Lucene search
K
WpvulndbMost viewed

14602 matches found

WPVulnDB
WPVulnDB
•added 2022/04/15 12:0 a.m.•19 views

Simple Ajax Chat < 20220216 - Sensitive Information Disclosure

The plugin does not properly restrict access to the exported data via the sac-export.csv file, which could allow unauthenticated users to access it...

7.5CVSS4.3AI score0.04619EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2022/04/14 12:0 a.m.•19 views

Fancy Product Designer < 4.7.6 - Arbitrary File Upload via CSRF

The plugin is vulnerable to Cross-Site Request Forgery via the FPDAdminImport class that makes it possible for attackers to upload malicious files that could be used to gain webshell access to a server via a CSRF attack...

8.8CVSS4.8AI score0.00573EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
•added 2022/04/11 12:0 a.m.•19 views

Responsive Tabs < 4.0.6 - Author+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some parameters, which could allow users with a role as low as author to perform Cross-Site Scripting attacks PoC As author or above, create/edit a new Tab and put the following payload as its content:...

4.8CVSS2.7AI score0.00576EPSS
Exploits1Affected Software1
WPVulnDB
WPVulnDB
•added 2022/04/07 12:0 a.m.•19 views

Visual Form Builder < 3.0.7 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape the form's 'Email to' field , which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed PoC Create/edit a form and put the following payload in the 'E-mail To' field: " The XSS will ...

4.8CVSS2.4AI score0.00577EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/04/04 12:0 a.m.•19 views

Amr Users < 4.59.4 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed PoC Put the following payload in the "Name of list" field in the User Lists...

4.8CVSS2.7AI score0.00689EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/03/31 12:0 a.m.•19 views

ThirstyAffiliates Affiliate Link Manager < 3.10.5 - Subscriber+ Arbitrary Affiliate Links Creation

The plugin does not have authorisation and CSRF checks when creating affiliate links, which could allow any authenticated user, such as subscriber to create arbitrary affiliate links, which could then be used to redirect users to an arbitrary website PoC fetch"/wp-admin/admin-ajax.php", "headers"...

5.4CVSS2.9AI score0.00303EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/03/28 12:0 a.m.•19 views

SearchIQ < 3.9 - Unauthenticated Stored XSS

The plugin contains a flag to disable the verification of CSRF nonces, granting unauthenticated attackers access to the siqajax AJAX action and allowing them to perform Cross-Site Scripting attacks due to the lack of sanitisation and escaping in the customCss parameter PoC Once the plugin is...

6.1CVSS0.6AI score0.00852EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/03/23 12:0 a.m.•19 views

Hummingbird < 3.3.2 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape the Config Name, which could allow high privilege users, such as admin to perform cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed PoC Go to Hummingbird's Settings Configs edit the "Name and Description" and put the followi...

4.8CVSS1AI score0.0275EPSS
Exploits4Affected Software1
WPVulnDB
WPVulnDB
•added 2022/03/22 12:0 a.m.•19 views

Ninja Forms < 3.6.8 - Unauthenticated Email Address Disclosure

The plugin does not delete the temporary files created when exporting submissions, which could allow unauthenticated attackers to download them and get sensitive information such as the email address of users who submitted a form given that the file is publicly accessible, and with a guessable na...

1AI score
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2022/03/16 12:0 a.m.•19 views

Responsive Menu < 4.1.8 - Subscriber+ Arbitrary File Upload / Theme Deletion / Plugin Settings Update

The plugin is missing authorisation on multiple of its AJAX actions such as savemenuglobalsettings, and relying on CSRF nonces which are disclosed to any authenticated users. As a result, it could allow them to call the affected actions and lead to arbitrary file upload, theme deletion as well as...

8.8CVSS2.8AI score0.01262EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2022/03/07 12:0 a.m.•19 views

Drag and Drop Multiple File Upload - Contact Form 7 < 1.3.6.3 - Unauthenticated Stored XSS

The plugin allows SVG files to be uploaded by default via the dndcodedropzupload AJAX action, which could lead to Stored Cross-Site Scripting issue PoC POST /wp-admin/admin-ajax.php HTTP/1.1 Accept: application/json, text/javascript, /; q=0.01 Accept-Language: en-GB,en;q=0.5 Accept-Encoding: gzip...

5.4CVSS0.2AI score0.13575EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
•added 2022/02/23 12:0 a.m.•19 views

Amelia < 1.0.46 - Manager+ RCE

The plugin stores image blobs into actual files whose extension is controlled by the user, which may lead to PHP backdoors being uploaded onto the site. This vulnerability can be exploited by logged-in users with the custom "Amelia Manager" role. PoC import requests import base64 BASEURL =...

8.8CVSS8.7AI score0.01439EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/02/21 12:0 a.m.•19 views

Simple Theme Options < 1.7 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed PoC Put the following payload in any of textarea field settings of the plugin such as 'Google Analytics':...

4.8CVSS2.2AI score0.00612EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/02/21 12:0 a.m.•19 views

Petfinder Listings < 1.1 - Admin+ Stored Cross-Site Scripting

The plugin does not escape its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed PoC Put the following payload in any of the text field settings of the plugin such as 'Your Petfinder API Key v1.0': "...

4.8CVSS2.8AI score0.00612EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/02/21 12:0 a.m.•19 views

Event Manager for WooCommerce < 3.5.8 - Contributor+ SQL Injection

The plugin does not validate and escape the postauthorgutenberg parameter before using it in a SQL statement when creating/editing events, which could allow users with a role as low as contributor to perform SQL Injection attacks PoC Create or edit an event as a contributor, intercept the request...

8.8CVSS0.7AI score0.01511EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
•added 2022/02/16 12:0 a.m.•19 views

Flexi - Guest Submit < 4.20 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape various parameters before outputting them back in some pages such as the user dashboard, leading to a Reflected Cross-Site Scripting PoC Open the following URL when authenticated as any user: https://example.com/user-dashboard/?search=keyword:...

6.1CVSS6.1AI score0.00788EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/02/14 12:0 a.m.•19 views

LoginPress < 1.5.12 - Reflected Cross-Site Scripting

The plugin does not escape the redirect-page parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting PoC...

6.1CVSS0.7AI score0.00788EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/02/14 12:0 a.m.•19 views

UsersWP < 1.2.3.1 - Subscriber+ User Avatar Override

The plugin is missing access controls when updating a user avatar, and does not make sure file names for user avatars are unique, allowing a logged in user to overwrite another users avatar. PoC - Right click the thumbnail of another user and copy the image URL. It will be something like:...

4.3CVSS0.8AI score0.00644EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/02/07 12:0 a.m.•19 views

Catch Themes Demo Import < 2.1.1 - Admin+ Remote Code Execution

The plugin does not validate one of the file to be imported, which could allow high privivilege admin to upload an arbitrary PHP file and gain RCE even in the case of an hardened blog ie DISALLOWUNFILTEREDHTML, DISALLOWFILEEDIT and DISALLOWFILEMODS constants set to true PoC Author : qerogram impo...

7.2CVSS0.0142EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/01/27 12:0 a.m.•19 views

Price Table <= 0.2.2 - Contributor+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some parameters, which could allow users with a role as low as Contributor to perform Store Cross-Site Scripting attacks...

5.4CVSS3AI score0.00546EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2022/01/24 12:0 a.m.•19 views

Access Demo Importer < 1.0.8 - Data Reset via CSRF

The plugin does not have CSRF check in place which could allow an attacker to make a logged in admin reset the data of post/page/media...

8.1CVSS4AI score0.00462EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2022/01/24 12:0 a.m.•19 views

Access Demo Importer < 1.0.8 - Arbitrary Plugin Activation via CSRF

The plugin does not have CSRF check in place when activating installed plugins, which could allow an attacker to make a logged in admin perform such action via a CSRF attack...

6.5CVSS4.8AI score0.00474EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2022/01/24 12:0 a.m.•19 views

Duplicate Page or Post < 1.5.1 - Arbitrary Settings Update to Stored XSS

The plugin does not have any authorisation and has a flawed CSRF check in the wpdevartduplicatepostparametrssaveindb AJAX action, allowing any authenticated users, such as subscriber to call it and change the plugin's settings, or perform such attack via CSRF. Furthermore, due to the lack of...

3.5CVSS1.2AI score0.01582EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/01/18 12:0 a.m.•19 views

Image Photo Gallery Final Tiles Grid < 3.5.3 - Contributor+ Stored Cross-Site Scripting

The plugin does not sanitise and escape the Description field when editing a gallery, allowing users with a role as low as contributor to perform Cross-Site Scripting attacks against other users having access to the gallery dashboard PoC As a contributor, create/edit a gallery and add the followi...

5.4CVSS2.4AI score0.00595EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/01/18 12:0 a.m.•19 views

Five Star Business Profile and Schema < 2.1.7 - Subscriber+ Page Creation & Settings Update to Stored XSS

The plugin does not have any authorisation and CSRF in its bpfwpwelcomeaddcontactpage and bpfwpwelcomesetcontactinformation AJAX action, allowing any authenticated users, such as subscribers, to call them. Furthermore, due to the lack of sanitisation, it also lead to Stored Cross-Site Scripting...

5.4CVSS0.9AI score0.00591EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/01/13 12:0 a.m.•19 views

SpiderCalendar <= 1.5.65 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape the callback parameter before outputting it back in the page via the window AJAX action available to both unauthenticated and authenticated users, leading to a Reflected Cross-Site Scripting issue. Note: Vendor decided to close the plugin and it won't be...

6.1CVSS2.5AI score0.02291EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/01/13 12:0 a.m.•19 views

PHP Everywhere < 2.0.3 - Arbitrary Settings Update via CSRF

The plugin does not have CSRF check when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

8.8CVSS4.8AI score0.004EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
•added 2022/01/06 12:0 a.m.•19 views

Ultimate Reviews < 3.0.16 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some parameters available to high privilege users such as admin which could allow them to perform Cross-Site Scripting attacks woven when the unfilteredhtml capability is disallowed...

4.8CVSS3.8AI score0.00565EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2021/12/29 12:0 a.m.•19 views

Learning Courses < 5.0 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape the Email PDT identity token settings, which could allow high privilege users to perform cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed PoC Visit to Paypal Setting Under Learning Plugin Enter the XSS payload " in Email PD...

4.8CVSS2.2AI score0.00598EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2021/12/27 12:0 a.m.•19 views

WP Cookie User Info < 1.0.9 - Admin+ SQL Injection

The plugin does not sanitise or escape the id GET parameter before using it in a SQL statement, when retrieving the setting to edit in the admin dashboard, leading to an authenticated SQL Injection PoC...

7.2CVSS0.1AI score0.01316EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2021/12/20 12:0 a.m.•19 views

Event Calendar < 1.1.51 - Subscriber+ Event Creation

The plugin does not have proper authorisation and CSRF checks in the addcalendarevent AJAX actions, allowing users with a role as low as subscriber to create events PoC Adding calendar events: fetch"https://example.com/wp-admin/admin-ajax.php", "headers": "content-type":...

4.3CVSS2.2AI score0.00347EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2021/12/20 12:0 a.m.•19 views

SEUR Oficial < 1.7.0 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitize and escape some of its settings allowing high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed PoC Put the following payload in one of the plugin's settings: " Affected files:...

4.8CVSS2.7AI score0.00605EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2021/12/16 12:0 a.m.•19 views

Landing Page Builder < 1.4.9.6 - Authenticated Reflected Cross-Site Scripting (XSS)

The plugin was affected by a reflected XSS in page-builder-add on the ulpbpost admin page. PoC http://127.0.0.1:8001/wp-admin/edit.php?posttype=ulpbpost=page-builder-new-landing-page="+style=animation-name:rotation+onanimationstart=alert1+x=...

5.4CVSS0.9AI score0.01271EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2021/12/08 12:0 a.m.•19 views

WP Google Map < 1.8.1 - Subscriber+ Arbitrary Post Deletion and Plugin's Settings Update

The plugin does not have proper authorisation and CSRF in most of its AJAX actions, which could allow any authenticated users, such as subscriber to delete arbitrary posts and update the plugin's settings. v1.8.1 added authorisation checks, however CSRF was still missing and a separate advisory h...

5.7CVSS1.9AI score0.0042EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
•added 2021/12/06 12:0 a.m.•19 views

Chaty Free < 2.8.3 & Pro < 2.8.2 - Reflected Cross-Site Scripting

The plugins do not sanitise and escape the search parameter before outputting it back in the admin dashboard, leading to a Reflected Cross-Site Scripting PoC http://example.com/wp-admin/admin.php?page=chaty-contact-form-feed=%3C%2Fscript%3E%3Cimg+src+onerror%3Dalert%28/XSS/%29%3E...

6.1CVSS6.1AI score0.01806EPSS
Exploits2Affected Software2
WPVulnDB
WPVulnDB
•added 2021/12/01 12:0 a.m.•19 views

OMGF < 4.5.12 - Admin+ Arbitrary Folder Deletion via Path Traversal

The plugin does not validate the cache directory setting, allowing high privilege users to use a path traversal vector and delete arbitrary folders when uninstalling the plugin PoC As admin, put the following payload in the "Fonts Cache Directory" setting of the plugin: ../wp-includes, tick the...

4.9CVSS4.2AI score0.01021EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2021/11/29 12:0 a.m.•19 views

Typebot < 1.4.3 - Admin+ Stored Cross Site Scripting

The plugin does not sanitise and escape the Publish ID setting, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. PoC Put the following payload in the 'Publish ID or Full URL" setting and save: "...

4.8CVSS1.9AI score0.00598EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2021/11/23 12:0 a.m.•19 views

Gwolle Guestbook < 4.2.0 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape the gwollegbuseremail parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting issue in an admin page PoC...

6.1CVSS1.6AI score0.008EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2021/11/15 12:0 a.m.•19 views

Pixel Cat Lite < 2.6.3 - Admin+ Stored Cross-Site Scripting

The plugin does not escape some of its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml is disallowed PoC Put the following payload in the Google Product Category setting of the plugin at wp-admin/admin.php?page=fcapcsettingspag...

4.8CVSS4.6AI score0.00598EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2021/11/15 12:0 a.m.•19 views

Contact Form Advanced Database <= 1.0.8 - Unauthorised AJAX Calls

The plugin does not have any authorisation as well as CSRF checks in its deletecf7data and exportcf7data AJAX actions, available to any authenticated users, which could allow users with a role as low as subscriber to call them. The deletecf7data would lead to arbitrary metadata deletion, as well ...

4.3CVSS5.5AI score0.0037EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2021/11/08 12:0 a.m.•19 views

Bookly < 20.3.1 - Staff Member Stored Cross-Site Scripting

The plugin does not escape the Staff Full Name field before outputting it back in a page, which could lead to a Stored Cross-Site Scripting issue PoC As a Staff Member, put the following payload in your Full Name Booklyn -- Profile -- Edit -- Full Name: The XSS will be triggered when an admin ope...

5.4CVSS4.7AI score0.00604EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2021/11/08 12:0 a.m.•19 views

WooCommerce Currency Switcher < 1.3.7.1 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape the key parameter of the woocsupdateprofilesdata AJAX action available to any authenticated user before outputting it back in the response, leading to a Reflected cross-Site Scripting issue PoC POST /wp-admin/admin-ajax.php HTTP/1.1 Accept:...

6.1CVSS5.8AI score0.00795EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2021/11/01 12:0 a.m.•19 views

GenerateBlocks < 1.4.0 - Contributor+ Stored Cross-Site Scripting

The plugin does not validate the generateblocks/container block's tagName attribute, which could allow users with a role as low as contributor to perform Cross-Site Scripting attacks. PoC Add the following code in a post/page while in code editor mode with an Contributor account: Then view/previe...

5.4CVSS5.2AI score0.00604EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2021/11/01 12:0 a.m.•19 views

Check & Log Email < 1.0.4 - Reflected Cross-Site Scripting

The plugin does not escape the d parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting PoC With the "Enable Logs" setting activated: https://example.com/wp-admin/admin.php?page=check-email-logs="+style=animation-name:rotation+onanimationstart=alert/XSS//...

6.1CVSS6AI score0.00757EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2021/10/27 12:0 a.m.•19 views

Floating Social Media Icon <= 4.3.5 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise some parameter in the Social media Configuration form, which could allow high privilege users to perform Cross-Site Scripting...

6.1CVSS3.7AI score0.00547EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2021/10/26 12:0 a.m.•19 views

Mang Board WP < 1.6.9 - SQL Injection

The plugin does not validate and sanitise the ordertype parameter before using it in a SQL statement, leading to a SQL injection issue...

7.5CVSS8AI score0.01712EPSS
Exploits0References2Affected Software1
WPVulnDB
WPVulnDB
•added 2021/10/25 12:0 a.m.•19 views

Ninja Tables < 4.1.8 - Admin+ Stored Cross-Site Cross-Site Scripting

The plugin does not sanitise and escape some of its table fields, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed PoC Create a table, add a column with the following payload " as Name, then add data with the...

4.8CVSS2.2AI score0.00686EPSS
Exploits2References2Affected Software1
WPVulnDB
WPVulnDB
•added 2021/10/25 12:0 a.m.•19 views

MainWP Child < 4.1.8 - Admin+ SQL Injection

The plugin does not validate the orderby and order parameter before using them in a SQL statement, leading to an SQL injection exploitable by high privilege users such as admin when the Backup and Staging by WP Time Capsule plugin is installed PoC POST / HTTP/1.1 Accept:...

7.2CVSS1.3AI score0.01238EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2021/10/21 12:0 a.m.•19 views

Core Tweaks WP Setup <= 4.1 - Arbitrary Admin Account Creation / Admin Email Update via CSRF

The plugin allows to bulk-set many settings in WordPress, including the admin email, as well as creating a new admin account. There is no CSRF protection in place, allowing an attacker to arbitrary change the admin email or create another admin account and takeover the website via CSRF attacks Po...

4AI score0.00618EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2021/10/20 12:0 a.m.•19 views

BetterLinks < 1.2.6 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of imported link fields, which could lead to Stored Cross-Site Scripting issues when an admin import a malicious CSV. PoC Go to Plugin's Settings page, in "Tool" tab, import a CSV file with Betterlinks option. Put a simple XSS payload into "linktitle"...

5.4CVSS5.2AI score0.00604EPSS
Exploits2Affected Software1
Total number of security vulnerabilities5000