Lucene search
K
WpvulndbMost viewed

14603 matches found

WPVulnDB
WPVulnDB
added 2023/11/23 12:0 a.m.23 views

Amazonify <= 0.8.1 - Cross-Site Request Forgery to Amazon Tracking ID Update

Description The Amazonify plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.8.1. This is due to missing or incorrect nonce validation on the amazonifyOptionsPage function. This makes it possible for unauthenticated attackers to update the...

4.3CVSS6.7AI score0.00234EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2023/11/23 12:0 a.m.23 views

Up down image slideshow gallery < 12.1 - Authenticated (Subscriber+) SQL Injection via Shortcode

Description The Up down image slideshow gallery plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 12.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This make...

8.8CVSS9.6AI score0.0079EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/23 12:0 a.m.23 views

Better Elementor Addons <= 1.3.6 - Missing Authorization

Description The Better Elementor Addons plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the beaadminajax function hooked via an AJAX action in versions up to, and including, 1.3.6. This makes it possible for authenticated attackers, wit...

6.7AI score0.00166EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2023/11/23 12:0 a.m.23 views

Elementor Website Builder < 3.16.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via get_inline_svg()

Description The Elementor Website Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the getinlinesvg function in versions up to, and including, 3.16.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.5CVSS5.9AI score0.25337EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/23 12:0 a.m.23 views

LayerSlider < 7.7.10 - Authenticated (Contributor+) Stored Cross-Site Scripting

Description The LayerSlider plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 7.7.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject...

6.5CVSS5.9AI score0.00368EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/23 12:0 a.m.23 views

Weather Atlas Widget < 2.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

Description The Weather Atlas Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'shortcode-weather-atlas' shortcode in versions up to, and including, 1.2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS7.8AI score0.00575EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/23 12:0 a.m.23 views

AppPresser < 4.3.0 - Insecure Password Reset Mechanism

Description The AppPresser plugin for WordPress is vulnerable to unauthorized password resets in versions up to, and including 4.2.5. This is due to the plugin generating too weak a reset code, and the code used to reset the password has no attempt or time limit...

9.8CVSS7.4AI score0.00925EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/23 12:0 a.m.23 views

Betheme < 27.1.2 - Missing Authorization

Description The Betheme theme for WordPress is vulnerable to unauthorized access of functionality due to a missing capability check on one of its functions in versions up to, and including, 27.1.1. This makes it possible for authenticated attackers, with contributor-level access and above, to...

6.7AI score0.00289EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/23 12:0 a.m.23 views

Convertful – Your Ultimate On-Site Conversion Tool < 2.6 - Missing Authorization via add_woo_coupon

Description The Convertful – Your Ultimate On-Site Conversion Tool plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'addwoocoupon' REST function in versions up to, and including, 2.5. This makes it possible for unauthenticated...

7.1AI score0.00339EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/23 12:0 a.m.23 views

video carousel slider with lightbox 1.0 - Cross-Site Request Forgery

Description The video carousel slider with lightbox plugin for WordPress is vulnerable to Cross-Site Request Forgery in version 1.0. This is due to missing or incorrect nonce validation on the responsivevideogallerywithlightboxvideomanagementfunc function. This makes it possible for unauthenticat...

5.4CVSS6.4AI score0.00309EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/23 12:0 a.m.23 views

EasyRecipe <= 3.5.3251 - Cross-Site Request Forgery

Description The EasyRecipe plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.5.3251. This is due to missing nonce validation on several functions such as the saveStyle and updateCustomCSS functions. This makes it possible for unauthenticated...

8.8CVSS9.2AI score0.00208EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2023/11/16 12:0 a.m.23 views

Elementor Addon Elements < 1.12.8 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS7.8AI score0.00496EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/16 12:0 a.m.23 views

Contact form 7 Custom validation <= 1.1.3 - Unauthenticated SQLi

Description The plugin does not properly sanitise and escape the post parameter before using it in a SQL statement, leading to a SQL injection exploitable by unauthenticated uers...

9.8CVSS8AI score0.00566EPSS
Exploits0
WPVulnDB
WPVulnDB
added 2023/11/15 12:0 a.m.23 views

Auto Affiliate Links < 6.4.2.5 - Settings Update to Stored XSS via CSRF

Description The plugin does not have CSRF check when updating its settings, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack...

7.1CVSS6AI score0.00208EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/06 12:0 a.m.23 views

Limit Login Attempts Reloaded < 2.25.26 - Admin+ Missing Authorization to Toggle Plugin Auto-Update

Description The plugin is missing authorization on the toggleautoupdate AJAX action, allowing any user with a valid nonce to toggle the auto-update status of the plugin. PoC As an Admin, open the Limit Login Attempts page in WP Admin and run the following code in the browser console: nonce =...

4.3CVSS4.9AI score0.00454EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/06 12:0 a.m.23 views

WordPress Backup & Migration < 1.4.5 - Subscriber+ Stored XSS

Description The plugin does not sanitise and escape some parameters, which could allow users with a role as low as Subscriber to perform Cross-Site Scripting attacks. This was partially fixed in version 1.4.4 but it still allowed XSS attacks from Admin users. PoC fetch"/wp-admin/admin-ajax.php",...

5.4CVSS5.6AI score0.00426EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/03 12:0 a.m.23 views

Grid Plus < 1.3.4 - Subscriber+ Local File Inclusion

Description The plugin does not properly validate and sanitize shortcode attributes, leading to a Local File Inclusion vulnerability. This flaw could enable attackers to include and execute arbitrary PHP files on the server, potentially bypassing access controls, exposing sensitive data, or...

8.8CVSS8.8AI score0.01107EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/10/25 12:0 a.m.23 views

Open Graph Metabox <= 1.4.4 - CSRF

Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...

8.8CVSS6.5AI score0.00277EPSS
Exploits0References2
WPVulnDB
WPVulnDB
added 2023/10/23 12:0 a.m.23 views

Wp Ultimate Review <= 2.2.5 - CSRF

Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...

8.8CVSS9AI score0.00214EPSS
Exploits0
WPVulnDB
WPVulnDB
added 2023/10/20 12:0 a.m.23 views

Social Media Share Buttons & Social Sharing Icons < 2.8.6 - Arbitrary Settings Update via CSRF

Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...

8.8CVSS6.5AI score0.00222EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/10/20 12:0 a.m.23 views

Form Maker by 10Web < 1.15.19 - Unauthenticated Stored XSS

Description The plugin does not validate and escape some parameters, which could allow unauthenticated users to perform Stored Cross-Site Scripting attacks...

7.1CVSS6.2AI score0.00331EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/10/20 12:0 a.m.23 views

Magic Action Box <= 2.17.2 - Contributor+ Stored XSS

Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admin...

6.4CVSS6AI score0.00345EPSS
Exploits0
WPVulnDB
WPVulnDB
added 2023/10/17 12:0 a.m.23 views

Tiny Carousel Horizontal Slider <= 8.1 - Admin+ Stored XSS

Description The plugin does not validate and escape some parameters, which could allow users with the admin role and above to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5.9CVSS5.6AI score0.00335EPSS
Exploits0
WPVulnDB
WPVulnDB
added 2023/10/10 12:0 a.m.23 views

WP-CopyProtect <= 3.1.0 - Settings Update via CSRF

Description The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

8.8CVSS6.4AI score0.00214EPSS
Exploits0
WPVulnDB
WPVulnDB
added 2023/10/02 12:0 a.m.23 views

Popup contact form <= 7.1 - Admin+ Stored XSS

Description The plugin does not validate and escape some parameters, which could allow users with the admin role and above to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5.9CVSS6AI score0.00336EPSS
Exploits0
WPVulnDB
WPVulnDB
added 2023/09/21 12:0 a.m.23 views

Magee Shortcodes <= 2.1.1 - Contributor+ Stored XSS via shortcode

Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. PoC msalert...

5.4CVSS5.4AI score0.00403EPSS
Exploits2
WPVulnDB
WPVulnDB
added 2023/09/20 12:0 a.m.23 views

Allow PHP in Posts and Pages < 3.0.4 - Authenticated Remote Code Execution (RCE)

Description The Allow PHP in Posts and Pages plugin for WordPress is vulnerable to Remote Code Execution via the 'php' shortcode. This allows authenticated attackers with subscriber-level permissions or above, to execute code on the server...

9.9CVSS7.6AI score0.00748EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2023/09/07 12:0 a.m.23 views

Media Library Assistant < 3.10 - Unauthenticated Local/Remote File Inclusion & Remote Code Execution

Description The plugin is vulnerable to Local File Inclusion and Remote Code Execution in versions up to, and including, 3.09. This is due to insufficient controls on file paths being supplied to the 'mlastreamfile' parameter from the /includes/mla-stream-image.php file, where images are processe...

9.8CVSS9.6AI score0.82585EPSS
Exploits6References3Affected Software1
WPVulnDB
WPVulnDB
added 2023/09/06 12:0 a.m.23 views

Newsletter < 7.9.0 - Contributor+ Stored XSS

Description The plugin does not validate and escape some of its newsletterform shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

6.4CVSS5.6AI score0.00437EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2023/08/30 12:0 a.m.23 views

DoLogin Security < 3.7 - Unauthenticated Stored Cross-Site Scripting

Description The plugin does not properly sanitize IP addresses coming from the X-Forwarded-For header, which can be used by attackers to conduct Stored XSS attacks via WordPress' login form. PoC 1. Put javascript payload on html.cafe. const url = 'https://s…t/wp-admin/user-new.php'; fetchurl...

6.1CVSS5.9AI score0.00627EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2023/08/24 12:0 a.m.23 views

Jupiter X Core Premium < 3.3.8 - Unauthenticated Arbitrary File Upload

Description The plugin does not validate files to be uploaded via the ravenformfrontend AJAX action available to unauthenticated users, allowing them to upload arbitrary files on the server...

6.5AI score0.01374EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/08/18 12:0 a.m.23 views

Comments Like Dislike < 1.2.0 - Subscriber+ Settings Reset

Description The plugin does not have authorisation when resetting its settings, allowing ay authenticated users, such as subscriber to reset them via the restoresettings function hooked to an AJAX action...

5.3CVSS6.3AI score0.00787EPSS
Exploits4Affected Software1
WPVulnDB
WPVulnDB
added 2023/07/24 12:0 a.m.23 views

IURNY by INDIGITALL < 3.2.3 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC 1. Go to the plugin's settings. 2...

7.3AI score0.00405EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2023/07/20 12:0 a.m.23 views

ARMember (free and premium) - Admin+ Stored Cross-Site Scripting

Description The plugin does not sanitise and escape some parameters, which could allow users with a role of Admin and above to perform Cross-Site Scripting attacks...

5.9CVSS5.1AI score0.00388EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/07/19 12:0 a.m.23 views

T1 theme <= 19.0 - Open Redirect

Description The theme is vulnerable to unauthenticated open redirect with which any attacker and redirect users to arbitrary websites. PoC https://www.example.com/wp-content/themes/t1/page-templates/applyredirection.php?file=240317005410now=http://google.comjs=https://www.evil.com?...

6.4AI score0.0046EPSS
Exploits2
WPVulnDB
WPVulnDB
added 2023/07/18 12:0 a.m.23 views

myCred – Points, Rewards, Gamification, Ranks, Badges & Loyalty Plugin < 2.5.1 - Cross-Site Request Forgery

Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...

8.8CVSS6.5AI score0.00248EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/07/17 12:0 a.m.23 views

Falang multilanguage < 1.3.40 - Cross-Site Request Forgery

Description Cross-Site Request Forgery CSRF vulnerability in Faboba Falang multilanguage for WordPress plugin = 1.3.39 versions...

8.8CVSS8.9AI score0.00208EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/07/05 12:0 a.m.23 views

Media Library Helper by Codexin <= 1.2.0 - Cross-Site Request Forgery

The plugin does not properly validate requests using nonces, making it susceptible to Cross-Site Request Forgery CSRF attacks...

8.8CVSS6.8AI score0.00208EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/06/21 12:0 a.m.23 views

WooCommerce Product Vendors < 2.1.77 - Reflected XSS

The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin PoC Make a logged in admin open a page with the code below html...

7.1CVSS5.9AI score0.00382EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/06/21 12:0 a.m.23 views

WooCommerce Product Vendors < 2.1.77 - Vendor Admin+ SQLi

The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as Admin Vendor and above PoC As an Admin vendor, open the URL below...

7.4AI score0.00929EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/06/19 12:0 a.m.23 views

WP Sticky Social 1.0.1 - Stored XSS via CSRF

The plugin does not have CSRF check when updating its settings, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack...

8.8CVSS6AI score0.02304EPSS
Exploits4Affected Software1
WPVulnDB
WPVulnDB
added 2023/06/19 12:0 a.m.23 views

EventON < 2.1.2 - Unauthenticated Post Access via IDOR

The plugin does not validate that the eventid parameter in its eventonicsdownload ajax action is a valid Event, allowing unauthenticated visitors to access any Post including unpublished or protected posts content via the ics export functionality by providing the numeric id of the post. PoC...

5.3CVSS8.9AI score0.06116EPSS
Exploits5Affected Software1
WPVulnDB
WPVulnDB
added 2023/06/13 12:0 a.m.23 views

All Bootstrap Blocks < 1.3.7 - Cross-Site Request Forgery

The plugin does not properly validate user requests, leading to a potential Cross-Site Request Forgery CSRF vulnerability...

6.5CVSS6.8AI score0.0022EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/06/12 12:0 a.m.23 views

ND Shortcodes < 7.0 - Subscriber+ LFI

The plugin does not validate some shortcode attributes before using them to generate paths passed to include function/s, allowing any authenticated users such as subscriber to perform LFI attacks PoC Run the below command in the developer console of the web browser while being on the blog as a...

8.8CVSS8.3AI score0.01683EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2023/06/02 12:0 a.m.23 views

WooCommerce Box Office < 1.1.51 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks PoC tickets columns='111"...

5.5AI score0.00429EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/05/27 12:0 a.m.23 views

WP EasyCart < 5.4.9 - Multiple CSRFs

The plugin does not apply proper nonce validation routines in multiple AJAX requests, which makes it possible for attackers to trick an unsuspecting administrator into activating and deactivating products...

6.5CVSS6.8AI score0.00241EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/05/25 12:0 a.m.23 views

Video Contest WordPress <= 3.2 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5.9CVSS10AI score0.00369EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/05/24 12:0 a.m.23 views

JetFormBuilder < 3.0.7 - Cross-Site Request Forgery (CSRF)

The plugin does not protect some of its actions against CSRF attacks, allowing an unauthenticated attacker to perform actions on their behalf by tricking a logged in user to submit a crafted request...

8.8CVSS6.8AI score0.00256EPSS
Exploits0References2Affected Software1
WPVulnDB
WPVulnDB
added 2023/05/23 12:0 a.m.23 views

Ultimate Dashboard < 3.7.6 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC 1. Go to "Ultimate Dashboard - Settings -...

4.8CVSS4.9AI score0.0047EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2023/05/12 12:0 a.m.23 views

Download Manager < 3.2.71 - Contributor+ Stored Cross-Site Scripting

The plugin does not properly sanitize and escape user-supplied attributes in 'wpdmmembers', 'wpdmloginform', and 'wpdmregform' shortcodes, leading to Stored Cross-Site Scripting vulnerabilities...

6.4CVSS5.9AI score0.00646EPSS
Exploits2References1Affected Software1
Total number of security vulnerabilities5000