Lucene search
K
WpvulndbMost viewed

14603 matches found

WPVulnDB
WPVulnDB
added 2023/12/08 12:0 a.m.24 views

BrainCert – HTML5 Virtual Classroom <= 2.0 - Reflected Cross-Site Scripting

Description The BrainCert – HTML5 Virtual Classroom plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 2.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...

7.1CVSS6.5AI score0.00412EPSS
Exploits0References2
WPVulnDB
WPVulnDB
added 2023/12/08 12:0 a.m.24 views

WP Cleanfix < 5.7.0 - Subscriber+ Post/Comment/Post Meta Content Replacement

Description The plugin is vulnerable to unauthorized access of data and modification of data due to a missing capability check on the register function, allowing authenticated attackers, with subscriber-level access and above, to find and replace post, comment, and postmeta content as well as...

9.2AI score0.00369EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/29 12:0 a.m.24 views

Grab & Save <= 1.0.4 - Cross-Site Request Forgery

Description The Grab & Save plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.4. This is due to missing or incorrect nonce validation on the mediaprocess function. This makes it possible for unauthenticated attackers to upload images via a forg...

6.7AI score0.00172EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2023/11/29 12:0 a.m.24 views

WP Shortcodes Plugin — Shortcodes Ultimate < 7.0.0 - Insecure Direct Object Reference to Information Disclosure

Description The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.13.3 via the sumeta shortcode due to missing validation on the user controlled keys 'key' and 'postid'. This makes it possible...

4.3CVSS6.3AI score0.00529EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/28 12:0 a.m.24 views

Preloader for Website < 1.3 - Missing Authorization via plwao_register_settings()

Description The Preloader for Website plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the plwaoregistersettings function in versions up to, and including, 1.2.2. This makes it possible for unauthenticated attackers to reset the plugin's...

6.9AI score0.00511EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/25 12:0 a.m.24 views

WCFM Marketplace < 3.6.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

Description The WCFM Marketplace plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'wcfmstores' shortcode in versions up to, and including, 3.6.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

6.4CVSS5.9AI score0.00443EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/24 12:0 a.m.24 views

Big File Uploads < 2.1.2 - Cross-Site Request Forgery via actions

Description The Big File Uploads plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.1.1. This is due to missing or incorrect nonce validation on the actions function. This makes it possible for unauthenticated attackers to dismiss or delay admin...

8.8CVSS6.6AI score0.00256EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/24 12:0 a.m.24 views

WooCommerce < 7.0.1 - Authenticated(Shop Manager+) Sensitive Information Exposure

Description The WooCommerce plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 7.0.0. This can allow authenticated attackers with Shop Manager privileges or above to extract sensitive user metadata including session tokens...

6.8AI score
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/24 12:0 a.m.24 views

Phlox Portfolio < 2.3.2 - Unauthenticated Local File Inclusion

Description The Phlox Portfolio plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.3.1. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files...

8.2AI score0.006EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2023/11/24 12:0 a.m.24 views

WP Maintenance < 6.1.4 - IP Restriction Bypass

Description The WP Maintenance plugin for WordPress is vulnerable to IP Address Restriction Bypass in versions up to, and including, 6.1.3. This can be used to bypass settings that may have blocked out an IP address from accessing a page on the site...

6.5AI score0.0034EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/23 12:0 a.m.24 views

SearchIQ < 4.5 - Unauthenticated Sensitive Information Disclosure

Description The plugin is vulnerable to unauthorized access of data due to a missing capability check on the getSIQPluginSettings function, allowing unauthenticated attackers to view information such as the plugin settings, theme, and WordPress and PHP version...

9.3AI score0.00409EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/23 12:0 a.m.24 views

Community by PeepSo < 6.2.0.0 - Cross-Site Request Forgery via delete

Description The Community by PeepSo plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 6.1.6.0. This is due to missing or incorrect nonce validation on the delete function. This makes it possible for unauthenticated attackers to delete PeepSo posts...

8.8CVSS9.2AI score0.00254EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/23 12:0 a.m.24 views

Essential Grid < 3.0.19 - Missing Authorization

Description The Essential Grid plugin for WordPress is vulnerable to unauthorized access of functionality due to a missing capability check on several functions in versions up to, and including, 3.0.18. This makes it possible for authenticated attackers, with subscriber-level access and above, to...

6.7AI score0.00356EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/23 12:0 a.m.24 views

Pricing Deals for WooCommerce <= 2.0.3.2 - Missing Authorization via vtprd_ajax_clone_rule

Description The Pricing Deals for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data| due to a missing capability check on the 'vtprdajaxclonerule' function in versions up to, and including, 2.0.3.2. This makes it possible for unauthenticated attackers to clone...

6.9AI score0.00295EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2023/11/23 12:0 a.m.24 views

Admin and Site Enhancements (ASE) < 5.8.0 - Password Protection Mode Security Feature Bypass

Description The Admin and Site Enhancements ASE plugin for WordPress is vulnerable to security feature bypass in all versions up to, and including, 5.7.1. This is due to a flawed authentication mechanism within the maybeprocesslogin function. This makes it possible for unauthenticated attackers t...

7.5AI score0.00447EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/16 12:0 a.m.24 views

Elementor Addon Elements < 1.12.8 - Unauthenticated Post ID/Tile Disclosure

Description The plugin does not have authorisation in its ajaxeaepostdata function, allowing unauthenticated users to retrieve arbitrary posts/pages such as draft, private etc IDs and tiles...

5.3CVSS7.3AI score0.00927EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/13 12:0 a.m.24 views

Church Admin < 3.8.0 - Server-Side Request Forgery (SSRF)

Description Server-Side Request Forgery SSRF vulnerability in Andy Moyle Church Admin.This issue affects Church Admin: from n/a through 3.7.56...

5.5CVSS7.2AI score0.00421EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/10/24 12:0 a.m.24 views

AI ChatBot < 4.9.3 - Cross-Site Request Forgery (CSRF)

Description The plugin does not protect some of its actions against CSRF attacks, allowing an unauthenticated attacker to perform actions on their behalf by tricking a logged in user to submit a crafted request. This vulnerability is the same as CVE-2023-5534, but was reintroduced in version 4.9....

5.5AI score0.00206EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/10/20 12:0 a.m.24 views

WordPress Popular Posts < 6.3.3 - Contributor+ Stored XSS

Description The plugin does not validate and escape some parameters, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

6.5CVSS5.7AI score0.0034EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/09/25 12:0 a.m.24 views

PageLayer < 1.7.7 - Unauthenticated Stored XSS

Description The plugin doesn't prevent unauthenticated attackers from updating a post's header or footer code on scheduled posts. PoC Unauthenticated attacker Proof of Concept 1 As a legitimate administrator, schedule a post to be published in a few minutes. 2 Close every window to that site to...

6.1CVSS6.4AI score0.00455EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2023/09/19 12:0 a.m.24 views

File Manager Pro < 1.8.1 - Admin+ Remote Code Execution

Description The plugin allows admin users to upload arbitrary files, even in environments where such a user should not be able to gain full control of the server, such as a multisite installation. This leads to remote code execution. PoC As an admin, use the File Manager UI to upload a file...

7.2CVSS7.5AI score0.01331EPSS
Exploits3Affected Software1
WPVulnDB
WPVulnDB
added 2023/09/13 12:0 a.m.24 views

Borderless < 1.4.9 - Admin+ Stored XSS

Description The plugin does not validate and escape some parameters, which could allow users with the admin role and above to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5.9CVSS5.6AI score0.00316EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/08/07 12:0 a.m.24 views

Ninja Forms < 3.6.26 - Admin+ Stored HTML Injection

Description The plugin does not sanitize and escape its label fields, which could allow high privilege users such as admin to perform Stored HTML injection. Only users with the unfilteredhtml capability can perform this, and such users are already allowed to use JS in posts/comments etc however t...

4.8CVSS6.5AI score0.00379EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2023/08/02 12:0 a.m.24 views

Bus Ticket Booking with Seat Reservation < 5.2.4 - Reflected XSS

Description The plugin does not sanitise and escape the tabdate and tabdater parameters before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

6.1CVSS6.2AI score0.00378EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/07/25 12:0 a.m.24 views

Freemius SDK < 2.5.10 - Reflected Cross-Site Scripting

Description The Freemius SDK for WordPress does not adequately sanitize inputs or escape outputs, leading to Reflected Cross-Site Scripting. This directly affects over 1000 plugins and themes that use this SDK...

8.6AI score0.00284EPSS
Exploits0
WPVulnDB
WPVulnDB
added 2023/07/20 12:0 a.m.24 views

OAuth Single Sign On – SSO (OAuth Client) < 6.23.4 - Improper Authentication

Description The plugin does not have authorisation in various AJAX actions, which could allow users with a role as low as Subscriber to call them and perform unauthorised actions...

8.8CVSS8.6AI score0.00958EPSS
Exploits1Affected Software1
WPVulnDB
WPVulnDB
added 2023/07/18 12:0 a.m.24 views

WooCommerce Ship to Multiple Addresses < 3.8.6 - Cross-Site Request Forgery

Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...

8.8CVSS8.7AI score0.00306EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/07/17 12:0 a.m.24 views

MultiParcels Shipping For WooCommerce < 1.15.4 - Reflected XSS

Description The plugin does not sanitise and escape various parameters before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin Note: The issue was fixed in 1.14.15 but re-introduced in 1.14.16 PoC Make a...

6.1CVSS6.2AI score0.00396EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2023/07/05 12:0 a.m.24 views

SMTP Mail <= 1.2.16 - Unauthenticated Stored Cross-Site Scripting

The plugin does not properly sanitize and escape input in email subjects when the 'Save Data SendMail' feature is enabled, leading to potential Stored Cross-Site Scripting issues...

7.2CVSS5.9AI score0.00491EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/06/08 12:0 a.m.24 views

WP-Members Membership < 3.4.8 - Subscriber+ Unauthorized Plugin Settings Update

The plugin does not correctly implement capability checks on the dofieldreorder function, allowing authenticated users with only subscriber-level access to reorder form elements on login forms...

4.3CVSS6.7AI score0.00503EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/06/08 12:0 a.m.24 views

Metform Elementor Contact Form Builder < Unauthenticated CSV Injection

The plugin does not properly escape user-supplied input which is output in CSV files, which could be abused in CSV Injection attacks...

8.3CVSS7.2AI score0.0071EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/06/05 12:0 a.m.24 views

USM Premium < 16.3 - Admin+ Stored XSS

The plugin does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example, in multisite setup. PoC Put the payload in any text field of the "8 ...

4.8CVSS8AI score0.00477EPSS
Exploits3Affected Software1
WPVulnDB
WPVulnDB
added 2023/05/17 12:0 a.m.24 views

MStore API < 3.9.1 - Authentication Bypass

The plugin does not properly verify the user provided when redemption coupons via its REST API, allowing unauthenticated users to login as an arbitrary user by providing their ID...

9.8CVSS7AI score0.01256EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/05/08 12:0 a.m.24 views

Hide My WP Ghost – Security < 5.0.20 - IP Address Spoofing

The plugin does not adequately restrict where IP Address information is retrieved from, leading to an IP Address Spoofing vulnerabilities. Attackers may use this to bypass IP blocking features provided by the plugin...

6.5CVSS6.7AI score0.0032EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/05/04 12:0 a.m.24 views

Cart Lift < 3.1.6 - Reflected XSS

The plugin does not sanitise and escape the cartsearch parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

7.1CVSS5.7AI score0.00382EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/04/28 12:0 a.m.24 views

WP-CORS <= 0.2.1 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5.9CVSS5.7AI score0.00369EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/04/26 12:0 a.m.24 views

Image Optimizer by 10web < 1.0.27 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape the iowdtabsactive parameter before rendering it in the plugin admin panel, leading to a reflected Cross-Site Scripting vulnerability, allowing an attacker to trick a logged in admin to execute arbitrary javascript by clicking a link. PoC Make a logged in...

6.1AI score0.0085EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2023/04/25 12:0 a.m.24 views

YARPP - Yet Another Related Posts Plugin < 5.30.3 - Subscriber+ SQLi

The plugin does not validate and escape some of its shortcode attributes before using them in SQL statement/s, which could allow any authenticated users, such as subscribers to perform SQL Injection attacks. PoC Run the below command in the developer console of the web browser while being on the...

7.4AI score0.0094EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2023/04/20 12:0 a.m.24 views

ActiveCampaign < 8.1.12 - Contributor+ Stored XSS

The plugin does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks PoC As a contributor, add a "AC Forms" Gutenberg block ...

5.4CVSS7.5AI score0.00462EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2023/04/19 12:0 a.m.24 views

SparkPost <= 3.2.5 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5.9CVSS5.7AI score0.00392EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/04/19 12:0 a.m.24 views

ShopEngine < 4.1.2 - CSRF

The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...

8.8CVSS6.7AI score0.00248EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/03/30 12:0 a.m.24 views

affiliate-toolkit – WordPress Affiliate < 3.3.4 - Editor+ Stored XSS

The plugin does not sanitise and escape some parameters, which could allow users with a role as low as Editor to perform Cross-Site Scripting attacks...

5.9CVSS6.1AI score0.00358EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/03/27 12:0 a.m.24 views

Contact Forms by Cimatti < 1.5.5 - Reflected XSS

The plugin does not sanitise and escape various parameters before outputting them back in pages, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

7.1CVSS6.4AI score0.00382EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/03/21 12:0 a.m.24 views

Lazy Social Comments <= 2.0.4 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5.9CVSS5.7AI score0.00369EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/03/20 12:0 a.m.24 views

WordPress Amazon S3 Plugin < 1.6 - Reflected XSS

The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin PoC...

4.8CVSS5.3AI score0.00442EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2023/03/10 12:0 a.m.24 views

Redirection < 1.1.4 - Redirect Creation via CSRF

The plugin does not add nonce verification in place when adding the redirect, which could allow attackers to add redirects via a CSRF attack. PoC POST /wp-admin/admin-ajax.php HTTP/2 Host: sawcup.s2-tastewp.com Cookie: test=test; User-Agent: useragent Accept: / Accept-Language: en-US,en;q=0.5...

6.5CVSS6.1AI score0.00344EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2023/03/08 12:0 a.m.24 views

GiveWP < 2.25.2 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

6.5CVSS5.8AI score0.00386EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/03/07 12:0 a.m.24 views

Coming Soon & Maintenance < 4.1.7 - Unauthenticated Post/Page Access in Maintenance Mode

The plugin does not restrict access to published and non protected posts/pages when the maintenance mode is enabled, allowing unauthenticated users to access them PoC Run the below command in the developer console of the web browser while being on the blog as unauthenticated, when maintenance mod...

5.3CVSS6AI score0.01414EPSS
Exploits1Affected Software1
WPVulnDB
WPVulnDB
added 2023/02/28 12:0 a.m.24 views

OAuth Single Sign On - SSO (OAuth Client) Premium < 38.4.9 - IdP Deletion via CSRF

The plugin does not have CSRF checks when deleting Identity Providers IdP, which could allow attackers to make logged in admins delete arbitrary IdP via a CSRF attack PoC https://example.com/wp-admin/admin.php?page=mooauthsettings=config=delete=wordpress...

6.5CVSS6.6AI score0.00442EPSS
Exploits5Affected Software1
WPVulnDB
WPVulnDB
added 2023/02/23 12:0 a.m.24 views

For the visually impaired <= 0.58 - Cross-Site Request Forgery (CSRF)

The plugin does not protect its vipluginsetupmenu function against CSRF attacks, allowing an unauthenticated attacker to update plugin settings by tricking a logged in user to submit a crafted request...

8.8CVSS6.8AI score0.00256EPSS
Exploits0References1Affected Software1
Total number of security vulnerabilities5000