Lucene search
K
WpvulndbMost viewed

14602 matches found

WPVulnDB
WPVulnDB
added 2023/11/24 12:0 a.m.61 views

Redirection for Contact Form 7 < 3.0.0 - Missing Authorization

Description The Redirection for Contact Form 7 plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the exportcurrentfilteredview function hooked via admininit in versions up to, and including, 2.9.2. This makes it possible for unauthenticated...

6.4AI score0.00608EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2022/08/01 12:0 a.m.61 views

Advanced Custom Fields 5.0-5.12.2 - Unauthenticated File Upload

The plugin allows unauthenticated users to upload files allowed in a default WP configuration so PHP is not possible if there is a frontend form available. This vulnerability was introduced in the 5.0 rewrite and did not exist prior to that release. By default WordPress does not allow uploading o...

8.8CVSS1.7AI score0.01264EPSS
Exploits2References1Affected Software2
WPVulnDB
WPVulnDB
added 2022/06/20 12:0 a.m.61 views

WooCommerce < 6.6.0 - Admin+ Stored HTML Injection

The plugin is vulnerable to stored HTML injection due to lack of escaping and sanitizing in the payment gateway titles PoC Go to WooCommerce - Settings - Payments tab, enable BAC Bank Account Transfers and edit the title in the setup dialog. HTML can be injected there, and will be rendered both f...

4.8CVSS1.3AI score0.00559EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2017/09/25 12:0 a.m.61 views

WordPress 3.0-4.8.1 - Path Traversal in Unzipping

Description A path traversal vulnerability was discovered in the file unzipping code...

7.5CVSS8.2AI score0.13385EPSS
Exploits1References3
WPVulnDB
WPVulnDB
added 2024/06/18 12:0 a.m.60 views

Advanced Custom Fields Pro < 6.2.10 - Authenticated (Contributor+) Code Injection

Description The Advanced Custom Fields Pro plugin for WordPress is vulnerable to Code Injection in all versions up to, and including, 6.2.9. This makes it possible for authenticated attackers, with contributor-level access and above, to execute code on the server...

8.5CVSS7.4AI score0.00429EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/04/06 12:0 a.m.60 views

Formidable Forms < 6.2 - Unauthenticated PHP Object Injection

The plugin unserializes user input, which could allow anonymous users to perform PHP Object Injection when a suitable gadget is present. PoC To simulate a gadget chain, put the following code in a plugin: class Evil public function wakeup : void die"Arbitrary deserialization"; 1. Active this...

9.5AI score0.00702EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/12/05 12:0 a.m.60 views

Multiple YITH WooCommerce plugins - Cross-Site Scripting via shortcode ajax

Multiple plugins from YITH does not protect its ajax actions against CSRF attacks, allowing an attacker to trick a logged in user to perform actions on their behalf by submitting a crafted request...

3.7AI score0.00144EPSS
Exploits0References1Affected Software7
WPVulnDB
WPVulnDB
added 2019/09/19 12:0 a.m.60 views

WP Google Map Plugin < 4.1.0 - CSRF to Unauthenticated PHP Object Injection

The WP Google Map Plugin WordPress plugin was affected by a CSRF to Unauthenticated PHP Object Injection security vulnerability...

2.8AI score
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/07/20 12:0 a.m.59 views

Essential Addons For Elementor < 5.8.2 - Unauthenticated MailChimp API Key Disclosure

Description The plugin discloses the MailChimp API key in pages with the MailChimp block, allowing unauthenticated users to obtain such key...

5.3CVSS5.5AI score0.00487EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2014/08/01 10:58 a.m.59 views

WP Super Cache 1.3 - trunk/wp-cache.php wp_nonce_url Function URI XSS

The WP Super Cache WordPress plugin was affected by a trunk/wp-cache.php wpnonceurl Function URI XSS security vulnerability...

4.3CVSS2AI score0.01523EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2014/08/01 10:58 a.m.59 views

Wordfence 3.8.1 - wp-admin/admin.php whois Parameter Stored XSS

The Wordfence Security – Firewall & Malware Scan WordPress plugin was affected by a wp-admin/admin.php whois Parameter Stored XSS security vulnerability...

2AI score
Exploits0References2Affected Software1
WPVulnDB
WPVulnDB
added 2022/12/05 12:0 a.m.58 views

Contest Gallery Pro < 19.1.5 - Admin+ SQL Injection

The plugin does not escape the wpuserid GET parameter before concatenating it to an SQL query in management-show-user.php. This may allow malicious users with at administrator privileges i.e. on multisite WordPress configurations to leak sensitive information from the site's database. PoC POST...

4.9CVSS5.1AI score0.00852EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2022/03/01 12:0 a.m.58 views

Folders Disclosure via Outdated jQueryFileTree Library

The plugins are using the admin-page-framework framework which is shipped with the outdated and no longer maintained library jQueryFileTree known to be affected by a path traversal issue, allowing unauthenticated attackers to disclose the folder structure of the web server PoC curl...

7.5CVSS3.9AI score0.57608EPSS
Exploits7References1Affected Software6
WPVulnDB
WPVulnDB
added 2023/06/21 12:0 a.m.57 views

Gravity Forms < 2.7.5 - Reflected XSS

The plugin does not escape generated URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting which could be used against high-privileged users such as admin. PoC Make a logged in admin open the following URL:...

6.1CVSS8.4AI score0.00482EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2021/11/30 12:0 a.m.57 views

LiteSpeed Cache < 4.4.4 - IP Check Bypass to Unauthenticated Stored XSS

The plugin does not properly verify that requests are coming from QUIC.cloud servers, allowing attackers to make requests to certain endpoints by using a specific X-Forwarded-For header value. In addition, one of the endpoint could be used to set CSS code if a setting is enabled, which will then ...

6.1CVSS6.1AI score0.01216EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2021/06/15 12:0 a.m.57 views

RSS for Yandex Turbo <= 1.30 - Authenticated Stored XSS

The plugin does not sanitise or escape some of its settings before saving and outputing them in the admin dashboard, leading to an Authenticated Stored Cross-Site Scripting issue even when the unfilteredhtml capability is disallowed. PoC Vulnerable parameters: =, =, =, =, =, =. PoC 1 |...

3.5CVSS1.2AI score0.00547EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
added 2020/10/21 12:0 a.m.57 views

Loginizer < 1.6.4 - Unauthenticated SQL Injection

The Loginizer WordPress plugin was found to be affected by an Unauthenticated SQL Injection vulnerability found by the security researcher mslavco. The vulnerability was triggered within the brute force protection functionality, which was enabled by default when the plugin was first installed. Wh...

7.5CVSS9.3AI score0.53619EPSS
Exploits4References4Affected Software1
WPVulnDB
WPVulnDB
added 2014/08/01 10:58 a.m.57 views

WP Super Cache 1.3 - trunk/plugins/wptouch.php URI XSS

The WP Super Cache WordPress plugin was affected by a trunk/plugins/wptouch.php URI XSS security vulnerability...

4.3CVSS1.6AI score0.01523EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/01 12:0 a.m.56 views

Element Pack Pro <= 7.7.4 - Authenticated (Contributor+) Arbitrary File Read and PHAR Deserialization

Description The Element Pack Pro - Addon for Elementor Page Builder WordPress Plugin plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 7.7.4. This makes it possible for authenticated attackers, with contributor-level access and above, to read the...

8.5CVSS6.6AI score0.00523EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2023/11/24 12:0 a.m.56 views

Qi Addons For Elementor < 1.6.4 - Authenticated (Contributor+) Local File Inclusion

Description The Qi Addons For Elementor plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.6.3. This makes it possible for authenticated attackers, with contributor-level access and above, to include and execute arbitrary files on the server, allowi...

7.9AI score0.00497EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2022/10/10 12:0 a.m.56 views

Smart Slider 3 < 3.5.1.11 - PHP Object Injection

The plugin unserialises the content of an imported file, which could lead to PHP object injection issues when a user import intentionally or not a malicious file, and a suitable gadget chain is present on the site. PoC To simulate a gadget chain, put the following code in a plugin class Evil publ...

8.8CVSS1AI score0.01903EPSS
Exploits3Affected Software1
WPVulnDB
WPVulnDB
added 2022/07/25 12:0 a.m.56 views

SearchWP Live Ajax Search < 1.6.2 - Unauthenticated Arbitrary Post Title Disclosure

The plugin does not ensure that users making. alive search are limited to published posts only, allowing unauthenticated users to make a crafted query disclosing private/draft/pending post titles along with their permalink PoC...

5.3CVSS1.1AI score0.01464EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/02/28 12:0 a.m.56 views

Unauthorised AJAX Calls via Freemius

Description The plugins and themes use an insecure version of the Freemius Framework, which is lacking CSRF and/or authorisation in some of its AJAX actions. As a result, any authenticated users, such as subscriber could access the debug logs. Unauthenticated attackers could also make a logged in...

7AI score
Exploits0
WPVulnDB
WPVulnDB
added 2021/11/11 12:0 a.m.56 views

Contact Form Email < 1.3.25 - Admin+ Stored Cross-Site Scripting

The plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and escaping via the name parameter found in the /trunk/cp-admin-int-list.inc.php file which allowed attackers with administrative user access to inject arbitrary web scripts. This only affects multi-site...

4.8CVSS5AI score0.00598EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2022/05/31 12:0 a.m.55 views

GTM4WP < 1.15.2 - Admin+ Stored Cross-Site Scripting

The plugin does not properly escape the Content Element ID settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when unfilteredhtml is disallowed for example multisite setups...

5.5CVSS2.4AI score0.01071EPSS
Exploits1Affected Software1
WPVulnDB
WPVulnDB
added 2021/02/06 12:0 a.m.55 views

Like Button Rating < 2.6.32 - Unauthenticated Full-Read SSRF

The LikeBtn WordPress plugin was vulnerable to Unauthenticated Full-Read Server-Side Request Forgery SSRF. On line 7493 in likebtnlikebutton.php a hook is set to allow unauthenticated ajax calls which will call the function likebtnprx. As the name suggests, this function works as a proxy and can ...

7.4AI score0.04337EPSS
Exploits1Affected Software1
WPVulnDB
WPVulnDB
added 2020/06/23 12:0 a.m.55 views

WooCommerce < 4.2.1 - Potential Cross-Site Scripting (XSS) via SelectWoo

A DOM based Cross-Site Scripting XSS vulnerability was found to affect the SelectWoo dependency that WooCommerce used. SelectWoo replaces the standard box in web browsers...

3.4AI score
Exploits0References4Affected Software1
WPVulnDB
WPVulnDB
added 2017/10/20 12:0 a.m.55 views

Multiple Plugins - jQueryFileTree - Unauthenticated Path Traversal

Since no authentication or authorisation checks for direct access to the jqueryFileTree.php are made, the vulnerability allows for browsing the file system on a host out of an unauthenticated context. Even though no file content can be exfiltrated this way, "hidden" files e.g. in the web...

5CVSS2AI score0.57608EPSS
Exploits7References3Affected Software2
WPVulnDB
WPVulnDB
added 2014/05/07 12:0 a.m.55 views

Photo-Gallery <= 1.2.41 - UploadHandler.php File Upload CSRF

The Photo Gallery by 10Web – Mobile-Friendly Image Gallery WordPress plugin was affected by an UploadHandler.php File Upload CSRF security vulnerability...

6.8CVSS2.6AI score0.00819EPSS
Exploits0References2Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/23 12:0 a.m.54 views

Nexter < 2.0.4 - Missing Authorization

Description The Nexter theme for WordPress is vulnerable to unauthorized modification of data due to missing capability checks on several functions such as nexterextraextactiveajax, nexterextraextdeactivateajax, nexterextwpreplaceurlsettingsajax, nexterextwpduplicatepostsettingsajax,...

6.7AI score0.0035EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/01/04 12:0 a.m.54 views

Insert Pages < 3.7.5 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. PoC Exploit:...

5.4CVSS2AI score0.00534EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2021/11/15 12:0 a.m.54 views

Modern Events Calendar < 6.1.5 - Unauthenticated Blind SQL Injection

The plugin does not sanitise and escape the time parameter before using it in a SQL statement in the mecloadsinglepage AJAX action, available to unauthenticated users, leading to an unauthenticated SQL injection issue PoC...

9.8CVSS9.8AI score0.728EPSS
Exploits7Affected Software1
WPVulnDB
WPVulnDB
added 2020/08/04 12:0 a.m.54 views

Elegant Themes (Divi 3.0 - 4.5.2, Extra 2.0 - 4.5.2, Divi Builder 2.0 - 4.5.2) - Authenticated Arbitrary File Upload

Description This flaw gave authenticated attackers, with contributor-level or above capabilities, the ability to upload arbitrary files, including PHP files, and achieve remote code execution on a vulnerable site’s server. PoC Usage: php poc.php url username password filetoupload Once the file is...

9.9CVSS9.3AI score0.02422EPSS
Exploits2References2
WPVulnDB
WPVulnDB
added 2019/12/12 12:0 a.m.54 views

Ultimate Addons for Elementor < 1.20.1 - Authentication Bypass

A vulnerability affecting the Ultimate Addons for Elementor WordPress plugin allows malicious users to authenticate as any other user due to the lack of checks when logging in via Facebook or Google...

6.8AI score
Exploits0References3Affected Software1
WPVulnDB
WPVulnDB
added 2019/09/05 12:0 a.m.54 views

WordPress <= 5.2.2 - Cross-Site Scripting (XSS) in URL Sanitisation

Description According to the WordPress release notes: "Props to Soroush Dalili @irsdl from NCC Group for disclosing an issue with URL sanitization that can lead to cross-site scripting XSS attacks." PoC Thanks to @irsdl's Hacker1 disclosure: JS - Numerical Entities JS - Hex Entities...

6.1CVSS6AI score0.02198EPSS
Exploits2References3
WPVulnDB
WPVulnDB
added 2015/06/16 12:0 a.m.54 views

Salient Theme <= 4.9 - DOM Cross-Site Scripting (XSS)

The Salient theme comes budled with a vulnerable version of PrettyPhoto which can be found in http://www.example.com/wp-content/themes/salient/js/prettyPhoto.js...

0.5AI score
Exploits0References3Affected Software1
WPVulnDB
WPVulnDB
added 2009/09/28 12:0 a.m.54 views

WP Forum < 2.4 - Multiple SQL Injection

The wp-forum WordPress plugin was affected by a Multiple SQL Injection security vulnerability...

7.5CVSS1.9AI score0.02626EPSS
Exploits9References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/06/05 12:0 a.m.53 views

Slider Revolution < 6.7.0 - Missing Authorization

Description The Slider Revolution plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the initrestapi function in versions up to 6.7.0. This makes it possible for unauthenticated attackers to update slider data...

8.8CVSS9.2AI score0.00331EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/13 12:0 a.m.53 views

WP Fastest Cache < 1.2.2 - Unauthenticated SQL Injection

Description The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by unauthenticated users. PoC 1. Visit WP Fastest Cache Settings. Ensure "Cache System" is enabled, and "Logged-in Users" is disabled. Click "Submit"...

7.5CVSS8.1AI score0.73708EPSS
Exploits11References1Affected Software1
WPVulnDB
WPVulnDB
added 2022/11/21 12:0 a.m.53 views

Betheme < 26.6.3 - Subscriber+ Unauthorised Action

The plugin does not have authorisation in some areas, which could allow any authenticated users, such as subscriber to perform unauthorised action...

8.1CVSS4.5AI score0.00497EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2022/11/02 12:0 a.m.53 views

Font Awesome 4 Menus <= 4.7.0 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. PoC Put the following payload in the "A custom...

1.2AI score0.00524EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/07/06 12:0 a.m.53 views

Simple Membership < 4.1.3 - Unauthenticated Membership Privilege Escalation

The plugin allows user to change their membership at the registration stage due to insufficient checking of a user supplied parameter. Note: This only affects membership from the plugin, not the WordPress role PoC The request contains the levelidentifier parameter with the md52 value, where 2 is...

9.8CVSS1.3AI score0.01126EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2020/10/29 12:0 a.m.53 views

WordPress < 5.5.2 - Cross-Site Scripting (XSS) via Global Variables

Description The release notes state: "Thanks to Marc Montas from Sucuri for reporting an issue that could lead to XSS from global variables."...

6.1CVSS7.3AI score0.017EPSS
Exploits0References2
WPVulnDB
WPVulnDB
added 2019/07/09 12:0 a.m.53 views

Yoast SEO 1.2.0-11.5 - Authenticated Stored XSS

The vendor's description, reference included below: "Yoast SEO 11.6 also fixes a security issue regarding term pages in WordPress. Unfiltered code was allowed in some fields. This, however, does not pose a problem for single user sites. In specific cases, on multisite installs, this might become ...

7.5CVSS0.2AI score0.03304EPSS
Exploits0References3Affected Software2
WPVulnDB
WPVulnDB
added 2018/10/15 12:0 a.m.53 views

Tajer - Unauthenticated Arbitrary File Upload

The tajer WordPress plugin was affected by an Unauthenticated Arbitrary File Upload security vulnerability. PoC curl -F "[email protected]" http://www.example.com/wp-content/plugins/tajer/lib/jQuery-File-Upload-master/server/php/index.php Shell is uploaded to:...

7.5CVSS0.7AI score0.97107EPSS
Exploits15References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/23 12:0 a.m.52 views

WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) < 7.6.7 - Authenticated (Subscriber+) Privilege Escalation

Description The WordPress Social Login and Register Discord, Google, Twitter, LinkedIn plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 7.6.6. This is due to the plugin improperly restricting user meta values that can be updated and allowing users t...

7AI score0.00479EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/04/17 12:0 a.m.52 views

Mega Addons For WPBakery Page Builder < 4.3.0 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. PoC vctestimonial link='target:"...

5.4CVSS5.4AI score0.00444EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2023/01/12 12:0 a.m.52 views

Paid Membership Pro < 2.9.8 - Unauthenticated SQLi

The plugin does not properly sanitise and escape the code parameter before using it in a SQL statement via the /pmpro/v1/order REST route, leading to a SQL injection exploitable by unauthenticated users PoC curl...

9.8CVSS0.8AI score0.9246EPSS
Exploits6References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/01/04 12:0 a.m.52 views

Membership For WooCommerce < 2.1.7 - Unauthenticated Arbitrary File Upload

The plugin does not validate uploaded files, which could allow unauthenticated users to upload arbitrary files, such as malicious PHP code, and achieve RCE. PoC 1. Install and activate WooCommerce dependency, no setup required 2. Create a local file containing the payload on /tmp/payload.php 3...

9.8CVSS4.2AI score0.17569EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/06/16 12:0 a.m.52 views

WP Championship < 9.3 - Multiple CSRF

The plugin is lacking CSRF checks in various places, allowing attackers to make a logged in admin perform unwanted actions, such as create and delete arbitrary teams as well as update the plugin's settings. Due to the lack of sanitisation and escaping, it could also lead to Stored Cross-Site...

6.5CVSS1.1AI score0.00502EPSS
Exploits2Affected Software1
Total number of security vulnerabilities5000