Lucene search
K
WpvulndbMost viewed

14603 matches found

WPVulnDB
WPVulnDB
•added 2023/01/30 12:0 a.m.•21 views

WP Private Message < 1.0.6 - Private Message Disclosure via IDOR

The plugin bundled with the Superio theme as a required plugin does not ensure that private messages to be accessed belong to the user making the requests. This allowing any authenticated users to access private messages belonging to other users by tampering the ID. PoC - Install the Superio them...

4.3CVSS5.3AI score0.00551EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
•added 2023/01/27 12:0 a.m.•21 views

Quick Restaurant Menu < 2.1.0 - Menu Items Update via CSRF

The plugin does not have CSRF checks when updating its menu items, which could allow attackers to make logged in admins update menu items via a CSRF attack...

7.6CVSS5.1AI score0.00368EPSS
Exploits1Affected Software1
WPVulnDB
WPVulnDB
•added 2023/01/27 12:0 a.m.•21 views

Blocksy Companion < 1.8.68 - Contributor+ Stored XSS

The plugin does not validate and escape the class attribute of its blocksyposts shortcode before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

5.5CVSS5.1AI score0.00341EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2023/01/23 12:0 a.m.•21 views

Pinpoint Booking System < 2.9.9.2.9 - Subscriber+ SQLi

The plugin does not validate and escape one of its shortcode attributes before using it in a SQL statement, which could allow any authenticated users, such as subscriber to perform SQL Injection attacks. PoC Note: A Calendar is needed if there is not one already. Run the below command in the...

8.8CVSS9AI score0.00937EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2023/01/23 12:0 a.m.•21 views

Image and Video Lightbox, Image PopUp < 2.1.6 - Admin+ Stored XSS

The plugin does not sanitise and escape various parameters, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5.9CVSS4.8AI score0.00392EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2023/01/23 12:0 a.m.•21 views

Social Like Box and Page by WpDevArt < 0.8.41 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. PoC wpdevartlikebox height='"...

5.4CVSS5AI score0.00477EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2023/01/20 12:0 a.m.•21 views

WP Google Map < 4.4.0 - Editor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the Editor role and above to perform Stored Cross-Site Scripting attacks...

5.9CVSS5.1AI score0.0038EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2023/01/13 12:0 a.m.•21 views

SiteGround Security < 1.3.1 - Admin+ SQLi

The plugin does not properly sanitize user input before using it in an SQL query, leading to an authenticated SQL injection issue. PoC 1: POST /wordpress/index.php/wp-json/sg-security/v1/activity-registered HTTP/1.1 Host: YOUR HOST X-WP-Nonce: YOUR NONCE Cookie: Admin+ Content-Length: 155...

8.8CVSS1.7AI score0.17992EPSS
Exploits2References2Affected Software1
WPVulnDB
WPVulnDB
•added 2023/01/13 12:0 a.m.•21 views

eExamhall <= 4.0 - CSRF

The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...

6.5CVSS6.3AI score0.00234EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2023/01/10 12:0 a.m.•21 views

Clean Login < 1.13.7 - Contributor+ Stored XSS via Shortcode

The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. PoC Note: 1...

5.4CVSS1.5AI score0.00573EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2023/01/10 12:0 a.m.•21 views

Event Manager and Tickets Selling Plugin for WooCommerce < 3.8.0 - Contributor+ Stored XSS

The plugin does not validate and escape some of its post meta before outputting them back in a page/post, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. PoC 1. Add an event in the plugin with a city meta as: " onmouseover="alert1" 2. On...

5.4CVSS0.5AI score0.00477EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2023/01/10 12:0 a.m.•21 views

Royal Elementor Addons < 1.3.60 - Subscriber+ Arbitrary Theme Activation

The plugin does not have authorisation and CSRF checks when activating themes, which could allow any authenticated user, such as subscriber to perform such action...

8.8CVSS3.3AI score0.00818EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
•added 2023/01/10 12:0 a.m.•21 views

Page View Count < 2.6.1 - Contributor+ Stored XSS

The plugin does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. PoC Exploit Additional CSS classes for "Page Views"...

5.4CVSS1.7AI score0.00573EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2023/01/05 12:0 a.m.•21 views

Social Warfare < 4.3.1 - Subscriber+ Post Meta Deletion

The plugin does not have authorisation in some AJAX actions, allowing any authenticated users, such as subscriber, to call them and delete arbitrary post meta as well as reset access tokens related to network...

5.4CVSS4.8AI score0.00765EPSS
Exploits1Affected Software1
WPVulnDB
WPVulnDB
•added 2023/01/04 12:0 a.m.•21 views

Pricing Tables WordPress Plugin – Easy Pricing Tables < 3.2.3 - Contributor+ Stored XSS via Shortcode

The plugin does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack. PoC Note: Enable compatibility mode by going to the settings of the plugins. Exploit shortcode: easy-pricing-toggle...

5.4CVSS3.2AI score0.00471EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/12/28 12:0 a.m.•21 views

WP Popups < 2.1.4.8 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. PoC Exploit:...

5.4CVSS1.4AI score0.00471EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/12/19 12:0 a.m.•21 views

WP Recipe Maker < 8.6.1 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admin. PoC Exploit...

5.4CVSS1.7AI score0.00534EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/12/09 12:0 a.m.•21 views

WP User <= 7.0 - Unauthenticated SQLi

The plugin does not properly sanitize and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by unauthenticated users. PoC 1. As an unauthenticated user, visit the "Sign Up" page by default, this is /?pageid=5, or /user/ 2. Extract the...

9.8CVSS9.9AI score0.04756EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/12/07 12:0 a.m.•21 views

BookingPress < 1.0.31 - Unauthenticated IDOR in appointment_id

The plugin suffers from an Insecure Direct Object Reference IDOR vulnerability in it's thank you page, allowing any visitor to display information about any booking, including full name, date, time and service booked, by manipulating the appointmentid query parameter. PoC curl -s...

5.3CVSS0.5AI score0.00669EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/12/05 12:0 a.m.•21 views

GD bbPress Attachments < 4.4 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5.4CVSS2.4AI score0.00418EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2022/12/05 12:0 a.m.•21 views

Stop Spammers Security < 2022.6 - Unauthenticated PHP Object Injection

The plugin passes base64 encoded user input to the unserialize PHP function when CAPTCHA are used as second challenge, which could lead to PHP Object injection if a plugin installed on the blog has a suitable gadget chain PoC To simulate a gadget chain, put the following code in a plugin class Ev...

9.8CVSS1.6AI score0.18121EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/12/05 12:0 a.m.•21 views

Welcart e-Commerce < 2.8.5 - Unauthenticated Arbitrary File Access

The plugin does not validate user input before using it to output the content of a file, which could allow unauthenticated attacker to read arbitrary files on the server This is a different issue than CVE-2022-41840 PoC...

9.8CVSS1.5AI score0.05116EPSS
Exploits3Affected Software1
WPVulnDB
WPVulnDB
•added 2022/12/01 12:0 a.m.•21 views

ARMember < 5.6 - Unauthenticated Privilege Escalation

The plugin could allow unauthenticated attackers to escalate themselves as admin...

9.8CVSS5.5AI score0.00689EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2022/11/30 12:0 a.m.•21 views

Easy WP SMTP < 1.5.2 - Admin+ RCE

The plugin could allow high privilege users such as admin to perform RCE even when they should not be able to for example in multisite setups...

9.1CVSS2.5AI score0.01319EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2022/11/29 12:0 a.m.•21 views

Menu Item Visibility Control <= 0.5 - Admin+ Arbitrary PHP Code Execution

The plugin doesn't sanitize and validate the "Visibility logic" option for WordPress menu items, which could allow highly privileged users to execute arbitrary PHP code even in a hardened environment. PoC 1. As an admin, go to "Appearance - Menus" and create a menu with some items of your choice...

7.2CVSS3.7AI score0.01225EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/11/29 12:0 a.m.•21 views

Quiz and Survey Master < 8.0.5 - Improper Input Validation

The plugin does not properly validate the questionid parameter, which could allow attackers to send values other than the expected type...

5.3CVSS5AI score0.00674EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2022/11/28 12:0 a.m.•21 views

Pie Register < 3.8.1.3 - Unauthenticated Arbitrary User Deletion

The plugin does not have authorisation and CSRF when deleting users via an init action handler, allowing unauthenticated attackers to delete arbitrary users along with their posts PoC Invoke the following curl command to delete the user user id 2 curl https://example.com/wp-admin/admin-ajax.php...

6.5CVSS3.8AI score0.00334EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/11/22 12:0 a.m.•21 views

WP Stripe Checkout < 1.2.2.21 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks PoC As a contributor, put the following shortcode in a page/post...

5.4CVSS1.9AI score0.00471EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/11/18 12:0 a.m.•21 views

WordPress Popular Posts < 6.1.0 - Unauthenticated Views Manipulation

The plugin does not validate some user inputs via a REST endpoint, which could allow unauthenticated users to update the number of views of articles...

7.5CVSS4.4AI score0.00846EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
•added 2022/11/17 12:0 a.m.•21 views

WooSwipe WooCommerce Gallery <= 2.0.1 - Subscriber+ Settings Update

The plugin does not have any authorisation when updating its settings, which could allow any authenticated users, such as subscriber to update them PoC POST /wp-admin/admin.php?page=wooswipe-options HTTP/1.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0...

8.8CVSS2.5AI score0.00631EPSS
Exploits1Affected Software1
WPVulnDB
WPVulnDB
•added 2022/11/14 12:0 a.m.•21 views

Advanced Import < 1.3.8 - Arbitrary Plugin Installation & Activation via CSRF

The plugin does not have CSRF check when installing and activating plugins, which could allow attackers to make a logged in admin install arbitrary plugins from WordPress.org, and activate arbitrary ones from the blog via CSRF attacks PoC Make a logged in admin open a page containing the HTML cod...

6.5CVSS3.7AI score0.00356EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/11/10 12:0 a.m.•21 views

WP OAuth Server < 3.4.2 - Client Secret Regeneration via CSRF

The plugin does not have CSRF check when regenerating secrets, which could allow attackers to make logged in admins regenerate the secret of an arbitrary client given they know the client ID PoC Make a logged in admin open a page containing the HTML code below. This will regenerate the secret for...

6.5CVSS2.7AI score0.00326EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/11/09 12:0 a.m.•21 views

WPML < 4.5.11 - Subscriber+ Settings Update

The plugin does not have authorisation check when updating the selected language for legacy widgets and default behaviour for media content settings, which could allow any authenticated users, such as subscriber to update them...

5.4CVSS4.1AI score0.00503EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2022/11/01 12:0 a.m.•21 views

Homepage Pop-up <= 1.2.5 - CSRF

The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...

8.8CVSS4.5AI score0.00264EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2022/10/31 12:0 a.m.•21 views

Event Monster < 1.2.1 - Admin+ SQLi

The plugin does not validate and escape some parameters before using them in SQL statements, which could lead to SQL Injection exploitable by high privilege users PoC...

7.2CVSS2.9AI score0.00962EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/10/31 12:0 a.m.•21 views

WP User Frontend < 3.5.29 - Obscure Registration as Admin

The plugin uses a user supplied argument called urhidden in its registration form, which contains the role for the account to be created with, encrypted via wpufencryption. This could allow an attacker having access to the AUTHKEY and AUTHSALT constant via an arbitrary file access issue for...

9.8CVSS1.2AI score0.00646EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/10/30 12:0 a.m.•21 views

Appointment Hour Booking < 1.3.72 - Feedback Submission via CSRF

The plugin does not have CSRF check when submitting feedback, which could allow attackers to make logged in users do such action on their behalf via a CSRF attack...

8.8CVSS4.1AI score0.00494EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2022/10/21 12:0 a.m.•21 views

Quiz And Survey Master < 7.3.5 - Admin+ SQL Injection

The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privileged users...

9.1CVSS2.7AI score0.00816EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2022/10/17 12:0 a.m.•21 views

FluentForm < 4.3.13 - CSV Injection

The plugin does not validate and escape fields when exporting form entries as CSV, leading to a CSV injection PoC - As unauthenticated, submit a form using =5+5 as value in any field - As admin, export the data as CSV /wp-admin/admin.php?page=fluentformsid=1=entries - open the CSV with a...

9.8CVSS1.6AI score0.01231EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/10/14 12:0 a.m.•21 views

WP All Import < 3.6.9 - Admin+ Arbitrary File Upload to RCE

The plugin is not properly filtering which file extensions are allowed to be imported on the server, which could allow administrators in multi-site WordPress installations to upload arbitrary files PoC 1 Create 'poc.zip' with 2 files like below 1-1 'exploit.php.txt' is as follows...

7.2CVSS3.4AI score0.01104EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/10/10 12:0 a.m.•21 views

Newspaper < 12 - Reflected Cross-Site Scripting

Description The theme does not sanitise a parameter before outputting it back in an HTML attribute via an AJAX action, leading to a Reflected Cross-Site Scripting. PoC...

6.1CVSS6.2AI score0.00969EPSS
Exploits2
WPVulnDB
WPVulnDB
•added 2022/10/03 12:0 a.m.•21 views

Blog2Social < 6.9.10 - Subscriber+ SQLi

The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by any authenticated users, such as subscribers PoC Run the script below in the web browser console while being logged in as a subscriber and on the Blog2Social...

8.8CVSS1.9AI score0.01049EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/10/02 12:0 a.m.•21 views

Shortcodes Ultimate < 5.12.1 - Settings Preset Update via CSRF

The plugin does not have CSRF check in place when updating its preset settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

5.4CVSS4.7AI score0.00285EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2022/09/23 12:0 a.m.•21 views

Seriously Simple Podcasting < 2.16.1 - Arbitrary Settings Update via CSRF

The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

5.4CVSS5AI score0.0031EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2022/09/23 12:0 a.m.•21 views

Popup Maker < 1.16.9 - Contributor+ Stored XSS via Shortcode

The plugin does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks PoC As a user with the Contributor or above, create a new Popup in Popup Maker menu with "content" field containing...

5.4CVSS1.4AI score0.00562EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/09/15 12:0 a.m.•21 views

CPO Shortcodes <= 1.5.0 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS2AI score0.00457EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2022/09/05 12:0 a.m.•21 views

Login Block IPs <= 1.0.0 - Arbitrary Setting Update via CSRF

The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack PoC Make a logged in admin open a page containing the HTML code below...

4.3CVSS3.8AI score0.0027EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/09/05 12:0 a.m.•21 views

Ldap WP Login / Active Directory Integration < 3.0.2 - Unauthenticated Settings Update to Auth Bypass

The plugin does not have any authorisation and CSRF checks when updating it's settings which are hooked to the init action, allowing unauthenticated attackers to update them. Attackers could set their own LDAP server to be used to authenticated users, therefore bypassing the current authenticatio...

7.5CVSS3.1AI score0.0039EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/08/31 12:0 a.m.•21 views

Image Hover Effects Ultimate < 9.8.0 - Authenticated Stored XSS

The plugin does not sanitise and escape the Media Image URL, Video Link, Title and Description field of an Image Hover, which could lead to Stored XSS when low privileged users are allowed to access the plugin's feature which can be set via the plugin settings...

6.4CVSS3.5AI score0.00508EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2022/08/30 12:0 a.m.•21 views

Add User Role <= 0.0.1 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS2.1AI score0.00437EPSS
Exploits0Affected Software1
Total number of security vulnerabilities5000