.m.26 views

Backupbuddy - importbuddy.php step Parameter Remote PHP Information Disclosure

The backupbuddy WordPress plugin was affected by an importbuddy.php step Parameter Remote PHP Information Disclosure security vulnerability...

5CVSS1.7AI score0.02136EPSS
Exploits1References2Affected Software1
WPVulnDB
WPVulnDB
added 2015/02/19 12:0 a.m.26 views

Huge IT Slider <= 2.6.8 - SQL Injection

The slider-image WordPress plugin was affected by a SQL Injection security vulnerability...

6.5CVSS7.5AI score0.02446EPSS
Exploits3References1Affected Software1
WPVulnDB
WPVulnDB
added 2015/02/12 12:0 a.m.26 views

Photo Gallery <= 1.2.5 - Unrestricted File Upload

The Photo Gallery by 10Web – Mobile-Friendly Image Gallery WordPress plugin was affected by an Unrestricted File Upload security vulnerability...

6.5CVSS2.6AI score0.45354EPSS
Exploits7References1Affected Software1
WPVulnDB
WPVulnDB
added 2014/12/12 12:0 a.m.26 views

Simple Sticky Footer < 1.3.3 - Multiple CSRF

The Simple Sticky Footer WordPress plugin was affected by a Multiple CSRF security vulnerability...

6.8CVSS2.3AI score0.0117EPSS
Exploits1References3Affected Software1
WPVulnDB
WPVulnDB
added 2014/09/20 7:39 p.m.26 views

VideoWhisper Video Presentation 3.25 - vp/c_login.php room_name Parameter Reflected XSS

The VideoWhisper Video Presentation WordPress plugin was affected by a vp/clogin.php roomname Parameter Reflected XSS security vulnerability...

4.3CVSS2.9AI score0.02023EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
added 2014/09/17 1:32 p.m.26 views

WordPress 3.4.2 - 3.9.2 Does Not Invalidate Sessions Upon Logout

...

2.6CVSS0.8AI score0.02432EPSS
Exploits1References2Affected Software1
WPVulnDB
WPVulnDB
added 2014/09/16 5:10 p.m.26 views

WordPress 3.9 & 3.9.1 Unlikely Code Execution

...

7.5CVSS2.7AI score0.03892EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2014/08/01 10:59 a.m.26 views

LightSpeed - Valums Uploader Shell Upload Exploit

The lightspeed WordPress theme was affected by a Valums Uploader Shell Upload Exploit security vulnerability...

1.2AI score
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2014/08/01 10:59 a.m.26 views

GTranslate 1.0.12 - gtranslate.php Widget Code Editing CSRF

The Translate WordPress with GTranslate WordPress plugin was affected by a gtranslate.php Widget Code Editing CSRF security vulnerability...

2.5AI score
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2014/08/01 10:59 a.m.26 views

JS MultiHotel 2.2.1 - refreshDate.php roomid Parameter Reflected XSS

The js-multihotel WordPress plugin was affected by a refreshDate.php roomid Parameter Reflected XSS security vulnerability...

4.3CVSS2.4AI score0.01986EPSS
Exploits1References2Affected Software1
WPVulnDB
WPVulnDB
added 2014/08/01 10:59 a.m.26 views

SexyBookmarks - Setting Manipulation CSRF

The sexybookmarks WordPress plugin was affected by a Setting Manipulation CSRF security vulnerability...

6.8CVSS2.1AI score0.01085EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2014/08/01 10:59 a.m.26 views

Dropdown Menu Widget 1.9.1 - Script Insertion CSRF

The Dropdown Menu Widget WordPress plugin was affected by a Script Insertion CSRF security vulnerability...

6.8CVSS1.9AI score0.00954EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2014/08/01 10:58 a.m.26 views

wppygments <= 0.3.2 - XSS in ZeroClipboard

The wppygments WordPress plugin was affected by a XSS in ZeroClipboard security vulnerability...

4.3CVSS1.8AI score0.06316EPSS
Exploits4References2Affected Software1
WPVulnDB
WPVulnDB
added 2014/08/01 10:58 a.m.26 views

GD Star Rating 1.9.22 - SQL Injection

The gd-star-rating WordPress plugin was affected by a SQL Injection security vulnerability...

7.5CVSS2.4AI score0.01641EPSS
Exploits0References3Affected Software1
WPVulnDB
WPVulnDB
added 2014/08/01 10:58 a.m.26 views

NextGEN Gallery 1.9.12 - Arbitrary File Upload

The WordPress Gallery Plugin – NextGEN Gallery WordPress plugin was affected by an Arbitrary File Upload security vulnerability...

10CVSS2.8AI score0.19231EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
added 2014/08/01 10:58 a.m.26 views

WP Forum Server 1.6.5 - feed.php topic Parameter SQL Injection

The WP Forum Server WordPress plugin was affected by a feed.php topic Parameter SQL Injection security vulnerability...

7.5CVSS2.4AI score0.05021EPSS
Exploits1References3Affected Software1
WPVulnDB
WPVulnDB
added 2014/08/01 10:58 a.m.26 views

WP Symposium 13.04 - Unvalidated Redirect

The wp-symposium WordPress plugin was affected by an Unvalidated Redirect security vulnerability...

5.8CVSS1.9AI score0.02008EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2014/08/01 10:58 a.m.26 views

Wordfence 3.8.6 - lib/IPTraf.php User-Agent Header Stored XSS

The Wordfence Security – Firewall & Malware Scan WordPress plugin was affected by a lib/IPTraf.php User-Agent Header Stored XSS security vulnerability...

1.3AI score
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2014/08/01 12:0 a.m.26 views

Oberliga - team.php team Parameter SQL Injection

The oberligatheme WordPress theme was affected by a team.php team Parameter SQL Injection security vulnerability...

2.9AI score
Exploits0References2Affected Software1
WPVulnDB
WPVulnDB
added 2014/08/01 12:0 a.m.26 views

VideoWhisper Live Streaming Integration 4.29.6 - videowhisper_streaming.php Multiple Parameter XSS

The Broadcast Live Video – Live Streaming : HTML5, WebRTC, HLS, RTSP, RTMP WordPress plugin was affected by a videowhisperstreaming.php Multiple Parameter XSS security vulnerability...

4.3CVSS1.8AI score0.01143EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2014/08/01 12:0 a.m.26 views

st_newsletter - (stnl_iframe.php) SQL Injection

The stnewsletter WordPress plugin was affected by a stnliframe.php SQL Injection security vulnerability...

7.5CVSS2.6AI score0.02726EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
added 2013/07/03 12:0 a.m.26 views

WordPress 3.5.2 - SWFUpload Content Spoofing

...

1.6AI score0.00959EPSS
Exploits2References4Affected Software1
WPVulnDB
WPVulnDB
added 2010/11/01 12:0 a.m.26 views

Cforms <= 13.1 - 'lib_ajax.php' Cross-Site Scripting (XSS)

The cforms plugin has a XSS vulnerability in file libajax.php with rs and rsargs parameters. It is fixed in version 13.2. The cforms2 fork was forked at 14.6, so it is not affected...

4.3CVSS2.7AI score0.04285EPSS
Exploits3References3Affected Software1
WPVulnDB
WPVulnDB
added 2009/09/27 12:0 a.m.26 views

WP Cumulus < 1.22 - XSS

The wp-cumulus WordPress plugin was affected by a XSS security vulnerability...

4.3CVSS1.9AI score0.01795EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2008/07/09 12:0 a.m.26 views

Tubepress < 1.6.5 - XSS

The TubePress WordPress plugin was affected by a XSS security vulnerability...

4.3CVSS1.5AI score0.00913EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/30 12:0 a.m.25 views

HTML5 Video Player < 2.5.27 - Unauthenticated SQLi

Description The plugin does not sanitize and escape a parameter from a REST route before using it in a SQL statement, allowing unauthenticated users to perform SQL injection attacks PoC % time curl "https://example.com/?restroute=/h5vp/v1/video/1=1'+OR+SELECT+1+FROM+SELECTSLEEP5xyz--+-"...

7.2AI score0.02618EPSS
Exploits6Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/21 12:0 a.m.25 views

LuckyWP Table of Contents <= 2.1.4 - Authenticated(Administrator+) Cross-Site Scripting

Description The LuckyWP Table of Contents plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘Header Title' field in all versions up to and including 2.1.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

5.4CVSS4.6AI score0.00342EPSS
Exploits2References1
WPVulnDB
WPVulnDB
added 2024/05/06 12:0 a.m.25 views

Startklar Elementor Addons < 1.7.14 - Unauthenticated Arbitrary File Upload

Description The Startklar Elementor Addons plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'process' function in the 'startklarDropZoneUploadProcess' class in versions up to, and including, 1.7.13. This makes it possible for...

9.8CVSS8.3AI score0.01444EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/03 12:0 a.m.25 views

Pricing Table by Supsystic < 1.9.13 - Admin+ Content Injection

Description The Pricing Table by Supsystic plugin for WordPress is vulnerable to content injection in all versions up to, and including, 1.9.12. This makes it possible for authenticated attackers, with admin-level access and above, to inject arbitrary content. This is not a security issue by...

4.3CVSS7.2AI score0.00346EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/01 12:0 a.m.25 views

Crelly Slider <= 1.4.5 - Authenticated (Subscriber+) Insecure Direct Object Reference

Description The Crelly Slider plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.4.5 due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with subscriber-level access and above, to perfo...

4.3CVSS6.7AI score0.00411EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/05/01 12:0 a.m.25 views

Payment Gateway Based Fees and Discounts for WooCommerce < 2.12.2 - Cross-Site Request Forgery to Notice Dismissal

Description The Payment Gateway Based Fees and Discounts for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.12.1. This is due to missing or incorrect nonce validation on the dismissnotice function. This makes it possible for...

4.3CVSS6.6AI score0.0034EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/24 12:0 a.m.25 views

Import Content in WordPress & WooCommerce with Excel < 4.3 - Reflected Cross-Site Scripting

Description The Import Content in WordPress & WooCommerce with Excel plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 4.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to...

7.1CVSS6.5AI score0.00338EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/12 12:0 a.m.25 views

Ivory Search – WordPress Search Plugin < 5.5.6 - Subscriber+ Index Creation

Description The plugin is vulnerable to unauthorized modification of data due to a missing capability check on the ajaxcreateindex function in all versions up to, and including, 5.5.5. This makes it possible for authenticated attackers, with subscriber-level access and above, to trigger index...

4.3CVSS6.1AI score0.00445EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/11 12:0 a.m.25 views

Ultimate Maps by Supsystic < 1.2.17 - Cross-Site Request Forgery

Description The Ultimate Maps by Supsystic plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.16. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to perform an unauthorized...

4.3CVSS6.1AI score0.002EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/06 12:0 a.m.25 views

Rehub < 19.6.2 - Unauthenticated Local File Inclusion

Description The Rehub theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 19.6.1. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can ...

9CVSS8.6AI score0.00593EPSS
Exploits0References1Affected Software1
Total number of security vulnerabilities5000