Lucene search
K
WpvulndbMost viewed

14603 matches found

WPVulnDB
WPVulnDB
added 2021/04/06 12:0 a.m.23 views

WPBakery Page Builder Clipboard < 4.5.8 - Unauthorised Arbitrary License Options Update

An AJAX action registered by the plugin did not have capability checks, allowing low privilege users, such as subscribers, to update the license options key, email. PoC When logged in as a user with Subcriber role or greater, submit a request to wp-admin/admin-ajax.php with action =...

4CVSS2.2AI score0.00938EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2021/03/31 12:0 a.m.23 views

Goto - Tour & Travel < 2.0 - Unauthenticated Reflected XSS

The theme does not sanitise the keywords and startdate GET parameter on its Tour List page, leading to an unauthenticated reflected Cross-Site Scripting issue. PoC Payload:...

4.3CVSS0.2AI score0.02927EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2021/03/26 12:0 a.m.23 views

Patreon WordPress < 1.7.2 - Reflected XSS on Login Form

The Jetpack Scan team identified a Reflected Cross-Site Scripting in the Login Form of the plugin. The WordPress login form wp-login.php is hooked by the plugin and offers to allow users to authenticate on the site using their Patreon account. Unfortunately, some of the error logging logic behind...

6.8CVSS2.1AI score0.01874EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
added 2021/03/26 12:0 a.m.23 views

Patreon WordPress < 1.7.0 - Unauthenticated Local File Disclosure

The Jetpack Scan team identified a Local File Disclosure vulnerability in the plugin that could be abused by anyone visiting the site. Using this attack vector, an attacker could leak important internal files like wp-config.php, which contains database credentials and cryptographic keys used in t...

5CVSS1.9AI score0.05879EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
added 2021/03/23 12:0 a.m.23 views

GiveWP < 2.10.0 - Reflected Cross Site Scripting (XSS)

The plugin was affected by a reflected Cross-Site Scripting vulnerability inside of the administration panel, via the 's' GET parameter on the Donors page. PoC...

4.3CVSS1.6AI score0.0137EPSS
Exploits4References1Affected Software1
WPVulnDB
WPVulnDB
added 2021/02/24 12:0 a.m.23 views

NextGEN Gallery Pro < 3.1.11 - Reflected Cross-Site Scripting (XSS)

In the eCommerce module of NextGEN Gallery Pro, there is an action to call getcartitems via photocratiajax , after that the settingsshippingaddressname is able to inject malicious javascript. PoC On a page where a NextGEN Pro gallery is embed:...

2AI score
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2021/02/16 12:0 a.m.23 views

Ninja Forms < 3.4.34 - Authenticated SendWP Plugin Installation and Client Secret Key Disclosure

The AJAX action, wpajaxninjaformssendwpremoteinstallhandler, did not have a capability check on it, nor did it have any nonce protection, therefore making it possible for low-level users, such as subscribers, to install and activate the SendWP plugin and retrieve the clientsecret key needed to...

8.8AI score0.01439EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2021/02/12 12:0 a.m.23 views

Post SMTP Mailer/Email Log < 2.0.21 - CSRF Nonce Bypass

A user could bypass the nonce check associated with Export mail to CSV handleCsvExport function PoC Submit a request w/o the post-smtp-log-nonce parameter...

0.4AI score
Exploits0References2Affected Software1
WPVulnDB
WPVulnDB
added 2021/02/11 12:0 a.m.23 views

ElasticPress 3.5.2 - 3.5.3 - CSRF Nonce Bypass

A user could bypass the nonce check associated with re-sending the unaltered default search query to ElasticPress.io that is used for providing Autosuggest queries. Impacted plugin and version: ElasticPress versions 3.5.2 and 3.5.3. Fixed in version 3.5.4...

5.6AI score
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2021/02/08 12:0 a.m.23 views

Digital Publications by Supsystic <= 1.6.11 - Authenticated Stored Cross-Site Scripting (XSS)

When creating or editing a publication, all values such as Area Width, Publication Width are vulnerable to stored XSS. It is possible to store code in all input fields as the code does not sanitize any user input. v1.6.11 attempted to fix the issue by using sanitizetextfield, however the output i...

1.1AI score
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2021/01/25 12:0 a.m.23 views

Contact Form 7 Database Addon < 1.2.5.6 - CSV Injection

The plugin was prone to a vulnerability that lets remote attackers inject arbitrary formulas into CSV files. Attackers can possibly exploit this issue to execute arbitrary commands on the victim's system, by the use of Microsoft Excel DDE function, or to leak data via maliciously injected...

1.6AI score0.01244EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
added 2021/01/15 12:0 a.m.23 views

Simple Job Board < 2.9.4 - Authenticated Path Traversal Leading to Arbitrary File Download

The plugin does not validate the sjbfile parameter when viewing a resume, allowing authenticated user with the downloadresume capability such as HR users to download arbitrary files from the web-server via a path traversal attack PoC The sjbfile parameter to use may depends on the configuration o...

4CVSS2.5AI score0.30479EPSS
Exploits7References2Affected Software1
WPVulnDB
WPVulnDB
added 2021/01/06 12:0 a.m.23 views

iThemes Security < 7.7.0 - New-Password Requirements Not Enforced Until second Login

The plugin did not enforce new-password requirements for existing accounts until the second login occurred, which could leave an account configured with a potentially weak password until the user changes it...

5CVSS1.8AI score0.01292EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2020/10/05 12:0 a.m.23 views

Post Grid < 2.0.73 & Team Showcase < 1.22.16 - Authenticated Stored Cross-Site Scripting (XSS)

Ram Gall from Wordfence discovered an authenticated subscriber+ Stored Cross-Site Scripting XSS vulnerability in the Post Grid and Team Showcase WordPress plugins...

6CVSS6.9AI score0.01651EPSS
Exploits2References3Affected Software2
WPVulnDB
WPVulnDB
added 2020/09/22 12:0 a.m.23 views

Ninja Forms < 3.4.27.1 - CSRF leading to Arbitrary Plugin Installation

The plugin is affected by a Cross-Site Request Forgery CSRF which could allow attackers to make a logged administrator install an arbitrary plugin from the WordPress repository. PoC http://example.com/wp-admin/admin-ajax.php?action=nfservicesinstall=wpscanpath=wpscan/wpscan.php...

4.3CVSS3.4AI score0.00593EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
added 2020/09/06 12:0 a.m.23 views

ActiveCampaign < 8.0.2 - Cross-Site Request Forgery in Settings

The ActiveCampaign 8.0.1 plugin is lacking CSRF check on its Settings form, which could allow attacker to make a logged-in administrator change API Credentials to attacker's account. PoC When a logged-in administrator accesses an HTML page embedded below content, the plugin's setting will be...

2.4AI score0.00474EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2020/07/15 12:0 a.m.23 views

Golo < 1.3.3 - Unauthenticated Reflected XSS

An Unauthenticated Reflected XSS vulnerability was discovered in the Golo theme v1.3.2 for WordPress. PoC https://example.com/?s=%22%3E%3Cimg+src%3Dx+onerror%3DalertXSS%2F%2F%22%3Etype=place...

1AI score
Exploits0References3Affected Software1
WPVulnDB
WPVulnDB
added 2020/07/09 12:0 a.m.23 views

KingComposer < 2.9.5 - Unauthenticated Reflected Cross-Site Scripting

A reflected Cross-Site Scripting XSS Vulnerability in the KingComposer plugin through 2.9.4 for WordPress allows remote attackers to trick a victim into submitting an installonlinepreset AJAX request containing base64-encoded JavaScript in the kc-online-preset-data POST parameter that is executed...

4.3CVSS4.7AI score0.4696EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
added 2020/07/02 12:0 a.m.23 views

Payment Form For Paypal Pro < 1.1.65 - Unauthenticated SQL Injection

The 'query' parameter allowed for any unauthenticated user to perform SQL queries with result output to a web page in JSON format. PoC https://example.com/?cffaction=getdatafromdatabase=SELECT%20%20from%20wpposts...

7.5CVSS0.8AI score0.9453EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
added 2020/06/28 12:0 a.m.23 views

Nexos - Real Estate < 1.8 - Unauthenticated Reflected XSS & SQL Injection

Unauthenticated Reflected XSS and SQL Injection vulnerabilities were discovered in the «Nexos - Real Estate WordPress Theme», tested version — v1.7. June 17th, 2020 - Confirmed & Escalated to Envato. June 19th, 2020 - v1.8 released. Fixing the issues. PoC PoC Unauthenticated Reflected XSS:...

5CVSS0.3AI score0.05901EPSS
Exploits7References1Affected Software1
WPVulnDB
WPVulnDB
added 2020/06/03 12:0 a.m.23 views

AdRotate < 5.8.4 - Authenticated SQL Injection

Authenticated SQL injection in the AdRotate 5.8.3.1 exists via param "id". However, this requires an admin privileged user. NOTE: The plugin author mistook this SQLi bug for XSS but the remedy remains OK. PoC Param "id" is vulneable to SQL Injeciton. Example 1:...

1.8AI score0.01231EPSS
Exploits2References2Affected Software1
WPVulnDB
WPVulnDB
added 2020/05/07 12:0 a.m.23 views

Iframe < 4.5 - Authenticated Stored Cross Site Scripting (XSS)

The iframe plugin before 4.5 does not sanitize a URL. PoC iframe src="javascript:alertdocument.cookie" width="100%" height="500"...

4.3CVSS1.5AI score0.02006EPSS
Exploits1Affected Software1
WPVulnDB
WPVulnDB
added 2020/04/14 12:0 a.m.23 views

Accordion < 2.2.9 - Unprotected AJAX Action to Stored/Reflected XSS

This flaw allowed any authenticated user with subscriber-level and above permissions the ability to import a new accordion and inject malicious Javascript as part of the accordion. PoC POST /wp-admin/admin-ajax.php HTTP/1.1 Host: URL Accept: / X-Requested-With: XMLHttpRequest User-Agent:...

3.5CVSS0.6AI score0.00766EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2020/04/01 12:0 a.m.23 views

LearnDash < 3.1.6 - Unauthenticated SQL Injection

The sfwd-lms WordPress plugin was affected by an Unauthenticated SQL Injection security vulnerability...

7.5CVSS3.1AI score0.0184EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2020/03/13 12:0 a.m.23 views

WordPress File Upload < 4.13.0 - Directory Traversal to RCE

WordPress File Upload plugin directory traversal. It's possible to use the directory traversal to gain RCE by uploading a file doesn't matter the extension inside the /lib directory of the plugin. More details here https://github.com/beerpwn/CVE/tree/master/WP-File-Uploaddisclosurereport...

7.5CVSS1.4AI score0.08584EPSS
Exploits1References2Affected Software1
WPVulnDB
WPVulnDB
added 2020/03/05 12:0 a.m.23 views

Contact Form by WPForms < 1.5.9 - Authenticated Cross-Site Scripting (XSS)

The popular WordPress plugin, WPForms, was found to be vulnerable to Authenticated Cross-Site Scripting XSS. The Form Description and Field Description fields in the WPForms plugin’s Form Builder module was found to be vulnerable to stored XSS, as they did not sanitize user given input properly...

3.5CVSS1.6AI score0.04428EPSS
Exploits6References4Affected Software1
WPVulnDB
WPVulnDB
added 2020/02/18 12:0 a.m.23 views

ThemeREX Addons - Remote Code Execution

"This flaw allows attackers to remotely execute code on a site with the plugin installed, including the ability to execute code that can inject administrative user accounts." Note WPScanTeam: There are major version inconsistencies in the trxaddons shipped with the affected themes. As a result, a...

7.5CVSS2.7AI score0.08877EPSS
Exploits2References3Affected Software1
WPVulnDB
WPVulnDB
added 2020/02/16 12:0 a.m.23 views

Popup Builder < 3.0 - SQL injection via PHP Deserialization

The Popup Builder plugin 2.2.8 through 2.6.7.6 for WordPress is vulnerable to SQL injection via PHP Deserialization on attacker-controlled data with the attachmentUrl POST variable. This allows creation of an arbitrary WordPress Administrator account, leading to possible Remote Code Execution...

7.5CVSS5.6AI score0.0856EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2020/01/14 12:0 a.m.23 views

Elementor < 2.7.5 - Authenticated Arbitrary File Upload

The Elementor plugin version 2.7.4 and below was found to be vulnerable to an arbitrary file upload. Due to the application not handling zip files with directories properly an attacker could upload php files which were executable, this allowed any user able to import templates WordPress role...

9CVSS3.7AI score0.03072EPSS
Exploits1References2Affected Software1
WPVulnDB
WPVulnDB
added 2020/01/13 12:0 a.m.23 views

Ultimate Member < 2.1.3 - Insecure Direct Object Reference (IDOR)

IDOR issues allowing change of other users' profiles and cover photos...

5CVSS3.4AI score0.02168EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2020/01/10 12:0 a.m.23 views

EasyBook < 1.2.2 - Multiple Vulnerabilities

Multiple vulnerabilities was discovered in the 'EasyBook – Directory & Listing WordPress Theme', tested version — v1.2.1: - Unauthenticated Reflected XSS - Authenticated Persistent XSS - IDOR December 27th, 2019 - Envato Contacted January 6th, 2020 - Envato Investigating January ??th, 2020 -...

6.4CVSS6.4AI score0.03243EPSS
Exploits7References1Affected Software1
WPVulnDB
WPVulnDB
added 2019/10/14 12:0 a.m.23 views

WordPress <= 5.2.3 - Stored XSS in Style Tags

...

4.3CVSS1.2AI score0.01766EPSS
Exploits0References2Affected Software1
WPVulnDB
WPVulnDB
added 2019/09/10 12:0 a.m.23 views

SlickQuiz <= 1.3.7.1 - Authenticated SQL Injection

The last time it was checked the plugin was still affected and had been closed...

6.5CVSS3.1AI score0.02347EPSS
Exploits3References2Affected Software1
WPVulnDB
WPVulnDB
added 2019/09/09 12:0 a.m.23 views

LifterLMS <= 3.34.5 - Unauthenticated Options Import

Unauthenticated Options Import, which could lead to - Website Redirection - Administrator Account Creation - Content Injection - Stored XSS The issues have been reported as fixed in 3.35.0. However v3.35.1 added additional input sanitisation and filtering...

7.5CVSS1.5AI score0.07453EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
added 2019/09/02 12:0 a.m.23 views

Event Tickets <= 4.10.7.1 - CSV Injection

The Event Tickets WordPress plugin was affected by a CSV Injection security vulnerability...

6.5CVSS2.8AI score0.03194EPSS
Exploits1References2Affected Software1
WPVulnDB
WPVulnDB
added 2019/08/09 12:0 a.m.23 views

Woody Ad Snippets < 2.2.6 - Arbitrary Post Deletion

The adminInit function of the admin/includes/class.actions.snippets.php file, registered as an admininit hook did not have any CSRF or capability checks for its close action, allowing unauthenticated users to delete arbitrary posts from the blog PoC...

6.4CVSS2.3AI score0.0163EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2019/07/28 12:0 a.m.23 views

WP Fastest Cache <= 0.8.9.5 - Directory Traversal

The WP Fastest Cache WordPress plugin was affected by a Directory Traversal security vulnerability...

6.4CVSS3.2AI score0.45361EPSS
Exploits1References4Affected Software1
WPVulnDB
WPVulnDB
added 2019/07/27 12:0 a.m.23 views

Pirate Forms < 2.5.2 - HTML Injection & CSRF

The Contact Form & SMTP Plugin for WordPress by PirateForms WordPress plugin was affected by a HTML Injection & CSRF security vulnerability...

0.8AI score
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2019/07/09 12:0 a.m.23 views

Gallery Photoblocks < 1.1.43 - Authenticated Reflected XSS

The Gallery PhotoBlocks WordPress plugin was affected by an Authenticated Reflected XSS security vulnerability. PoC When logged in with an account with administrator capabilities: https:///wp-admin/admin.php?page=photoblocks-edit="...

3.5CVSS0.9AI score0.01318EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
added 2019/07/05 12:0 a.m.23 views

WP Like Button <= 1.6.0 - Auth Bypass

Authentication Bypass vulnerability in the WP Like Button Free plugin version 1.6.0 allows unauthenticated attackers to change the settings of the plugin. The contains function in wplikebutton.php did not check if the current request is made by an authorized user, thus allowing any unauthenticate...

5CVSS4.9AI score0.45095EPSS
Exploits5References3Affected Software1
WPVulnDB
WPVulnDB
added 2019/06/27 12:0 a.m.23 views

WebP Converter for Media <= 1.0.2 - Cross-Site Request Forgery (CSRF)

The WebP Converter for Media WordPress plugin was affected by a Cross-Site Request Forgery CSRF security vulnerability...

6.8CVSS3.3AI score0.00709EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2019/06/13 12:0 a.m.23 views

WP-Members <= 3.2.7 - Cross-Site Request Forgery (CSRF)

No CSRF Protection on Add new Fields. Can also Edit and Delete fields the same way. PoC 1.Download csrfwp-members.html 2.Change URL in html file.FORM ACTION. 3.Submit Request. Video POC : https://drive.google.com/file/d/1TuJK0NjxznjTDmoJF5wbGu2vMAXXikw/view?usp=sharing HTMLFILE :...

6.8CVSS0.7AI score0.0068EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
added 2019/05/25 12:0 a.m.23 views

Hostel Plugin <= 1.1.3 - Unauthenticated Stored XSS

This vulnerability allows any user can inject Javascript code and the code will be executed on the admin side when he visits the Bookings Page Authentication Required:No Affected Version: 1.1.3 or possibly below Fixed version:1.1.4...

4.3CVSS3.3AI score0.01165EPSS
Exploits0References2Affected Software1
WPVulnDB
WPVulnDB
added 2019/04/16 12:0 a.m.23 views

Option Tree < 2.7.0 - PHP Object Injection

The OptionTree WordPress plugin was affected by a PHP Object Injection security vulnerability...

7.5CVSS1.7AI score0.02147EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2019/04/05 12:0 a.m.23 views

Form Maker by 10Web < 1.13.5 - Cross-Site Request Forgery (CSRF) to LFI

Form Maker by WD plugin suffers from a CSRF issue that could lead to an LFI attack...

6.8CVSS3.3AI score0.01169EPSS
Exploits1References4Affected Software1
WPVulnDB
WPVulnDB
added 2019/02/14 12:0 a.m.23 views

Booking < 8.4.5.15 - SQL Injection

The Booking Calendar WordPress plugin was affected by a SQL Injection security vulnerability...

6.5CVSS2.2AI score0.18906EPSS
Exploits5References4Affected Software1
WPVulnDB
WPVulnDB
added 2019/02/05 12:0 a.m.23 views

WP Live Chat Support < 8.0.18 - Cross-Site Scripting (XSS)

The 3CX Live Chat WordPress plugin was affected by a Cross-Site Scripting XSS security vulnerability...

4.3CVSS1.2AI score0.01377EPSS
Exploits2References2Affected Software1
WPVulnDB
WPVulnDB
added 2018/11/29 12:0 a.m.23 views

LoginPress <= 1.1.15 - Authenticated Blind SQL Injection

Blind time-based SQL injection, combined with lack of permission check resulted in an unauthorised attack which can be performed by any user on the site including subscriber profiles. 1. Lack of permission check in settings import Similar to our recent analysis, this vulnerability was also caused...

0.8AI score
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2018/11/08 12:0 a.m.23 views

WP GDPR Compliance <= 1.4.2 - Unauthenticated Call Any Action or Update Any Option

The plugin WP GDPR Compliance allows unauthenticated users to execute any action and to update any database value. If the request data form is available for unauthenticated users, even unauthenticated users are able to do this. See references for discussion of the issue. The problem is in the fil...

7.5CVSS2.5AI score0.87294EPSS
Exploits4References3Affected Software1
WPVulnDB
WPVulnDB
added 2018/10/08 12:0 a.m.23 views

WPML <= 3.6.3 - Unauthenticated Stored Cross-Site Scripting (XSS)

The sitepress-multilingual-cms WordPress plugin was affected by an Unauthenticated Stored Cross-Site Scripting XSS security vulnerability. PoC POST /wp-admin/admin.php?page=sitepress-multilingual-cms-3.6.3%2Fmenu%2Ftheme-localization.php HTTP/1.1 Host: localhost User-Agent: Mozilla/5.0 Windows NT...

4.3CVSS0.5AI score0.13207EPSS
Exploits2References1Affected Software1
Total number of security vulnerabilities5000