Lucene search
K
WpvulndbMost viewed

14602 matches found

WPVulnDB
WPVulnDB
added 2021/10/25 12:0 a.m.19 views

MainWP Child < 4.1.8 - Admin+ SQL Injection

The plugin does not validate the orderby and order parameter before using them in a SQL statement, leading to an SQL injection exploitable by high privilege users such as admin when the Backup and Staging by WP Time Capsule plugin is installed PoC POST / HTTP/1.1 Accept:...

7.2CVSS1.3AI score0.01238EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2021/10/21 12:0 a.m.19 views

Core Tweaks WP Setup <= 4.1 - Arbitrary Admin Account Creation / Admin Email Update via CSRF

The plugin allows to bulk-set many settings in WordPress, including the admin email, as well as creating a new admin account. There is no CSRF protection in place, allowing an attacker to arbitrary change the admin email or create another admin account and takeover the website via CSRF attacks Po...

4AI score0.00618EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2021/10/20 12:0 a.m.19 views

BetterLinks < 1.2.6 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of imported link fields, which could lead to Stored Cross-Site Scripting issues when an admin import a malicious CSV. PoC Go to Plugin's Settings page, in "Tool" tab, import a CSV file with Betterlinks option. Put a simple XSS payload into "linktitle"...

5.4CVSS5.2AI score0.00604EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2021/10/19 12:0 a.m.19 views

Advanced Access Manager < 6.8.0 - Admin+ Stored Cross-Site Scripting

The plugin does not escape some of its settings when outputting them, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed PoC Put the following payload in any of the plugin's settings with a text input: - v - v "Redirected to...

4.8CVSS0.6AI score0.00654EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2021/10/18 12:0 a.m.19 views

Insert Pages < 3.7.0 - Contributor+ Arbitrary Posts/Pages Access

The plugin allows users with a role as low as Contributor to access content and metadata from arbitrary posts/pages regardless of their author and status ie private, using a shortcode. Password protected posts/pages are not affected by such issue. PoC insert page='pageslug' display='all' Where...

4.3CVSS5.2AI score0.00913EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2021/10/18 12:0 a.m.19 views

Insert Pages < 3.7.0 - Contributor+ Stored Cross-Site Scripting

The plugin adds a shortcode that prints out other pages' content and custom fields. It can be used by users with a role as low as Contributor to perform Cross-Site Scripting attacks by storing the payload/s in another post's custom fields. PoC - Create a page A - Add a custom field containing JS...

5.4CVSS0.9AI score0.00604EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2021/10/14 12:0 a.m.19 views

WpGenius Job Listing <= 1.0.2 - Admin+ Stored Cross-Site Scripting

The plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via several parameters found in the /src/admin/class/class-wpgenious-job-listing-options.php file which allowed attackers with administrative user access to inject arbitrary web scripts...

5.5CVSS3.9AI score0.0088EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
added 2021/10/13 12:0 a.m.19 views

Colorful Categories < 2.0.15 - Arbitrary Colors Update via CSRF

The plugin does not enforce nonce checks which could allow attackers to make a logged in admin or editor change taxonomy colors via a CSRF attack PoC...

6.5CVSS5.2AI score0.00531EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2021/10/11 12:0 a.m.19 views

Pie Register < 3.7.1.6 - Unauthenticated SQL Injection

The plugin does not properly escape user data before using it in a SQL statement in the wp-json/pie/v1/login REST API endpoint, leading to an SQL injection. PoC POST /wp-json/pie/v1/login HTTP/1.1 Accept: application/json, text/javascript, /; q=0.01 Accept-Language: en-GB,en;q=0.5 Accept-Encoding...

9.8CVSS1.1AI score0.07542EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2021/10/11 12:0 a.m.19 views

Affiliate Manager < 2.8.7 - Admin+ SQL injection

The plugin does not validate the orderby parameter before using it in an SQL statement in the admin dashboard, leading to an SQL Injection issue PoC POST /wp-admin/admin.php?page=wpam-affiliates=exportdata=if=0,1,SLEEP10 HTTP/1.1 Accept:...

7.2CVSS2.2AI score0.01484EPSS
Exploits2References2Affected Software1
WPVulnDB
WPVulnDB
added 2021/10/07 12:0 a.m.19 views

Schreikasten <= 0.14.18 - Author+ SQL Injections

The plugin does not sanitise or escape the id GET parameter before using it in SQL statements in the comments dashboard from various actions, leading to authenticated SQL Injections which can be exploited by users as low as author PoC...

8.8CVSS8.8AI score0.01517EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2021/10/05 12:0 a.m.19 views

Perfect Survey < 1.5.2 - Unauthorised AJAX Call to Stored XSS / Survey Settings Update

The plugin does not have proper authorisation nor CSRF checks in the saveglobalsetting AJAX action, allowing unauthenticated users to edit surveys and modify settings. Given the lack of sanitisation and escaping in the settings, this could also lead to a Stored Cross-Site Scripting issue which wi...

0.2AI score0.00644EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2021/10/05 12:0 a.m.19 views

Batch Cat <= 0.3 - Subscriber+ Arbitrary Categories Add/Set/Delete to Posts

The plugin defines 3 custom AJAX actions, which both require authentication but are available for all roles. As a result, any authenticated user including simple subscribers can add/set/delete arbitrary categories to posts. PoC Set the category 107 to the post 1537: POST /wp-admin/admin-ajax.php...

6.5CVSS0.6AI score0.00873EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2021/09/28 12:0 a.m.19 views

AutomatorWP < 1.7.6 - Missing Authorization and Privilege Escalation

The plugin does not perform capability checks which allows users with Subscriber roles to enumerate automations, disclose title of private posts or user emails, call functions, or perform privilege escalation via Ajax actions. PoC Attack Procedures 1 Run this in Dashboard while logged in as...

8.8CVSS1.6AI score0.01294EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2021/09/20 12:0 a.m.19 views

MainWP Child Reports < 2.0.8 - Admin+ SQL Injection

The plugin does not validate or sanitise the order parameter before using it in a SQL statement in the admin dashboard, leading to an SQL injection issue PoC https://example.com/wp-admin/options-general.php?page=mainwp-reports-page=+AND+SELECT+7332 FROM+SELECTSLEEP5qiXg - the web page freezes for...

7.2CVSS7.3AI score0.01327EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2021/09/20 12:0 a.m.19 views

GamePress <= 1.1.0 - Reflected Cross-Site Scripting

The plugin does not escape the opedit POST parameter before outputting it back in multiple Game Option pages, leading to Reflected Cross-Site Scripting issues PoC Affected pages: op=engines, op=perspectives, op=modes, op=genres, op=themes, op=platforms...

6.1CVSS1.6AI score0.00745EPSS
Exploits1Affected Software1
WPVulnDB
WPVulnDB
added 2021/09/15 12:0 a.m.19 views

Shared Files < 1.6.57 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its settings before outputting them in attributes, which could lead to Stored Cross-Site Scripting issues. PoC Put the following payload in the "Folder for new files" and "Maximum size of uploaded file" settings of the plugin: "...

4.8CVSS0.7AI score0.00622EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2021/09/15 12:0 a.m.19 views

PlanSo Forms <= 2.6.3 - Authenticated Stored Cross-Site Scripting

The plugin does not escape the title of its Form before outputting it in attributes, allowing high privilege users such as admin to set XSS payload in it, even when the unfilteredhtml is disallowed, leading to an Authenticated Stored Cross-Site Scripting issue. Timeline July 12th, 2021 - Vendor...

4.8CVSS0.6AI score0.00618EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2021/09/13 12:0 a.m.19 views

Download from files <= 1.48 - Unauthenticated Arbitrary File Upload

The downloadfromfiles617fileupload AJAX action f the plugin, available to both unauthenticated and authenticated users does not properly restrict the files to be uploaded, which could allow unauthenticated users to upload PHP4 files for example PoC POST /wp-admin/admin-ajax.php HTTP/1.1 Accept:...

1.2AI score
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2021/09/09 12:0 a.m.19 views

wp-publications - Local File Inclusion

The plugin is vulnerable to restrictive local file inclusion via the QFILE parameter found in the /bibtexbrowser.php file which allows attackers to include local zip files and achieve remote code execution...

9.8CVSS6.2AI score0.0226EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2021/09/09 12:0 a.m.19 views

Bug Library < 2.0.4 - Reflected Cross-Site Scripting

The plugin is vulnerable to Reflected Cross-Site Scripting via the via the successimportcount parameter found in the /bug-library.php file which allows attackers to inject arbitrary web scripts...

6.1CVSS4.4AI score0.00938EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
added 2021/09/09 12:0 a.m.19 views

Advance Search < 1.1.3 - Reflected Cross-Site Scripting

The plugin is vulnerable to Reflected Cross-Site Scripting via the wpasid parameter found in the /inc/admin/views/html-advance-search-admin-options.php file which allows attackers to inject arbitrary web scripts...

6.1CVSS4.6AI score0.00895EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
added 2021/09/08 12:0 a.m.19 views

User Activation Email <= 1.3.0 - Reflected Cross-Site Scripting

The plugin is vulnerable to Reflected Cross-Site Scripting via the uae-key parameter found in the /user-activation-email.php file which allows attackers to inject arbitrary web scripts...

6.1CVSS4.9AI score0.00938EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
added 2021/09/08 12:0 a.m.19 views

simpleSAMLphp Authentication <= 0.7.0 - Reflected Cross-Site Scripting

The plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $SERVER"PHPSELF" value in the /simplesamlphp-authentication.php file which allows attackers to inject arbitrary web scripts...

6.1CVSS4.1AI score0.0097EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
added 2021/09/08 12:0 a.m.19 views

More From Google <= 0.0.2 - Reflected Cross-Site Scripting

The plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $SERVER"PHPSELF" value in the /morefromgoogle.php file which allows attackers to inject arbitrary web scripts...

6.1CVSS4.3AI score0.00895EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
added 2021/09/06 12:0 a.m.19 views

Pinterest Automatic < 4.14.4 - Unauthenticated Arbitrary Options Update

The plugin was vulnerable to Unauthenticated Arbitrary Options Update...

2.9AI score
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2021/09/06 12:0 a.m.19 views

Appointment Hour Booking < 1.3.16 - Authenticated Stored Cross-Site Scripting

The plugin does not escape some of the Calendar Form settings, allowing high privilege users to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. PoC Create a new Calendar Appointment Hour Booking Add new Put the following payload in the Form...

4.8CVSS0.4AI score0.00598EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2021/09/01 12:0 a.m.19 views

XO Event Calendar < 2.3.7 - Reflected Cross-Site Scripting

The plugin does not escape the selected-name parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting issue PoC https://example.com/wp-admin/edit.php?posttype=xoevent=xo-event-holiday-settings&selected-name;="...

0.2AI score
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2021/08/30 12:0 a.m.19 views

CoolClock < 4.3.5 - Contributor+ Stored Cross-Site Scripting

The plugin does not escape some shortcode attributes, allowing users with a role as low as Contributor toperform Stored Cross-Site Scripting attacks PoC As a user with a role as low as contributor, put the following shortcode in a post/page and view/preview it to trigger the XSS which is specific...

5.4CVSS2.7AI score0.00604EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2021/08/24 12:0 a.m.19 views

Podlove Podcast Publisher < 3.5.6 - Unauthenticated SQL Injection

The plugin contains a 'Social & Donations' module not activated by default, which adds the rest route '/services/contributor/?P\d+, takes an 'id' and 'category' parameters as arguments. Both parameters can be used for the SQLi. PoC With the 'Social & Donations' module of the plugin activated...

9.8CVSS3.1AI score0.09404EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2021/08/24 12:0 a.m.19 views

Recipe Card Blocks < 2.8.3 - Contributor+ Stored Cross-Site Scripting

The plugin does not properly sanitise or escape some of the properties of the Recipe Card Block such as ingredientsLayout, iconSet, steps, ingredients, recipeTitle, or settings, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks. PoC As a...

5.4CVSS1.9AI score0.00604EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2021/08/23 12:0 a.m.19 views

Shortcodes Ultimate < 5.10.2 - Contributor+ Stored XSS

The plugin allows users with Contributor roles to perform stored XSS via shortcode attributes. Note: the plugin is inconsistent in its handling of shortcode attributes; some do escape, most don't, and there are even some attributes that are insecure by design like subutton's onclick attribute. Po...

5.4CVSS3.6AI score0.00604EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2021/08/23 12:0 a.m.19 views

Limit Login Attempts < 4.0.50 - Unauthenticated Stored Cross-Site Scripting

The plugin does not escape the IP addresses which can be controlled by attacker via headers such as X-Forwarded-For of attempted logins before outputting them in the reports table, leading to an Unauthenticated Stored Cross-Site Scripting issue. PoC POST /wp-login.php HTTP/1.1 Accept:...

6.1CVSS1.5AI score0.0157EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2021/08/23 12:0 a.m.19 views

OMGF < 4.5.4 - Subscriber+ Arbitrary File/Folder Deletion

The plugin does not enforce path validation, authorisation and CSRF checks in the omgfajaxemptydir AJAX action, which allows any authenticated users to delete arbitrary files or folders on the server. PoC As an authenticated user, with a role as low as subscriber, viewing the admin the dashboard...

8.1CVSS3.2AI score0.00883EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2021/08/22 12:0 a.m.19 views

WP-Board <= 1.1 (beta) - Unauthenticated SQL Injection

The options.php file of the plugin accepts a postid parameter which is not sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection. This is a time based SQLI and in the same function vulnerable parameter is passed twice so if we pass time as 5 seconds it take...

8.8CVSS1.1AI score0.04561EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2021/08/18 12:0 a.m.19 views

Gutenslider < 5.2.0 - Contributor+ Stored XSS

The plugin does not escape the minWidth attribute of a Gutenburg block, which could allow users with a role as low as contributor to perform Cross-Site Scripting attacks PoC As a contributor or above, create/edit a post, put the below code while in Code Editor mode, and view/preview the post The...

5.4CVSS2.6AI score0.00604EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2021/08/18 12:0 a.m.19 views

Visual Link Preview < 2.2.3 - Unauthorised AJAX Calls

The plugin does not enforce authorisation on several AJAX actions and has the CSRF nonce displayed for all authenticated users, allowing any authenticated user such as subscriber to call them and 1 Get and search through title and content of Draft post, 2 Get title of a password-protected post as...

5.5CVSS1.2AI score0.00615EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2021/08/09 12:0 a.m.19 views

WPFront Notification Bar < 2.1.0.08087 - Authenticated Stored XSS

The plugin does not properly sanitise and escape its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. PoC To execute the XSS on all frontend pages and plugin's setting page, add the following payload in...

5.4CVSS0.4AI score0.00624EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2021/08/09 12:0 a.m.19 views

Stop Spammers Security < 2021.18 - Authenticated Stored XSS

The plugin does not escape some of its settings, allowing high privilege users such as admin to set Cross-Site Scripting payloads in them even when the unfilteredhtml capability is disallowed PoC Put the following payload in any of the API field of the Web Services settings: " autofocus...

5.4CVSS2.3AI score0.00624EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2021/08/06 12:0 a.m.19 views

Block and Stop Bad Bots < 6.60 - Authenticated SQL Injections

The plugin did not validate or escape the order and orderby GET parameter in some of its admin dashboard pages, leading to Authenticated SQL Injections PoC https://example.com/wp-admin/admin.php?page=sbbmy-custom-submenu-page=1+AND+%28SELECT+4242+FROM+%28SELECT%28SLEEP%285%29%29%29aaa%29=asc...

8.8CVSS0.6AI score0.01713EPSS
Exploits2References2Affected Software1
WPVulnDB
WPVulnDB
added 2021/08/04 12:0 a.m.19 views

Availability Calendar < 1.2.1 - Authenticated SQL Injection

The plugin does not escape the category attribute from its shortcode before using it in a SQL statement, leading to a SQL Injection issue, which can be exploited by any user able to add shortcode to posts/pages, such as contributor+ PoC With an account role as low as contributor, put the followin...

8.8CVSS2.5AI score0.01292EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2021/08/02 12:0 a.m.19 views

Sitewide Notice WP < 2.3 - Authenticated Stored XSS

The plugin does not sanitise some of its settings before outputting them in frontend pages, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed PoC Put the following payload in the Message setting of the plugin: The XSS will ...

4.8CVSS1.4AI score0.00617EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2021/07/27 12:0 a.m.19 views

Favicon by RealFaviconGenerator < 1.3.22 - Reflected Cross-Site Scripting (XSS)

The plugin does not sanitise or escape one of its parameter before outputting it back in the response, leading to a Reflected Cross-Site Scripting XSS which is executed in the context of a logged administrator. Timeline WPScanTeam: June 28th, 2021 - Details sent to vendor July 9th, 2021 - Escalat...

4.3CVSS0.1AI score0.00827EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2021/07/27 12:0 a.m.19 views

uListing < 2.0.6 - Authenticated IDOR

An Authenticated User IDOR vulnerability was discovered in the plugin. PoC Important: userid and listingid values ​​are dependent on each other, that is, if the author ID == 4, the data can only be modified for those ADs and pages that relate to this particular ID. You can find out the author of...

6.5CVSS0.5AI score0.01064EPSS
Exploits1Affected Software1
WPVulnDB
WPVulnDB
added 2021/07/26 12:0 a.m.19 views

uListing < 2.0.4 - Unauthenticated SQL Injection

An Unauthenticated SQL Injection vulnerability was discovered in the plugin. Vulnerable parameters: custom. SQL Injection types: Error-based, Boolean-based Blind, Time-based Blind. PoC PoC 1 | Unauthenticated SQL Injection | Tables: sqlmap...

7.5CVSS0.2AI score0.02067EPSS
Exploits1Affected Software1
WPVulnDB
WPVulnDB
added 2021/07/24 12:0 a.m.19 views

Email Subscriber <= 1.1 - Unauthenticated Stored Cross-Site Scripting (XSS)

The kentoemailsubscriberajax AJAX action of the plugin, does not properly sanitise, validate and escape the submitted subscribeemail and subscribename POST parameters, inserting them in the DB and then outputting them back in the Subscriber list...

4.3CVSS0.6AI score0.01344EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2021/07/23 12:0 a.m.19 views

WordPress Membership SwiftCloud.io <= 1.0 - Authenticated SQL Injection

An id GET parameter of the plugin is not properly sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection. PoC GET /wp-admin/admin.php?page=swiftbookaddemailtemplate=0%20UNION%20ALL%20SELECT%20NULL,NULL,user,NULL,NULL-- HTTP/1.1 Cache-Control: max-age=0...

6.5CVSS1.4AI score0.01547EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2021/07/20 12:0 a.m.19 views

HM Multiple Roles < 1.3 - Arbitrary Role Change

The plugin does not have any access control to prevent low privilege users to set themselves as admin via their profile page PoC As any authenticated user, go to your Profile page and Tick the Administrator Role checkbox. In v1.2, the checkboxes are disabled in the UI but can be tampered with by...

6.5CVSS3.9AI score0.01509EPSS
Exploits2References2Affected Software1
WPVulnDB
WPVulnDB
added 2021/07/19 12:0 a.m.19 views

Wonder PDF Embed < 1.7 - Contributor+ Stored XSS

The plugin does not escape parameters of its wonderpluginpdf shortcode, which could allow users with a role as low as Contributor to perform Stored XSS attacks. PoC wonderpluginpdf src="a" onload="alert1"...

3.5CVSS3AI score0.00624EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2021/07/05 12:0 a.m.19 views

Popular Brand SVG Icons - Simple Icons < 2.7.8 - Contributor+ Stored XSS

The plugin does not sanitise or validate some of its shortcode parameters, such as "color", "size" or "class", allowing users with a role as low as Contributor to set Cross-Site payload in them. A post made by a contributor would still have to be approved by an admin to have the XSS triggered in...

3.5CVSS1.8AI score0.00624EPSS
Exploits2Affected Software1
Total number of security vulnerabilities5000