Lucene search
K
WpvulndbMost viewed

14603 matches found

WPVulnDB
WPVulnDB
added 2021/11/01 12:0 a.m.22 views

Google Maps Easy < 1.10.1 - Admin+ Stored Cross-Site Scripting

The plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via several parameters found in the /modules/markergroups/views/tpl/mgrEditMarkerGroup.php file which allowed attackers with administrative user access to inject arbitrary web scripts. Th...

4.8CVSS5.1AI score0.00944EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
added 2021/10/29 12:0 a.m.22 views

Smash Balloon Social Post Feed < 4.0.1 - Subscriber+ Arbitrary Plugin Settings Update to Stored XSS

The plugin did not have any privilege or nonce validation before saving the plugin's setting. As a result, any logged-in user on a vulnerable site could update the settings and store rogue JavaScript on each of its posts and pages...

5.4CVSS5.5AI score0.00654EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
added 2021/10/18 12:0 a.m.22 views

WP Performance Score Booster < 2.1 - Settings Change via CSRF

The plugin does not have CSRF check when saving its settings, which could allow attackers to make a logged in admin change them via a CSRF attack. PoC...

4.3CVSS3.7AI score0.00435EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2021/10/18 12:0 a.m.22 views

Content Staging <= 2.0.1 - Admin+ Stored Cross-Site Scripting

The plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and escaping via several parameters that are echo’d out via the /templates/settings.php file which allowed attackers with administrative user access to inject arbitrary web scripts. This affects multi-sit...

5.5CVSS4.5AI score0.00957EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
added 2021/10/13 12:0 a.m.22 views

Backdoored Plugins & Themes from AccessPress Themes

Numerous Plugins and Themes from the AccessPress Themes aka Access Keys vendor are backdoored due to their website being compromised. Only plugins and themes downloaded via the vendor website are affected, and those hosted on wordpress.org are not. However, all of them were updated or removed to...

3.8AI score0.18878EPSS
Exploits1References1Affected Software93
WPVulnDB
WPVulnDB
added 2021/09/29 12:0 a.m.22 views

WPeMatico RSS Feed Fetcher < 2.6.12 - Admin+ Stored Cross-Site Scripting

The plugin does not escape the Feed URL added to a campaign before outputting it in an attribute, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. PoC Create/edit a campaign and add the following feed URL:...

4.8CVSS1AI score0.00622EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2021/09/21 12:0 a.m.22 views

Game Server Status <= 1.0 - Admin+ SQL Injection

The plugin does not validate or escape the serverid parameter before using it in SQL statement, leading to an Authenticated SQL Injection in an admin page PoC sqlmap -u "https://example.com/wp-admin/admin.php?page=grohsfabian-add-game-serversid=1" -p serverid --dbms mysql --cookie your cookie...

7.2CVSS0.2AI score0.013EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2021/09/09 12:0 a.m.22 views

WP-T-Wap <= 1.13.2 - Reflected Cross-Site Scripting

The plugin is vulnerable to Reflected Cross-Site Scripting via the posted parameter found in the /wap/writer.php file which allows attackers to inject arbitrary web scripts...

6.1CVSS4.6AI score0.00895EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
added 2021/09/08 12:0 a.m.22 views

RentPress <= 6.6.4 - Reflected Cross-Site Scripting

The plugin is vulnerable to Reflected Cross-Site Scripting via the selections parameter found in the /src/rentPress/AjaxRequests.php file which allows attackers to inject arbitrary web scripts...

6.1CVSS4.3AI score0.00938EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
added 2021/09/06 12:0 a.m.22 views

User Registration < 2.0.2 - Low Privilege Stored Cross-Site Scripting

The plugin does not properly sanitise the userregistrationprofilepicurl value when submitted directly via the userregistrationupdateprofiledetails AJAX action. This could allow any authenticated user, such as subscriber, to perform Stored Cross-Site attacks when their profile is viewed PoC 1...

5.4CVSS1.3AI score0.006EPSS
Exploits3Affected Software1
WPVulnDB
WPVulnDB
added 2021/09/02 12:0 a.m.22 views

Meow Gallery < 4.1.9 - Contributor+ SQL Injection

The plugin does not sanitise, validate or escape the ids attribute of its gallery shortcode available for users as low as Contributor before using it in an SQL statement, leading to an authenticated SQL Injection issue. The injection also allows the returned values to be manipulated in a way that...

8.1CVSS1.7AI score0.01131EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2021/08/30 12:0 a.m.22 views

Countdown Block < 1.1.2 - Missing Authorisation in AJAX action

The plugin does not have authorisation in the ebwriteblockcss AJAX action, which allows any authenticated user, such as Subscriber, to modify post contents displayed to users. v1.1.1 attempt to fix the issue was incomplete, still allowing it to be exploited via a CSRF attack on an admin due to a...

4.3CVSS1.5AI score0.0065EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2021/08/26 12:0 a.m.22 views

Woffice < 4.0.2 - Unauthenticated Disclosure of Notification Titles

The theme lacks authentication checks before returning the titles of notifications between the site's users. PoC Any request to the wofficeNotificationGet ajax endpoint will return titles of notifications sent between users. Example:...

1.6AI score
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2021/08/23 12:0 a.m.22 views

Timetable and Event Schedule by MotoPress < 2.3.19 - Author+ Stored Cross-Site Scripting

The plugin does not sanitise some of its parameters, which could allow low privilege users such as author to perform XSS attacks against frontend and backend users when viewing the related event/s PoC Create an event with the following payload in the description of a timeslot: The XSS will be...

5.4CVSS4.7AI score0.00888EPSS
Exploits2References2Affected Software1
WPVulnDB
WPVulnDB
added 2021/08/23 12:0 a.m.22 views

OMGF < 4.5.4 - Unauthenticated Path Traversal in REST API

The plugin does not escape or validate the handle parameter of the REST API, which allows unauthenticated users to perform path traversal and overwrite arbitrary CSS file with Google Fonts CSS, or download fonts uploaded on Google Fonts website. PoC Access the URL below as unauthenticated...

9.1CVSS0.8AI score0.01762EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2021/08/22 12:0 a.m.22 views

Create WooCommerce Product Feeds For 40+ Merchants < 3.3.1.0 - Authenticated SQL Injection

The fetchproductajax functionality in the plugin uses a productid POST parameter which is not properly sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection. PoC POST /wp-admin/admin-ajax.php HTTP/1.1 Content-Length: 162 Accept: / X-Requested-With:...

6.5CVSS0.5AI score0.01484EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2021/08/17 12:0 a.m.22 views

Icegram < 2.0.3 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise some parameters, such as headline, which could allow high prolegs users to perform Cross-Site Scripting attacks...

5.4CVSS2.4AI score0.00552EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2021/08/13 12:0 a.m.22 views

WP Songbook <= 2.0.11 - Reflected Cross-Site Scripting

The plugin is vulnerable to Reflected Cross-Site Scripting via the url parameter found in the /inc/class.ajax.php file which allows attackers to inject arbitrary web scripts...

6.1CVSS4.5AI score0.00844EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
added 2021/08/13 12:0 a.m.22 views

Moova for WooCommerce < 3.8 - Reflected Cross-Site Scripting

The plugin does not escape the lat parameter of the moovacustomfields AJAA action available to both unauthenticated and authenticated users before outputting it back in the response, leading to a Reflected Cross-Site Scripting issue PoC...

6.1CVSS3.3AI score0.00938EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2021/08/13 12:0 a.m.22 views

jQuery Tagline Rotator <= 0.1.5 - Reflected Cross-Site Scripting

The plugin is vulnerable to Reflected Cross-Site Scripting due to the use of $SERVER'PHPSELF' in the /jquery-tagline-rotator.php file which allows attackers to inject arbitrary web scripts...

6.1CVSS4.4AI score0.00895EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
added 2021/08/09 12:0 a.m.22 views

Site Reviews < 5.13.1 - Authenticated Stored XSS

The plugin does not sanitise some of its Review Details when adding a review as an admin, which could allow them to perform Cross-Site Scripting attacks when the unfilteredhtml is disallowed PoC As an admin, create a review via the Admin dashboard /wp-admin/post-new.php?posttype=site-review and a...

5.4CVSS2.5AI score0.00624EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2021/07/24 12:0 a.m.22 views

AceIDE <= 2.6.2 - Authenticated (admin+) Arbitrary File Access

The plugin does not sanitise or validate the user input which is appended to system paths before using it in various actions, such as to read arbitrary files from the server. This allows high privilege users such as administrator to access any file on the web server outside of the blog directory...

4CVSS2.1AI score0.0157EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2021/07/23 12:0 a.m.22 views

Embed Youtube Video <= 1.0 - Authenticated SQL Injection

The editid GET parameter of the plugin is not sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection. PoC GET /wp-admin/admin.php?page=embed-youtube-video-add=-6425+UNION+ALL+SELECT+NULL%2Cuser%28%29%2CNULL%2CNULL%2CNULL-- HTTP/1.1 Cache-Control: max-age=0...

6.5CVSS0.6AI score0.01547EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2021/07/03 12:0 a.m.22 views

WordPress Popular Posts < 5.3.4 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape the widget-wpp2posttype parameter before outputting it in the page, which could lead to a Stored Cross-Site Scripting issue...

3.5CVSS0.9AI score0.00566EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2021/06/30 12:0 a.m.22 views

YITH Request a Quote for WooCommerce < 1.6.4 - Unauthorised AJAX call via CSRF

The ajax method did not properly check for CSRF, allowing attackers to make users call the ajaxadditem, ajaxremoveitem or ajaxvariationexist actions, which will tamper with their session quote. PoC POST /wp-admin/admin-ajax.php HTTP/1.1 Accept: application/json, text/javascript, /; q=0.01...

2.2AI score
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2021/06/28 12:0 a.m.22 views

ProfilePress 3.0 - 3.1.3 - Authenticated Privilege Escalation

The user profile update functionality of the plugin allowed arbitrary user meta to be supplied, including wpcapabilities, during a profile update which made it possible for users to escalate their privileges to that of an an administrator. PoC 'Hax0r3', 'regemail' = '[email protected]',...

9.8CVSS0.8AI score0.0412EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2021/06/14 12:0 a.m.22 views

FoodBakery < 2.2 - Reflected Cross-Site Scripting (XSS)

The plugin, used in the theme did not properly sanitize the foodbakeryradius parameter before outputting it back in the response, leading to an unauthenticated Reflected Cross-Site Scripting XSS vulnerability. PoC...

6.1CVSS0.04348EPSS
Exploits2Affected Software2
WPVulnDB
WPVulnDB
added 2021/06/07 12:0 a.m.22 views

WP Hardening < 1.2.2 - Reflected XSS via URI

The plugin did not sanitise or escape the $SERVER'REQUESTURI' before outputting it in an attribute, leading to a reflected Cross-Site Scripting issue. PoC https://example.com/wp-admin/plugins.php?%22%3E%3Cscript%3Ealertdocument.domain%3C/script%3Cv=...

6.1CVSS0.4AI score0.00827EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2021/05/31 12:0 a.m.22 views

The Plus Addons for Elementor Page Builder < 4.1.11 - Arbitrary Reset Pwd Email Sending

The plugin did not properly check that a user requesting a password reset was the legitimate user, allowing an attacker to send an arbitrary reset password email to a registered user on behalf of the WordPress site. Such issue could be chained with an open redirect...

5.3CVSS0.0111EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2021/05/26 12:0 a.m.22 views

Simple 301 Redirects by BetterLinks - 2.0.0 – 2.0.3 - Update and Retrieve Wildcard Value

In the plugin, the lack of capability checks and insufficient nonce check on the AJAX actions, simple301redirects/admin/getwildcard and simple301redirects/admin/wildcard, made it possible for authenticated users to retrieve and update the wildcard value for redirects. PoC $wpuser, 'pwd' = $wppass...

4.3CVSS1.4AI score0.0072EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2021/05/07 12:0 a.m.22 views

Ultimate Member < 2.1.20 - Authenticated Reflected Cross-Site Scripting (XSS)

The plugin did not properly sanitise, validate or encode the query string when generating a link to edit user's own profile, leading to an authenticated reflected Cross-Site Scripting issue. Knowledge of the targeted username is required to exploit this, and attackers would then need to make the...

5.4CVSS5.2AI score0.0062EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2021/05/06 12:0 a.m.22 views

PickPlugins Product Slider for WooCommerce < 1.13.22 - Reflected Cross-Site Scripting (XSS)

The slider import search feature of the plugin settings did not properly sanitised the keyword GET parameter, leading to reflected Cross-Site Scripting issue PoC https://example.com/wp-admin/edit.php?posttype=wcps=importlayouts="onmouseover=alert1;//...

6.1CVSS0.3AI score0.10587EPSS
Exploits5Affected Software1
WPVulnDB
WPVulnDB
added 2021/05/05 12:0 a.m.22 views

Target First Plugin 2.0 - Unauthenticated Stored XSS via Licence Key

The Target First WordPress Plugin, also previously known as Watcheezy, suffered from a critical unauthenticated stored XSS vulnerability. An attacker could change the licence key value through a POST on any URL with the "weeWzKey" parameter that will be save as the "weeID" option. The input value...

6.1CVSS0.7AI score0.01188EPSS
Exploits2References2Affected Software1
WPVulnDB
WPVulnDB
added 2021/04/30 12:0 a.m.22 views

Give WP < 2.10.4 - Authenticated Stored Cross-Site Scripting (XSS)

The plugin did not sanitise or escape the Background Image field of its Stripe Checkout Setting and Logo field in its Email settings, leading to authenticated admin+ Stored XSS issues. Notes WPScanTeam - The original reporter mentioned the issue being fixed in 2.10.2, but we could still trigger i...

4.8CVSS0.7AI score0.00664EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2021/04/20 12:0 a.m.22 views

Redirection for Contact Form 7 < 2.3.4 - Authenticated Arbitrary Plugin Installation

In the plugin, low level users, such as subscribers, could use the importfromdebug AJAX action to install any plugin from the WordPress repository. PoC $wpuser, 'pwd' = $wppass, 'rememberme' = 'forever', 'wp-submit' = 'Log+In', ; $output = curlexec$ch; curlclose$ch; // Install some plugins $ch =...

4CVSS2.4AI score0.00831EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2021/04/13 12:0 a.m.22 views

CM Download Manager < 2.8.0 - Unauthenticated Reflected Cross Site Scripting (XSS)

The plugin is vulnerable to Unauthenticated Cross Site Scripting XSS before version 2.8.0...

4.3CVSS3.6AI score0.00996EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2021/04/13 12:0 a.m.22 views

Elementor Addon Elements < 1.11.2 - Contributor+ Stored XSS

The “Elementor Addon Elements” WordPress Plugin before 1.11.2 has several widgets that are vulnerable to stored Cross-Site Scripting XSS by lower-privileged users such as contributors, all via a similar method. The “Flip Box” widget accepts a “fronttitlehtmltag” parameter. Although the element...

3.5CVSS0.8AI score0.0059EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2021/04/13 12:0 a.m.22 views

Livemesh Addons for Elementor < 6.8 - Contributor+ Stored XSS

The “Livemesh Addons for Elementor” WordPress Plugin before 6.8 has several widgets that are vulnerable to stored Cross-Site Scripting XSS by lower-privileged users such as contributors, all via a similar method. The “Heading” widget accepts a “titletag” parameter. Although the element control...

3.5CVSS1.3AI score0.00663EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
added 2021/04/10 12:0 a.m.22 views

Event Banner <= 1.3 - Arbitrary File Upload to RCE

The plugin does not verify the uploaded image file, allowing admin accounts to upload arbitrary files, such as .exe, .php, or others executable, leading to RCE. Due to the lack of CSRF check, the issue can also be used via such vector to achieve the same result, or via a LFI as authorisation chec...

6.5CVSS0.8AI score0.01678EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2021/03/26 12:0 a.m.22 views

Quiz And Survey Master < 7.1.12 - Authenticated SQL injection via shortcode

The plugin did not sanitise the resultid GET parameter on pages with the qsmresult shortcode without id attribute, concatenating it in a SQL statement and leading to an SQL injection. The lowest role allowed to use this shortcode in post or pages being author, such user could gain unauthorised...

6.5CVSS0.2AI score0.01893EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2021/03/16 12:0 a.m.22 views

wpDataTables < 3.4.2 - Improper Access Control leading to Table Data Deletion

The plugin has Improper Access Control. A low privilege authenticated user that visits the page where the table is published can tamper the parameters to delete the data of another user that are present in the same table through idkey and idval parameters. By exploiting this issue an attacker is...

5.5CVSS4.1AI score0.0147EPSS
Exploits0References2Affected Software1
WPVulnDB
WPVulnDB
added 2021/03/13 12:0 a.m.22 views

VM Backups <= 1.0 - CSRF to Stored Cross-Site Scripting (XSS)

The plugin does not have CSRF checks, allowing attackers to make a logged in user unwanted actions, such as update the plugin's options, leading to a Stored Cross-Site Scripting issue. PoC The PoC will be displayed once the issue has been remediated...

4.3CVSS3.8AI score0.00377EPSS
Exploits1Affected Software1
WPVulnDB
WPVulnDB
added 2021/02/26 12:0 a.m.22 views

WP File Manager < 7.1 - Reflected Cross-Site Scripting (XSS)

During a quick security auditing of the plugin, in the default configuration a Reflected XSS can occur on the endpoint /wp-admin/admin.php?page=wpfilemanagerproperties when a payload is submitted on the User-Agent parameter. The payload is then reflected back on the web application response...

1.3AI score0.00898EPSS
Exploits1References2Affected Software1
WPVulnDB
WPVulnDB
added 2021/02/16 12:0 a.m.22 views

Ninja Forms < 3.4.34 - Administrator Open Redirect

The wpajaxnfoauthconnect AJAX action was vulnerable to open redirect due to the use of a user supplied redirect parameter and no protection in place. PoC http://mysite.com/wp-admin/admin-ajax.php?clientid=1=https://google.com=nfoauthconnect...

0.7AI score0.01643EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2021/02/10 12:0 a.m.22 views

Map Block for Google Maps < 1.32 - Unauthorised Google API Key change

The gmwmapblocksavekey AJAX action, available to both authenticated and unauthenticated users did not have any check in place to prevent unauthorised change of the Google API key. PoC...

3.2AI score
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2021/02/08 12:0 a.m.22 views

Digital Publications by Supsystic < 1.6.12 - Authenticated Path Traversal

The "Folder" tab under "Publications" is vulnerable to path traversal and exposes limited information, for example, the user can gain information regarding images stored in outside of the WordPress blog, ie, home directories. PoC Enter the following payload into the "Folder" input field of a...

2.2AI score
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2021/01/15 12:0 a.m.22 views

Pods < 2.7.27 - Authenticated Stored Cross-Site Scripting (XSS)

The plugin was vulnerable to an Authenticated Stored Cross-Site Scripting XSS security vulnerability within the 'Singular Label' field parameter. It is recommended that the Pods WordPress plugin be updated to at least version 2.7.27, which fixes the vulnerability...

3.5CVSS2.4AI score0.00792EPSS
Exploits1References2Affected Software1
WPVulnDB
WPVulnDB
added 2021/01/06 12:0 a.m.22 views

Advanced Custom Fields < 5.8.12 - Cross-Site Scripting in Select2 dropdowns

The plugin did not correctly escape input from Select2 dropdowns, which could lead to Cross-Site Scripting issues...

4.3CVSS1.9AI score0.00896EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2020/12/14 12:0 a.m.22 views

Limit Login Attempts Reloaded < 2.16.0 - Authenticated Reflected Cross-Site Scripting

The plugin does not properly sanitise user input in its options page, which could allow attackers to perform XSS attacks against logged in administrator by making them open a malicious URL The issue was partially fixed in 2.15.1, and fully remediated in 2.16.0 PoC...

3.5CVSS2.5AI score0.00767EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2020/12/11 12:0 a.m.22 views

Ultimate Category Excluder < 1.2 - Cross-Site Request Forgery

The plugin did not check for CSRF nonce in its options page, allowing attacker to perform CSRF attacks against logged in users...

6.8CVSS4.7AI score0.00887EPSS
Exploits1References1Affected Software1
Total number of security vulnerabilities5000