Lucene search
K
WpvulndbMost viewed

14602 matches found

WPVulnDB
WPVulnDB
added 2021/01/18 12:0 a.m.20 views

301 Redirects - Easy Redirect Manager < 2.51 - Authenticated SQL Injection

The plugin does not sanitise its "Redirect From" column when importing a CSV file, allowing high privilege users to perform SQL injections. The PoC video provided mentioned 2.53 as vulnerable, however v2.45 was installed and used. The issue has been verified to have been fixed in 2.51 PoC POST...

0.01238EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
added 2020/12/19 12:0 a.m.20 views

Envira Gallery Lite < 1.8.3.3 - Authenticated Stored Cross-Site Scripting

The plugin does not properly sanitise the images metadata namely title before outputting them in the generated gallery. This allows privileged accounts such as editor+ to perform XSS attacks even without the unfilteredhtml capability against users visiting the gallery in the frontend. PoC As an...

1.7AI score0.00661EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2020/11/27 12:0 a.m.20 views

Age Gate < 2.13.5 - Unauthenticated Open Redirect

The plugin takes the wphttpreferer parameter to redirect users after some actions as well as after invalid or missing nonces, leading to an Unauthenticated Open Redirect issue PoC...

3.4AI score
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2020/11/20 12:0 a.m.20 views

Import and export users and customers < 1.16.3.6 - CSV Injection

The plugin did not validate or sanitise user data, such as first and last names from the profile, leading to a CSV injection when the data is exported by an administrator...

6CVSS2.9AI score0.01827EPSS
Exploits1References2Affected Software1
WPVulnDB
WPVulnDB
added 2020/11/20 12:0 a.m.20 views

weForms < 1.6.4 - CSV Injection

The plugin allows CSV injection via a form's entry...

7.5CVSS4.2AI score0.02983EPSS
Exploits1References2Affected Software1
WPVulnDB
WPVulnDB
added 2020/10/14 12:0 a.m.20 views

Child Theme Creator by Orbisius < 1.5.2 - CSRF to Arbitrary File Modification/Creation

This flaw gave attackers the ability to forge requests on behalf of an administrator in order to modify arbitrary theme files and create new PHP files, which could allow an attacker to achieve remote code execution RCE on a vulnerable site’s server. PoC The following will create hello.php in the...

6.8CVSS4.1AI score0.00765EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2020/10/09 12:0 a.m.20 views

Autoptimize < 2.7.8 - Race Condition leading to RCE

The plugin attempts to remove potential malicious files from the extracted archive uploaded via the 'Import Settings' feature, however this is not sufficient to protect against RCE as a race condition can be achieved in between the moment the file is extracted on the disk but not yet removed. It ...

0.2AI score0.13139EPSS
Exploits7Affected Software1
WPVulnDB
WPVulnDB
added 2020/09/28 12:0 a.m.20 views

WP Courses < 2.0.29 - Broken Access Controls leading to Courses Content Disclosure

The plugin does not protect the courses which could be accessed by unauthenticated users using the REST API /wp-jon/ endpoints. This could result in attackers accessing paying content without authorisation...

5CVSS3.9AI score0.09199EPSS
Exploits1References3Affected Software1
WPVulnDB
WPVulnDB
added 2020/09/09 12:0 a.m.20 views

Cookiebot < 3.6.1 - CSRF & XSS

Antony Garand of Sucuri discovered that multiple WordPress plugins were vulnerable to Cross-Site Scripting XSS within the admin panel, which could be exploited by using s Cross-Site Request Forgery CSRF attack...

2.2AI score
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2020/08/04 12:0 a.m.20 views

The Official WordPress Facebook Chat Plugin < 1.6 - Authenticated Options Change to Chat Takeover

This flaw made it possible for low-level authenticated attackers to connect their own Facebook Messenger account to any site running the vulnerable plugin and engage in chats with site visitors on affected sites. PoC Obtain PageID from a test Facebook Page found under page - about - pageID. Use...

0.5AI score
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2020/07/21 12:0 a.m.20 views

TC Custom JavaScript < 1.2.2 - Unauthenticated Stored Cross-Site Scripting (XSS)

A stored Cross-Site Scripting XSS vulnerability in the TC Custom JavaScript plugin for WordPress allows unauthenticated remote attackers to inject arbitrary JavaScript via the tccj-content parameter. This is displayed in the page footer of every front-end page and executed in the browser of...

4.3CVSS5.6AI score0.01367EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
added 2020/05/14 12:0 a.m.20 views

Login/Signup Popup < 1.5 - Authenticated Stored Cross-Site Scripting (XSS)

A lack of capability checks and security nonce allows any authenticated user to inject, via the AJAX API, JavaScript code into the plugin’s settings and to use it to target the administrator in the backend of WordPress. The vulnerability has been exploited for a couple of days...

2.4AI score
Exploits0References2Affected Software1
WPVulnDB
WPVulnDB
added 2020/05/07 12:0 a.m.20 views

Elementor Pro < 2.9.4 - Authenticated Arbitrary File Upload

According to Jerome Bruandet, from NintechNet, the vulnerability, currently exploited by attackers, allows any logged-in user to upload and execute PHP scripts on the blog. Chloe Chamberland from Wordfence also confirmed the issue and added that "This vulnerability is being used in conjunction wi...

6.5CVSS0.1AI score0.08565EPSS
Exploits1References2Affected Software1
WPVulnDB
WPVulnDB
added 2020/04/19 12:0 a.m.20 views

Media Library Assistant < 2.82 - Authenticated RCE

Remote Code Execution can occur via the taxquery, metaquery, and datequery parameter of the mlagallery shortcode...

7.5CVSS5AI score0.03559EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2020/02/26 12:0 a.m.20 views

WPJobBoard < 5.6.0 - Unauthenticated Stored Cross-Site Scripting (XSS)

"An attacker can submit malicious javascript code persistent XSS on some fields of 'add job' form in frontend. Then, when an admin want to edit or delete this job in control page, the malicious payload will be executed." Edit WPScanTeam February 26th, 2020 - Vendor contacted via their page...

4.3CVSS0.7AI score0.01641EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
added 2020/02/12 12:0 a.m.20 views

GDPR Cookie Consent < 1.8.3 - Improper Access Controls

Improper Access Controls issue in the clipolicygenerator AJAX call which could allow an authenticated user with low privileges such as a subscriber to: - Change the status of any post/page from published to draft, removing them from the frontend of the blog. - Put a payload in the content of one...

3.5CVSS5AI score0.00894EPSS
Exploits1References2Affected Software1
WPVulnDB
WPVulnDB
added 2020/01/30 12:0 a.m.20 views

Registration Magic < 4.6.0.3 - Multiple Cross-Site Scripting (XSS)

The plugin is affected by an unauthenticated Stored XSS on the Contact Form which could allow attacks against administrators viewing the submissions. As well as multiple reflected XSS...

5.5CVSS4.2AI score0.01919EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
added 2020/01/21 12:0 a.m.20 views

Chatbot with IBM Watson < 0.8.21 - DOM Cross-Site Scripting (XSS)

Note: The issue could be qualified of Self-XSS...

4.3CVSS1.6AI score0.01371EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
added 2020/01/16 12:0 a.m.20 views

WP Database Reset < 3.15 - Unauthenticated Database Reset

This flaw "allowed any unauthenticated user to reset any table from the database to the initial WordPress set-up state." PoC URL/wp-admin/admin-post.php?db-reset-tables%5B%5D=comments&db-reset-code;=11111&db-reset-code-confirm;=11111 Where you can set db-reset-tables%5B%5D to any database table y...

6.4CVSS2.4AI score0.22928EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2020/01/14 12:0 a.m.20 views

InfiniteWP Client < 1.9.4.5 - Authentication Bypass

As per agreement between the researcher and developer, details will be released on January 14th. PoC It is possible to login as any administrator on the site due to logical mistakes in the code. The issue resides in the function iwpmmbsetrequest which is located in the init.php file. This checks ...

7.5CVSS1.4AI score0.8787EPSS
Exploits2References3Affected Software1
WPVulnDB
WPVulnDB
added 2019/11/12 12:0 a.m.20 views

Anti-Spam by CleanTalk < 5.127.4 - Cross-Site Scripting Issue

The Spam protection, AntiSpam, FireWall by CleanTalk WordPress plugin was affected by a Cross-Site Scripting Issue security vulnerability...

4.3CVSS1.9AI score0.01307EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2019/08/30 12:0 a.m.20 views

WooCommerce Product Feed for Google, Facebook, eBay and Many More < 3.1.15 - Authenticated Reflected XSS

The WooCommerce Product Feed for Google, Bing, eBay and Many More WordPress plugin was affected by an Authenticated Reflected XSS security vulnerability...

4.3CVSS2.6AI score0.03213EPSS
Exploits5References1Affected Software1
WPVulnDB
WPVulnDB
added 2019/08/27 12:0 a.m.20 views

HandL UTM Grabber < 2.6.5 - Authenticated Option Change via CSRF

The HandL UTM Grabber / Tracker WordPress plugin was affected by an Authenticated Option Change via CSRF security vulnerability...

6.8CVSS2.9AI score0.00799EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2019/08/12 12:0 a.m.20 views

Give <= 2.5.0 - SQL Injection

A SQL injection vulnerability exists in the Impress GiveWP Give plugin through 2.5.0 for WordPress. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system via includes/payments/class-payments-query.php or...

7.5CVSS6.4AI score0.02894EPSS
Exploits0References2Affected Software1
WPVulnDB
WPVulnDB
added 2019/08/05 12:0 a.m.20 views

ND Booking < 2.5 - Unauthenticated Options Change

The Hotel Booking WordPress plugin was affected by an Unauthenticated Options Change security vulnerability...

5.8CVSS1.9AI score0.01731EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
added 2019/07/19 12:0 a.m.20 views

Adaptive Images for WordPress <= 0.6.66 - Local File Inclusion & Deletion

The Adaptive Images for WordPress WordPress plugin was affected by a Local File Inclusion & Deletion security vulnerability...

6.4CVSS2AI score0.63375EPSS
Exploits3References3Affected Software1
WPVulnDB
WPVulnDB
added 2019/07/18 12:0 a.m.20 views

OneSignal Web Push Notifications - Stored XSS

The OneSignal – Web Push Notifications WordPress plugin was affected by a Stored XSS security vulnerability...

3.5CVSS5.1AI score0.01063EPSS
Exploits2References2Affected Software1
WPVulnDB
WPVulnDB
added 2019/07/12 12:0 a.m.20 views

Ad Inserter <= 2.4.19 - Authenticated Path Traversal

Edit WPScanTeam: Even though the original advisory mentions that it only affect accounts with the administrator privilege, subscriber accounts and above can exploit the issue, as the nonce can be retrieved when submitting a request with a specific cookie, as described at...

5CVSS2.8AI score0.02026EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2019/07/04 12:0 a.m.20 views

Appointment Booking Calendar < 1.3.19 - Unauthenticated Stored XSS

Lack of authorisation check in the cpabcappointmentssaveedition function can lead to stored XSS via the editionarea parameter when cfwppedit is set to 'js' or 'css' PoC The payload will be triggered in all pages with a booking form...

4.3CVSS2.5AI score0.01389EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2019/07/01 12:0 a.m.20 views

Easy Forms for Mailchimp < 6.5.3 - Code Injection

The Easy Forms for Mailchimp WordPress plugin was affected by a Code Injection security vulnerability...

7.5CVSS2AI score0.02177EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2019/06/24 12:0 a.m.20 views

Admin Renamer Extender <= 3.2.1 - CSRF

CSRF leading to arbitrary username change...

3.5CVSS2.7AI score0.00526EPSS
Exploits1Affected Software1
WPVulnDB
WPVulnDB
added 2019/06/11 12:0 a.m.20 views

Insert or Embed Articulate Content into WordPress <= 4.2998 - Authenticated RCE

Original issue fixed in 4.2998. However, it was also be possible to upload via articulateuploadajaxfile AJAX method which was lacking authorisation checks and has been fixed in 4.2999...

6.5CVSS3.4AI score0.01668EPSS
Exploits0References2Affected Software1
WPVulnDB
WPVulnDB
added 2019/05/22 12:0 a.m.20 views

WP Booking System <= 1.5.1.1 - CSRF to Authenticated SQL Injection

According to the original researcher, no CSRF nonces were present and therefore could be exploited by chaining with the CSRF issue...

6.5CVSS2.3AI score0.00911EPSS
Exploits1References2Affected Software1
WPVulnDB
WPVulnDB
added 2019/05/07 12:0 a.m.20 views

WP Live Chat Support Pro - File Upload Bypass

Note: The free and pro version have been merged in WP Live Chat Support 8.0.27...

7.5CVSS1.6AI score0.04349EPSS
Exploits1References2Affected Software1
WPVulnDB
WPVulnDB
added 2019/05/07 12:0 a.m.20 views

Carts Guru <= 1.4.4 - Unauthenticated Object Injection

The Carts Guru WordPress plugin was affected by an Unauthenticated Object Injection security vulnerability...

7.5CVSS2.7AI score0.02347EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
added 2019/04/25 12:0 a.m.20 views

WooCommerce Checkout Manager <= 4.2.6 - Arbitrary File Upload

The Checkout Manager for WooCommerce WordPress plugin was affected by an Arbitrary File Upload security vulnerability...

6.4CVSS2.8AI score0.0147EPSS
Exploits1References3Affected Software1
WPVulnDB
WPVulnDB
added 2019/04/24 12:0 a.m.20 views

JobCareer < 2.5.1 - Authenticated Stored Cross-Site Scripting

Bad input fields data filtering has been discovered in the 'JobCareer | Job Board Responsive WordPress Theme'. PoC http://jobcareer.chimpgroup.com/candidate/asdasdasdasdasd/ Register a new account on the demo website: http://jobcareer.chimpgroup.com/ , then go to the «Resume» profile tab:...

3.5CVSS0.3AI score0.00736EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2019/04/18 12:0 a.m.20 views

CarSpot Theme <= 2.1.6 - Authenticated Stored XSS

Bad input field data filtering has been discovered in the 'CarSpot – Automotive Car Dealer Wordpress Classified Theme'. Current version of this Premium Theme is 2.1.5. PoC Authorize on the demo website for tests: https://carspot.scriptsbundle.com/, login is [email protected] and passow...

3.5CVSS0.8AI score0.00736EPSS
Exploits2References2Affected Software1
WPVulnDB
WPVulnDB
added 2019/04/17 12:0 a.m.20 views

Download Manager <= 2.9.93 - Authenticated Cross-Site Scripting (XSS)

In the pro features of the WordPress download manager plugin, there is a Category Short-code feature witch can use to sort categories with order by a function which will be used as ?orderby=title,publishdate . By adding parameter " and add any XSS payload , the xss payload will execute. To...

4.3CVSS5.8AI score0.12531EPSS
Exploits6References3Affected Software1
WPVulnDB
WPVulnDB
added 2019/02/20 12:0 a.m.20 views

WooCommerce <= 3.5.4 - Stored Cross-Site Scripting (XSS)

Security - Improved escaping for Photoswipe captions. Security - Improved escaping for JSON attributes and structured data...

4.3CVSS1.8AI score0.00983EPSS
Exploits0References4Affected Software1
WPVulnDB
WPVulnDB
added 2019/02/05 12:0 a.m.20 views

NextScripts: Social Networks Auto-Poster < 4.2.8 - Authenticated Reflected Cross-Site Scripting (XSS)

The NextScripts: Social Networks Auto-Poster WordPress plugin was affected by an Authenticated Reflected Cross-Site Scripting XSS security vulnerability...

4.3CVSS2.2AI score0.01253EPSS
Exploits1References2Affected Software1
WPVulnDB
WPVulnDB
added 2019/01/08 12:0 a.m.20 views

MapSVG Lite <= 3.2.3 - Cross-Site Request Forgery (CSRF)

CSRF in the mapsvgsave AJAX method PoC...

6.8CVSS2AI score0.00795EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2018/12/13 12:0 a.m.20 views

WordPress <= 5.0 - Authenticated Cross-Site Scripting (XSS)

Description According to WordPress: "Tim Coen discovered that contributors could edit new comments from higher-privileged users, potentially leading to a cross-site scripting vulnerability."...

5.4CVSS6.8AI score0.02466EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2018/12/04 12:0 a.m.20 views

JobCareer < 2.4.1 - User enumeration & Reset password

The theme used a vulnerable version of the WP-jobhunt plugin affected by the issues below: CVE-2018-19487: The WP-jobhunt plugin before version 2.4 for WordPress does not control AJAX requests sent to the csemployerajaxprofile function through the admin-ajax.php file, which allows remote...

7.5CVSS5AI score0.04852EPSS
Exploits2References2Affected Software2
WPVulnDB
WPVulnDB
added 2018/11/14 12:0 a.m.20 views

Master Slider <= 3.7.0 - Authenticated Stored Cross-Site Scripting (XSS)

The plugin does not properly sanitise the slider name when creating or editing a slider, leading to an Authenticated editor+ Stored Cross-Site Scripting issue which will be triggered in the Slider table /wp-admin/admin.php?page=master-slider. Edit WPScanTeam: - The original report was from 2018,...

3.5CVSS0.8AI score0.00705EPSS
Exploits4References1Affected Software1
WPVulnDB
WPVulnDB
added 2018/10/31 12:0 a.m.20 views

Multi Step Form <= 1.2.5 - Cross-Site Scripting (XSS)

The Multi Step Form WordPress plugin was affected by a Cross-Site Scripting XSS security vulnerability...

3.5CVSS1.3AI score0.01097EPSS
Exploits1References4Affected Software1
WPVulnDB
WPVulnDB
added 2018/10/16 12:0 a.m.20 views

Support Board - Chat And Help Desk | Support & Chat <= 1.2.3 - XSS

The supportboard WordPress plugin was affected by a Chat And Help Desk | Support & Chat = 1.2.3 - XSS security vulnerability...

3.5CVSS0.8AI score0.00795EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
added 2018/09/19 12:0 a.m.20 views

Localize My Post 1.0 - Unauthenticated Local File Inclusion (LFI)

The localize-my-post WordPress plugin was affected by an Unauthenticated Local File Inclusion LFI security vulnerability. PoC http://www.example.com/wp-content/plugins/localize-my-post/ajax/include.php?file=../../../../../../../../../../etc/passwd...

5CVSS0.6AI score0.44358EPSS
Exploits2References3Affected Software1
WPVulnDB
WPVulnDB
added 2018/06/25 12:0 a.m.20 views

JS Support Ticket < 2.0.6 - CSRF

The JS Help Desk – Best Help Desk & Support Plugin WordPress plugin was affected by a CSRF security vulnerability...

6.8CVSS1.3AI score0.00681EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2018/05/16 12:0 a.m.20 views

CF7 Invisible reCaptcha <= 1.3.1 - XSS

The CF7 Invisible reCAPTCHA WordPress plugin was affected by a XSS security vulnerability...

4.3CVSS2.6AI score0.00916EPSS
Exploits0References1Affected Software1
Total number of security vulnerabilities5000