Lucene search
K
WpvulndbMost viewed

14602 matches found

WPVulnDB
WPVulnDB
added 2021/09/06 12:0 a.m.21 views

Modern Events Calendar Lite < 5.22.2 - Admin+ Stored Cross-Site Scripting

The plugin does not escape some of its settings before outputting them in attributes, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. PoC Go to the plugin Settings Messages Taxonomies...

4.8CVSS0.9AI score0.00598EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2021/09/03 12:0 a.m.21 views

Support Board < 3.3.4 - Multiple Unauthenticated SQL Injections

The plugin does not escape multiple POST parameters such as statuscode, department, userid, conversationid, conversationstatuscode, and recipientid before using them in SQL statements, leading to SQL injections which are exploitable by unauthenticated users. PoC The login-cookie parameter is...

9.8CVSS1.5AI score0.05516EPSS
Exploits3References2Affected Software1
WPVulnDB
WPVulnDB
added 2021/08/30 12:0 a.m.21 views

Countdown Block < 1.1.2 - Missing Authorisation in AJAX action

The plugin does not have authorisation in the ebwriteblockcss AJAX action, which allows any authenticated user, such as Subscriber, to modify post contents displayed to users. v1.1.1 attempt to fix the issue was incomplete, still allowing it to be exploited via a CSRF attack on an admin due to a...

4.3CVSS1.5AI score0.0065EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2021/08/23 12:0 a.m.21 views

Timetable and Event Schedule by MotoPress < 2.4.2 - Unauthorised Event TimeSlot Deletion

The plugin does not have proper access control when deleting a timeslot, allowing any user with the editposts capability contributor+ to delete arbitrary timeslot from any events. Furthermore, no CSRF check is in place as well, allowing such attack to be performed via CSRF against a logged in wit...

4.3CVSS1.6AI score0.01568EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2021/08/17 12:0 a.m.21 views

Fileviewer <= 2.2 - Arbitrary File Upload/Deletion via CSRF

The plugin does not have CSRF checks in place when performing actions such as upload and delete files. As a result, attackers could make a logged in administrator delete and upload arbitrary files via a CSRF attack PoC To delete /phpinfo.php:...

8.8CVSS1.6AI score0.00713EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2021/08/13 12:0 a.m.21 views

Simple Popup Newsletter <= 1.4.7 - Reflected Cross-Site Scripting

The plugin is vulnerable to Reflected Cross-Site Scripting due to the use of $SERVER'PHPSELF' in the /simple-popup-newsletter.php file which allows attackers to inject arbitrary web scripts...

6.1CVSS3.8AI score0.00895EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
added 2021/08/11 12:0 a.m.21 views

Per Page Add to Head < 1.4.4 - CSRF to Stored XSS

The plugin is lacking any CSRF check when saving its settings, which could allow attackers to make a logged in admin change them. Furthermore, as the plugin allows arbitrary HTML to be inserted in one of the setting feature mentioned by the plugin, this could lead to Stored XSS issue which will b...

4.3CVSS2.1AI score0.00483EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2021/08/10 12:0 a.m.21 views

Custom Post View Generator <= 0.4.6 - Reflected Cross-Site Scripting

The createpostpage AJAX action of the plugin available to authenticated user does not sanitise or escape user input before outputting it back in the response, leading to a Reflected Cross-Site issue PoC...

3.5CVSS1AI score0.0062EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2021/07/30 12:0 a.m.21 views

Nifty Newsletters <= 4.0.23 - CSRF to Stored XSS

The plugin is vulnerable to Cross-Site Request Forgery via the solanlwphead function found in the /sola-newsletters.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 4.0.23...

8.8CVSS4.7AI score0.007EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
added 2021/07/27 12:0 a.m.21 views

uListing < 2.0.6 - Multiple CSRF

The plugin is lacking proper CSRF checks in multiple protected actions within wp-admin pages, leaving them vulnerable to CSRF attacks. PoC PoC | CSRF | Add/Edit Pricing Plans: POST /wp-admin/admin-ajax.php HTTP/2 Host: example.com Cookie: agent or admin cookies User-Agent: Mozilla/5.0 Content-Typ...

6.8CVSS0.8AI score0.00429EPSS
Exploits1Affected Software1
WPVulnDB
WPVulnDB
added 2021/07/27 12:0 a.m.21 views

uListing < 2.0.6 - Modify User Roles via CSRF

An Add/Edit User Roles via CSRF vulnerability was discovered in the plugin. Missing WPNonce security tokens https://codex.wordpress.org/WordPressNonces . PoC PoC | CSRF | Add/Edit User Roles: POST /wp-admin/admin-ajax.php HTTP/2 Host: example.com Cookie: cookies User-Agent: Mozilla/5.0...

4.3CVSS0.5AI score0.00428EPSS
Exploits1Affected Software1
WPVulnDB
WPVulnDB
added 2021/07/26 12:0 a.m.21 views

Contact Form 7 Captcha < 0.0.9 - CSRF to Stored XSS

The plugin does not have any CSRF check in place when saving its settings, allowing attacker to make a logged in user with the manageoptions change them. Furthermore, the settings are not escaped when output in attributes, leading to a Stored Cross-Site Scripting issue. PoC All cf7sr parameters a...

6.8CVSS3.3AI score0.00719EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2021/07/26 12:0 a.m.21 views

WP SMS < 5.4.13 - Authenticated Stored Cross-Site Scripting

The plugin does not sanitise the "wpgroupname" parameter before outputting it back in the "Groups" page, leading to an Authenticated Stored Cross-Site Scripting issue WPScanTeam: During the verification of the fixes with the vendor, other payloads and injection points were identified, reported an...

3.5CVSS1.3AI score0.00671EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2021/07/21 12:0 a.m.21 views

Grid Gallery < 1.2.5 - Authenticated Stored Cross Site Scripting (XSS)

The plugin does not properly sanitize the title field for image galleries when adding them via the admin dashboard, resulting in an authenticated Stored Cross-Site Scripting vulnerability. PoC Step 1: Install Grid Gallery - Photo Image Grid Gallery plugin in word press and activate the plugin. St...

3.5CVSS5.1AI score0.0062EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2021/07/19 12:0 a.m.21 views

Wonder Video Embed < 1.8 - Contributor+ Stored XSS

The plugin does not escape parameters of its wonderpluginvideo shortcode, which could allow users with a role as low as Contributor to perform Stored XSS attacks. PoC wonderpluginvideo iframe='youtube.com?v=dQw4w9WgXcQ" onload="alert1'...

3.5CVSS2.9AI score0.00624EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2021/07/19 12:0 a.m.21 views

Profile Builder < 3.4.9 - Admin Access via Password Reset

The plugin has a bug allowing any user to reset the password of the admin of the blog, and gain unauthorised access, due to a bypass in the way the reset key is checked. Furthermore, the admin will not be notified of such change by email for example. PoC The password reset key is checked against...

10CVSS9.7AI score0.07696EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2021/07/19 12:0 a.m.21 views

Shantz WordPress QOTD <= 1.2.2 - Arbitrary Setting Update via CSRF

The plugin is lacking any CSRF check when updating its settings, allowing attackers to make logged in administrators change them to arbitrary values. PoC...

4.3CVSS5.8AI score0.0045EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2021/07/06 12:0 a.m.21 views

Marmoset Viewer < 1.9.3 - Reflected Cross Site Scripting

The plugin does not property sanitize, validate or escape the 'id' parameter before outputting back in the page, leading to a reflected Cross-Site Scripting issue. PoC https://example.com/wp-content/plugins/marmoset-viewer/mviewer.php?id=http://%3C/script%3E%3Csvg/onload=alert1%3E WPScanTeam...

4.3CVSS6AI score0.02897EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2021/07/05 12:0 a.m.21 views

Speed Booster Pack 4.2.0-beta - Authenticated (admin+) RCE

The plugin did not validate its cachingexcludeurls and cachingincludequerystrings settings before outputting them in a PHP file, which could lead to RCE PoC PoC | Authenticated RCE | Caching Exclude URLs / Cached query strings: POST /wp-admin/admin.php?page=sbp-settings HTTP/2 Host: example.com...

6.5CVSS0.3AI score0.01721EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2021/07/05 12:0 a.m.21 views

CSRF Bypass in Multiple Plugins

Multiple plugins are affected by CSRF bypass as they do not properly check for the nonce due to a logic flaw. This could allow attackers to make logged in users do unwanted actions...

4.8AI score
Exploits0References1Affected Software6
WPVulnDB
WPVulnDB
added 2021/06/28 12:0 a.m.21 views

Bookshelf <= 2.0.4 - Authenticated Stored Cross-Site Scripting (XSS)

The plugin does not sanitise or escape its "Paypal email address" setting before outputting it in the page, leading to an authenticated Stored Cross-Site Scripting issue PoC Add the following payload in the "Paypal email address" setting of the plugin /wp-admin/admin.php?page=bookshelf-settings: ...

3.5CVSS1.2AI score0.0062EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2021/06/24 12:0 a.m.21 views

ZoomSounds < 6.05 - Unauthenticated Arbitrary File Upload

The plugin contained a PHP file, allowing unauthenticated users to upload an arbitrary file anywhere on the web server. Note WPScanTeam: It's unclear which version fixed the issue exactly, however we were able to confirm the issue on version as high as v5.96 and that the related file has been...

1.4AI score
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2021/06/21 12:0 a.m.21 views

Sign-up Sheets < 1.0.14 - Authenticated Stored Cross-Site Scripting (XSS)

The plugin did not sanitise or escape some of its fields when creating a new sheet, allowing high privilege users to add JavaScript in them, leading to a Stored Cross-Site Scripting issue. The payloads will be triggered when viewing the 'All Sheets' page in the admin dashboard PoC As admin, add a...

4.8CVSS0.7AI score0.00617EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2021/06/21 12:0 a.m.21 views

Export Users With Meta < 0.6.5 - Authenticated SQL Injection

The plugin did not escape the list of roles to export before using them in a SQL statement in the export functionality, available to admins, leading to an authenticated SQL Injection. PoC POST /wp-admin/users.php?page=uewmsettings HTTP/1.1 Accept:...

7.2CVSS1.4AI score0.01416EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2021/06/21 12:0 a.m.21 views

Include Me <= 1.2.1 - Authenticated Remote Code Execution (RCE) via LFI log poisoning

The plugin is vulnerable to path traversal / local file inclusion, which can lead to Remote Code Execution RCE of the system due to log poisoning and therefore potentially a full compromise of the underlying structure PoC RCE through chaining LFI with log poisoning 1. Path Traversal / Local File...

9CVSS0.04956EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2021/06/21 12:0 a.m.21 views

Prismatic < 2.8 - Contributor+ Stored XSS

The plugin does not sanitise or validate some of its shortcode parameters, allowing users with a role as low as Contributor to set Cross-Site payload in them. A post made by a contributor would still have to be approved by an admin to have the XSS trigger able in the frontend, however, higher...

5.4CVSS1.8AI score0.00624EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2021/05/31 12:0 a.m.21 views

The Plus Addons for Elementor Page Builder < 4.1.10 - Open Redirect

The plugin did not validate a redirect parameter on a specifically crafted URL before redirecting the user to it, leading to an Open Redirect issue. PoC The vulnerable code leading to the open redirect is in the function "redirecttotpcustompasswordreset" in...

6.1CVSS0.3AI score0.02295EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2021/05/27 12:0 a.m.21 views

Side Menu < 3.1.5 - Authenticated (admin+) SQL Injection

The menu delete functionality of the plugin, available to Administrator users takes the did GET parameter and uses it into an SQL statement without proper sanitisation, validation or escaping, therefore leading to a SQL Injection issue PoC GET /wp-admin/admin.php?page=side-menu=del=1%20OR%201=1...

7.2CVSS0.3AI score0.01565EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2021/05/24 12:0 a.m.21 views

iFlyChat – WordPress Chat <= 4.6.4 - Authenticated Stored Cross-Site Scripting (XSS)

The plugin does not sanitise its APP ID setting before outputting it back in the page, leading to an authenticated Stored Cross-Site Scripting issue PoC Step1: Install and activate the plugin "iFlyChat – WordPress Chat-4.6.4" Step2: Enter the following payload in the "APP ID" field of the plugin...

4.8CVSS1AI score0.00613EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2021/05/16 12:0 a.m.21 views

Database Backup for WordPress < 2.4 - Authenticated Persistent Cross-Site Scripting (XSS)

The plugin did not escape the backuprecipient POST parameter in before output it back in the attribute of an HTML tag, leading to a Stored Cross-Site Scripting issue. PoC POST /wp-admin/tools.php?page=wp-db-backup HTTP/1.1 Host: example.com User-Agent: Mozilla/5.0 Content-Type:...

5.4CVSS5.3AI score0.00703EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2021/04/13 12:0 a.m.21 views

CM Download Manager < 2.8.0 - Authenticated Arbitrary File Deletion

The plugin may allow authorized users to delete arbitrary files and possibly cause a denial of service via the fileName parameter in a deletescreenshot action...

5.5CVSS4.5AI score0.01673EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2021/04/08 12:0 a.m.21 views

Stop Spammers < 2021.9 - Reflected Cross-Site Scripting (XSS)

The plugin did not escape user input when blocking requests such as matching a spam word, outputting it in an attribute after sanitising it to remove HTML tags, which is not sufficient and lead to a reflected Cross-Site Scripting issue. PoC From an IP not in the Allow List...

4.3CVSS0.1AI score0.05721EPSS
Exploits5References1Affected Software1
WPVulnDB
WPVulnDB
added 2021/03/28 12:0 a.m.21 views

Advanced Booking Calendar < 1.6.7 - Authenticated Reflected Cross-Site Scripting (XSS)

The plugin did not sanitise the calId GET parameter in the "Seasons & Calendars" page before outputing it in an A tag, leading to a reflected XSS issue PoC Payloads: - Original reporter:...

3.5CVSS1.1AI score0.00691EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2021/03/25 12:0 a.m.21 views

Facebook for WordPress 3.0.0-3.0.3 - CSRF to Stored XSS and Settings Deletion

The wpajaxsavefbesettings and wpajaxdeletefbesettings AJAX actions of the plugin were vulnerable to CSRF due to a lack of nonce protection. The settings in the saveFbeSettings function had no sanitization allowing for script tags to be saved. PoC CSRF to XSS CSRF to Delete settings...

6.8CVSS2.6AI score0.00699EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2021/03/17 12:0 a.m.21 views

Elementor < 3.1.2 - Authenticated Stored Cross-Site Scripting (XSS) in Image Box Widget

In the plugin, the image box widget includes/widgets/image-box.php accepts a ‘titlesize’ parameter. Although the element control lists a fixed set of possible html tags, it is possible for a user with Contributor or above permissions to send a modified ‘savebuilder’ request containing JavaScript ...

3.5CVSS0.3AI score0.00746EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2021/03/16 12:0 a.m.21 views

wpDataTables < 3.4.2 - Improper Access Control leading to Table Permission Takeover

The plugin has Improper Access Control. A low privilege authenticated user that visits the page where the table is published can tamper the parameters to access the data of another user that are present in the same table by taking over the user permissions on the table through formdatawdtID...

5.5CVSS3.9AI score0.01237EPSS
Exploits0References2Affected Software1
WPVulnDB
WPVulnDB
added 2021/03/10 12:0 a.m.21 views

Database Backups <= 1.2.2.6 - CSRF to Backup Download

The plugin does not have CSRF checks, allowing attackers to make a logged in user unwanted actions, such as generate backups of the database, change the plugin's settings and delete backups. When generating a backup, the file is created in the /wp-content/uploads/database-backups directory, with ...

5.8CVSS1.5AI score0.03218EPSS
Exploits5Affected Software1
WPVulnDB
WPVulnDB
added 2021/02/22 12:0 a.m.21 views

QuadMenu < 2.0.7 - Unauthenticated RCE via compiler_save

The compilersave AJAX action, available to both authenticated and unauthenticated users did not check the extension of the imported file, and had the nonce used for CSRF check displayed in the homepage. This could allow unauthenticated users to create an arbitrary PHP file on the blog, leading to...

2.8AI score
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2021/02/10 12:0 a.m.22 views

Responsive Menu < 4.0.4 - CSRF to Settings Update

"Attackers could craft a request and trick an administrator into importing all new settings. These settings could be modified to include malicious JavaScript, therefore allowing an attacker to inject payloads that could aid in further infection of the site." PoC...

4.1AI score0.00796EPSS
Exploits2References1Affected Software2
WPVulnDB
WPVulnDB
added 2021/02/08 12:0 a.m.21 views

Contact Form by Supsystic < 1.7.11 - Authenticated SQL Injections

The GET parameters sidx and sord were used in a SQL statement without being sanitised when searching for Forms in the dashboard, leading to an authenticated SQL Injection issues. PoC...

0.6AI score
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2021/02/08 12:0 a.m.21 views

Newsletter by Supsystic <= 1.5.6 - Authenticated SQL Injection

The GET parameter "sidx" is used in a SQL statement without being sanitised when searching for subscribers in the dashboard, leading to an authenticated SQL Injection issue. PoC The PoC will be displayed once the issue has been remediated...

2.7AI score
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2021/02/02 12:0 a.m.21 views

Popup Builder < 3.74 - Authenticated Reflected Cross-Site Scripting (XSS)

The "All Subscribers" setting page of Popup Builder was vulnerable to reflected Cross-Site Scripting. PoC http://example.com/wp-admin/edit.php?posttype=popupbuilder=sgpbSubscribers&sgpb-subscribers-date;=%22%3E%3Cscript%3Ealert%28origin%29%3C%2Fscript%3E Video:...

0.6AI score0.00734EPSS
Exploits1Affected Software1
WPVulnDB
WPVulnDB
added 2021/02/01 12:0 a.m.21 views

WP Editor < 1.2.7 - Authenticated SQL injection

The plugin did not sanitise or validate its setting fields leading to an authenticated admin+ blind SQL injection issue via an arbitrary parameter when making a request to save the settings. PoC https://drive.google.com/file/d/1KT4lHePmYuX36jvA4AEQ1MVDwJBlZOO/view?usp=sharing payload:...

1.2AI score0.00771EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2021/01/05 12:0 a.m.21 views

Stripe Payments < 2.0.40 - Authenticated Stored Cross-Site Scripting (XSS)

The Stripe Payments WordPress plugin, version 2.0.39 and possibly below, was vulnerable to Stored Cross-Site Scripting XSS in the plugin's currencycode settings parameter. The form did require a valid CSRF nonce, limiting the exploitability of the vulnerability...

1.8AI score
Exploits0References3Affected Software1
WPVulnDB
WPVulnDB
added 2020/11/20 12:0 a.m.21 views

Anti-Spam by CleanTalk < 5.149 - Multiple Authenticated SQL Injections

Multiple authenticated SQL injections in the Anti-Spam by CleanTalk plugin 5.148 exist, however, it requires high privilege user admin+. PoC Vulnerable functions: removeLogs and removeSpam at: lib/Cleantalk/ApbctWP/FindSpam/ListTable/Users.php Sleep query: POST...

2.1AI score0.01444EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2020/09/06 12:0 a.m.21 views

Constant Contact Forms < 1.8.8 - Multiple Authenticated Stored XSS

Multiple stored cross-site scripting vulnerabilities in Constant Contact Forms for WordPress 1.8.7 and lower allow high-privileged user Editor+ to inject arbitrary Javascript code or HTML in posts where the malicious form is embed. PoC High-privileged user Editor+ can exploit XSS via Add New Form...

5.2AI score0.00654EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2020/08/31 12:0 a.m.21 views

WP Floating Menu < 1.4.1 - Authenticated Reflected Cross-Site Scripting

The id GET parameter used by WP Floating menu does not correctly sanitise user input before reflecting the parameter back to the user, resulting in a reflected XSS vulnerability. Other sanitisation have been added to prevent other XSS issues as well as potential SQL injections. PoC...

4.3CVSS1.6AI score0.00934EPSS
Exploits2References2Affected Software1
WPVulnDB
WPVulnDB
added 2020/08/14 12:0 a.m.21 views

Sell Media < 2.4.2 - Unauthenticated Reflected Cross-Site Scripting (XSS)

A Cross-site scripting XSS vulnerability in /inc/class-search.php in the Sell Media plugin v2.4.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the keyword parameter aka $searchterm or the Search field. PoC https://example.com/sell-media-search/?keyword="...

4.3CVSS3.6AI score0.09221EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
added 2020/07/18 12:0 a.m.21 views

Email Subscribers & Newsletters < 4.5.1 - Cross-site Request Forgery in send_test_email()

An attacker could exploit this issue by convincing a user to click a specially crafted URL, which will send emails from the affected user’s WordPress email account. PoC https://github.com/tenable/poc/blob/master/WordPress/plugins/Icegram/emailsubscribersandnewsletters/csrfpoc.html...

4.3CVSS2AI score0.00917EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2020/06/28 12:0 a.m.21 views

ACF to REST API < 3.3.0 - Unauthenticated Arbitrary wp_options Disclosure

The plugin does not properly check for authorisation and allowed options to be retrieved from the wp-json/acf/v3/options/ endpoint. This could allow unauthenticated attacker to retrieve arbitrary values from the wpoptions table, such as a list of active plugins. PoC List all active plugins of the...

5CVSS3.4AI score0.13463EPSS
Exploits2References2Affected Software1
Total number of security vulnerabilities5000