Lucene search
K
WpvulndbMost viewed

14603 matches found

WPVulnDB
WPVulnDB
added 2017/02/28 12:0 a.m.22 views

Mobile App Native <= 3.0 - Remote File Upload

The code in file ./zen-mobile-app-native/server/images.php doesn't require authentication or check that the user is allowed to upload content. It also doesn't sanitize the file upload against executable code. PoC $ curl -F "file=@/var/www/shell.php"...

5CVSS1AI score0.07325EPSS
Exploits8References2Affected Software1
WPVulnDB
WPVulnDB
added 2017/02/20 12:0 a.m.22 views

rockhoist-badges 1.2.2 - Authenticated Stored Cross-Site Scripting (XSS)

The rockhoist-badges WordPress plugin was affected by an Authenticated Stored Cross-Site Scripting XSS security vulnerability...

4.3CVSS2.1AI score0.01353EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
added 2017/02/19 12:0 a.m.22 views

Time Sheets < 1.5.2 - Multiple XSS

The Time Sheets WordPress plugin was affected by a Multiple XSS security vulnerability...

4.3CVSS1.8AI score0.00905EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2016/12/08 12:0 a.m.22 views

Nelio AB Testing <= 4.5.8 - Server Side Request Forgery (SSRF)

The Nelio AB Testing WordPress plugin was affected by a Server Side Request Forgery SSRF security vulnerability...

6.4CVSS3AI score0.01649EPSS
Exploits0References2Affected Software1
WPVulnDB
WPVulnDB
added 2016/10/10 12:0 a.m.22 views

Simplified Content <= 1.0.0 - XSS

The Simplified Content WordPress plugin was affected by a XSS security vulnerability...

4.3CVSS2.1AI score0.02177EPSS
Exploits1References2Affected Software1
WPVulnDB
WPVulnDB
added 2016/08/01 12:0 a.m.22 views

Estatik < 2.3.1 - Arbitrary File Upload

The Estatik Real Estate Plugin WordPress plugin was affected by an Arbitrary File Upload security vulnerability...

5CVSS2.9AI score0.01884EPSS
Exploits2References2Affected Software1
WPVulnDB
WPVulnDB
added 2016/08/01 12:0 a.m.22 views

Adblock Blocker 0.0.1 - Arbitrary File Upload

The addblockblocker WordPress plugin was affected by an Arbitrary File Upload security vulnerability...

2.5AI score
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2016/06/21 12:0 a.m.22 views

WordPress 4.5.2 - Password Change via Stolen Cookie

...

5CVSS2.9AI score0.0279EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2016/06/20 12:0 a.m.22 views

Jetpack <= 4.0.3 - Multiple Vulnerabilities

Jetpack 4.0.4 fixes 3 security bugs: Private feedback form entries were made available publicly via the REST API Post By Email settings could be changed The Likes module was vulnerable to XSS...

4.3CVSS2.2AI score0.00952EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2016/05/18 12:0 a.m.22 views

Fluid Responsive Slideshow < 2.2.7 - CSRF & XSS

The Fluid Responsive Slideshow WordPress plugin was affected by a CSRF & XSS security vulnerability...

6.8CVSS2.6AI score0.00956EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2016/04/26 12:0 a.m.22 views

Gnucommerce < 0.5.7-beta - XSS

The GNUCommerce WordPress plugin was affected by a XSS security vulnerability...

4.3CVSS2.5AI score0.00923EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2016/04/23 12:0 a.m.22 views

Tevolution <= 2.2.7 - Unrestricted File Upload

Files 'single-upload.php' and 'singleupload.php' affected...

7.5CVSS9AI score0.01967EPSS
Exploits0References2Affected Software1
WPVulnDB
WPVulnDB
added 2016/04/13 12:0 a.m.22 views

Pondol Form to Mail <= 1.1 - Unauthenticated Reflected Cross-Site Scripting (XSS)

The pondol-formmail WordPress plugin was affected by an Unauthenticated Reflected Cross-Site Scripting XSS security vulnerability...

4.3CVSS1.5AI score0.03462EPSS
Exploits1References2Affected Software1
WPVulnDB
WPVulnDB
added 2016/04/12 12:0 a.m.22 views

WPSOLR <= 8.6 - Unauthenticated Reflected Cross-Site Scripting (XSS)

The WPSOLR - Elasticsearch and Solr search WordPress plugin was affected by an Unauthenticated Reflected Cross-Site Scripting XSS security vulnerability. PoC...

4.3CVSS0.04486EPSS
Exploits2References2Affected Software1
WPVulnDB
WPVulnDB
added 2015/11/24 12:0 a.m.22 views

GoCodes <= 1.3.5 - Authenticated XSS & Blind SQL Injection

The gocodes WordPress plugin was affected by an Authenticated XSS & Blind SQL Injection security vulnerability...

6.5CVSS2.9AI score0.01944EPSS
Exploits2References2Affected Software1
WPVulnDB
WPVulnDB
added 2015/08/28 12:0 a.m.22 views

NextGen Gallery < 2.1.15 - Path Traversal

The WordPress Gallery Plugin – NextGEN Gallery WordPress plugin was affected by a Path Traversal security vulnerability...

4CVSS3.2AI score0.10118EPSS
Exploits1References2Affected Software1
WPVulnDB
WPVulnDB
added 2015/08/22 12:0 a.m.22 views

MDC Private Message <= 1.0.0 - Authenticated Stored Cross-Site Scripting (XSS)

The mdc-private-message WordPress plugin was affected by an Authenticated Stored Cross-Site Scripting XSS security vulnerability...

3.5CVSS1.7AI score0.02394EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
added 2015/08/18 12:0 a.m.22 views

Tag Miner <= 1.1.2 - Cross-Site Request Forgery (CSRF) & XSS

The Tag Miner Automatic Tag Extraction WordPress plugin was affected by a Cross-Site Request Forgery CSRF & XSS security vulnerability...

6.8CVSS3.4AI score0.00904EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2015/08/18 12:0 a.m.22 views

WP Ultimate Csv Importer < 3.8.1 - XSS

The Import and Export WordPress Data as CSV or XML WordPress plugin was affected by a XSS security vulnerability...

4.3CVSS2.1AI score0.00958EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2015/08/05 12:0 a.m.22 views

WordPress <= 4.2.3 - Widgets Title Cross-Site Scripting (XSS)

...

4.3CVSS1.3AI score0.0801EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2015/07/29 12:0 a.m.22 views

qTranslate <= 2.5.39 - Cross-Site Scripting (XSS)

The qtranslate WordPress plugin was affected by a Cross-Site Scripting XSS security vulnerability...

4.3CVSS1.6AI score0.02055EPSS
Exploits3References2Affected Software1
WPVulnDB
WPVulnDB
added 2015/07/22 12:0 a.m.22 views

Paid Memberships Pro 1.8.4.2 - Cross-Site Scripting (XSS)

The Paid Memberships Pro WordPress plugin was affected by a Cross-Site Scripting XSS security vulnerability...

4.3CVSS5.7AI score0.02065EPSS
Exploits3References1Affected Software1
WPVulnDB
WPVulnDB
added 2015/07/07 12:0 a.m.22 views

Awesome Filterable Portfolio <= 1.8.6 - Authenticated Blind SQL Injection

The Awesome Filterable Portfolio WordPress plugin was affected by an Authenticated Blind SQL Injection security vulnerability...

6.5CVSS2.7AI score0.01918EPSS
Exploits2References2Affected Software1
WPVulnDB
WPVulnDB
added 2015/06/03 12:0 a.m.22 views

Codestyling Localization <= 1.99.30 - Multiple CSRF

Plugin is still affected and has been closed...

6.8CVSS2.3AI score0.00913EPSS
Exploits1References3Affected Software1
WPVulnDB
WPVulnDB
added 2015/05/20 12:0 a.m.22 views

CP Polls < 1.0.5 - XSS

The Polls CP WordPress plugin was affected by a XSS security vulnerability...

4.3CVSS2AI score0.00913EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2015/05/03 12:0 a.m.22 views

Showbiz Pro <= 1.7.1 - Shell Upload

The showbizpro WordPress plugin was affected by a Shell Upload security vulnerability...

7.5CVSS2.5AI score0.14775EPSS
Exploits1References3Affected Software1
WPVulnDB
WPVulnDB
added 2015/05/02 12:0 a.m.22 views

Ad Inserter 1.5.2 - CSRF & XSS

The Ad Inserter – Ad Manager & AdSense Ads WordPress plugin was affected by a CSRF & XSS security vulnerability...

6.8CVSS2.3AI score0.0098EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
added 2015/04/21 12:0 a.m.22 views

All In One WP Security And Firewall < 3.9.5 - XSS

The All In One WP Security & Firewall WordPress plugin was affected by a XSS security vulnerability...

4.3CVSS1.8AI score0.00923EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2015/04/20 12:0 a.m.22 views

Jetpack 3.0-3.4.2 - Cross-Site Scripting (XSS)

The Jetpack – WP Security, Backup, Speed, & Growth WordPress plugin was affected by a Cross-Site Scripting XSS security vulnerability...

4.3CVSS1.5AI score0.0095EPSS
Exploits0References2Affected Software1
WPVulnDB
WPVulnDB
added 2015/03/31 12:0 a.m.22 views

VideoWhisper Video Conference Integration 4.91.8 - Remote File Upload

Vendor marked as won't fix. See references...

7.5CVSS3.5AI score0.04323EPSS
Exploits1References3Affected Software1
WPVulnDB
WPVulnDB
added 2015/03/17 12:0 a.m.22 views

Gravity Forms 1.8 <= 1.9.3.5 - Authenticated Blind SQL Injection

Title: Gravity Forms 1.8 = 1.9.3.5 - Blind SQL Injection CVE-2015-2260 Version/s Tested: 1.9.3.1 Description: Gravity Forms is one of the most popular WordPress plugins gravityforms used to create forms for WordPress sites. The latest version at the time of writing 1.9.3.5 contains an authenticat...

8.4AI score0.05785EPSS
Exploits3References1Affected Software1
WPVulnDB
WPVulnDB
added 2015/02/22 12:0 a.m.22 views

Holding Pattern Theme <= 0.6 - Arbitrary File Upload

An attacker can exploit this vulnerability to upload arbitrary PHP code and run it in the context of the Web server process. This may facilitate unauthorized access or privilege escalation. Disclosure timeline: 2015-01-14 Vendor Alerted via email. 2015-01-14 Fix Requested via email. 2015-01-14...

7.5CVSS1.7AI score0.59254EPSS
Exploits6References2Affected Software1
WPVulnDB
WPVulnDB
added 2015/02/22 12:0 a.m.22 views

Image Metadata Cruncher - Multiple Cross-Site Scripting (XSS)

The image-metadata-cruncher WordPress plugin was affected by a Multiple Cross-Site Scripting XSS security vulnerability...

6.8CVSS2AI score0.01196EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2015/02/02 12:0 a.m.22 views

Feed Them Social < 1.7.0 - XSS & Arbitrary Shortcode Execution

The Feed Them Social – for Twitter feed, Youtube, Pinterest and more WordPress plugin was affected by a XSS & Arbitrary Shortcode Execution security vulnerability...

7.5CVSS3.1AI score0.02763EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2014/12/12 12:0 a.m.22 views

W3 Total Cache <= 0.9.4 - Cross-Site Request Forgery (CSRF)

The plugin does not validate the 'wpnonce' anti-CSRF token. This issue can be used to perform many actions. The most significant action with the biggest impact is the ability to redirect users to malicious websites. Functionality exists where specific user agent strings can be configured to be...

6.8CVSS2.8AI score0.01357EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
added 2014/11/24 12:0 a.m.22 views

DukaPress <= 2.5.3 - Unauthenticated Path Traversal

The DukaPress WordPress plugin was affected by an Unauthenticated Path Traversal security vulnerability...

5CVSS3.7AI score0.67631EPSS
Exploits6References2Affected Software1
WPVulnDB
WPVulnDB
added 2014/11/20 12:0 a.m.22 views

CP Polls < 1.0.1 - XSS

The Polls CP WordPress plugin was affected by a XSS security vulnerability...

4.3CVSS2AI score0.00913EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2014/10/17 12:0 a.m.22 views

XCloner - Backup and Restore < 3.1.2 - Multiple Vulnerabilities (RCE & LFI)

The Backup, Restore and Migrate WordPress Sites With the XCloner Plugin WordPress plugin was affected by a Backup and Restore 3.1.2 - Multiple Vulnerabilities RCE & LFI security vulnerability...

6.5CVSS1.8AI score0.07117EPSS
Exploits6References2Affected Software1
WPVulnDB
WPVulnDB
added 2014/10/02 12:0 a.m.22 views

Enfold < 3.0.1 - Unspecified Issue

The enfold WordPress theme was affected by an Unspecified Issue security vulnerability...

10CVSS2.3AI score0.02101EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2014/09/27 12:14 p.m.22 views

Quartz Plugin 1.01.1 - SQL Injection

The quartz WordPress plugin was affected by a SQL Injection security vulnerability...

6CVSS2.5AI score0.01943EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
added 2014/09/26 8:53 p.m.22 views

All In One WP Security plugin 3.8.2 - 2xSQL Injections

The All In One WP Security & Firewall WordPress plugin was affected by a 2xSQL Injections security vulnerability...

6.5CVSS2.2AI score0.04155EPSS
Exploits6References2Affected Software1
WPVulnDB
WPVulnDB
added 2014/09/24 12:0 a.m.22 views

I Recommend This < 3.7.3 - SQL Injection

The I Recommend This WordPress plugin was affected by a SQL Injection security vulnerability...

7.5CVSS2.7AI score0.01779EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2014/09/22 6:52 p.m.22 views

Wordfence 5.2.4 - IPTraf.php URI Request Stored XSS

The Wordfence Security – Firewall & Malware Scan WordPress plugin was affected by an IPTraf.php URI Request Stored XSS security vulnerability...

1.7AI score
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2014/09/19 12:0 a.m.22 views

Improved User Search in Backend < 1.2.6 - CSRF & XSS

The Improved user search in backend WordPress plugin was affected by a CSRF & XSS security vulnerability...

4.3CVSS2.5AI score0.02125EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
added 2014/08/12 12:0 a.m.22 views

Disqus <= 2.75 - Cross-Site Scripting (XSS) & CSRF

The Disqus Comment System WordPress plugin was affected by a Cross-Site Scripting XSS & CSRF security vulnerability...

6.8CVSS2.3AI score0.06095EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2014/08/01 10:59 a.m.22 views

DejaVu 2.4 - dl-skin.php _mysite_download_skin Parameter Absolute Path Traversal Remote File Download

The dejavu WordPress theme was affected by a dl-skin.php mysitedownloadskin Parameter Absolute Path Traversal Remote File Download security vulnerability...

4AI score
Exploits0References2Affected Software1
WPVulnDB
WPVulnDB
added 2014/08/01 10:59 a.m.22 views

Bulteno - Remote File Upload

The bulteno-theme WordPress theme was affected by a Remote File Upload security vulnerability...

1.9AI score
Exploits0References4Affected Software1
WPVulnDB
WPVulnDB
added 2014/08/01 10:59 a.m.22 views

AskApache Firefox Adsense 3.0 - Unspecified CSRF

The askapache-firefox-adsense WordPress plugin was affected by an Unspecified CSRF security vulnerability...

6.8CVSS3AI score0.01151EPSS
Exploits4References1Affected Software1
WPVulnDB
WPVulnDB
added 2014/08/01 10:59 a.m.22 views

Social Sharing Toolkit 2.1.1 - Setting Manipulation CSRF

The Social Sharing Toolkit WordPress plugin was affected by a Setting Manipulation CSRF security vulnerability...

6.8CVSS2AI score0.0097EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2014/08/01 10:59 a.m.22 views

platinum_seo_pack.php - s Parameter Reflected XSS

The Platinum SEO WordPress plugin was affected by a s Parameter Reflected XSS security vulnerability...

4.3CVSS2.5AI score0.01618EPSS
Exploits1Affected Software1
Total number of security vulnerabilities5000