Lucene search
K
WpvulndbMost viewed

14602 matches found

WPVulnDB
WPVulnDB
added 2023/12/07 12:0 a.m.20 views

Coming soon and Maintenance mode <= 3.7.3 - IP Address Spoofing via get_real_ip

Description The Coming soon and Maintenance mode plugin for WordPress is vulnerable to IP Address Spoofing in all versions up to, and including, 3.7.3 due to the use of user-supplied HTTP headers as a primary method for IP retrieval. This makes it possible for attackers to bypass the coming soon...

6.3AI score0.0034EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2023/11/28 12:0 a.m.20 views

Broken Link Checker for YouTube <= 1.3 - Cross-Site Request Forgery via plugin_settings_page()

Description The Broken Link Checker for YouTube plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3. This is due to missing or incorrect nonce validation on the pluginsettingspage function. This makes it possible for unauthenticated attackers to...

8.8CVSS6.6AI score0.00256EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2023/11/28 12:0 a.m.20 views

WP Crowdfunding < 2.1.8 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC 1. Add a campaign and for the...

4.8CVSS5.4AI score0.00451EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/24 12:0 a.m.20 views

Drag and Drop Multiple File Upload - Contact Form 7 < 1.3.7.4 - Unauthenticated Arbitrary File Upload

Description The Drag and Drop Multiple File Upload - Contact Form 7 plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'dnduploadcf7upload' function in versions up to, and including, 1.3.7.3. This makes it possible for unauthenticated...

9.8CVSS8.3AI score0.01793EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/24 12:0 a.m.20 views

WooCommerce Canada Post Shipping < 2.8.4 - Cross-Site Request Forgery

Description The WooCommerce Canada Post Shipping plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.8.3. This is due to missing or incorrect nonce validation on one of its functions. This makes it possible for unauthenticated attackers to invoke...

8.8CVSS6.7AI score0.00261EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/24 12:0 a.m.20 views

Theme My Login 2FA < 1.2 - Lack of Rate Limiting

Description The plugin does not rate limit 2FA validation attempts, which may allow an attacker to brute-force all possibilities, which shouldn't be too long, as the 2FA codes are 6 digits. PoC https://packetstormsecurity.com/2309-exploits/wpmylogin-bruteforce.txt...

9.8CVSS7AI score0.00892EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/24 12:0 a.m.20 views

ProfilePress < 4.13.3 - Information Disclosure via Debug Log

Description The ProfilePress plugin for WordPress is vulnerable to Information Exposure in versions up to, and including, 4.13.2 via the unprotected access of debug logs. This makes it possible for unauthenticated attackers to retrieve the debug log which may contain information like system error...

7.5CVSS6.4AI score0.00658EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/23 12:0 a.m.20 views

Best Restaurant Menu by PriceListo <= 1.3.1 - Cross-Site Request Forgery via menu_page

Description The Best Restaurant Menu by PriceListo plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3.1. This is due to missing or incorrect nonce validation on the menupage function. This makes it possible for unauthenticated attackers to modif...

8.8CVSS6.6AI score0.00269EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2023/11/23 12:0 a.m.20 views

affiliate-toolkit – WordPress Affiliate Plugin < 3.4.0 - Open Redirect via atkpout.php

Description The affiliate-toolkit – WordPress Affiliate Plugin is vulnerable to Open Redirect in versions up to, and including, 3.3.9. This is due to insufficient validation on the redirect url supplied via the 'url' parameter in atkpout.php. This makes it possible for unauthenticated attackers t...

6.1CVSS6.9AI score0.00414EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/23 12:0 a.m.20 views

CodeBard's Patron Button and Widgets for Patreon < 2.2.0 - Cross-Site Request Forgery

Description The CodeBard's Patron Button and Widgets for Patreon plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.1.9. This is due to missing or incorrect nonce validation on one of its functions. This makes it possible for unauthenticated...

8.8CVSS6.7AI score0.00256EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/23 12:0 a.m.20 views

WP EXtra < 6.5 - Cross-Site Request Forgery ToolImport

Description The WP EXtra plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 6.4. This is due to missing or incorrect nonce validation on the ToolImport function. This makes it possible for unauthenticated attackers to change plugin settings via a...

8.8CVSS6.6AI score0.00256EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/23 12:0 a.m.20 views

Jquery news ticker < 3.1 - Authenticated (Subscriber+) SQL Injection via Shortcode

Description The Jquery news ticker plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 3.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible...

8.8CVSS7.5AI score0.00797EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/23 12:0 a.m.20 views

Funnelforms Free < 3.4.2 - Missing Authorization to Category Deletion

Description The Funnelforms Free plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the fnsfdeletecategory function in versions up to, and including, 3.4. This makes it possible for authenticated attackers, with subscriber-level permission...

4.3CVSS6.7AI score0.00403EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/23 12:0 a.m.20 views

ANAC XML Bandi di Gara <= 7.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode

Description The ANAC XML Bandi di Gara plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 7.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.5CVSS6AI score0.00386EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2023/11/23 12:0 a.m.20 views

DrawIt (draw.io) <= 1.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting

Description The DrawIt draw.io plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.1.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inje...

6.5CVSS5.9AI score0.00378EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2023/11/23 12:0 a.m.20 views

Remote Content Shortcode <= 1.5 - Authenticated(Contributor+) Local File Inclusion via shortcode

Description The Remote Content Shortcode plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 1.5 via the plugin's shortcode. This allows authenticated attackers with contributor-level privileges and above to include and execute arbitrary files on the serve...

8.1AI score0.00588EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2023/11/23 12:0 a.m.20 views

Better RSS Widget <= 2.8.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

Description The Better RSS Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.8.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to...

6.5CVSS5.9AI score0.00416EPSS
Exploits1References1
WPVulnDB
WPVulnDB
added 2023/11/23 12:0 a.m.20 views

WP ERP < 1.12.7 - Missing Authorization via admin notice dismissal

Description The WP ERP plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on multiple admin notice dismissal function in versions up to, and including, 1.12.6. This makes it possible for authenticated attackers, with subscriber-level access a...

6.7AI score0.00303EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/23 12:0 a.m.20 views

Freesoul Deactivate Plugins < 2.1.4 - Cross-Site Request Forgery via eos_dp_pro_delete_transient

Description The Freesoul Deactivate Plugins – Plugin manager and cleanup plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to 2.1.4 exclusive. This is due to missing or incorrect nonce validation on the eosdpprodeletetransient function. This makes it possible for...

6.6AI score0.00411EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/20 12:0 a.m.20 views

File Manager < 6.3 - Admin+ Arbitrary OS File/Folder Access + Path Traversal

Description The plugin does not restrict the file managers root directory, allowing an administrator to set a root outside of the WordPress root directory, giving access to system files and directories even in a multisite setup, where site administrators should not be allowed to modify the sites...

6.5CVSS9.3AI score0.0085EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/16 12:0 a.m.20 views

Additional Order Filters for WooCommerce < 1.12 - Reflected XSS

Description The plugin does not sanitise and escape the PHPSELF variable before outputting it back in an attribute in an admin page, leading to Reflected Cross-Site Scripting...

7.1CVSS6.8AI score0.00412EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/16 12:0 a.m.20 views

Easy PayPal Shopping Cart < 1.1.11 - Contributor+ Stored XSS

Description The plugin does not validate and escape some parameters, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

6.5CVSS6.1AI score0.00401EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/15 12:0 a.m.20 views

MStore API < 4.0.7 - Subscriber+ SQLi

Description The plugin does not properly sanitise and escape some parameters before using them in a SQL statement, leading to a SQL injection exploitable by any authenticated users, such as subscribers...

9.8CVSS7.6AI score0.0055EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/14 12:0 a.m.20 views

YOP Poll < 6.5.27 - Unauthenticated Vote Manipulation via Race Condition

Description The plugin is affected by a race condition, allowing unauthenticated users to vote multiple times on a poll even when it's configured to only allow one vote per person...

5.3CVSS7.1AI score0.00376EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/14 12:0 a.m.20 views

Webpushr < 4.35.0 - LFI via CSRF

Description The plugin does not have CSRF check in its wppsavesettings function, and does not validate the menu parameter, allowing attackers to make logged in users admins perform LFI attacks via CSRF...

8.8CVSS7AI score0.00316EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/13 12:0 a.m.20 views

Uploading SVG, WEBP and ICO files <= 1.2.1 - Author+ Stored XSS via SVG

Description The plugin does not sanitise uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads. PoC As an author, upload an SVG file with malicious JavaScript: Access the file through its URL to see XSS...

6.1CVSS6.1AI score0.00932EPSS
Exploits2
WPVulnDB
WPVulnDB
added 2023/11/08 12:0 a.m.20 views

IdeaPush < 8.53 - Admin+ Stored XSS

Description The plugin does not validate and escape some parameters, which could allow users with the admin role and above to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS5.6AI score0.00397EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/06 12:0 a.m.20 views

Icons Font Loader < 1.1.2.1 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Description Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in bPlugins LLC Icons Font Loader allows SQL Injection.This issue affects Icons Font Loader: from n/a through 1.1.2...

8.8CVSS7.4AI score0.00544EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/03 12:0 a.m.20 views

Ads by datafeedr.com < 1.2.0 - Unauthenticated Remote Code Execution

Description The plugin does not adequately secure the 'dfadsajaxloadads' function, leading to a potential Remote Code Execution RCE vulnerability...

9.8CVSS9.7AI score0.02196EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/03 12:0 a.m.20 views

Grid Plus < 1.3.3 - Subscriber+ Grid Layout Creation/Deletion/Update

Description The plugin does not properly implement capability checks on the 'gridplussavelayoutcallback' and 'gridplusdeletecallback' functions, leading to unauthorized creation, deletion and update of grid layout by any authenticated users, such as subscriber...

5.4CVSS5.7AI score0.00473EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/10/27 12:0 a.m.20 views

Forminator and Forminator Pro < 1.27.0 - Admin+ Stored Cross-Site Scripting

Description The plugin does not properly sanitize the redirect-url field in the form submission settings, which could allow high-privilege users such as an administrator to inject arbitrary web scripts even when the unfilteredhtml capability is disallowed for example in a multisite setup. PoC...

4.8CVSS6.9AI score0.00451EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2023/10/27 12:0 a.m.20 views

FreshMail For WordPress <= 2.3.2 - Reflected XSS

Description The plugin does not sanitise and escape some parameters before outputting them back in the page, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

6.1CVSS5.7AI score0.00288EPSS
Exploits0References2
WPVulnDB
WPVulnDB
added 2023/10/26 12:0 a.m.20 views

WP Hotel Booking < 2.0.8 - Subscriber+ Arbitrary Post Deletion

Description The plugin does not have authorisation and CSRF checks, as well as does not ensure that the package to be deleted is a package, allowing any authenticated users, such as subscriber to delete arbitrary posts PoC Run the below command in the developer console of the web browser while...

5.4CVSS7.1AI score0.00271EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2023/10/24 12:0 a.m.20 views

AI ChatBot < 4.9.1 - Cross-Site Request Forgery (CSRF)

Description The plugin does not protect some of its actions against CSRF attacks, allowing an unauthenticated attacker to perform actions on their behalf by tricking a logged in user to submit a crafted request...

5.4CVSS6.3AI score0.00206EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/10/20 12:0 a.m.20 views

Skype Legacy Buttons <= 3.1 - Contributor+ Stored XSS

Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admin...

6.4CVSS5.6AI score0.00354EPSS
Exploits0
WPVulnDB
WPVulnDB
added 2023/10/20 12:0 a.m.20 views

BEAR for WordPress < 1.1.4 - Arbitrary Settings Update via CSRF

Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...

5.4CVSS7AI score0.00273EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/10/20 12:0 a.m.20 views

Get Custom Field Values < 4.1 - Admin+ Stored XSS

Description The plugin does not validate and escape some parameters, which could allow users with the admin role and above to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5.9CVSS5.6AI score0.00316EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/10/17 12:0 a.m.20 views

Stout Google Calendar <= 1.2.3 - Arbitrary Settings Update via CSRF

Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...

8.8CVSS6.5AI score0.00214EPSS
Exploits0
WPVulnDB
WPVulnDB
added 2023/10/12 12:0 a.m.20 views

Use Memcached <= 1.0.5 - Settings Update via CSRF

Description The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

8.8CVSS6.4AI score0.00208EPSS
Exploits0
WPVulnDB
WPVulnDB
added 2023/10/11 12:0 a.m.20 views

Leadster < 1.1.3 - Settings Update via CSRF

Description The plugin does not have CSRF check in place when updating its Script Code setting, which could allow attackers to make a logged in admin change it via a CSRF attack...

8.8CVSS6.6AI score0.00208EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/10/10 12:0 a.m.20 views

SendPress Newsletters <= 1.23.11.6 - CSRF

Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...

8.8CVSS6.5AI score0.00211EPSS
Exploits0
WPVulnDB
WPVulnDB
added 2023/10/10 12:0 a.m.20 views

Futurio Extra < 1.9.1 - Arbitrary Plugin Activation via CSRF

Description The plugin does not have CSRF check when activating plugins, which could allow attackers to make logged in admins perform such action via a CSRF attack...

8.8CVSS6.4AI score0.00254EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/10/09 12:0 a.m.20 views

EventPrime < 3.2.0 - Reflected HTML Injection on keyword parameter

Description The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to an HTML Injection on the plugin in the search area of the website. PoC Insert '"Clickme! on the keyword search field or directly on the link...

6.1CVSS6.4AI score0.0042EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2023/10/09 12:0 a.m.20 views

E2Pdf < 1.20.20 - Admin+ Stored Cross-Site Scriping

Description The plugin does not sanitize and escape some of its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed PoC 1 Create a new template on...

4.8CVSS4.8AI score0.00402EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2023/09/28 12:0 a.m.20 views

Welcart e-Commerce < 2.8.22 - Author+ SQL Injection

Description The plugin does not properly sanitize and escape a parameter before using it in an SQL statement, leading to an SQL injection exploitable by users with a role as low as an author...

4.9CVSS7.3AI score0.00767EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/09/27 12:0 a.m.20 views

GD Security Headers < 1.7 - Reflected XSS

Description The plugin does not sanitise and escape some parameters before outputting them back in the page, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

7.1CVSS5.7AI score0.0033EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/09/25 12:0 a.m.20 views

Active Directory Integration < 4.1.10 - Unauthenticated Log Disclosure

Description The plugin stores sensitive LDAP logs in a buffer file when an administrator wants to export said logs. Unfortunately, this log file is never removed, and remains accessible to any users knowing the URL to do so. PoC This requires the plugin's Log Authentication Requests setting to be...

7.5CVSS7.9AI score0.25855EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2023/09/25 12:0 a.m.20 views

WP Job Openings < 3.4.3 - Sensitive Data Exposure via Directory Listing

Description The plugin does not block listing the contents of the directories where it stores attachments to job applications, allowing unauthenticated visitors to list and download private attachments if the autoindex feature of the web server is enabled. PoC...

5.3CVSS5.3AI score0.00541EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/09/20 12:0 a.m.20 views

Super Store Finder < 6.9.4 - Unauthenticated Email Creation/Sending

Description The Super Store Finder plugin for WordPress is vulnerable to unauthenticated arbitrary email creation and relay. This makes it possible for unauthenticated attackers to send emails utilizing the vulnerable site's server, with arbitrary content...

5.8CVSS6.7AI score0.00542EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/09/18 12:0 a.m.20 views

wp tell a friend popup form <= 7.1 - Admin+ Stored XSS

Description The plugin does not validate and escape some parameters, which could allow users with the admin role and above to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5.9CVSS5.6AI score0.0031EPSS
Exploits0
Total number of security vulnerabilities5000