Lucene search
K
WpvulndbMost viewed

14602 matches found

WPVulnDB
WPVulnDB
•added 2023/12/09 12:0 a.m.•19 views

Guest Author < 2.4 - Authenticated (Author+) Stored Cross-Site Scripting

Description The Guest Author plugin for WordPress is vulnerable to Stored Cross-Site Scripting via author name in versions up to, and including, 2.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level access and above, ...

5.9CVSS5.9AI score0.00374EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
•added 2023/12/09 12:0 a.m.•19 views

Structured Content < 1.6 - Contributor+ PHP Object Injection

Description The plugin is vulnerable to PHP Object Injection via deserialization of untrusted input. This makes it possible for attackers, with contributor-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable plugin. If a POP chain is present via an...

9.8CVSS9.7AI score0.00746EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
•added 2023/12/09 12:0 a.m.•19 views

AppMySite < 3.11.1 - Unauthenticated Information Disclsoure

Description The plugin is vulnerable to Sensitive Information Exposure, allowing unauthenticated attackers to extract sensitive user or configuration data...

7.5CVSS8AI score0.00452EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
•added 2023/12/09 12:0 a.m.•19 views

Symbiostock Lite <= 6.0.0 - Authenticated (Shop Manager+) Arbitrary File Upload

Description The Symbiostock – Sell Photos Online For Free! plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 6.0.0. This makes it possible for authenticated attackers, with shop manager-level access and above, to...

9.1CVSS7.6AI score0.00646EPSS
Exploits0References1
WPVulnDB
WPVulnDB
•added 2023/12/09 12:0 a.m.•19 views

WPsoonOnlinePage <= 1.9 - Cross-Site Request Forgery

Description The WPsoonOnlinePage plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.9. This is due to missing or incorrect nonce validation on an unknown function. This makes it possible for unauthenticated attackers to perform an unauthorized...

8.8CVSS6.3AI score0.00264EPSS
Exploits0References1
WPVulnDB
WPVulnDB
•added 2023/12/08 12:0 a.m.•19 views

WP Pocket URLs <= 1.0.2 - Reflected Cross-Site Scripting

Description The WP Pocket URLs plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 1.0.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages tha...

7.1CVSS6.5AI score0.00403EPSS
Exploits0References1
WPVulnDB
WPVulnDB
•added 2023/12/08 12:0 a.m.•19 views

Crypto Converter Widget < 1.8.4 - Contributor+ Stored XSS

Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

6.5CVSS5.9AI score0.00385EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
•added 2023/12/08 12:0 a.m.•19 views

Doofinder for WooCommerce < 2.1.8 - Reflected Cross-Site Scripting

Description The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

7.1CVSS5.9AI score0.00403EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
•added 2023/12/08 12:0 a.m.•19 views

teachPress < 9.0.6 - Cross-Site Request Forgery via delete_database()

Description The teachPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 9.0.5. This is due to missing or incorrect nonce validation on the deletedatabase function. This makes it possible for unauthenticated attackers to clear the database...

8.8CVSS6.1AI score0.0027EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
•added 2023/12/08 12:0 a.m.•19 views

Formzu WP < 1.6.7 - Contributor+ Stored XSS via id

Description The plugin does not validate and escape the ‘id’ parameter, allowing users with the contributor role and above perform Stored XSS attacks...

6.5CVSS5.6AI score0.00409EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
•added 2023/12/08 12:0 a.m.•19 views

BP Better Messages < 2.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode

Description The Better Messages – Live Chat for WordPress, BuddyPress, PeepSo, Ultimate Member, BuddyBoss plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 2.4.0 due to insufficient input sanitization and output...

6.5CVSS5.9AI score0.00385EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
•added 2023/12/07 12:0 a.m.•19 views

ArtPlacer Widget < 2.20.7 - Editor+ SQLi

Description The plugin does not sanitize and escape the "id" parameter before submitting the query, leading to a SQLI exploitable by editors and above. Note: Due to the lack of CSRF check, the issue could also be exploited via a CSRF against a logged editor or above PoC As an editor, open...

8.8CVSS6.4AI score0.00415EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2023/12/02 12:0 a.m.•19 views

Molongui < 4.6.20 - Authenticated (Administrator+) Stored Cross-Site Scripting

Description The Author Box, Guest Author and Co-Authors for Your Posts – Molongui plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 4.6.19 due to insufficient input sanitization and output escaping. This makes it possible fo...

5.9CVSS5.9AI score0.00386EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
•added 2023/11/29 12:0 a.m.•19 views

Salon booking system < 8.7 - Authenticated (Editor+) Privilege Escalation

Description The Salon booking system plugin for WordPress is vulnerable to privilege escalation in all versions up to, but excluding, 8.7. This makes it possible for authenticated attackers, with editor-level access and above, to escalate their privileges to that of an administrator...

7.3AI score0.00524EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
•added 2023/11/29 12:0 a.m.•19 views

Easy Social Icons < 3.2.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode

Description The Easy Social Icons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 3.2.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.5CVSS5.9AI score0.00377EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
•added 2023/11/28 12:0 a.m.•19 views

WP Mail Log < 1.1.3 – Contributor+ SQL Injection in wml_logs/send_mail endpoint

Description The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as Contributor. PoC Run the following within any page on the site. Notice that the request is delayed by the SLEEP call i...

8.8CVSS7.2AI score0.10826EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2023/11/28 12:0 a.m.•19 views

BookingPress < 1.0.77 - Authenticated (Administrator+) Arbitrary File Upload

Description The BookingPress plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file validation on the 'bookingpressprocessupload' function in versions up to, and including, 1.0.76. This makes it possible for authenticated attackers with administrator-level...

7.2CVSS7.7AI score0.01231EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
•added 2023/11/28 12:0 a.m.•19 views

MyBookTable Bookstore < 3.3.5 - API Key Update via CSRF

Description The plugin does not have CSRF check when updating its API key via the mbtapikeyrefreshajax function, which could allow attackers to make logged in admins update it via a CSRF attack...

8.8CVSS8.9AI score0.00256EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
•added 2023/11/24 12:0 a.m.•19 views

GiveWP < 2.33.4 - Cross-Site Request Forgery to plugin deactivation

Description The GiveWP plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.33.3. This is due to missing or incorrect nonce validation on the givesendwpdisconnect function. This makes it possible for unauthenticated attackers to deactivate the SendW...

5.4CVSS6.6AI score0.00259EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
•added 2023/11/24 12:0 a.m.•19 views

GiveWP < 2.33.4 - Cross-Site Request Forgery to Stripe Integration Deletion

Description The GiveWP plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.33.3. This is due to missing or incorrect nonce validation on the givestripedisconnectconnectstripeaccount function. This makes it possible for unauthenticated attackers to...

5.4CVSS6.6AI score0.00248EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
•added 2023/11/24 12:0 a.m.•19 views

Folders < 2.9.3 - Authenticated (Author+) Arbitrary File Upload in handle_folders_file_upload

Description The Folders plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the handlefoldersfileupload function in versions up to, and including, 2.9.2. This makes it possible for authenticated attackers, with author-level permissions or above, to...

9.1CVSS8AI score0.00661EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
•added 2023/11/23 12:0 a.m.•19 views

miniorange otp verification < 4.2.2 - Missing Authorization via dismiss_notice

Description The miniorange otp verification plugin for WordPress is vulnerable to unauthorized admin notice dismissal due to a missing capability check on the dismissnotice function in versions up to, and including, 4.2.1. This makes it possible for authenticated attackers, with subscriber-level...

6.7AI score0.00328EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
•added 2023/11/23 12:0 a.m.•19 views

Parcel Pro < 1.6.12 - Open Redirect

Description The plugin does not validate the redirect parameter before redirecting the user to its value, leading to an Open Redirect issue...

6.1CVSS6.5AI score0.00414EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
•added 2023/11/23 12:0 a.m.•19 views

Thrive Theme Builder < 3.24.2 - Cross-Site Request Forgery

Description The theme does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...

8.8CVSS9.4AI score0.00304EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
•added 2023/11/23 12:0 a.m.•19 views

ANAC XML Bandi di Gara <= 7.5 - Authenticated (Editor+) Stored Cross-Site Scripting

Description The ANAC XML Bandi di Gara plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an unknown parameter in versions up to, and including, 7.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with editor-level...

5.9CVSS6AI score0.00406EPSS
Exploits0References1
WPVulnDB
WPVulnDB
•added 2023/11/23 12:0 a.m.•19 views

News & Blog Designer Pack – WordPress Blog Plugin < 3.4.2 - Unauthenticated Remote Code Execution via Local File Inclusion

Description The News & Blog Designer Pack – WordPress Blog Plugin — Blog Post Grid, Blog Post Slider, Blog Post Carousel, Blog Post Ticker, Blog Post Masonry plugin for WordPress is vulnerable to Remote Code Execution via Local File Inclusion in all versions up to, and including, 3.4.1 via the...

9.8CVSS10AI score0.04262EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
•added 2023/11/23 12:0 a.m.•19 views

PHP to Page <= 0.3 - Authenticated (Subscriber+) Local File Inclusion to Remote Code Execution via Shortcode

Description The PHP to Page plugin for WordPress is vulnerable Local File Inclusion to Remote Code Execution in versions up to, and including, 0.3 via the 'php-to-page' shortcode. This allows authenticated attackers with subscriber-level permissions or above, to include local file and potentially...

9.9CVSS8.7AI score0.01383EPSS
Exploits1References1
WPVulnDB
WPVulnDB
•added 2023/11/23 12:0 a.m.•19 views

Post Sliders & Post Grids <= 1.0.20 - Authenticated (Administrator+) Stored Cross-Site Scripting

Description The Post Sliders & Post Grids plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.0.20 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

4.8CVSS5.9AI score0.00397EPSS
Exploits0References1
WPVulnDB
WPVulnDB
•added 2023/11/23 12:0 a.m.•19 views

E2Pdf < 1.20.19 - Authenticated (Administrator+) PHP Object Injection

Description The E2Pdf plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.20.18 via deserialization of untrusted input within the importaction and ajaxupload functions. This makes it possible for authenticated attackers, with administrative-level...

7.2CVSS7.4AI score0.00735EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
•added 2023/11/23 12:0 a.m.•19 views

Admin Bar & Dashboard Control < 1.2.9 - Authenticated (Administrator+) Stored Cross-Site Scripting

Description The Admin Bar & Dashboard Access Control plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to 1.2.9 exclusive due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

4.8CVSS5.9AI score0.00357EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
•added 2023/11/23 12:0 a.m.•19 views

Delete Duplicate Posts < 4.9 - Missing Authorization via AJAX Actions

Description The Delete Duplicate Posts plugin for WordPress is vulnerable to unauthorized deletion of data due to a missing capability check on some of its AJAX actions in all versions up to 4.9 exclusive. This makes it possible for authenticated attackers, with subscriber access or higher, to...

9.8CVSS6.8AI score0.00509EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
•added 2023/11/23 12:0 a.m.•19 views

Tab Ultimate < 1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

Description The Tab Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 1.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

6.4CVSS5.9AI score0.00544EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
•added 2023/11/23 12:0 a.m.•19 views

Integration for Contact Form 7 and Constant Contact < 1.1.5 - Open Redirect

Description The Integration for Constant Contact and Contact Form 7, WPForms, Elementor, Ninja Forms plugin for WordPress is vulnerable to Open Redirect in all versions up to, and including, 1.1.4. This is due to insufficient validation a redirect url. This makes it possible for unauthenticated...

6.1CVSS6.9AI score0.00382EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
•added 2023/11/16 12:0 a.m.•19 views

ImageMapper <= 1.2.6 - Subscriber+ Arbitrary Post Deletion

Description The plugin does not authoring in its imgmapdeleteareaajax AJAX action, allowing any authenticated users, such as subscriber to delete arbitrary posts and pages...

5.4CVSS8.8AI score0.00403EPSS
Exploits0
WPVulnDB
WPVulnDB
•added 2023/11/15 12:0 a.m.•19 views

Forminator < 1.28.0 - Admin+ Arbitrary File Upload

Description The plugin does not properly blacklist files via the forminatorallowedmimetypes function, which could allow administrator to upload arbitrary file. However, RCE can not be achieved due to htaccess configuration...

6.6CVSS7.2AI score0.00866EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
•added 2023/11/13 12:0 a.m.•19 views

PowerPress Podcasting < 11.0.7 - Contributor+ SSRF

Description The plugin does not validate a parameter before making a request to it via the powerpressmediainfo AJAX action, which could allow Contributor and above role to perform SSRF attacks...

6.5CVSS7AI score0.00381EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2023/11/10 12:0 a.m.•19 views

Simple Giveaways < 2.46.1 - CSRF

Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...

8.8CVSS7.1AI score0.00306EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2023/11/08 12:0 a.m.•19 views

Basic Interactive World Map < 2.7 - Admin+ Stored XSS

Description The plugin does not validate and escape some parameters, which could allow users with the admin role and above to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS6AI score0.00397EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2023/11/07 12:0 a.m.•19 views

wpDiscuz < 7.6.12 - Missing Authorization in AJAX Actions

Description The plugin is vulnerable to unauthorized use of functionality due to a missing capability check on functions corresponding to AJAX actions in versions up to, and including, 7.6.3. This makes it possible for authenticated attackers, with subscriber-level access and above, to view user...

6.1AI score0.004EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2023/11/06 12:0 a.m.•19 views

kk Star Ratings < 5.4.6 - Rating Tampering via Race Condition

Description The plugin does not implement atomic operations, allowing one user vote multiple times on a poll due to a Race Condition. PoC 1- Install and activate kk Star Ratings. 2- Go to the page that displays the star rating. 3- Using Burp and the Turbo Intruder extension, intercept the rating...

5.9CVSS5.8AI score0.00414EPSS
Exploits5Affected Software1
WPVulnDB
WPVulnDB
•added 2023/11/03 12:0 a.m.•19 views

Groundhogg < 2.7.11.11 - Admin+ Stored XSS

Description The plugin does not validate and escape some parameters, which could allow users with the admin role and above to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5.9CVSS5.6AI score0.00316EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
•added 2023/10/27 12:0 a.m.•19 views

User Feedback < 1.0.10 - Unauthenticated Stored XSS

Description The plugin does not validate and escape some parameters, which could allow unauthenticated users to perform Stored Cross-Site Scripting attacks...

7.1CVSS5.8AI score0.00354EPSS
Exploits0References2Affected Software1
WPVulnDB
WPVulnDB
•added 2023/10/27 12:0 a.m.•19 views

Article Analytics <= 1.0 - Unauthenticated SQL injection

Description The plugin does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection vulnerability. PoC On a Wordpress blog using MySQL the following PoC allows to extract the hash of the...

9.8CVSS6.9AI score0.01012EPSS
Exploits2References1
WPVulnDB
WPVulnDB
•added 2023/10/27 12:0 a.m.•19 views

WP Post Popup <= 3.7.3 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its inputs, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC Enter the following payload in the...

4.8CVSS4.9AI score0.00425EPSS
Exploits2
WPVulnDB
WPVulnDB
•added 2023/10/27 12:0 a.m.•19 views

Conversios.io < 6.5.4 - Reflected XSS

Description The plugin does not sanitise and escape some parameters before outputting them back in the page, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

7.1CVSS5.7AI score0.00331EPSS
Exploits0References2Affected Software1
WPVulnDB
WPVulnDB
•added 2023/10/26 12:0 a.m.•19 views

WP Hotel Booking < 2.0.9 - Contributor+ Arbitrary Post Deletion

Description The plugin does not have proper authorisation when deleting a package, allowing Contributor and above roles to delete posts that do no belong to them PoC Run the below command in the developer console of the web browser while being on the blog as a Contributor user. This will put the...

5.4CVSS6.3AI score0.0052EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2023/10/25 12:0 a.m.•19 views

Internal Link Building <= 1.2.3 - CSRF

Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...

8.8CVSS6.5AI score0.00271EPSS
Exploits0References2
WPVulnDB
WPVulnDB
•added 2023/10/24 12:0 a.m.•19 views

Google Calendar Events < 3.2.6 - Cross-Site Request Forgery (CSRF)

Description The Plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...

8.8CVSS6.5AI score0.00277EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
•added 2023/10/24 12:0 a.m.•19 views

AI ChatBot < 4.9.1 - Missing authorization in AJAX calls

Description The plugin does not check capabilities when processing AJAX actions, allowing unauthenticated attackers to perform actions intended for higher privileged users...

9.8CVSS6.4AI score0.00531EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
•added 2023/10/24 12:0 a.m.•19 views

WP ULike < 4.6.9 - Contributor+ Stored Cross Site Scripting via Shortcode

Description The plugin does not validate and escape some parameters, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

6.5CVSS5.7AI score0.00409EPSS
Exploits0References2Affected Software1
Total number of security vulnerabilities5000