Lucene search
K
WpvulndbMost viewed

14602 matches found

WPVulnDB
WPVulnDB
added 2022/05/23 12:0 a.m.20 views

Newsletter < 7.4.5 - Reflected Cross-Site Scripting

The plugin does not sanitize and escape the $SERVER'REQUESTURI' before echoing it back in admin pages. Although this uses addslashes, and most modern browsers automatically URLEncode requests, this is still vulnerable to Reflected XSS in older browsers such as Internet Explorer 9 or below. PoC...

6.1CVSS0.4AI score0.01785EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/05/23 12:0 a.m.20 views

KiviCare < 2.3.9 - Unauthenticated SQLi

The plugin does not sanitise and escape some parameters before using them in SQL statements via the ajaxpost AJAX action with the getdoctordetails route, leading to SQL Injections exploitable by unauthenticated users PoC With at least one doctor created via the plugin: v 2.3.4 curl...

9.8CVSS2.8AI score0.12619EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/05/18 12:0 a.m.20 views

Email Users <= 4.8.8 - Arbitrary Settings Update via CSRF

The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and change the notification settings of arbitrary users PoC...

6.5CVSS4.1AI score0.00513EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/05/17 12:0 a.m.20 views

Code Snippets Extended <= 1.4.7 - Stored Cross-Site Scripting via CSRF

The plugin does not have CSRF in place when creating/editing snippets, as well as is lacking sanitisation and escaping in some fields, which could allow attackers to make a logged in admin create/edit arbitrary snippets and place XSS payloads in them...

6.1CVSS4.8AI score0.00358EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2022/05/16 12:0 a.m.20 views

Herd Effects < 5.2.1 - Admin+ LFI

The plugin does not properly validate the current tab used before generating a path and using it in an include statement, which could lead to LFI...

6.8CVSS0.8AI score0.00979EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2022/05/16 12:0 a.m.20 views

FiboSearch < 1.18.0 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfilteredhtml capability is disallowed PoC Put the following payload in the Woocommerce FiboSearch Autocomplete Products - "N...

4.8CVSS2.4AI score0.00565EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/05/16 12:0 a.m.20 views

Throws SPAM Away < 3.3.1 - Comment Deletion via CSRF

The plugin does not have CSRF checks in place when deleting comments either all, spam, or pending, allowing attackers to make a logged in admin delete comments via a CSRF attack PoC To delete all comments...

4.3CVSS4.6AI score0.00412EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/05/12 12:0 a.m.20 views

WordPress Forms by Pie Forms < 1.4.9.4 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its form fields, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks when unfilteredhtml is disallowed PoC Create/edit a form, go to the Form Settings - General Settings and put the following payload in the...

4.8CVSS0.5AI score0.00565EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/05/10 12:0 a.m.20 views

Quotes llama < 1.0.0 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape Quotes, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed. The attack could also be performed by tricking an admin to import a malicious CSV file PoC Create/edit a quote and p...

4.8CVSS1.3AI score0.0064EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/05/09 12:0 a.m.20 views

amtyThumb <= 4.2.0 - Subscriber+ SQLi

The plugin does not sanitise and escape a parameter before using it in a SQL statement via its shortcode, leading to an SQL injection and is exploitable by any authenticated user and not just Author+ like the original advisory mention due to the fact that they can execute shortcodes via an AJAX...

8.8CVSS0.7AI score0.0151EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2022/05/04 12:0 a.m.20 views

Disable Right Click For WP <= 1.1.6 - Arbitrary Settings Update via CSRF

The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

8.8CVSS4AI score0.00401EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2022/05/02 12:0 a.m.20 views

Nirweb support < 2.8.2 - Unauthenticated SQLi

The plugin does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to an SQL injection PoC curl https://example.com/wp-admin/admin-ajax.php --data 'action=answerdticketform=1 UNION ALL SELECT NULL,NULL,SELECT...

9.8CVSS1.5AI score0.12408EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/04/26 12:0 a.m.20 views

Psychological tests & quizzes <= 0.21.19 - Contributor+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its settings available to users with a role as low as contributor, allowing them to perform Cross-Site Scripting attacks...

5.4CVSS3AI score0.0055EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2022/04/25 12:0 a.m.20 views

WP-Invoice <= 4.3.1 - Stored Cross-Site Scripting via CSRF

The plugin does not have CSRF check in place when updating its settings, and is lacking sanitisation as well as escaping in some of them, allowing attacker to make a logged in admin change them and add XSS payload in them PoC...

2.7AI score0.00266EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2022/04/25 12:0 a.m.20 views

WP Subtitle < 3.4.1 - Contributor+ Stored Cross-Site Scripting

The plugin adds a subtitle field and provides a shortcode to display it via wpsubtitle. The subtitle is stored as a custom post meta with the key: "wpssubtitle", which is sanitized upon post save/update, however is not sanitized when updating it directly from the post meta update button via AJAX ...

5.4CVSS0.8AI score0.00567EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/04/21 12:0 a.m.20 views

VikBooking Hotel Booking Engine & PMS < 1.5.8 - Admin+ PHP File Upload

The plugin does not properly validate images, allowing high privilege users such as administrators to upload PHP files disguised as images and containing malicious PHP code PoC Edit/add a Characteristics /wp-admin/admin.php?option=comvikbooking=carat and upload a fake GIF with PHP code in it as a...

7.2CVSS0.3AI score0.01436EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/04/21 12:0 a.m.20 views

Advanced Contact form 7 DB <= 1.8.7 - Unauthenticated Stored Cross-Site Scripting

The plugin does not sanitise and escape a parameter from its form, which could lead to an unauthenticated Stored Cross-Site Scripting issue...

6.1CVSS2AI score0.00655EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2022/04/19 12:0 a.m.20 views

BMI BMR Calculator <= 1.3 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape arbitrary POST data before outputting it back in the response, leading to a Reflected Cross-Site Scripting PoC...

6.1CVSS1.3AI score0.00813EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/04/18 12:0 a.m.20 views

VikBooking Hotel Booking Engine & PMS < 1.5.4 - Booking Data Disclosure

The plugin has guessable booking IDs, which could allow attackers to retrieve booking data via an IDOR in the search request...

5.3CVSS4AI score0.01067EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2022/04/18 12:0 a.m.20 views

VikBooking Hotel Booking Engine & PMS < 1.5.4 - Unauthenticated Arbitrary File Upload

The plugin does not properly validate the signature file uploaded via its booking form, which could allow unauthenticated attacker to upload arbitrary files...

9.8CVSS3.4AI score0.01617EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2022/04/15 12:0 a.m.20 views

KB Support <= 1.5.5 - Unauthenticated Stored Cross-Site Scripting

The plugin does not sanitise and escape multiple parameters, which could allow unauthenticated users to perform Stored Cross-Site Scripting attacks...

6.1CVSS3.7AI score0.00675EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2022/04/13 12:0 a.m.20 views

WP Social Buttons <= 2.2 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. PoC Put the following payload in the Delay Time General Settings or Top Margin Advanced Settings of the...

4.8CVSS3AI score0.00577EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/04/11 12:0 a.m.20 views

All In One WP Security < 4.4.11 - Authenticated Arbitrary Redirect / Reflected XSS

The plugin does not validate, sanitise and escape the redirectto parameter before using it to redirect user, either via a Location header, or meta url attribute, when the Rename Login Page is active, which could lead to an Arbitrary Redirect as well as Cross-Site Scripting issue. Exploitation of...

4.7CVSS0.3AI score0.00726EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/04/11 12:0 a.m.20 views

Import WP < 2.4.6 - Admin+ Arbitrary File Upload to RCE

The plugin does not validate the imported file in some cases, allowing high privilege users such as admin to upload arbitrary files such as PHP, leading to RCE PoC Import a PHP file via an URL Tools Import WP Add Importer put any name, and post template Create Importer Remote File select any file...

7.2CVSS0.4AI score0.01467EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/03/30 12:0 a.m.20 views

Cab fare calculator < 1.0.4 - Unauthenticated LFI

The plugin does not validate the controller parameter before using it in require statements, which could lead to Local File Inclusion issues. Despite what the original advisory claims, the issue is not exploitable by accessing the file directly as a fatal error is triggered before the vulnerable...

9.8CVSS0.9AI score0.13592EPSS
Exploits2References2Affected Software1
WPVulnDB
WPVulnDB
added 2022/03/30 12:0 a.m.20 views

Use Any Font < 6.2.1 - API Key Deactivation via CSRF

The plugin does not have CSRF check in place when deactivating its API key, which could allow attackers to make a logged in admin perform such action via a CSRF attack...

5.4CVSS4.9AI score0.00381EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2022/03/29 12:0 a.m.20 views

Flo Launch < 2.4.1 - Missing Authentication Allow Full Site Takeover

The plugin injects code into wp-config.php when creating a cloned site, allowing any attacker to initiate a new site install by setting the flocustomtableprefix cookie to an arbitrary value. PoC On any website where flo-launch is active create cookie "flocustomtableprefix" with any string value t...

9.8CVSS3.7AI score0.01698EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/03/29 12:0 a.m.20 views

5 Stars Rating Funnel < 1.2.53 - Unauthenticated SQLi

Description The plugin does not properly sanitise, validate and escape lead ids before using them in a SQL statement via the rrtnggdeleteleads AJAX action, available to unauthenticated users, leading to an unauthenticated SQL injection issue. There is an attempt to sanitise the input, using...

9.8CVSS10AI score0.01743EPSS
Exploits2
WPVulnDB
WPVulnDB
added 2022/03/21 12:0 a.m.20 views

Favicon by RealFaviconGenerator < 1.3.23 - Reflected Cross-Site Scripting

The plugin does not properly sanitise and escape the jsonresulturl parameter before outputting it back in the Favicon admin dashboard, leading to a Reflected Cross-Site Scripting issue PoC...

6.1CVSS0.4AI score0.00863EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2022/03/15 12:0 a.m.20 views

Sassy Social Share < 3.3.40 - Reflected Cross-Site Scripting

The plugin does not escape the viewed post URL before outputting it back in onclick attributes when the "Enable 'More' icon" option is enabled which is the default setting, leading to a Reflected Cross-Site Scripting issue. Note: Vendor was notified on September 14th, 2021. PoC...

6.1CVSS0.3AI score0.02244EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/03/07 12:0 a.m.20 views

Plezi < 1.0.3 - Unauthenticated Stored XSS

The plugin has a REST endpoint allowing unauthenticated users to update the plzconfigurationtrackerenable option, which is then displayed in the admin panel without sanitisation and escaping, leading to a Stored Cross-Site Scripting issue PoC curl -X POST...

6.1CVSS2.4AI score0.00852EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/02/24 12:0 a.m.20 views

Photoswipe Masonry Gallery < 1.2.15 - Subscriber+ Stored Cross-Site Scripting

The plugin does not have authorisation and CSRF when updating its gallery settings via the update function hooked to adminmenu, allowing any authenticated users, such as subscriber to update them and set Cross-Site Scripting payloads in them due to the lack of sanitisation and escaping...

6.4CVSS4.3AI score0.04336EPSS
Exploits3References1Affected Software1
WPVulnDB
WPVulnDB
added 2022/02/21 12:0 a.m.20 views

GD Mylist <= 1.1.1 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed PoC Put the following payload in any of the text field settings of the plugin such as Add to Myli...

4.8CVSS2.2AI score0.00612EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/02/17 12:0 a.m.20 views

Profile Builder < 3.6.2 - Reflected Cross-Site Scripting

The plugin does not properly sanitise and escape the siteurl parameter before outputting it back in an href attribute, leading to a Reflected Cross-Site Scripting issue PoC...

6.1CVSS0.1AI score0.02703EPSS
Exploits3References1Affected Software2
WPVulnDB
WPVulnDB
added 2022/02/10 12:0 a.m.20 views

Spiffy Calendar < 4.9.1 - Arbitrary Event Deletion via CSRF

The plugin does not have CSRF check in place when deleting events, allowing attacker to make a logged in admin delete arbitrary events via a CSRF attack...

5.4CVSS4.5AI score0.00398EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2022/02/09 12:0 a.m.20 views

Ditty (formerly Ditty News Ticker) < 3.0.15 - Reflected Cross-Site Scripting (XSS)

The plugin is affected by a Reflected Cross-Site Scripting XSS vulnerability. PoC http://127.0.0.1:8001/wp-admin/edit.php?posttype=ditty=dittysettings=%22%3E%3Cimg+src+onerror%3Dalert%281%29%3E...

6.1CVSS0.5AI score0.01857EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2022/02/07 12:0 a.m.20 views

AdRotate < 5.8.22 - Admin+ SQL Injection

The plugin does not sanitise and escape the adrotateaction before using it in a SQL statement via the adrotaterequestaction function available to admins, leading to a SQL injection PoC Get the nonce from one of the bulk action, for example /wp-admin/admin.php?page=adrotate and look for...

7.2CVSS1AI score0.01255EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/02/02 12:0 a.m.20 views

Custom Content Shortcode < 4.0.2 - Authenticated Arbitrary File Access / LFI

The plugin does not validate the data passed to its load shortcode, which could allow Contributor+ v 4.0.1 or Admin+ v 4.0.2 users to display arbitrary files from the filesystem such as logs, .htaccess etc, as well as perform Local File Inclusion attacks as PHP files will be executed. Please note...

2.4AI score0.00435EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/02/01 12:0 a.m.20 views

Cost Calculator <= 1.8 - Authenticated Local File Inclusion

The plugin allows authenticated users Contributor+ in versions 1.5, and Admin+ in versions = 1.8 to perform path traversal and local PHP file inclusion on Windows Web Servers via the Cost Calculator post's Layout PoC As a contributor, create a Cost Calculator post, set the Layout to...

6.5CVSS2.7AI score0.03EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/01/31 12:0 a.m.20 views

Post Snippets < 3.1.4 - CSRF to Stored Cross-Site Scripting

The plugin does not have CSRF check when importing files, allowing attacker to make a logged In admin import arbitrary snippets. Furthermore, imported snippers are not sanitised and escaped, which could lead to Stored Cross-Site Scripting issues PoC The XSS will be triggered anywhere in the backe...

9.6CVSS2.6AI score0.00602EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/01/31 12:0 a.m.20 views

Crazy Bone <= 0.6.0 - Unauthenticated Stored XSS

The plugin does not sanitise and escape the username submitted via the login from when displaying them back in the log dashboard, leading to an unauthenticated Stored Cross-Site scripting PoC curl 'https://example.com/wp-login.php' --data-raw 'log=a=x&wp-submit;=Log+In' The XSS will be trigged in...

6AI score0.01374EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/01/27 12:0 a.m.20 views

WP Google Map < 1.8.4 - Arbitrary Post Deletion and Plugin's Settings Update via CSRF

The plugin does not have CSRF checks in most of its AJAX actions, which could allow attackers to make logged in admins delete arbitrary posts and update the plugin's settings via a CSRF attack PoC Removing post: fetch"https://example.com/wp-admin/admin-ajax.php", "headers": "content-type":...

6.5CVSS2.2AI score0.00566EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2022/01/10 12:0 a.m.20 views

WooCommerce – Store Exporter < 2.7.1 - Reflected Cross-Site Scripting (XSS)

The plugin was affected by a Reflected Cross-Site Scripting XSS vulnerability in the wooce admin page. PoC http://127.0.0.1:8001/wp-admin/admin.php?page=wooce=1=%3Cscript%3Ealert1;%3C/script%3E...

6.1CVSS0.6AI score0.02337EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2022/01/06 12:0 a.m.20 views

IP2Location Country Blocker < 2.26.5 - Ban Bypass

The plugin bans can be bypassed by using a specific parameter in the URL PoC https://example.com/?admin-ajax=hehe...

6.5CVSS0.8AI score0.01047EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2022/01/05 12:0 a.m.20 views

SupportCandy < 2.2.7 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape the query string before outputting it back in pages with the wpsccreateticket shortcode embed, leading to a Reflected Cross-Site Scripting issue PoC Note: the ticket-creation page is the one with the wpsccreateticket shortcode embed...

6.1CVSS0.01165EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/01/03 12:0 a.m.20 views

Document Embedder < 1.7.5 - Unauthenticated Arbitrary Private/Draft Post Title Disclosure

The plugin contains a REST endpoint, which could allow unauthenticated users to enumerate the title of arbitrary private and draft posts. PoC https://example.com/wp-json/doc/v1/single/509 509 being the ID of a private/draft Post...

5.3CVSS1.5AI score0.01327EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/01/03 12:0 a.m.20 views

SVG Support < 2.3.20 - Admin+ Stored Cross-Site Scripting

The plugin does not escape the "CSS Class to target" setting before outputting it in an attribute, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. PoC With the Advanced Mode enabled, put the following payload in...

4.8CVSS1.8AI score0.00654EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2021/12/24 12:0 a.m.20 views

Spreadsheet Integration < 3.6.0 - CSRF Bypass

The plugin does not properly check for CSRF in its wpgsiWorksheetColumnsTitle function, by making a request without the nonce parameter. This could allow attacker to make logged in admins call it...

3.2AI score
Exploits0References1Affected Software2
WPVulnDB
WPVulnDB
added 2021/12/23 12:0 a.m.20 views

Product Feed PRO for WooCommerce < 11.0.7 - Subscriber+ Settings Update to Stored XSS

The plugin does not have authorisation and CSRF check in some of its AJAX actions, allowing any authenticated users to call then, which could lead to Stored Cross-Site Scripting issue which will be triggered in the admin dashboard due to the lack of escaping. v10.9.1 added a CSRF check, however...

5.4CVSS0.8AI score0.00607EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2021/12/21 12:0 a.m.20 views

Five Star Restaurant Reservations < 2.4.8 - Subscriber+ Stored Cross-Site Scripting

The plugin does not have capability and CSRF checks in the rtbwelcomesetschedule AJAX action, allowing any authenticated users to call it. Due to the lack of sanitisation and escaping, users with a role as low as subscriber could perform Cross-Site Scripting attacks against logged in admins PoC A...

5.4CVSS0.2AI score0.00607EPSS
Exploits2Affected Software1
Total number of security vulnerabilities5000