Lucene search
K
WpvulndbMost viewed

14603 matches found

WPVulnDB
WPVulnDB
added 2022/02/17 12:0 a.m.23 views

ARI Fancy Lightbox < 1.3.9 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape the msg parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting PoC https://example.com/wp-admin/admin.php?page=ari-fancy-lightbox=%3Cimg+src+onerror%3Dalert%28/XSS/%29%3E...

6.2AI score0.00863EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2022/02/11 12:0 a.m.23 views

Email Subscribers & Newsletters < 5.3.2 - Subscriber+ Blind SQL injection

The plugin does not correctly escape the order and orderby parameters to the ajaxfetchreportlist action, making it vulnerable to blind SQL injection attacks by users with roles as low as Subscriber. Further, it does not have any CSRF protection in place for the action, allowing an attacker to tri...

8.8CVSS2.3AI score0.04184EPSS
Exploits3Affected Software1
WPVulnDB
WPVulnDB
added 2022/01/26 12:0 a.m.23 views

WP RSS Aggregator < 4.20 - Reflected Cross-Site Scripting (XSS)

The plugin does not sanitise and escape the id parameter in the wprssfetchitemsrowaction AJAX action before outputting it back in the response, leading to a Reflected Cross-Site Scripting PoC Save the HTML below to a file with the .html extension, then open it in Firefox, while being authenticate...

6.1CVSS0.3AI score0.02228EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2022/01/17 12:0 a.m.23 views

MapPress Maps for WordPress < 2.73.4 - Reflected Cross-Site scripting

The plugin does not sanitise and escape the mapid parameter before outputting it back in the "Bad mapid" error message, leading to a Reflected Cross-Site Scripting PoC https://example.com/?mappiframe=1=--%3E%3Cimg%20src%20onerror=alert/XSS/%3E...

6.1CVSS0.1AI score0.02021EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/01/02 12:0 a.m.23 views

WP Photo Album Plus < 8.0.10 - Stored Cross-Site Scripting (XSS)

The plugin was vulnerable to Stored Cross-Site Scripting XSS. Error log content was handled improperly, therefore any user, even unauthenticated, could cause arbitrary javascript to be executed in the admin panel. PoC http://127.0.0.1:8001/?search-submit=img%20src%20onerror=alert1 Then the admin...

6.4CVSS6AI score0.00683EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2021/12/28 12:0 a.m.23 views

WP-DownloadManager < 1.68.7 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape some parameters before outputting them back in the page, leading to Reflected Cross-Site Scripting...

5.4CVSS1.8AI score0.00523EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2021/12/27 12:0 a.m.23 views

WP User Frontend < 3.5.26 - SQL Injection to Reflected Cross-Site Scripting

The plugin does not validate and escape the status parameter before using it in a SQL statement in the Subscribers dashboard, leading to an SQL injection. Due to the lack of sanitisation and escaping, this could also lead to Reflected Cross-Site Scripting PoC...

8.8CVSS0.1AI score0.1712EPSS
Exploits6References1Affected Software1
WPVulnDB
WPVulnDB
added 2021/12/22 12:0 a.m.23 views

Smart SEO Tool < 3.0.6 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape the search parameter before outputting it back in an attribute when the TDK optimisation setting is enabled, leading to a Reflected Cross-Site Scripting PoC With the "TDK optimization" setting enabled 7th page, first one: https://example.com/?s=123456"...

6.1CVSS0.2AI score0.00917EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2021/12/14 12:0 a.m.23 views

True Ranker < 2.2.4 - Unauthenticated Arbitrary File Access via Path Traversal

The plugin allows arbitrary files, including sensitive configuration files such as wp-config.php, to be accessed via the src parameter found in the /admin/vendor/datatables/examples/resources/examples.php file. PoC Exploit Authors: Nicole Sheinin, Liad Levy Tested on: MacOS !/usr/bin/env python3...

7.5CVSS0.7AI score0.78431EPSS
Exploits5References2Affected Software1
WPVulnDB
WPVulnDB
added 2021/12/06 12:0 a.m.23 views

Tab - Accordion, FAQ < 1.3.2 - Unauthenticated AJAX Calls

All AJAX actions of the plugin are available to both unauthenticated and authenticated users, allowing unauthenticated attackers to modify various data in the plugin, such as add/edit/delete arbitrary tabs. v1.3.0 added CSRF checks, however authorisation was still missing and has been added in...

7.5CVSS2.7AI score0.01196EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2021/11/22 12:0 a.m.23 views

Everest Forms < 1.8.0 - Reflected Cross-Site Scripting

The plugin does not escape the status parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting issue PoC The formid needs to be a valid one...

6.1CVSS0.4AI score0.00907EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2021/11/15 12:0 a.m.23 views

Inspirational Quote Rotator <= 1.0.0 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitize and escape some of its quote fields when adding/editing a quote as admin, leading to Stored Cross-Site scripting issues when the quote is output in the "Quotes list" even when the unfilteredhtml capability is disallowed PoC Add/edit a quote...

4.8CVSS5AI score0.00598EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2021/11/14 12:0 a.m.23 views

Contact Form Entries < 1.2.4 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape various parameters, such as formid, status, enddate, order, orderby and search before outputting them back in the admin page PoC...

6.1CVSS6.2AI score0.0682EPSS
Exploits4References1Affected Software1
WPVulnDB
WPVulnDB
added 2021/11/09 12:0 a.m.23 views

Get Custom Field Values < 4.0.1 - Contributor+ Stored Cross-Site Scripting

The plugin does not escape custom fields before outputting them in the page, which could allow users with a role as low as contributor to perform Cross-Site Scripting attacks PoC As a contributor, create a custom field in a post, with the following payload: Then add the following shortcode to the...

5.4CVSS5.1AI score0.00684EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2021/11/08 12:0 a.m.23 views

Registrations for the Events Calendar < 2.7.6 - Unauthenticated SQL Injection

The plugin does not sanitise and escape the eventid in the rtecsendunregisterlink AJAX action available to both unauthenticated and authenticated users before using it in a SQL statement, leading to an unauthenticated SQL injection. PoC The below request will send an email to [email protected]...

9.8CVSS9.3AI score0.07474EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2021/10/18 12:0 a.m.23 views

Email Log < 2.4.7 - Admin+ SQL Injection

The plugin does not properly validate, sanitise and escape the "orderby" and "order" GET parameters before using them in SQL statement in the admin dashboard, leading to SQL injections PoC https://example.com/wp-admin/admin.php?page=email-log=sentdate+AND+SELECT+3025 FROM+SELECTSLEEP5SBat=DESC...

8.8CVSS0.5AI score0.01292EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2021/10/14 12:0 a.m.23 views

Job Portal <= 0.0.1 - Admin+ Stored Cross-Site Scripting

The plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via several parameters found in the /admin/jobsfunction.php file which allowed attackers with administrative user access to inject arbitrary web scripts. This affects multi-site...

5.5CVSS4.1AI score0.0088EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
added 2021/10/14 12:0 a.m.23 views

WP Fastest Cache < 0.9.5 - Subscriber+ SQL Injection

The plugin does not escape user input in the seturlswithterms method before using it in a SQL statement, leading to an SQL injection exploitable by low privilege users such as subscriber...

4AI score0.01178EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
added 2021/10/11 12:0 a.m.23 views

Similar Posts < 3.1.6 - Admin+ Arbitrary PHP Code Execution

The plugin allow high privilege users to execute arbitrary PHP code in an hardened environment ie with DISALLOWFILEEDIT, DISALLOWFILEMODS and DISALLOWUNFILTEREDHTML set to true via the 'widgetrrmsimilarpostscondition' widget setting of the plugin. Vendor was notified in July 2021, the issue was...

7.2CVSS2.7AI score0.01514EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2021/10/07 12:0 a.m.23 views

Chameleon CSS <= 1.2 - Subscriber+ SQL Injection

The plugin does not have any CSRF and capability checks in all its AJAX calls, allowing any authenticated user, such as subscriber to call them and perform unauthorised actions. One of AJAX call, removecss, also does not sanitise or escape the cssid POST parameter before using it in a SQL...

8.8CVSS0.6AI score0.00712EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2021/10/07 12:0 a.m.23 views

G Auto-Hyperlink <= 1.0.1 - Admin+ SQL Injection

The plugin does not sanitise or escape an 'id' GET parameter before using it in a SQL statement, to select data to be displayed in the admin dashboard, leading to an authenticated SQL injection PoC https://plugins.trac.wordpress.org/browser/g-auto-hyperlink/trunk/g-auto-hyperlink.phpL271 Open the...

7.2CVSS0.2AI score0.06561EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2021/09/28 12:0 a.m.23 views

Cool Tag Cloud < 2.26 - Contributor+ Stored Cross-Site Scripting

The plugin does not escape the style attribute of the cooltagcloud shortcode, which could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks. PoC cooltagcloud style='" style="animation-name:twentytwentyone-close-button-transition" onanimationend="alert/XS...

5.4CVSS2.5AI score0.00629EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2021/09/27 12:0 a.m.23 views

Check & Log Email < 1.0.3 - Admin+ SQL Injections

The plugin does not validate and escape the "order" and "orderby" GET parameters before using them in a SQL statement when viewing logs, leading to SQL injections issues PoC With the 'Enable Log' settings of the plugin activated: -...

7.2CVSS0.6AI score0.01275EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2021/09/22 12:0 a.m.23 views

Ninja Forms < 3.5.8 - Unprotected REST-API to Email Injection

The plugin is vulnerable to arbitrary email sending via the triggeremailaction function found in the /includes/Routes/Submissions.php file, in versions up to and including 3.5.7. This allows authenticated attackers to send arbitrary emails from the affected server via the...

6.4CVSS0.8AI score0.00636EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2021/09/15 12:0 a.m.23 views

Dflip Lite < 1.7.10 - Contributor+ Stored Cross-Site Scripting

Description The plugin does not escape the class attribute of its shortcode before outputting it back in an attribute, which could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks PoC dflip class='"...

5.4CVSS5.3AI score0.00629EPSS
Exploits2
WPVulnDB
WPVulnDB
added 2021/09/08 12:0 a.m.23 views

SP Rental Manager <= 1.5.3 - Unauthenticated SQL Injection

The plugin is vulnerable to SQL Injection via the orderby parameter found in the /user/shortcodes.php file which allows attackers to retrieve information contained in a site’s database...

8.2CVSS5.4AI score0.01793EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
added 2021/08/23 12:0 a.m.23 views

Timetable and Event Schedule by MotoPress < 2.4.0 - Arbitrary User's Hashed Password/Email/Username Disclosure

The plugin outputs the Hashed Password, Username and Email Address along other less sensitive data of the user related to the Even Head of the Timeslot in the response when requesting the event Timeslot data with a user with the editposts capability. Combined with the other Unauthorised Event...

6.5CVSS0.2AI score0.01139EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2021/08/22 12:0 a.m.23 views

WordPress Page Contact <= 1.0 - Authenticated (editor+) SQL Injection

The Orders functionality in the plugin has an orderid parameter which is not sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection. The feature is available to low privilege users such as contributors PoC POST /wp-admin/admin.php?page=wpagecontact-plugin...

7.2CVSS1.4AI score0.01467EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2021/08/18 12:0 a.m.23 views

BuddyPress < 9.1.1 - Activation Key Disclosure

The plugin disclosed the activation key from responses of the createitem method in the BP REST API Signup controller...

1.8AI score
Exploits0References2Affected Software1
WPVulnDB
WPVulnDB
added 2021/08/13 12:0 a.m.23 views

Simple Behance Portfolio <= 0.2 - Reflected Cross-Site Scripting

The plugin is vulnerable to Reflected Cross-Site Scripting via the dark parameter in the /titan-framework/iframe-font-preview.php file which allows attackers to inject arbitrary web scripts...

6.1CVSS4.6AI score0.00895EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
added 2021/08/06 12:0 a.m.23 views

WP Fusion Lite < 3.37.30 - CSRF to Data Deletion

The plugin is vulnerable to Cross-Site Request Forgery via the showlogssection function found in the /includes/admin/logging/class-log-handler.php file which allows attackers to drop all logs for the plugin...

6.1CVSS4.6AI score0.0045EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2021/07/26 12:0 a.m.23 views

Simple Banner < 2.10.4 - Authenticated Stored XSS

The plugin does not sanitise and escape one of its settings, allowing high privilege users such as admin to use Cross-Site Scripting payload even when the unfilteredhtml capability is disallowed. PoC Put the following payload in the Simple Banner Text setting of the plugin: The XSS will be...

3.5CVSS1.6AI score0.00676EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2021/07/24 12:0 a.m.23 views

Diary & Availability Calendar <= 1.0.3 - Authenticated (subscriber+) SQL Injection

The daacdeletebookingcallback function, hooked to the daacdeletebooking AJAX action, takes the id POST parameter which is passed into the SQL statement without proper sanitisation, validation or escaping, leading to a SQL Injection issue. Furthermore, the ajax action is lacking any CSRF and...

6.5CVSS0.3AI score0.00821EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2021/07/24 12:0 a.m.23 views

Timeline Calendar <= 1.2 - Authenticated (admin+) SQL Injection

The plugin does not sanitise, validate or escape the edit GET parameter before using it in a SQL statement when editing events, leading to an authenticated SQL injection issue. Other SQL Injections are also present in the plugin PoC GET...

6.5CVSS1.9AI score0.01578EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2021/07/23 12:0 a.m.23 views

Alipay <= 3.7.2 - Authenticated SQL Injection

A proid GET parameter of the plugin is not sanitised, properly escaped or validated before inserting to a SQL statement not delimited by quotes, leading to SQL injection. PoC GET /wp-admin/options-general.php?page=wsalipay=edit=-5818%20UNION%20ALL%20SELECT...

6.5CVSS1.8AI score0.01547EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2021/07/21 12:0 a.m.23 views

Maintenance < 4.03 - Authenticated Stored XSS

The plugin does not sanitise or escape some of its settings, allowing high privilege users such as admin to se Cross-Site Scripting payload in them even when the unfilteredhtml capability is disallowed, which will be triggered in the frontend PoC POST /wp-admin/admin.php?page=maintenance HTTP/1.1...

3.5CVSS0.8AI score0.00617EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2021/07/20 12:0 a.m.23 views

KN Fix Your Title <= 1.0.1 - Authenticated Stored XSS

The plugin was vulnerable to Authenticated Stored XSS in the separator field. PoC 1. Install WordPress 5.7.2 2. Install and activate KN Fix Your Title 3. Navigate to Fix Title under Settings Tab Click on I have done this and enter the XSS payload into the Separator input field. 4. Click Save...

3.5CVSS1.2AI score0.0062EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2021/07/18 12:0 a.m.23 views

Photo Gallery < 1.5.75 - File Upload Path Traversal

The plugin did not ensure that uploaded files are kept inside its uploads folder, allowing high privilege users to put images/SVG anywhere in the filesystem via a path traversal vector PoC The below requests will put the xss.svg file into the /wp-content/uploads/ folder rather than...

4CVSS0.8AI score0.01893EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2021/07/07 12:0 a.m.23 views

WP Upload Restriction < 2.2.5 - Missing Access Control in getSelectedMimeTypesByRole

Missing access control in getSelectedMimeTypesByRole function allows authenticated users, such as subscribers, to retrieve approved mime types for any given role...

4.3CVSS4.5AI score0.007EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2021/06/29 12:0 a.m.23 views

FAQ Builder < 1.3.6 - Authenticated Blind SQL Injections

The getfaqs function in the plugin did not use whitelist or validate the orderby parameter before using it in SQL statements passed to the getresults DB calls, leading to SQL injection issues in the admin dashboard PoC SQLMAP: python sqlmap.py -r r.txt -p orderby --level 5 --risk 3 --dbms MySQL...

6.5CVSS0.01362EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2021/06/28 12:0 a.m.23 views

Tutor LMS < 1.9.2 - Authenticated Stored Cross-Site Scripting (XSS)

The plugin did not escape the Summary field of Announcements when outputting it in an attribute, which can be created by users as low as Tutor Instructor. This lead to a Stored Cross-Site Scripting issue, which is triggered when viewing the Announcements list, and could result in privilege...

3.5CVSS1.3AI score0.00747EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2021/06/22 12:0 a.m.23 views

CiviCRM < 5.24.3 - Authenticated Phar Deserialization

The plugin was vulnerable to Authenticated Phar Deserialization. The vulnerability was discovered by sonarsource. Update to versions 5.24.3 and above to patch the vulnerability...

8.8CVSS3.6AI score0.01478EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
added 2021/06/22 12:0 a.m.23 views

Poll, Survey, Questionnaire and Voting system < 1.5.3 - Unauthenticated Blind SQL Injection

The plugin did not sanitise, escape or validate the dateanswers POST parameter before using it in a SQL statement when sending a Poll result, allowing unauthenticated users to perform SQL Injection attacks PoC v 1.5.3 POST /wp-admin/admin-ajax.php?action=pollinsertvalues HTTP/1.1 Accept: /...

9.8CVSS0.6AI score0.46921EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2021/06/16 12:0 a.m.23 views

W3 Total Cache < 2.1.3 - Authenticated Stored XSS

The plugin did not sanitise or escape some of its CDN settings, allowing high privilege users to use JavaScript in them, which will be output in the page, leading to an authenticated Stored Cross-Site Scripting issue PoC Vulnerable parameters: cnames= 1, cdncnames= 2, cdncnames= 3. CDN Type:...

4.8CVSS0.1AI score0.00622EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2021/06/15 12:0 a.m.23 views

WP Google Maps < 8.1.13 - Multiple Admin+ Stored Cross-Site Scripting

The plugin does not sanitise some of its fields, which could lead to Stored Cross-Site Scripting issues...

3.5CVSS1.1AI score0.00585EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2021/06/07 12:0 a.m.23 views

WordPress Popular Posts < 5.3.3 - Authenticated Stored Cross-Site Scripting (XSS)

The plugin did not properly sanitise or escape its Default Thumbnail setting before outputting back in the page, leading to a stored Cross-Site Scripting issue PoC POST /wp-admin/options-general.php?page=wordpress-popular-posts=tools HTTP/1.1 Accept:...

5.4CVSS0.7AI score0.01442EPSS
Exploits1References2Affected Software1
WPVulnDB
WPVulnDB
added 2021/06/01 12:0 a.m.23 views

Fancy Product Designer < 4.6.9 - Unauthenticated Arbitrary File Upload and RCE

The plugin allows unauthenticated attackers to upload arbitrary files, resulting in remote code execution. The issue is being actively exploited, and no patch is available. Further details will be made available once pathed. PoC The Custom Product Designer plugin for WordPress offers the ability...

9.8CVSS1.6AI score0.47091EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2021/05/17 12:0 a.m.23 views

WP Prayer < 1.6.2 - Authenticated Stored Cross-Site Scripting (XSS)

The plugin provides the functionality to store requested prayers/praises and list them on a WordPress website. These stored prayer/praise requests can be listed by using the WP Prayer engine. An authenticated WordPress user with any role can fill in the form to request a prayer. The form to reque...

5.4CVSS0.5AI score0.00698EPSS
Exploits5References2Affected Software1
WPVulnDB
WPVulnDB
added 2021/04/26 12:0 a.m.23 views

Store Locator Plus <= 5.5.15 - Unauthenticated Stored Cross-Site Scripting (XSS)

There are several endpoints in the plugin that could allow unauthenticated attackers the ability to inject malicious JavaScript into pages. PoC The PoC will be displayed once the issue has been remediated...

4.3CVSS3.9AI score0.00826EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
added 2021/04/13 12:0 a.m.23 views

Import XML and RSS Feeds < 2.0.3 - Authenticated Server-side Request Forgery (SSRF)

The plugin is affected by a Server-side request forgery SSRF vulnerability via the data parameter in a moovereadxml action...

6.4CVSS5.2AI score0.14745EPSS
Exploits1References1Affected Software1
Total number of security vulnerabilities5000