Lucene search
K
WpvulndbMost viewed

14602 matches found

WPVulnDB
WPVulnDB
added 2022/09/23 12:0 a.m.46 views

SEO Redirection < 9.1 - 404 Error & History Deletion via CSRF

The plugin does not have CSRF check when deleting 404 errors and history, which could allow attackers to make logged in admins delete them via CSRF attacks...

5.4CVSS4.4AI score0.00258EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2022/02/08 12:0 a.m.46 views

PHP Everywhere < 3.0.0 - Contributor+ RCE via Gutenberg Block

The plugin allows any users with a role as low as contributor to execute PHP via the Gutenberg Block of the plugin in posts...

9.9CVSS5.5AI score0.026EPSS
Exploits3References1Affected Software1
WPVulnDB
WPVulnDB
added 2021/12/14 12:0 a.m.46 views

All In One SEO < 4.1.5.3 - Authenticated SQL Injection

The plugin is affected by an authenticated SQL injection issue, which was discovered during an internal audit by the Jetpack Scan team, and could grant attackers access to privileged information from the affected site’s database e.g., usernames and hashed passwords...

6.5CVSS2.9AI score0.01291EPSS
Exploits1References2Affected Software1
WPVulnDB
WPVulnDB
added 2020/07/28 12:0 a.m.46 views

Comments - wpDiscuz 7.0.0 - 7.0.4 - Unauthenticated Arbitrary File Upload

This flaw gave unauthenticated attackers the ability to upload arbitrary files, including PHP files, and achieve remote code execution on a vulnerable site’s server. PoC POST /wp-admin/admin-ajax.php HTTP/1.1 Host: URL Content-Length: 774 Accept: / X-Requested-With: XMLHttpRequest User-Agent:...

7.5CVSS0.4AI score0.94535EPSS
Exploits19References2Affected Software1
WPVulnDB
WPVulnDB
added 2019/08/07 12:0 a.m.46 views

JoomSport <= 3.3 - SQL Injection

The JoomSport – for Sports: Team & League, Football, Hockey & more WordPress plugin was affected by a SQL Injection security vulnerability...

7.5CVSS1.8AI score0.21091EPSS
Exploits5References2Affected Software1
WPVulnDB
WPVulnDB
added 2015/10/09 12:0 a.m.46 views

WPBakery Page Builder < 4.7.4 - Multiple Unspecified Cross-Site Scripting (XSS)

The jscomposer WordPress plugin was affected by a Multiple Unspecified Cross-Site Scripting XSS security vulnerability...

2.2AI score
Exploits0References2Affected Software1
WPVulnDB
WPVulnDB
added 2015/04/29 12:0 a.m.46 views

TheCartPress <= 1.3.9 - Multiple Vulnerabilities

The TheCartPress eCommerce Shopping Cart WordPress plugin was affected by a Multiple Vulnerabilities security vulnerability...

5CVSS1.6AI score0.21841EPSS
Exploits9References4Affected Software1
WPVulnDB
WPVulnDB
added 2015/03/13 12:0 a.m.46 views

WooCommerce 2.3 - 2.3.5 - SQL Injection

The WooCommerce WordPress plugin was affected by a 2.3.5 - SQL Injection security vulnerability...

4.3CVSS2.6AI score0.01176EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2014/08/01 10:59 a.m.46 views

Meta Slider <= 2.5 - Cross-Site Scripting (XSS)

The Responsive Slider by MetaSlider – Slider and Carousel Plugin for WordPress WordPress plugin was affected by a Cross-Site Scripting XSS security vulnerability...

4.3CVSS1.3AI score0.01618EPSS
Exploits1References3Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/17 12:0 a.m.45 views

Unyson < 2.7.31 - Cross-Site Request Forgery

Description The Unyson plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.7.30. This is due to missing or incorrect nonce validation on an unknown function. This makes it possible for unauthenticated attackers to perform an unknown action...

5.4CVSS6.1AI score0.00249EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/02/16 12:0 a.m.45 views

Bricks < 1.9.6.1 - Unauthenticated Remote Code Execution

Description The Bricks theme for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.9.6. This makes it possible for unauthenticated attackers to execute code on the server...

10CVSS7.8AI score0.88234EPSS
Exploits18References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/05 12:0 a.m.45 views

Login Lockdown < 2.07 - Admin+ SQLi

Description The plugin does not properly sanitise and escape the iDisplayStart parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin...

7.6CVSS7.7AI score0.00584EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/10/13 12:0 a.m.45 views

WP < 6.3.2 - Unauthenticated Post Author Email Disclosure

Description WordPress does not properly restrict which user fields are searchable via the REST API. PoC from multiprocessing import Pool import requests import string import json import sys if lensys.argv != 2: printf'USAGE: sys.argv0 ' sys.exit url = sys.argv1.rstrip'/' + '/wp-json/wp/v2/users'...

5.3CVSS5.4AI score0.03862EPSS
Exploits4References2
WPVulnDB
WPVulnDB
added 2023/10/13 12:0 a.m.45 views

WP 5.6-6.3.1 - Contributor+ Stored XSS via Navigation Block

Description WordPress does not escape some of its Navigation block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

6.5CVSS5.5AI score0.00788EPSS
Exploits1References1
WPVulnDB
WPVulnDB
added 2023/10/12 12:0 a.m.45 views

Oxygen Builder < 4.4 - CSRF

Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...

8.8CVSS6.5AI score0.00208EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/07/25 12:0 a.m.45 views

Freemius SDK < 2.5.10 - Reflected Cross-Site Scripting

Description The Freemius SDK for WordPress does not adequately sanitize inputs or escape outputs, leading to Reflected Cross-Site Scripting. This directly affects over 1000 plugins and themes that use this SDK...

7AI score0.00284EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/05/31 12:0 a.m.45 views

File Manager Advanced Shortcode <= 2.3.2 - Unauthenticated Remote Code Execution through shortcode

The plugin does not adequately prevent uploading files with disallowed MIME types when using the shortcode. This leads to RCE in cases where the allowed MIME type list does not include PHP files. In the worst case, this is available to unauthenticated users. PoC 1. Add the following shortcode to ...

9.8CVSS9.2AI score0.3962EPSS
Exploits8Affected Software1
WPVulnDB
WPVulnDB
added 2022/10/18 12:0 a.m.45 views

WP < 6.0.3 - Stored XSS via wp-mail.php

Description WordPress does not properly sanitize some parameters when receiving a post by email, which could lead to Stored Cross-Site Scripting issue...

6.2AI score
Exploits0References2
WPVulnDB
WPVulnDB
added 2021/02/05 12:0 a.m.45 views

Name Directory < 1.18 - Cross-Site Request Forgery (CSRF)

The plugin was affected by CSRF issues, allowing attackers to make a logged in administrator perform unwanted actions...

5.6AI score
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2020/03/05 12:0 a.m.45 views

RegistrationMagic – Custom Registration Forms and User Login < 4.6.0.4 - Multiple Critical Issues

These allowed an attacker with subscriber-level permissions to elevate their account’s privileges to those of an administrator and to export every form on the site, including all the data that had been submitted to them in the past. Additionally, through a number of unprotected AJAX actions, an...

6.8CVSS2.2AI score0.02533EPSS
Exploits5References1Affected Software1
WPVulnDB
WPVulnDB
added 2020/02/19 12:0 a.m.45 views

Duplicator 1.3.24 & 1.3.26 - Unauthenticated Arbitrary File Download

The issue is being actively exploited, and allows attackers to download arbitrary files, such as the wp-config.php file. According to the vendor, the vulnerability was only in two versions v1.3.24 and v1.3.26, the vulnerability wasn't present in versions 1.3.22 and before. PoC...

5CVSS3.3AI score0.97822EPSS
Exploits11References5Affected Software2
WPVulnDB
WPVulnDB
added 2017/05/02 12:0 a.m.45 views

Avada Theme <= 5.1.4 - Stored Cross-Site Scripting (XSS) & CSRF

Description The Avada WordPress theme was affected by a Stored Cross-Site Scripting XSS & CSRF security vulnerability. PoC http://cdn.wphutte.com/Avada/5.1.4/xss.html http://cdn.wphutte.com/Avada/5.1.4/csrf.html...

8.8CVSS6.5AI score0.00907EPSS
Exploits1References2
WPVulnDB
WPVulnDB
added 2024/04/15 12:0 a.m.44 views

Icegram Express - Email Subscribers, Newsletters and Marketing Automation Plugin < 5.7.15 - Unauthenticated SQL Injection

Description The Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce plugin for WordPress is vulnerable to SQL Injection via the 'run' function of the 'IGESSubscribersQuery' class in all versions up to, and including, 5.7.14 due to insufficie...

9.8CVSS7.1AI score0.80596EPSS
Exploits4References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/02/29 12:0 a.m.44 views

LiteSpeed Cache < 5.7.0.1 - Unauthenticated Stored XSS

Description The plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'nameservers' and 'msg' parameters due to insufficient input sanitization and output escaping, allowing unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user...

8.3CVSS8.2AI score0.54872EPSS
Exploits5References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/03 12:0 a.m.44 views

Store Locator WordPress < 1.4.15 - Admin+ Arbitrary File Deletion

Description The plugin is vulnerable to Directory Traversal, allowing authenticated attackers, with administrator access and above, to delete arbitrary files...

6.8CVSS7AI score0.00617EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/29 12:0 a.m.44 views

Footer Putter <= 6.1.3 - Reflected Cross-Site Scripting

Description The Footer Putter plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via an unknown parameter in all versions up to, and including, 6.1.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

7.1CVSS6.5AI score0.00437EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2023/11/28 12:0 a.m.44 views

Decorator - WooCommerce Email Customizer < 1.2.8 - Cross-Site Request Forgery

Description The Decorator – WooCommerce Email Customizer plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.7. This is due to missing nonce validation on several functions such as ajaxreset, wtdecoratorbuttontext, wtdecoratorsetasdefault, an...

8.8CVSS6.6AI score0.00305EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/23 12:0 a.m.44 views

Bamboo Columns <= 1.6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

Description The Bamboo Columns plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.6.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inje...

6.5CVSS7.9AI score0.00416EPSS
Exploits1References1
WPVulnDB
WPVulnDB
added 2023/11/23 12:0 a.m.44 views

Master Slider Pro <= 3.6.5 - Authenticated (Editor+) SQL Injection

Description The Master Slider Pro plugin for WordPress is vulnerable to SQL Injection via an unknown parameter in all versions up to, and including, 3.6.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possib...

8.8CVSS8.9AI score0.00697EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2023/07/24 12:0 a.m.44 views

WordPress Database Administrator <= 1.0.3 - Unauthenticated SQL Injection

Description The plugin does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection. PoC Run the command: curl -i -s -k -X POST --data-binary...

9.6AI score0.0084EPSS
Exploits2
WPVulnDB
WPVulnDB
added 2023/02/13 12:0 a.m.44 views

WooCommerce Checkout Field Manager < 18.0 - Unauthenticated Arbitrary File Upload

The plugin does not validate files to be uploaded, which could allow unauthenticated attackers to upload arbitrary files such as PHP on the server PoC 1. Install and activate woocommerce dependency, no setup required 2. Install and active the vulnerable plugin n-media-woocommerce-checkout-fields...

9.8CVSS9.4AI score0.04427EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/08/03 12:0 a.m.44 views

MailChimp for Woocommerce < 2.7.1 - Subscriber+ SSRF

The plugin has an AJAX action that allows any logged in users such as subscriber to perform a POST request on behalf of the server to the internal network/LAN, the body of the request is also appended to the response so it can be used to scan private network for example PoC As any logged in user:...

4.3CVSS4.5AI score0.00585EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/03/11 12:0 a.m.44 views

WordPress (5.9-5.9.1) / Gutenberg (9.8.0-12.7.1) - Contributor+ Stored Cross-Site Scripting

Description Post authors are able to bypass KSES restrictions in WordPress = 5.9 and or Gutenberg = 9.8.0 due to the order filters are executed, which could allow them to perform to Stored Cross-Site Scripting attacks PoC As a user without the UNFILTEREDHTML capability, create a post containing t...

6.3AI score
Exploits0References1
WPVulnDB
WPVulnDB
added 2021/05/09 12:0 a.m.44 views

All in One SEO Pack < 4.1.0.2 - Admin RCE via unserialize

The plugin enables authenticated users with "aioseotoolssettings" privilege most of the time admin to execute arbitrary code on the underlying host. Users can restore plugin's configuration by uploading a backup .ini file in the section "Tool Import/Export". However, the plugin attempts to...

9CVSS0.6AI score0.53274EPSS
Exploits3References1Affected Software1
WPVulnDB
WPVulnDB
added 2019/05/08 12:0 a.m.44 views

GravityForms < 2.4.9 - Hashed Password Leakage

The gravityforms WordPress plugin was affected by a Hashed Password Leakage security vulnerability...

5CVSS1AI score0.0183EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2019/03/01 12:0 a.m.44 views

Freemius Library < 2.2.4 - Subscriber+ Arbitrary Option Update

Description The library, used in numerous plugins, does not have proper authorisation when updating blog options, allowing any authenticated users, such as subscriber to update arbitrary options PoC As any authenticated user: Enable new user registrations:...

7.1AI score
Exploits0References4
WPVulnDB
WPVulnDB
added 2018/02/05 12:0 a.m.44 views

WordPress <= 4.9.4 - Application Denial of Service (DoS) (unpatched)

Description An application Denial of Service DoS was found to affect WordPress versions 4.9.4 and below. We are not aware of a patch for this issue...

7.5CVSS7.3AI score0.73098EPSS
Exploits11References3
WPVulnDB
WPVulnDB
added 2015/06/12 12:0 a.m.44 views

Yoast SEO <= 2.1.1 - Authenticated Stored DOM XSS

The "snippet preview" functionality of the Yoast WordPress SEO plugin was susceptible to cross-site scripting in versions before 2.2. PoC Vulnerable URL: /wp-admin/post-new.php?posttitle= Vulnerable Code wordpress-seo/js/wp-seo-metabox.js: function ystcleanstr if str == '' || str == undefined...

4.3CVSS0.3AI score0.03206EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2015/04/20 12:0 a.m.44 views

Multiple iThemes plugins, themes and add-ons - XSS via add_query_arg() and remove_query_arg()

...

4.3CVSS2.7AI score0.0095EPSS
Exploits0References2Affected Software17
WPVulnDB
WPVulnDB
added 2024/05/06 12:0 a.m.43 views

Contact Form by WPForms – Drag & Drop Form Builder for WordPress < 1.8.8.2 - Unauthenticated Price Manipulation

Description The Contact Form by WPForms – Drag & Drop Form Builder for WordPress is vulnerable to price manipulation. This is due to a lack of controls on several product parameters, making it possible for unauthenticated attackers to manipulate prices, product information, and quantities for...

5.3CVSS7AI score0.00679EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/17 12:0 a.m.43 views

WP Show Posts < 1.1.6 - Improper Authorization to Information Exposure

Description The WP Show Posts plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on multiple AJAX functions in all versions up to, and including, 1.1.5. This makes it possible for authenticated attackers, with subscriber access and above, to view...

4.3CVSS6.5AI score0.00375EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/03/13 12:0 a.m.43 views

WP Statistics < 14.5.1 - Unauthenticated Stored Cross-Site Scripting

Description The plugin does not properly escape visited URLs which are reflected on the plugin's dashboard. PoC Visit one same page multiple times so it makes it to the most visited pages, adding the following "utmid" parameter to it:...

7.2CVSS6.9AI score0.67723EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/04 12:0 a.m.43 views

LearnPress < 4.2.5.8 - Unauthenticated Command Injection

Description The LearnPress plugin for WordPress is vulnerable to Command Injection in all versions up to, and including, 4.2.5.7 via the getcontent function. This is due to the plugin making use of the calluserfunc function with user input. This makes it possible for unauthenticated attackers to...

9.8CVSS8AI score0.08544EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/23 12:0 a.m.43 views

Contact Form builder with drag & drop - Kali Forms < 2.3.29 - Missing Authorization via get_log

Description The Contact Form builder with drag & drop - Kali Forms plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the getlog function in versions up to, and including, 2.3.28. This makes it possible for authenticated attackers, with subscriber-level...

6.7AI score0.00447EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/23 12:0 a.m.43 views

Charitable < 1.7.0.14 - Authenticated(Contributor+) Stored Cross-Site Scripting

Description The Charitable plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in versions up to, and including, 1.7.0.13 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

6.5CVSS5.9AI score0.00441EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/23 12:0 a.m.43 views

Vertical scroll recent post <= 14.0 - Cross-Site Request Forgery via vsrp_admin_options

Description The Vertical scroll recent post plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 14.0. This is due to missing or incorrect nonce validation on the 'vsrpadminoptions' function. This makes it possible for unauthenticated attackers to...

8.8CVSS6.6AI score0.0028EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2023/04/10 12:0 a.m.43 views

Download Manager Pro < 6.3.0 - Unauthenticated Sensitive Information Disclosure

The plugin leaks master key information without the need for a password, allowing attackers to download arbitrary password-protected package files. PoC - Create a password protected package containing one or more files. - Navigate to the download page of the package e.g. /download/package1 -...

7.5CVSS7.7AI score0.00738EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/03/07 12:0 a.m.43 views

Menu Image, Icons made easy < 3.0.8 - Subscriber+ Stored Cross-Site Scripting

The plugin does not have authorisation and CSRF checks when saving menu settings, and does not validate, sanitise and escape them. As a result, any authenticate users, such as subscriber can update the settings or arbitrary menu and put Cross-Site Scripting payloads in them which will be triggere...

5.4CVSS0.5AI score0.00595EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/02/07 12:0 a.m.43 views

All-in-One WP Migration < 7.41 - Admin+ Arbitrary File Upload to RCE

The plugin does not validate uploaded files' extension, which allows administrators to upload PHP files on their site, even on multisite installations. PoC To reproduce: - Log in, Click all in one WP migration import to use the import from file function. - Intercept wp-admin/admin-...

7.2CVSS1.8AI score0.01687EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2021/06/28 12:0 a.m.43 views

W3 Total Cache < 2.1.4 - Reflected XSS in Extensions Page (Attribute Context)

The plugin was vulnerable to a reflected Cross-Site Scripting XSS security vulnerability within the "extension" parameter in the Extensions dashboard, which is output in an attribute without being escaped first. This could allow an attacker, who can convince an authenticated admin into clicking a...

4.3CVSS0.2AI score0.01905EPSS
Exploits2Affected Software1
Total number of security vulnerabilities5000