Lucene search
K
WpvulndbMost viewed

14602 matches found

WPVulnDB
WPVulnDB
added 2024/01/26 12:0 a.m.20 views

WordPress Simple Shopping Cart < 4.7.2 - Authenticated(Administrator+) Stored Cross-Site Scripting

Description The WordPress Simple Shopping Cart plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the automatic redirect URL setting in all versions up to and including 4.7.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

4.3CVSS5.7AI score0.00304EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/24 12:0 a.m.20 views

FreshMail For WordPress <= 2.3.2 - Cross-Site Request Forgery

Description The FreshMail For WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.3.2. This is due to missing nonce validation function. This makes it possible for unauthenticated attackers to perform an unauthorized action via a forged...

8.8CVSS6.2AI score0.00208EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/01/24 12:0 a.m.20 views

Advanced Database Cleaner < 3.1.4 - Administrator+ PHP Object Injection

Description The plugin is vulnerable to PHP Object Injection via deserialization of untrusted input in the 'processbulkaction' function. This makes it possible for authenticated attacker, with administrator access and above, to inject a PHP Object. No POP chain is present in the vulnerable plugin...

5.8CVSS7.4AI score0.01139EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/24 12:0 a.m.20 views

SalesKing < 1.6.30 - Unauthenticated Privilege Escalation

Description The plugin is vulnerable to privilege escalation. This allows unauthenticated attackers to create arbitrary malicious administrator accounts...

7AI score0.00585EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/23 12:0 a.m.20 views

Advanced Page Visit Counter <= 8.0.6 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC 1. Visit the "Settings" interface...

4.8AI score0.00318EPSS
Exploits2
WPVulnDB
WPVulnDB
added 2024/01/19 12:0 a.m.20 views

Better Anchor Links <= 1.7.5 - Cross-Site Request Forgery via admin/options.php

Description The Better Anchor Links plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.5. This is due to missing or incorrect nonce validation on the admin/options.php file. This makes it possible for unauthenticated attackers to update the...

7.1CVSS6.3AI score0.00176EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/01/19 12:0 a.m.20 views

Image Tag Manager <= 1.5 - Reflected Cross-Site Scripting via default_class

Description The Image Tag Manager plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'defaultclass’ parameter in versions up to, and including, 1.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

7.1CVSS6.2AI score0.00331EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/01/19 12:0 a.m.20 views

Splashscreen <= 0.20 - Settings Update via CSRF

Description The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack PoC...

9.3AI score0.00221EPSS
Exploits2References1
WPVulnDB
WPVulnDB
added 2024/01/18 12:0 a.m.20 views

Profile Builder Pro < 3.10.1 - Reflected Cross-Site Scripting

Description The Profile Builder Pro plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via an unknown parameter in versions up to, and including, 3.10.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

7.1CVSS6.3AI score0.00331EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/17 12:0 a.m.20 views

MapPress Maps for WordPress < 2.88.16 - Unauthenticated Arbitrary Private/Draft Post Disclosure

Description The plugin does not ensure that posts to be retrieve via an AJAX action is a public map, allowing unauthenticated users to read arbitrary private and draft posts. The fix made in 2.88.15 is not sufficient as it still allowed any authenticated users, such s subscriber to read arbitrary...

6.4AI score0.00568EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/16 12:0 a.m.20 views

Contact Form 7 Extension For Mailchimp <= 0.5.70 - Subscriber+ Server-Side Request Forgery

Description The plugin is vulnerable to Server-Side Request Forgery in all versions up to, and including, 0.5.70. This makes it possible for authenticated attackers, with subscriber-level access and above, to make web requests to arbitrary locations originating from the web application which can ...

6.5CVSS6.4AI score0.00277EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/01/12 12:0 a.m.20 views

Quiz Maker < 6.5.1.2 - Missing Authorization

Description The Quiz Maker plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in versions up to, and including, 6.5.1.1. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform unauthorized actio...

6.2AI score0.00444EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/12 12:0 a.m.20 views

Contact Form 7 – Dynamic Text Extension < 4.2.0 - Insecure Direct Object Reference

Description The plugin is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.1.0 via the CF7getcustomfield and CF7getcurrentuser shortcodes due to missing validation on a user controlled key. This makes it possible for authenticated attackers with contributor...

4.3CVSS6.7AI score0.00349EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/12 12:0 a.m.20 views

RSS Aggregator by Feedzy < 4.3.3 - Missing Authorization

Description The plugin is vulnerable to unauthorized settings update due to a missing capability check when updating settings in all versions up to, and including, 4.3.2. This makes it possible for authenticated attackers, with author-level access or above to change the plugin's settings includin...

5.4CVSS6.5AI score0.00287EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/12 12:0 a.m.20 views

The Events Calendar < 6.2.9 - Unauthenticated Sensitive Information Exposure

Description The plugin is vulnerable to Sensitive Information Exposure in all versions up to, and including, 6.2.8.2 via the route function hooked into wpajaxnoprivtribedropdown. This makes it possible for unauthenticated attackers to extract potentially sensitive data including post titles and I...

5.3CVSS6.4AI score0.00562EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/11 12:0 a.m.20 views

Envira Gallery Lite < 1.8.7.3 - Missing Authorization to Gallery Modification via envira_gallery_insert_images

Description The plugin is vulnerable to unauthorized modification of data due to an improper capability check on the 'enviragalleryinsertimages' function in all versions up to, and including, 1.8.7.1. This makes it possible for authenticated attackers, with contributor access and above, to modify...

4.3CVSS6.5AI score0.00406EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/10 12:0 a.m.20 views

Formidable Forms < 6.7.1 - HTML Injection

Description The plugin is vulnerable to HTML injection in versions up to, and including, 6.7. This vulnerability allows unauthenticated users to inject arbitrary HTML code into form fields. When the form data is viewed by an administrator in the Entries View Page, the injected HTML code is...

6.5CVSS7.1AI score0.00393EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/10 12:0 a.m.20 views

EventON (Free < 2.2.8, Premium < 4.5.5) - Unauthenticated Email Address Disclosure

Description The plugins do not have authorisation in an AJAX action, allowing unauthenticated users to retrieve email addresses of any users on the blog PoC To get the administrator user emails: curl -X POST --data 'userrole=administrator'...

5.3CVSS5.3AI score0.37957EPSS
Exploits3Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/05 12:0 a.m.20 views

Uncode Core < 2.8.9 - Privilege Escalation

Description The Uncode Core plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 2.8.8. This makes it possible for subscribers to escalate their privileges to those of a higher level account...

8.8CVSS7.5AI score0.00551EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/05 12:0 a.m.20 views

Oxygen Builder < 4.8.1 - Contributor+ Stored XSS

Description The plugin is vulnerable to Stored Cross-Site Scripting via a custom field due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execut...

6.4CVSS5.8AI score0.00315EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/05 12:0 a.m.20 views

Paid Member Subscriptions < 2.10.5 - Cross-Site Request Forgery via ajax_add_log_entry

Description The Paid Member Subscriptions plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.10.4. This is due to missing or incorrect nonce validation on the ajaxaddlogentry function. This makes it possible for unauthenticated attackers to modify...

8.8CVSS6.6AI score0.00227EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/05 12:0 a.m.20 views

TerraClassifieds <= 2.0.3 Unauthenticated Arbitrary File Upload

Description The TerraClassifieds – Simple Classifieds Plugin plugin for WordPress is vulnerable to arbitrary file uploads in all versions up to, and including, 2.0.3. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote...

10CVSS8.2AI score0.00617EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/01/05 12:0 a.m.20 views

EventON < 4.4.1 - Reflected Cross-Site Scripting

Description The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin PoC Make a logged in admin open a page containing one of the code below: 2.6.x the cmon...

6.1CVSS6AI score0.00426EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/05 12:0 a.m.20 views

MStore API < 4.10.2 - Cross-Site Request Forgery

Description The MStore API plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to 4.10.2 exclusive. This is due to missing or incorrect nonce validation in the templates/admin/mstore-api-admin-dashboard.php file. This makes it possible for unauthenticated attackers...

8.8CVSS6.4AI score0.00221EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/05 12:0 a.m.20 views

Impreza < 8.18 - Reflected Cross-Site Scripting

Description The Impreza – WordPress Website and WooCommerce Builder plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via an unknown parameter in all versions up to, and including, 8.17.4 due to insufficient input sanitization and output escaping. This makes it possible for...

7.1CVSS6.5AI score0.00351EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/05 12:0 a.m.20 views

WP Remote Site Search < 1.0.5 - Authenticated (Contributor+) Stored Cross-Site Scripting

Description The WP Remote Site Search plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 1.0.4 due to insufficient input sanitization and output escaping on the 'maxresults' user supplied attribute. This makes it...

6.5CVSS6AI score0.00328EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/05 12:0 a.m.20 views

Everest Forms < 2.0.5 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5.9CVSS5.9AI score0.00336EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/04 12:0 a.m.20 views

Rate my Post < 3.4.3 - IP Spoofing

Description The Rate my Post – WP Rating System plugin for WordPress is vulnerable to IP Address Spoofing in all versions up to, and including, 3.4.2 due to insufficient IP address validation and use of user-supplied HTTP headers as a primary method for IP retrieval. This makes it possible for...

7AI score0.00435EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/04 12:0 a.m.20 views

iFrame < 4.9 - Contributor+ Stored XSS

Description The plugin does not sanitise and escape the srcdoc parameter, which could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks, however given that the malicious JS is limited to the scope of the iframe, there is no practical way to make users su...

6.5CVSS5.8AI score0.00328EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/03 12:0 a.m.20 views

Ultimate Addons for Beaver Builder < 1.35.15 - Contributor+ Privilege Escalation

Description The Ultimate Addons for Beaver Builder plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.35.14. This makes it possible for authenticated attackers, with contributor access and above, to escalate their privileges to those of a higher lev...

7AI score0.00547EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/03 12:0 a.m.20 views

WP Social Bookmark Menu <= 1.2 - Settings Update via CSRF

Description The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack. PoC...

8.8CVSS9.3AI score0.00329EPSS
Exploits2References1
WPVulnDB
WPVulnDB
added 2024/01/01 12:0 a.m.20 views

Meris <= 1.1.2 - Reflected XSS

Description The theme does not sanitise and escape some parameters before outputting them back in the page, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin PoC...

6.1CVSS8.5AI score0.00331EPSS
Exploits1
WPVulnDB
WPVulnDB
added 2023/12/26 12:0 a.m.20 views

FOX – Currency Switcher Professional for WooCommerce < 1.4.1.7 - Subscriber+ Stored XSS

Description The plugin does not sanitise and escape its currency options parameters, which could allow any authenticated users, such as subscribers to perform Stored Cross-Site Scripting attacks...

5.4CVSS5.7AI score0.00416EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/12/23 12:0 a.m.20 views

Insert or Embed Articulate Content into WordPress < 4.3000000023 - Contributor+ Stored XSS

Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

6.5CVSS5.9AI score0.00309EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/12/21 12:0 a.m.20 views

JSM file_get_contents() Shortcode < 2.7.1 - Contributor+ SSRF

Description The plugin does not validate one of its shortcode's parameters before making a request to it, which could allow users with contributor role and above to perform SSRF attacks. PoC wpfgc url="http://127.0.0.1:8084"...

8.8CVSS6.5AI score0.00694EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2023/12/18 12:0 a.m.20 views

Essential Real Estate < 4.4.0 - Subscriber+ Arbitrary File Upload

Description The plugin does not prevent users with limited privileges on the site, like subscribers, from momentarily uploading malicious PHP files disguised as ZIP archives, which may lead to remote code execution. PoC from io import BytesIO import requests import zipfile import sys import re if...

8.8CVSS9AI score0.01095EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2023/12/12 12:0 a.m.20 views

Maspik – Spam blacklist < 0.10.4 - IP Validation Bypass

Description The plugin does not properly validates IP addresses, allowing unauthenticated attackers to bypass IP-based restrictions...

7.2AI score0.0035EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/12/12 12:0 a.m.20 views

Prime Mover < 1.9.3 - Directory Listing to Sensitive Data Exposure

Description The plugin does not prevent directory listing in sensitive directories containing export files. PoC http://127.0.0.1/wordpress/wp-content/uploads/prime-mover-export-files/1/ 0 Go to packages and crate new If there is no backup now 1 Go to this URL manualy 2 Use Exploit...

7.5CVSS6.4AI score0.39867EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/12/11 12:0 a.m.20 views

Spectra < 2.7.10 - Contributor+ Stored XSS

Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

6.5CVSS5.8AI score0.0056EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/12/09 12:0 a.m.20 views

Genesis Simple Love <= 2.0 - Unauthenticated PHP Object Injection

Description The Genesis Simple Love plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.0 via deserialization of untrusted input. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present in the...

10CVSS7.3AI score0.00727EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2023/12/09 12:0 a.m.20 views

Smart External Link Click Monitor [Link Log] <= 5.0.2 - Authenticated (Administrator+) Stored Cross-Site Scripting

Description The Smart External Link Click Monitor Link Log plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 5.0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attacker...

5.9CVSS5.9AI score0.00394EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2023/12/09 12:0 a.m.20 views

Ultimate Addons for Contact Form 7 < 3.2.1 - Reflected Cross-Site Scripting

Description The Ultimate Addons for Contact Form 7 plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in versions up to, and including, 3.2.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers...

7.1CVSS6.3AI score0.00403EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/12/09 12:0 a.m.20 views

Product Enquiry for WooCommerce < 3.1 - Cross-Site Request Forgery

Description The Product Enquiry for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.0. This is due to missing or incorrect nonce validation on the processbulkaction function. This makes it possible for unauthenticated attackers to...

8.8CVSS8.4AI score0.0027EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/12/09 12:0 a.m.20 views

Webflow Pages <= 1.0.8 - Missing Authorization

Description The Webflow Pages plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on an unknown function in versions up to, and including, 1.0.8. This makes it possible for unauthenticated attackers to perform an unauthorized action...

7AI score0.00497EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2023/12/08 12:0 a.m.20 views

List all posts by Authors, nested Categories and Title < 2.8.3 - CSRF

Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...

7.1CVSS6.5AI score0.00407EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/12/08 12:0 a.m.20 views

Client Dash <= 2.2.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via settings

Description The Client Dash plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...

6.1CVSS5.9AI score0.00941EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2023/12/08 12:0 a.m.20 views

Track Geolocation Of Users Using Contact Form 7 <= 1.4 - Authenticated (Administrator+) Stored Cross-Site Scripting

Description The Track Geolocation Of Users Using Contact Form 7 plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

5.9CVSS5.5AI score0.00386EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2023/12/08 12:0 a.m.20 views

Affiliate Booster < 3.0.6 - Blocks Enabling/Disabling via CSRF

Description The plugin is vulnerable to Cross-Site Request Forgery due to missing or incorrect nonce validation on the processbulkaction function. This makes it possible for unauthenticated attackers to enable or disable all blocks via a forged request granted they can trick a site administrator...

8.8CVSS8.5AI score0.0028EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/12/08 12:0 a.m.20 views

which template file < 5.1.0 - Reflected XSS

Description The plugin does not sanitise and escape the page parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

7.1CVSS6.1AI score0.00412EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/12/07 12:0 a.m.20 views

CF7 Google Sheets Connector < 5.0.6 - Unauthenticated Sensitive Information Exposure via Debug Log

Description The CF7 Google Sheets Connector plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.0.5 via the debug log functionality in google-sheet-connector.php. This makes it possible for unauthenticated attackers to extract sensitive dat...

7.5CVSS6.4AI score0.0052EPSS
Exploits0References1Affected Software1
Total number of security vulnerabilities5000