Lucene search
K
WpvulndbMost viewed

14603 matches found

WPVulnDB
WPVulnDB
added 2023/09/25 12:0 a.m.21 views

User Activity Log Pro < 2.3.4 - Unauthenticated Stored Cross-Site Scripting via User Agent

Description The plugin does not properly escape recorded User-Agents in the user activity logs dashboard, which may allow visitors to conduct Stored Cross-Site Scripting attacks. PoC 1 Make sure the plugin's Enable User Agent For Log setting is set at /wp-admin/admin.php?page=ualpsettings 2 If...

5.4CVSS5.4AI score0.00394EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2023/09/18 12:0 a.m.21 views

Exifography <= 1.3.1 - Admin+ Stored XSS

Description The plugin does not validate and escape some parameters, which could allow users with the admin role and above to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5.9CVSS5.6AI score0.0031EPSS
Exploits0
WPVulnDB
WPVulnDB
added 2023/09/14 12:0 a.m.21 views

Booster for WooCommerce < 7.1.1 - Subscriber+ Sensitive Information Disclosure

Description The plugin is vulnerable to Information Disclosure via the 'wcjwpoption' shortcode in versions up to, and including, 7.1.0 due to insufficient controls on the information retrievable via the shortcode. This makes it possible for authenticated attackers, with subscriber-level...

4.3CVSS5.8AI score0.00585EPSS
Exploits1Affected Software1
WPVulnDB
WPVulnDB
added 2023/09/01 12:0 a.m.21 views

Activity Log < 2.8.8 - IP Spoofing

Description This plugin retrieves client IP addresses from potentially untrusted headers, allowing an attacker to manipulate its value. This may be used to hide the source of malicious traffic. PoC Run the following code in the web browser and note on the backend that the IP address has been fake...

5.3CVSS5.4AI score0.00627EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2023/08/31 12:0 a.m.21 views

Multiple Plugins from ServMask - Unauthenticated Access Token Update

Description The plugins do not have authorisation in the init function hooked to the admininit action, allowing unauthenticated attackers to update the access token PoC With the All-in-One WP Migration Box Extension installed, open the below URL as unauthenticated:...

6.3AI score0.09666EPSS
Exploits1Affected Software1
WPVulnDB
WPVulnDB
added 2023/08/30 12:0 a.m.21 views

Slimstat Analytics < 5.0.10 - Contributor+ Stored XSS

Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

6.4CVSS5.6AI score0.00576EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2023/08/22 12:0 a.m.21 views

Donation Forms by Charitable < 1.7.0.13 - Unauthenticated Privilege Escalation

Description The plugin does not validate parameters supplied to the updatecoreuser function, which could allow users to register an account with any role such as administrator when registering via the registration form of the plugin ie the charitableregistration shortcode embed in a page/post...

9.8CVSS6.4AI score0.00765EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/08/21 12:0 a.m.21 views

MasterStudy LMS < 3.0.18 - Unauthenticated Instructor Account Creation

Description The plugin does not have proper checks in place during registration allowing anyone to register on the site as an instructor. They can then add courses and/or posts. PoC 1. Visit the Profiles Settings page for the plugin: MS LMS LMS Settings Profiles 2. Ensure that "Disable Instructor...

7.5CVSS7.5AI score0.03495EPSS
Exploits6Affected Software1
WPVulnDB
WPVulnDB
added 2023/08/21 12:0 a.m.21 views

Herd Effects < 5.2.4 - Effect Deletion via CSRF

Description The plugin does not have CSRF when deleting its items, which could allow attackers to make logged in admins delete arbitrary effects via a CSRF attack PoC Make a logged in admin open https://example.com/wp-admin/admin.php?page=mwp-herd-effect=delete=1, this will make them delete the...

4.3CVSS4.6AI score0.00218EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2023/07/18 12:0 a.m.21 views

ProfileGrid < 5.5.3 - Group Owner+ Unauthorized Data Modification

Description The plugin does not adequately check capabilities on the 'editgroup' handler, enabling authenticated users with group ownership to improperly update group options, including the 'associaterole' parameter, which sets the member's role...

8.8CVSS6.8AI score0.00692EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/07/18 12:0 a.m.21 views

ProfileGrid < 5.5.2 - Subscriber+ Unauthorized Data Modification

Description The plugin does not perform proper capability checks on the 'pmuploadcsv' function, enabling authenticated users with subscriber-level permissions or above to import new users and update existing ones...

5.4CVSS6.8AI score0.00467EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/07/17 12:0 a.m.21 views

WP Shopping Pages <= 1.14 - Stored XSS via CSRF

Description The plugin does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack. PoC Make a logged in admin access a page with the following code:...

6.8CVSS6.6AI score0.00327EPSS
Exploits2
WPVulnDB
WPVulnDB
added 2023/06/23 12:0 a.m.21 views

OOPSpam Anti-Spam < 1.1.45 - Cross-Site Request Forgery

The plugin does not adequately verify requests use nonces, leading to a potential Cross-Site Request Forgery vulnerability...

8.8CVSS6.8AI score0.00227EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/06/15 12:0 a.m.21 views

Contact Form by WD <= 1.13.23 - Admin+ SQLi

The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin PoC 1. When editing a form, go to "Settings MySQL Mapping". 2. Click "Add a Query" 3. When mapping the form to the...

9AI score0.00933EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2023/06/15 12:0 a.m.21 views

MasterStudy LMS < 3.0.9 - Subscriber+ Course Category Creation

The plugin does not have authorisation when creating category courses, allowing any authenticated users, such as subscriber to create arbitrary course category...

6.5CVSS8.4AI score0.00555EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/06/12 12:0 a.m.21 views

YaySMTP < 2.4.6 - Unauthenticated Stored Cross-Site Scripting

The plugin does not sufficiently sanitize and escape input from email contents, leading to the possibility of arbitrary web scripts injection in pages...

7.2CVSS7.2AI score0.00462EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/06/08 12:0 a.m.21 views

Metform Elementor Contact Form Builder < 3.3.2 - Multiple Subscriber+ Sensitive Information Disclosure Issues

The plugin does not prevent less privileged users, like subscribers, from accessing various sensitive information via the plugin's shortcodes. This includes payment statuses, transaction IDs, submitter's name information, and virtually all fields of any form submissions...

6.5CVSS6.5AI score0.00735EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/05/30 12:0 a.m.21 views

Feather Login Page < 1.1.2 - Cross-Site Request Forgery to Privilege Escalation

The plugin does not protect its ftlpp-ext-expirable-login-link action against CSRF attacks, allowing an unauthenticated attacker to add users of any role on their behalf by tricking a logged in administrator to submit a crafted request. PoC POST...

8.8CVSS8.3AI score0.00331EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/05/30 12:0 a.m.21 views

Nested Pages < 3.2.4 - Editor+ Plugin Settings Reset

The plugin does not properly authorize the npresetSettings ajax action, allowing users with an editor role or above to reset the plugin settings...

3.8CVSS6.8AI score0.00668EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/05/22 12:0 a.m.21 views

WooCommerce Warranty Requests < 2.1.7 - Reflected XSS

The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin PoC Make a logged in admin open the URL below v = 2.1.6...

5.6AI score0.00379EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/05/22 12:0 a.m.21 views

Integration for Contact Form 7 and Zoho CRM, Bigin < 1.2.4 - Admin+ SQLi

The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin PoC 1. Send a GET request with...

4.8CVSS9.6AI score0.0044EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2023/05/22 12:0 a.m.21 views

EventPrime < 3.0.0 - Unauthenticated Reflected XSS

The plugin does not sanitize and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high-privilege users such as admin...

7.1CVSS6.1AI score0.00382EPSS
Exploits0References2Affected Software1
WPVulnDB
WPVulnDB
added 2023/05/18 12:0 a.m.21 views

UpdraftPlus < 1.23.4 - CSRF

The plugin does not have CSRF check in the actionauthenticatestorage, which could allow attackers to make logged in admins inject JavaScript into a parameter in the authentication process via a CSRF attack when they can trick an admin to perform multiple actions including re-authenticating a...

7.1CVSS6.9AI score0.00208EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/05/18 12:0 a.m.21 views

Jazz Popups <= 1.8.7 - Unauthenticated Reflected Cross-Site Scripting

The plugin does not properly sanitize user input, leading to a potential Reflected Cross-Site Scripting XSS vulnerability...

7.1CVSS5.9AI score0.00379EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/05/18 12:0 a.m.21 views

Scripts n Styles < 3.5.8 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5.9CVSS10AI score0.00369EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/05/18 12:0 a.m.21 views

Baidu Tongji generator <= 1.0.2 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5.9CVSS5.7AI score0.00369EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/05/16 12:0 a.m.21 views

OTP Login Woocommerce & Gravity Forms < 2.3 - Unauthenticated Privilege Escalation

The plugin returns generated OTP codes for users to use when using the logging in via phone number feature, allowing unauthenticated users to retrieve them for arbitrary accounts and be able to login as any user, including administrator granted they know the related phone number...

8.1CVSS7AI score0.0172EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/04/24 12:0 a.m.21 views

CRM Memberships <= 1.6 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5.9CVSS5.7AI score0.00369EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/04/20 12:0 a.m.21 views

Verified Reviews < 2.3.15 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5.9CVSS5.5AI score0.00369EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/04/19 12:0 a.m.21 views

Uji Popup <= 1.4.3 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

6.5CVSS5.8AI score0.00361EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/04/18 12:0 a.m.21 views

Pretty Url <= 1.5.4 - Admin+ Stored XSS in plugin settings

Plugin does not sanitize and escape the URL field in the plugin settings, which could allow high-privilege users to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. PoC 1. In the "Enter the URL: field, add the XSS...

4.8CVSS7.4AI score0.00824EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2023/04/05 12:0 a.m.21 views

WCFM Membership < 2.10.1 - Unauthenticated Privilege Escalation

The plugin does not have authorisation in the wcfmajaxcontroller AJAX action, allowing unauthenticated attackers to change membership registration form and set the default role to administrator...

9.8CVSS9AI score0.02099EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/03/31 12:0 a.m.21 views

Really Simple Google Tag Manager < 1.0.7 - Arbitrary Plugin Activation via CSRF

The plugin does not have CSRF checks when activating plugins, which could allow attackers to make logged in users perform such action via a CSRF attack...

8.8CVSS8.5AI score0.00256EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/03/30 12:0 a.m.21 views

JustTables – WooCommerce Product Table < 1.5.0 - Cross-Site Request Forgery

The plugin does not adequately protect against CSRF attacks, leading to potential unauthorized actions...

8.8CVSS6.8AI score0.00253EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/03/27 12:0 a.m.21 views

Gallery by BestWebSoft < 4.7.0 - Author+ SQL Injection

The plugin does not properly escape values used in SQL queries, leading to an Blind SQL Injection vulnerability. The attacker must have at least the privileges of an Author, and the vendor's Slider plugin https://wordpress.org/plugins/slider-bws/ must also be installed for this vulnerability to b...

8.8CVSS9.1AI score0.00873EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2023/03/22 12:0 a.m.21 views

Product Feed PRO for WooCommerce < 12.4.5 - Multiple CSRF

The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions such as update the plugin's settings as well as update projects via CSRF attacks...

8.8CVSS8.6AI score0.00248EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/03/20 12:0 a.m.21 views

All-In-One Security (AIOS) < 5.1.5 - Admin+ Stored XSS

The plugin does not escape the content of log files before outputting it to the plugin admin page, allowing an authorized user admin+ to plant bogus log files containing malicious JavaScript code that will be executed in the context of any administrator visiting this page. PoC Just create a...

4.8CVSS5.9AI score0.32462EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2023/03/16 12:0 a.m.22 views

WP Simple Shopping Cart 4.6.3 - Unauthenticated PII Disclosure

The plugin saves exported shopping cart data in a publicly accessible directory, allowing unauthenticated users to retrieve PII such as full names, email/IP address etc...

5.3CVSS6.2AI score0.00549EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/03/10 12:0 a.m.21 views

GiveWP < 2.25.2 - Contributor+ Arbitrary Content Deletion

The plugin does not correctly authorize some actions, allowing low-privileged users to delete content from the site which they should not be permitted to delete...

6.7AI score0.00395EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/02/28 12:0 a.m.21 views

OAuth Single Sign On - SSO (OAuth Client) < 6.24.2 - IdP Discard via CSRF

The plugin does not have CSRF checks when discarding Identify providers IdP, which could allow attackers to make logged in admins delete all IdP via a CSRF attack PoC Make a logged in admin open: https://example.com/wp-admin/admin.php?page=mooauthsettings=config=discard...

6.5CVSS6.1AI score0.00326EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2023/02/27 12:0 a.m.21 views

Read More Excerpt Link <= 1.6 - Settings Update via CSRF

The plugin does not have CSRF check when updating its settings, which could allow attackers to make logged in admins perform such action via a CSRF attack...

8.8CVSS6.7AI score0.00256EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/02/23 12:0 a.m.21 views

Organization chart < 1.4.5 - Multiple CSRF

The plugin does not have CSRF checks in some places, for example when updating/deleting/duplicating popups, tree and themes from the plugin, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...

8.8CVSS8.3AI score0.00271EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/02/23 12:0 a.m.21 views

ChatBot < 4.3.0 - Settings Reset via CSRF

The plugin does not have CSRF check when resetting its settings, which could allow attackers to make logged in admin perform such action via a CSRF attack...

8.8CVSS8.2AI score0.00264EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/02/22 12:0 a.m.21 views

Top 10 < 3.2.5 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5.9CVSS4.8AI score0.00369EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/02/21 12:0 a.m.21 views

Minify HTML <= 2.1.7 - Settings Update via CSRF

The plugin does not have CSRF check when updating its settings, which could allow attackers to make logged in admins perform such action via a CSRF attack...

8.8CVSS6.7AI score0.00256EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/02/16 12:0 a.m.21 views

Portfolio - WordPress Portfolio < 2.8.11 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

6.5CVSS5AI score0.00361EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/02/13 12:0 a.m.21 views

i2 Pros & Cons <= 1.3.1 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. PoC i2prosandcons showbutton='true'...

5.4CVSS5AI score0.00471EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2023/02/09 12:0 a.m.21 views

ImageMagick Engine < 1.7.6 - PHAR Deserialization via CSRF

The plugin does not validate the clipath parameter and does not have CSRF check, which could allow attackers to make a logged in admin call a file with a PHAR wrapper via a CSRF attack. This could lead to PHAR deserialization when a suitable gadget chain is present on the blog and the attacker...

8.8CVSS8.3AI score0.00626EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/02/02 12:0 a.m.21 views

IP Vault - WP Firewall <= 1.1 - Admin+ Stored XSS

The plugin does not sanitise and escape some parameters, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5.9CVSS4.8AI score0.00394EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/02/02 12:0 a.m.21 views

Robo Gallery < 3.2.11 - Plugin Activation/Deactivation via CSRF

The plugin does not have CSRF checks when activating and deactivating plugins, which could allow attackers to make logged in users perform such actions via CSRF attacks...

5.4CVSS5.6AI score0.00231EPSS
Exploits0Affected Software1
Total number of security vulnerabilities5000