Lucene search
K
WpvulndbMost viewed

14603 matches found

WPVulnDB
WPVulnDB
added 2022/10/31 12:0 a.m.23 views

Content Egg < 5.5.0 - Multiple CSRF

The plugin does not have CSRF checks in some places, which could allow attackers to make logged in admins perform unwanted actions via CSRF attacks...

8.8CVSS5.4AI score0.00284EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2022/10/30 12:0 a.m.23 views

Advanced Dynamic Pricing for WooCommerce < 4.1.6 - Settings Import via CSRF

The plugin does not have CSRF check in place when importing its settings, which could allow attackers to make a logged in admin import them via a CSRF attack...

5.4CVSS5.6AI score0.00277EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2022/10/12 12:0 a.m.23 views

Accessibility < 1.0.4 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS2.6AI score0.00412EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2022/09/22 12:0 a.m.23 views

3D Tag Cloud <= 3.8 - Stored XSS via CSRF

The plugin does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack...

6.1CVSS4.4AI score0.00238EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2022/09/02 12:0 a.m.23 views

WP Cerber Security < 9.1 - Username Enumeration Bypass

The plugin does not properly validate the author was blocking request trying to enumerate usernames, which could allow attackers to bypass the protection offered...

5.3CVSS4.7AI score0.00688EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2022/08/31 12:0 a.m.23 views

Restricted Site Access < 7.3.2 - Access Bypass via IP Spoofing

The plugin prioritizes getting a visitor's IP from certain HTTP headers over PHP's REMOTEADDR, which makes it possible to bypass IP-based limitations in certain situations. PoC Set HTTPCFCONNECTINGIP or any of the other headers in getclientipaddress to spoof the IP address...

5.3CVSS2.6AI score0.00589EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/08/24 12:0 a.m.23 views

Ajax Load More < 5.5.4.1 - Admin+ Arbitrary File Read

The plugin does not properly validates paths generated with user input in the almrepeatersexport function, which could allow high privilege users to read arbitrary files form the server even when they should not be able to have access to any, for example in multisite setup This is due to an...

1.6AI score0.01355EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/08/22 12:0 a.m.23 views

Login No Captcha reCAPTCHA < 1.7 - IP Check Bypass

The plugin doesn't check the proper IP address allowing attackers to spoof IP addresses on the allow list and bypass the need for captcha on the login screen. PoC Set HTTPCLIENTIP, HTTPXFORWARDEDFOR or any other header in LoginNoCaptcha::getipaddress which is then checked against the whitelist an...

4.3CVSS2.2AI score0.0057EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/08/17 12:0 a.m.23 views

All-in-One Video Gallery 2.5.8 - 2.6.0 - Unauthenticated Arbitrary File Download & SSRF

The plugin does not validate the dl parameter which could allow unauthenticated users to download arbitrary files from the server, as well as perform SSRF attacks...

8.2CVSS4.6AI score0.25869EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2022/07/26 12:0 a.m.23 views

Feed Them Social < 3.0.1 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting PoC Both can be used against authenticated and unauthenticated users https://example.com/wp-admin/admin-ajax.php?action=ftsrefreshtokenajaxtoken=...

6.1CVSS0.8AI score0.04873EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/07/19 12:0 a.m.23 views

E Unlocked - Student Result <= 1.0.4 - Arbitrary File Upload via CSRF

The plugin is lacking CSRF and validation when uploading the School logo, which could allow attackers to make a logged in admin upload arbitrary files, such as PHP via a CSRF attack PoC The file will be uploaded to the /wp-content/uploads/result/rand.php, eg:...

8.8CVSS4.3AI score0.00443EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/07/18 12:0 a.m.23 views

Inspiro Premium < 7.2.3 - Contributor+ Stored Cross-Site Scripting

The plugin does not sanitize the portfolio slider description, allowing users with privileges as low as Contributor to inject JavaScript into the description. PoC Steps to reproduce: 1 As a Contributor, go to portfolio on the dashboard and add new item. 2 on the editing page that comes up, scroll...

5.4CVSS1.4AI score0.00495EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/07/05 12:0 a.m.23 views

AnyMind Widget <= 1.1 - Stored Cross-Site Scripting via CSRF

The plugin does not have CSRF check in place when updating the setWidgetId setting, and does not have sanitisation as well as escaping applied to it, which could allow attackers to make a logged in admin put a Cross-Site Scripting payload in it via CSRF attack...

4.6AI score0.01165EPSS
Exploits1Affected Software1
WPVulnDB
WPVulnDB
added 2022/07/05 12:0 a.m.23 views

Visualizer: Tables and Charts Manager for WordPress < 3.7.10 - Contributor+ PHAR Deserialization

The plugin does not validate the ‘remotedata’ parameter allowing contributor and above roles to call files using a PHAR wrapper that will deserialize the data and call arbitrary PHP objects when a POP chain is present...

3.8CVSS3.4AI score0.00572EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2022/07/04 12:0 a.m.23 views

Shareaholic < 9.7.6 - Information Disclosure

The plugin does not have proper authorisation check in one of the AJAX action, available to unauthenticated in v 9.7.5 and author+ in v9.7.5 users, allowing them to call it and retrieve various information such as the list of active plugins, various version like PHP, cURL, WP etc. PoC...

5.3CVSS1AI score0.01633EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/06/28 12:0 a.m.23 views

Import any XML or CSV File to WordPress < 3.6.8 - Admin+ Arbitrary Code Execution

The plugin allows high privilege users such as admin to import zip archives containing PHP files, which could allow admin of multisite setup to perform RCE attacks...

9.1CVSS5.3AI score0.0108EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2022/06/22 12:0 a.m.23 views

404s < 3.5.1 - Admin+ Stored Cross-Site Scripting

Description The plugin does not sanitise and escape its fields, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. PoC Create/edit a new 404 via the plugin and put the following payload in the "Please enter th...

4.8CVSS4.6AI score0.00493EPSS
Exploits2
WPVulnDB
WPVulnDB
added 2022/06/21 12:0 a.m.23 views

Best Contact Management Software <= 3.7.3 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. PoC Put the following payload in the "No Access Message" settings...

4.8CVSS3.2AI score0.00493EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/06/16 12:0 a.m.23 views

Rename wp-login.php <= 2.6.0 - Secret URL Update via CSRF

The plugin does not have CSRF check in place when updating the secret login URL, which could allow attackers to make a logged in admin change them via a CSRF attack PoC...

6.5CVSS4.2AI score0.00531EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/06/06 12:0 a.m.23 views

Login using WordPress Users < 1.13.4 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfilteredhtml capability is disallowed for example in multisite setup PoC Put the following payload in the "IDP Metadata" "Id...

4.8CVSS1.9AI score0.00625EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/06/01 12:0 a.m.23 views

Mobile Browser Color Select <= 1.0.1 - Stored Cross-Site Scripting via CSRF

The plugin is lacking CSRF check in its adminupdatedata function, which could allow attackers to make a logged in admin call it, and perform Stored Cross-Site Scripting attacks due to the lack of sanitisation and escaping in the processed user input...

8.8CVSS4.3AI score0.00831EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2022/05/31 12:0 a.m.23 views

MailPress <= 7.2.1 - Arbitrary Settings Update & Log Files Purge via CSRF

The plugin does not have CSRF checks in various places, which could allow attackers to make a logged in admin change the settings, purge log files and more via CSRF attacks PoC...

6.5CVSS4.9AI score0.00502EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/05/27 12:0 a.m.23 views

Easy Pricing Tables < 3.1.3 - Author+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some parameters, which could allow users with a role as low as author to perform Stored Cross-Site Scripting attacks...

4.8CVSS3.3AI score0.00528EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2022/05/26 12:0 a.m.23 views

Image Slider by NextCode <= 1.1.2 - Arbitrary Slide Deletion via CSRF

The plugin does not have CSRF in place when deleting slides, allowing attackers to make a logged in admin perform such action via a CSRF attack...

5.4CVSS6AI score0.00389EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2022/05/21 12:0 a.m.23 views

Slideshow, Image Slider by 2J <= 1.3.54 - Reflected Cross-Site Scripting

Description The plugin does not sanitise and escape a parameter before outputting it back in a page accessible to contributors and above, leading to a Reflected Cross-Site Scripting...

5.4CVSS5.4AI score0.00494EPSS
Exploits0
WPVulnDB
WPVulnDB
added 2022/05/18 12:0 a.m.23 views

WP-CRM <= 1.2.1 - CSV Injection

The plugin does not validate and sanitise fields when exporting people to a CSV file, leading to a CSV injection vulnerability. PoC 1. Add new person and put the following CSV calculator payload into the Display Name, Phone Number and Description field and save the entry. payload : =cmd|' /C...

7.8CVSS1.3AI score0.00988EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/05/11 12:0 a.m.23 views

WooCommerce Green Wallet Gateway < 1.0.2 - Reflected Cross Site Scripting in checkout page

The plugin does not escape the errorenvision query parameter before outputting it to the page, leading to a Reflected Cross-Site Scripting vulnerability. PoC 1. Enable greenwallet-gateway as a woocommerce payment gateway 2. add something in your cart and visit the checkout page 3. visit...

6.1CVSS1.4AI score0.00757EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/05/03 12:0 a.m.23 views

WP JS <= 2.0.6 - Reflected Cross-Site Scripting

The plugin contains a script called wp-js.php with the function wpjsadmin, that accepts unvalidated user input and echoes it back to the user, leading to a Reflected Cross-Site Scripting...

6.1CVSS1.2AI score0.01141EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2022/04/28 12:0 a.m.23 views

Hermit <= 3.1.6 - Unauthenticated SQLi

The plugin does not sanitise and escape the id parameter before using it in a SQL statement, leading to a SQL injection...

9.8CVSS1.6AI score0.01045EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2022/04/28 12:0 a.m.23 views

Footer Text <= 2.0.3 - Stored Cross-Site Scripting via CSRF

The plugin does not have CSRF in place when updating its settings, and is lacking sanitisation as well as escaping in them, which could allow attackers to make a logged in admin change them and perform Cross-Site Scripting attacks...

6.1CVSS4.4AI score0.00366EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2022/04/26 12:0 a.m.23 views

Sliderby10Web < 1.2.52 - Admin+ Stored Cross-Site Scripting

The plugin does not properly sanitize and escape some of its settings, which could allow high-privileged users such as admin to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed PoC Create/edit a slider, put the following payload in the CSS settings and save: The XSS wil...

4.8CVSS2.4AI score0.00995EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/04/25 12:0 a.m.23 views

3xSocializer <= 0.98.22 - Subscriber+ SQLi

Description The plugin does not sanitise and escape some parameter before using them in SQL statements, leading to SQL Injections...

8.8CVSS7.3AI score0.00813EPSS
Exploits0
WPVulnDB
WPVulnDB
added 2022/04/15 12:0 a.m.23 views

WP Maintenance < 6.0.6 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape multiple of its settings, which could allow high privileged users such as admin to perform Cross-Site Scripting attack when the unfilteredhtml is disallowed...

4.8CVSS3AI score0.00514EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2022/04/11 12:0 a.m.23 views

Photo Gallery < 1.6.3 - Reflected Cross-Site Scripting

The plugin does not properly sanitize the $GET'imageurl' variable, which is reflected back to the users when executing the editimagebwg AJAX action. PoC...

6.1CVSS3.9AI score0.00847EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2022/04/11 12:0 a.m.23 views

Visual Form Builder < 3.0.8 - Entries Deletion/Restoration via CSRF

The plugin does not enforce nonce checks which could allow attackers to make a logged in admin or editor delete and restore arbitrary form entries via CSRF attacks PoC Single entry trash: https://example.com/wp-admin/admin.php?page=vfb-entries=trash=2 Since entry permanent deletion:...

8.1CVSS1.8AI score0.00453EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
added 2022/04/05 12:0 a.m.23 views

Documentor <= 1.5.3 - Unauthenticated SQLi

The plugin fails to sanitize and escape user input before it is being interpolated in an SQL statement and then executed, leading to an SQL Injection exploitable by unauthenticated users. PoC curl https://example.com/wp-admin/admin-ajax.php --data 'action=docsearchresults==1 AND SELECT 6288 FROM...

9.8CVSS1.3AI score0.42764EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/03/30 12:0 a.m.23 views

Spam protection, AntiSpam, FireWall by CleanTalk < 5.174.1 - Reflected Cross-Site Scripting

The plugin does not not sanitise and escape the page parameter brief outputting it back in attributes in the /wp-admin/edit-comments.php?page=ctcheckspam and Users list dashboard, leading to Reflected Cross-Site Scripting issues...

6.1CVSS2.2AI score0.02886EPSS
Exploits3References1Affected Software1
WPVulnDB
WPVulnDB
added 2022/03/29 12:0 a.m.23 views

Anti-Malware Security and Brute-Force Firewall < 4.20.96 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape the QUERYSTRING before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting in browsers which do not encode characters PoC GET /wp-admin/admin.php?page=GOTMLSViewQuarantine=" HTTP/1.1 Cache-Control: max-age=0...

6.1CVSS2.3AI score0.03089EPSS
Exploits4Affected Software1
WPVulnDB
WPVulnDB
added 2022/03/29 12:0 a.m.23 views

Books & Papers <= 0.20210223 - Admin+ Stored Cross-Site Scripting

The plugin does not escape its Custom DB prefix settings, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed PoC Put the following payload in the Custom DB Prefix settings of the plugin: BooksnPapers"...

4.8CVSS2.4AI score0.00577EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/03/29 12:0 a.m.23 views

Donations <= 1.8 - Unauthenticated SQLi

The plugin does not sanitise and escape the nddonationsid parameter before using it in a SQL statement via the nddonationssinglecauseformvalidatefieldsphpfunction AJAX action available to unauthenticated users, leading to an unauthenticated SQL Injection PoC Create a new "Cause" and fill out the...

9.8CVSS0.7AI score0.01743EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/03/28 12:0 a.m.23 views

Easy Digital Downloads < 2.11.6 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape the Downloadable File Name in the Logs, which could allow high privilege users to perform Cross-Site Scripting attacks when the unfilteredhtml capability is disallowed PoC Create/edit a Download and put the following payload in the File Name field: Download...

4.8CVSS0.8AI score0.0065EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2022/03/28 12:0 a.m.23 views

Page Security & Membership <= 1.5.15 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed PoC Put the following payload in the "Force Public Pages" settings of the plugin...

4.8CVSS1.5AI score0.00588EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/03/22 12:0 a.m.23 views

Woo Product Table < 3.1.2 - Unauthenticated Arbitrary Function Call

The plugin does not have authorisation and CSRF checks in the wptadminupdatenoticeoption AJAX action available to both unauthenticated and authenticated users, as well as does not validate the callback parameter, allowing unauthenticated attackers to call arbitrary functions with either none or o...

9.8CVSS4.1AI score0.26586EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/03/22 12:0 a.m.23 views

Ad Injection <= 1.2.0.19 - Admin+ Stored Cross-Site Scripting & RCE

The plugin does not properly sanitize the body of the adverts injected into the pages, allowing a high privileged user Admin+ to inject arbitrary HTML or javascript even with unfilteredhtml disallowed, leading to a stored cross-site scripting XSS vulnerability. Further it is also possible to inje...

7.2CVSS0.5AI score0.40237EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/03/21 12:0 a.m.23 views

Yoo Slider < 2.1.0 - Arbitrary Slider Duplication/Deletion via CSRF

The plugin does not have CSRF in place when duplicating and deleting sliders, which could allow attackers to make logged in users perform such actions...

5.4CVSS5.4AI score0.00293EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2022/03/21 12:0 a.m.23 views

Image optimization & Lazy Load < 3.3.2 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape its "Lazyload background images for selectors" settings, which could allow high privilege users such as admin to perform Cross-Site scripting attacks even when the unfilteredhtml capability is disallowed. PoC Put the following payload in the Media Optimole...

4.8CVSS3.1AI score0.0073EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2022/03/21 12:0 a.m.23 views

Advanced Booking Calendar < 1.7.1 - Admin+ SQLi

The plugin does not sanitise and escape the id parameter when editing Calendars, which could allow high privilege users such as admin to perform SQL injection attacks PoC Edit an existing Seasons & Calendars /wp-admin/admin.php?page=advanced-booking-calendar-show-seasons-calendars and tamper the ...

7.2CVSS0.5AI score0.01461EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2022/03/14 12:0 a.m.23 views

KingComposer <= 2.9.6 - Subscriber+ Stored Cross-Site Scripting

The plugin does not have authorisation, CSRF and sanitisation/escaping when creating profile, allowing any authenticated users to create arbitrary ones, with Cross-Site Scripting payloads in them PoC Create profile: fetch"https://example.com/wp-admin/admin-ajax.php?action=kccreateprofile",...

5.4CVSS1.1AI score0.00627EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/03/14 12:0 a.m.23 views

Mark Posts < 2.0.1 - Admin+ Stored Cross-Site Scripting

The plugin does not escape new markers, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed PoC Put the following payload in the 'Add new markers' settings of the plugin: "autofocus onfocus=alert/XSS/ b=...

4.8CVSS2.9AI score0.00644EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2022/02/18 12:0 a.m.23 views

Zero Spam < 5.2.11 - Admin+ SQL Injection

The plugin does not properly sanitise and escape the order and orderby parameters before using them in a SQL statement in the admin dashboard, leading to a SQL injection PoC With at least one IP in the “Blocked IPs” list:...

9.8CVSS0.8AI score0.01997EPSS
Exploits2References2Affected Software1
Total number of security vulnerabilities5000