Lucene search
K
WpvulndbMost viewed

14603 matches found

WPVulnDB
WPVulnDB
added 2018/08/16 12:0 a.m.24 views

Chained Quiz <= 1.0.8 - Unauthenticated SQL Injection

WordPress Plugin Plugin Chained Quiz before 1.0.9 allows remote unauthenticated users to execute arbitrary SQL commands via the 'answer' and 'answers' parameters. Technical details: Chained Quiz appears to be vulnerable to time-based SQL-Injection. The issue lies on the "$answer" backend variable...

7.5CVSS3.6AI score0.02686EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2018/05/01 12:0 a.m.24 views

Form Maker by WD < 1.12.24 - CSV Injection

The Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder WordPress plugin was affected by a CSV Injection security vulnerability...

6.8CVSS2.4AI score0.04672EPSS
Exploits5References3Affected Software1
WPVulnDB
WPVulnDB
added 2018/04/06 12:0 a.m.24 views

WordPress File Upload <= 4.3.3 - Cross-Site Scripting (XSS)

The WordPress File Upload WordPress plugin was affected by a Cross-Site Scripting XSS security vulnerability...

4.3CVSS1.5AI score0.03844EPSS
Exploits6References2Affected Software1
WPVulnDB
WPVulnDB
added 2018/02/20 12:0 a.m.24 views

Ninja Forms <= 3.2.13 - Cross-Site Scripting (XSS)

The Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress WordPress plugin was affected by a Cross-Site Scripting XSS security vulnerability...

4.3CVSS1.4AI score0.00775EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2018/01/31 12:0 a.m.24 views

PropertyHive <= 1.4.14 - Cross-Site Scripting (XSS)

The PropertyHive WordPress plugin was affected by a Cross-Site Scripting XSS security vulnerability...

4.3CVSS1.6AI score0.01654EPSS
Exploits0References2Affected Software1
WPVulnDB
WPVulnDB
added 2018/01/07 12:0 a.m.24 views

Social Media Widget by Acurax <= 3.2.5 - Stored XSS & CSRF

The Social Media Widget by Acurax WordPress plugin was affected by a Stored XSS & CSRF security vulnerability...

6.8CVSS3.2AI score0.00649EPSS
Exploits1References2Affected Software1
WPVulnDB
WPVulnDB
added 2018/01/01 12:0 a.m.24 views

Smart Google Code Inserter <= 3.4 - Unauthenticated Cross-Site Scripting (XSS)

The Smart Google Code Inserter WordPress plugin was affected by an Unauthenticated Cross-Site Scripting XSS security vulnerability...

7.5CVSS2AI score0.91477EPSS
Exploits5References2Affected Software1
WPVulnDB
WPVulnDB
added 2017/12/14 12:0 a.m.24 views

Multiple Mediaburst/Clockwork Plugins - Cross-Site Scripting (XSS)

Reflected XSS via GET parameter "to". Vulnerable Plugins: ------------------------------------------ 1. Clockwork Free and Paid SMS Notifications URL: https://wordpress.org/plugins/mediaburst-email-to-sms/ Version 2.0.3 | By Clockwork 2. Two-Factor Authentication - Clockwork SMS URL:...

4.3CVSS0.5AI score0.00951EPSS
Exploits2References1Affected Software8
WPVulnDB
WPVulnDB
added 2017/09/28 12:0 a.m.24 views

2kb Amazon Affiliates Store <= 2.1.0 - Authenticated Cross-Site Scripting (XSS)

Description The 2kb Amazon Affiliates Store WordPress plugin was affected by an Authenticated Cross-Site Scripting XSS security vulnerability...

6.1CVSS6.1AI score0.02892EPSS
Exploits1References2
WPVulnDB
WPVulnDB
added 2017/08/08 12:0 a.m.24 views

Updraftplus < 1.13.5 - XSS

The UpdraftPlus WordPress Backup Plugin WordPress plugin was affected by a XSS security vulnerability...

4.3CVSS1.8AI score0.00915EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2017/08/05 12:0 a.m.24 views

rk-responsive-contact-form 1.0 - Authenticated Blind SQL Injection

The rk-responsive-contact-form WordPress plugin was affected by an Authenticated Blind SQL Injection security vulnerability...

7.5CVSS2.9AI score0.02579EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
added 2017/07/22 12:0 a.m.24 views

wordpress-gallery-transformation 1.0 - Blind SQL Injection

The wordpress-gallery-transformation WordPress plugin was affected by a Blind SQL Injection security vulnerability...

7.5CVSS2.3AI score0.02024EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
added 2017/07/13 12:0 a.m.24 views

Download Manager <= 2.9.50 - Open Redirect

The WordPress Download Manager WordPress plugin was affected by an Open Redirect security vulnerability...

5.8CVSS2.6AI score0.01476EPSS
Exploits0References2Affected Software1
WPVulnDB
WPVulnDB
added 2017/06/11 12:0 a.m.24 views

WP Jobs <= 1.4 - Authenticated SQL Injection

The WP Jobs WordPress plugin was affected by an Authenticated SQL Injection security vulnerability...

6.5CVSS2.5AI score0.04929EPSS
Exploits4References1Affected Software1
WPVulnDB
WPVulnDB
added 2017/05/11 12:0 a.m.24 views

Delightful Downloads <= 1.6.6 - Unauthenticated Path Traversal

Since no authentication or authorisation checks for direct access to the jqueryFileTree.php are made, the vulnerability allows for browsing the file system on a host out of an unauthenticated context. Even though no file content can be exfiltrated this way, "hidden" files e.g. in the web...

5CVSS0.9AI score0.59063EPSS
Exploits7References1Affected Software1
WPVulnDB
WPVulnDB
added 2017/03/17 12:0 a.m.24 views

Invite Anyone <= 1.3.14 - Change of Email Invitation Content

The Invite Anyone WordPress plugin was affected by a Change of Email Invitation Content security vulnerability...

5CVSS2.7AI score0.01794EPSS
Exploits0References2Affected Software1
WPVulnDB
WPVulnDB
added 2017/03/14 12:0 a.m.24 views

Membership Simplified <= 1.58 - Unauthenticated Arbitrary File Download

The plugin is still affected and has been closed...

7.5CVSS3.7AI score0.16927EPSS
Exploits7References2Affected Software1
WPVulnDB
WPVulnDB
added 2017/03/06 12:0 a.m.24 views

WordPress 4.7-4.7.2 - Cross-Site Scripting (XSS) via Taxonomy Term Names

...

4.3CVSS6.2AI score0.0278EPSS
Exploits0References2Affected Software1
WPVulnDB
WPVulnDB
added 2017/02/23 12:0 a.m.24 views

Democracy Poll < 5.4 - CSRF & XSS

The Democracy Poll WordPress plugin was affected by a CSRF & XSS security vulnerability...

6.8CVSS2.4AI score0.00914EPSS
Exploits1Affected Software1
WPVulnDB
WPVulnDB
added 2017/02/16 12:0 a.m.24 views

Corner Ad < 1.0.8 - XSS

The Corner Ad WordPress plugin was affected by a XSS security vulnerability...

4.3CVSS2.5AI score0.00905EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2016/04/21 12:0 a.m.24 views

Echosign <= 1.1 - Reflected Cross-Site Scripting (XSS)

The Echo Sign WordPress plugin was affected by a Reflected Cross-Site Scripting XSS security vulnerability...

4.3CVSS1.6AI score0.01365EPSS
Exploits2References2Affected Software1
WPVulnDB
WPVulnDB
added 2016/02/08 12:0 a.m.24 views

Booking Calendar Contact Form < 1.0.24 - XSS & SQL Injection

The Booking Calendar Contact Form WordPress plugin was affected by a XSS & SQL Injection security vulnerability...

7.5CVSS2.1AI score0.01795EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2016/02/02 12:0 a.m.24 views

Connections <= 8.5.8 - Reflected Cross-Site Scripting (XSS)

Line 320 contains unfiltered user input for the search field being sent directly via echo back to the users browser via the ’s’ variable. In file includes/admin/pages/manage.php Line 320:...

4.3CVSS3.6AI score0.01791EPSS
Exploits0References2Affected Software1
WPVulnDB
WPVulnDB
added 2015/10/12 12:0 a.m.24 views

Pie-Register <= 2.0.18 - Authenticated Blind SQL Injection

The Pie Register – User Registration Forms. Invitation based registrations, Custom Login, Payments WordPress plugin was affected by an Authenticated Blind SQL Injection security vulnerability...

6.5CVSS2.3AI score0.01383EPSS
Exploits3References3Affected Software1
WPVulnDB
WPVulnDB
added 2015/10/11 12:0 a.m.24 views

Payment Form for PayPal Pro <= 1.0.1 - Multiple Reflected Cross-Site Scripting (XSS)

The Payment Form for PayPal Pro WordPress plugin was affected by a Multiple Reflected Cross-Site Scripting XSS security vulnerability...

4.3CVSS1.7AI score0.01791EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2015/09/15 12:0 a.m.24 views

CP Reservation Calendar <= 1.1.6 - Unauthenticated SQL Injection

The CP Reservation Calendar WordPress plugin was affected by an Unauthenticated SQL Injection security vulnerability...

7.5CVSS2.4AI score0.04824EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
added 2015/09/13 12:0 a.m.24 views

Postmatic <= 1.4.5 - Cross-Site Scripting (XSS)

The Replyable – Subscribe to Comments and Reply by Email WordPress plugin was affected by a Cross-Site Scripting XSS security vulnerability...

4.3CVSS1.1AI score0.00985EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2015/08/26 12:0 a.m.24 views

Navis DocumentCloud 0.1 - Unauthenticated Reflected Cross-Site Scripting (XSS)

The navis-documentcloud WordPress plugin was affected by an Unauthenticated Reflected Cross-Site Scripting XSS security vulnerability...

4.3CVSS1.7AI score0.07328EPSS
Exploits3References2Affected Software1
WPVulnDB
WPVulnDB
added 2015/08/25 12:0 a.m.24 views

Anti-Spam by CleanTalk < 5.22 - Unauthenticated Reflected Cross-Site Scripting (XSS)

The Spam protection, AntiSpam, FireWall by CleanTalk WordPress plugin was affected by an Unauthenticated Reflected Cross-Site Scripting XSS security vulnerability...

2AI score
Exploits0References2Affected Software1
WPVulnDB
WPVulnDB
added 2015/08/24 12:0 a.m.24 views

Googmonify <= 0.5.1 - CSRF & XSS

The Googmonify WordPress plugin was affected by a CSRF & XSS security vulnerability...

4.3CVSS2.7AI score0.01096EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
added 2015/08/20 12:0 a.m.24 views

Ultimate Member < 1.3.18 - Cross-Site Scripting (XSS)

The Ultimate Member – User Profile, User Registration, Login & Membership Plugin WordPress plugin was affected by a Cross-Site Scripting XSS security vulnerability...

4.3CVSS1.7AI score0.01046EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2015/08/10 12:0 a.m.24 views

Events Manager < 5.6 - Cross-Site Scripting (XSS) & Code Injection

The Events Manager WordPress plugin was affected by a Cross-Site Scripting XSS & Code Injection security vulnerability...

7.5CVSS2AI score0.021EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2015/07/05 12:0 a.m.24 views

S3Bubble <= 0.7 - Directory Traversal leading to Arbitrary File Access

The last time it was checked the plugin was still affected and had been closed...

5CVSS3.8AI score0.03725EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
added 2015/07/01 12:0 a.m.24 views

Powerplay Gallery - Arbitrary File Upload & SQL Injection

The wp-powerplaygallery WordPress plugin was affected by an Arbitrary File Upload & SQL Injection security vulnerability...

7.5CVSS3.4AI score0.04811EPSS
Exploits3References2Affected Software1
WPVulnDB
WPVulnDB
added 2015/05/29 12:0 a.m.24 views

WP Smiley <= 1.4.1 - CSRF & Cross-Site Scripting (XSS)

Cross-Site scripting XSS in smilies4wp.php in the WP Smiley plugin 1.4.1 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via the s4w-more parameter to wp-admin/options-general.php...

6.8CVSS3.4AI score0.01564EPSS
Exploits2References2Affected Software1
WPVulnDB
WPVulnDB
added 2015/04/20 12:0 a.m.24 views

Lattice < 1.1.4 - Unspecified XSS

The lattice WordPress theme was affected by an Unspecified XSS security vulnerability...

4.3CVSS2.2AI score0.00923EPSS
Exploits0References2Affected Software1
WPVulnDB
WPVulnDB
added 2015/03/13 12:0 a.m.24 views

Wpml < 3.1.9 - XSS

The wpml WordPress plugin was affected by a XSS security vulnerability...

4.3CVSS2.1AI score0.07034EPSS
Exploits1References3Affected Software1
WPVulnDB
WPVulnDB
added 2015/02/22 12:0 a.m.24 views

Google Doc Embedder <= 2.5.18 - Cross-Site Scripting (XSS)

The Google Doc Embedder WordPress plugin was affected by a Cross-Site Scripting XSS security vulnerability...

4.3CVSS1.6AI score0.02073EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
added 2015/02/11 12:0 a.m.24 views

Wordpress Video Gallery <= 2.7 - SQL Injection

The contus-video-gallery WordPress plugin was affected by a SQL Injection security vulnerability. PoC http://example.com/wp-admin/admin-ajax.php?action=rss=video=SQLi...

7.5CVSS1AI score0.4107EPSS
Exploits4References2Affected Software1
WPVulnDB
WPVulnDB
added 2015/01/12 4:2 p.m.24 views

Banner Effect Header 1.2.6 - XSS & CSRF

The Banner Effect Header WordPress plugin was affected by a XSS & CSRF security vulnerability...

6.8CVSS1.9AI score0.01151EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
added 2015/01/12 9:8 a.m.24 views

Pods <= 2.4.3 - Authenticated XSS & CSRF

The Pods – Custom Content Types and Fields WordPress plugin was affected by an Authenticated XSS & CSRF security vulnerability...

6.8CVSS2.5AI score0.02041EPSS
Exploits3References2Affected Software1
WPVulnDB
WPVulnDB
added 2014/12/14 12:0 a.m.24 views

Lightbox Photo Gallery 1.0 - CSRF/XSS

The lightbox-photo-gallery WordPress plugin was affected by a CSRF/XSS security vulnerability...

6.8CVSS2.3AI score0.01015EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
added 2014/09/20 12:0 a.m.24 views

W3 Total Cache 0.9.2.6-0.9.3 - Unauthenticated Arbitrary File Read

The W3 Total Cache WordPress plugin was affected by an Unauthenticated Arbitrary File Read security vulnerability...

5CVSS2.8AI score0.19396EPSS
Exploits4References2Affected Software1
WPVulnDB
WPVulnDB
added 2014/08/01 10:59 a.m.24 views

bib2html 0.9.3 - /OSBiB/create/index.php styleShortName Parameter XSS

The bib2html WordPress plugin was affected by a /OSBiB/create/index.php styleShortName Parameter XSS security vulnerability...

4.3CVSS2.2AI score0.01633EPSS
Exploits1References2Affected Software1
WPVulnDB
WPVulnDB
added 2014/08/01 10:59 a.m.24 views

Lazyest Gallery <= 1.1.20 - EXIF Script Insertion

The Lazyest Gallery WordPress plugin was affected by an EXIF Script Insertion security vulnerability...

2.6CVSS2.1AI score0.02072EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2014/08/01 10:59 a.m.24 views

LayerSlider 4.6.1 - Style Editing CSRF

The LayerSlider WordPress plugin was affected by a Style Editing CSRF security vulnerability...

3.8AI score
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2014/08/01 10:59 a.m.24 views

mTouch Quiz 3.0.6 - question.php quiz Parameter Reflected XSS

The mTouch Quiz WordPress plugin was affected by a question.php quiz Parameter Reflected XSS security vulnerability...

4.3CVSS2.3AI score0.02046EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
added 2014/08/01 10:58 a.m.24 views

click-to-copy-grab-box <= 0.1.1 - XSS in ZeroClipboard

The click-to-copy-grab-box WordPress plugin was affected by a XSS in ZeroClipboard security vulnerability...

4.3CVSS1.8AI score0.06316EPSS
Exploits4References2Affected Software1
WPVulnDB
WPVulnDB
added 2014/08/01 10:58 a.m.24 views

ed2k-link-selector <= 1.1.7 - XSS in ZeroClipboard

The ed2k-link-selector WordPress plugin was affected by a XSS in ZeroClipboard security vulnerability...

4.3CVSS1.8AI score0.06316EPSS
Exploits4References1Affected Software1
WPVulnDB
WPVulnDB
added 2014/08/01 10:58 a.m.24 views

Audio Player - player.swf playerID Parameter XSS

The audio-player WordPress plugin was affected by a player.swf playerID Parameter XSS security vulnerability...

4.3CVSS2.5AI score0.06414EPSS
Exploits1References2Affected Software1
Total number of security vulnerabilities5000