Lucene search
K
WpvulndbMost viewed

14603 matches found

WPVulnDB
WPVulnDB
added 2021/12/01 12:0 a.m.25 views

Booster for WooCommerce < 5.4.9 - Reflected Cross-Site Scripting in Product XML Feeds Module

The plugin does not sanitise and escape the wcjcreateproductsxmlresult parameter before outputting back in the admin dashboard when the Product XML Feeds module is enabled, leading to a Reflected Cross-Site Scripting issue PoC The "Product XML Feeds" module needs to be enabled in "Woocommerce -...

6.1CVSS0.2AI score0.00757EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2021/11/01 12:0 a.m.25 views

Stylish Cost Calculator < 7.04 - Subscriber+ Unauthorised AJAX Calls to Stored XSS

The plugin does not have any authorisation and CSRF checks on some of its AJAX actions available to authenticated users, which could allow any authenticated users, such as subscriber to call them, and perform Stored Cross-Site Scripting attacks against logged in admin, as well as frontend users d...

5.4CVSS4.7AI score0.00307EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2021/10/26 12:0 a.m.25 views

HashThemes Demo Importer < 1.1.2 - Improper Access Control to Blog Reset

The plugin does not have capability checks in some of its AJAX action, relying on CSRF nonces for this, which are displayed for any authenticated users. As a result, a user with a role as low as subscriber could use the hdiinstalldemo AJAX action to reset the entire blog including the tables in t...

8.1CVSS7.6AI score0.01016EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
added 2021/10/25 12:0 a.m.25 views

eCommerce Product Catalog for WordPress < 3.0.39 - Reflected Cross-Site Scripting

The plugin does not escape the ic-settings-search parameter before outputting it back in the page in an attribute, leading to a Reflected Cross-Site Scripting issue PoC...

6.1CVSS0.3AI score0.01555EPSS
Exploits1Affected Software1
WPVulnDB
WPVulnDB
added 2021/10/06 12:0 a.m.25 views

Visitor Traffic Real Time Statistics < 3.9 - Subscriber+ SQL Injection

The plugin does not validate and escape user input passed to the todaytrafficindex AJAX action available to any authenticated users before using it in a SQL statement, leading to an SQL injection issue PoC POST /wp-admin/admin-ajax.php HTTP/1.1 Accept: application/json, text/javascript, /; q=0.01...

8.8CVSS1AI score0.01318EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2021/10/05 12:0 a.m.25 views

WP Survey Plus <= 1.0 - Subscriber+ AJAX Calls

The plugin does not have any authorisation and CSRF checks in place in its AJAX actions, allowing any user to call them and add/edit/delete Surveys. Furthermore, due to the lack of sanitization in the Surveys' Title, this could also lead to Stored Cross-Site Scripting issues PoC To create a surve...

4.3CVSS1.8AI score0.00435EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2021/10/04 12:0 a.m.25 views

Events Made Easy < 2.2.24 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape Custom Field Names, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed PoC Add/Edit a Custom Field /wp-admin/admin.php?page=eme-formfields and put the following payload in the Field...

4.8CVSS1.6AI score0.00681EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2021/09/20 12:0 a.m.25 views

Easy Twitter Feed < 1.2 - Contributor+ Stored Cross-Site Scripting

The plugin does not sanitise or validate the parameters from its shortcode, allowing users with a role as low as contributor to set Cross-Site Scripting payload in them which will be triggered in the page/s with the embed malicious shortcode PoC Log in as contributor and add the following shortco...

5.4CVSS2.4AI score0.00629EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2021/08/31 12:0 a.m.25 views

qTranslate X <= 3.4.6.8 - Multiple Admin+ Stored Cross-Site Scripting

The plugin does not escape some of its settings before outputting them in attributes, allowing high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. PoC Affected POST Parameters: - Settings Languages Languages:...

6AI score
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2021/08/19 12:0 a.m.25 views

WP Cerber Security < 8.9.3 - Rest-API Protection Bypass

The /wp-json REST API endpoint is by default blocked by WP Cerber from accessing its information. However, by appending a ?, the access control list protections are bypassed and data can then be retrieved from it...

5.3CVSS3AI score0.0235EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
added 2021/08/13 12:0 a.m.25 views

TypoFR <= 0.11 - Reflected Cross-Site Scripting

The plugin is vulnerable to Reflected Cross-Site Scripting via the text function found in the /vendor/OrgHeigl/Hyphenator/index.php file which allows attackers to inject arbitrary web scripts...

4.3CVSS4.9AI score0.00844EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
added 2021/08/10 12:0 a.m.25 views

AddToAny Share Buttons < 1.7.48 - Admin+ Stored Cross-Site Scripting

The plugin does not escape its Image URL button setting, which could lead allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. PoC Add the following payload in the Universal Button Image URL settings: " onerror=alert/XSS/ " The...

4.8CVSS1.4AI score0.00654EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2021/08/02 12:0 a.m.25 views

SMS Alert Order Notifications – WooCommerce < 3.4.7 Authenticated Cross Site Scripting

The plugin is affected by a cross site scripting XSS vulnerability in the plugin's setting page. PoC Enter the payload below for the "SMS Alert Username" in the plugin's settings. "+onfocus="alert1"+autofocus=" You will observe that the JavaScript payload successfully got reflected is and we are...

6.1CVSS1.6AI score0.00827EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2021/07/26 12:0 a.m.25 views

Slider Hero < 8.2.7 - Contributor+ SQL Injection

The plugin does not sanitise or escape the id attribute of its hero-button shortcode before using it in a SQL statement, allowing users with a role as low as Contributor to perform SQL injection. PoC As a contributor, add the following shortcode in a post and preview it to execute the SQLi...

6.5CVSS1.7AI score0.01362EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2021/07/19 12:0 a.m.25 views

Custom Login Redirect <= 1.0.0 - CSRF to Stored XSS

The plugin does not have CSRF check in place when saving its settings, and do not sanitise or escape user input before outputting them back in the page, leading to a Stored Cross-Site Scripting issue PoC...

4.3CVSS0.9AI score0.00412EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2021/07/03 12:0 a.m.25 views

Forms < 1.12.3 - Authenticated Stored Cross-Site Scripting (XSS)

The plugin did not sanitise its input fields, leading to Stored Cross-Site scripting issues. The plugin was vulnerable to an Authenticated Stored Cross-Site Scripting XSS vulnerability within the Forms "Add new" field. PoC Step 1: Install and activate the plugin. Step 2: Go to the Forms-- Add New...

3.5CVSS0.9AI score0.0062EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2021/07/02 12:0 a.m.25 views

Workreap < 2.2.2 - Unauthenticated Upload Leading to Remote Code Execution

The theme's AJAX actions workreapawardtempfileuploader and workreaptempfileuploader did not perform nonce checks, or validate that the request is from a valid user in any other way. The endpoints allowed for uploading arbitrary files to the uploads/workreap-temp directory. Uploaded files were...

7.5CVSS0.3AI score0.60113EPSS
Exploits9References1Affected Software1
WPVulnDB
WPVulnDB
added 2021/06/30 12:0 a.m.25 views

Newspaper < 11 - Reflected Cross-Site Scripting (XSS)

Description The theme does not sanitise the tdatts.modulescategory parameter in its tdajaxsearch AJAX action, leading to a Reflected Cross-Site Scripting XSS vulnerability. PoC POST /wp-admin/admin-ajax.php HTTP/1.1 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate...

6.1CVSS6AI score0.00828EPSS
Exploits1
WPVulnDB
WPVulnDB
added 2021/06/30 12:0 a.m.25 views

WooCommerce Custom Registration Form <= 1.0.4 - Arbitrary Field Deletion and Form Modification via CSRF

The plugin does not properly check for CSRF in its delfield and savealldata AJAX actions, allowing attacker to make logged in user call them via a CSRF attack PoC To delete a field from the Registration Form: To change the whole Registration Form:...

4.9AI score
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2021/06/28 12:0 a.m.25 views

Side Menu Lite < 2.2.1 - Authenticated SQL Injection

The plugin does not properly sanitize input values from the browser when building an SQL statement. Users with the administrator role or permission to manage this plugin could perform an SQL Injection attack. PoC http://www.example.com/wp-admin/admin.php?page=side-menu-lite=add-new=duplicate=0...

6.5CVSS0.8AI score0.01587EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2021/06/08 12:0 a.m.25 views

JoomSport < 5.1.8 - Unauthenticated PHP Object Injection

The joomsportmdload AJAX action of the plugin, registered for both unauthenticated and unauthenticated users, unserialised user input from the shattr POST parameter, leading to a PHP Object Injection issue. Even though the plugin does not have a suitable gadget chain to exploit this, other...

9.8CVSS1.7AI score0.02068EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2021/04/26 12:0 a.m.25 views

Happy Addons for Elementor Free < 2.24.0 and Pro < 1.17.0 - Contributor+ Stored XSS

The plugins have a number of widgets that are vulnerable to stored Cross-Site ScriptingXSS by lower-privileged users such as contributors, all via a similar method: The “Card” widget accepts a “titletag” parameter. Although the element control lists a fixed set of possible html tags, it is possib...

5.4CVSS0.00636EPSS
Exploits1References1Affected Software2
WPVulnDB
WPVulnDB
added 2021/04/20 12:0 a.m.25 views

Redirection for Contact Form 7 < 2.3.4 - Unprotected AJAX Actions

In the plugin, any authenticated user, such as a subscriber, could use the various AJAX actions in the plugin to do a variety of things. For example, an attacker could use wpcf7rresetsettings to reset the plugin’s settings, wpcf7raddaction to add actions to a form, and more...

6.5CVSS2.6AI score0.00728EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
added 2021/04/16 12:0 a.m.25 views

All 404 Redirect to Homepage < 1.21 - Authenticated Reflected Cross-Site Scripting (XSS)

The tab parameter of the settings page of the plugin was vulnerable to an authenticated reflected Cross-Site Scripting XSS issue as user input was not properly sanitised before being output in an attribute. PoC...

5.2AI score0.0062EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2021/04/14 12:0 a.m.25 views

Fitness Calculators < 1.9.6 - Cross-Site Request Forgery to Cross-Site Scripting (XSS)

The plugin add calculators for Water intake, BMI calculator, protein Intake, and Body Fat and was lacking CSRF check, allowing attackers to make logged in users perform unwanted actions, such as change the calculator headers. Due to the lack of sanitisation, this could also lead to a Stored...

4.3CVSS1.7AI score0.01815EPSS
Exploits5Affected Software1
WPVulnDB
WPVulnDB
added 2021/04/13 12:0 a.m.25 views

WP-DownloadManager < 1.68.5 - Server-Side Request Forgery (SSRF)

The plugin before version 1.68.5 is vulnerable to server-side request forgery SSRF attacks. This could allow an attacker identify open ports, network hosts and access web resources on a non-public facing network...

5CVSS4.9AI score0.00933EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2021/04/08 12:0 a.m.25 views

Imagements <= 1.2.5 - Unauthenticated Arbitrary File Upload to RCE

The Imagements WordPress plugin, versions = 1.2.5, allowed images to be uploaded in comments, however, only checked for the Content-Type HTTP header for validation, which can be tampered with. This allows unauthenticated attackers to upload arbitrary files by using a valid image Content-Type head...

7.5CVSS3.9AI score0.0714EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2021/03/24 12:0 a.m.25 views

All Thrive Themes and Plugins - Unauthenticated Option Update

The plugins and themes register a REST API endpoint associated with Zapier functionality. While this endpoint was intended to require an API key in order to access, it was possible to access it by supplying an empty apikey parameter in vulnerable versions if Zapier was not enabled. Attackers coul...

5CVSS0.8AI score0.02076EPSS
Exploits2References1Affected Software22
WPVulnDB
WPVulnDB
added 2021/02/08 12:0 a.m.25 views

Data Tables Generator by Supsystic < 1.10.1 - Authenticated Stored Cross-Site Scripting (XSS)

The "Editor" tab under the "Tables" section is vulnerable to stored XSS. It is possible to store XSS in all input fields as the code does not sanitise any of the user input. PoC Open a Table, go to the editor and enter a payload below in a cell, then save the Table = 1.9.99 - = 1.10.0 -...

1.2AI score
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2021/02/08 12:0 a.m.25 views

Pricing Table by Supsystic < 1.8.9 - Authenticated SQL Injections

The GET parameter sidx and sord are used in a SQL statement without being sanitised when searching for pricing tables in the dashboard, leading to an authenticated SQL Injection issues. PoC...

8.1AI score
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2021/01/29 12:0 a.m.25 views

Modern Events Calendar Lite < 5.16.5 - Unauthenticated Events Export

The plugin did not properly restrict access to the export files, allowing unauthenticated users to exports all events data in CSV or XML format for example. PoC https://drive.google.com/file/d/1lLEXDyPp4LcKoCOqYS7A-0YgpIQD-ND/view?usp=sharing...

1.8AI score0.31043EPSS
Exploits5Affected Software1
WPVulnDB
WPVulnDB
added 2021/01/18 12:0 a.m.25 views

WP Shieldon 1.6.3 - Unauthenticated Cross-Site Scripting (XSS)

The WP Shieldon WordPress plugin, versions 1.6.3 and below, were vulnerable to Unauthenticated Reflected Cross-Site Scripting XSS when the CAPTCHA page is shown. This was due to $SERVER'REQUESTURI' being echoed to a page without any encoding. PoC http://www.example.com/?...

0.8AI score0.01148EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2020/12/28 12:0 a.m.25 views

WooCommerce < 4.7.0 - Arbitrary Order Status Disclosure via IDOR

"The WooCommerce plugin before 4.7.0 for WordPress allows remote attackers to view the status of arbitrary orders via the orderid parameter in a fetchorderstatus action." PoC https://example.com/wp-admin/admin-ajax.php?action=fetchorderstatusid=XX...

5CVSS5AI score0.04026EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2020/09/22 12:0 a.m.25 views

Ninja Forms < 3.4.27.1 - Validation Bypass via Email Field

The plugin did not correctly validate the email address field...

5CVSS3.2AI score0.01183EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2020/09/20 12:0 a.m.25 views

Ninja Forms < 3.4.28 - Stored Cross-Site Scripting

The plugin did not escape HTML content of fields in the submissions table, which could lead to Cross-Site Scripting issues...

5CVSS0.5AI score0.01117EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2020/08/10 12:0 a.m.25 views

File Manager < 6.5 - Backup File Directory Listing

The File Manager WordPress plugin could expose backup files if the web server had Directory Listing enabled. The File Manager WordPress plugin, version 6.4 and lower, failed to restrict external access to the fmbackups directory with a .htaccess file. This resulted in the ability for...

5CVSS2.3AI score0.15906EPSS
Exploits2References2Affected Software1
WPVulnDB
WPVulnDB
added 2020/06/22 12:0 a.m.25 views

YITH WooCommerce Ajax Product Filter < 3.11.1 - Authenticated Reflected Cross-Site Scripting (XSS)

The YITH WooCommerce Ajax Product Filter WordPress plugin was affected by an Authenticated Reflected Cross-Site Scripting XSS vulnerability in an admin form. The vulnerability was fixed in version 3.11.1 of the plugin...

3.1AI score
Exploits0References2Affected Software1
WPVulnDB
WPVulnDB
added 2020/05/09 12:0 a.m.25 views

Chopslider <= 3.4 - Unauthenticated Blind SQL Injection

The id parameter of the getscript/index.php page is not sanitised when used in a SQL statement, leading to an unauthenticated blind SQL Injection issue. Vendor was contacted by researcher, on March 3rd, 2020 but no reply was received. PoC The PoC will be displayed once the issue has been remediat...

7.5CVSS2.1AI score0.95657EPSS
Exploits8References1Affected Software1
WPVulnDB
WPVulnDB
added 2020/04/28 12:0 a.m.25 views

LearnPress < 3.2.6.9 - Authenticated Post Creation and Status Modification

The LearnPress plugin for WordPress allows authenticated remote attackers with minimal permissions to create pages with arbitrary titles, or modify the publication status of any existing page, via the learnpresscreatepage or learnpressupdateorderstatus AJAX actions...

6AI score
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2020/04/20 12:0 a.m.25 views

GTranslate < 2.8.52 - Unauthenticated Reflected Cross Site Scripting (XSS)

The GTranslate plugin before 2.8.52 for WordPress was vulnerable to an Unauthenticated Reflected XSS vulnerability via a crafted link. This requires use of the hreflang tags feature within a sub-domain or sub-directory paid option. The vulnerability was due to outputting the WordPress addqueryarg...

4.3CVSS0.3AI score0.04457EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
added 2020/03/31 12:0 a.m.25 views

LifterLMS < 3.37.15 - Arbitrary File Writing

The LMS by LifterLMS – Online Course, Membership & Learning Management System Plugin for WordPress WordPress plugin was affected by an Arbitrary File Writing security vulnerability...

7.5CVSS3.2AI score0.03776EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2020/02/25 12:0 a.m.25 views

Hero Maps Premium < 2.2.3 - Unauthenticated Reflected Cross-Site Scripting (XSS)

The hmapsprem WordPress plugin was affected by an Unauthenticated Reflected Cross-Site Scripting XSS security vulnerability. PoC...

4.3CVSS0.5AI score0.05651EPSS
Exploits2References2Affected Software1
WPVulnDB
WPVulnDB
added 2020/01/31 12:0 a.m.25 views

GistPress < 3.0.2 - Authenticated Stored XSS

XSS vulnerability that could be exploited by untrusted contributors on multi-author sites...

3.5CVSS3.3AI score0.01211EPSS
Exploits0References2Affected Software1
WPVulnDB
WPVulnDB
added 2020/01/09 12:0 a.m.25 views

CityBook < 2.3.4 - Multiple Vulnerabilities

Multiple vulnerabilities was discovered in the 'CityBook - Directory & Listing WordPress Theme', tested version — v2.3.3: - Unauthenticated Reflected XSS - Authenticated Persistent XSS - IDOR Edit WPScanTeam: December 27h, 2019 - Envato Contacted January 6th, 2020 - Envato Investigating January...

6.4CVSS6.4AI score0.03243EPSS
Exploits7References1Affected Software1
WPVulnDB
WPVulnDB
added 2019/10/14 12:0 a.m.25 views

Popup-Maker < 1.8.12 - Multiple Vulnerabilities

An attacker can partially control the arguments of the doaction, during the initialization of the PUMSite . Because of this, an attacker can call any method which contains an action starting from popmake or pum . This will lead to successful execution of functions which do not require arguments...

6.4CVSS1.6AI score0.09232EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2019/10/14 12:0 a.m.25 views

WordPress <= 5.2.3 - Stored XSS in Customizer

...

3.5CVSS1.1AI score0.01611EPSS
Exploits0References2Affected Software1
WPVulnDB
WPVulnDB
added 2019/09/05 12:0 a.m.25 views

WordPress 5.0-5.2.2 - Authenticated Stored XSS in Shortcode Previews

Description According to the WordPress release notes: "Props to Zhouyuan Yang of Fortinet’s FortiGuard Labs who disclosed a vulnerability for cross-site scripting XSS in shortcode previews."...

6.1CVSS6AI score0.01889EPSS
Exploits0References3
WPVulnDB
WPVulnDB
added 2019/08/26 12:0 a.m.25 views

2 Click Socialmedia Buttons < 0.34 - Multiple XSS

Description The 2 Click Social Media Buttons WordPress plugin was affected by a Multiple XSS security vulnerability...

4.3CVSS5.6AI score0.0578EPSS
Exploits2References2
WPVulnDB
WPVulnDB
added 2019/05/15 12:0 a.m.25 views

Photo Gallery by 10Web <= 1.5.24 - Authenticated LFI

The Photo Gallery by 10Web – Mobile-Friendly Image Gallery WordPress plugin was affected by an Authenticated LFI security vulnerability...

4CVSS2.9AI score0.0443EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
added 2019/03/15 12:0 a.m.25 views

Better Search 2.2.2 - Unauthenticated SQL Injection

The Better Search WordPress plugin was affected by an Unauthenticated SQL Injection security vulnerability...

2.9AI score
Exploits0References1Affected Software1
Total number of security vulnerabilities5000