Lucene search
K
WpvulndbMost viewed

14602 matches found

WPVulnDB
WPVulnDB
•added 2018/04/23 12:0 a.m.•20 views

WD Instagram Feed <= 1.3.0 - XSS

The 10Web Social Photo Feed WordPress plugin was affected by a XSS security vulnerability...

4.3CVSS2.5AI score0.00957EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
•added 2018/03/30 12:0 a.m.•20 views

Relevanssi <= 4.0.4 - Cross-Site Scripting (XSS)

The Relevanssi – A Better Search WordPress plugin was affected by a Cross-Site Scripting XSS security vulnerability...

3.5CVSS1.3AI score0.02009EPSS
Exploits5Affected Software1
WPVulnDB
WPVulnDB
•added 2018/02/14 12:0 a.m.•20 views

Ultimate Member <= 2.0 - Multiple XSS

The Ultimate Member – User Profile, User Registration, Login & Membership Plugin WordPress plugin was affected by a Multiple XSS security vulnerability...

4.3CVSS2.6AI score0.01206EPSS
Exploits3References1Affected Software1
WPVulnDB
WPVulnDB
•added 2018/02/10 12:0 a.m.•20 views

Bookly #1 WordPress Booking Plugin (Lite) <= 13.2 – Unauthenticated Blind Stored XSS

An unauthenticated user can inject arbitrary persistent javascript code in the admin panel via Bookly plug-in...

4.3CVSS3.1AI score0.01001EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
•added 2018/01/24 12:0 a.m.•20 views

Email Subscribers & Newsletters < 3.4.8 - Unauthenticated Subscriber Download

The Email Subscribers & Newsletters – Simple and Effective Email Marketing WordPress Plugin WordPress plugin was affected by an Unauthenticated Subscriber Download security vulnerability. PoC POST /?es=export ... option=viewallsubscribers...

5CVSS3.2AI score0.03216EPSS
Exploits2References3Affected Software1
WPVulnDB
WPVulnDB
•added 2018/01/12 12:0 a.m.•20 views

Pinterest Feed <= 1.1.1 - Authenticated XSS & CSRF

The Weblizar Pin Feeds WordPress plugin was affected by an Authenticated XSS & CSRF security vulnerability...

6.8CVSS2.8AI score0.00954EPSS
Exploits4References2Affected Software1
WPVulnDB
WPVulnDB
•added 2018/01/10 12:0 a.m.•20 views

Testimonial Slider <= 1.2.4 - Authenticated SQL Injection

During the security analysis, ThunderScan discovered SQL injection vulnerability in Testimonial Slider WordPress plugin. The easiest way to reproduce the vulnerability is to visit the provided URL while being logged in as administrator or another user that is authorized to access the plugin...

6.5CVSS2.3AI score0.01202EPSS
Exploits1References3Affected Software1
WPVulnDB
WPVulnDB
•added 2017/12/05 12:0 a.m.•20 views

Smart Marketing SMS and Newsletters Forms <= 1.1.1 - Unauthenticated Cross-Site Scripting (XSS)

The Smart Marketing SMS and Newsletters Forms WordPress plugin was affected by an Unauthenticated Cross-Site Scripting XSS security vulnerability. PoC POST /wordpress/wp-content/plugins/smart-marketing-for-wp/admin/partials/custom/egoi-for-wp-formegoi.php HTTP/1.1 Host: 127.0.0.1 Content-Type:...

4.3CVSS1.8AI score0.01374EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
•added 2017/11/08 12:0 a.m.•20 views

Ultimate Instagram Feed <= 1.3 - Authenticated Cross-Site Scripting (XSS)

Author: OmarK The vulnerability lies in the "accesstoken" parameter and can cause reflected XSS vulnerability. The issue is on the file ultimate-instagram-feed/admin/partials/uif-access-token-display.php line 19: the vulnerable code is the following: echo $GET'accesstoken'; There is an echo of th...

3.5CVSS0.5AI score0.01028EPSS
Exploits2References2Affected Software1
WPVulnDB
WPVulnDB
•added 2017/10/11 12:0 a.m.•20 views

Qards - Stored Cross-Site Scripting (XSS)

Google Dork: inurl:"plugins/qards" Qards provides you easy option to drag and edit every part and element of your site in the front-end, you will never have to write any code to change the layout or to change any part of the site like the traditional WordPress way. PoC The vulnerable script...

4.3CVSS6.2AI score0.01933EPSS
Exploits2References2Affected Software1
WPVulnDB
WPVulnDB
•added 2017/09/29 12:0 a.m.•20 views

Insert Pages < 3.2.4 - Directory Traversal

The Insert Pages WordPress plugin was affected by a Directory Traversal security vulnerability...

6.4CVSS3.3AI score0.02503EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2017/09/26 12:0 a.m.•20 views

Content Audit <= 1.9.1 - Cross-Site Scripting (XSS) & CSRF

The Content Audit WordPress plugin was affected by a Cross-Site Scripting XSS & CSRF security vulnerability...

4.3CVSS2.4AI score0.00905EPSS
Exploits0References3Affected Software1
WPVulnDB
WPVulnDB
•added 2017/09/21 12:0 a.m.•20 views

Smush Image Compression and Optimization <= 2.7.5 - File Transversal

The Smush – Lazy Load Images, Optimize & Compress Images WordPress plugin was affected by a File Transversal security vulnerability...

5CVSS7.3AI score0.0251EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
•added 2017/09/20 12:0 a.m.•20 views

WordPress 2.3.0-4.7.4 - Authenticated SQL injection

Description Due bad solution of the database abstraction library WordPress exposes itself towards SQL Injection and validation bypass. Beside WordPress itself this issue have huge impact towards complete WP ecosystem. Up to WordPress 4.8.1 is vulnerable, but this time attack is dependent from...

8.4AI score
Exploits0References3
WPVulnDB
WPVulnDB
•added 2017/09/06 12:0 a.m.•20 views

Participants Database <= 1.7.5.9 - Cross-Site Scripting

Cross site scripting XSS vulnerability in the Wordpress Participants Database plugin 1.7.59 allows attackers to inject arbitrary javascript via the Name parameter. PoC curl -k -F action=signup -F subsource=participants-database -F shortcodepage=/?pageid=1 -F thankspage=/?pageid=1 -F instanceindex...

4.3CVSS2.9AI score0.02302EPSS
Exploits4References1Affected Software1
WPVulnDB
WPVulnDB
•added 2017/08/18 12:0 a.m.•20 views

WPJobBoard <= 4.5.1 - Multiple Cross-Site Scripting (XSS)

The wpjobboard WordPress plugin was affected by Multiple XSS issues...

4.3CVSS1.7AI score0.00901EPSS
Exploits3References1Affected Software1
WPVulnDB
WPVulnDB
•added 2017/08/08 12:0 a.m.•20 views

Loginizer <= 1.3.5 - Cross-Site Request Forgery (CSRF)

Due to insufficient security checks an attacker can remove blacklisted and whitelisted IP:s from the plugin using CSRF...

6.8CVSS2.9AI score0.00714EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
•added 2017/07/20 12:0 a.m.•20 views

Weblibrarian < 3.4.8.5 - XSS

The WebLibrarian WordPress plugin was affected by a XSS security vulnerability...

4.3CVSS2.9AI score0.00916EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2017/06/02 12:0 a.m.•20 views

Spiffy Calendar <= 3.2.0 - Reflected Cross-Site Scripting (XSS)

The Spiffy Calendar WordPress plugin was affected by a Reflected Cross-Site Scripting XSS security vulnerability...

4.3CVSS1.4AI score0.01323EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
•added 2017/05/21 12:0 a.m.•20 views

Surveys 1.01.8 - Authenticated SQL Injection

The surveys WordPress plugin was affected by an Authenticated SQL Injection security vulnerability...

7.5CVSS2.7AI score0.03628EPSS
Exploits3References2Affected Software1
WPVulnDB
WPVulnDB
•added 2017/04/14 12:0 a.m.•20 views

Easy WP Smtp < 1.2.5 - XSS

The Easy WP SMTP WordPress plugin was affected by a XSS security vulnerability...

4.3CVSS1.4AI score0.00775EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2017/03/22 12:0 a.m.•20 views

Invite Anyone < 1.3.16 - Multiple Issues

The Invite Anyone WordPress plugin was affected by a Multiple Issues security vulnerability...

7.5CVSS2.4AI score0.01825EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2017/03/07 12:0 a.m.•20 views

WP SlimStat <= 3.5.5 - Overview URI Stored XSS

The Slimstat Analytics WordPress plugin was affected by an Overview URI Stored XSS security vulnerability...

4.3CVSS2.3AI score0.02023EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
•added 2017/03/06 12:0 a.m.•20 views

WordPress 3.6.0-4.7.2 - Authenticated Cross-Site Scripting (XSS) via Media File Metadata

...

3.5CVSS2.8AI score0.03016EPSS
Exploits1References4Affected Software1
WPVulnDB
WPVulnDB
•added 2017/02/27 12:0 a.m.•20 views

Kama Click Counter < 3.5.0 - XSS

The Kama Click Counter WordPress plugin was affected by a XSS security vulnerability...

4.3CVSS2.6AI score0.00914EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2017/02/07 12:0 a.m.•20 views

Raygun4WP <= 1.8.0 - Unauthenticated Reflected XSS

The Raygun4WP WordPress plugin was affected by an Unauthenticated Reflected XSS security vulnerability. PoC http://www.example.com/wp-content/plugins/raygun4wp/sendtesterror.php?backurl="...

4.3CVSS0.9AI score0.03984EPSS
Exploits2References2Affected Software1
WPVulnDB
WPVulnDB
•added 2017/01/28 12:0 a.m.•20 views

FormBuilder <= 1.0.7 - Cross-Site Request Forgery (CSRF)

The FormBuilder WordPress plugin was affected by a Cross-Site Request Forgery CSRF security vulnerability...

3.2AI score
Exploits0References2Affected Software1
WPVulnDB
WPVulnDB
•added 2016/12/07 12:0 a.m.•20 views

WooCommerce <= 2.6.8 - Authenticated Tax-Rate CSV XSS

The WooCommerce WordPress plugin was affected by an Authenticated Tax-Rate CSV XSS security vulnerability...

3.5CVSS3.1AI score0.00904EPSS
Exploits0References2Affected Software1
WPVulnDB
WPVulnDB
•added 2016/11/21 12:0 a.m.•20 views

Vospari Forms <= 1.3 - Cross-Site Scripting (XSS)

The Vospari Forms WordPress plugin was affected by a Cross-Site Scripting XSS security vulnerability...

4.3CVSS1.5AI score0.02145EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
•added 2016/08/10 12:0 a.m.•20 views

CampTix Event Ticketing <= 1.4.2 - CSV Injection and XSS

The CampTix Event Ticketing WordPress plugin was affected by a CSV Injection and XSS security vulnerability...

5.1CVSS2.3AI score0.01798EPSS
Exploits2References2Affected Software1
WPVulnDB
WPVulnDB
•added 2016/08/01 12:0 a.m.•20 views

WP Database Backup < 4.3.1 - CSRF & XSS

The WP Database Backup WordPress plugin was affected by a CSRF & XSS security vulnerability...

4.3CVSS2.2AI score0.00924EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2016/04/26 12:0 a.m.•20 views

Sermon Browser < 0.45.16 - Multiple XSS

The Sermon Browser WordPress plugin was affected by a Multiple XSS security vulnerability...

4.3CVSS1.8AI score0.00913EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2016/04/12 12:0 a.m.•20 views

New Year Firework <= 1.1.9 - Unauthenticated Reflected Cross-Site Scripting (XSS)

The new-year-firework WordPress plugin was affected by an Unauthenticated Reflected Cross-Site Scripting XSS security vulnerability. PoC http://www.example.com/wp-content/plugins/new-year-firework/firework/index.php?text=""...

4.3CVSS0.6AI score0.03432EPSS
Exploits2References2Affected Software1
WPVulnDB
WPVulnDB
•added 2016/04/12 12:0 a.m.•20 views

Tidio Gallery <= 1.1 - Unauthenticated Reflected Cross-Site Scripting (XSS)

The tidio-gallery WordPress plugin was affected by a Unauthenticated Reflected Cross-Site Scripting XSS security vulnerability. PoC http://www.example.com/wp-content/plugins/tidio-gallery/popup-insert-help.php?galleryId=""...

4.3CVSS0.5AI score0.04486EPSS
Exploits2References2Affected Software1
WPVulnDB
WPVulnDB
•added 2016/04/05 12:0 a.m.•20 views

WP Customer Reviews < 3.0.9 - CSRF & XSS

The WP Customer Reviews WordPress plugin was affected by a CSRF & XSS security vulnerability...

6.8CVSS2.6AI score0.00913EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2016/03/23 12:0 a.m.•20 views

Anti-Malware Security & Brute-Force Firewall <= 4.15.42 - XSS & CSRF

The Anti-Malware Security and Brute-Force Firewall WordPress plugin was affected by a XSS & CSRF security vulnerability. PoC XSS vulnerability in https://wordpress.org/plugins/gotmls/ has been identified. While I scan a site with that plugin , i had a file '".png and it was skippped , but result...

0.2AI score
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
•added 2016/03/07 12:0 a.m.•20 views

Ocim MP3 Plugin - Unauthenticated Reflected Cross-Site Scripting (XSS)

Credits to : Soufiane Boussali PoC http://www.example.com/wp-content/plugins/ocim-mp3/source/pages.php?id=XSSPayload...

4.3CVSS0.7AI score0.00943EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
•added 2016/02/10 12:0 a.m.•20 views

OptionTree <= 2.5.5 - Authenticated Cross-Site Scripting (XSS)

The OptionTree WordPress plugin was affected by an Authenticated Cross-Site Scripting XSS security vulnerability...

4.3CVSS2.1AI score0.00913EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
•added 2015/12/02 12:0 a.m.•20 views

Users Ultra Membership Plugin <= 1.5.62 - Authenticated Stored Cross-Site Scripting (XSS) & CSRF

Both pname and pdesc are vulnerable. No nonce on form so also vulnerable to CSRF. Original researcher's PoC does not work as all parameters are needed to be submitted not just the pname parameter...

6.8CVSS1.8AI score0.01173EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
•added 2015/11/24 12:0 a.m.•20 views

Websimon Tables <= 1.3.4 - Authenticated Reflected Cross-Site Scripting (XSS)

The websimon-tables WordPress plugin was affected by an Authenticated Reflected Cross-Site Scripting XSS security vulnerability...

3.5CVSS2AI score0.01033EPSS
Exploits1References2Affected Software1
WPVulnDB
WPVulnDB
•added 2015/10/29 12:0 a.m.•20 views

WordPress File Upload <= 3.4.0 - Unauthenticated Malicious File Upload

The WordPress plugin wp-file-upload does not adequately check the filetype before allowing it to be uploaded. It also uploaded files with execute permissions, allowing malicious payloads to be uploaded. PoC 1. Install wp-file-upload on a WordPress site and activate it. 2. Create an upload form on...

5CVSS2AI score0.01389EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
•added 2015/10/23 12:0 a.m.•20 views

wp-championship <= 5.8 - Authenticated Blind SQL Injection

The wp-championship WordPress plugin was affected by an Authenticated Blind SQL Injection security vulnerability. PoC $ sqlmap -u 'http://www.example.com/wp-admin/wp-championship/csadminusers.php=' --data="isadmin=1" --cookie=AUTHCOOKIEHERE --level=5 --risk=3...

7.5CVSS2.5AI score0.02206EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
•added 2015/10/06 12:0 a.m.•20 views

Support Ticket System <= 1.2 - Unauthenticated SQL Injection

The Support Ticket System WordPress plugin was affected by an Unauthenticated SQL Injection security vulnerability...

7.5CVSS2.9AI score0.03117EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
•added 2015/10/05 12:0 a.m.•20 views

Easy2Map <= 1.2.9 - Local File Inclusion

The Easy2Map WordPress plugin was affected by a Local File Inclusion security vulnerability...

7.5CVSS2.3AI score0.07113EPSS
Exploits2References2Affected Software1
WPVulnDB
WPVulnDB
•added 2015/09/30 12:0 a.m.•20 views

mTheme Unus < 2.3 - Directory Traversal

The mTheme-Unus WordPress theme was affected by a Directory Traversal security vulnerability...

5CVSS3.7AI score0.55008EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
•added 2015/09/17 12:0 a.m.•20 views

xPinner Lite <= 2.2 - Cross-Site Scripting (XSS) & CSRF

The xpinner-lite WordPress plugin was affected by a Cross-Site Scripting XSS & CSRF security vulnerability...

4.3CVSS1.9AI score0.01623EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
•added 2015/09/15 12:0 a.m.•20 views

MyPixs <= 0.3 - Unauthenticated Local File Inclusion (LFI)

Plugin is still affected and has been closed. Typical local file inclusion vulnerability: from downloadpage.php: I've tried to get RCE but didn't have success reading from /proc/self/environ or /var/log/apache2/access.log include: Failed opening '/proc/self/environ' for inclusion...

5CVSS0.3AI score0.09325EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
•added 2015/08/24 12:0 a.m.•20 views

Manual Image Crop <= 1.10 - Authenticated Reflected Cross-Site Scripting (XSS)

The Manual Image Crop WordPress plugin was affected by an Authenticated Reflected Cross-Site Scripting XSS security vulnerability...

3.5CVSS1.8AI score0.01044EPSS
Exploits1References2Affected Software1
WPVulnDB
WPVulnDB
•added 2015/08/11 12:0 a.m.•20 views

Dynamic Widgets <= 1.5.10 - Authenticated Cross-Site Scripting (XSS) & CSRF

The Dynamic Widgets WordPress plugin was affected by an Authenticated Cross-Site Scripting XSS & CSRF security vulnerability...

4.3CVSS2.3AI score0.01044EPSS
Exploits2References2Affected Software1
WPVulnDB
WPVulnDB
•added 2015/08/09 12:0 a.m.•20 views

Monetize <= 1.03 - Cross-Site Scripting (XSS) & CSRF

The monetize WordPress plugin was affected by a Cross-Site Scripting XSS & CSRF security vulnerability...

4.3CVSS1.9AI score0.00832EPSS
Exploits1References1Affected Software1
Total number of security vulnerabilities5000