Lucene search
K
WpvulndbMost viewed

14602 matches found

WPVulnDB
WPVulnDB
added 2017/11/29 12:0 a.m.40 views

WordPress 1.5.0-4.9 - RSS and Atom Feed Escaping

...

3.5CVSS2.4AI score0.02376EPSS
Exploits0References2Affected Software1
WPVulnDB
WPVulnDB
added 2017/09/25 12:0 a.m.40 views

WordPress 4.4-4.8.1 - Cross-Site Scripting (XSS) in oEmbed

Description A cross-site scripting XSS vulnerability was discovered in the oEmbed discovery. Reported by xknown of the WordPress Security Team...

6.1CVSS6.1AI score0.02859EPSS
Exploits0References2
WPVulnDB
WPVulnDB
added 2014/05/11 12:0 a.m.40 views

Formidable Forms Pro <= 1.06.02 - ofc_upload_image.php Arbitrary File Upload

The Formidable Form Builder – Contact Form, Survey & Quiz Forms Plugin for WordPress WordPress plugin was affected by an ofcuploadimage.php Arbitrary File Upload security vulnerability...

7.5CVSS6.3AI score0.75838EPSS
Exploits8References3Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/24 12:0 a.m.39 views

Forminator < 1.29.0 - Unauthenticated Arbitrary File Upload

Description The Forminator – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 1.28.1. This makes it possible for unauthenticated attackers to upload arbitrary fil...

8AI score0.00708EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/02 12:0 a.m.39 views

LayerSlider 7.9.11 - 7.10.0 - Unauthenticated SQL Injection

Description The LayerSlider plugin for WordPress is vulnerable to SQL Injection via the lsgetpopupmarkup action in versions 7.9.11 and 7.10.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

9.8CVSS7.6AI score0.18402EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/02/07 12:0 a.m.39 views

Matomo < 5.0.1 - Reflected Cross-Site Scripting via idsite

Description The Matomo Analytics – Ethical Stats. Powerful Insights. plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the idsite parameter in all versions up to, and including, 4.15.3 due to insufficient input sanitization and output escaping. This makes it possible for...

6.1CVSS6.2AI score0.00499EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/02/06 12:0 a.m.39 views

Happy Addons for Elementor < 3.10.2 - Missing Authorization via add_row_actions

Description The Happy Addons for Elementor plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the addrowactions function in versions up to, and including, 3.10.1. This makes it possible for authenticated attackers, with contributor-level access...

4CVSS6.8AI score0.00375EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/12/23 12:0 a.m.39 views

Disable User Login < 1.3.9 - User Login Toggle via CSRF

Description The plugin does not have CSRF check in its bulk action, which could allow attackers to make logged in admins enable and disable login for arbitrary users via a CSRF attack...

8.8CVSS8.6AI score0.00264EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/23 12:0 a.m.39 views

Very Simple Google Maps < 2.9.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

Description The Very Simple Google Maps plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'vsgmap' shortcode in all versions up to, and including, 2.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible fo...

6.4CVSS5.9AI score0.00603EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/23 12:0 a.m.39 views

The Events Calendar < 6.2.8.1 - Unauthenticated Arbitrary Password Protected Post Read

Description The plugin discloses the content of password protected posts to unauthenticated users via a crafted request PoC Append "?view=single-event" to a password protected post, then view the source of the page and find the post content disclosed in...

7.5CVSS6.6AI score0.00776EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/23 12:0 a.m.39 views

ChatBot 4.8.6 - 4.9.6 - Authenticated (Administrator+) Stored Cross-Site Scripting in FAQ Builder

Description The ChatBot for WordPress is vulnerable to Stored Cross-Site Scripting via the FAQ Builder in versions 4.8.6 through 4.9.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to...

4.8CVSS5.9AI score0.00416EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/07/12 12:0 a.m.39 views

User Registration < 3.0.2.1 - Subscriber+ Arbitrary File Upload

The plugin uses a static encryption key and does not validate the file path when renaming profile pictures, which could allow any authenticated users, such as subscriber, to upload arbitrary files such as PHP on the server...

9.9CVSS7AI score0.01454EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/05/30 12:0 a.m.39 views

Jetpack < 12.1.1 - Author+ Arbitrary File Manipulation via API

The plugin does not validate uploaded files, allowing users with author roles or above to manipulate existing files on the site, deleting arbitrary files, and in rare cases achieve Remote Code Execution via phar deserialization. PoC curl --json ' "media": "tmpname": "/WPCONTENTPATH/wp-config.php"...

8.8CVSS9.3AI score0.04824EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2022/12/23 12:0 a.m.39 views

Greenshift – animation and page builder blocks < 4.8.9 - Contributor+ Stored XSS via Shortcode

The plugin does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack. PoC Exploit shortcode: wpreusablerender id='2' ajax='true' height='100px;width:100px;background:red;"...

5.4CVSS3.7AI score0.00393EPSS
Exploits1Affected Software1
WPVulnDB
WPVulnDB
added 2022/08/01 12:0 a.m.39 views

Simple Job Board < 2.10.0 - Resume Disclosure via Directory Listing

The plugin is susceptible to Directory Listing which allows the public listing of uploaded resumes in certain configurations. PoC curl https://example.com/wp-content/uploads/jobpost Search for this path / folder in search engines to find uploaded resumes...

5.3CVSS0.2AI score0.00787EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/04/01 12:0 a.m.39 views

Page Restriction WordPress < 1.2.7 - Admin+ Stored Cross-Site Scripting

The plugin allows bad actors with administrator privileges to the settings page to inject Javascript code to its settings leading to stored Cross-Site Scripting that will only affect administrator users. PoC In Page/Post Access tab, Use XSS Payload as " in any of the pages available. XSS will be...

4.8CVSS2.7AI score0.00577EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/03/29 12:0 a.m.39 views

LayerSlider < 7.1.2 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape Project's slug before outputting it back in various place, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfilteredhtml is disallowed PoC Proof of Concept PoC: ======================= 1. The store...

4.8CVSS4.9AI score0.02691EPSS
Exploits4Affected Software1
WPVulnDB
WPVulnDB
added 2022/02/28 12:0 a.m.39 views

Simple Link Directory < 7.7.2 - Unauthenticated SQL injection

The plugin does not validate and escape the postid parameter before using it in a SQL statement via the qcopdupvoteaction AJAX action available to unauthenticated and authenticated users, leading to an unauthenticated SQL Injection PoC curl 'http://example.com/wp-admin/admin-ajax.php' --data...

9.8CVSS3.6AI score0.10825EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2022/02/15 12:0 a.m.39 views

Photo Gallery by 10Web < 1.6.0 - Unauthenticated SQL Injection

The plugin does not validate and escape the bwgtagidbwgthumbnails0 parameter before using it in a SQL statement via the bwgfrontenddata AJAX action available to unauthenticated and authenticated users, leading to an unauthenticated SQL injection PoC...

9.8CVSS2.5AI score0.74615EPSS
Exploits4References1Affected Software1
WPVulnDB
WPVulnDB
added 2021/10/27 12:0 a.m.39 views

WPS Hide Login < 1.9.1 - Protection Bypass with Referer-Header

The plugin has a bug which allows to get the secret login page by setting a random referer string and making a request to /wp-admin/options.php as an unauthenticated user. PoC curl --referer "something" -sIXGET https://example.com/wp-admin/options.php HTTP/2 302 ... location:...

0.5AI score0.71532EPSS
Exploits5References1Affected Software1
WPVulnDB
WPVulnDB
added 2021/03/17 12:0 a.m.39 views

BuddyPress < 7.2.1 - REST API Privilege Escalation

The BuddyPress WordPress plugin, versions before 7.2.1, fixed a vulnerability that could allow a privilege escalation from a regular user to Administrator, using the BuddyPress REST API buddypress/v1/members/me endpoint...

9CVSS5.5AI score0.13882EPSS
Exploits2References3Affected Software1
WPVulnDB
WPVulnDB
added 2021/02/17 12:0 a.m.39 views

Custom Banners < 3.3 - CSRF Nonce Bypass in saveCustomFields

The plugin did not properly check the CSRF nonce in the saveCustomFields method, which could allow attackers to make a logged in user with the editpost capability to save custom fields in a post. Numerous sanitisation fixes were also added to v3.3 PoC Send a request without the...

4AI score
Exploits0References3Affected Software1
WPVulnDB
WPVulnDB
added 2021/02/08 12:0 a.m.39 views

WP Amour < 1.5.7 - Authenticated Stored Cross-Site Scripting (XSS)

The plugin did not sanitise and escape its setting fields, leading to Stored Cross-Site Scripting issues. Furthermore, the lack of CSRF checks could also allow attackers to trigger the XSS via CSRF attacks against a logged in administrator PoC...

4AI score
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2020/04/22 12:0 a.m.39 views

Advanced Woo Search < 2.00 - SQL query leak in ajax search

Every ajax search returns the raw SQL query in the response...

5CVSS1.5AI score0.01984EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2020/04/18 12:0 a.m.39 views

Rank Math 0.9~1.0.42.1 - Missing Access Controls to Disable Competitor Plugins

Missing access controls on the GET requests to deactivate competitors' plugins. This could allow any authenticated users such as subscribers to deactivate the SEO and Sitemap plugins from competitors. The attack could also be performed via CSRF. PoC...

4.4AI score
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2018/06/27 12:0 a.m.39 views

WordPress <= 4.9.6 - Authenticated Arbitrary File Deletion

Description This can lead to code execution if the wp-config.php file is deleted, forcing WordPress to start the installation process. Can be exploited by any user who is able to edit uploaded media...

8.8CVSS7.8AI score0.62558EPSS
Exploits4References5
WPVulnDB
WPVulnDB
added 2017/02/01 12:0 a.m.39 views

WordPress 4.7.0-4.7.1 - Unauthenticated Page/Post Content Modification via REST API

...

5CVSS8.5AI score0.81848EPSS
Exploits0References4Affected Software1
WPVulnDB
WPVulnDB
added 2017/01/11 12:0 a.m.39 views

WordPress <= 4.7 - Post via Email Checks mail.example.com by Default

...

5CVSS3.2AI score0.03224EPSS
Exploits0References2Affected Software1
WPVulnDB
WPVulnDB
added 2015/09/15 12:0 a.m.39 views

WordPress <= 4.3 - Authenticated Shortcode Tags Cross-Site Scripting (XSS)

PoC The following payload placed in a page or post does not work in comments: TEST!!!caption width="1" caption='Click me'...

4.3CVSS1.1AI score0.06389EPSS
Exploits2References3Affected Software1
WPVulnDB
WPVulnDB
added 2014/11/20 7:52 p.m.39 views

WordPress 3.0-3.9.2 - Unauthenticated Stored Cross-Site Scripting (XSS)

PoC " onmouseover="alert'hello';"...

4.3CVSS1.7AI score0.04978EPSS
Exploits1References3Affected Software1
WPVulnDB
WPVulnDB
added 2014/08/01 10:59 a.m.39 views

Contact Form 7 <= 3.5.2 - File Upload Remote Code Execution

The Contact Form 7 WordPress plugin was affected by a File Upload Remote Code Execution security vulnerability...

2.5AI score
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2014/08/01 10:58 a.m.39 views

WordPress 2.0 - 3.0.1 Cross-Site Scripting (XSS) in wp-admin/plugins.php

...

4.3CVSS1.3AI score0.01815EPSS
Exploits1Affected Software1
WPVulnDB
WPVulnDB
added 2024/03/26 12:0 a.m.38 views

Elementor Website Builder Pro < 3.20.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Form Widget SVGZ File Upload

Description The Elementor Website Builder Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an SVGZ file uploaded via the Form widget in all versions up to, and including, 3.20.1 due to insufficient input sanitization and output escaping. This makes it possible for...

6.4CVSS5.8AI score0.0032EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/24 12:0 a.m.38 views

File Manager Pro < 8.3.5 - Authenticated (Subscriber+) Arbitrary File Upload

Description The File Manager Pro plugin for WordPress is vulnerable to Arbitrary File Upload in all versions up to, and including, 8.3.4 via the mkcheckfilemanagerphpsyntax AJAX function. This makes it possible for authenticated attackers, with subscriber access and above, to execute code on the...

6.5CVSS6.6AI score0.15871EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/23 12:0 a.m.38 views

Flatsome < 3.17.6 - Unauthenticated PHP Object Injection

Description The Flatsome theme for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 3.17.5 via deserialization of untrusted input. This allows unauthenticated attackers to inject a PHP Object. If a POP chain is present via an additional plugin or theme installed o...

9.8CVSS7.8AI score0.0049EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/07/28 12:0 a.m.38 views

Multiple Plugins from Inisev - Subscriber+ Plugin Installation

Description Multiple plugins from the Inisev vendor are lacking authorisation in the handleinstallation function hooked to the inisevinstallation AJAX action, allowing any authenticated users, such as subscriber to install plugins from Inisev on the blog...

6.5CVSS6.6AI score0.00557EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/06/28 12:0 a.m.38 views

WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) < 7.6.5 - Authentication Bypass

The improper credential validation on the plugin allows unauthenticated attackers to escalate privileges if administrator's emails is known...

9.8CVSS7.2AI score0.46242EPSS
Exploits4Affected Software1
WPVulnDB
WPVulnDB
added 2023/06/08 12:0 a.m.38 views

Metform Elementor Contact Form Builder < 3.3.1 - Multiple Contributor+ Stored XSS via Shortcode

The plugin does not properly sanitize and escape user input when processed by many of its shortcodes, which could enable users with contributor privileges to conduct Stored Cross-Site Scripting attacks on the site. Affected shortcodes include mf, mffirstname, mflastname, and mfthankyou...

5.4CVSS5.9AI score0.0058EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/05/01 12:0 a.m.38 views

Product Addons & Fields for WooCommerce < 32.0.7 - Reflected Cross-Site Scripting

The plugin does not sanitize and escape some URL parameters, leading to Reflected Cross-Site Scripting. PoC Ensure WooCommerce is installed. Visit the following path, while logged in as an Admin: /wp-admin/admin.php?page=ppomid=5meta=edit&"=1...

6.1CVSS8.8AI score0.00952EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2023/04/18 12:0 a.m.38 views

YARPP - Yet Another Related Posts Plugin < 5.30.5 - Subscriber+ LFI

The plugin does not validate a parameter before using it in an include statement, allowing any authenticated users, such as subscriber to perform LFI attacks...

8.8AI score0.00843EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/04/18 12:0 a.m.38 views

YellowPencil Visual CSS Style Editor < 7.5.9 - Admin+ Stored XSS

The plugin does not sanitise and escape some parameters, which could allow users with a role of Admin to perform Cross-Site Scripting attacks...

4.8CVSS6.1AI score0.00352EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/03/20 12:0 a.m.38 views

TreePress – Easy Family Trees & Ancestor Profiles < 3.0.0 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some parameters, which could allow users with the Admin role to perform Cross-Site Scripting attacks...

5.9CVSS6AI score0.00369EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/03/06 12:0 a.m.38 views

Multiple e-plugins - Subscriber+ Privilege Escalation

The plugins, sold by the same developer e-plugins, do not implementing any security measures in some AJAX calls. For example in the file plugin.php, the function ivdirectoriesupdateprofilesetting uses updateusermeta with any data provided by the ajax call, which can be used to give the logged in...

8.8CVSS8.4AI score0.00905EPSS
Exploits2References1Affected Software11
WPVulnDB
WPVulnDB
added 2023/02/28 12:0 a.m.38 views

Smart Slider 3 < 3.5.1.14 - Contributor+ Stored XSS

The plugin does not properly validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks PoC smartslider3...

5.4CVSS5.4AI score0.00478EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2023/02/13 12:0 a.m.38 views

Beautiful Cookie Consent Banner < 2.10.2 - Unauthenticated Stored XSS

The plugin does not have authorisation and CSRF check when updating its settings, and does not escape some of them when outputting them, which could allow unauthenticated attackers to perform Stored Cross-Site Scripting attacks. An initial fix was released in version 2.10.1, and completed in...

2.2AI score
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2022/07/25 12:0 a.m.38 views

Transposh WordPress Translation <= 1.0.8 - Usernames Disclosure

The plugin does not have any authorisation in its tphistory AJAX action, allowing unauthenticated users to call it and retrieve a list of usernames which translated text...

5.3CVSS3.4AI score0.0305EPSS
Exploits4Affected Software1
WPVulnDB
WPVulnDB
added 2022/04/11 12:0 a.m.38 views

Photo Gallery < 1.6.3 - Unauthenticated SQL Injection

The plugin does not properly escape the $POST'filtertag' parameter, which is appended to an SQL query, making SQL Injection attacks possible. PoC POST /wp-admin/admin-ajax.php?imageid=123 HTTP/1.1 Accept: application/json, text/javascript, /; q=0.01 Accept-Language: zh,en;q=0.5 Accept-Encoding:...

9.8CVSS0.5AI score0.23459EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2021/11/10 12:0 a.m.38 views

WP Reset Pro < 5.99 - Database Reset via CSRF

The plugin does not have CSRF check when resetting the database, which could allow attacker to make logged in users reset it Note: This affect only the pro version of the plugin, however both the free and pro have the same slug...

8.8CVSS8.3AI score0.00685EPSS
Exploits1Affected Software1
WPVulnDB
WPVulnDB
added 2021/06/16 12:0 a.m.38 views

Filebird 4.7.3 - Unauthenticated SQL Injection

The Filebird Plugin 4.7.3 introduced a SQL injection vulnerability as it is making SQL queries without escaping user input data from a HTTP post request. This is a major vulnerability as the user input is not escaped and passed directly to the getcol function and it allows SQL injection. The Rest...

9.8CVSS9.9AI score0.02793EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2021/05/25 12:0 a.m.38 views

SP Project & Document Manager < 4.22 - Authenticated Shell Upload

The plugin allows users to upload files, however, the plugin attempts to prevent php and other similar files that could be executed on the server from being uploaded by checking the file extension. It was discovered that php files could still be uploaded by changing the file extension's case, for...

8.8CVSS0.2AI score0.52007EPSS
Exploits8References2Affected Software1
Total number of security vulnerabilities5000