Lucene search
K
WpvulndbMost viewed

14603 matches found

WPVulnDB
WPVulnDB
•added 2023/02/03 12:0 a.m.•22 views

VK All in One Expansion Unit < 9.86.0.0 - Contributor+ Stored XSS

The plugin does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. PoC Setup: The CTA Expansion...

5.4CVSS5.1AI score0.0056EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2023/02/02 12:0 a.m.•22 views

Multi Rating < 5.0.6 - Ratings Deletion via CSRF

The plugin does not have CSRF check when deleting ratings, which could allow attackers to make logged in admins to perform such action via a CSRF attack...

8.8CVSS8.2AI score0.00326EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2023/02/02 12:0 a.m.•22 views

Ocean Extra < 2.1.2 - Contributor+ Stored XSS

The plugin does not escape the class attribute of its oceanwpbreadcrumb shortcode before outputting it back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks PoC oceanwpbreadcrumb class='"...

5.5CVSS5.4AI score0.00343EPSS
Exploits1Affected Software1
WPVulnDB
WPVulnDB
•added 2023/02/02 12:0 a.m.•22 views

Robo Gallery < 3.2.11 - Plugin Activation/Deactivation via CSRF

The plugin does not have CSRF checks when activating and deactivating plugins, which could allow attackers to make logged in users perform such actions via CSRF attacks...

5.4CVSS5.6AI score0.00231EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2023/01/27 12:0 a.m.•22 views

Unlimited Elements For Elementor < 1.5.49 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5.9CVSS4.8AI score0.00392EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2023/01/23 12:0 a.m.•22 views

Zoho Forms < 3.0.1 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. PoC As a contributor, put the following in ...

5.4CVSS5AI score0.01648EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2023/01/17 12:0 a.m.•22 views

teachPress < 8.1.9 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape the tab parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

7.1CVSS5.7AI score0.00406EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2023/01/16 12:0 a.m.•22 views

Stream < 3.9.2 - Subscriber+ Alert Creation

The plugin does not prevent users with little privileges on the site like subscribers from using its alert creation functionality, which may enable them to leak sensitive information. PoC Step 1: Log in as a subscriber Step 2: Get a nonce from...

6.5CVSS6.1AI score0.0091EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2023/01/13 12:0 a.m.•22 views

WP Super Popup <= 1.1.2 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5.9CVSS5.8AI score0.00392EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2023/01/13 12:0 a.m.•22 views

SiteGround Security < 1.3.1 - Admin+ SQLi

The plugin does not properly sanitize user input before using it in an SQL query, leading to an authenticated SQL injection issue. PoC 1: POST /wordpress/index.php/wp-json/sg-security/v1/activity-registered HTTP/1.1 Host: YOUR HOST X-WP-Nonce: YOUR NONCE Cookie: Admin+ Content-Length: 155...

8.8CVSS1.7AI score0.17992EPSS
Exploits2References2Affected Software1
WPVulnDB
WPVulnDB
•added 2023/01/12 12:0 a.m.•22 views

jQuery T(-) Countdown Widget < 2.3.24 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. PoC tminus t='2100-01-01' width='"...

5.4CVSS2.8AI score0.00562EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2023/01/10 12:0 a.m.•22 views

Royal Elementor Addons < 1.3.60 - Subscriber+ Arbitrary Template Import

The plugin does not have authorisation and CSRF checks when importing templates, which could allow any authenticated user, such as subscriber to perform such action...

8.1CVSS2.8AI score0.00792EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
•added 2023/01/04 12:0 a.m.•22 views

RSS Aggregator by Feedzy < 4.1.1 - Contributor+ Stored XSS

The plugin does not validate and escape some of its block options before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. PoC 1. Add the Feedz...

5.4CVSS1.4AI score0.00507EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/12/29 12:0 a.m.•22 views

10WebMapBuilder < 1.0.72 - Contributor+ Stored XSS via Shortcode

The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. PoC Exploit:...

5.4CVSS3.2AI score0.00471EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/12/28 12:0 a.m.•22 views

Structured Content < 1.5.1 - Contributor+ Stored XSS in Shortcode

The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. PoC Exploit...

5.4CVSS1.7AI score0.00471EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/12/27 12:0 a.m.•22 views

WP Limit Login Attempts <= 2.6.4 - IP Spoofing

The plugin prioritizes getting a visitor's IP from certain HTTP headers over PHP's REMOTEADDR, which makes it possible to bypass IP-based restrictions on login forms. PoC Set HTTPCLIENTIP or HTTPXFORWARDEDFOR as used in wplimitgetip to spoof the IP address and bypass the block...

7.5CVSS0.8AI score0.00703EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/12/20 12:0 a.m.•22 views

Metricool < 1.18 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. PoC 1. In the settings page of the plugin, add th...

4.8CVSS2AI score0.0047EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/12/15 12:0 a.m.•22 views

404 to Start <= 1.6.1 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. PoC 1. In the settings of the plugin,...

4.8CVSS4.6AI score0.00532EPSS
Exploits2
WPVulnDB
WPVulnDB
•added 2022/12/14 12:0 a.m.•22 views

ipBlockList <= 1.0 - CSRF

The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...

8.8CVSS8.5AI score0.00269EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2022/12/14 12:0 a.m.•22 views

Permalink Manager Lite < 2.3.0 - Authenticated Stored XSS

The plugin does not escape page/post and media titles, which could allow attackers to perform Stored XSS attacks when another plugin/theme allowing low privilege users to modify such titles is active on the blog as well...

6.4CVSS5.2AI score0.00555EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2022/12/13 12:0 a.m.•22 views

Launchpad <= 10.13 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5.5CVSS2.3AI score0.00537EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2022/12/12 12:0 a.m.•22 views

Wholesale Market < 2.2.1 - Unauthenticated Arbitrary File Download

The plugin does not have authorisation check, as well as does not validate user input used to generate system path, allowing unauthenticated attackers to download arbitrary file from the server. PoC 1. Install woocommerce dependency, no setup required 2. Install the vulnerable plugin...

9.8CVSS2.6AI score0.01833EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/12/09 12:0 a.m.•22 views

LetsRecover < 1.2.0 - Admin+ SQLi

The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin PoC https://example.com/wp-admin/admin.php?page=letsrecover-manual-notificationid=111+AND+SELECT+5926+FROM+SELECTSLEEP5erUA...

7.2CVSS1.3AI score0.00874EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
•added 2022/12/09 12:0 a.m.•22 views

Visual Email Designer for WooCommerce < 1.7.2 - Multiple Author+ SQLi

The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as author. PoC action=INSERT HERE NAME OF...

8.8CVSS1.2AI score0.00907EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/12/05 12:0 a.m.•22 views

Contest Gallery < 19.1.5 - Author+ SQL Injection

The plugins do not escape the cgdeactivate and cgactivate POST parameters before concatenating it to an SQL query in 2deactivate.php and 4activate.php, respectively. This may allow malicious users with at least author privilege to leak sensitive information from the site's database. PoC Exploit...

6.5CVSS0.1AI score0.00854EPSS
Exploits2References1Affected Software2
WPVulnDB
WPVulnDB
•added 2022/12/05 12:0 a.m.•22 views

Return Refund and Exchange For WooCommerce < 4.0.9 - Unauthenticated Arbitrary File Upload

The plugin does not validate attachment files to be uploaded via an AJAX action available to unauthenticated users, which could allow them to upload arbitrary files such as PHP and lead to RCE PoC 1. Install and activate woocommerce dependency, no setup required 2. Install and activate the...

9.8CVSS0.7AI score0.06152EPSS
Exploits3Affected Software1
WPVulnDB
WPVulnDB
•added 2022/12/05 12:0 a.m.•22 views

Stop Spammers Security < 2022.6 - Unauthenticated PHP Object Injection

The plugin passes base64 encoded user input to the unserialize PHP function when CAPTCHA are used as second challenge, which could lead to PHP Object injection if a plugin installed on the blog has a suitable gadget chain PoC To simulate a gadget chain, put the following code in a plugin class Ev...

9.8CVSS1.6AI score0.18121EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/11/28 12:0 a.m.•22 views

WP Shamsi < 4.1.1 - Unauthenticated Arbitrary Plugin Deactivation

The plugin does not have authorisation check when activating plugins via an action hooked to init, which could allow unauthenticated attackers to deactivate arbitrary plugins from the blog...

6.5CVSS5.1AI score0.00665EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2022/11/28 12:0 a.m.•22 views

Theme and plugin translation for Polylang < 3.2.17 - Unauthenticated Translation Settings Update

The theme does not have authorisation in the processpolylangthemetranslationwploaded function, which could allow unauthenticated attack to update translation settings, as well as import arbitrary translations...

6.5CVSS3.4AI score0.00665EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2022/11/21 12:0 a.m.•22 views

AntiHacker < 4.20 - Subscriber+ Arbitrary Plugin Installation

The plugin does not have proper authorisation and CSRF in an AJAX action, allowing any authenticated users, such as subscriber to call it and install and activate arbitrary plugins from wordpress.org PoC Run the below command in the developer console of the web browser while being on the blog as ...

6.5CVSS3.3AI score0.0034EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/11/21 12:0 a.m.•22 views

StopBadBots < 7.24 - Subscriber+ Arbitrary Plugin Installation

The plugin does not have proper authorisation and CSRF in an AJAX action, allowing any authenticated users, such as subscriber to call it and install and activate arbitrary plugins from wordpress.org PoC Run the below command in the developer console of the web browser while being on the blog as ...

6.5CVSS3.3AI score0.00327EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/11/14 12:0 a.m.•22 views

Advanced Import < 1.3.8 - Arbitrary Plugin Installation & Activation via CSRF

The plugin does not have CSRF check when installing and activating plugins, which could allow attackers to make a logged in admin install arbitrary plugins from WordPress.org, and activate arbitrary ones from the blog via CSRF attacks PoC Make a logged in admin open a page containing the HTML cod...

6.5CVSS3.7AI score0.00356EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/11/14 12:0 a.m.•22 views

Becustom < 1.0.5.3 - Settings Update via CSRF

The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack PoC...

8.8CVSS4AI score0.00781EPSS
Exploits5References1Affected Software1
WPVulnDB
WPVulnDB
•added 2022/11/11 12:0 a.m.•22 views

AdRotate Banner Manager < 5.9.1 - Password Change via CSRF

The plugin does not have CSRF checks in some places, which could allow attackers to make a logged admin change their password via CSRF attacks...

8.8CVSS5.3AI score0.00264EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2022/11/07 12:0 a.m.•22 views

LoginPress < 1.6.3 - Unauthenticated Settings Update

The plugin does not have authorisation and CSRF checks when updating its Opt-In and Opt-Out tracking settings, which could allow any unauthenticated users to update them...

5.3CVSS4.4AI score0.00479EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2022/11/01 12:0 a.m.•22 views

WatchTowerHQ < 3.6.16 - Unauthenticated Arbitrary File Deletion

The plugin does properly check for the access token in its REST API endpoints, which could allow unauthenticated attackers to call them and delete arbitrary files...

9.1CVSS4.6AI score0.00819EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2022/10/21 12:0 a.m.•22 views

Contact Form Entries < 1.3.0 - CSV Injection

The plugin does not validate data when its output in a CSV file, which could lead to CSV injection. PoC - Submit a form using Contact Form 7, Ninja Forms, Elementor Forms or WP Forms using =5+5 as the value - Export the data as CSV /wp-admin/admin.php?page=vxcfleads - Open the CSV with a...

0.9AI score0.00428EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/10/05 12:0 a.m.•22 views

WP-Polls < 2.77.0 - Subscriber+ Race Condition

The plugin is affect by a race condition which could allow any authenticated users to tamper with the votes on a poll...

4.3CVSS4.8AI score0.00382EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2022/10/03 12:0 a.m.•22 views

WP ALL Export Pro < 1.7.9 - Authenticated Code Injection

The plugin does not limit some functionality during exports only to users with the Administrator role, allowing any logged in user which has been given privileges to perform exports to execute arbitrary code on the site. By default only administrators can run exports, but the privilege can be...

7.2CVSS4.1AI score0.01307EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/09/26 12:0 a.m.•22 views

Oceanwp Sticky Header <= 1.0.8 - CSRF

The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...

6.5CVSS4.2AI score0.00234EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2022/09/13 12:0 a.m.•22 views

Soledad < 8.2.5 - Reflected Cross-site Scripting

The theme does not sanitise the id,datafiltertype,... parameters in its pencimoreslistpostajax AJAX action, leading to a Reflected Cross-Site Scripting XSS vulnerability. PoC A threat actor can collect the nonce value on the main webpage by searching for it on the ajaxvarmore call: var ajaxvarmor...

6.1CVSS0.00486EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/09/12 12:0 a.m.•22 views

DSGVO All in one for WP < 4.2 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC Go the DSGVO AIO Settings Cookie Notice settin...

4.8CVSS1.2AI score0.00548EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/09/09 12:0 a.m.•22 views

Corner Ad < 1.0.57 - Ads Deletion via CSRF

The plugin does not have CSRF check when deleting ads, which could allow attackers to make logged in admins delete arbitrary ads via a CSRF attack...

8.8CVSS5.3AI score0.00646EPSS
Exploits1Affected Software1
WPVulnDB
WPVulnDB
•added 2022/09/07 12:0 a.m.•22 views

Frontend File Manager < 21.3 - Subscriber+ Arbitrary File Upload

The plugin allows any authenticated users, such as subscriber, to rename a file to an arbitrary extension, like PHP, which could allow them to basically be able to upload arbitrary files on the server and achieve RCE PoC 1. Navigate to the page where ffmwp shortcode is included as Subscriber 2...

8.8CVSS0.6AI score0.01113EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/09/01 12:0 a.m.•22 views

Word Search Puzzles Game <= 2.0.1 - Author+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some parameters, which could allow users with a role as low as author to perform Cross-Site Scripting attacks...

4.8CVSS2.9AI score0.00454EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2022/08/31 12:0 a.m.•22 views

Image Hover Effects Ultimate < 9.8.0 - Authenticated Stored XSS

The plugin does not sanitise and escape the Media Image URL, Video Link, Title and Description field of an Image Hover, which could lead to Stored XSS when low privileged users are allowed to access the plugin's feature which can be set via the plugin settings...

6.4CVSS3.5AI score0.00508EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2022/08/29 12:0 a.m.•22 views

Visual Composer Website Builder < 45.0.1 - Authenticated Stored XSS via Text Block

The plugin does not sanitise and escape its Text Block fields, which could allow users with access to the plugin's editor to perform Cross-Site Scripting attacks PoC Create a post using the plugin editor, add a Text Block and put the following payload in its content: The XSS will be triggered whe...

6.4CVSS1.8AI score0.00508EPSS
Exploits1Affected Software1
WPVulnDB
WPVulnDB
•added 2022/08/29 12:0 a.m.•22 views

Visual Composer Website Builder < 45.0.1 - Authenticated Stored XSS via Title

The plugin does not sanitise and escape post/page Title, which could allow users with access to the plugin's editor to perform Cross-Site Scripting attacks PoC Create a post using the plugin editor and add the following payload in the Title: " The XSS will be triggered when editing the post again...

6.4CVSS3AI score0.00508EPSS
Exploits1Affected Software1
WPVulnDB
WPVulnDB
•added 2022/08/25 12:0 a.m.•22 views

About Rentals <= 1.5 - Unauthenticated Actions

The plugin does not have authorisation in various actions, which could allow unauthenticated users to call them and perform unauthorised actions...

9.8CVSS4.7AI score0.00699EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2022/08/25 12:0 a.m.•22 views

Launcher: Coming Soon & Maintenance Mode <= 1.0.11 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS2.4AI score0.00475EPSS
Exploits0Affected Software1
Total number of security vulnerabilities5000