Lucene search
K
WpvulndbMost viewed

14603 matches found

WPVulnDB
WPVulnDB
added 2019/06/27 12:0 a.m.23 views

WebP Converter for Media <= 1.0.2 - Cross-Site Request Forgery (CSRF)

The WebP Converter for Media WordPress plugin was affected by a Cross-Site Request Forgery CSRF security vulnerability...

6.8CVSS3.3AI score0.00709EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2019/06/13 12:0 a.m.23 views

WP-Members <= 3.2.7 - Cross-Site Request Forgery (CSRF)

No CSRF Protection on Add new Fields. Can also Edit and Delete fields the same way. PoC 1.Download csrfwp-members.html 2.Change URL in html file.FORM ACTION. 3.Submit Request. Video POC : https://drive.google.com/file/d/1TuJK0NjxznjTDmoJF5wbGu2vMAXXikw/view?usp=sharing HTMLFILE :...

6.8CVSS0.7AI score0.0068EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
added 2019/05/25 12:0 a.m.23 views

Hostel Plugin <= 1.1.3 - Unauthenticated Stored XSS

This vulnerability allows any user can inject Javascript code and the code will be executed on the admin side when he visits the Bookings Page Authentication Required:No Affected Version: 1.1.3 or possibly below Fixed version:1.1.4...

4.3CVSS3.3AI score0.01165EPSS
Exploits0References2Affected Software1
WPVulnDB
WPVulnDB
added 2019/04/16 12:0 a.m.23 views

Option Tree < 2.7.0 - PHP Object Injection

The OptionTree WordPress plugin was affected by a PHP Object Injection security vulnerability...

7.5CVSS1.7AI score0.02147EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2019/04/05 12:0 a.m.23 views

Form Maker by 10Web < 1.13.5 - Cross-Site Request Forgery (CSRF) to LFI

Form Maker by WD plugin suffers from a CSRF issue that could lead to an LFI attack...

6.8CVSS3.3AI score0.01169EPSS
Exploits1References4Affected Software1
WPVulnDB
WPVulnDB
added 2019/02/14 12:0 a.m.23 views

Booking < 8.4.5.15 - SQL Injection

The Booking Calendar WordPress plugin was affected by a SQL Injection security vulnerability...

6.5CVSS2.2AI score0.18906EPSS
Exploits5References4Affected Software1
WPVulnDB
WPVulnDB
added 2019/02/05 12:0 a.m.23 views

WP Live Chat Support < 8.0.18 - Cross-Site Scripting (XSS)

The 3CX Live Chat WordPress plugin was affected by a Cross-Site Scripting XSS security vulnerability...

4.3CVSS1.2AI score0.01377EPSS
Exploits2References2Affected Software1
WPVulnDB
WPVulnDB
added 2018/11/29 12:0 a.m.23 views

LoginPress <= 1.1.15 - Authenticated Blind SQL Injection

Blind time-based SQL injection, combined with lack of permission check resulted in an unauthorised attack which can be performed by any user on the site including subscriber profiles. 1. Lack of permission check in settings import Similar to our recent analysis, this vulnerability was also caused...

0.8AI score
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2018/11/08 12:0 a.m.23 views

WP GDPR Compliance <= 1.4.2 - Unauthenticated Call Any Action or Update Any Option

The plugin WP GDPR Compliance allows unauthenticated users to execute any action and to update any database value. If the request data form is available for unauthenticated users, even unauthenticated users are able to do this. See references for discussion of the issue. The problem is in the fil...

7.5CVSS2.5AI score0.87294EPSS
Exploits4References3Affected Software1
WPVulnDB
WPVulnDB
added 2018/10/08 12:0 a.m.23 views

WPML <= 3.6.3 - Unauthenticated Stored Cross-Site Scripting (XSS)

The sitepress-multilingual-cms WordPress plugin was affected by an Unauthenticated Stored Cross-Site Scripting XSS security vulnerability. PoC POST /wp-admin/admin.php?page=sitepress-multilingual-cms-3.6.3%2Fmenu%2Ftheme-localization.php HTTP/1.1 Host: localhost User-Agent: Mozilla/5.0 Windows NT...

4.3CVSS0.5AI score0.13207EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2018/07/17 12:0 a.m.23 views

Geo Mashup <= 1.10.3 - Unspecified Cross-Site Scripting (XSS)

The Geo Mashup WordPress plugin was affected by an Unspecified Cross-Site Scripting XSS security vulnerability...

7.5CVSS1.6AI score0.03054EPSS
Exploits1References4Affected Software1
WPVulnDB
WPVulnDB
added 2018/06/20 12:0 a.m.23 views

Open Graph for Facebook, Google+ and Twitter Card Tags <= 2.2.4 - Authenticated Reflected XSS

There is a reflected XSS vulnerability caused by "Open Graph for Facebook, Google+ and Twitter Card Tags" in the wdfbogerror parameter on a GET request when editing a post. This can be exploited by tricking an authenticated Wordpress administrator into clicking a malicious link. This vulnerabilit...

4.3CVSS0.5AI score0.01085EPSS
Exploits1References2Affected Software1
WPVulnDB
WPVulnDB
added 2018/06/07 12:0 a.m.23 views

Booking Calendar <= 2.2.2 - Parameters Tampering Allowing Arbitrary Prices Change

Note: It is unclear whether or not this issue has been remediated...

5CVSS4.9AI score0.01367EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2018/05/05 12:0 a.m.23 views

Tagregator <= 0.6 - Stored XSS

The Tagregator WordPress plugin was affected by a Stored XSS security vulnerability...

3.5CVSS1.7AI score0.01912EPSS
Exploits5References1Affected Software1
WPVulnDB
WPVulnDB
added 2018/04/06 12:0 a.m.23 views

WP Background Takeover <= 4.1.4 - Directory Traversal

Allows for an attacker to browse files via the download.php file PoC http://target.com/wp-content/plugins/wpsite-background-takeover/exports/download.php?filename=../../../../wp-config.php...

5CVSS4.1AI score0.48158EPSS
Exploits4References2Affected Software1
WPVulnDB
WPVulnDB
added 2018/03/12 12:0 a.m.23 views

Newsletters Lite < 4.6.8.6 - PHP Object Injection

The Newsletters WordPress plugin was affected by a PHP Object Injection security vulnerability...

7.5CVSS3AI score0.02129EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2018/02/26 12:0 a.m.23 views

Ninja Forms < 3.2.15 - Parameter Tampering

The Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress WordPress plugin was affected by a Parameter Tampering security vulnerability...

5CVSS2.4AI score0.01392EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2018/01/18 12:0 a.m.23 views

Soundy Background Music <= 3.9 - Cross-Site Scripting (XSS)

The last time it was checked the plugin was still affected and had been closed...

4.3CVSS1.5AI score0.0078EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
added 2017/11/27 12:0 a.m.23 views

Elementor Page Builder <= 1.7.12 - Authenticated Unrestricted Editing

Many AJAX actions are unsecured, allowing logged in users unrestricted access to the internal Elementor functions...

6.5CVSS4.7AI score0.01381EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2017/10/12 12:0 a.m.23 views

PopCash.Net Code Integration Tool <= 1.0 - Cross-Site Scripting (XSS)

The PopCash Code Integration Tool WordPress plugin was affected by a Cross-Site Scripting XSS security vulnerability...

4.3CVSS1.4AI score0.01353EPSS
Exploits1References2Affected Software1
WPVulnDB
WPVulnDB
added 2017/09/22 12:0 a.m.23 views

Responsive Image Gallery, Gallery Album <= 1.2.0 - Authenticated SQL Injection

The Responsive Image Gallery, Gallery Album WordPress plugin was affected by an Authenticated SQL Injection security vulnerability...

7.5CVSS2.7AI score0.03189EPSS
Exploits3References2Affected Software1
WPVulnDB
WPVulnDB
added 2017/08/24 12:0 a.m.23 views

BackupGuard < 1.1.47 - Authenticated Cross-Site Scripting (XSS)

The WordPress Backup and Migrate Plugin – Backup Guard WordPress plugin was affected by an Authenticated Cross-Site Scripting XSS security vulnerability...

4.3CVSS2.2AI score0.00923EPSS
Exploits0References2Affected Software1
WPVulnDB
WPVulnDB
added 2017/05/18 12:0 a.m.23 views

EELV Newsletter < 4.6.1 - CSRF & XSS

The EELV Newsletter WordPress plugin was affected by a CSRF & XSS security vulnerability...

6.8CVSS2.2AI score0.00905EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2017/05/11 12:0 a.m.23 views

Nelio Ab Testing < 4.6.4 - CSRF

The Nelio AB Testing WordPress plugin was affected by a CSRF security vulnerability...

6.8CVSS3.1AI score0.00649EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2017/04/06 12:0 a.m.23 views

Twitter Cards Meta <= 2.4.5 - CSRF and XSS

The Twitter Cards Meta – Best Twitter Card Plugin for WordPress WordPress plugin was affected by a CSRF and XSS security vulnerability...

6.8CVSS2.2AI score0.00922EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2017/03/13 12:0 a.m.23 views

Dtracker <= 1.5 - Unauthorised Contract Creation

Plugin is still affected and has been closed...

5CVSS3.2AI score0.03232EPSS
Exploits2References2Affected Software1
WPVulnDB
WPVulnDB
added 2017/03/07 12:0 a.m.23 views

Wp2android 1.1.4 - Unauthenticated File Upload

Plugin is still affected and has been closed...

7.5CVSS2.4AI score0.12435EPSS
Exploits4References3Affected Software1
WPVulnDB
WPVulnDB
added 2017/03/07 12:0 a.m.23 views

WordPress 4.0-4.7.2 - Authenticated Stored Cross-Site Scripting (XSS) in YouTube URL Embeds

Description This can be exploited by unauthenticated users in versions 4.7 and 4.7.1 by leveraging this vulnerability https://wpvulndb.com/vulnerabilities/8734...

5.4CVSS5.8AI score0.02094EPSS
Exploits0References3
WPVulnDB
WPVulnDB
added 2017/03/06 12:0 a.m.23 views

WordPress 4.7.0-4.7.2 - Authenticated Unintended File Deletion in Plugin Delete

...

5.5CVSS2.3AI score0.03124EPSS
Exploits0References2Affected Software1
WPVulnDB
WPVulnDB
added 2017/02/27 12:0 a.m.23 views

Kama Click Counter <= 3.4.9 - Authenticated Blind SQL Injection

The Kama Click Counter WordPress plugin was affected by an Authenticated Blind SQL Injection security vulnerability. PoC http://www.example.com/wp-admin/admin.php?page=kama-clic-counterby=linkname=ASC%2cselectfromselectsleep30a=1...

9.3CVSS0.6AI score0.0201EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2016/09/19 12:0 a.m.23 views

Neosense Theme < 1.8 - Unrestricted File Upload

Neosense is a commercial WordPress theme by dynamicpress. Version 1.7 and possibly earlier includes in its theme directory a copy of the "qquploader" ajax file uploader, which does not verify user authorization. Using this uploader, an attacker can upload any file to the site. The uploaded file i...

7.5CVSS1.9AI score0.02226EPSS
Exploits0References2Affected Software1
WPVulnDB
WPVulnDB
added 2016/07/25 12:0 a.m.23 views

Total Security < 3.4.1 - XSS & Settings Change

The Total Security WordPress plugin was affected by a XSS & Settings Change security vulnerability...

5CVSS1.6AI score0.01139EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2016/06/29 12:0 a.m.23 views

PeepSo <= 1.6.0 - Authenticated Privilege Escalation

Unfiltered input allows a logged in user to escalate their permissions to that of an Administrator...

6.5CVSS3.3AI score0.01576EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2016/06/21 12:0 a.m.23 views

WordPress 3.6-4.5.2 - Authenticated Revision History Information Disclosure

...

5CVSS1.5AI score0.03651EPSS
Exploits0References3Affected Software1
WPVulnDB
WPVulnDB
added 2016/04/13 12:0 a.m.23 views

e-search <= 1.0 - Unauthenticated Reflected Cross-Site Scripting (XSS)

The e-search WordPress plugin was affected by an Unauthenticated Reflected Cross-Site Scripting XSS security vulnerability. PoC http://www.example.com/wp-content/plugins/e-search/tmpl/dateselect.php?date-from=""...

4.3CVSS0.7AI score0.0465EPSS
Exploits3References3Affected Software1
WPVulnDB
WPVulnDB
added 2016/04/13 12:0 a.m.23 views

Pondol Form to Mail <= 1.1 - Unauthenticated Reflected Cross-Site Scripting (XSS)

The pondol-formmail WordPress plugin was affected by an Unauthenticated Reflected Cross-Site Scripting XSS security vulnerability...

4.3CVSS1.5AI score0.03462EPSS
Exploits1References2Affected Software1
WPVulnDB
WPVulnDB
added 2015/11/24 12:0 a.m.23 views

GoCodes <= 1.3.5 - Authenticated XSS & Blind SQL Injection

The gocodes WordPress plugin was affected by an Authenticated XSS & Blind SQL Injection security vulnerability...

6.5CVSS2.9AI score0.01944EPSS
Exploits2References2Affected Software1
WPVulnDB
WPVulnDB
added 2015/11/22 12:0 a.m.23 views

404 to 301 <= 2.0.2 - Authenticated Blind SQL Injection

Description The 404 to 301 – Redirect, Log and Notify 404 Errors WordPress plugin was affected by an Authenticated Blind SQL Injection security vulnerability...

9.8CVSS9.9AI score0.46125EPSS
Exploits4References2
WPVulnDB
WPVulnDB
added 2015/11/05 12:0 a.m.23 views

neuvoo-jobroll <= 2.0 - Unauthenticated Reflected Cross-Site Scripting (XSS)

The neuvoo-jobroll WordPress plugin was affected by an Unauthenticated Reflected Cross-Site Scripting XSS security vulnerability...

4.3CVSS1.9AI score0.01333EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2015/09/05 12:0 a.m.23 views

Easy Media Gallery <= 1.3.47 - Cross Site Scripting (XSS)

The Gallery – Photo Albums Plugin WordPress plugin was affected by a Cross Site Scripting XSS security vulnerability...

3.5CVSS2.3AI score0.01242EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
added 2015/09/05 12:0 a.m.23 views

WP Limit Login Attempts <= 2.0.0 - Unauthenticated SQL Injection

The WP Limit Login Attempts WordPress plugin was affected by an Unauthenticated SQL Injection security vulnerability...

7.5CVSS2.8AI score0.0235EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
added 2015/07/16 12:0 a.m.23 views

Broken Link Manager <= 0.5.5 - Unauthenticated Stored Cross-Site Scripting (XSS)

The Broken Link Manager WordPress plugin was affected by an Unauthenticated Stored Cross-Site Scripting XSS security vulnerability...

4.3CVSS1.9AI score0.01545EPSS
Exploits1References2Affected Software1
WPVulnDB
WPVulnDB
added 2015/07/16 12:0 a.m.23 views

NEX-Forms <= 4.0 - Unauthenticated Blind SQL Injection

The NEX-Forms – Ultimate Form Builder – Contact forms and much more WordPress plugin was affected by an Unauthenticated Blind SQL Injection security vulnerability...

7.5CVSS2.2AI score0.0237EPSS
Exploits1References2Affected Software1
WPVulnDB
WPVulnDB
added 2015/07/05 12:0 a.m.23 views

StageShow <= 5.0.8 - Open Redirect

The StageShow WordPress plugin was affected by an Open Redirect security vulnerability. PoC http://www.example.com/wp-content/plugins/stageshow/stageshowredirect.php?url=http%3A%2F%2F2buntu.com...

6.4CVSS0.5AI score0.06283EPSS
Exploits2References3Affected Software1
WPVulnDB
WPVulnDB
added 2015/06/10 12:0 a.m.23 views

RobotCPA Plugin V5 - Unauthenticated Local File Inclusion

The robotcpa WordPress plugin was affected by an Unauthenticated Local File Inclusion security vulnerability. PoC This issue has been seen exploited in the wild with the following payload: http://www.example.com/wp-content/plugins/robotcpa/f.php?l=..%2F..%2F..%2Fwp-config.php...

5CVSS1AI score0.12574EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2015/06/01 12:0 a.m.23 views

ZoomSounds <= 2.0 - Remote File Upload

The dzs-zoomsounds WordPress plugin was affected by a Remote File Upload security vulnerability...

7.5CVSS2.4AI score0.03959EPSS
Exploits0References3Affected Software1
WPVulnDB
WPVulnDB
added 2015/05/26 12:0 a.m.23 views

WP Fastest Cache < 0.8.3.5 - Multiple CSRF

The WP Fastest Cache WordPress plugin was affected by a Multiple CSRF security vulnerability...

6.8CVSS2AI score0.00992EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2015/05/21 12:0 a.m.23 views

WP Membership <= 1.2.3 - Multiple Vulnerabilities

The wp-membership WordPress plugin was affected by a Multiple Vulnerabilities security vulnerability...

6.5CVSS2.6AI score0.08311EPSS
Exploits5References3Affected Software1
WPVulnDB
WPVulnDB
added 2015/05/15 12:0 a.m.23 views

Encrypted Contact Form <= 1.0.4 - CSRF & XSS

The Encrypted Contact Form WordPress plugin was affected by a CSRF & XSS security vulnerability...

6.8CVSS2.4AI score0.04727EPSS
Exploits5References4Affected Software1
WPVulnDB
WPVulnDB
added 2015/04/20 12:0 a.m.23 views

Quota < 1.2.5 - Unspecified XSS

The quota WordPress theme was affected by an Unspecified XSS security vulnerability...

4.3CVSS2.1AI score0.00923EPSS
Exploits0References2Affected Software1
Total number of security vulnerabilities5000