Lucene search
K
WpvulndbMost viewed

14603 matches found

WPVulnDB
WPVulnDB
added 2023/02/22 12:0 a.m.24 views

Integration for Contact Form 7 and Zoho CRM, Bigin < 1.2.3 - Cross-Site Request Forgery (CSRF)

The plugin does not protect its settingspage action against CSRF attacks, allowing an attacker to update the plugin settings on their behalf by tricking a logged in admin to submit a crafted request...

8.8CVSS6.6AI score0.00256EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/02/21 12:0 a.m.24 views

Japanized For WooCommerce < 2.5.5 - Reflected XSS

The plugin does not sanitise and escape the tab parameter before outputting it back in a page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin PoC https://example.com/wp-admin/admin.php?page=wc4jp-options=a...

6.1CVSS6AI score0.01213EPSS
Exploits3Affected Software1
WPVulnDB
WPVulnDB
added 2023/02/20 12:0 a.m.24 views

Accept Stripe Donation - AidWP < 3.1.6 - CSRF

The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...

8.8CVSS8.3AI score0.0026EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/02/20 12:0 a.m.24 views

ProfilePress < 4.5.5 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

6.5CVSS5.1AI score0.00411EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/02/20 12:0 a.m.24 views

Clio Grow < 1.0.1 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5.9CVSS4.8AI score0.00369EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/02/16 12:0 a.m.24 views

WordPress Infinite Scroll - Ajax Load More < 5.6.0.3 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. PoC Examples a lot of attributes are...

5.4CVSS5.3AI score0.00478EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2023/02/13 12:0 a.m.24 views

eVision Responsive Column Layout Shortcodes <= 2.3 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. PoC bscolumns class='" onmouseover="alert1"...

5.4CVSS5AI score0.00471EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2023/02/06 12:0 a.m.24 views

GigPress <= 2.3.28 - Subscriber+ SQLi

The plugin does not validate and escape some of its shortcode attributes before using them in SQL statement/s, which could allow any authenticated users, such as subscriber to perform SQL Injection attacks PoC Run the below commands in the developer console of the web browser while being on the...

8.8CVSS9AI score0.01301EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2023/01/26 12:0 a.m.24 views

Hueman Addons <= 2.3.3 - Contributor+ Stored XSS via Shortcode

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks PoC column size='" onmouseover="alert1"...

5.4CVSS5AI score0.00471EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2023/01/24 12:0 a.m.24 views

Page Builder: Live Composer < 1.5.23 - Contributor+ Stored XSS via Shortcode

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. PoC dslcnotification color='red"...

5.4CVSS5AI score0.00393EPSS
Exploits1Affected Software1
WPVulnDB
WPVulnDB
added 2023/01/17 12:0 a.m.24 views

TemplatesNext ToolKit < 3.2.8 - Contributor+ Stored XSS via Shortcode

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. PoC txheading margin='"...

5.4CVSS5AI score0.0054EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2023/01/10 12:0 a.m.24 views

Post Category Image With Grid and Slider < 1.4.8 - Contributor+ Stored XSS via Shortcode

The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. PoC Exploit...

5.4CVSS2.5AI score0.00685EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2023/01/06 12:0 a.m.24 views

miniOrange WordPress SAML SSO Standard < 16.0.8 - Open Redirect in SSO login

The plugin does not validate that the redirect parameter to its SSO login endpoint points to an internal site URL, making it vulnerable to an Open Redirect issue when the user is already logged in...

6.1CVSS2AI score0.0061EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/01/06 12:0 a.m.24 views

WP Social Widget < 2.2.4 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. PoC wpsw facebook='" onmouseover="alert1"'...

5.4CVSS2.5AI score0.00534EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2023/01/05 12:0 a.m.24 views

Social Warfare < 4.4.0 - Post Meta Deletion via CSRF

The plugin does not have CSRF checks in some AJAX actions, allowing attackers, to make a logged in admin call them and delete arbitrary post meta as well as reset access tokens related to network via CSRF attacks PoC...

5.4CVSS5.5AI score0.00374EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2023/01/04 12:0 a.m.24 views

FL3R FeelBox <= 8.1 - Moods Reset via CSRF

The plugin does not have CSRF check when updating reseting moods which could allow attackers to make logged in admins perform such action via a CSRF attack and delete the lydlposts & lydlpoststimestamp DB tables PoC Make a logged in admin open a page containing the HTML code below...

4.3CVSS4.1AI score0.00267EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/12/28 12:0 a.m.24 views

User Verification < 1.0.94 - Authentication Bypass

The plugin was affected by an Auth Bypass security vulnerability. To bypass authentication, we only need to know the user’s username. Depending on whose username we know, which can be easily queried because it is usually public data, we may even be given an administrative role on the website. PoC...

9.8CVSS2.4AI score0.01598EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2022/12/28 12:0 a.m.24 views

OneClick Chat to Order < 1.0.4.2 - Contributor+ Stored XSS via Shortcode

The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. PoC 1. Instal...

5.4CVSS3.2AI score0.00471EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/12/27 12:0 a.m.24 views

Sassy Social Share < 3.3.45 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. PoC Insert th...

5.4CVSS3AI score0.00471EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/12/27 12:0 a.m.24 views

Search & Filter < 1.2.16 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admin. PoC Insert the...

5.4CVSS2AI score0.00471EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/12/27 12:0 a.m.24 views

EU Cookie Law <= 3.1.6 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. PoC 1. Enter the setting page of this plugin. 2...

4.8CVSS0.3AI score0.0047EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/12/22 12:0 a.m.24 views

Anti-Malware Security and Brute-Force Firewall < 4.21.86 - Admin+ PHP Object Injection

The plugin unserializes user input provided via the settings, which could allow high privilege users such as admin to perform PHP Object Injection when a suitable gadget is present. PoC 1. To simulate a gadget chain, put the following code in a plugin: class Evil public function wakeup : void...

1.8AI score
Exploits1Affected Software1
WPVulnDB
WPVulnDB
added 2022/12/20 12:0 a.m.24 views

WP Pipes < 1.4.0 - Admin+ SQLi

The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin...

8.2CVSS7.5AI score0.00628EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2022/12/06 12:0 a.m.24 views

WordPress Filter Gallery Plugin < 0.1.6 - Admin+ Stored XSS

The plugin does not properly escape the filters passed in the ufggalleryfilters ajax action before outputting them on the page, allowing a high privileged user such as an administrator to inject HTML or javascript to the plugin settings page, even when the unfilteredhtml capability is disabled. P...

4.8CVSS0.7AI score0.0047EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/12/05 12:0 a.m.24 views

Contest Gallery < 19.1.5 - Author+ SQL Injection

The plugins do not escape the cgmultiplefilesforpost POST parameter before concatenating it to an SQL query in 0change-gallery.php. This may allow malicious users with at least author privilege to leak sensitive information from the site's database. PoC POST /wp-admin/admin-ajax.php HTTP/1.1 Host...

6.5CVSS0.1AI score0.00854EPSS
Exploits2References1Affected Software2
WPVulnDB
WPVulnDB
added 2022/12/02 12:0 a.m.24 views

Chained Quiz < 1.3.2.3 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape the dn parameter before outputting it back in the chainedquizlist page, leading to a Reflected Cross-Site Scripting...

6.1CVSS1.3AI score0.00638EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2022/12/02 12:0 a.m.24 views

Chained Quiz < 1.3.2.5 - Arbitrary Question Deletion via CSRF

The plugin does not have CSRF check when deleting questions, which could allow attackers to make logged in admins perform such action via a CSRF attack...

5.4CVSS5.7AI score0.00397EPSS
Exploits1Affected Software1
WPVulnDB
WPVulnDB
added 2022/11/21 12:0 a.m.24 views

User Registration < 2.2.4.1 - Subscriber+ Arbitrary File Upload

The plugin does not properly restrict the files to be uploaded via an AJAX action available to both unauthenticated and authenticated users, which could allow unauthenticated users to upload PHP files for example. PoC The following Python script automates the exploitation of this plugin by...

7.5CVSS2.3AI score0.00743EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/11/10 12:0 a.m.24 views

Add Comments <= 1.0.1 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. PoC POST...

4.8CVSS0.2AI score0.00532EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/10/31 12:0 a.m.24 views

miniOrange's Google Authenticator < 5.6.2 - Subscriber+ Settings Update

The plugin does not have authorisation check when updating its settings, which could allow any authenticated users, such as subscriber to update them...

8.8CVSS4.5AI score0.00636EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2022/10/26 12:0 a.m.24 views

Web Stories < 1.25.0 - Subscriber+ Server Side Request Forgery

The plugin does not validate the url parameter passed to the v1/hotlink/proxy REST endpoint, allowing any authenticated users to perform SSRF attacks...

9.6CVSS4.4AI score0.00694EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2022/09/12 12:0 a.m.24 views

YDS Support Ticket System <= 1.0 - Cross-Site Request Forgery

The plugin does not have CSRF check in some places, which could allow attackers to make logged in users perform unwanted actions...

8.8CVSS4.5AI score0.00306EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2022/09/06 12:0 a.m.24 views

WP Socializer < 7.3 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its Icons settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC Activate the Share Icons feature of the...

4.8CVSS4.6AI score0.00591EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/09/02 12:0 a.m.24 views

Mega Addons For WPBakery Page Builder <= 4.2.7 - Settings Update via CSRF

The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

8.8CVSS5.1AI score0.00289EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2022/08/31 12:0 a.m.24 views

WP-PostRatings < 1.90 - Ratings Tempering via Race Condition

The plugin is affected by a race condition allowing any authenticated user to tamper with ratings and decrease/increase their value...

4.3CVSS4.4AI score0.00393EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2022/08/29 12:0 a.m.24 views

Beaver Builder < 2.5.5.3 - Authenticated Stored XSS via Text Editor

The plugin does not sanitise and escape the Text Editor block, which could allow users with access to the plugin's editor to perform Cross-Site Scripting attacks...

6.4CVSS3.6AI score0.00457EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2022/08/09 12:0 a.m.24 views

Contest Gallery < 17.0.5 - Author+ SQLi

The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as author...

8.8CVSS3.4AI score0.00737EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2022/08/06 12:0 a.m.24 views

ActiveDEMAND plugin <= 0.2.27 - Unauthenticated Post Creation/Update/Deletion

The plugin does not have any authorisation in some of its REST route, which could allow unauthenticated users to delete, create and update arbitrary post...

6.5CVSS4.4AI score0.00569EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2022/08/01 12:0 a.m.24 views

Download Manager < 3.2.49 - Multiple CSRF

The plugin does not have CSRF check in place in some places, which could allow attackers to make a logged in admin perform unwanted actions...

8.8CVSS5.2AI score0.00289EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2022/08/01 12:0 a.m.24 views

Enable SVG, WebP & ICO Upload <= 1.0.1 - Author+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some parameter, which could allow users with a role as low as author to perform stored Cross-Site Scripting attacks...

5.4CVSS2.5AI score0.00462EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2022/07/26 12:0 a.m.24 views

Product Slider for WooCommerce < 2.5.7 - Subscriber+ Arbitrary Options Deletion

The plugin has flawed CSRF checks and lack authorisation in some of its AJAX actions, allowing any authenticated users, such as subscriber to call them. One in particular could allow them to delete arbitrary blog options. PoC fetch"/wp-admin/admin-ajax.php", "headers": "content-type":...

4.3CVSS3.7AI score0.00308EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/07/26 12:0 a.m.24 views

Transposh WordPress Translation <= 1.0.8 - Subscriber+ Unauthorised Calls

The plugin exposes a couple of sensitive actions such has “tpreset” under the Utilities tab /wp-admin/admin.php?page=tputils, which can be used/executed as the lowest-privileged user. Basically all Utilities functionalities are vulnerable this way, which involves resetting configurations and...

6.5CVSS0.5AI score0.00891EPSS
Exploits5Affected Software1
WPVulnDB
WPVulnDB
added 2022/07/25 12:0 a.m.24 views

WP-DBManager < 2.80.8 - Admin+ Remote Command Execution

The plugin does not prevent administrators from running arbitrary commands on the server in multisite installations, where only super-administrators should. PoC Use any WordPress plugin that allows the users to upload files with extension - ".php" is not required - for example: .jpg usually many...

7.2CVSS4.4AI score0.01012EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/07/19 12:0 a.m.24 views

Testimonials <= 3.0.1 - Contributor+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some parameters available to users with a role as low as contributor, allowing them to perform Stored Cross-Site Scripting attacks...

5.4CVSS3.8AI score0.00457EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2022/07/12 12:0 a.m.24 views

User Private Files < 1.1.3 - Subscriber+ Arbitrary File Upload

The plugin does not filter file extensions when letting users upload files on the server, which may lead to malicious code being uploaded. PoC 1 Create a file named exploit.php, which contains:...

8.8CVSS2.2AI score0.0078EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/07/05 12:0 a.m.24 views

Advanced WordPress Reset < 1.6 - Reflected Cross-Site Scripting

The plugin does not escape some generated URLs before outputting them back in href attributes of admin dashboard pages, leading to Reflected Cross-Site Scripting PoC - Completely reset the site using the plugin - Visit https://example.com/wp-admin/tools.php?page=advancedwpreset&"...

6.1CVSS0.6AI score0.00569EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/07/05 12:0 a.m.24 views

WordPress Popup <= 1.9.3.8 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfilteredhtml capability is disallowed for example in multisite setup PoC On...

4.8CVSS1.4AI score0.00511EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/07/04 12:0 a.m.24 views

Name Directory < 1.25.3 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting. Furthermore, as the payload is also saved into the database after the request, it leads to a Stored XSS as well PoC...

6.1CVSS0.5AI score0.00569EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/06/28 12:0 a.m.24 views

Custom Product Tabs for WooCommerce < 1.7.8 - Unauthenticated Toggle Content Setting Update

The plugin does not have proper authorisation in one of its REST endpoint, allowing unauthenticated users to update the "Toggle thecontent filter" setting PoC POST /wp-json/yikes/cpt/v1/settings HTTP/1.1 Accept: / Accept-Language: en-GB,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type:...

5.3CVSS2.3AI score0.01226EPSS
Exploits1Affected Software1
WPVulnDB
WPVulnDB
added 2022/06/15 12:0 a.m.24 views

Photo Gallery by Supsystic < 1.15.6 - Arbitrary Settings Update via CSRF

The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack PoC...

5.4CVSS5AI score0.00366EPSS
Exploits1Affected Software1
Total number of security vulnerabilities5000