Lucene search
K
WpvulndbMost viewed

14602 matches found

WPVulnDB
WPVulnDB
•added 2023/09/07 12:0 a.m.•20 views

WordPress Social Login <= 3.0.4 - Contributor+ Stored XSS

Description The plugin does not validate and escape some of its wordpresssocialloginmeta shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

6.4CVSS5.6AI score0.00359EPSS
Exploits0
WPVulnDB
WPVulnDB
•added 2023/08/14 12:0 a.m.•20 views

Multiple Themes - Reflected XSS

Description The themes suffer from the same issue about the search box reflecting the results causing XSS which allows an unauthenticated attacker to exploit against users if they click a malicious link. PoC https://example.com/?s=katana/asd/...

6.1CVSS6.1AI score0.00972EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2023/08/10 12:0 a.m.•20 views

Store Locator WordPress < 1.4.13 - Reflected XSS

Description The plugin does not sanitise and escape an invalid nonce before outputting it back in an AJAX response, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin PoC Make a logged in admin open the URL below...

6.1CVSS6AI score0.00645EPSS
Exploits1Affected Software1
WPVulnDB
WPVulnDB
•added 2023/08/08 12:0 a.m.•20 views

WPBulky < 1.0.10 - Contributor+ Stored Cross-Site Scripting

Description The plugin does not properly sanitize user input via its sanitize function, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

6.5CVSS5.7AI score0.0031EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2023/08/07 12:0 a.m.•20 views

WP Ultimate CSV Importer < 7.9.9 - Author+ RCE

Description The plugin does not validate imported files, which could allow authors and above roles who have been granted access to the plugin settings to perform RCE...

8.8CVSS6.6AI score0.01239EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2023/07/27 12:0 a.m.•20 views

InstaWP Connect < 0.0.9.19 - Unauthenticated Data Modification

Description The plugin does not have authorisation check in its eventsreceiver function, allowing unauthenticated users to create/update/delete posts/taxonomy, install/activate/deactivate plugin, update the customizer settings as well as create/update/delete arbitrary users...

9.8CVSS6.6AI score0.00758EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2023/07/24 12:0 a.m.•20 views

Ultimate Addons for Contact Form 7 < 3.1.29 - Reflected XSS

Description The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. PoC 1. Ensure Contact Form 7 is installed, along with this plugin 2. Visit Contact...

6.1CVSS6AI score0.00482EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2023/07/18 12:0 a.m.•20 views

Royal Elementor Addons < 1.3.71 - Unauthenticated API Key Disclosure

Description The plugin discloses the MailChimp API key in pages with the MailChimp block, allowing unauthenticated users to obtain such key...

5.3CVSS6.3AI score0.00579EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2023/07/17 12:0 a.m.•20 views

MultiParcels Shipping For WooCommerce < 1.14.14 - Subscriber+ Arbitrary Shipment Deletion

Description The plugin does not have authorisation when deleting shipment, allowing any authenticated users, such as subscriber to delete arbitrary shipment PoC Login as a subscriber an open https://example.com/wp-admin/admin-post.php?action=multiparcelsdeleteshipping=1 to delete the shipment wit...

8.1CVSS8AI score0.00592EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2023/07/11 12:0 a.m.•20 views

Advanced Flat rate shipping Woocommerce < 1.6.4.6 - Cross-Site Request Forgery

Cross-Site Request Forgery CSRF vulnerability in PI Websolution Conditional shipping & Advanced Flat rate shipping rates / Flexible shipping for WooCommerce shipping plugin = 1.6.4.4 versions...

8.8CVSS6.9AI score0.00246EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2023/07/11 12:0 a.m.•20 views

Shortcode IMDB <= 6.0.8 - Cross-Site Request Forgery

The plugin does not properly implement anti-CSRF mechanisms, making it vulnerable to potential CSRF attacks...

8.8CVSS6.8AI score0.00214EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
•added 2023/07/05 12:0 a.m.•20 views

WP Mail Log < 1.1.2 - Unauthenticated Stored Cross-Site Scripting

The plugin does not properly sanitize and escape email contents, leading to a potential Stored Cross-Site Scripting vulnerability. This issue allows for arbitrary web scripts to be injected into pages, which will execute when a user accesses an affected page...

7.2CVSS5.9AI score0.00458EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
•added 2023/06/28 12:0 a.m.•20 views

Short URL < 1.6.5 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS5.8AI score0.00405EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2023/06/26 12:0 a.m.•20 views

WooCommerce Stripe Payment Gateway < 7.4.1 - Subscriber+ Order Intent Update

The plugin does not properly restrict users from making a certain set of changes to other customers' orders. TODO: ADD link to Patchstack's post instead of H1 PoC Affected functions: createpaymentintentajax updatepaymentintentajax saveupeappearanceajax updateorderstatusajax updatefailedorderajax ...

6.4AI score0.00614EPSS
Exploits1References2Affected Software1
WPVulnDB
WPVulnDB
•added 2023/06/26 12:0 a.m.•20 views

Image Map Pro – Drag-and-drop Builder for Interactive Images – Lite < 1.0.0 - Subscriber+ Stored XSS

The plugin does not sanitize and escape reviews, which could allow users any authenticated users, such as Subscribers to perform Stored Cross-Site Scripting attacks...

6.4CVSS5.8AI score0.00352EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2023/06/26 12:0 a.m.•20 views

WooCommerce Google Sheet Connector <= 1.3.5 - Access Code Update via CSRF

The plugin does not have CSRF check when updating its Access Code, which could allow attackers to make logged in admin change the access code to an arbitrary one via a CSRF attack PoC Make a logged in admin open https://example.com/wp-admin/admin.php?page=wc-gsheetconnector-config=attacker-code...

8.8CVSS6.5AI score0.00389EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2023/06/26 12:0 a.m.•20 views

Membership Plugin - Restrict Content < 3.2.3 - Reflected XSS

The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin PoC Make a logged-in admin open a page containing the HTML code below...

6.1CVSS5.7AI score0.0042EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2023/06/22 12:0 a.m.•20 views

Event Manager for WooCommerce < 3.9.6 - Editor+ Stored Cross-Site Scripting

The plugin does not correctly sanitize user inputs, leading to potential Stored Cross-Site Scripting XSS vulnerabilities...

5.9CVSS5.7AI score0.00286EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
•added 2023/06/19 12:0 a.m.•20 views

Multiple Plugins - Cross-Site Scripting From Third-party Library

The plugins use a third-party library that removes the escaping on some HTML characters, leading to a cross-site scripting vulnerability. PoC WP-Optimize - Reflected Cross-Site Scripting 1. Go to the plugin settings and in the "Images" section check the box "Create WebP version of image". 2...

6.1CVSS4.9AI score0.01099EPSS
Exploits2Affected Software2
WPVulnDB
WPVulnDB
•added 2023/06/12 12:0 a.m.•20 views

CF7 Google Sheets Connector (Free < 5.0.2, Pro < 2.3.7) - Reflected XSS

The plugins do not escape a parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin PoC Make a logged in admin open the URL below cf7-google-sheets-connector -...

6.1CVSS7.9AI score0.00458EPSS
Exploits2Affected Software2
WPVulnDB
WPVulnDB
•added 2023/06/08 12:0 a.m.•20 views

Kanban Boards for WordPress < 2.5.21 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC 1. Go to...

4.8CVSS4.9AI score0.00548EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2023/06/05 12:0 a.m.•20 views

FormCraft Premium < 3.9.7 - Admin+ SQLi

The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin. PoC 1. View the plugin settings and intercept the request and add the payload sortOrder=ASC%2cselectfromselectsleep20a 2...

7.2CVSS9.6AI score0.0085EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2023/06/04 12:0 a.m.•20 views

WP User Switch < 1.0.3 - Subscriber+ Authentication Bypass

The plugin does not properly verify the 'wpuswhoswitch' cookie value, which allows attackers with low-privilege accounts like Subscribers to bypass authentication and login as any other existing user. PoC Log-in as a subscriber onto the affected site. Run the following JS script in your browser's...

8.8CVSS10AI score0.01357EPSS
Exploits1Affected Software1
WPVulnDB
WPVulnDB
•added 2023/06/02 12:0 a.m.•20 views

Page Builder by AZEXO <= 1.27.133 - Cross-Site Request Forgery (CSRF)

The plugin does not protect the ajax actions azhaddpost, azhduplicatepost, azhupdatepost and azhremovepost against CSRF attacks, allowing an unauthenticated attacker to add, modify and delete posts by tricking a logged in user to submit a crafted request...

8.8CVSS6.8AI score0.00317EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
•added 2023/05/25 12:0 a.m.•20 views

IP Metaboxes <= 2.1.1 - Unauthenticated Reflected XSS

The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

7.1CVSS10AI score0.00382EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2023/05/24 12:0 a.m.•20 views

Upload Resume <= 1.2.0 - Captcha Bypass

The plugin does not validate the captcha parameter when uploading a resume via the resumeuploadform shortcode, allowing unauthenticated visitors to upload arbitrary media files to the site. PoC The PoC will be displayed once the issue has been remediated...

5.3CVSS7.2AI score0.0051EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2023/05/24 12:0 a.m.•20 views

Booking Ultra Pro < 1.1.7 - Cross-Site Request Forgery

The plugin does not have CSRF checks in some places, which could allow attackers to make logged-in users perform unwanted actions via CSRF attacks. The original researcher didn't provide enough information on which actions could be performed...

8.8CVSS8.2AI score0.00256EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2023/05/22 12:0 a.m.•20 views

WIP Custom Login < 1.3.0 - Cross-Site Request Forgery (CSRF)

The plugin does not protect some of its actions against CSRF attacks, allowing an unauthenticated attacker to perform actions on their behalf by tricking a logged in user to submit a crafted request...

8.8CVSS6.8AI score0.00256EPSS
Exploits0References2Affected Software1
WPVulnDB
WPVulnDB
•added 2023/05/11 12:0 a.m.•20 views

10WebSocial < 1.2.9 - Reflected XSS

The plugin does not sanitise and escape some parameter before outputting it back in a page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin PoC Make a logged in admin open a page with the code below The XSS will be triggered when pressing...

6.1CVSS8.2AI score0.00458EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2023/05/11 12:0 a.m.•20 views

Slimstat Analytics < 5.0.5 - Admin+ SQLi

The plugin does not sanitise and escape the misclimitresults parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin...

7.4AI score0.00517EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2023/05/09 12:0 a.m.•20 views

Ultimate Addons for Contact Form 7 < 3.1.24 - Unauthenticated SQLi

The plugin does not properly sanitise and escape the id and formid parameters before using them in a SQL statement, leading to a SQL injection exploitable by unauthenticated users...

8AI score0.00652EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2023/04/25 12:0 a.m.•20 views

Shield Security < 17.0.18 - Subscriber+ Arbitrary Log Entry Creation

The plugin does not have authorisation in the theme-plugin-file AJAX action, allowing any authenticated users, such as subscriber to call it and add arbitrary audit log entries, which could also lead to Stored XSS due to the lack of escaping of some entry metadata...

4.3CVSS6.2AI score0.0055EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
•added 2023/04/19 12:0 a.m.•20 views

WP-dTree <= 4.4.5 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5.9CVSS5.7AI score0.00392EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2023/04/19 12:0 a.m.•20 views

Easy Ad Manager <= 1.0.0 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5.9CVSS5.7AI score0.00392EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2023/04/19 12:0 a.m.•20 views

WP Original Media Path < 2.4.1 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5.9CVSS5.7AI score0.00392EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2023/04/12 12:0 a.m.•20 views

UserPlus <= 2.0 - Stored XSS via CSRF

The plugin does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged-in admin add Stored XSS payloads via a CSRF attack. PoC Open the .html file where the admin user is logged in - Go to...

8.7AI score0.00319EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2023/04/12 12:0 a.m.•20 views

hiWeb Migration Simple <= 2.0.0.1 Reflected Cross-Site Scripting

The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high-privilege users such as admins. The hiweb-migration-simple plugin is vulnerable to POST based XSS on endpoint...

8.5AI score0.00476EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2023/04/12 12:0 a.m.•20 views

ChatBot < 4.4.9 - Unauthenticated Stored XSS

The plugin does not have authorisation and CSRF in a function hooked to init, allowing unauthenticated users to update some settings, leading to Stored XSS due to the lack of escaping when outputting them in the admin dashboard PoC curl -X POST --data 'qcbotstrweight=" style=animation-name:rotati...

6.1CVSS5.8AI score0.00269EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2023/04/11 12:0 a.m.•20 views

PowerPress < 10.0.2 - Contributor+ Stored Cross-Site Scripting

The plugin does not properly sanitize and escape user-supplied attributes in its shortcodes, leading to a Stored Cross-Site Scripting vulnerability...

5.4CVSS5.9AI score0.00529EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
•added 2023/04/10 12:0 a.m.•20 views

SEOPress < 6.5.0.3 - Admin+ PHP Object Injection

The plugin unserializes user input provided via the settings, which could allow high-privilege users such as admin to perform PHP Object Injection when a suitable gadget is present. PoC To simulate a gadget chain, put the following code in a plugin: class Evil public function wakeup : void...

7.2CVSS6.5AI score0.18505EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2023/04/07 12:0 a.m.•20 views

Comments Ratings < 1.1.7 - Cross-Site Request Forgery

The plugin does not properly validate requests use nonces, leading to a potential Cross-Site Request Forgery vulnerability...

8.8CVSS6.8AI score0.00256EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
•added 2023/04/06 12:0 a.m.•20 views

IMPress Listings <= 2.6.2 - Contributor+ Stored XSS

The plugin does not sanitise and escape some parameters, which could allow users with a role as low as Contributor to perform Cross-Site Scripting attacks...

6.5CVSS6.1AI score0.00361EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2023/04/05 12:0 a.m.•20 views

Site Reviews < 6.7.1 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. PoC 1. Login as Admin. 2. Go to...

4.8CVSS8.7AI score0.00501EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2023/04/05 12:0 a.m.•20 views

WCFM Membership < 2.10.1 - Unauthenticated AJAX Calls

The plugin does not have authorisation in various AJAX actions, allowing unauthenticated attackers to call them and modify membership details/renewal information etc...

7.3CVSS7.1AI score0.01084EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2023/04/03 12:0 a.m.•20 views

Steveas WP Live Chat Shoutbox <= 1.4.2 - Unauthenticated Stored XSS

The plugin does not sanitise and escape a parameter before outputting it back in the Shoutbox, leading to Stored Cross-Site Scripting which could be used against high privilege users such as admins. PoC On a clean Wordpress on localhost: 1. Modify the Shoutboxalias cookie with a value such as 2...

6.1CVSS5.9AI score0.00458EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2023/04/01 12:0 a.m.•20 views

Weaver Show Posts < 1.7 - Contributor+ Stored Cross-Site Scripting

The plugin does not properly escape the profile display name, leading to stored Cross-Site Scripting vulnerabilities...

6.4CVSS6AI score0.00508EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
•added 2023/03/27 12:0 a.m.•20 views

Photo Gallery by 10Web < 1.8.15 - Admin+ Path Traversal

- The plugin did not ensure that uploaded files are kept inside its uploads folder, allowing high privilege users to put images anywhere in the filesystem via a path traversal vector. - Path Traversal Vulnerabillity also allows listing the entire folder & image file in the system. PoC - The...

4.9CVSS5.3AI score0.00783EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2023/03/22 12:0 a.m.•20 views

Pricing Tables For WPBakery Page Builder < 3.0 - Subscriber+ LFI

The plugin does not validate some shortcode attributes before using them to generate paths passed to include function/s, allowing any authenticated users such as subscriber to perform LFI attacks PoC Run the below command in the developer console of the web browser while being on the blog as a...

6.5CVSS6.6AI score0.009EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2023/03/22 12:0 a.m.•20 views

Events Made Easy <= 2.3.14 - Subscriber+ SQLi

The plugin does not properly sanitise and escape the searchname parameter before using it in a SQL statement via the emerecurrenceslist AJAX action, leading to a SQL injection exploitable by any authenticated users, such as subscriber PoC Open the URL below while being on the blog as subscriber...

8.8CVSS9AI score0.00872EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
•added 2023/03/22 12:0 a.m.•20 views

MDTF < 1.3.1 - Reflected XSS

The plugin does not sanitise and escape the taxname parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin PoC Make a logged in admin open...

5.4CVSS5.5AI score0.00441EPSS
Exploits2References1Affected Software1
Total number of security vulnerabilities5000