Lucene search
K
WpvulndbMost viewed

14603 matches found

WPVulnDB
WPVulnDB
added 2024/01/05 12:0 a.m.22 views

Pay with Vipps for WooCommerce < 1.14.14 - Authenticated (Contributor+) Stored Cross-Site Scripting

Description The Pay with Vipps for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the buy now button in versions up to, and including, 1.14.13 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.5CVSS5.9AI score0.0031EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/05 12:0 a.m.22 views

Republish Old Posts < 1.27 - Cross-Site Request Forgery via rop_options_page

Description The Republish Old Posts plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.21. This is due to missing or incorrect nonce validation on the ropoptionspage function. This makes it possible for unauthenticated attackers to modify the...

8.8CVSS6.6AI score0.00227EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/05 12:0 a.m.22 views

Build App Online <= 1.0.19 - Subscriber+ Privilege Escalation

Description The plugin does not have authorisation in its updateusermetavalue function, allowing any authenticated users, such as subscriber to update arbitrary user metadata and grand themselves administrator privileges...

7AI score0.00476EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/01/05 12:0 a.m.22 views

Checkout Mestres WP < 7.1.9.8 - Authentication Bypass via Password Reset

Description The plugin is vulnerable to authentication bypass due to a weak password reset functionality, allowing unauthenticated attackers to reset the password of arbitrary users to a guessable value based on the current time...

9.8CVSS9.8AI score0.00657EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/05 12:0 a.m.22 views

NEX-Forms – Ultimate Form Builder < 8.5.5 - Cross-Site Request Forgery

Description The NEX-Forms – Ultimate Form Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 8.5.2. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to perform an...

8.8CVSS6.6AI score0.00221EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/04 12:0 a.m.22 views

ProfileGrid < 5.6.7 - Missing Authorization

Description The ProfileGrid plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in versions up to, and including, 5.6.6. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform unauthorized action...

6.4AI score0.00296EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/03 12:0 a.m.22 views

Complianz | GDPR/CCPA Cookie Consent < 6.5.6 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS5.9AI score0.00326EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/03 12:0 a.m.22 views

BERTHA AI Plugin < 1.11.10.8 - Unauthenticated Arbitrary File Upload

Description The BERTHA AI. Your AI co-pilot for WordPress and Chrome plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'bthaiwatranslateaudiocallback' function in all versions up to and including 1.11.10.7. This makes it possible for...

10CVSS8.2AI score0.0063EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/03 12:0 a.m.22 views

WordPress Toolbar <= 2.2.6 - Open Redirect

Description The plugin redirects to any URL via the "wptbto" parameter. This makes it possible for unauthenticated attackers to redirect users to potentially malicious sites if they can successfully trick them into performing an action. PoC...

6.1CVSS6.6AI score0.25679EPSS
Exploits2References1
WPVulnDB
WPVulnDB
added 2024/01/03 12:0 a.m.22 views

Easy SVG Allow <= 1.0 - Author+ Stored XSS via SVG

Description The plugin does not sanitize uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads. PoC Upload an SVG with the following code: Access the uploaded file directly to trigger the XSS...

5.4CVSS9.1AI score0.0038EPSS
Exploits2
WPVulnDB
WPVulnDB
added 2023/12/23 12:0 a.m.22 views

WooCommerce Menu Extension <= 1.6.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

Description The WooCommerce Menu Extension plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.6.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor-level and above...

6.5CVSS5.7AI score0.00303EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2023/12/23 12:0 a.m.22 views

Multi Step Form < 1.7.17 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5.9CVSS4.9AI score0.00402EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/12/22 12:0 a.m.22 views

easy.jobs < 2.4.7 - Subscriber+ Arbitrary Settings Update

Description The plugin does not properly secure some of its AJAX actions, allowing any logged-in users to modify its settings. PoC fetch"/wp-admin/admin-ajax.php", "headers": "content-type": "multipart/form-data; boundary=----WebKitFormBoundaryvEIqF0bdJXlPN58D", , "body":...

4.3CVSS6.5AI score0.00405EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2023/12/19 12:0 a.m.22 views

Simple Membership < 4.3.9 - Reflected Cross-Site Scripting Vulnerability via environment_mode

Description The Simple Membership plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘environmentmode’ parameter in all versions up to, and including, 4.3.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers t...

6.1CVSS6.2AI score0.00377EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/12/14 12:0 a.m.22 views

Greenshift – animation and page builder blocks < 7.6.3 - Authenticated (Administrator+) Arbitrary File Upload

Description The Greenshift – animation and page builder blocks plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation on the 'gspbsavefiles' function in versions up to, and including, 7.6.2. This makes it possible for authenticated attackers with...

7.2CVSS8AI score0.01274EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/12/13 12:0 a.m.22 views

Multiple Plugins by KlbTheme - Reflected Cross-Site Scripting

Description The plugins do not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

7.1CVSS6AI score0.00465EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2023/12/09 12:0 a.m.22 views

Integrate Google Drive < 1.3.5 - Cross-Site Request Forgery

Description The Integrate Google Drive plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3.4. This is due to missing or incorrect nonce validation on an unknown function. This makes it possible for unauthenticated attackers to perform an...

8.8CVSS6.3AI score0.00259EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/12/09 12:0 a.m.22 views

LiveChat < 4.5.16 - Cross-Site Request Forgery

Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...

8.8CVSS8.6AI score0.0027EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/12/09 12:0 a.m.22 views

Soledad < 8.4.2 - Unauthenticated PHP Object Injection

Description The Soledad theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 8.4.1 via deserialization of untrusted input. This makes it possible for unauthenticated attackers to inject a PHP Object. No POP chain is present in the vulnerable theme. If a...

9.8CVSS7.3AI score0.00567EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/12/09 12:0 a.m.22 views

Eventin <= 3.3.44 - Missing Authorization

Description The Eventin plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on an unknown function in versions up to, and including, 3.3.44. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform an unauthoriz...

6.7AI score0.00575EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2023/12/08 12:0 a.m.22 views

HDW Player Plugin (Video Player & Video Gallery) <= 5.0 - Cross-Site Scripting

Description The HDW Player Plugin Video Player & Video Gallery plugin for WordPress is vulnerable to Cross-Site Scripting in versions up to, and including, 5.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...

7.1CVSS6.5AI score0.00403EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2023/12/08 12:0 a.m.22 views

SVGator – Add Animated SVG Easily < 1.2.5 - API Token Update/Deletion & Import Projects via CSRF

Description The plugin does not have CSRF checks when updating and deleting API token as well as importing projects, which could allow attackers to make logged in admins perform such actions via CSRF attacks...

8.8CVSS8.7AI score0.00272EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/12/08 12:0 a.m.22 views

teachPress < 9.0.5 - Cross-Site Request Forgery

Description The teachPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 9.0.4. This is due to missing or incorrect nonce validation on several functions. This makes it possible for unauthenticated attackers to invoke those functions via a...

8.8CVSS8.7AI score0.00261EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/12/08 12:0 a.m.22 views

Quantity Plus Minus Button for WooCommerce by CodeAstrology < 1.2.0 Settings Update via CSRF

Description The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

8.8CVSS6.7AI score0.00288EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/12/07 12:0 a.m.22 views

Nested Pages < 3.2.7 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5.9CVSS5.3AI score0.00386EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/12/07 12:0 a.m.22 views

HUSKY – Products Filter for WooCommerce (formerly WOOF) < 1.3.4.3 - Unauthenticated SQL Injection via search terms

Description The HUSKY – Products Filter for WooCommerce formerly WOOF plugin for WordPress is vulnerable to generic SQL Injection via search terms in versions up to, and including, 1.3.4.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existi...

9.8CVSS7.2AI score0.00588EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/12/02 12:0 a.m.22 views

Happyforms < 1.25.10 - Reflected Cross-Site Scripting

Description The plugin does not sanitise and escape a parameter before outputting it back in an hidden attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

7.1CVSS6.4AI score0.00412EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/12/02 12:0 a.m.22 views

Delete Post Revisions In WordPress <= 4.6 - Cross-Site Request Forgery

Description The delete-post-revisions-on-single-click theme for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.6. This is due to missing or incorrect nonce validation on the createadminpage function. This makes it possible for unauthenticated attacke...

8.8CVSS6.4AI score0.00264EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2023/11/29 12:0 a.m.22 views

Salient Core < 2.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting

Description The salient-core plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 2.0.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

6.5CVSS5.9AI score0.00385EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/24 12:0 a.m.22 views

Simple Membership < 4.3.5 - Account Takeover via Password Reset

Description The Simple Membership plugin for WordPress is vulnerable to account takeover due to missing input validation on the processpasswordresetusinglink function in versions up to, and including, 4.3.4. This makes it possible for authenticated attackers to gain access to arbitrary accounts o...

7.2AI score0.007EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/24 12:0 a.m.22 views

kk Star Ratings < 5.4.6 - Missing Authorization

Description The kk Star Ratings plugin for WordPress is vulnerable to unauthorized use of functionality due to a missing capability check on an unknown function in versions up to, and including, 5.4.5. This makes it possible for unauthenticated attackers to make use of this functionality. The exa...

7AI score0.00346EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/24 12:0 a.m.22 views

Unyson <= 2.7.28 - Missing Authorization

Description The Unyson plugin for WordPress is vulnerable to unauthorized access and modification of data due to missing capability checks on several functions in versions up to, and including, 2.7.28. This makes it possible for authenticated attackers, with subscriber-level access and above, to...

6.7AI score0.00337EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2023/11/24 12:0 a.m.22 views

WP-Matomo Integration (WP-Piwik) < 1.0.29 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

Description The WP-Matomo Integration WP-Piwik plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wp-piwik' shortcode in versions up to, and including, 1.0.28 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS5.7AI score0.00523EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/23 12:0 a.m.22 views

Brands for WooCommerce < 3.8.2.3 - Missing Authorization to Unauthenticated Order Manipulation and Information Retrieval

Description The Brands for WooCommerce plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 3.8.2.2. This is due to missing capability checks on the clearcacheajax, saveorder, brgetproducts, brgetbrands, and saveallorders functions hooked via AJAX nopriv...

6.9AI score0.00485EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/23 12:0 a.m.22 views

Podcast Subscribe Buttons < 1.4.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

Description The Podcast Subscribe Buttons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'podcastsubscribe' shortcode in versions up to, and including, 1.4.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS5.9AI score0.0044EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/23 12:0 a.m.22 views

AtomChat <= 1.1.4 - Missing Authorization via credits REST API Endpoint

Description The AtomChat plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'credits' REST API function in versions up to, and including, 1.1.4. This makes it possible for unauthenticated attackers to manipulate user credits when the...

6.9AI score0.00378EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2023/11/23 12:0 a.m.22 views

Poptin < 1.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

Description The Poptin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'poptin-form' shortcode in versions up to, and including, 1.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers wit...

6.4CVSS5.9AI score0.00507EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/23 12:0 a.m.22 views

WP Customer Reviews < 3.6.7 - Authenticated (Subscriber+) Sensitive Information Exposure

Description The WP Customer Reviews plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 3.6.6 via the ajaxenabledposts function. This can allow authenticated attackers to extract sensitive data such as post titles and slugs, including those of...

4.3CVSS6.8AI score0.00524EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/23 12:0 a.m.22 views

Ajax Domain Checker <= 1.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

Description The Ajax Domain Checker plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.3.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to...

6.5CVSS5.9AI score0.00416EPSS
Exploits1References1
WPVulnDB
WPVulnDB
added 2023/11/23 12:0 a.m.22 views

Social Sharing Plugin - Social Warfare < 4.4.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

Description The Social Sharing Plugin - Social Warfare plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'socialwarfare' shortcode in versions up to, and including, 4.4.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

6.4CVSS5.8AI score0.00566EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/23 12:0 a.m.22 views

RSVPMaker < 10.6.7 - Unauthenticated PHP Object Injection

Description The RSVPMaker plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 10.6.6 via deserialization of untrusted input from the $details variable. This allows unauthenticated attackers to inject a PHP Object. No POP chain is present in the vulnerable...

10CVSS7.8AI score0.00681EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/23 12:0 a.m.22 views

Themify Ultra < 7.3.6 - Missing Authorization

Description The themify-ultra theme for WordPress is vulnerable to unauthorized access, modification or loss of data due to a missing capability check on an unknown function in all versions up to, and including, 7.3.3. This makes it possible for authenticated attackers with subscriber access or...

6.1AI score0.00444EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/23 12:0 a.m.22 views

Youzify < 1.2.3 - Insecure Direct Object Reference

Description The Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.2.2 due to missing validation on a user controlled key. This makes it...

6.5CVSS9.2AI score0.00428EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/21 12:0 a.m.22 views

Simple User Listing < 1.9.3 - Reflected XSS

Description The plugin does not sanitise and escape the as parameter before outputting it back in the page, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

6.1CVSS6.3AI score0.00415EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/17 12:0 a.m.22 views

Seo By 10Web <= 1.2.9 - Reflected XSS

Description The plugin does not sanitise and escape some parameters before outputting them back in the page, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

7.1CVSS8AI score0.00403EPSS
Exploits0
WPVulnDB
WPVulnDB
added 2023/11/13 12:0 a.m.22 views

eCommerce Product Catalog Plugin for WordPress < 3.3.26 - Products Deletion via CSRF

Description The plugin does not have CSRF checks in some of its admin pages, which could allow attackers to make logged-in users perform unwanted actions via CSRF attacks, such as delete all products PoC Make a logged in admin open the URL below...

6.5CVSS7AI score0.00283EPSS
Exploits1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/13 12:0 a.m.22 views

Filr – Secure document library < 1.2.3.6 - Author+ RCE via file upload with phar ext

Description The plugin is vulnerable from an RCE Remote Code Execution vulnerability, which allows the operating system to execute commands and fully compromise the server on behalf of a user with Author-level privileges. PoC 1 Go to main dashboard of plugin...

8.8CVSS7.8AI score0.02024EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/06 12:0 a.m.22 views

WordPress Backup & Migration < 1.4.4 - Subscriber+ Plugin Settings Update

Description The plugin does not authorize some AJAX requests, allowing users with a role as low as Subscriber to update some plugin settings. PoC fetch"/wp-admin/admin-ajax.php", "headers": "content-type": "application/x-www-form-urlencoded; charset=UTF-8", , "body":...

4.3CVSS5AI score0.00454EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2023/10/26 12:0 a.m.22 views

WP Hotel Booking < 2.0.8 - Unauthenticated SQLi

Description The plugin does not have authorisation and CSRF checks, as well as does not escape user input before using it in a SQL statement of a function hooked to admininit, allowing unauthenticated users to perform SQL injections PoC Run the below command in the developer console of the web...

9.8CVSS9.8AI score0.63711EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2023/10/24 12:0 a.m.22 views

Print, PDF, Email by PrintFriendly < 5.5.2 - Admin+ Stored XSS

Description The plugin does not validate and escape some parameters, which could allow users with the admin role and above to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5.9CVSS6AI score0.00394EPSS
Exploits0References2Affected Software1
Total number of security vulnerabilities5000