Lucene search
K
WpvulndbMost viewed

14603 matches found

WPVulnDB
WPVulnDB
•added 2022/02/28 12:0 a.m.•21 views

Advanced Booking Calendar < 1.7.0 - Unauthenticated SQL Injection

The plugin does not validate and escape the calendar parameter before using it in a SQL statement via the abcbookinggetSingleCalendar AJAX action available to both unauthenticated and authenticated users, leading to an unauthenticated SQL injection PoC 1. Install the vulnerable plugin...

9.8CVSS0.6AI score0.01821EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
•added 2022/02/23 12:0 a.m.•21 views

Amelia < 1.0.46 - Arbitrary Customer Deletion via CSRF

The plugin does not have CSRF check in place when deleting customers, which could allow attackers to make a logged in admin delete arbitrary customers via a CSRF attack PoC...

4.3CVSS5.4AI score0.00429EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/02/22 12:0 a.m.•21 views

BulletProof Security < 5.8 - Admin+ Stored Cross-Site Scripting (XSS)

The plugin does not sanitise and escape some of its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. PoC As admin, put the following payloads: - in the htaccess File Options htaccess File Editor...

4.8AI score0.00588EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/02/14 12:0 a.m.•21 views

WordPress File Upload < 4.16.3 - Contributor+ Stored Cross-Site Scripting via Malicious SVG

The plugin allows users with a role as low as Contributor to configure the upload form in a way that allows uploading of SVG files, which could be then be used for Cross-Site Scripting attacks PoC 1. As a contributor or above add the following shortcode to a post: wordpressfileupload...

5.4CVSS2.5AI score0.0077EPSS
Exploits2References1Affected Software2
WPVulnDB
WPVulnDB
•added 2022/02/14 12:0 a.m.•21 views

Smart Forms < 2.6.71 - Subscriber+ Form Data Download

The plugin does not have authorisation in its rednaosmartformsentrieslist AJAX action, allowing any authenticated users, such as subscriber, to download arbitrary form's data, which could include sensitive information such as PII depending on the form. PoC Execute the below command in the web...

6.5CVSS1.9AI score0.00973EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/02/01 12:0 a.m.•21 views

Product Feed PRO for WooCommerce < 11.2.3 - Reflected Cross-Site Scripting

The plugin does not escape the rowCount parameter before outputting it back in an attribute via the wooseacategoriesdropdown AJAX action available to any authenticated user, leading to a Reflected Cross-Site Scripting PoC...

5.4CVSS2.3AI score0.00742EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
•added 2022/01/31 12:0 a.m.•21 views

WP Email Users <= 1.7.6 - Subscriber+ SQL Injection

The plugin does not escape the dataraw parameter in the weuselectedusers1 AJAX action, available to any authenticated users, allowing them to perform SQL injection attacks. PoC As any authenticated user such as subscriber, the request below will display all users email addresses...

8.8CVSS0.1AI score0.02214EPSS
Exploits3Affected Software1
WPVulnDB
WPVulnDB
•added 2022/01/31 12:0 a.m.•21 views

Blackhole for Bad Bots < 3.3.2 - Arbitrary IP Address Blocking via IP Spoofing

The plugin uses headers such as CF-CONNECTING-IP, CLIENT-IP etc to determine the IP address of requests hitting the blackhole URL, which allows them to be spoofed. This could result in blocking arbitrary IP addresses, such as legitimate/good search engine crawlers / bots. This could also be abuse...

9.1CVSS0.5AI score0.01645EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
•added 2022/01/26 12:0 a.m.•21 views

WordPress GDPR & CCPA < 1.9.27 - Unauthenticated Reflected Cross-Site Scripting

The checkprivacysettings AJAX action of the plugin, available to both unauthenticated and authenticated users, responds with JSON data without an "application/json" content-type. Since an HTML payload isn't properly escaped, it may be interpreted by a web browser led to this endpoint. Javascript...

6.1CVSS1AI score0.0231EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/01/26 12:0 a.m.•21 views

Embed Swagger <= 1.0.0 - Reflected Cross-Site Scripting

The plugin is vulnerable to Reflected Cross-Site Scripting due to insufficient escaping/sanitization and validation via the url parameter found in the /swagger-iframe.php file which allows attackers to inject arbitrary web scripts onto the page, in versions up to and including 1.0.0. PoC...

6.1CVSS3.1AI score0.03865EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
•added 2022/01/24 12:0 a.m.•21 views

Ad Inserter < 2.7.10 - Reflected Cross-Site Scripting

The plugins do not sanitise and escape the htmlelementselection parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting PoC...

6.1CVSS1.1AI score0.02389EPSS
Exploits2Affected Software2
WPVulnDB
WPVulnDB
•added 2022/01/24 12:0 a.m.•21 views

Float Menu < 4.3.1 - Arbitrary Menu Deletion via CSRF

The plugin does not have CSRF check in place when deleting menu, which could allow attackers to make a logged in admin delete them via a CSRF attack PoC https://example.com/wp-admin/admin.php?page=float-menu=delete=1...

4.3CVSS3.9AI score0.00464EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
•added 2022/01/13 12:0 a.m.•21 views

XootiX Plugins - Various Versions CSRF to Arbitrary Options Update

The plugins Login/Signup Popup, Side Cart Woocommerce, and Waitlist Woocommerce are all vulnerable to cross-site request forgery due to a missing nonce check that would make it possible for attackers to update arbitrary options on a vulnerable WordPress site. PoC...

8.8CVSS3.7AI score0.0082EPSS
Exploits2References1Affected Software3
WPVulnDB
WPVulnDB
•added 2022/01/11 12:0 a.m.•21 views

Mortgage Calculators WP < 1.56 - Admin+ Stored Cross-Site Scripting

The plugin does not implement any sanitisation on the color setting of the background of a calculator, which could allow high privilege users to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. PoC 1. Go to settings page available under the...

4.8CVSS2.1AI score0.05063EPSS
Exploits5Affected Software1
WPVulnDB
WPVulnDB
•added 2022/01/07 12:0 a.m.•21 views

Paid Memberships Pro < 2.6.7 - Unauthenticated Blind SQL Injection

The plugin does not escape the discountcode in one of its REST route available to unauthenticated users before using it in a SQL statement, leading to a SQL injection PoC https://example.com/?restroute=/pmpro/v1/checkoutlevelid=3code=%27%20%20union%20select%20sleep1%20--%20g...

9.8CVSS1AI score0.81828EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
•added 2022/01/06 12:0 a.m.•21 views

IP2Location Country Blocker < 2.26.5 - Subscriber+ Arbitrary Country Ban

The plugin does not have authorisation and CSRF checks in the ip2locationcountryblockersaverules AJAX action, allowing any authenticated users, such as subscriber to call it and block arbitrary country, or block all of them at once, preventing users from accessing the frontend. v2.26.5 added...

7.1CVSS1.7AI score0.00537EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
•added 2022/01/04 12:0 a.m.•21 views

Futurio Extra < 1.6.3 - Authenticated SQL Injection

The plugin is affected by a SQL Injection vulnerability that could be used by high privilege users to extract data from the database as well as used to perform Cross-Site Scripting XSS against logged in admins by making send open a malicious link PoC Using SQLi to extract database variables:...

4CVSS0.5AI score0.00846EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/01/04 12:0 a.m.•21 views

Advanced Cron Manager - Subscriber+ Arbitrary Events/Schedules Creation/Deletion

The plugins do not have authorisation checks in some of their AJAX actions, allowing any authenticated users, such as subscriber to call them and add or remove events as well as schedules for example PoC Execute the below command in the web developer console of the web browser when being logged i...

4.3CVSS1.6AI score0.0065EPSS
Exploits2Affected Software2
WPVulnDB
WPVulnDB
•added 2021/12/29 12:0 a.m.•21 views

Orange Form <= 1.0.1 - Unauthenticated Arbitrary Post Deletion

The plugin does not have any authorisation and CSRF checks in all of its AJAX calls, for example the ordeletefiled one which is available to both unauthenticated and authenticated users could allow attackers to delete arbitrary posts.The AJAX calls performing actions on posts also do not ensure...

4.3CVSS2.9AI score0.00426EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2021/12/27 12:0 a.m.•21 views

WebP Converter for Media < 4.0.3 - Unauthenticated Open redirect

The plugin contains a file passthru.php which does not validate the src parameter before redirecting the user to it, leading to an Open Redirect issue PoC https://example.com/wp-content/plugins/webp-converter-for-media/includes/passthru.php?src=https://wpscan.com...

6.1CVSS0.7AI score0.02505EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2021/12/21 12:0 a.m.•21 views

Easy Forms for Mailchimp < 6.8.6 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape the fieldname and fieldtype parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting issues PoC...

6.1CVSS2AI score0.01109EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
•added 2021/12/10 12:0 a.m.•21 views

WP Booking System – Booking Calendar < 2.0.15 - Authenticated Reflected Cross-Site Scripting (XSS)

The plugin was affected by a reflected xss in wp-booking-system on the wpbs-calendars admin page. PoC http://127.0.0.1:8001/wp-admin/admin.php?page=wpbs-calendars=%22+style%3Danimation-name%3Arotation+onanimationstart%3Dalert%281%29+x%3D or...

5.4CVSS0.6AI score0.00675EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
•added 2021/12/06 12:0 a.m.•21 views

Events Made Easy < 2.2.36 - Subscriber+ SQL Injection

The plugin does not sanitise and escape the searchtext parameter before using it in a SQL statement via the emesearchmail AJAX action, available to any authenticated users. As a result, users with a role as low as subscriber can call it and perform SQL injection attacks PoC...

8.8CVSS1.2AI score0.01562EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2021/11/29 12:0 a.m.•21 views

Download Manager < 3.2.22 - Subscriber+ Stored Cross-Site Scripting

The plugin does not sanitise and escape Template data before outputting it in various pages such as admin dashboard and frontend. Due to the lack of authorisation and CSRF checks in the wpdmsavetemplate AJAX action, any authenticated users such as subscriber is able to call it and perform...

5.4CVSS0.2AI score0.006EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2021/11/29 12:0 a.m.•21 views

MOLIE <= 0.5 - Reflected Cross-Site Scripting

The plugin does not escape the courseid parameter before outputting it back in the admin dashboard, leading to a Reflected Cross-Site Scripting issue PoC https://example.com/wp-admin/admin.php?page=moliecoursecheckid=alert/XSS/...

6.1CVSS0.8AI score0.0082EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2021/11/16 12:0 a.m.•21 views

SportsPress < 2.7.9 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape its matchday parameter before outputting back in the Events backend page, leading to a Reflected Cross-Site Scripting issue PoC https://example.com/wp-admin/edit.php?posttype=speventday=%22%3E%3Csvg%2Fonload%3Dalert%28%2FXSS%2F%29%3B%3E%3C%22...

6.1CVSS5.7AI score0.008EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2021/11/15 12:0 a.m.•21 views

User Meta Shortcodes <= 0.5 - Contributor+ Unauthorized Arbitrary User Metadata Access

The plugin registers a shortcode that allows any user with a role as low as contributor to access other users metadata by specifying the user login as a parameter. This makes the WP instance vulnerable to data extrafiltration, including password hashes PoC As a contributor, put the following...

4.3CVSS5.1AI score0.00783EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2021/11/01 12:0 a.m.•21 views

Email Tracker < 5.2.7 - Arbitrary Email Entry Deletion via CSRF

The plugin does not have CSRF check when deleting email entries, which could allow attackers to make a logged in admin delete arbitrary ones via a CSRF attack...

5.4CVSS5.6AI score0.00393EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2021/10/29 12:0 a.m.•21 views

NextScripts: Social Networks Auto-Poster < 4.3.21 - Reflected Cross-Site Scripting

The plugin does not escape the page parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting...

6.1CVSS6AI score0.00845EPSS
Exploits3References1Affected Software1
WPVulnDB
WPVulnDB
•added 2021/10/28 12:0 a.m.•21 views

URL Shortify < 1.5.1 - Arbitrary Link/Group Deletion via CSRF

The plugin does not have CSRF check in place when bulk-deleting links or groups, which could allow attackers to make a logged in admin delete arbitrary link and group via a CSRF attack. PoC https://example.com/wp-admin/admin.php?page=uslinks=bulkdeleteids=1...

4.3CVSS5.1AI score0.00435EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2021/10/26 12:0 a.m.•21 views

Bulk Datetime Change < 1.12 - Missing Authorisation

The plugin does not enforce capability checks which allows users with Contributor roles to 1 list private post titles of other users and 2 change the posted date of other users' posts. PoC Run on "Bulk Datetime Change" page:...

5.5CVSS5.5AI score0.00699EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
•added 2021/10/25 12:0 a.m.•22 views

Media-Tags <= 3.2.0.2 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape any of its Labels settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtnl capability is disallowed. PoC https://drive.google.com/file/d/1ZXIS-q2fzZhRhTyHpHEzxcZ2Shl4Up2/view?usp=sharing Put the...

4.8CVSS0.9AI score0.00598EPSS
Exploits2References2Affected Software1
WPVulnDB
WPVulnDB
•added 2021/10/18 12:0 a.m.•21 views

Paypal Donation < 1.3.2 - Admin+ Stored Cross-Site Scripting

The plugin does not escape the Amount Menu Name field of created Buttons, which could allow a high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. PoC Create/Edit a Button and put the following payload in the Amount Menu Name field...

4.8CVSS2AI score0.00598EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2021/10/11 12:0 a.m.•21 views

WP SEO Redirect 301 < 2.3.2 - Redirect Deletion via CSRF

The plugin does not have CSRF in place when deleting redirects, which could allow attackers to make a logged in admin delete them via a CSRF attack PoC https://example.com/wp-admin/admin.php?page=wp-seo-redirect-301/seoredirectlist.phpid=12url=https://example.com/yolo deleteid is the post id, whi...

4.3CVSS3AI score0.00435EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2021/10/11 12:0 a.m.•21 views

Print-O-Matic < 2.0.3 - Admin+ Stored Cross-Site Scripting

The plugin does not escape some of its settings before outputting them in attribute, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. PoC Put the following payload in the "Pause Before Print" settings of the...

4.8CVSS2.7AI score0.00654EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
•added 2021/10/11 12:0 a.m.•21 views

Header Footer Code Manager < 1.1.14 - Admin+ SQL Injections

The plugin does not validate and escape the "orderby" and "order" request parameters before using them in a SQL statement when viewing the Snippets admin dashboard, leading to SQL injections PoC...

7.2CVSS1.3AI score0.05124EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2021/10/11 12:0 a.m.•21 views

404 to 301 < 3.0.9 - Logs Deletion via CSRF

Description The plugin does not have CSRF check in place when cleaning the logs, which could allow attacker to make a logged in admin delete all of them via a CSRF attack PoC https://example.com/wp-admin/admin.php?page=jj4t3-logs=bulkclean...

6.5CVSS6.2AI score0.00531EPSS
Exploits2
WPVulnDB
WPVulnDB
•added 2021/10/05 12:0 a.m.•21 views

WP-Recall < 16.24.48 - Reflected Cross-Site Scripting

The plugin does not escape some filters parameters before outputting them back in attributes when the Commerce add-on is active, leading to Reflected Cross-Site Scripting issues PoC Activate the Commerce Add-On of the plugin and open the below URL...

1.5AI score
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2021/10/04 12:0 a.m.•21 views

Far Future Expiry Header < 1.5 - Plugin's Settings Update via CSRF

The plugin does not have CSRF check when saving its settings, which could allow attackers to make a logged in admin change them via a CSRF attack. PoC...

4.3CVSS3.7AI score0.00453EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2021/09/29 12:0 a.m.•21 views

WordPress Download Manager < 3.2.16 - Admin+ Stored Cross-Site Scripting

The plugin does not escape some of the Download settings when outputting them, allowing high privilege users to perform XSS attacks even when the unfilteredhtml capability is disallowed PoC - Create a new Download, add the following payload in the "Version" and "Link Label" fields from the...

4.8CVSS0.5AI score0.02774EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2021/09/23 12:0 a.m.•21 views

YITH Maintenance Mode < 1.4.0 - Multiple Admin+ Stored Cross-Site Scripting

The plugin does not sanitise multiple of its settings, which could allow high privilege users to perform Cross-Site Scripting attacks...

6.9CVSS3.5AI score0.00692EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2021/09/22 12:0 a.m.•21 views

Ninja Forms < 3.5.8 - Unprotected REST-API to Sensitive Information Disclosure

The plugin is vulnerable to sensitive information disclosure via the bulkexportsubmissions function found in the /includes/Routes/Submissions.php file, in versions up to and including 3.5.7. This allows authenticated attackers to export all Ninja Forms submissions data via the...

6.5CVSS2.1AI score0.01122EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
•added 2021/09/21 12:0 a.m.•21 views

WP HTML Author Bio <= 1.2.0 - Author+ Stored Cross-Site Scripting

The plugin does not sanitise the HTML allowed in the Bio of users, allowing them to use malicious JavaScript code, which will be executed when anyone visit a post in the frontend made by such user. As a result, user with a role as low as author could perform Cross-Site Scripting attacks against...

5.4CVSS1.2AI score0.01771EPSS
Exploits3Affected Software1
WPVulnDB
WPVulnDB
•added 2021/09/21 12:0 a.m.•21 views

Telefication <= 1.8.0 - Open Relay & Server-Side Request Forgery

The plugin is vulnerable to Open Proxy and Server-Side Request Forgery via the /bypass.php file due to a user-supplied URL request value that gets called by a curl requests...

5.8CVSS2.9AI score0.01333EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
•added 2021/09/20 12:0 a.m.•21 views

Tutor LMS < 1.9.9 - Multiple Admin+ Stored Cross-Site Scripting

The plugin does not escape some of its settings before outputting them in attributes, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. PoC Put the following payload in the Plugin's Settings General "Error message...

4.8CVSS0.4AI score0.00622EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2021/09/15 12:0 a.m.•21 views

YITH Maintenance Mode < 1.3.8 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise the yithmaintenancenewslettersubmitlabel settings, which could allow high privilege users to perform Cross-Site Scripting attacks...

6.9CVSS3.5AI score0.0061EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2021/09/09 12:0 a.m.•21 views

GNU-Mailman Integration <= 1.0.6 - Reflected Cross-Site Scripting

The plugin is vulnerable to Reflected Cross-Site Scripting via the gmerror parameter found in the /includes/admin/mailing-lists-page.php file which allows attackers to inject arbitrary web scripts...

6.1CVSS5.2AI score0.00895EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
•added 2021/09/09 12:0 a.m.•21 views

SMS OVH <= 0.1 - Reflected Cross-Site Scripting

The plugin is vulnerable to Reflected Cross-Site Scripting via the position parameter found in the /sms-ovh-sent.php file which allows attackers to inject arbitrary web scripts...

6.1CVSS4.7AI score0.00782EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
•added 2021/09/09 12:0 a.m.•21 views

WordPress InviteBox Plugin <= 1.4.1 - Reflected Cross-Site Scripting

The plugin is vulnerable to Reflected Cross-Site Scripting via the message parameter found in the /admin/admin.php file which allows attackers to inject arbitrary web scripts...

6.1CVSS5AI score0.00819EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
•added 2021/09/08 12:0 a.m.•21 views

Twitter Friends Widget <= 3.1 - Reflected Cross-Site Scripting

The plugin is vulnerable to Reflected Cross-Site Scripting via the pmcTFuser and pmcTFpassword parameter found in the /twitter-friends-widget.php file which allows attackers to inject arbitrary web scripts...

4.3CVSS4.7AI score0.00895EPSS
Exploits1References1Affected Software1
Total number of security vulnerabilities5000