Lucene search
K
WpvulndbMost viewed

14603 matches found

WPVulnDB
WPVulnDB
added 2022/12/02 12:0 a.m.25 views

Advanced Booking Calendar <= 1.7.1 - Unauthenticated SQLi

The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by unauthenticated users...

10CVSS2.5AI score0.00748EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2022/11/28 12:0 a.m.25 views

SEO Plugin by Squirrly SEO < 12.1.11 - Contributor+ Arbitrary File Upload

The plugin does not validate files to be uploaded, which could allow users with a role as low as contributor to upload arbitrary files such as PHP...

8.8CVSS3.9AI score0.0072EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2022/10/27 12:0 a.m.25 views

Zoho CRM Lead Magnet < 1.7.6.2 - Subscriber+ Arbitrary Options Update

The plugin does not have authorisation and CSRF in some AJAX actions, and does not ensure that the option to be updated belong to the plugin. As a result, any authenticated users, such as subscriber could update arbitrary blog options such as defaultrole and userscanregister. PoC v response.text...

8.8CVSS0.9AI score0.02971EPSS
Exploits1Affected Software1
WPVulnDB
WPVulnDB
added 2022/10/25 12:0 a.m.25 views

Image Hover Effects Ultimate < 9.7.2 - Authenticated Arbitrary Options Change

The plugin does not ensure that the options to be updated belong to the plugin, which could allow high privilege users to update arbitrary options even when they should not be allowed to...

7.2CVSS3.5AI score0.00798EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2022/10/24 12:0 a.m.25 views

SearchWP < 4.2.6 - Subscriber+ Settings Update

The plugin does not have authorisation check when updating its settings, which could allow any authenticated users, such as subscriber to update them...

5.4CVSS3.7AI score0.00443EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2022/10/03 12:0 a.m.25 views

Form Maker by 10Web < 1.15.6 - Admin+ SQLI

The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin PoC Create/edit a form, go to the Settings MySQL Mapping i.e /admin.php?page=managefm=editid=1=4id=mapping. Copy the link t...

7.2CVSS7.1AI score0.01015EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/09/29 12:0 a.m.25 views

Contact Bank <= 3.0.30 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its Form settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC Create/edit a form and put the following...

4.8CVSS0.7AI score0.00489EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/09/12 12:0 a.m.25 views

Add Shortcodes Actions And Filters <= 2.0.9 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS2.2AI score0.00554EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2022/09/02 12:0 a.m.25 views

Pop-up < 1.1.6 - Arbitrary Settings Update via CSRF

The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

8.8CVSS5.2AI score0.00802EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2022/09/01 12:0 a.m.25 views

MP3 jPlayer <= 2.7.3 - Multiple CSRF

The plugin does not have CSRF check in some places, which could allow attackers to make logged in users perform unwanted actions...

8.8CVSS4.7AI score0.00377EPSS
Exploits1Affected Software1
WPVulnDB
WPVulnDB
added 2022/08/31 12:0 a.m.25 views

Generate PDF using Contact Form 7 < 3.6 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. PoC 1 - Install and activate "Generate PDF using Contact Form 7 Version 3.5" 2 - Click on "Contact - Add...

4.8CVSS0.6AI score0.00544EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/08/30 12:0 a.m.25 views

Beaver Builder < 2.5.5.3 - Authenticated Stored XSS via Caption

The plugin does not sanitise and escape the caption parameter added to images via the media uploader, which could allow users with access to the plugin's editor to perform Cross-Site Scripting attacks...

6.4CVSS3.8AI score0.00469EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2022/08/15 12:0 a.m.25 views

Visual Portfolio < 2.18.0 - Unauthenticated CSS Injection

The plugin does not have proper authorisation checks in some of its REST endpoints, allowing unauthenticated users to call them and inject arbitrary CSS in arbitrary saved layouts PoC The postid is the ID of a saved layout...

6.1CVSS3.7AI score0.00496EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/08/12 12:0 a.m.25 views

Rank Math SEO < 1.0.95.1 - Unauthenticated SSRF

The plugin does not properly restrict access to some .htaccess blocked REST endpoints when the headless settings is enabled, which could allow unauthenticated attackers to perform SSRF attacks...

9.8CVSS4.3AI score0.00792EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2022/08/10 12:0 a.m.25 views

Gallery PhotoBlocks <= 1.2.6 - Cross-Site Request Forgery

The plugin does not have CSRF check in some places, which could allow attackers to make logged in users perform unwanted actions...

8.8CVSS5AI score0.00306EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2022/07/25 12:0 a.m.25 views

Transposh WordPress Translation <= 1.0.8 - Unauthenticated Settings Change

The plugin does not have any authorisation in its tptranslation AJAX action, allowing unauthenticated users to call it...

5.3CVSS4.1AI score0.03644EPSS
Exploits6Affected Software1
WPVulnDB
WPVulnDB
added 2022/07/18 12:0 a.m.25 views

Crowdsignal Polls & Ratings < 3.0.8 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting PoC...

6.1CVSS1.5AI score0.0051EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/07/18 12:0 a.m.25 views

Easy Username Updater < 1.0.5 - Arbitrary Username Update via CSRF

The plugin does not implement CSRF checks, which could allow attackers to make a logged in admin change any user's username includes the admin PoC...

6.5CVSS4.8AI score0.00319EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/07/12 12:0 a.m.25 views

Discy < 5.0 - Subscriber+ Broken Access Control to change settings

The theme lacks authorization checks then processing ajax requests to the discyupdateoptions action, allowing any logged in users with privileges as low as Subscriber, to change the theme options by sending a crafted POST request. PoC POST /wp-admin/admin-ajax.php HTTP/1.1 Content-Type:...

6.5CVSS4.7AI score0.00623EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/06/22 12:0 a.m.25 views

Data Tables Generator by Supsystic < 1.10.20 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its Table settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfilteredhtml capability is disallowed for example in multisite setup PoC Create/edit a table, go to its settings,...

4.8CVSS0.8AI score0.00493EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/06/21 12:0 a.m.25 views

LinkedIn Company Updates <= 1.5.3 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. PoC Put the following payload in the "Client ID" settings: "/...

4.8CVSS2.5AI score0.00493EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/06/16 12:0 a.m.25 views

MashShare <= 3.8.1 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS1.9AI score0.00438EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2022/06/14 12:0 a.m.25 views

Custom Popup Builder <= 1.3.1 - Contributor+ Stored Cross-Site Scripting

The plugin does have proper authorisation in place, and does not sanitise as well as escape some parameters, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks...

5.4CVSS3AI score0.0046EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2022/05/18 12:0 a.m.25 views

Webriti SMTP Mail <= 1.0 - Arbitrary Settings Update via CSRF

The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack PoC...

6.5CVSS4.4AI score0.00513EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/05/16 12:0 a.m.25 views

LiveSync for WordPress <= 1.0 - Arbitrary Settings Update via CSRF

The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack PoC...

4.3CVSS5AI score0.00412EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/05/16 12:0 a.m.25 views

Discy < 5.2 - Restore Default Settings via CSRF

The theme does not check for CSRF tokens in the AJAX action discyresetoptions, allowing an attacker to trick an admin into resetting the site settings back to defaults. PoC...

6.5CVSS3.9AI score0.00513EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/05/10 12:0 a.m.25 views

WP Statistics < 13.2.2 - Reflected Cross-Site Scripting

The plugin does not sanitise the REQUESTURI parameter before outputting it back in the rendered page, leading to Cross-Site Scripting XSS in web browsers which do not encode characters PoC GET /wp-admin/admin.php?page=wpssettingspage= HTTP/1.1 Accept:...

6.1CVSS2.4AI score0.00857EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/05/09 12:0 a.m.25 views

Change wp-admin Login < 1.1.0 - Unauthenticated Arbitrary Settings Update

The plugin does not properly check for authorisation and is also missing CSRF check when updating its settings, which could allow unauthenticated users to change the settings. The attacked could also be performed via a CSRF vector PoC curl --url...

7.5CVSS3.9AI score0.00578EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/05/09 12:0 a.m.25 views

IMDB info box <= 2.0 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitize and escape some of its settings, which could allow high-privileged users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed PoC As administrator, put the following payload in any of the plugin's settings and save: "...

4.8CVSS2.5AI score0.00565EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/05/06 12:0 a.m.25 views

WP 2FA < 2.2.1 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape a parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting PoC https://example.com/wp-admin/admin.php?page=wp-2fa-settingserror=...

6.1CVSS6.2AI score0.00815EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/04/18 12:0 a.m.25 views

Slide Anything < 2.3.44 - Editor+ Stored Cross-Site Scripting

The plugin does not sanitize and escape sliders' description, which could allow high privilege users such as editor and above to perform Cross-Site Scripting attacks even when the unfilteredhtml is disallowed PoC Create/edit a Slider with the plugin and put the following payload in a Slide...

4.8CVSS2.5AI score0.00577EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/04/11 12:0 a.m.25 views

Adrotate < 5.8.23 - Admin+ XSS via Advert Name

The plugin does not sanitise and escape Advert Names which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed PoC Create/edit an Advert and put the following payload in the Name field: " The XSS will be triggered when...

4.8CVSS3.7AI score0.00577EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/04/11 12:0 a.m.25 views

Adrotate < 5.8.23 - Admin+ XSS via Group Name

The plugin does not escape Group Names, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed PoC Create/edit a group and put the following payload in the Name field: " style=animation-name:rotation...

4.8CVSS3.8AI score0.00577EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/04/08 12:0 a.m.25 views

Floating Chat Widget < 2.8.4 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed...

4.8CVSS2.6AI score0.00576EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2022/03/28 12:0 a.m.25 views

Caldera Forms < 1.9.7 - Reflected Cross-Site Scripting

The plugin does not validate and escape the cf-api parameter before outputting it back in the response, leading to a Reflected Cross-Site Scripting PoC The issue is only exploitable when there are no forms created yet...

6.1CVSS0.3AI score0.01195EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/03/25 12:0 a.m.25 views

Safe SVG < 1.9.10 - SVG Sanitisation Bypass

The sanitisation step of the plugin can be bypassed by spoofing the content-type in the POST request to upload a file. Exploiting this vulnerability, an attacker will be able to perform the kinds of attacks that this plugin should prevent mainly XSS, but depending on further use of uploaded SVG...

6.1CVSS1.5AI score0.01183EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2022/03/16 12:0 a.m.25 views

WP Block and Stop Bad Bots < 6.930 - Unauthenticated SQLi

The plugin does not properly sanitise and escape the fingerprint parameter before using it in a SQL statement via the stopbadbotsgravafingerprint AJAX action, available to unauthenticated users, leading to a SQL injection PoC curl -i 'https://example.com/wp-admin/admin-ajax.php' --data...

9.8CVSS3.2AI score0.07867EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/03/10 12:0 a.m.25 views

UpdraftPlus < 1.22.9 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape the updraftinterval parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting XSS vulnerability. PoC https://example.com//wp-admin/options-general.php?page=updraftplusinterval"confirm1...

6.1CVSS6AI score0.07355EPSS
Exploits4Affected Software1
WPVulnDB
WPVulnDB
added 2022/03/02 12:0 a.m.25 views

Coupon Affiliates < 4.16.4.5 - Unauthenticated Stored XSS

The plugin does not have authorization and CSRF checks on a specific action handler, as well as does not sanitize its settings, which enables an unauthenticated attacker to inject malicious XSS payloads into the settings page of the plugin. PoC curl https://example.com/wp-admin/admin-ajax.php...

6.1CVSS1.3AI score0.00852EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/03/01 12:0 a.m.25 views

Amelia < 1.0.47 - Customer+ Arbitrary Appointments Update and Sensitive Data Disclosure

The plugin does not have proper authorisation when managing appointments, allowing any customer to update other's booking, as well as retrieve sensitive information about the bookings, such as the full name and phone number of the person who booked it. PoC 1. Create a booking with user01 2...

5.5CVSS0.4AI score0.00609EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/03/01 12:0 a.m.25 views

Narnoo Distributor <= 2.5.1 - Unauthenticated LFI to Arbitrary File Read / RCE

The plugin fails to validate and sanitize the libpath parameter before it is passed into a call to require via the narnoodistributorlibrequest AJAX action available to both unauthenticated and authenticated users which results in the disclosure of arbitrary files as the content of the file is the...

9.8CVSS0.3AI score0.4783EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/02/25 12:0 a.m.25 views

Contact Form X < 2.4.1 - Reflected Cross-Site Scripting

The plugin does not escape the tab parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting issue PoC https://example.com/wp-admin/options-general.php?page=contactformx="+style=animation-name:rotation+onanimationstart=alert/XSS///...

6.1CVSS0.2AI score0.01002EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
added 2022/02/17 12:0 a.m.25 views

Kunze Law < 2.1 - Admin+ Stored Cross-Site Scripting

The plugin does not escape its 'E-Mail Error "From" Address' settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed PoC Put the following payload in the 'E-Mail Error "From" Address' settings of the plugi...

4.8CVSS2.2AI score0.00612EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/02/08 12:0 a.m.25 views

Fancy Product Designer < 4.7.5 - Admin+ SQL Injection

The plugin is vulnerable to SQL Injection due to insufficient escaping and validation of the ID parameter found in the /inc/api/class-view.php file which allows attackers with administrative level permissions to inject arbitrary SQL queries to obtain sensitive information...

7.2CVSS4.8AI score0.0144EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
added 2022/02/08 12:0 a.m.25 views

PHP Everywhere < 3.0.0 - Subscriber+ RCE via Shortcode

The plugin allows any authenticated users, such as subscriber to execute PHP via the phpeverywhere shortcode...

9.9CVSS5.6AI score0.02047EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2022/02/02 12:0 a.m.25 views

Wordpress Download Manager < 3.2.25 - Sensitive Information Disclosure

The plugin does not have any authorisation checks in some of the REST API endpoints, allowing unauthenticated attackers to call them, which could lead to sensitive information disclosure, such as posts passwords fixed in 3.2.24 and files Master Keys fixed in 3.2.25. PoC Expose plaintext passwords...

7.5CVSS2.2AI score0.01493EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/02/01 12:0 a.m.25 views

Page Views Count < 2.4.15 - Unauthenticated SQL Injection

The plugin does not sanitise and escape the postids parameter before using it in a SQL statement via a REST endpoint, available to both unauthenticated and authenticated users. As a result, unauthenticated attackers could perform SQL injection attacks PoC...

9.8CVSS2.8AI score0.14783EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/01/27 12:0 a.m.25 views

WHMCS Bridge < 6.4b - Reflected Cross-Site Scripting (XSS)

The plugin does not sanitise and escape the error parameter before outputting it back in admin dashboard, leading to a Reflected Cross-Site Scripting PoC http://example.com/wp-admin/options-general.php?page=cc-ce-bridge-cp=%3Cimg%20src%20onerror=alert1%3E...

6.1CVSS6.2AI score0.02187EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2021/12/21 12:0 a.m.25 views

Backup and Staging by WP Time Capsule < 1.22.7 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape the error parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting PoC Once the "Server Requirements" are passed in the initial setup process you can bypass the check for localhosts by editing the islocalhost functio...

6.1CVSS6.2AI score0.00887EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2021/12/17 12:0 a.m.25 views

tarteaucitron.js - Cookies legislation & GDPR < 1.6.1 - Admin + Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

4.8CVSS3AI score0.00565EPSS
Exploits0Affected Software1
Total number of security vulnerabilities5000