Lucene search
K
WpvulndbMost viewed

14602 matches found

WPVulnDB
WPVulnDB
•added 2023/01/06 12:0 a.m.•19 views

News & Blog Designer Pack < 3.3 - Contributor+ Stored XSS via Shortcode

The plugin does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack. PoC Exploit shortcode: bdpmasonry grid='1" onmouseover="alert1" style="background:red;"'...

5.4CVSS3.7AI score0.00438EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2023/01/04 12:0 a.m.•19 views

JetWidgets for Elementor < 1.0.13 - Settings Update via CSRF

The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

6.5CVSS4.7AI score0.00333EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2023/01/03 12:0 a.m.•19 views

CPT Bootstrap Carousel <= 1.12 - Contributor+ Stored XSS via Shortcode

The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. PoC Note: Fir...

5.4CVSS2.6AI score0.00534EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/12/27 12:0 a.m.•19 views

Google Analyticator < 6.5.6 - Admin+ PHP Object Injection

The plugin unserializes user input provided via the settings, which could allow high-privilege users such as admin to perform PHP Object Injection when a suitable gadget is present. PoC To simulate a gadget chain, put the following code in the plugin: class Evil public function wakeup : void...

7.2CVSS2AI score0.01046EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/12/23 12:0 a.m.•19 views

Tickera < 3.5.1.0- Plugin Data Deletion via CSRF

The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged-in admin change them via a CSRF attack. PoC 1. Navigate to Tickera Settings » Delete info 2. Delete info request intercept like that POST...

4.3CVSS4.4AI score0.00292EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/12/22 12:0 a.m.•19 views

Real Testimonials < 2.6.0 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. PoC Exploit...

5.4CVSS2.2AI score0.00471EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/12/21 12:0 a.m.•19 views

Page Scroll To ID < 1.7.6 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. PoC Put the...

5.4CVSS1.5AI score0.00471EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/12/20 12:0 a.m.•19 views

Ibtana – WordPress Website Builder < 1.1.8.8 - Contributor+ Stored XSS via Shortcode

The plugin does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack PoC Exploit shortcode: ive t='2100-01-01' id='" onmouseover="alert1" style="background:red;"'...

5.4CVSS3.7AI score0.00555EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/12/19 12:0 a.m.•19 views

Slimstat Analytics < 4.9.3 - Unauthenticated Stored XSS

The plugin does not sanitise and escape the URI when logging requests, which could allow unauthenticated attackers to perform Stored Cross-Site Scripting attacks against logged in admin viewing the logs PoC As an unauthenticated user, open the following URL https://example.com/?s=" The XSS will b...

6.1CVSS0.8AI score0.00642EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/12/14 12:0 a.m.•19 views

WP Table Reloaded <= 1.9.4 - Contributor+ Stored XSS

The plugin does not validate and escapes some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as a contributor to perform Stored Cross-Site Scripting attacks, which could be used against high privilege users such as admins. PoC Explo...

5.4CVSS1.3AI score0.00471EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/12/13 12:0 a.m.•19 views

WPQA < 5.9.3 - Missing validation lead to functionality abuse

The plugin which is a companion plugin used with Discy and Himer themes incorrectly tries to validate that a user already follows another in the wpqafollowingyouajax action, allowing a user to inflate their score on the site by having another user send repeated follow actions to them. PoC...

3.5CVSS1.4AI score0.00488EPSS
Exploits2Affected Software3
WPVulnDB
WPVulnDB
•added 2022/12/12 12:0 a.m.•19 views

LetsRecover < 1.2.0 - Unauthenticated SQLi

The plugin does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection. PoC GET /checkout/order-received/30/?key=wcorderKwss5kjkrhgKG HTTP/1.1 Host: localhost User-Agent: Mozilla/5.0 X11;...

9.8CVSS0.8AI score0.00997EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
•added 2022/12/12 12:0 a.m.•19 views

WP AutoComplete Search <= 1.0.4 - Unauthenticated SQLi

The plugin does not sanitise and escape a parameter before using it in a SQL statement via an AJAX available to unauthenticated users, leading to an unauthenticated SQL injection PoC Extract the nonce from the index page search for "wpautosearchconfig", look for the "nonce" field Invoke the...

9.8CVSS0.9AI score0.03595EPSS
Exploits5Affected Software1
WPVulnDB
WPVulnDB
•added 2022/12/09 12:0 a.m.•19 views

Superio - Job Board < 1.2.33 - Subscriber+ Stored Cross-Site Scripting

The theme does not sanitise and escape some parameters, which could allow users with a role as low as a subscriber to perform Stored Cross-Site Scripting attacks. PoC As a candidate, add the following payload on the Social Network option: javascript:alert1 As a recruiter, access the candidate pag...

5.4CVSS2.8AI score0.00484EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
•added 2022/12/07 12:0 a.m.•19 views

Panda Pods Repeater Field < 1.5.4 - Reflected XSS

The plugin does not sanitize and escapes a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against a user having at least Contributor permission. PoC 1. Install Pods plugin dependency - https://wordpress.org/plugins/pods 2. Install...

5.4CVSS0.1AI score0.00841EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/12/05 12:0 a.m.•19 views

Contest Gallery < 19.1.5.1 - Author+ SQL Injection

The plugins do not escape the upload POST parameter before concatenating it to an SQL query in get-data-create-upload-v10.php. This may allow malicious users with at least author privilege to leak sensitive information from the site's database. PoC POST...

6.5CVSS6.5AI score0.00854EPSS
Exploits2References1Affected Software2
WPVulnDB
WPVulnDB
•added 2022/12/05 12:0 a.m.•19 views

Contest Gallery < 19.1.5.1 - Unauthenticated SQL Injection

The plugins do not escape the userid POST parameter before concatenating it to an SQL query in ajax-functions-backend.php. This may allow malicious users with at least author privilege to leak sensitive information from the site's database. PoC POST /wp-admin/admin-ajax.php HTTP/1.1 Host:...

7.5CVSS7.5AI score0.0092EPSS
Exploits2References1Affected Software2
WPVulnDB
WPVulnDB
•added 2022/11/30 12:0 a.m.•19 views

Paytium < 4.3.7 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. PoC 1. Go to Playtium » Settings and in the 'Test...

4.8CVSS1.4AI score0.0047EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/11/30 12:0 a.m.•19 views

Custom Product Tabs for WooCommerce < 1.8.0 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS2.2AI score0.00392EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2022/11/29 12:0 a.m.•19 views

Simple:Press < 6.8.1 - Subscriber+ Stored XSS via Profile Signatures

The plugin does not sanitise and escape the postitem parameter when modifying profile signatures, which could allow any authenticated users, such as subscriber to perform Stored XSS attacks...

6.4CVSS4.3AI score0.00495EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2022/11/28 12:0 a.m.•19 views

Manage Notification E-mails < 1.8.3 - Settings Reset via CSRF

The plugin does not have CSRF check in place when reseting its settings, which could allow attackers to make a logged in admin reset them via a CSRF attack...

8.8CVSS5.1AI score0.00291EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2022/11/28 12:0 a.m.•19 views

JobBoardWP < 1.2.2 - Unauthenticated Arbitrary File Upload

The plugin does not properly validate file names and types in its file upload functionalities, allowing unauthenticated users to upload arbitrary files such as PHP. PoC Setup: 1. Install the vulnerable plugin jobboardwp version 1.2.1 2. In the toast message that appears on the plugin's...

7.5CVSS2.3AI score0.01354EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/11/28 12:0 a.m.•19 views

Popup Manager <= 1.6.6 - Unauthenticated Arbitrary Popup Deletion

The plugin does not have authorisation and CSRF checks when deleting popups, which could allow unauthenticated users to delete them PoC As an unauthenticated users, or via CSRF: fetch'/wp-admin/admin-ajax.php', method: 'POST', headers: new Headers 'Content-Type':...

4.3CVSS3.2AI score0.00274EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/11/22 12:0 a.m.•19 views

All-In-One Security < 5.1.1 - Bulk Actions via CSRF

The plugin does not have CSRF checks in some bulk actions, which could allow attackers to make logged in admins perform unwanted actions, such as delete arbitrary blocked IPs via CSRF attacks...

8.8CVSS4.9AI score0.00283EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2022/11/22 12:0 a.m.•19 views

Easy Video Player < 1.2.2.3 - Contributor+ Stored XSS

The plugin does not sanitize and escapes some parameters, which could allow users with a role as low as Contributor to perform Cross-Site Scripting attacks. PoC 1. Add a new post and add the payload there: evpembedvideo url='" onerror=alert/XSS/ "' 2. Preview the post, and the XSS will trigger...

5.4CVSS2.3AI score0.00507EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/11/21 12:0 a.m.•19 views

Betheme < 26.6 - Contributor+ PHP Object Injection

The plugin unserializes user input provided via the import, mfn-items-import-page, and mfn-items-import parameters passed through the mfnbuilderimport, mfnbuilderimportpage, importdata, importsinglepage, and importfromclipboard functions. This could allow users with a role as low as contributor t...

8.8CVSS0.5AI score0.01984EPSS
Exploits5References1Affected Software1
WPVulnDB
WPVulnDB
•added 2022/11/21 12:0 a.m.•19 views

Booster for WooCommerce - Custom Role Creation/Deletion via CSRF

The plugins does not properly check for CSRF when creating and deleting Customer roles, allowing attackers to make logged admins create and delete arbitrary custom roles via CSRF attacks PoC To delete the custom role dj it's possible to delete roles created by other plugins, make a logged in admi...

6.5CVSS1.4AI score0.00338EPSS
Exploits2Affected Software3
WPVulnDB
WPVulnDB
•added 2022/11/21 12:0 a.m.•19 views

Welcart e-Commerce < 2.8.4 - Multiple Subscriber+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some parameters, which could allow any authenticated users, such as subscriber to perform Stored Cross-Site Scripting attacks PoC add new payment method with XSS exploit: fetch'http://localhost/tester-wp/wp-admin/admin-ajax.php', method: 'POST', headers: ne...

5.4CVSS5.2AI score0.00468EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/11/21 12:0 a.m.•19 views

WooCommerce Shipping - DPD baltic < 1.2.57 - Subscriber+ Arbitrary Options Deletion

The plugin does not have authorisation and CSRF in an AJAX action, which could allow any authenticated users, such as subscriber to delete arbitrary options from the blog, which could make the blog unavailable. PoC Run the below command in the developer console of the web browser while being on t...

8.1CVSS1.9AI score0.00424EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/11/17 12:0 a.m.•19 views

Betheme < 26.6 - Subscriber+ PHP Object Injection

The plugin unserialize user input, which could allow low privilege users such as subscriber to perform PHP Object Injection when a suitable gadget is present...

8.8CVSS4.5AI score0.00615EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2022/11/10 12:0 a.m.•19 views

Advanced WP Columns <= 2.0.6 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. PoC Put the following payload in the plugin setti...

4.8CVSS2.3AI score0.00567EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/11/09 12:0 a.m.•19 views

REST API Authentication < 2.4.1 - Settings Update via CSRF

The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

8.8CVSS4.8AI score0.00264EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2022/11/07 12:0 a.m.•19 views

WPSmartContracts < 1.3.12 - Author+ SQLi

The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as author PoC Logon as an author and open the following URL, which will result in a delayed response...

8.8CVSS0.3AI score0.03663EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
•added 2022/11/03 12:0 a.m.•19 views

Analytics for WP <= 1.5.1 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. PoC 1. In the Settings page of this plugin, in th...

4.8CVSS0.7AI score0.00519EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/11/03 12:0 a.m.•19 views

reCAPTCHA <= 1.6 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. PoC 1. On the setting page of this plugin, enter...

4.8CVSS2.2AI score0.00532EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/11/03 12:0 a.m.•19 views

4ECPS Web Forms <= 0.2.17 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS4.7AI score0.00412EPSS
Exploits0
WPVulnDB
WPVulnDB
•added 2022/10/31 12:0 a.m.•19 views

WP-Polls < 2.76.0 - IP Validation Bypass

The plugin prioritizes getting a visitor's IP from certain HTTP headers over PHP's REMOTEADDR, which makes it possible to bypass IP-based limitations to vote in certain situations...

5.3CVSS2.1AI score0.0063EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
•added 2022/10/31 12:0 a.m.•19 views

Restaurant Menu < 2.3.1 - Unauthorised AJAX Calls

The plugin does not have authorisation and CSRF checks in some AJAX actions, allowing any authenticated users, such as subscriber to call them and perform unauthorised actions such as update the plugin's settings...

6.5CVSS4.3AI score0.00534EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2022/10/28 12:0 a.m.•19 views

Ultimate Member < 2.5.1 - Admin+ LFI via Traversal

The plugin does not validate and sanitize the pack parameter before using it in an include statement, which could allow high privilege users to perform local file inclusion attacks via a Traversal vector...

5.2AI score
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2022/10/28 12:0 a.m.•19 views

Ultimate Member < 2.5.1 - Contributor+ LFI via Traversal

The plugin does not validate and sanitize the template attribute of its shortcode before using it in an include statement, which could allow users with a role as low as contributor to perform local file inclusion attacks via a Traversal vector...

4.3CVSS4.8AI score0.02484EPSS
Exploits1Affected Software1
WPVulnDB
WPVulnDB
•added 2022/10/27 12:0 a.m.•19 views

All in One SEO Pro < 4.2.6 - Admin+ SSRF

The plugin does not validate a parameter before making a request to it, which could allow users with a role as low as Admin to perform SSRF attack...

6.5CVSS4AI score0.00553EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2022/10/21 12:0 a.m.•19 views

Quiz And Survey Master < 7.3.5 - Contributor+ Stored XSS

The plugin does not sanitise and escape some parameters, which could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks...

5.4CVSS3AI score0.00429EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2022/10/21 12:0 a.m.•19 views

WP Page Builder < 1.2.7 - Author+ Stored XSS

The plugin does not sanitise and escape some parameters, which could allow users with a role as low as Author to perform Cross-Site Scripting attacks...

5.4CVSS2.6AI score0.00409EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2022/10/21 12:0 a.m.•19 views

OAuth Client by DigitialPixies <= 1.1.0 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitize and escapes some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example, in multisite setup. PoC Put the following payload in any of the...

4.8CVSS2.9AI score0.00501EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/10/17 12:0 a.m.•19 views

WooCommerce Dropshipping < 4.4 - Unauthenticated SQLi

The plugin does not properly sanitise and escape a parameter before using it in a SQL statement via a REST endpoint available to unauthenticated users, leading to a SQL injection PoC curl -isk -X 'POST' -H "Content-Type: application/json" --data '"sku":"a" AND SELECT 42 FROM SELECTSLEEP5wlHd--...

9.8CVSS2.3AI score0.03686EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/10/12 12:0 a.m.•19 views

AB Press Optimizer <= 1.1.1 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS2.4AI score0.00396EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2022/10/10 12:0 a.m.•19 views

AWP Classifieds Plugin < 4.3 - Unauthenticated SQLi

The plugin does not properly sanitise and escape some parameters before using them in a SQL statement via an AJAX action available to unauthenticated users and when a specific premium module is active, leading to a SQL injection PoC To read the userlogin and userpass columns from the wpusers tabl...

9.8CVSS3.4AI score0.05103EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/10/03 12:0 a.m.•19 views

Retain Live Chat <= 0.1 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC Put the following payload in the Rtain App ID...

4.8CVSS1.8AI score0.00554EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/09/28 12:0 a.m.•19 views

Booking Ultra Pro <= 1.1.4 - Multiple CSRF

The plugin does not have CSRF check in some places, which could allow attackers to make logged in users perform unwanted actions...

8.8CVSS4.7AI score0.00265EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2022/09/21 12:0 a.m.•19 views

FavIcon Switcher <= 1.2.11 - Arbitrary Settings Change via CSRF

The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

5.4CVSS5AI score0.00255EPSS
Exploits0Affected Software1
Total number of security vulnerabilities5000