Lucene search
K
WpvulndbMost viewed

14602 matches found

WPVulnDB
WPVulnDB
added 2022/11/16 12:0 a.m.20 views

Directorist < 7.4.2.2 - Subscriber+ Arbitrary User Password Update via IDOR

The plugin suffers from an IDOR vulnerability which an attacker can exploit to change the password of arbitrary users instead of his own. PoC The following Python script automates the exploitation of this vulnerability. The script was tested on an installation of WordPress 6.1 with the vulnerable...

6.5CVSS0.00606EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/11/14 12:0 a.m.20 views

Transposh WordPress Translation <= 1.0.8 - Settings Update via Authorization Bypass

The plugin does not properly check for its "Who can translate" settings when the auto translate is enabled which is the default, which could allow unauthenticated attackers to update settings...

7.5CVSS5.3AI score0.01369EPSS
Exploits4Affected Software1
WPVulnDB
WPVulnDB
added 2022/11/14 12:0 a.m.20 views

TeraWallet - For WooCommerce < 1.4.4 - Subscriber+ Arbitrary Wallet Lock/Unlock via IDOR

The plugin does not ensure that the wallet to lock/unlock belongs to the user making the request, allowing any authenticated users, such as subscriber to lock/unlock arbitrary wallets via an IDOR attack...

4.3CVSS5.1AI score0.00556EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2022/11/14 12:0 a.m.20 views

WP Affiliate Platform < 6.4.0 - Reflected Cross-Site Scripting

The plugin does not escape the $SERVER'REQUESTURI' parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers...

6.1CVSS3.4AI score0.0058EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2022/11/11 12:0 a.m.20 views

Broken Link Checker < 1.11.20 - Admin+ Cross-Site Scripting

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC Put the following payload in the Youtube API K...

4.8CVSS2AI score0.00506EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/11/01 12:0 a.m.20 views

WatchTowerHQ < 3.6.16 - Unauthenticated Arbitrary File Access

The plugin does properly check for the access token in its REST API endpoints, which could allow unauthenticated attackers to call them and download arbitrary files...

7.5CVSS4.6AI score0.007EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2022/10/31 12:0 a.m.20 views

Booster for WooCommerce - Checkout Files Deletion via CSRF

The plugins do not have CSRF check in place when deleting files uploaded at the checkout, allowing attackers to make a logged in shop manager or admin delete them via a CSRF attack PoC Requirements: - Enable the "Checkout File Upload" module of the plugin...

8.1CVSS0.5AI score0.00371EPSS
Exploits2Affected Software3
WPVulnDB
WPVulnDB
added 2022/10/28 12:0 a.m.20 views

Creative Mail < 1.6.0 - Settings Reset via CSRF

The plugin does not have CSRF check when resetting its settings, which could allow attackers to make logged in admins perform such action via a CSRF attack...

8.8CVSS4.7AI score0.00707EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2022/10/24 12:0 a.m.20 views

IP Blacklist Cloud Plugin <= 5.00 - Admin+ SQLi

The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin...

9.1CVSS2.2AI score0.00723EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2022/10/17 12:0 a.m.20 views

Role Based Pricing for WooCommerce < 1.6.3 - Subscriber+ PHAR Deserialization

The plugin does not have authorisation and proper CSRF checks, as well as does not validate path given via user input, allowing any authenticated users like subscriber to perform PHAR deserialization attacks when they can upload a file, and a suitable gadget chain is present on the blog PoC As a...

8.8CVSS0.9AI score0.00511EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/10/13 12:0 a.m.20 views

Page View Count < 2.5.6 - Settings Reset via CSRF

The plugin does not have CSRF check in place when resetting its settings, which could allow attackers to make a logged in admin reset them via a CSRF attack...

5.4CVSS4.6AI score0.00243EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2022/10/03 12:0 a.m.20 views

Anti-Spam by CleanTalk < 5.185.1 - Admin+ SQLi

The plugin does not validate ids before using them in a SQL statement, which could lead to SQL injection exploitable by high privilege users such as admin PoC When deleting a scan logs /edit-comments.php?page=ctcheckspamlogs, intercept the request and change the spamids parameter to...

7.2CVSS0.2AI score0.01015EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/09/29 12:0 a.m.20 views

AdminPad < 2.2 - Note Update via CSRF

The plugin does not have CSRF check when updating admin's note, allowing attackers to make a logged in admin update their notes via a CSRF attack PoC Notes are displayed in the Dashboard /wp-admin/index.php...

6.5CVSS4.8AI score0.00337EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/09/15 12:0 a.m.20 views

SearchWP Live Ajax Search < 1.6.3 - Unauthenticated Local File Inclusion

The plugin does not validate the swpengine parameter of the searchwplivesearch AJAX action, which could allow unauthenticated attackers to perform Local File Inclusion attack via a Path Traversal vector on web server running IIS...

4.6AI score
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2022/09/08 12:0 a.m.20 views

Zephyr Project Manager < 3.2.55 - Unauthorised AJAX Calls To Stored XSS

The plugin does not have any authorisation as well as CSRF in all its AJAX actions, allowing unauthenticated users to call them either directly or via CSRF attacks. Furthermore, due to the lack of sanitisation and escaping, it could also allow them to perform Stored Cross-Site Scripting attacks...

5.4CVSS2.1AI score0.00381EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/09/08 12:0 a.m.20 views

Contact Form By Mega Forms < 1.2.5 - Subscriber+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some parameters, which could allow users with a role as low as subscriber to perform Stored Cross-Site Scripting attacks...

5.4CVSS3.5AI score0.00438EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2022/09/05 12:0 a.m.20 views

Download Manager < 3.2.55 - Admin+ Arbitrary File/Folder Access via Path Traversal

The plugin does not validate one of its settings, which could allow high privilege users such as admin to list and read arbitrary files and folders outside of the blog directory PoC 1. Navigate to settings page /wp-admin/edit.php?posttype=wpdmpro=settings 2. In the “File Browser Root:” setting,...

4.9CVSS3.5AI score0.01329EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/09/05 12:0 a.m.20 views

Post SMTP < 2.1.7 - Admin+ Blind SSRF

The plugin does not have proper authorisation in some AJAX actions, which could allow high privilege users such as admin to perform blind SSRF on multisite installations for example. PoC Navigate to https://example.com/wp-admin/admin.php?page=postman%2Fporttest Inside "Outgoing Mail Server...

7.2CVSS6.9AI score0.01039EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/08/29 12:0 a.m.20 views

Beaver Builder < 2.5.5.3 - Authenticated Stored XSS via Image URL

The plugin does not sanitise and escape the Image URL field of the Media block, which could allow users with access to the plugin's editor to perform Cross-Site Scripting attacks...

6.4CVSS2.9AI score0.00457EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2022/08/25 12:0 a.m.20 views

Poll, Survey, Questionnaire and Voting system <= 1.7.4 - Admin+ Stored XSS

The plugin does not sanitise and escape some parameters, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS2.7AI score0.00449EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2022/08/24 12:0 a.m.20 views

59sec LITE <= 3.4.1 - Unauthenticated Settings Update

Description The plugin does not have any authorisation in place when updating its settings, allowing unauthenticated attackers to do so...

6.5CVSS5.5AI score0.00547EPSS
Exploits0
WPVulnDB
WPVulnDB
added 2022/08/22 12:0 a.m.20 views

Classima < 2.1.11 - Reflected Cross-Site Scripting

The theme and some of its required plugins do not escape a parameter before outputting it back in attributes, leading to Reflected Cross-Site Scripting PoC https://example.com/all-ads/?q="+onmouseover%3Dalert%281%29+id%3Dx+tabindex%3D0+style%3Ddisplay%3Ablock The XSS will be triggered when the us...

6.1CVSS0.4AI score0.00491EPSS
Exploits2Affected Software5
WPVulnDB
WPVulnDB
added 2022/08/17 12:0 a.m.20 views

Titan Anti-spam & Security < 7.3.1 - Protection Bypass due to IP Spoofing

The plugin does not properly checks HTTP headers in order to validate the origin IP address, allowing threat actors to bypass it's block feature by spoofing the headers. PoC The function wantispampgetip is vulnerable to IP spoofing because of the general usage of $SERVER'HTTPXFORWARDEDFOR' curl -...

5.3CVSS1.3AI score0.00615EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/08/15 12:0 a.m.20 views

Multivendor Marketplace Solution for WooCommerce < 3.8.12 - Unauthorised AJAX Calls

The plugin is lacking authorisation and CSRF in multiple AJAX actions, which could allow any authenticated users, such as subscriber to call them and suspend vendors reporter by the submitter or update arbitrary order status identified by WPScan when verifying the issue for example. Other...

4.3CVSS3.5AI score0.00275EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/08/15 12:0 a.m.20 views

Multivendor Marketplace Solution for WooCommerce < 3.8.12 - Unauthenticated LFI

The plugin does not validate and sanitise a parameter before using it to include a file via an AJAX action available to both unauthenticated and authenticated users, which could lead to Local File Inclusion PoC POST /wp-admin/admin-ajax.php HTTP/1.1 Accept:...

2.9AI score
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2022/08/12 12:0 a.m.20 views

Alpine PhotoTile for Pinterest <= 1.3.1 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5.4CVSS2.6AI score0.00504EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2022/08/08 12:0 a.m.20 views

JoomSport < 5.2.6 - Admin+ SQLi

The plugin does not properly escape the orderby parameter before using it in multiple SQL statement, which could allow high privilege users to perform SQL injection...

7.2CVSS3.3AI score0.01172EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2022/08/03 12:0 a.m.20 views

MailChimp for Woocommerce < 2.7.2 - Admin+ SSRF

The plugin has an AJAX action that allows high privilege users to perform a POST request on behalf of the server to the internal network/LAN, the body of the request is also appended to the response so it can be used to scan private network for example PoC As an admin:...

2.7CVSS0.7AI score0.00632EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/08/02 12:0 a.m.20 views

MaxButtons < 9.3 - Arbitrary Settings Update via CSRF

The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

8.8CVSS5.7AI score0.00334EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2022/08/01 12:0 a.m.20 views

Download Manager < 3.2.50 - Bypass IP Address Blocking Restriction

The plugin prioritizes getting a visitor's IP from certain HTTP headers over PHP's REMOTEADDR, which makes it possible to bypass IP-based download blocking restrictions. PoC When downloading a file, add an X-Forwarded-For header that contains a random IP address to your request...

7.5CVSS1.8AI score0.00958EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/07/22 12:0 a.m.20 views

Stockists Manager for Woocommerce <= 1.0.2.1 - Stored Cross-Site Scripting via CSRF

The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack. Furthermore, due to the lack of sanitisation and escaping, it could also lead to Stored Cross-Site Scripting issues...

8.8CVSS4.7AI score0.00444EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2022/07/21 12:0 a.m.20 views

GREYD.SUITE < 1.2.7 - Unauthenticated File Upload to RCE

The plugin does not properly validate uploaded custom font packages, and does not perform any authorization or csrf checks, allowing an unauthenticated attacker to upload arbitrary files including php source files, leading to possible remote code execution RCE. Version 1.2.5 added CSRF checks PoC...

9.8CVSS2.2AI score0.01896EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/07/20 12:0 a.m.20 views

Duplicate Page and Post Plugin < 2.8 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. PoC Put the following payload in the "Duplicate Post Suffix" or "Duplicate Link Text" settings: "...

4.8CVSS1.9AI score0.00493EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/07/18 12:0 a.m.20 views

Website File Changes Monitor < 1.8.3 - Admin+ SQLi

The plugin does not sanitise and escape user input before using it in a SQL statement via an action available to users with the manageoptions capability by default admins, leading to an SQL injection PoC A user with manageoptions permission can exploit the vulnerability with the following request...

9.8CVSS9.6AI score0.01026EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/07/18 12:0 a.m.20 views

Better Tag Cloud <= 0.99.5 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfilteredhtml capability is disallowed for example in multisite setup PoC Put the following payload in any text field setting...

4.8CVSS1.6AI score0.00493EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/07/11 12:0 a.m.20 views

YaySMTP < 2.2.1 - Subscriber+ Logs Disclosure

The plugin does not have capability check in an AJAX action, allowing any logged in users, such as subscriber to view the Logs of the plugin PoC @author : 0xshdax Rafshanzani Suhada @usage : python3 script.py http://localhost import requests, sys, re, json Setup here url = sys.argv1 headers =...

4.3CVSS4.6AI score0.00605EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/07/11 12:0 a.m.20 views

Featured Image from URL < 4.0.0 - Arbitrary Settings Update to Stored XSS via CSRF

The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack. Furthermore, due to the lack of validation, sanitisation and escaping in some of them, it could also lead to Stored XSS issues PoC All...

6.1CVSS3.2AI score0.00529EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/07/04 12:0 a.m.20 views

Header Footer Code Manager < 1.1.24 - Reflected Cross-Site Scripting

The plugin does not escape generated URLs before outputting them back in attributes in an admin page, leading to a Reflected Cross-Site Scripting. PoC https://example.com/wp-admin/admin.php?page=hfcm-list&'...

6.1CVSS0.3AI score0.01072EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/06/28 12:0 a.m.20 views

WP Meta SEO < 4.4.9 - Social Settings Update via CSRF

The plugin does not have CSRF check in place when updating its social settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

5.4CVSS4.1AI score0.00273EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2022/06/27 12:0 a.m.20 views

Download Manager < 3.2.44 - Reflected Cross-Site Scripting

The plugin does not escape a generated URL before outputting it back in an attribute of the history dashboard, leading to Reflected Cross-Site Scripting PoC https://example.com/wp-admin/edit.php?posttype=wpdmpro=wpdm-stats=historyids=1&"...

6.1CVSS0.2AI score0.0106EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/06/27 12:0 a.m.20 views

Advanced Database Cleaner < 3.1.1 - Reflected Cross-Site Scripting

The plugin does not escape numerous generated URLs before outputting them back in href attributes of admin dashboard pages, leading to Reflected Cross-Site Scripting PoC https://example.com/wp-admin/admin.php?page=advanceddbcleanertab=croncat=all&" Other pages are affected...

6.1CVSS0.7AI score0.00661EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/06/27 12:0 a.m.20 views

miniOrange's Google Authenticator < 5.5.75 - Reflected Cross-Site Scripting

The plugin does not escape some URLs before outputting them back in attributes, leading to Reflected Cross-Site Scripting PoC https://example.com/wp-admin/admin.php?page=mo2fatwofa"...

0.3AI score
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2022/06/15 12:0 a.m.20 views

Pagebar < 2.70 - Arbitrary Settings Update via CSRF to Stored XSS

The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack. Furthermore, due to the lack of sanitisation in some of them, it could also lead to Stored XSS issues PoC...

5.4CVSS4.6AI score0.00331EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/06/13 12:0 a.m.20 views

Gallery < 2.0.0 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape a parameter before outputting it back in the response of an AJAX action available to both unauthenticated and authenticated users, leading to a Reflected Cross-Site Scripting issue PoC...

6.1CVSS0.5AI score0.01626EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/06/10 12:0 a.m.20 views

Ninja Forms < 3.6.10 - Admin+ Stored Cross-Site Scripting via Import

The plugin does not sanitize and escape some imported data, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. PoC - Make a test form and then export it to your system. - Edit the file and enter an XSS payload like "...

4.8CVSS3.5AI score0.00552EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/06/06 12:0 a.m.20 views

miniOrange's Google Authenticator < 5.5.6 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its settings, leading to malicious users with administrator privileges to store malicious Javascript code leading to Cross-Site Scripting attacks when unfilteredhtml is disallowed for example in multisite setup PoC Enable 2FA + Website Security and...

4.8CVSS4.9AI score0.00553EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/06/02 12:0 a.m.20 views

WP Ultimate CSV Importer < 6.5.3 - Admin+ Blind SSRF

The plugin does not fully validate the file to be imported via an URL before making an HTTP request to it, which could allow high privilege users such as admin to perform Blind SSRF attacks PoC Put an internal/LAN URL such as below in the file upload by URL function https://127.0.0.1:8080...

7.2CVSS2.8AI score0.0126EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/05/30 12:0 a.m.20 views

Newsletter < 7.4.6 - Admin+ Stored Cross-Site Scripting

The plugin does not escape and sanitise the preheadertext setting, which could allow high privilege users to perform Stored Cross-Site Scripting attacks when the unfilteredhtml is disallowed PoC Go to Newsletters of Newsletter at wordpress admin panel eg...

4.8CVSS0.6AI score0.00565EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/05/30 12:0 a.m.20 views

Google XML Sitemaps < 4.1.3 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape a settings before outputting it in the Debug page, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC Put the following payload in the "Try ...

4.8CVSS0.00565EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/05/23 12:0 a.m.20 views

Quick Subscribe <= 1.7.1 - Arbitrary Settings Update via CSRF to Stored XSS

The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and leading to Stored XSS due to the lack of sanitisation and escaping in some of them PoC...

5.4CVSS4.3AI score0.00292EPSS
Exploits2Affected Software1
Total number of security vulnerabilities5000