Lucene search
K
WpvulndbMost viewed

14603 matches found

WPVulnDB
WPVulnDB
added 2019/02/05 12:0 a.m.25 views

Blog2Social <= 5.0.2 - Authenticated Cross-Site Scripting (XSS)

The Blog2Social: Social Media Auto Post & Scheduler WordPress plugin was affected by an Authenticated Cross-Site Scripting XSS security vulnerability. PoC http://example.com/wp-admin/admin.php?page=blog2social-ship=70&b2s;action=1&b2s;updatepublishdate='"...

4.3CVSS0.4AI score0.01408EPSS
Exploits2References3Affected Software1
WPVulnDB
WPVulnDB
added 2019/01/07 12:0 a.m.25 views

JSmol2WP <= 1.07 - Unauthenticated Cross-Site Scripting (XSS)

The jsmol2wp WordPress plugin was affected by an Unauthenticated Cross-Site Scripting XSS security vulnerability. PoC http://localhost:8080/wp-content/plugins/jsmol2wp/php/jsmol.php?isform=true=saveFile=%3Cscript%3Ealert/xss/%3C/script%3E=text/html;%20charset=utf-8...

4.3CVSS0.6AI score0.0397EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2018/11/20 12:0 a.m.25 views

Yoast SEO <= 9.1 - Authenticated Race Condition

According to the changelog, "Race Condition which leads to command execution, by users with SEO Manager roles."...

6CVSS4.7AI score0.03205EPSS
Exploits1References3Affected Software1
WPVulnDB
WPVulnDB
added 2018/11/12 12:0 a.m.25 views

Social Sharing Plugin – Kiwi <= 2.0.10 - Update Any Option

The Social Sharing Plugin – Kiwi WordPress plugin was affected by an Update Any Option security vulnerability...

2.6AI score
Exploits0References2Affected Software1
WPVulnDB
WPVulnDB
added 2018/01/27 12:0 a.m.25 views

Enfold Theme < 4.2.1 - Rewrite Portfolio Permalink Structure & Information Disclosure

The changelog describes two security fixes: - fixed: security issue that would allow an attacker to export your enfold theme settings - fixed: security issue that allowed an attacker to rewrite the portfolio permalink structure...

2.1AI score
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2018/01/12 12:0 a.m.25 views

Read and Understood <= 2.1 - Authenticated Stored XSS & CSRF

The Read and Understood WordPress plugin was affected by an Authenticated Stored XSS & CSRF security vulnerability...

6.8CVSS3.9AI score0.00652EPSS
Exploits3References2Affected Software1
WPVulnDB
WPVulnDB
added 2017/12/19 12:0 a.m.25 views

WordPress Concours <= 1.1 - Authenticated Cross-Site Scripting (XSS)

The wp-concours WordPress plugin was affected by an Authenticated Cross-Site Scripting XSS security vulnerability...

4.3CVSS2.7AI score0.00938EPSS
Exploits3References2Affected Software1
WPVulnDB
WPVulnDB
added 2017/11/29 12:0 a.m.25 views

WordPress 3.7-4.9 - 'newbloguser' Key Weak Hashing

...

6.5CVSS1AI score0.08204EPSS
Exploits0References2Affected Software1
WPVulnDB
WPVulnDB
added 2017/10/10 12:0 a.m.25 views

Simple Login Log <= 1.1.0 - Authenticated SQL Injection

The Simple Login Log WordPress plugin was affected by an Authenticated SQL Injection security vulnerability...

7.5CVSS3.1AI score0.01799EPSS
Exploits0References2Affected Software1
WPVulnDB
WPVulnDB
added 2017/09/08 12:0 a.m.25 views

MailChimp for WordPress <= 4.1.6 - Authenticated Cross-Site Scripting (XSS)

Usage of the output of addqueryarg without escaping in various places in the WordPress Backend leads to reflected XSS vulnerability. PoC URL/wp-admin/admin.php?page=mailchimp-for-wp-integrations&"...

1AI score
Exploits0References2Affected Software1
WPVulnDB
WPVulnDB
added 2017/08/20 12:0 a.m.25 views

Photo Gallery by WD <= 1.3.50 - Authenticated SQL Injection

The Photo Gallery by 10Web – Mobile-Friendly Image Gallery WordPress plugin was affected by an Authenticated SQL Injection security vulnerability...

6.5CVSS3AI score0.01593EPSS
Exploits0References2Affected Software1
WPVulnDB
WPVulnDB
added 2017/08/08 12:0 a.m.25 views

Bridge Theme <= 11.1 - DOM Cross-Site Scripting (XSS)

The bridge WordPress theme was affected by a DOM Cross-Site Scripting XSS security vulnerability...

4.3CVSS1.5AI score0.01192EPSS
Exploits1References2Affected Software1
WPVulnDB
WPVulnDB
added 2017/07/24 12:0 a.m.25 views

Simple Custom CSS and JS <= 3.3 - Authenticated Cross-Site Scripting (XSS)

The Simple Custom CSS and JS WordPress plugin was affected by an Authenticated Cross-Site Scripting XSS security vulnerability...

4.3CVSS1.7AI score0.01466EPSS
Exploits0References2Affected Software1
WPVulnDB
WPVulnDB
added 2017/05/05 12:0 a.m.25 views

Clean Login <= 1.7.12 - Change Redirect URL CSRF

The Clean Login WordPress plugin was affected by a Change Redirect URL CSRF security vulnerability. PoC...

4.3CVSS2.2AI score0.00618EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2017/04/24 12:0 a.m.25 views

Cforms & CformsII < 14.13 - SQL Injection

...

7.5CVSS2AI score0.01779EPSS
Exploits0Affected Software2
WPVulnDB
WPVulnDB
added 2017/01/26 12:0 a.m.25 views

WordPress 4.3.0-4.7.1 - Cross-Site Scripting (XSS) in posts list table

...

4.3CVSS1.2AI score0.02874EPSS
Exploits0References2Affected Software1
WPVulnDB
WPVulnDB
added 2017/01/15 12:0 a.m.25 views

Stop User Enumeration 1.3.5-1.3.7 - Unauthenticated Reflected Cross-Site Scripting (XSS)

The Stop User Enumeration WordPress plugin was affected by an Unauthenticated Reflected Cross-Site Scripting XSS security vulnerability. PoC http://www.example.com/?author=1...

4.3CVSS0.6AI score0.0203EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
added 2016/07/26 12:0 a.m.25 views

ColorWay < 3.4.2 - Cross-Site Scripting (XSS)

The ColorWay WordPress theme was affected by a Cross-Site Scripting XSS security vulnerability...

4.3CVSS1.9AI score0.0102EPSS
Exploits1References2Affected Software1
WPVulnDB
WPVulnDB
added 2016/06/21 12:0 a.m.25 views

WordPress 2.6.0-4.5.2 - Unauthorized Category Removal from Post

...

5CVSS2.2AI score0.0352EPSS
Exploits0References2Affected Software1
WPVulnDB
WPVulnDB
added 2016/05/06 12:0 a.m.25 views

WordPress 4.2-4.5.1 - MediaElement.js Reflected Cross-Site Scripting (XSS)

...

4.3CVSS2.1AI score0.06405EPSS
Exploits0References3Affected Software1
WPVulnDB
WPVulnDB
added 2016/04/12 12:0 a.m.25 views

S3 Video Plugin <= 0.983 - Unauthenticated Reflected Cross-Site Scripting (XSS)

The s3-video WordPress plugin was affected by an Unauthenticated Reflected Cross-Site Scripting XSS security vulnerability. PoC http://www.example.com/wp-content/plugins/s3-video/views/video-management/previewvideo.php?media=""...

4.3CVSS0.8AI score0.03209EPSS
Exploits2References2Affected Software1
WPVulnDB
WPVulnDB
added 2016/03/28 12:0 a.m.25 views

Music Store <= 1.0.41 - Cross-Site Scripting (XSS)

The Music Store – WordPress eCommerce WordPress plugin was affected by a Cross-Site Scripting XSS security vulnerability...

4.3CVSS1.5AI score0.01623EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
added 2016/02/02 12:0 a.m.25 views

WordPress 3.7-4.4.1 - Open Redirect

...

5.8CVSS1.1AI score0.04696EPSS
Exploits0References2Affected Software1
WPVulnDB
WPVulnDB
added 2015/10/12 12:0 a.m.25 views

Pie-Register <= 2.0.18 - Unauthenticated Reflected Cross-Site Scripting (XSS)

The Pie Register – User Registration Forms. Invitation based registrations, Custom Login, Payments WordPress plugin was affected by an Unauthenticated Reflected Cross-Site Scripting XSS security vulnerability...

4.3CVSS1.5AI score0.04405EPSS
Exploits3References2Affected Software1
WPVulnDB
WPVulnDB
added 2015/10/05 12:0 a.m.25 views

Easy2Map <= 1.2.9 - Reflected Cross-Site Scripting (XSS)

The Easy2Map WordPress plugin was affected by a Reflected Cross-Site Scripting XSS security vulnerability...

4.3CVSS1.5AI score0.02083EPSS
Exploits2References2Affected Software1
WPVulnDB
WPVulnDB
added 2015/08/31 12:0 a.m.25 views

CKEditor for WordPress <= 4.5.3 - Authenticated Reflected Cross-Site Scripting (XSS)

The CKEditor for WordPress WordPress plugin was affected by an Authenticated Reflected Cross-Site Scripting XSS security vulnerability...

4.3CVSS1.9AI score0.00913EPSS
Exploits0References2Affected Software1
WPVulnDB
WPVulnDB
added 2015/08/24 12:0 a.m.25 views

GigPress <= 2.3.10 - Authenticated XSS & Blind SQLi

The GigPress WordPress plugin was affected by an Authenticated XSS & Blind SQLi security vulnerability...

6.5CVSS5.4AI score0.01408EPSS
Exploits0References2Affected Software1
WPVulnDB
WPVulnDB
added 2015/08/21 12:0 a.m.25 views

SEO Redirection < 2.9 - Authenticated Reflected Cross-Site Scripting (XSS)

The plugin was affected by an Authenticated Reflected Cross-Site Scripting XSS security vulnerability in its settings page, via the search GET parameter PoC https://example.com/wp-admin/options-general.php?page=seo-redirection.php=posts=%22+onmouseover%3Dalert%281%29+%3E...

0.5AI score
Exploits0References2Affected Software1
WPVulnDB
WPVulnDB
added 2015/08/09 12:0 a.m.25 views

WP Symposium <= 15.5.1 - Unauthenticated SQL Injection

Wordpress plugin wp-symposium version 15.5.1 and probably all existing previous versions suffers from an unauthenticated SQL Injection in getalbumitem.php, parameter 'size'. The issue is exploitable even if the plugin is deactivated. PoC PoC URL :...

7.5CVSS1.2AI score0.74127EPSS
Exploits5References2Affected Software1
WPVulnDB
WPVulnDB
added 2015/08/04 12:0 a.m.25 views

Job Manager <= 0.7.22 - Unauthenticated Stored Cross-Site Scripting (XSS)

The Job Manager WordPress plugin was affected by an Unauthenticated Stored Cross-Site Scripting XSS security vulnerability. PoC Go to the job listings page /index.php/jobs/apply/, then click on "send through your résumé", add the payload '" to the email field. The JavaScript will be executed on t...

4.3CVSS1.1AI score0.0489EPSS
Exploits6References2Affected Software1
WPVulnDB
WPVulnDB
added 2015/07/07 12:0 a.m.25 views

S3Bubble Amazon S3 Video And Audio Streaming With Analytics <= 2.0 - Arbitrary File Download

The s3bubble-amazon-s3-audio-streaming WordPress plugin was affected by an Arbitrary File Download security vulnerability...

5CVSS3.6AI score0.04126EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
added 2015/07/07 12:0 a.m.25 views

NewStatPress <= 1.0.4 - SQL Injection

The Search functionality is susceptible to a SQL Injection attack due to usage of user input without sanitation. In particular, at line 98 of 'includes/nspsearch.php'. Utilising a specially crafted SQL query, we can trigger disclosure of user hashes through an IMG tag as the data channel. PoC The...

7.5CVSS0.2AI score0.01815EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
added 2015/06/24 12:0 a.m.25 views

Nextend Twitter Connect <= 1.5.1 - Reflected Cross-Site Scripting (XSS)

The nextend-twitter-connect WordPress plugin was affected by a Reflected Cross-Site Scripting XSS security vulnerability...

4.3CVSS1.1AI score0.0196EPSS
Exploits2References2Affected Software1
WPVulnDB
WPVulnDB
added 2015/05/25 12:0 a.m.25 views

NewStatPress 0.9.8 - XSS & SQL Injection

The NewStatPress WordPress plugin was affected by a XSS & SQL Injection security vulnerability...

6.5CVSS1.9AI score0.09183EPSS
Exploits7References2Affected Software1
WPVulnDB
WPVulnDB
added 2015/05/25 12:0 a.m.25 views

GigPress <= 2.3.8 - Authenticated SQL Injection

The GigPress WordPress plugin was affected by an Authenticated SQL Injection security vulnerability...

6.5CVSS3.3AI score0.04187EPSS
Exploits5References2Affected Software1
WPVulnDB
WPVulnDB
added 2015/04/20 12:0 a.m.25 views

Digital Store < 1.3.3 - Unspecified XSS

The digital-store WordPress theme was affected by an Unspecified XSS security vulnerability...

4.3CVSS2AI score0.00923EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2015/02/22 12:0 a.m.25 views

WooCommerce <= 2.2.10 - Cross-Site Scripting (XSS)

The WooCommerce WordPress plugin was affected by a Cross-Site Scripting XSS security vulnerability...

4.3CVSS1.7AI score0.02041EPSS
Exploits1References2Affected Software1
WPVulnDB
WPVulnDB
added 2014/12/18 12:0 a.m.25 views

Pictobrowser Gallery <= 0.3.1 - Multiple CSRF

Plugin is still affected and has been closed...

6.8CVSS2.7AI score0.01001EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2014/11/26 12:0 a.m.25 views

Ad Manager <= 1.1.2 - Open Redirection

The wordpress-admanager WordPress plugin was affected by an Open Redirection security vulnerability...

5.8CVSS2.2AI score0.02256EPSS
Exploits1References5Affected Software1
WPVulnDB
WPVulnDB
added 2014/10/15 7:34 p.m.25 views

MaxButtons 1.26.0 - Cross Site Scripting (XSS)

The WordPress Button Plugin MaxButtons WordPress plugin was affected by a Cross Site Scripting XSS security vulnerability...

4.3CVSS1.6AI score0.02053EPSS
Exploits3References2Affected Software1
WPVulnDB
WPVulnDB
added 2014/10/08 12:0 a.m.25 views

Google Calendar Events < 2.0.4 - XSS

The Simple Calendar – Google Calendar Plugin WordPress plugin was affected by a XSS security vulnerability...

4.3CVSS2.1AI score0.02388EPSS
Exploits3References6Affected Software1
WPVulnDB
WPVulnDB
added 2014/09/16 6:15 p.m.25 views

WordPress 3.0 - 3.9.1 Authenticated Cross-Site Scripting (XSS) in Multisite

...

2.1CVSS2AI score0.02196EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2014/08/01 10:59 a.m.25 views

BookX 1.7 - includes/bookx_export.php file Parameter Remote Path Traversal File Access

The bookx WordPress plugin was affected by an includes/bookxexport.php file Parameter Remote Path Traversal File Access security vulnerability...

5CVSS4.1AI score0.08856EPSS
Exploits1References2Affected Software1
WPVulnDB
WPVulnDB
added 2014/08/01 10:59 a.m.25 views

Simple Retail Menus 4.0.1 - includes/mode-edit.php targetmenu Parameter SQL Injection

The Simple Retail Menus WordPress plugin was affected by an includes/mode-edit.php targetmenu Parameter SQL Injection security vulnerability...

6.5CVSS2.3AI score0.01594EPSS
Exploits1Affected Software1
WPVulnDB
WPVulnDB
added 2014/08/01 10:59 a.m.25 views

ShareThis 7.0.3 - Setting Manipulation CSRF

The share-this WordPress plugin was affected by a Setting Manipulation CSRF security vulnerability...

6.8CVSS2.1AI score0.01178EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2014/08/01 10:58 a.m.25 views

Terillion Reviews < 1.2 - Profile Id Field XSS

The terillion-reviews WordPress plugin was affected by a Profile Id Field XSS security vulnerability...

4.3CVSS2.2AI score0.05268EPSS
Exploits2References3Affected Software1
WPVulnDB
WPVulnDB
added 2014/08/01 10:58 a.m.25 views

Zopim Live Chat <= 1.2.5 - XSS in ZeroClipboard

The Zendesk Chat WordPress plugin was affected by a XSS in ZeroClipboard security vulnerability...

4.3CVSS1.5AI score0.06316EPSS
Exploits4References2Affected Software1
WPVulnDB
WPVulnDB
added 2014/08/01 10:58 a.m.25 views

Cardoza WordPress Poll <= 34.05 - Multiple External Function Remote Poll Manipulation

The WordPress Poll WordPress plugin was affected by a Multiple External Function Remote Poll Manipulation security vulnerability...

7.5CVSS2.1AI score0.04973EPSS
Exploits3References2Affected Software1
WPVulnDB
WPVulnDB
added 2014/08/01 10:58 a.m.25 views

Login With Ajax - Cross-Site Request Forgery

The Login With Ajax WordPress plugin was affected by a Cross-Site Request Forgery security vulnerability...

6.8CVSS3.1AI score0.0097EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2014/08/01 10:58 a.m.25 views

bbPress - forum.php page Parameter SQL Injection

The bbPress WordPress plugin was affected by a forum.php page Parameter SQL Injection security vulnerability...

2.7AI score
Exploits0References3Affected Software1
Total number of security vulnerabilities5000