Lucene search
K
WpvulndbMost viewed

14603 matches found

WPVulnDB
WPVulnDB
added 2023/11/23 12:0 a.m.25 views

Multi-column Tag Map < 17.0.27 - Cross-Site Request Forgery

Description The Multi-column Tag Map plugin for WordPress is vulnerable to Cross-Site Request Forgery due to a missing nonce check on the scmcTagMappluginoptions function in versions up to, and including, 17.0.26. This makes it possible for unauthenticated attackers to update the plugin's setting...

6.8AI score0.00412EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/23 12:0 a.m.25 views

Embed Privacy < 1.8.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

Description The Embed Privacy plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'embedprivacyoptout ' shortcode in all versions up to, and including, 1.8.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possib...

6.5CVSS7.8AI score0.00527EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/21 12:0 a.m.25 views

WP All Export (Free < 1.4.0, Pro < 1.8.6) - Admin+ RCE

Description The plugin does not validate and sanitise the wpquery parameter which allows an attacker to run arbitrary command on the remote server PoC 1. Go to "All Export" "New Export" 2. Select "WP Query Results" as the export type 3. Enter the payload phpinfo for the query. 4. Click...

7.2CVSS9.7AI score0.01151EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2023/10/31 12:0 a.m.25 views

Contact Form to DB by BestWebSoft < 1.7.2 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Description Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in BestWebSoft Contact Form to DB by BestWebSoft – Messages Database Plugin For WordPress contact-form-to-db allows SQL Injection.This issue affects Contact Form to DB by BestWebSoft –...

9.8CVSS7.2AI score0.00716EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/10/11 12:0 a.m.25 views

ChatBot < 4.7.9 - CSRF

Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...

8.8CVSS6.5AI score0.00214EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/09/20 12:0 a.m.25 views

Funnelforms Free < 3.4 Unauthenticated Stored Cross-Site Scripting

Description The plugin does not sanitise and escape some parameters, which could allow unauthenticated users to perform Cross-Site Scripting attacks PoC 1. Create a contact form 2. Embed the contact form shortcode on a post or page. 3. As an Unauthitncated user, inject the inputs for a malicious...

6.1CVSS6.1AI score0.0047EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2023/09/18 12:0 a.m.25 views

Easy Admin Menu <= 1.3 - Admin+ Stored XSS

Description The plugin does not validate and escape some parameters, which could allow users with the admin role and above to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5.9CVSS4.8AI score0.00366EPSS
Exploits0
WPVulnDB
WPVulnDB
added 2023/09/11 12:0 a.m.25 views

File Manager Pro < 1.8 - Remote Code Execution via CSRF

Description The plugin does not properly check the CSRF nonce in the fsconnector AJAX action. This allows attackers to make highly privileged users perform unwanted file system actions via CSRF attacks by using GET requests, such as uploading a web shell. PoC As a Super Admin, run the following...

8.8CVSS8.5AI score0.06838EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/09/07 12:0 a.m.25 views

WP 404 Auto Redirect to Similar Post <= 1.0.3 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5.9CVSS5.4AI score0.00316EPSS
Exploits0
WPVulnDB
WPVulnDB
added 2023/08/14 12:0 a.m.25 views

123.chat < 1.3.1 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC In the plugin's "User-ID" setting...

4.8CVSS4.9AI score0.00399EPSS
Exploits2
WPVulnDB
WPVulnDB
added 2023/08/07 12:0 a.m.25 views

Rank Math SEO < 1.0.119.1 - Contributor+ Stored XSS

Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

6.5CVSS5.6AI score0.00332EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/07/24 12:0 a.m.25 views

WP Brutal AI < 2.06 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. PoC In the plugin settings, for a...

4.8CVSS4.7AI score0.01973EPSS
Exploits3Affected Software1
WPVulnDB
WPVulnDB
added 2023/07/10 12:0 a.m.25 views

Grid Kit Premium < 2.2.0 - Multiple Reflected Cross-Site Scripting

The plugin does not escape some parameters as well as generated URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin PoC Make a logged in admin open one of the URL below...

6.3AI score0.00396EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2023/06/28 12:0 a.m.25 views

Active Directory Integration / LDAP Integration < 4.1.6 - Sensitive Information Disclosure

The plugin will expose Sensitive Information due to insufficient sanitization of the supplied username value...

8.6CVSS6.8AI score0.00532EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/06/20 12:0 a.m.25 views

BookIt < 2.3.8 - Authentication Bypass

The plugin does not perform any authorisation check when a user book an appointment using an email from an existing account, allowing unauthenticated attackers to login as any user from the blog by providing their email address PoC On a page where the bookit is embed, book an appointment using an...

9.8CVSS9AI score0.01914EPSS
Exploits3References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/06/19 12:0 a.m.25 views

Float menu < 5.0.3 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC 1. Add a new item in the plugin settings 2...

4.8CVSS5.3AI score0.00543EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2023/06/07 12:0 a.m.25 views

Directorist < 7.5.5 - Subscriber+ Insecure Direct Object Reference to Arbitrary Post Deletion

The plugin does not properly validate that users are authorized to delete a given listing, or that it is a listing at all, making it possible for less-privileged users like subscribers to delete posts...

6.5CVSS6.8AI score0.00609EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/06/03 12:0 a.m.25 views

B2BKing < 4.6.20 - Subscriber+ Arbitrary Products Price Update

The plugin does not have authorisation in some AJAX actions, allowing any authenticated users, such as subscriber to update the price of any WooCommerce products...

6.5CVSS6.7AI score0.0074EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/04/18 12:0 a.m.25 views

TaxoPress < 3.6.5 - Editor+ Stored XSS

The plugin does not sanitise and escape some parameters, which could allow high privilege users such as Editor to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5.5CVSS5.1AI score0.00521EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/04/06 12:0 a.m.25 views

Easy Sign Up <= 3.4.1 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

6.5CVSS5.8AI score0.00361EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/03/29 12:0 a.m.25 views

Easy Forms for MailChimp < 6.8.8 - Reflected XSS

The plugin does not sanitise and escape some parameters before outputting them back in the response, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin PoC Make a logged in admin open a page with the following code this requires the attacker...

6.1CVSS6.2AI score0.00559EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2023/03/20 12:0 a.m.25 views

Groundhogg Contacts < 2.7.9.4 - Admin+ SQLi

The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admins PoC 1. Login as a WordPress administrator or any of the custom roles from GroundHogg 2. Navigate to the URL:...

7.2CVSS7.8AI score0.0085EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2023/03/17 12:0 a.m.25 views

WP-Advanced-Search <= 3.3.8 - Settings Update via CSRF

The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

8.8CVSS6.7AI score0.0026EPSS
Exploits1Affected Software1
WPVulnDB
WPVulnDB
added 2023/03/06 12:0 a.m.25 views

WP Statistics < 14.0 - Authenticated SQLi

The plugin does not escape a parameter, which could allow authenticated users to perform SQL Injection attacks. By default, the affected feature is available to users with the manageoptions capability admin+, however the plugin has a settings to allow low privilege users to access it as well. PoC...

8.8CVSS8.9AI score0.00898EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2023/03/03 12:0 a.m.25 views

CPO Content Types <= 1.1.0 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5.9CVSS4.8AI score0.00369EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/03/02 12:0 a.m.25 views

Metform Elementor Contact Form Builder < 3.2.2 - reCaptcha Bypass

The plugin does not properly check for the submitted from captcha value server side, which could lead to bypass...

5.3CVSS6.2AI score0.00686EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/02/28 12:0 a.m.25 views

HT Slider For Elementor < 1.4.0 - Arbitrary Plugin Activation via CSRF

The plugin does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack PoC activate woocommerce plugin exploit: fetch'http://localhost/wp-admin/admin-ajax.php', method: 'POST', headers: new...

4.3CVSS3.1AI score0.00262EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2023/02/28 12:0 a.m.25 views

WP Plugin Manager < 1.1.8 - Arbitrary Plugin Activation via CSRF

The plugin does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack PoC fetch'https://example.com/wp-admin/admin-ajax.php', method: 'POST', headers: new Headers 'Content-Type':...

4.3CVSS5.4AI score0.00252EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2023/02/06 12:0 a.m.25 views

Conversios.io < 5.2.4 - Settings Update via CSRF

The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

5.4CVSS5.1AI score0.00233EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/01/27 12:0 a.m.25 views

Booking calendar, Appointment Booking System < 3.2.4 - Form Creation/Update/Deletion/Duplication via CSRF

The plugin does not have CSRF checks on some of its form actions such as creation/update/deletion and duplication, which could allow attackers to make logged in admin perform such actions via CSRF attacks...

5.4CVSS5.6AI score0.00231EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/01/24 12:0 a.m.25 views

Timed Content < 2.73 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. PoC timed-content-client hide="10:00:'...

5.4CVSS5AI score0.00471EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2023/01/23 12:0 a.m.25 views

Spotlight Social Feeds < 1.4.3 - Contributor+ Stored XSS

The plugin does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks PoC Exploit Additional CSS classes for "Spotlight...

5.4CVSS5AI score0.00526EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2023/01/20 12:0 a.m.25 views

WP Google Maps < 9.0.16 - Admin+ Path Traversal

The plugin does not validate the XML Directory path settings, which could allow high privilege users such as admin to perform Path Traversal attacks...

6.5CVSS6.3AI score0.00754EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/01/17 12:0 a.m.25 views

Meks Flexible Shortcodes < 1.3.5 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. PoC Exploit:...

5.4CVSS5AI score0.0054EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2023/01/10 12:0 a.m.25 views

Royal Elementor Addons < 1.3.60 - Subscriber+ Mega Menu Settings Update

The plugin does not have authorisation and CSRF checks when updating the mega menu settings, which could allow any authenticated user, such as subscriber to perform such action...

4.3CVSS3AI score0.00688EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/01/10 12:0 a.m.25 views

Royal Elementor Addons < 1.3.60 - Menu Template Creation via CSRF

The plugin does not have CSRF check when creating menu templates, which could allow attackers to make a logged in admin perform such action via a CSRF attack...

6.5CVSS4.7AI score0.00348EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
added 2022/12/27 12:0 a.m.25 views

Login as User or Customer < 3.3 - Unauthenticated Privilege Escalation to Admin

The plugin lacks authorization checks to ensure that users are allowed to log in as another one, which could allow unauthenticated attackers to obtain a valid admin session. PoC Run the below command in the developer console of the web browser while being on the blog as an unauthenticated user,...

9.8CVSS4.1AI score0.38625EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/12/23 12:0 a.m.25 views

MashShare < 3.8.7 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. PoC Exploit:...

5.4CVSS1.6AI score0.00534EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/12/23 12:0 a.m.25 views

Easy Accordion < 2.2.0 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. PoC Exploit...

5.4CVSS2.1AI score0.00534EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/12/21 12:0 a.m.25 views

WCK < 2.3.3 - Admin+ Stored XSS

The plugin does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example, in multisite setup. PoC 1. Create/edit a Post Type via the plugin...

4.8CVSS1.9AI score0.0047EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/12/07 12:0 a.m.25 views

WP Social Sharing <= 2.2 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. PoC 1. Go to Settings » WP Social Sharing page of...

4.8CVSS0.8AI score0.006EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/12/06 12:0 a.m.25 views

Build App Online < 1.0.19 - Unauthenticated SQL Injection

The plugin does not properly sanitise and escape some parameters before using them in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection PoC Additional plugins required: https://wordpress.org/plugins/wc-multivendor-marketplace/...

0.6AI score0.01037EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/12/05 12:0 a.m.25 views

Contest Gallery < 19.1.5 - Admin+ SQL Injection

The plugins do not escape the optionid GET parameter before concatenating it to an SQL query in export-images-data.php. This may allow malicious users with at least author privilege to leak sensitive information from the site's database. PoC POST...

6.5CVSS0.2AI score0.00854EPSS
Exploits2References1Affected Software2
WPVulnDB
WPVulnDB
added 2022/12/05 12:0 a.m.25 views

Contest Gallery < 19.1.5 - Author+ SQL Injection

The plugins do not escape the cgorder POST parameter before concatenating it to an SQL query in order-custom-fields-with-and-without-search.php. This may allow malicious users with at least author privilege to leak sensitive information from the site's database. PoC POST /wp-admin/admin-ajax.php...

6.5CVSS0.6AI score0.00854EPSS
Exploits2References1Affected Software2
WPVulnDB
WPVulnDB
added 2022/12/05 12:0 a.m.25 views

Contest Gallery < 19.1.5 - Author+ SQL Injection

The plugins do not escape the cgcopyid POST parameter before concatenating it to an SQL query in cg-copy-comments.php and cg-copy-rating.php. This may allow malicious users with at least author privilege to leak sensitive information from the site's database. PoC POST...

6.5CVSS6.5AI score0.00911EPSS
Exploits2References1Affected Software2
WPVulnDB
WPVulnDB
added 2022/12/02 12:0 a.m.25 views

Chained Quiz < 1.3.2.5 - Submitted Quiz Response Deletion via CSRF

The plugin does not have CSRF checks when deleting submitted quiz response, which could allow attackers to make logged in admins perform such action via a CSRF attack...

5.4CVSS4.7AI score0.00397EPSS
Exploits1Affected Software1
WPVulnDB
WPVulnDB
added 2022/12/02 12:0 a.m.25 views

Simple Basic Contact Form < 20221201 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. PoC 1. Go to "Settings » Contact Form » Plugin...

4.8CVSS0.4AI score0.00532EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/12/02 12:0 a.m.25 views

Advanced Booking Calendar <= 1.7.1 - Unauthenticated SQLi

The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by unauthenticated users...

10CVSS2.5AI score0.00748EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2022/11/28 12:0 a.m.25 views

SEO Plugin by Squirrly SEO < 12.1.11 - Contributor+ Arbitrary File Upload

The plugin does not validate files to be uploaded, which could allow users with a role as low as contributor to upload arbitrary files such as PHP...

8.8CVSS3.9AI score0.0072EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2022/10/27 12:0 a.m.25 views

Zoho CRM Lead Magnet < 1.7.6.2 - Subscriber+ Arbitrary Options Update

The plugin does not have authorisation and CSRF in some AJAX actions, and does not ensure that the option to be updated belong to the plugin. As a result, any authenticated users, such as subscriber could update arbitrary blog options such as defaultrole and userscanregister. PoC v response.text...

8.8CVSS0.9AI score0.02971EPSS
Exploits1Affected Software1
Total number of security vulnerabilities5000