Lucene search
K
WpvulndbMost viewed

14602 matches found

WPVulnDB
WPVulnDB
added 2017/01/11 12:0 a.m.74 views

WordPress 4.7 - User Information Disclosure via REST API

PoC http://www.example.com/wp-json/wp/v2/users...

5CVSS7.3AI score0.87299EPSS
Exploits7References3Affected Software1
WPVulnDB
WPVulnDB
added 2023/10/23 12:0 a.m.73 views

Royal Elementor Addons and Templates 1.4.78 - Unauthenticated Arbitrary File Upload

Description The plugin does not properly validate uploaded files, which could allow unauthenticated users to upload arbitrary files, such as PHP and achieve RCE. Note that this vulnerability is identical to https://wpscan.com/vulnerability/281518ff-7816-4007-b712-63aed7828b34/ as it was introduce...

9.8CVSS9.5AI score0.81695EPSS
Exploits18
WPVulnDB
WPVulnDB
added 2023/06/27 12:0 a.m.73 views

LearnDash LMS < 4.6.0.1 - User Account Takeover via Insecure Direct Object References

The plugin does not correctly manage access to system resources, resulting in Insecure Direct Object References. As a result, users can bypass authorization checks, leading to unauthorized changes to user passwords, potentially compromising administrator accounts...

8.8CVSS8.8AI score0.02233EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2022/09/06 12:0 a.m.73 views

BackupBuddy < 8.7.5 - Unauthenticated Arbitrary File Access

The plugin is affected by a Directory Traversal attack, allowing unauthenticated attackers to access arbitrary files on the web server, starting in version 8.5.8.0. PoC Install BackupBuddy v8.5.8.0 through v8.7.4.1. curl...

4.9AI score0.63761EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2022/05/18 12:0 a.m.73 views

Themify - WooCommerce Product Filter < 1.3.8 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape the page parameter before outputting it back in an attribute in an admin page, leading to a Reflected Cross-Site Scripting PoC...

6.1CVSS1.6AI score0.00815EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/10/27 12:0 a.m.72 views

Avada < 7.8.2 - Arbitrary Plugin Instalation/Activation via CRSF

Description The theme does not have CSRF check when installing and activating plugins, which could allow attackers to make logged admins install and activate arbitrary plugins via CSRF attacks...

8.8CVSS8.8AI score0.00457EPSS
Exploits0
WPVulnDB
WPVulnDB
added 2022/10/19 12:0 a.m.72 views

WP < 6.0.3 - Multiple Stored XSS via Gutenberg

Description The packaged Gutenberg does not escape data from some blocks before outputting ti back in pages, which could lead to Stored XSS issues. Affected blocks: Search, Feature Image, RSS and Widget...

5.9AI score
Exploits0References2
WPVulnDB
WPVulnDB
added 2022/10/17 12:0 a.m.72 views

WP < 6.0.3 - Stored XSS via wp-mail.php

WordPress does not properly sanitize some parameters when receiving a post by email, which could lead to Stored Cross-Site Scripting issue...

2.6AI score
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2022/02/28 12:0 a.m.72 views

Unauthorised AJAX Calls via Freemius

Description The plugins and themes use an insecure version of the Freemius Framework, which is lacking CSRF and/or authorisation in some of its AJAX actions. As a result, any authenticated users, such as subscriber could access the debug logs. Unauthenticated attackers could also make a logged in...

7AI score
Exploits0
WPVulnDB
WPVulnDB
added 2023/04/06 12:0 a.m.71 views

The7 < 11.6.1 - Reflected XSS

The plugin does not sanitise and escape a parameter from the legacy DT Flickr widget before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

7.1CVSS6AI score0.00382EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2022/04/27 12:0 a.m.71 views

Booking Calendar < 9.1.1 - PHP Object Injection

The plugin unserializes user data without being validated first, which could allow attackers to perform PHP object injection attack. If a timeline is published, unauthenticated attackers could perform such attack, otherwise any authenticated could. A suitable POP chain, from another plugin for...

8.8CVSS3.7AI score0.0171EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2022/04/12 12:0 a.m.71 views

Popup Maker < 1.16.5 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its Popup settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed PoC Popup Maker Create Popup Popup Settings Triggers Add New Cookie Add...

4.8CVSS1.4AI score0.55784EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2021/09/01 12:0 a.m.71 views

Gutenberg Template Library & Redux Framework < 4.2.13 - Unauthenticated Sensitive Information Disclosure

Some AJAX actions of the plugin, available to unauthenticated users and used for support features could allow attackers to obtain potentially sensitive information such as the PHP version, active plugins along with their versions, as well as the unsalted MD5 hashes of the site’s AUTHKEY and...

5.3CVSS2.7AI score0.28961EPSS
Exploits6References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/06/24 12:0 a.m.70 views

WooCommerce 8.8.0 - 8.9.2 - Reflected XSS

Description The plugin is vulnerable to Reflected Cross-Site Scripting due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an...

5.4CVSS5.4AI score0.00483EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/03/20 12:0 a.m.69 views

Automatic < 3.92.1 - Unauthenticated SQL Injection

Description The Automatic plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 3.92.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to...

9.9CVSS7.4AI score0.93971EPSS
Exploits16References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/02/15 12:0 a.m.69 views

Easy Panorama < 1.1.5 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5.9CVSS4.8AI score0.00442EPSS
Exploits1Affected Software1
WPVulnDB
WPVulnDB
added 2022/12/21 12:0 a.m.69 views

Fontsy <= 1.8.6 - Multiple Unauthenticated SQLi

The plugin does not properly sanitize and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection. PoC curl -i 'http://example.com/wp-admin/admin-ajax.php?action=getfonts' \ --data 'id=1 AND SELECT 1 FROM...

9.8CVSS0.5AI score0.04795EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/08/30 12:0 a.m.69 views

WP < 6.0.2 - Reflected Cross-Site Scripting

Description Plugin's deactivation and deletion error messages are not escaped when output in the plugins screen, which could lead to Reflected Cross-Site Scripting...

6.5AI score
Exploits0References1
WPVulnDB
WPVulnDB
added 2020/03/24 12:0 a.m.69 views

Multiple plugins - Unauthenticated Dompdf Local File Inclusion (LFI)

Multiple plugins were found to be vulnerable to the Dompdf unauthenticated Local File Inclusion LFI vulnerability CVE-2014-2383. PoC...

4.3CVSS0.6AI score0.39374EPSS
Exploits6References1Affected Software7
WPVulnDB
WPVulnDB
added 2023/11/29 12:0 a.m.68 views

Salient Core < 2.0.3 - Reflected Cross-Site Scripting

Description The salient-core plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via an unknown parameter in all versions up to, and including, 2.0.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitra...

7.1CVSS6.5AI score0.00412EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/10/13 12:0 a.m.68 views

Gutenberg < 16.8.1 - Contributor+ Stored XSS via Navigation Links Block

Description The plugin does not escape some of its Navigation block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

6.5CVSS5.6AI score0.00788EPSS
Exploits1Affected Software1
WPVulnDB
WPVulnDB
added 2014/11/27 11:44 a.m.68 views

Sexy Squeeze Pages - Cross Site Scripting (XSS)

The instasqueeze WordPress plugin was affected by a Cross Site Scripting XSS security vulnerability...

4.3CVSS1.5AI score0.02041EPSS
Exploits1References2Affected Software1
WPVulnDB
WPVulnDB
added 2021/04/20 12:0 a.m.67 views

Redirection for Contact Form 7 < 2.3.4 - Unauthenticated Arbitrary Nonce Generation

In the plugin, unauthenticated users can use the wpcf7rgetnonce AJAX action to retrieve a valid nonce for any WordPress action/function. PoC 'wpcf7rgetnonce', 'param' = 'ANY ACTION HERE' ; $output = curlexec$ch; curlclose$ch; printr$output; ?...

5CVSS4.1AI score0.07359EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2021/02/13 12:0 a.m.66 views

Theme Editor < 2.6 - Authenticated Arbitrary File Download

The plugin did not validate the GET file parameter before passing it to the downloadfile function, allowing administrators to download arbitrary files on the web server, such as /etc/passwd Edit WPScanTeam: The AJAX action wpajaxmkthemeeditorfileopen could also be used to achieve the same thing a...

5.2AI score0.01066EPSS
Exploits1Affected Software1
WPVulnDB
WPVulnDB
added 2019/10/14 12:0 a.m.66 views

WordPress <= 5.2.3 - Server-Side Request Forgery (SSRF) in URL Validation

...

7.5CVSS3.1AI score0.05243EPSS
Exploits0References3Affected Software1
WPVulnDB
WPVulnDB
added 2024/06/03 12:0 a.m.65 views

PDF.js < 4.2.67 - Arbitrary JavaScript Execution

Description PDF.js is vulnerable to Arbitrary JavaScript Execution in versions prior to 4.2.67. This is due to a missing type check when handling fonts. This makes it possible for authenticated attackers, with contributor-level or above permissions, to execute arbitrary JavaScript if they can...

6.5AI score0.72648EPSS
Exploits15References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/12 12:0 a.m.65 views

WooCommerce < 8.6.0 - Cross-Site Request Forgery

Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...

4.3CVSS7.1AI score0.00231EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/19 12:0 a.m.65 views

WPForms Pro < 1.8.5.4 - Unauthenticated Stored Cross-Site Scripting via Form Submission

Description The WPForms Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via form submission parameters in all versions up to, and including, 1.8.5.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

5.8CVSS6AI score0.0053EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/12/12 12:0 a.m.65 views

Backup Migration < 1.3.8 - Unauthenticated RCE

Description The plugin is vulnerable to Remote Code Execution via the /includes/backup-heart.php file. This is due to an attacker being able to control the values passed to an include, and subsequently leverage that to achieve remote code execution. This makes it possible for unauthenticated...

9.8CVSS10AI score0.97846EPSS
Exploits14References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/07/24 12:0 a.m.65 views

Jupiter X Core <= 2.5.0 - Unauthenticated Arbitrary File Download

Description The plugin does not have authorisation checks and does not validate file paths in the handlefiledownload function, allowing unauthenticated users to download arbitrary files from the server when the premium version of the plugin is activated...

7.5CVSS7.7AI score0.00987EPSS
Exploits1
WPVulnDB
WPVulnDB
added 2022/07/01 12:0 a.m.65 views

WP All Import < 3.6.8 - Admin+ Arbitrary File Upload

The plugin accepts all zip files and automatically extracts the zip file without validating the extracted file type. Allowing high privilege users such as admin to upload an arbitrary file like PHP, leading to RCE PoC As an admin upload a php file containing the palyload zipped along with a valid...

7.2CVSS0.2AI score0.01374EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2017/01/24 12:0 a.m.65 views

SEO Redirection < 4.3 - Stored Cross-Site Scripting (XSS)

The plugin was affected by a Stored XSS security vulnerability...

4.3CVSS1.5AI score0.00913EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2015/04/25 12:0 a.m.65 views

The7 Premium Theme < 2.1.1 - Cross-Site Scripting (XSS)

The the7 WordPress theme was affected by a Cross-Site Scripting XSS security vulnerability...

1.4AI score
Exploits0References2Affected Software1
WPVulnDB
WPVulnDB
added 2014/08/01 10:58 a.m.65 views

WordPress 1.5.1 - 3.5 XMLRPC Pingback API Internal/External Port Scanning

...

6.4CVSS1.7AI score0.28857EPSS
Exploits3References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/03/20 12:0 a.m.64 views

Automatic < 3.92.1 - Unauthenticated Arbitrary File Download and Server-Side Request Forgery

Description The WordPress Automatic Plugin plugin for WordPress is vulnerable to Server-Side Request Forgery and Arbitrary File Downloads in all versions up to, and including, 3.92.0. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from...

9.3CVSS6.5AI score0.72953EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/12/11 12:0 a.m.64 views

Popup Builder < 4.2.3 - Unauthenticated Stored XSS

Description The plugin does not prevent simple visitors from updating existing popups, and injecting raw JavaScript in them, which could lead to Stored XSS attacks. PoC 1 Create a popup using the plugin 2 Run the following curl command, switching $POPUPID with that popup's ID: curl --url...

6.1CVSS8.7AI score0.01999EPSS
Exploits4References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/01/13 12:0 a.m.64 views

MonsterInsights < 8.12.1 - Contributor+ Stored XSS

The plugin does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. PoC As a contributor, add an "Inline Popular Posts" to...

5.4CVSS1.6AI score0.00589EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/12/29 12:0 a.m.64 views

Multiple themes - Unauthenticated Arbitrary File Upload

Multiple themes from ChimpStudio and PixFill does not have any authorisation and upload validation in the langupload.php file, allowing any unauthenticated attacker to upload arbitrary files to the web server. PoC Create a malicious file "backdoor.php", then curl...

9.8CVSS1.5AI score0.02084EPSS
Exploits12Affected Software10
WPVulnDB
WPVulnDB
added 2018/02/14 12:0 a.m.64 views

Church Admin < 1.2550 - CSRF

The Church Admin WordPress plugin was affected by a CSRF security vulnerability...

6.8CVSS2.7AI score0.00649EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2024/02/09 12:0 a.m.63 views

Elementor < 3.19.1 - Authenticated(Contributor+) Arbitrary File Deletion and PHAR Deserialization

Description The Elementor Website Builder – More than Just a Page Builder plugin for WordPress is vulnerable to arbitrary file deletions and PHAR deserialization in version up to, and including 3.19.0. This is due to the plugin not providing sufficient path validation on the 'tmpname' parameter...

8.5CVSS7.4AI score0.00715EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/12 12:0 a.m.63 views

WooCommerce < 8.3.0 - Cross-Site Request Forgery

Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...

8.8CVSS6.9AI score0.00287EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/09/27 12:0 a.m.63 views

Bridge Core < 3.1.0 - Reflected XSS

Description The plugin does not sanitise and escape some parameters before outputting them back in the page, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

7.1CVSS6.1AI score0.00323EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2021/07/15 12:0 a.m.63 views

Woocommerce 3.3 to 5.5 - Authenticated Blind SQL Injection

The plugin was reported to be affected by a critical Authenticated Blind SQL Injection vulnerability. PoC http://www.example.com/wp-json/wc/store/products/collection-data?calculateattributecounts0taxonomy=a%252522%252529%252520or%252520sleep%25252810.1%252529%252523...

4CVSS6.3AI score0.01265EPSS
Exploits2References6Affected Software1
WPVulnDB
WPVulnDB
added 2017/09/19 12:0 a.m.63 views

WordPress 2.3.0-4.8.1 - $wpdb->prepare() potential SQL Injection

...

7.5CVSS2.6AI score0.10357EPSS
Exploits1References3Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/11 12:0 a.m.62 views

WPBakery Visual Composer < 7.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Post Title tag attribute

Description The wpbakery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Post Title tag attribute in all versions up to, and including, 7.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor...

6.4CVSS6AI score0.0032EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/08 12:0 a.m.62 views

Elementor Header & Footer Builder < 1.6.25 - Contributor+ Stored Cross-Site Scripting

Description The plugin is vulnerable to Stored Cross-Site Scripting via the flyoutlayout attribute in all versions up to, and including, 1.6.24 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access and above, to...

6.4CVSS5.9AI score0.00514EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2020/04/30 12:0 a.m.62 views

WordPress < 5.4.1 - Cross-Site Scripting (XSS) in wp-object-cache

Description WordPress' Object Cache that caches data from the database did not validate or encode the cache key. If an attacker managed to inject a malicious cache key that was then output in a third party plugin, it could lead to XSS...

6.1CVSS6.3AI score0.02139EPSS
Exploits0References4
WPVulnDB
WPVulnDB
added 2015/04/20 12:0 a.m.62 views

Multiple Easy Digital Downloads Plugins - Cross-Site Scripting Issue

Some of the extension were also vulnerable, but could not determine their slug/fixed version, such as the edd-amazon-s3 fixed in ??...

4.3CVSS3.5AI score0.00923EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2015/03/19 12:0 a.m.62 views

All-in-One WP Migration <= 2.0.4 - Unauthenticated Database Export

Unauthenticated users can export a complete copy of the WordPress database, all plugins, themes, and uploaded files...

2.6AI score
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2014/08/01 10:59 a.m.62 views

Contact Form 7 <= 3.7.1 - CAPTCHA Bypass

The Contact Form 7 WordPress plugin was affected by a CAPTCHA Bypass security vulnerability...

5CVSS6.3AI score0.03056EPSS
Exploits0References1Affected Software1
Total number of security vulnerabilities5000