Lucene search
K
WpvulndbMost viewed

14602 matches found

WPVulnDB
WPVulnDB
added 2015/08/05 12:0 a.m.20 views

WordPress <= 4.2.3 - Legacy Theme Preview Cross-Site Scripting (XSS)

...

4.3CVSS1.8AI score0.0743EPSS
Exploits0References2Affected Software1
WPVulnDB
WPVulnDB
added 2015/07/11 12:0 a.m.20 views

CP Contact Form with Paypal <= 1.1.5 - Multiple Vulnerabilities

The CP Contact Form with PayPal WordPress plugin was affected by a Multiple Vulnerabilities security vulnerability...

6.8CVSS2.1AI score0.02024EPSS
Exploits0References3Affected Software1
WPVulnDB
WPVulnDB
added 2015/07/06 12:0 a.m.20 views

Yet Another Stars Rating <= 0.9.0 - Authenticated Blind SQL Injection

The Yasr – Yet Another Stars Rating WordPress plugin was affected by an Authenticated Blind SQL Injection security vulnerability...

6.5CVSS3.9AI score0.01944EPSS
Exploits1References2Affected Software1
WPVulnDB
WPVulnDB
added 2015/07/06 12:0 a.m.20 views

ACF Frontend Display <= 2.0.6 - Arbitrary File Upload

The last time it was checked the plugin was still affected and had been closed...

7.5CVSS2.2AI score0.02774EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
added 2015/07/02 12:0 a.m.20 views

WordPress File Upload <= 2.7.6 - Multiple Vulnerabilities

The plugin allows upload of file extensions that may lead to code execution, such as php4 or php5. Additionally, it allows an admin user to rename files and thus change the extension of uploaded files, leading to code execution. There is no CSRF protection for this. The plugin also allows for the...

5CVSS2.8AI score0.01389EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2015/06/25 12:0 a.m.20 views

WordPress Landing Pages <= 1.8.7 - Unspecified Cross-Site Scripting (XSS)

The WordPress Landing Pages WordPress plugin was affected by an Unspecified Cross-Site Scripting XSS security vulnerability...

4.3CVSS1.7AI score0.00923EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2015/06/05 12:0 a.m.20 views

WP ViperGB < 1.3.16 - XSS

The WP-ViperGB WordPress plugin was affected by a XSS security vulnerability...

4.3CVSS2.1AI score0.00995EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2015/06/04 12:0 a.m.20 views

Events Manager < 5.5.7.1 - DOM Cross-Site Scripting (XSS)

The Events Manager WordPress plugin was affected by a DOM Cross-Site Scripting XSS security vulnerability...

4.3CVSS1.9AI score0.00923EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2015/05/25 12:0 a.m.20 views

WordPress Landing Pages <= 1.8.4 - XSS & SQL Injection

The WordPress Landing Pages WordPress plugin was affected by a XSS & SQL Injection security vulnerability...

6.5CVSS2.2AI score0.03947EPSS
Exploits7References2Affected Software1
WPVulnDB
WPVulnDB
added 2015/05/20 12:0 a.m.20 views

WP Photo Album Plus <= 6.1.2 - Stored Cross-Site Scripting (XSS)

The WP Photo Album Plus WordPress plugin was affected by a Stored Cross-Site Scripting XSS security vulnerability...

4.3CVSS1.4AI score0.02424EPSS
Exploits3References2Affected Software1
WPVulnDB
WPVulnDB
added 2015/05/06 12:0 a.m.20 views

eShop <= 6.3.11 - Remote Code Execution

The eshop WordPress plugin was affected by a Remote Code Execution security vulnerability...

4.3CVSS6.6AI score0.01291EPSS
Exploits2References2Affected Software1
WPVulnDB
WPVulnDB
added 2015/04/20 12:0 a.m.20 views

Related Posts < 1.8.2 - XSS

The related-posts WordPress plugin was affected by a XSS security vulnerability...

4.3CVSS1.9AI score0.00995EPSS
Exploits0References2Affected Software1
WPVulnDB
WPVulnDB
added 2015/04/12 12:0 a.m.20 views

Contact Form Plugin < 3.96 - XSS

The Contact Form by BestWebSoft WordPress plugin was affected by a XSS security vulnerability...

4.3CVSS2.4AI score0.00923EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2015/04/01 12:0 a.m.20 views

WP Business Intelligence Lite < 1.6.3 - SQL Injection

...

7.5CVSS1.7AI score0.01848EPSS
Exploits0References2Affected Software2
WPVulnDB
WPVulnDB
added 2015/03/23 12:0 a.m.20 views

AB Google Map Travel (AB-MAP) <= 3.4 - CSRF/Stored XSS

The AB Google Map Travel AB-MAP WordPress plugin was affected by a CSRF/Stored XSS security vulnerability...

6.8CVSS2.2AI score0.03859EPSS
Exploits2References3Affected Software1
WPVulnDB
WPVulnDB
added 2015/03/02 12:0 a.m.20 views

Photocrati Theme 4.x.x - SQL Injection

PoC http://www.example.com/wp-content/themes/photocrati-theme-path/ecomm-sizes.php?prodid=SQL...

7.5CVSS0.4AI score0.04737EPSS
Exploits2References3Affected Software2
WPVulnDB
WPVulnDB
added 2014/12/27 12:0 a.m.20 views

Frontend Uploader <= 0.9.2 - Unauthenticated Cross-Site Scripting (XSS)

The Frontend Uploader WordPress plugin was affected by an Unauthenticated Cross-Site Scripting XSS security vulnerability. PoC http://localhost:8080/?pageid=0&fu-disallowed-mime-type0name=%3CSCRIPT%20SRC=http://ha.ckers.org/xss.js?%3C%20B%20%3E...

4.3CVSS0.5AI score0.06701EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2014/12/18 12:0 a.m.20 views

Simplelife <= 1.2 - Multiple CSRF

Plugin is still affected and has been closed...

6.8CVSS2.3AI score0.01001EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2014/12/18 12:0 a.m.20 views

Tweetscribe <= 1.1 - Multiple CSRF

Plugin is still affected and has been closed...

6.8CVSS2AI score0.01001EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2014/12/17 2:0 p.m.20 views

Bird Feeder <= 1.2.3 - CSRF & XSS

The bird-feeder WordPress plugin was affected by a CSRF & XSS security vulnerability...

6.8CVSS2.5AI score0.01151EPSS
Exploits4References2Affected Software1
WPVulnDB
WPVulnDB
added 2014/12/12 12:0 a.m.20 views

WP Popup <= 1.3 - XSS & CSRF

It is unclear if the issues have been fixed. Plugin has been closed...

6.8CVSS2.2AI score0.01151EPSS
Exploits1References3Affected Software1
WPVulnDB
WPVulnDB
added 2014/11/19 6:54 p.m.20 views

Paid Memberships Pro 1.7.14.2 - Path Traversal

The Paid Memberships Pro WordPress plugin was affected by a Path Traversal security vulnerability...

5CVSS2.6AI score0.18558EPSS
Exploits5References1Affected Software1
WPVulnDB
WPVulnDB
added 2014/11/14 11:1 a.m.20 views

VN-Calendar <= 1.0 - Multiple Cross-Site Scripting (XSS)

The vn-calendar WordPress plugin was affected by a Multiple Cross-Site Scripting XSS security vulnerability...

4.3CVSS1.5AI score0.01618EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
added 2014/10/30 12:0 a.m.20 views

Gr& Flagallery <= 4.24 - Full Path Disclosure

The Album and Image Gallery with Lightbox – Flagallery Photo Portfolio WordPress plugin was affected by a Full Path Disclosure security vulnerability...

5CVSS1.5AI score0.01949EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
added 2014/10/15 12:0 a.m.20 views

Cforms < 10.5 - XSS

The cforms WordPress plugin was affected by a XSS security vulnerability...

4.3CVSS2.2AI score0.00913EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2014/10/07 4:26 p.m.20 views

Wordfence <= 5.2.4 - Multiple Vulnerabilities (XSS & Bypasses)

The Wordfence Security – Firewall & Malware Scan WordPress plugin was affected by a Multiple Vulnerabilities XSS & Bypasses security vulnerability...

4.3CVSS1.5AI score0.02259EPSS
Exploits2References2Affected Software1
WPVulnDB
WPVulnDB
added 2014/10/01 12:0 a.m.20 views

Photo Gallery 1.1.30 - Cross Site Scripting

The Photo Gallery by 10Web – Mobile-Friendly Image Gallery WordPress plugin was affected by a Cross Site Scripting security vulnerability...

4.3CVSS1.9AI score0.02374EPSS
Exploits3References2Affected Software1
WPVulnDB
WPVulnDB
added 2014/09/27 12:26 p.m.20 views

SI CAPTCHA 2.7.4 - Cross-Site Scripting (XSS)

The si-captcha-for-wordpress WordPress plugin was affected by a Cross-Site Scripting XSS security vulnerability...

4.3CVSS1.5AI score0.02041EPSS
Exploits1References2Affected Software1
WPVulnDB
WPVulnDB
added 2014/09/27 12:4 p.m.20 views

DZS Video Gallery Plugin - RCE & More

The dzs-videogallery WordPress plugin was affected by a RCE & More security vulnerability...

4.3CVSS2.8AI score0.07309EPSS
Exploits0References2Affected Software1
WPVulnDB
WPVulnDB
added 2014/09/17 7:59 p.m.20 views

WP-Ban < 1.64 BlackList Bypass

The WP-Ban WordPress plugin was affected by security vulnerability...

4.3CVSS2.7AI score0.0244EPSS
Exploits3References2Affected Software1
WPVulnDB
WPVulnDB
added 2014/09/17 12:0 a.m.20 views

WooCommerce <= 2.2.2 - Reflected Cross-Site Scripting (XSS)

The WooCommerce WordPress plugin was affected by a Reflected Cross-Site Scripting XSS security vulnerability...

4.3CVSS1.8AI score0.02023EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
added 2014/08/01 10:59 a.m.20 views

Toolbox 1.4 - flyer.php mls Parameter SQL Injection

The toolbox WordPress theme was affected by a flyer.php mls Parameter SQL Injection security vulnerability...

2.6AI score
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2014/08/01 10:59 a.m.20 views

Pinboard 1.0.6 - includes/theme-options.php tab Parameter XSS

The Pinboard WordPress theme was affected by an includes/theme-options.php tab Parameter XSS security vulnerability...

3.5CVSS2.2AI score0.00832EPSS
Exploits1References2Affected Software1
WPVulnDB
WPVulnDB
added 2014/08/01 10:59 a.m.20 views

Cross RSS 1.7 - proxy.php rss Parameter Local File Inclusion

The cross-rss WordPress plugin was affected by a proxy.php rss Parameter Local File Inclusion security vulnerability...

5CVSS2.9AI score0.04306EPSS
Exploits1References2Affected Software1
WPVulnDB
WPVulnDB
added 2014/08/01 10:59 a.m.20 views

wp-football 1.1 - Multiple Cross-Site Scripting (XSS)

The wp-football WordPress plugin was affected by a Multiple Cross-Site Scripting XSS security vulnerability...

4.3CVSS1.5AI score0.01629EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
added 2014/08/01 10:59 a.m.20 views

Easy Banners 1.4 - Cross-Site Scripting (XSS)

The easy-banners WordPress plugin was affected by a Cross-Site Scripting XSS security vulnerability...

4.3CVSS2AI score0.01629EPSS
Exploits1References2Affected Software1
WPVulnDB
WPVulnDB
added 2014/08/01 10:59 a.m.20 views

Quick Page Post Redirect 5.0.4 - redirect-updates.php quickppr_redirects Parameter Stored XSS

The Quick Page/Post Redirect Plugin WordPress plugin was affected by a redirect-updates.php quickpprredirects Parameter Stored XSS security vulnerability...

6.8CVSS2.2AI score0.03466EPSS
Exploits5References3Affected Software1
WPVulnDB
WPVulnDB
added 2014/08/01 10:59 a.m.20 views

HK Exif Tags 1.11 - hk_exif_tags.php hk_exif_tags_images_process Function EXIF Tags H&ling Stored XSS

The HK Exif Tags WordPress plugin was affected by a hkexiftags.php hkexiftagsimagesprocess Function EXIF Tags H Stored XSS security vulnerability...

4.3CVSS1AI score0.01959EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2014/08/01 10:59 a.m.20 views

April's Super Functions Pack 1.4.7 - readme.php page Parameter Reflected XSS

The aprils-super-functions-pack WordPress plugin was affected by a readme.php page Parameter Reflected XSS security vulnerability...

4.3CVSS2.5AI score0.01948EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2014/08/01 10:59 a.m.20 views

Redirection - view/admin/log_item.php Non-existent Posts Referer HTTP Header XSS

The Redirection WordPress plugin was affected by a view/admin/logitem.php Non-existent Posts Referer HTTP Header XSS security vulnerability...

4.3CVSS0.4AI score0.02483EPSS
Exploits1Affected Software1
WPVulnDB
WPVulnDB
added 2014/08/01 10:59 a.m.20 views

Bradesco - falha.php URI Reflected XSS

The bradesco-gateway WordPress plugin was affected by a falha.php URI Reflected XSS security vulnerability...

4.3CVSS1.8AI score0.02023EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2014/08/01 10:59 a.m.20 views

qTranslate 2.5.34 - Setting Manipulation CSRF

The qtranslate WordPress plugin was affected by a Setting Manipulation CSRF security vulnerability...

6.8CVSS2.5AI score0.00978EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2014/08/01 10:59 a.m.20 views

Under Construction 1.08 - Setting Manipulation CSRF

The underConstruction WordPress plugin was affected by a Setting Manipulation CSRF security vulnerability...

6.8CVSS2.6AI score0.01118EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2014/08/01 10:59 a.m.20 views

AntiVirus 1.0 - PHP Backdoor Detection Bypass

The AntiVirus WordPress plugin was affected by a PHP Backdoor Detection Bypass security vulnerability...

2.7AI score
Exploits0References2Affected Software1
WPVulnDB
WPVulnDB
added 2014/08/01 10:58 a.m.20 views

Social Media Widget 4.0 - social-widget.php MITM Weakness Arbitrary Code Injection

The Social Media Widget WordPress plugin was affected by a social-widget.php MITM Weakness Arbitrary Code Injection security vulnerability...

5CVSS3.8AI score0.02374EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
added 2014/08/01 10:58 a.m.20 views

mobileview <= 1.0.7 - XSS in ZeroClipboard

The mobileview WordPress plugin was affected by a XSS in ZeroClipboard security vulnerability...

4.3CVSS2AI score0.06316EPSS
Exploits4References2Affected Software1
WPVulnDB
WPVulnDB
added 2014/08/01 10:58 a.m.20 views

Vitamin 1.0 - minify.php path Parameter Traversal Arbitrary File Access

The vitamin WordPress plugin was affected by a minify.php path Parameter Traversal Arbitrary File Access security vulnerability...

5CVSS4.3AI score0.03217EPSS
Exploits1Affected Software1
WPVulnDB
WPVulnDB
added 2014/08/01 10:58 a.m.20 views

WooCommerce 2.0.12 - index.php calc_shipping_state Parameter XSS

The WooCommerce WordPress plugin was affected by an index.php calcshippingstate Parameter XSS security vulnerability...

2.3AI score
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2014/08/01 10:58 a.m.20 views

LeagueManager 3.8 - SQL Injection

The LeagueManager WordPress plugin was affected by a SQL Injection security vulnerability...

7.5CVSS2.7AI score0.05231EPSS
Exploits8References1Affected Software1
WPVulnDB
WPVulnDB
added 2014/08/01 10:58 a.m.20 views

RokBox <= 2.13 - error_log Direct Request Error Log Information Disclosure

The wprokbox WordPress plugin was affected by an errorlog Direct Request Error Log Information Disclosure security vulnerability...

1.7AI score
Exploits0References4Affected Software1
Total number of security vulnerabilities5000