Lucene search
K
WpvulndbMost viewed

14602 matches found

WPVulnDB
WPVulnDB
added 2022/06/13 12:0 a.m.52 views

Elementor < 3.5.6 - DOM Reflected Cross-Site Scripting

The plugin does not sanitise and escape user input appended to the DOM via malicious Lightbox settings, resulting in a DOM Cross-Site Scripting issue PoC...

6.1CVSS0.2AI score0.2318EPSS
Exploits7References1Affected Software1
WPVulnDB
WPVulnDB
added 2017/10/31 12:0 a.m.52 views

WordPress <= 4.8.2 - $wpdb->prepare() Weakness

Description WordPress versions 4.8.2 and earlier are affected by an issue where $wpdb-prepare can create unexpected and unsafe queries leading to potential SQL injection SQLi. WordPress core is not directly vulnerable to this issue, but we’ve added hardening to prevent plugins and themes from...

9.8CVSS9.7AI score0.07744EPSS
Exploits0References4
WPVulnDB
WPVulnDB
added 2023/06/29 12:0 a.m.51 views

Ultimate Member < 2.6.7 - Unauthenticated Privilege Escalation

The plugin does not prevent visitors from creating user accounts with arbitrary capabilities, effectively allowing attackers to create administrator accounts at will. This is actively being exploited in the wild. PoC POST /register/ HTTP/1.1 Host: wpscan-vulnerability-test-bench.ddev.site...

9.8CVSS8.9AI score0.72306EPSS
Exploits12References1Affected Software1
WPVulnDB
WPVulnDB
added 2022/12/06 12:0 a.m.51 views

YITH WooCommerce Gift Cards < 3.20.0 - Unauthenticated Arbitrary File Upload

The plugin does not validate files to be uploaded, allowing unauthenticated attackers to upload arbitrary files, such as PHP...

9.8CVSS4.8AI score0.13514EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2021/06/28 12:0 a.m.51 views

Onair2 < 3.9.9.2 & KenthaRadio < 2.0.2 - Unauthenticated RFI and SSRF

The theme and plugin have exposed proxy functionality to unauthenticated users, sending requests to this proxy functionality will have the web server fetch and display the content from any URI, this would allow for SSRF Server Side Request Forgery and RFI Remote File Inclusion vulnerabilities on...

7.5CVSS1.9AI score0.56614EPSS
Exploits2Affected Software2
WPVulnDB
WPVulnDB
added 2020/04/30 12:0 a.m.51 views

WordPress < 5.4.1 - Authenticated Cross-Site Scripting (XSS) in Customizer

Description Authenticated users could corrupt JSON data in the Customizer of other users' to inject malicious JavaScript...

5.8CVSS5.6AI score0.01533EPSS
Exploits0References4
WPVulnDB
WPVulnDB
added 2015/04/21 12:0 a.m.51 views

WordPress <= 4.1.1 - Unauthenticated Stored Cross-Site Scripting (XSS)

Description WordPress versions 4.1.1 and earlier are affected by a critical cross-site scripting vulnerability, which could enable anonymous users to compromise a site...

4.3CVSS5.4AI score0.08467EPSS
Exploits1References2
WPVulnDB
WPVulnDB
added 2005/01/06 12:0 a.m.51 views

WordPress 1.5 & 1.5.1.1 - SQL Injection

...

7.5CVSS1.8AI score0.03139EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/03/20 12:0 a.m.50 views

Avada < 7.11.7 - Authenticated (Admin+) SQL Injection via entry

Description The Avada theme for WordPress is vulnerable to SQL Injection via the 'entry' parameter in all versions up to, and including, 7.11.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

7.2CVSS7.3AI score0.00828EPSS
Exploits1References1
WPVulnDB
WPVulnDB
added 2023/12/14 12:0 a.m.50 views

Slider Revolution < 6.6.19 - Author+ Insecure Deserialization leading to RCE

Description The plugin does not prevent users with at least the Author role from unserializing arbitrary content when importing sliders, potentially leading to Remote Code Execution. PoC 1. Make sure to configure the plugin so Authors can access its settings 2. Create a new slider. 3. Save and...

8.8CVSS7.2AI score0.0137EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2023/02/16 12:0 a.m.50 views

Media Library Assistant < 3.06 - Admin+ SQLi

The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin. PoC POST /wp-admin/tools.php?page=insertfixit-tools HTTP/1.1...

7.2CVSS7.8AI score0.00785EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
added 2022/06/15 12:0 a.m.50 views

eaSYNC < 1.1.16 - Unauthenticated Arbitrary File Upload

The plugin suffers from insufficient input validation which leads to arbitrary file upload and subsequently to remote code execution. An AJAX action accessible to unauthenticated users is affected by this issue. An allowlist of valid file extensions is defined but is not used during the validatio...

9.8CVSS1.8AI score0.23487EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/02/10 12:0 a.m.50 views

wpDiscuz < 7.3.12 - Sensitive Information Disclosure

The plugin is affected by a sensitive information disclosure...

7.5CVSS0.8AI score0.01092EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2020/06/11 12:0 a.m.50 views

WordPress < 5.4.2 - Misuse of set-screen-option Leading to Privilege Escalation

Description Props to Simon Scannell of RIPS Technologies for finding an issue where set-screen-option can be misused by plugins leading to privilege escalation...

6CVSS5.2AI score0.01729EPSS
Exploits0References3
WPVulnDB
WPVulnDB
added 2019/09/05 12:0 a.m.50 views

WordPress 5.2.2 - Cross-Site Scripting (XSS) in Stored Comments

Description From the WordPress version release notes: "Props to Simon Scannell of RIPS Technologies for finding and disclosing two issues. The first, a cross-site scripting XSS vulnerability found in post previews by contributors. The second was a cross-site scripting vulnerability in stored...

6.1CVSS5.9AI score0.01808EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2018/12/25 12:0 a.m.50 views

JSmol2WP <= 1.07 - Unauthenticated Server Side Request Forgery (SSRF)

The jsmol2wp WordPress plugin was affected by an Unauthenticated Server Side Request Forgery SSRF security vulnerability. PoC http://localhost:8080/wp-content/plugins/jsmol2wp/php/jsmol.php?isform=true=getRawDataFromDatabase=php://filter/resource=../../../../wp-config.php...

5CVSS1.1AI score0.13078EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2015/07/23 12:0 a.m.50 views

WordPress <= 4.2.2 - Authenticated Stored Cross-Site Scripting (XSS)

Description Authenticated Cross-Site Scripting XSS in post/page text editor mode. Editor user and up. PoC link...

4CVSS5.9AI score0.08814EPSS
Exploits1References3
WPVulnDB
WPVulnDB
added 2024/05/17 12:0 a.m.49 views

Yoast SEO < 22.7 - Authenticated (Contributor+) Stored Cross-Site Scripting

Description The Yoast SEO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘displayname’ author meta in all versions up to, and including, 22.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS5.8AI score0.0063EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/02 12:0 a.m.49 views

Elementor Website Builder Pro < 3.21.2 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting

Description The Elementor Website Builder – More than Just a Page Builder Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the several parameters in versions up to, and including, 3.21.0 due to insufficient input sanitization and output escaping. This makes it possible fo...

6.4CVSS5.9AI score0.00419EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/12/08 12:0 a.m.49 views

JetEngine < 3.2.5 - Missing Authorization

Description The JetEngine plugin for WordPress is vulnerable to unauthorized access due to a missing capability check in versions up to, and including, 3.2.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform an unauthorized action...

6.7AI score0.003EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/29 12:0 a.m.49 views

eCommerce Product Catalog for WordPress < 3.3.27 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

Description The eCommerce Product Catalog Plugin for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's iccontainer shortcode in all versions up to, and including, 3.3.26 due to insufficient input sanitization and output escaping on user supplied...

6.5CVSS5.7AI score0.00409EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/29 12:0 a.m.49 views

Form Maker < 1.15.21 - Captcha Bypass

Description The Form Maker plugin for WordPress is vulnerable to Captcha Bypass in versions up to, and including, 1.15.20 due to insufficient input verification. This makes it possible for unauthenticated attackers to automate form submissions...

7AI score0.00374EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/24 12:0 a.m.49 views

Essential Blocks <= 4.2.0 - Unauthenticated PHP Object Injection via queries

Description The Essential Blocks plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 4.2.0 via deserialization of untrusted input in the getposts function. This allows unauthenticated attackers to inject a PHP Object. No POP chain is present in the...

8.1CVSS7.8AI score0.00768EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/03/28 12:0 a.m.49 views

Elementor Pro < 3.11.7 - Subscriber+ Arbitrary Options Update

The plugin does not have authorisation in an AJAX action relying only on a nonce, which is available to any authenticated users, and does not validate the options to be updated. This allows any authenticated users, such as subscriber to update arbitrary blog options, such as the defaultrole, when...

8.8CVSS6.5AI score0.2272EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2022/12/27 12:0 a.m.49 views

All In One WP Security & Firewall < 5.1.3 - Configuration Leak

The plugin leaked settings of the plugin publicly, including the used email address. PoC Config leak in previous versions: "aiowpsremovewpgeneratormetainfo" filetype:txt https://www.google.com/search?q=%22aiowpsremovewpgeneratormetainfo%22+filetype%3Atxt Search for aiowpsemailaddress...

5.3CVSS0.3AI score0.00658EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/10/12 12:0 a.m.49 views

Shortcodes Ultimate < 5.12.1 - Stored XSS via CSRF

The plugin does not have CSRF check when adding a Preset, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads in a Preset created via a CSRF attack...

8.8CVSS4.1AI score0.00293EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2020/05/01 12:0 a.m.49 views

Avada < 6.2.3 - Missing Permission Checks leading to Arbitrary Post Creation, Edition, Deletion and Stored XSS

Description NinTechNet disclosed multiple security vulnerabilities affecting the premium Avada WordPress theme on their blog after responsibly disclosing the security vulnerabilities to Avada. These vulnerabilities included: - Content Injection & Stored XSS - Arbitrary Post Deletion - Arbitrary...

6.4CVSS6.6AI score0.00648EPSS
Exploits1References2
WPVulnDB
WPVulnDB
added 2020/04/02 12:0 a.m.49 views

Art-Picture-Gallery <= 1.2.9 - Unauthenticated Arbitrary File Upload

Edit WPScanTeam: March 26th, 2020 - Report Received & Vendor Contacted March 30th, 2020 - Escalated to WP Plugins team as no response from vendor March 31st, 2020 - WP Plugins team investigating & Plugin closed April 2nd, 2020 - Disclosure PoC The PoC will be displayed once the issue has been...

7.5CVSS2AI score0.97107EPSS
Exploits15Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/23 12:0 a.m.48 views

Prime Slider < 3.14.2 - Contributor+ Stored XSS via Pagepiling Widget

Description The plugin is vulnerable to Stored Cross-Site Scripting via the plugin's Pagepiling widget due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject...

6.4CVSS5.8AI score0.00259EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/03/04 12:0 a.m.48 views

Elementor Pro < 3.19.3 - Authenticated (Contributor+) Information Exposure

Description The Elementor Website Builder Pro plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.19.2 . This makes it possible for authenticated attackers, with contributor-level access and above, to extract arbitrary user meta values...

6.5CVSS6.9AI score0.00529EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/23 12:0 a.m.48 views

iPages Flipbook < 1.5.0 - Authenticated (Administrator+) SQL Injection

Description The iPages Flipbook For WordPress plugin for WordPress is vulnerable to SQL Injection via the orderby parameter in all versions up to 1.5.0 exclusive due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...

7.6CVSS7.4AI score0.0054EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/23 12:0 a.m.48 views

WP Category Post List Widget <= 2.0.3 - Cross-Site Request Forgery via gen_set_page

Description The WP Category Post List Widget plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.0.3. This is due to missing or incorrect nonce validation on the 'gensetpage' function. This makes it possible for unauthenticated attackers to modify...

8.8CVSS6.6AI score0.00294EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2023/11/23 12:0 a.m.48 views

LifterLMS < 7.5.0 - Authenticated(Administrator+) Directory Traversal to Arbitrary CSV File Deletion

Description The LifterLMS – WordPress LMS Plugin for eLearning plugin for WordPress is vulnerable to Directory Traversal in versions up to, and including, 7.4.2 via the maybeserveexport function. This makes it possible for authenticated attackers, with administrator or LMS manager access and abov...

6.7CVSS6.4AI score0.00823EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/01/10 12:0 a.m.48 views

PDF.js Viewer < 2.1.8 - Contributor+ Stored XSS via Shortcode

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. PoC pdfjs-viewer viewerheight='"...

5.4CVSS3.6AI score0.00562EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/02/28 12:0 a.m.48 views

Infographic Maker - iList < 4.3.8 - Unauthenticated SQL Injection

The plugin does not validate and escape the postid parameter before using it in a SQL statement via the qcldupvoteaction AJAX action available to unauthenticated and authenticated users, leading to an unauthenticated SQL Injection PoC curl https://example.com/wp-admin/admin-ajax.php --data...

9.8CVSS2AI score0.15254EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2022/02/14 12:0 a.m.48 views

WP Cerber Security, Anti-spam & Malware Scan < 8.9.6 - Unauthenticated Stored Cross-Site Scripting

The plugin does not sanitise the $url variable before using it in an attribute in the Activity tab in the plugins dashboard, leading to an unauthenticated stored Cross-Site Scripting vulnerability. PoC POST /"/onmouseover=alert1;// HTTP/1.1 Host: 127.0.0.1 Content-Type:...

6.1CVSS0.01378EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2021/02/05 12:0 a.m.48 views

Ultimate GDPR & CCPA Compliance Toolkit < 2.5 - Unauthenticated Plugin Settings Export and Import

The plugin used the isadmin method as an authorisation check, which does not check if the user is a an administrator. This could allow unauthenticated attackers to import arbitrary plugin’s settings and redirect all traffic to an external malicious website for example. Even though proper capabili...

2.9AI score
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2016/03/29 12:0 a.m.48 views

Ebook Download < 1.2 - Directory Traversal

The Zedna eBook download WordPress plugin was affected by a Directory Traversal security vulnerability...

5CVSS3.2AI score0.11662EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/17 12:0 a.m.47 views

Web3 – Crypto wallet Login & NFT token gating < 3.0.0 - Authentication Bypass

Description The plugin is vulnerable to an authentication bypass due to incorrect authentication checking in the login flow in functions 'handleauthrequest' and 'hadleloginrequest'. This makes it possible for non authenticated attackers to log in as any existing user on the site, such as an...

6.5AI score0.01773EPSS
Exploits3Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/12 12:0 a.m.47 views

Google Analytics by Monster Insights < 8.22.0 - Missing Authorization

Description The plugin is vulnerable to unauthorized access due to a missing capability check in versions up to, and including, 8.21.0. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform an unauthorized action...

4.3CVSS6.2AI score0.00433EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/05 12:0 a.m.47 views

BuddyBoss Theme < 2.4.61 - Missing Authorization

Description The BuddyBoss Theme theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on an unspecified function in all versions up to, and including, 2.4.60. This makes it possible for unauthenticated attackers to change the plugin's settings...

9.8CVSS7AI score0.00697EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2022/12/27 12:0 a.m.47 views

WP Statistics < 13.2.9 - Authenticated SQLi

The plugin does not escape a parameter, which could allow authenticated users to perform SQL Injection attacks. By default, the affected feature is available to users with the manageoptions capability admin+, however the plugin has a settings to allow low privilege users to access it as well. PoC...

8.8CVSS1AI score0.35679EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/10/19 12:0 a.m.47 views

WP < 6.0.3 - Stored XSS via Comment Editing

Description WordPress does not properly escape comments, which could lead to Stored Cross-Site Scripting issues...

6.2AI score
Exploits0References2
WPVulnDB
WPVulnDB
added 2022/07/12 12:0 a.m.47 views

GiveWP < 2.21.0 - Manager+ Arbitrary File Creation via Export

The plugin does not validate the exported file, which could allow high privilege users such as Managers to create arbitrary files...

9.1CVSS4.7AI score0.01482EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2021/12/24 12:0 a.m.47 views

Affiliates Manager < 2.9.0 - Unauthenticated Stored Cross-Site Scripting

The plugin does not validate, sanitise and escape the IP address of requests logged by the click tracking feature, allowing unauthenticated attackers to perform Cross-Site Scripting attacks against admin viewing the tracked requests. PoC As unauthenticated: wget "https://example.com/?wpamid=1"...

6.1CVSS2.4AI score0.02288EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2021/02/19 12:0 a.m.47 views

Testimonial Rotator <= 3.0.3 - Authenticated Stored Cross-Site Scripting

Stored Cross-Site Scripting vulnerabilities in Testimonial Rotator 3.0.3 allow low privileged users Contributor to inject arbitrary JavaScript code or HTML without approval. This could lead to privilege escalation Edit WPScanTeam: The https://wordpress.org/plugins/themify-portfolio-post/ plugin...

1.2AI score0.00687EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2018/12/13 12:0 a.m.47 views

WordPress <= 5.0 - PHP Object Injection via Meta Data

Description According to WordPress: "Sam Thomas discovered that contributors could craft meta data in a way that resulted in PHP object injection."...

9.8CVSS9.3AI score0.30887EPSS
Exploits1References1
WPVulnDB
WPVulnDB
added 2017/11/29 12:0 a.m.47 views

WordPress 2.8.6-4.9 - Authenticated JavaScript File Upload

...

3.5CVSS1.6AI score0.04132EPSS
Exploits0References2Affected Software1
WPVulnDB
WPVulnDB
added 2023/12/23 12:0 a.m.46 views

My Calendar < 3.4.22 - Unauthenticated SQL Injection

Description The My Calendar plugin for WordPress is vulnerable to blind|generic|time-based SQL Injection via the 'from' and 'to' parameters of the '/my-calendar/v1/events' rest route in all versions up to, and including, 3.4.21 due to insufficient escaping on the user supplied parameter and lack ...

9.8CVSS7.6AI score0.63141EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
added 2022/10/28 12:0 a.m.46 views

Ultimate Member < 2.5.1 - Subscriber+ RCE

The plugin does not validate user input passed to calluserfunc via the populatedropdownoptions function, which could allow any authenticated users, such as subscriber to call arbitrary functions without argument ie phpinfo...

7.2CVSS4.6AI score0.02735EPSS
Exploits1Affected Software1
Total number of security vulnerabilities5000