Lucene search
K
WpvulndbMost viewed

14603 matches found

WPVulnDB
WPVulnDB
•added 2023/10/16 12:0 a.m.•22 views

WooCommerce Ninja Forms Product Add-ons < 1.7.1 - Unauthenticated Arbitrary File Upload

Description The plugin does not validate the file to be uploaded, allowing any unauthenticated users to upload arbitrary files to the server, leading to RCE. PoC Make sure to have both WooCommerce and NinjaForms 3.4.34.2 NF's latest version on the 3.4 branch installed, then follow those...

9.8CVSS9.8AI score0.00877EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2023/10/16 12:0 a.m.•22 views

SendPulse Free Web Push < 1.3.2 - CSRF

Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...

8.8CVSS6.5AI score0.00214EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2023/10/12 12:0 a.m.•22 views

WP Site Protector <= 2.0 - Settings Update via CSRF

Description The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

8.8CVSS6.4AI score0.00227EPSS
Exploits0
WPVulnDB
WPVulnDB
•added 2023/09/29 12:0 a.m.•22 views

WP-dTree <= 4.4.5 - Reflected XSS

Description The plugin does not sanitise and escape some parameters before outputting them back in the page, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

7.1CVSS5.7AI score0.00331EPSS
Exploits0References1
WPVulnDB
WPVulnDB
•added 2023/09/27 12:0 a.m.•22 views

Ultimate Addons for Contact Form 7 < 3.2.1 - Reflected XSS

Description The plugin does not sanitise and escape some parameters before outputting them back in the page, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

7.1CVSS5.7AI score0.0033EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
•added 2023/09/25 12:0 a.m.•22 views

ActivityPub for WordPress < 1.0.0 - Contributor+ Stored XSS

Description The plugin does not escape user metadata before outputting them in mentions, which could allow users with a role of Contributor and above to perform Stored XSS attacks PoC As a contributor, put the following payload in a post the payload will have to be updated accordingly to watch th...

5.4CVSS5.2AI score0.00419EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2023/09/14 12:0 a.m.•22 views

Leyka < 3.30.7.1 - Subscriber+ Sensitive Information Disclosure

Description The plugin is vulnerable to Sensitive Information Exposure via the 'leykaajaxgetenvandoptions' function. This can allow authenticated attackers with subscriber-level permissions or above to extract sensitive data including Sberbank API key and password, PayPal Client Secret, and more...

6.5CVSS6.2AI score0.0059EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2023/09/07 12:0 a.m.•22 views

BigBlueButton <= 3.0.0-beta.4 - Reflected XSS

Description The plugin does not sanitise and escape the username and tempentrypass parameters before outputting them back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

7.1CVSS5.8AI score0.00324EPSS
Exploits0
WPVulnDB
WPVulnDB
•added 2023/09/04 12:0 a.m.•22 views

All in One B2B for WooCommerce <= 1.0.3 - Multiple CSRF

Description The plugin does not properly check nonce values in several actions, allowing an attacker to perform CSRF attacks. PoC This CSRF attack will reject a Quote in the database. 1. Go to All In One Quote Quotes 2. Click "Add quote", fill in the title, and save. 3. Find the Quote ID,...

8.8CVSS8.7AI score0.00321EPSS
Exploits2
WPVulnDB
WPVulnDB
•added 2023/09/01 12:0 a.m.•22 views

Activity Log < 2.8.8 - IP Spoofing

Description This plugin retrieves client IP addresses from potentially untrusted headers, allowing an attacker to manipulate its value. This may be used to hide the source of malicious traffic. PoC Run the following code in the web browser and note on the backend that the IP address has been fake...

5.3CVSS5.4AI score0.00627EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2023/08/21 12:0 a.m.•22 views

URL Shortify < 1.7.6 - Unauthenticated Stored XSS via referer header

Description The plugin does not properly escape the value of the referer header, thus allowing an unauthenticated attacker to inject malicious javascript that will trigger in the plugins admin panel with statistics of the created short link. PoC 1. Add a new shortened link in the interface...

6.1CVSS6.3AI score0.00735EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2023/08/02 12:0 a.m.•22 views

Simple Blog Card < 1.31 - Contributor+ Stored XSS via Shortcode

Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks PoC As a contributor, put the...

5.4CVSS5.4AI score0.00371EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
•added 2023/08/02 12:0 a.m.•22 views

Front Editor <= 4.3.5 - Admin+ Stored XSS

Description The plugin does not sanitize and escape some of its form settings, which could allow high-privilege users to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC 1. Add a new form. 2. For the "Post Title",...

4.8CVSS4.8AI score0.00379EPSS
Exploits2
WPVulnDB
WPVulnDB
•added 2023/07/25 12:0 a.m.•22 views

Freemius SDK < 2.5.10 - Reflected Cross-Site Scripting

Description The Freemius SDK for WordPress does not adequately sanitize inputs or escape outputs, leading to Reflected Cross-Site Scripting. This directly affects over 1000 plugins and themes that use this SDK...

6.3AI score0.00284EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2023/07/24 12:0 a.m.•22 views

Contact Form Builder by Bit Form < 2.2.0 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC 1. Create a Blank form or select...

4.8CVSS4.9AI score0.00379EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2023/06/27 12:0 a.m.•22 views

WP Abstracts <= 2.6.2 - Cross-Site Request Forgery

The plugin does not sufficiently verify requests use nonces, leading to a CSRF vulnerability...

8.8CVSS6.8AI score0.00256EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
•added 2023/06/26 12:0 a.m.•22 views

Querlo Chatbot <= 1.2.4 - Stored Cross-Site Scripting

The plugin does not escape or sanitize chat messages, leading to a stored Cross-Site Scripting vulnerability. PoC Submit the following in the chat message: """ See the XSS in Querlo...

8.2AI score
Exploits1Affected Software1
WPVulnDB
WPVulnDB
•added 2023/06/22 12:0 a.m.•22 views

Ninja Forms < 3.6.25 - Admin+ Arbitrary File Deletion

The plugin does not validate the path of files to be deleted, which could allow administrators to delete arbitrary files on the server even when they should not be able to...

6.8AI score0.00601EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2023/06/22 12:0 a.m.•22 views

WooCommerce Payments < 4.5.1 - Intent Parameter Tampering

The plugin allows customer to complete an order on a merchant’s site without paying for it...

6.8AI score
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
•added 2023/06/19 12:0 a.m.•22 views

MStore API < 3.9.7 - Subscriber+ Unauthorized Settings Update

The plugin does not secure most of its AJAX actions by implementing privilege checks, nonce checks, or a combination of both. PoC Make sure the site also has WooCommerce installed and activated, then, while logged-in as a subscriber, visit the following URLs: -...

4.3CVSS6.4AI score0.00507EPSS
Exploits3Affected Software1
WPVulnDB
WPVulnDB
•added 2023/06/19 12:0 a.m.•22 views

AN_GradeBook <= 5.0.1 - Admin+ XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. PoC 1. When adding a new course in the plugin...

4.8CVSS7.9AI score0.00522EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2023/06/19 12:0 a.m.•22 views

MStore API < 3.9.8 - Unauthenticated Blind SQLi

The plugin does not sanitise and escape a parameter before using it in a SQL statement, leading to a Blind SQL injection exploitable by unauthenticated users. This is only exploitable if the site owner elected to pay to get access to the plugins' pro features, and uses the woocommerce-appointment...

9.8CVSS9.8AI score0.05304EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2023/06/02 12:0 a.m.•22 views

Online Booking & Scheduling Calendar for WordPress by vcita < 4.3.1 - Unauthenticated Stored Cross-Site Scripting

The plugin does not sanitize and escape the businessid parameter of an unprotected REST route endpoint before rendering it back in pages on the website, allowing an unauthenticated attacker to inject arbitrary web scripts, which could target authenticated users such as administrators. PoC curl...

7.2CVSS6.7AI score0.00607EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
•added 2023/05/30 12:0 a.m.•22 views

AI-Engine < 1.6.83 - Admin+ Stored XSS

The plugin does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example, in multisite setup. PoC Go to Meow Apps » AI Engine » Chatbot tab »...

4.8CVSS5.3AI score0.0047EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2023/05/30 12:0 a.m.•22 views

CRM Perks Forms < 1.1.2 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitize and escape the formid field in the plugin settings page, which could allow high-privilege users such as an administrator to inject arbitrary web scripts even when the unfilteredhtml capability is disallowed for example in a multisite setup. PoC...

4.8CVSS5.8AI score0.00604EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
•added 2023/05/05 12:0 a.m.•22 views

WP Job Portal <= 2.0.1 - Unauthenticated Settings Update

The plugin does not have authorisation and CSRF checks when updating its settings, which could allow unauthenticated attackers to change them...

7AI score0.00481EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2023/04/24 12:0 a.m.•22 views

WP Visitor Statistics (Real Time Traffic) < 6.9 - Unauthenticated SQLi

The plugin does not escape user input which is concatenated to an SQL query, allowing unauthenticated visitors to conduct SQL Injection attacks. PoC Note: The visitorId parameter's numerical prefix before the %27 must be different on each try...

9.8CVSS7.7AI score0.04234EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2023/04/24 12:0 a.m.•22 views

Product Addons & Fields for WooCommerce < 32.0.6 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitize and escape some of its setting fields, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example, in multisite setup. PoC - Install the plugin and WooCommerce,...

4.8CVSS5.4AI score0.00461EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2023/04/19 12:0 a.m.•22 views

WCP Contact Form <= 3.1.0 - Reflected XSS

The plugin does not sanitise and escape the tab parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

7.1CVSS6AI score0.00382EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2023/04/03 12:0 a.m.•22 views

Product Enquiry for WooCommerce < 2.2.13 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5.9CVSS5.5AI score0.00369EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2023/04/03 12:0 a.m.•22 views

Product page shipping calculator for WooCommerce < 1.3.21 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5.9CVSS5.7AI score0.00369EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2023/03/22 12:0 a.m.•22 views

WooCommerce JazzCash Gateway <= 2.0 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

7.1CVSS6AI score0.00382EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2023/03/20 12:0 a.m.•22 views

ConvertBox Auto Embed WordPress < 1.0.20 - Contributor+ Stored Cross-Site Scripting

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

6.5CVSS5.8AI score0.00361EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2023/03/20 12:0 a.m.•22 views

Event Manager for WooCommerce < 3.8.7 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5.9CVSS5.5AI score0.00369EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2023/03/17 12:0 a.m.•22 views

Open RDW kenteken voertuiginformatie < 2.1.0 - Reflected XSS

The plugin does not sanitise and escape the opendatardwkenteken parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

7.1CVSS6.3AI score0.00382EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2023/03/13 12:0 a.m.•22 views

User Role by BestWebSoft < 1.6.7 - Privilege Escalation via CSRF

The plugin does not protect against CSRF in requests to update role capabilities, leading to arbitrary privilege escalation of any role. PoC Make a logged in admin open a page with the code below. Then, log in as a subscriber and see that you have full admin access...

8.8CVSS8.8AI score0.00411EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2023/03/11 12:0 a.m.•22 views

WH Testimonials <= 3.0.0 - Unauthenticated Stored XSS

The plugin does not sanitise and escape the whhomepage, whtextshort and whtextfull parameters of submitted Testimonials, which could allow unauthenticated attackers to perform Stored Cross-Site Scripting attacks PoC curl -X POST 'http://example.com/add/' \ -H 'Content-Type: multipart/form-data;...

7.2CVSS6.1AI score0.00743EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
•added 2023/03/10 12:0 a.m.•22 views

Mass Delete Unused Tags < 3.0.0 - Tags Deletion via CSRF

The plugin does not have CSRF checks when deleting tag, which could allow attackers to make logged in admins perform such action via a CSRF attack...

8.8CVSS6.7AI score0.00265EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2023/03/08 12:0 a.m.•22 views

Drag and Drop Multiple File Upload PRO - Contact Form 7 Standard < 2.11.0 - Path Traversal

The plugin does not properly check the value of the input "uploaddir", which is modifiable by the user. As a result, by changing the value of this input, it's possible to upload a file anywhere writable in the webserver. PoC 1. Create a contact form and add a "multiple file upload" field. 2. Add...

9.8CVSS8.9AI score0.03004EPSS
Exploits3Affected Software1
WPVulnDB
WPVulnDB
•added 2023/03/06 12:0 a.m.•22 views

WP Dark Mode < 4.0.8 - Subscriber+ Local File Inclusion

The plugin does not properly sanitize the style parameter in shortcodes before using it to load a PHP template. This leads to Local File Inclusion on servers where non-existent directories may be traversed, or when chained with another vulnerability allowing arbitrary directory creation. PoC As a...

4.3CVSS5.7AI score0.00678EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2023/02/28 12:0 a.m.•22 views

Free WooCommerce Theme 99fy Extension < 1.2.8 - Arbitrary Plugin Activation via CSRF

Description The plugin does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack PoC activate woocommerce plugin exploit: fetch'http://localhost/wp-admin/admin-ajax.php', method: 'POST',...

4.3CVSS4.9AI score0.00252EPSS
Exploits2
WPVulnDB
WPVulnDB
•added 2023/02/27 12:0 a.m.•22 views

Read More Excerpt Link < 1.6.1 - Settings Update via CSRF

The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

4.3CVSS5.7AI score0.00296EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2023/02/23 12:0 a.m.•22 views

Organization chart < 1.4.5 - Multiple CSRF

The plugin does not have CSRF checks in some places, for example when updating/deleting/duplicating popups, tree and themes from the plugin, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...

8.8CVSS8.3AI score0.00271EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2023/02/22 12:0 a.m.•22 views

Auto Affiliate Links < 6.3.0.3 - Settings Update via CSRF

The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

8.8CVSS8.2AI score0.00248EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2023/02/21 12:0 a.m.•22 views

WP OAuth Server < 4.2.5 - Arbitrary Post Deletion via CSRF

The plugin does not have CSRF check when deleting a client, and does not ensure that the object to be deleted is actually a client, which could allow attackers to make a logged in admin delete arbitrary client and post via a CSRF attack. PoC fetch'/wp-admin/admin-ajax.php', method: 'POST', header...

4.3CVSS5.4AI score0.00252EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2023/02/13 12:0 a.m.•22 views

Simple Yearly Archive < 2.1.9 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5.9CVSS4.8AI score0.00369EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2023/02/10 12:0 a.m.•22 views

Shortcodes Ultimate < 5.12.7 - Subscriber+ Arbitrary File Access

The plugin does not validate the url attribute of its sutable shortcode before displaying its content, which could allow any authenticated users, such as subscriber to read arbitrary files from the server when the "Unsafe Features" settings is enabled...

6.1AI score0.00591EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2023/02/09 12:0 a.m.•22 views

WPCode < 2.0.7 - Contributor+ WPCode Library Auth Key Update/Deletion

The plugin does not have adequate privilege checks in place for several AJAX actions, only checking the nonce. This may lead to allowing any authenticated user who can edit posts to call the endpoints related to WPCode Library authentication such as update and delete the auth key. PoC As a...

4.3CVSS5.7AI score0.00801EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2023/02/06 12:0 a.m.•22 views

Ajax Search Lite < 4.11.1 - Subscriber+ Sensitive Data Disclosure

The plugin does not have authorisation and CSRF checks in the wdsearchcf AJAX action, which could allow any authenticated users to call it and retrieve arbitrary post metadata Note: v4.11 added only a CSRF check, authorisation was added in 4.11.1...

7.5CVSS7.4AI score0.00552EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2023/02/06 12:0 a.m.•22 views

Mercado Pago payments for WooCommerce < 6.4.0 - CSRF

The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...

8.8CVSS8.3AI score0.00285EPSS
Exploits0Affected Software1
Total number of security vulnerabilities5000