Lucene search
K
WpvulndbMost viewed

14602 matches found

WPVulnDB
WPVulnDB
added 2021/04/08 12:0 a.m.43 views

WorkScout Core < 1.3.4 - Authenticated Stored XSS & XFS

The plugin, used by the WorkScout Theme did not sanitise the chat messages sent via the workscoutsendmessagechat AJAX action, leading to Stored Cross-Site Scripting and Cross-Frame Scripting issues PoC Payloads: " POST /wp-admin/admin-ajax.php HTTP/1.1 Content-Type:...

3.5CVSS1.5AI score0.00659EPSS
Exploits2References1Affected Software2
WPVulnDB
WPVulnDB
added 2020/07/09 12:0 a.m.43 views

Knight Lab Timeline < 3.7.0.0 - Outdated TimelineJS library could Lead to Stored XSS

The plugin used the TimelineJS library 3.7.0 which is affected by a stored Cross-Site Scripting issues if an attacker has write privileges on the source data used for the timeline which is stored on Google Sheets or in a JSON configuration file...

3.5CVSS1.6AI score0.0106EPSS
Exploits0References2Affected Software1
WPVulnDB
WPVulnDB
added 2020/04/30 12:0 a.m.43 views

WordPress < 5.4.1 - Authenticated Cross-Site Scripting (XSS) in File Uploads

Description Authenticated users with the capability to upload files could upload files with specially crafted names containing utf8 characters to execute JavaScript when later viewed...

8.7CVSS6.7AI score0.02092EPSS
Exploits0References5
WPVulnDB
WPVulnDB
added 2020/01/29 12:0 a.m.43 views

Elementor Page Builder < 2.8.5 - Authenticated Reflected XSS

The Elementor Website Builder WordPress plugin was affected by an Authenticated Reflected XSS security vulnerability. PoC /wp-admin/admin.php?page=elementor-system-info%22%3e%3cscript%0csrc%3d//0x7f000001%3e%3c/script%3e=1...

3.5CVSS2.3AI score0.01288EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2017/06/21 12:0 a.m.43 views

Email Before Download < 4.0 - SQL Injection

Email Before Download https://wordpress.org/plugins/email-before-download/ before version 4.0 was vulnerable to several SQL injections. An SQL escaping function was used but the escaped value was not between quotes so the attack payload does not have to use quotes and thus no escaping is done...

2AI score
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2017/05/05 12:0 a.m.43 views

WordPress 2.3-4.8.3 - Host Header Injection in Password Reset

Description Attacker may be able to set the 'From' email header in password reset emails. PoC curl -H "Host: www.evil.com" --data "userlogin=adminto=&wp-submit;=Get+New+Password" http://example.com/wp-login.php?action=lostpassword...

5.9CVSS5.9AI score0.26699EPSS
Exploits7References2
WPVulnDB
WPVulnDB
added 2016/08/20 12:0 a.m.43 views

WordPress 4.5.3 - Authenticated Denial of Service (DoS)

...

5.5CVSS3.4AI score0.38445EPSS
Exploits6References3Affected Software1
WPVulnDB
WPVulnDB
added 2014/09/16 6:19 p.m.43 views

WordPress 3.6 - 3.9.1 XXE in GetID3 Library

...

7.5CVSS1.9AI score0.04681EPSS
Exploits1References5Affected Software1
WPVulnDB
WPVulnDB
added 2014/08/01 10:58 a.m.43 views

WordPress <= 3.3.2 wp-admin/media-upload.php sensitive information disclosure or bypass

...

6.4CVSS0.9AI score0.02497EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/09 12:0 a.m.42 views

Max Mega Menu < 3.3.1 - Missing Authorization

Description The Max Mega Menu plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the sandbox function in all versions up to, and including, 3.3. This makes it possible for authenticated attackers, with subscriber-level access and above, to trigger the...

5.4CVSS6.7AI score0.00324EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/18 12:0 a.m.42 views

Click to Chat – HoliThemes < 4.0 - Contributor+ LFI

Description The plugin is vulnerable to Local File Inclusion, allowing authenticated attackers, with contributor access or above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensiti...

8.8CVSS7.6AI score0.01691EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/24 12:0 a.m.42 views

Better Search Replace < 1.4.5 - Unauthenticated PHP Object Injection

Description The plugin is vulnerable to PHP Object Injection via deserialization of untrusted input. This makes it possible for unauthenticated attackers to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed...

7.5CVSS7.1AI score0.68047EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/20 12:0 a.m.42 views

WPS Hide Login < 1.9.12 - Hidden Login Page Location Disclosure

Description The plugin is vulnerable to login page disclosure in all versions up to, and including, 1.9.11. This makes it possible for unauthenticated attackers to bypass an intended security restriction designed to prevent brute force authentication attempts on multi-site installations...

7.4AI score0.00303EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/23 12:0 a.m.42 views

WP User Frontend < 3.6.6 - Authenticated (Author+) Privilege Escalation

Description The WP User Frontend – Registration, User Profile, Membership, Content Restriction, User Directory, and Frontend Post Submission Plugin plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 3.6.5. This is due to the plugin not providing...

6.4AI score0.00635EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/04/23 12:0 a.m.42 views

AI Contact Us Form <= 1.0 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5.9CVSS4.8AI score0.00392EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2022/09/29 12:0 a.m.42 views

Media Library Assistant < 3.01 - Unauthenticated Error Log Access

The plugin does not have authorisation in place, which could allow unauthenticated attackers to access its error log if they can guess or brute force the filename...

5.3CVSS6.1AI score0.00531EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2022/03/02 12:0 a.m.42 views

Limit Login Attempts (Spam Protection) < 5.1 - Unauthenticated SQLi

The plugin does not sanitise and escape some parameters before using them in SQL statements via AJAX actions available to unauthenticated users, leading to SQL Injections PoC order and columns parameters are affected curl 'https://example.com/wp-admin/admin-ajax.php' --data...

9.8CVSS3.4AI score0.08852EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2014/08/01 10:59 a.m.42 views

Xorbin Analog Flash Clock 1.0 - Flash-based XSS

The Xorbin Analog Flash Clock WordPress plugin was affected by a Flash-based XSS security vulnerability...

4.3CVSS2.8AI score0.0245EPSS
Exploits3References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/12 12:0 a.m.41 views

Post Views Counter < 1.4.5 - Cross-Site Request Forgery via save_bulk_post_views()

Description The plugin is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.4.4. This is due to missing or incorrect nonce validation on the savebulkpostviews function. This makes it possible for unauthenticated attackers to save bulk post views via a forged request...

4.3CVSS6.7AI score0.002EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/03 12:0 a.m.41 views

LearnPress < 4.2.5.8 - Unauthenticated SQLi

Description The plugin does not properly sanitise and escape the orderby parameter before using it in a SQL statement, leading to a SQL injection exploitable by unauthenticated users...

9.8CVSS7.6AI score0.51394EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/12/08 12:0 a.m.41 views

WooCommerce Login Redirect <= 2.2.4 - Cross-Site Request Forgery

Description The WooCommerce Login Redirect plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.2.4. This is due to missing or incorrect nonce validation on one of its functions. This makes it possible for unauthenticated attackers to invoke this...

8.8CVSS6.7AI score0.0028EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2023/12/07 12:0 a.m.41 views

WP 6.4-6.4.1 - POP Chain

Description WP 6.4 introduced a PHP gadget chain. While the issue is not directly exploitable, it could be used along with a PHP unserialization for example in a plugin or theme installed on the blog to achieve RCE...

7AI score
Exploits0References1
WPVulnDB
WPVulnDB
added 2023/02/28 12:0 a.m.41 views

OoohBoi Steroids for Elementor < 2.1.5 - Subscriber+ Attachment Deletion

The plugin has CSRF and broken access control vulnerabilities which leads user with role as low as subscriber to delete attachment. PoC Exploit 1 attachment id delete: fetch'/wp-admin/admin-ajax.php', method: 'POST', headers: new Headers 'Content-Type': 'application/x-www-form-urlencoded', , body...

6.5CVSS6.9AI score0.01003EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2023/02/20 12:0 a.m.41 views

Multiple Page Generator Plugin - MPG < 3.3.10 - Multiple CSRF

The plugin does not have CSRF checks in some places for example when delving projects, toggling cache etc, which could allow attackers to make logged in admins perform unwanted actions via CSRF attacks...

8.8CVSS8.3AI score0.0026EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2022/11/04 12:0 a.m.41 views

Jeg Elementor Kit < 2.5.7 - Subscriber+ Authorization Bypass

The plugin does not properly authorize requests to various ajax actions, allowing authenticated users with roles as low as subscriber to create header templates and make additional changes to the site using an easily available nonce value...

5.4CVSS2.8AI score0.00644EPSS
Exploits1Affected Software1
WPVulnDB
WPVulnDB
added 2022/07/22 12:0 a.m.41 views

Simple Banner < 2.12.0 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape its settings proversionactivationcode settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

6.4CVSS2.1AI score0.00787EPSS
Exploits1Affected Software1
WPVulnDB
WPVulnDB
added 2022/06/27 12:0 a.m.41 views

OAuth Single Sign On < 6.22.6 - Authentication Bypass

The plugin doesn't validate that OAuth access token requests are legitimate, which allows attackers to log onto the site with the only knowledge of a user's email address. PoC POST / HTTP/1.1 Accept: / Accept-Language: en-GB,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type:...

5.3CVSS3.2AI score0.00988EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2021/08/13 12:0 a.m.41 views

2Way VideoCalls and Random Chat < 5.2.8 - Reflected Cross-Site Scripting

The plugin is vulnerable to Reflected Cross-Site Scripting via the vwsnotice AJAX action found in the /inc/requirements.php file which allows attackers to inject arbitrary web scripts...

6.1CVSS4.7AI score0.00895EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
added 2021/03/08 12:0 a.m.41 views

The Plus Addons for Elementor Page Builder < 4.1.7 - Authentication Bypass

The plugin was being actively exploited to by malicious actors to bypass authentication, allowing unauthenticated users to log in as any user including admin by just providing the related username, as well as create accounts with arbitrary roles, such as admin. These issues can be exploited even ...

7.5CVSS0.9AI score0.14462EPSS
Exploits3References2Affected Software1
WPVulnDB
WPVulnDB
added 2020/10/29 12:0 a.m.41 views

WordPress < 5.5.2 - Hardening Deserialization Requests

Description The release notes state: "Props to Alex Concha of the WordPress Security Team for their work in hardening deserialization requests." This vulnerability affected the third-party "Requests for PHP" library used by WordPress...

9.8CVSS9.3AI score0.16119EPSS
Exploits1References4
WPVulnDB
WPVulnDB
added 2018/12/13 12:0 a.m.41 views

WordPress <= 5.0 - File Upload to XSS on Apache Web Servers

Description According to WordPress: "Tim Coen and Slavco discovered that authors on Apache-hosted sites could upload specifically crafted files that bypass MIME verification, leading to a cross-site scripting vulnerability."...

5.4CVSS6.9AI score0.03443EPSS
Exploits0References2
WPVulnDB
WPVulnDB
added 2016/04/12 12:0 a.m.41 views

WordPress <= 4.4.2 - Reflected XSS in Network Settings

...

4.3CVSS2.4AI score0.02515EPSS
Exploits0References2Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/17 12:0 a.m.40 views

Salient Core < 2.0.8 - Authenticated (Contributor+) Local File Inclusion via Shortcode

Description The Salient Core plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.0.7 via the 'nectaricon' shortcode 'iconlinea' attribute. This makes it possible for authenticated attackers, with contributor-level and above permissions, to include an...

7.5CVSS7.8AI score0.00632EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/24 12:0 a.m.40 views

Forminator < 1.29.3 - Admin+ SQL Injection

Description The Forminator – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to SQL Injection via the 'orderby' parameter in all versions up to, and including, 1.29.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation...

7.2AI score0.30361EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/02/02 12:0 a.m.40 views

PageLayer < 1.8.1 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC 1. Enter the following payload in...

5.4AI score0.00402EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2023/12/09 12:0 a.m.40 views

Spiffy Calendar < 4.9.6 - Authenticated (Contributor+) Stored Cross-Site Scripting

Description The Spiffy Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to 4.9.6 exclusive due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

6.5CVSS5.9AI score0.00409EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/23 12:0 a.m.40 views

MainWP < 4.4.3.4 - Authenticated (Administrator+) SQL Injection

Description The MainWP plugin for WordPress is vulnerable to SQL Injection via the 'tags' parameter in versions up to, and including, 4.4.3.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

7.6CVSS7.5AI score0.00551EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/07 12:0 a.m.40 views

wpDiscuz < 7.6.6 - Unauthenticated SQL Injection

Description The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by unauthenticated users...

8AI score
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/07/14 12:0 a.m.40 views

User Registration < 3.0.2.1 - Subscriber+ Arbitrary File Upload Leading to RCE

The plugin does not validate the file types, and uses a hardcoded encryption key during the profile picture upload process. Authenticated users with minimal permissions, such as a subscriber, can thus upload arbitrary files, potentially leading to remote code execution...

9.9CVSS7.6AI score0.01454EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/03/20 12:0 a.m.40 views

Hummingbird < 3.4.2 - Unauthenticated Path Traversal

The plugin does not validate the generated file path for page cache files before writing them, leading to a path traversal vulnerability in the page cache module. This allows an attacker to: - Enumerate file system directories where the user who starts the web server process has write access. -...

9.8CVSS9AI score0.01119EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2023/03/20 12:0 a.m.40 views

All-In-One Security (AIOS) < 5.1.5 - Admin+ Arbitrary File/Folder Access via Traversal

The plugin does not limit what log files to display in it's settings pages, allowing an authorized user admin+ to view the contents of arbitrary files and list directories anywhere on the server to which the web server has access. The plugin only displays the last 50 lines of the file. PoC POST...

4.9CVSS5.5AI score0.19921EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2023/03/15 12:0 a.m.40 views

PB SEO Friendly Images <= 4.0.5 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5.9CVSS4.8AI score0.00369EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/02/24 12:0 a.m.40 views

All in One SEO Pack < 4.3.0 - Admin+ Stored XSS

The plugin does not sanitise and escape multiple parameters, which could allow high privilege users such as admin to perform Stored XSS attacks even when unfilteredhtml is disallowed...

4.8CVSS5.1AI score0.00776EPSS
Exploits1Affected Software1
WPVulnDB
WPVulnDB
added 2022/08/10 12:0 a.m.40 views

Gallery PhotoBlocks <= 1.2.6 - Authenticated Stored XSS

The plugin does not sanitise and escape some parameters, which could allow low privileged users to perform Stored Cross-Site Scripting attacks...

5.4CVSS4.3AI score0.00488EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2022/08/10 12:0 a.m.40 views

Directorist < 7.3.1 - Unauthenticated Email Address Disclosure

The plugin discloses the email address of all users in an AJAX action available to both unauthenticated and any authenticated users PoC https://example.com/wp-admin/admin-ajax.php?action=directoristauthorpagination...

5.3CVSS1.2AI score0.01408EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/04/11 12:0 a.m.40 views

Multiple Shipping Address Woocommerce < 2.0 - Unauthenticated SQLi

The plugin does not properly sanitise and escape numerous parameters before using them in SQL statements via some AJAX actions available to unauthenticated users, leading to unauthenticated SQL injections PoC curl 'https://example.com/wp-admin/admin-ajax.php' --data...

9.8CVSS2.4AI score0.07866EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2021/10/21 12:0 a.m.40 views

Catch Themes Demo Import < 1.8 - Admin+ Arbitrary File Upload

The plugin is vulnerable to arbitrary file uploads via the import functionality found in the /inc/CatchThemesDemoImport.php file, in versions up to and including 1.7, due to insufficient file type validation. This makes it possible for an attacker with administrative privileges to upload maliciou...

7.2CVSS7AI score0.55729EPSS
Exploits6References3Affected Software1
WPVulnDB
WPVulnDB
added 2021/08/31 12:0 a.m.40 views

DZS Zoomsounds < 6.50 - Unauthenticated Arbitrary File Download

The plugin allows arbitrary files, including sensitive configuration files such as wp-config.php, to be downloaded via the dzsapdownload action using directory traversal in the link parameter...

7.5CVSS3.8AI score0.66543EPSS
Exploits5References1Affected Software1
WPVulnDB
WPVulnDB
added 2020/12/07 12:0 a.m.40 views

Easy WP SMTP < 1.4.3 - Debug Log Disclosure

The plugin has an optional debug log file generated with a random name, located in the plugin folder and which contains all email messages sent. However, this folder does not have any index page, allowing access to log file on servers with the directory listing enabled or misconfigured. This coul...

5CVSS0.9AI score0.63407EPSS
Exploits3References3Affected Software1
WPVulnDB
WPVulnDB
added 2020/10/08 12:0 a.m.40 views

Dynamic Content for Elementor < 1.9.6 - Authenticated RCE

The PHP Raw Widget https://www.dynamic.ooo/widget/php-raw/ of the Dynamic Content for Elementor plugin before 1.9.6 did not properly check for user permissions, allowing accounts with a role as low as editor to perform RCE attacks. PoC POST /wp-admin/admin-ajax.php HTTP/1.1 Host: example.com...

9CVSS0.2AI score0.05648EPSS
Exploits2References1Affected Software1
Total number of security vulnerabilities5000