Lucene search
K
WpvulndbRecent

14602 matches found

WPVulnDB
WPVulnDB
added 2023/11/08 12:0 a.m.13 views

UpdraftPlus: WordPress Backup & Migration < 1.23.11 - Google Drive Storage Update via CSRF

Description The plugin is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.23.10. This is due to a lack of nonce validation and insufficient validation of the instanceid on the 'updraftmethod-googledrive-auth' action used to update Google Drive remote storage...

5.4CVSS6.1AI score0.00218EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/07 12:0 a.m.19 views

wpDiscuz < 7.6.12 - Missing Authorization in AJAX Actions

Description The plugin is vulnerable to unauthorized use of functionality due to a missing capability check on functions corresponding to AJAX actions in versions up to, and including, 7.6.3. This makes it possible for authenticated attackers, with subscriber-level access and above, to view user...

6.1AI score0.004EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/07 12:0 a.m.17 views

wpDiscuz < 7.6.4 - Author+ IDOR

Description The plugin is vulnerable to unauthorized modification of data due to a missing authorization check on a function...

6.5CVSS6.3AI score0.00527EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/07 12:0 a.m.40 views

wpDiscuz < 7.6.6 - Unauthenticated SQL Injection

Description The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by unauthenticated users...

8AI score
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/07 12:0 a.m.15 views

1003 Mortgage Application < 1.80 - Improper Neutralization of Formula Elements in a CSV File

Description Improper Neutralization of Formula Elements in a CSV File vulnerability in Lenderd 1003 Mortgage Application.This issue affects 1003 Mortgage Application: from n/a through 1.75...

9.8CVSS9.6AI score0.00854EPSS
Exploits0
WPVulnDB
WPVulnDB
added 2023/11/07 12:0 a.m.17 views

wpDiscuz < 7.6.12 - Unauthenticated Stored XSS

Description The plugin does not validate and escape some parameters, which could allow unauthenticated users to perform Stored Cross-Site Scripting attacks...

6.1CVSS5.8AI score0.0037EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/07 12:0 a.m.21 views

Kadence WooCommerce Email Designer < 1.5.12 - CSRF

Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...

8.8CVSS6.5AI score0.00234EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/07 12:0 a.m.18 views

Export Users Data CSV < 2.2 - Improper Neutralization of Formula Elements in a CSV File

Description Improper Neutralization of Formula Elements in a CSV File vulnerability in Kaushik Kalathiya Export Users Data CSV.This issue affects Export Users Data CSV: from n/a through 2.1...

8.8CVSS6.6AI score0.0082EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/07 12:0 a.m.18 views

wpDiscuz < 7.6.11 - Unauthenticated Content Injection

Description The plugin is vulnerable to Arbitrary Content Injection, making it possible for unauthenticated attackers to inject new content onto the website, possibly through the manipulation of posts to create new web pages, spam, or phishing...

7.1AI score0.00283EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/07 12:0 a.m.13 views

Posts and Users Stats < 1.1.4 - Improper Neutralization of Formula Elements in a CSV File

Description Improper Neutralization of Formula Elements in a CSV File vulnerability in Patrick Robrecht Posts and Users Stats.This issue affects Posts and Users Stats: from n/a through 1.1.3...

8.8CVSS7.1AI score0.00823EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/07 12:0 a.m.13 views

wpDiscuz < 7.6.11 - Insufficient Authorization to Comment Submission on Deleted Posts

Description The plugin is vulnerable to unauthorized modification of data due to insufficient validation on the comment functionality, making it possible for unauthenticated attackers to leave comments on trashed posts...

6.9AI score0.00347EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/06 12:0 a.m.15 views

WP Reroute Email < 1.4.8 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Description Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Sajjad Hossain WP Reroute Email allows SQL Injection.This issue affects WP Reroute Email: from n/a through 1.4.6...

9.8CVSS7.4AI score0.00681EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/06 12:0 a.m.14 views

Mmm Simple File List <= 2.3 - Contributor+ Stored XSS

Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks PoC As a contributor, put the...

5.4CVSS5.5AI score0.00419EPSS
Exploits2
WPVulnDB
WPVulnDB
added 2023/11/06 12:0 a.m.12 views

Coming Soon < 1.6.0 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Description Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Weblizar Coming Soon Page – Responsive Coming Soon & Maintenance Mode allows SQL Injection.This issue affects Coming Soon Page – Responsive Coming Soon & Maintenance Mode: from n/a...

9.8CVSS7.4AI score0.00547EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/06 12:0 a.m.11 views

Martins Free & Easy SEO Link buildings < 1.2.30 - Reflected XSS

Description The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin PoC Make a logged in amin open...

6.1CVSS6.2AI score0.00444EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/06 12:0 a.m.10 views

WPB Show Core <= 2.2 - Unauthenticated Local File Inclusion

Description This plugin is vulnerable to a local file inclusion via the path parameter. PoC Send a GET request to wpb-show-core/download-file.php with the path parameter set to an arbitrary file path on the server, - "/etc/resolv.conf" - "/etc/hosts" - "../../../wp-config.php"...

9.8CVSS9.3AI score0.1567EPSS
Exploits2
WPVulnDB
WPVulnDB
added 2023/11/06 12:0 a.m.23 views

Limit Login Attempts Reloaded < 2.25.26 - Admin+ Missing Authorization to Toggle Plugin Auto-Update

Description The plugin is missing authorization on the toggleautoupdate AJAX action, allowing any user with a valid nonce to toggle the auto-update status of the plugin. PoC As an Admin, open the Limit Login Attempts page in WP Admin and run the following code in the browser console: nonce =...

4.3CVSS4.9AI score0.00454EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/06 12:0 a.m.15 views

Woocommerce Vietnam Checkout < 2.0.6 - Unauthenticated Stored XSS

Description The plugin does not escape the custom shipping phone field no the checkout form leading to XSS PoC 1 Install both WooCommerce and the plugin. 2 Set a WooCommerce shipping method, and the store's address to one that is in Vietnam. 3 Add product to cart, and proceed to checkout 4 Tick...

6.1CVSS6.2AI score0.00471EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/06 12:0 a.m.15 views

Webpushr < 4.35.0 - Unauthenticated Stored XSS

Description The plugin does not prevent visitors on the site from changing some of the plugin options, some of which may be used to conduct Stored XSS attacks. PoC 1. Woocommerce needs to be installed as well as activating webpushr-web-push-notifications by creating an account. 2. Run the...

5.4CVSS5.6AI score0.00426EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/06 12:0 a.m.13 views

MomentoPress for Momento360 < 1.0.2 - Contributor+ Stored XSS

Description The plugin does not validate and escape some parameters, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

5.4CVSS5.7AI score0.0031EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/06 12:0 a.m.15 views

WPB Show Core <= 2.2 - Unauthenticated Server Side Request Forgery

Description This plugin is vulnerable to server-side request forgery SSRF via the path parameter. PoC Send a GET request to wpb-show-core/download-file.php with the path parameter set to an arbitrary URL http://example.com/latest/meta-data/iam/security-credentials/wpb-apps-prod-role the website...

9.8CVSS9.5AI score0.0315EPSS
Exploits2
WPVulnDB
WPVulnDB
added 2023/11/06 12:0 a.m.8 views

Mmm Simple File List <= 2.3 - Subscriber+ Arbitrary Directory Listing

Description The plugin does not validate the generated path to list files from, allowing any authenticated users, such as subscribers, to list the content of arbitrary directories. PoC Run the below command in the developer console of the web browser while being on the blog as a subscriber user...

4.3CVSS6AI score0.00637EPSS
Exploits2
WPVulnDB
WPVulnDB
added 2023/11/06 12:0 a.m.22 views

WordPress Backup & Migration < 1.4.4 - Subscriber+ Plugin Settings Update

Description The plugin does not authorize some AJAX requests, allowing users with a role as low as Subscriber to update some plugin settings. PoC fetch"/wp-admin/admin-ajax.php", "headers": "content-type": "application/x-www-form-urlencoded; charset=UTF-8", , "body":...

4.3CVSS5AI score0.00454EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/06 12:0 a.m.23 views

WordPress Backup & Migration < 1.4.5 - Subscriber+ Stored XSS

Description The plugin does not sanitise and escape some parameters, which could allow users with a role as low as Subscriber to perform Cross-Site Scripting attacks. This was partially fixed in version 1.4.4 but it still allowed XSS attacks from Admin users. PoC fetch"/wp-admin/admin-ajax.php",...

5.4CVSS5.6AI score0.00426EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/06 12:0 a.m.15 views

Security & Malware scan by CleanTalk < 2.121 - IP Spoofing

Description This plugin retrieves client IP addresses from potentially untrusted headers, allowing an attacker to manipulate its value. This may be used to bypass bruteforce protection. PoC Send 5 invalid login requests and thus block the IP address. POST /wp-login.php HTTP/1.1 Host: localhost...

7.5CVSS7.5AI score0.00653EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/06 12:0 a.m.20 views

Icons Font Loader < 1.1.2.1 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Description Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in bPlugins LLC Icons Font Loader allows SQL Injection.This issue affects Icons Font Loader: from n/a through 1.1.2...

8.8CVSS7.4AI score0.00544EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/06 12:0 a.m.13 views

Simple Social Buttons < 5.1.1 - Unauthenticated Password Protected Post Access

Description The plugin leaks password-protected post content to unauthenticated visitors in some meta tags PoC As unauthenticated, view the source of any password-protected post and see that the content of the post is disclosed in the og:description and twitter:description meta tags...

5.3CVSS5.3AI score0.00575EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/06 12:0 a.m.17 views

POST SMTP Mailer < 2.7.1 - Unauthenticated Cross-site Scripting

Description The plugin does not escape email message content before displaying it in the backend, allowing an unauthenticated attacker to perform XSS attacks against highly privileged users. PoC 1. Install Post SMTP in version Email Log 4. Click 'View' next to the first record. 5. The message is...

6.1CVSS6.1AI score0.0051EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/06 12:0 a.m.19 views

kk Star Ratings < 5.4.6 - Rating Tampering via Race Condition

Description The plugin does not implement atomic operations, allowing one user vote multiple times on a poll due to a Race Condition. PoC 1- Install and activate kk Star Ratings. 2- Go to the page that displays the star rating. 3- Using Burp and the Turbo Intruder extension, intercept the rating...

5.9CVSS5.8AI score0.00414EPSS
Exploits5Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/06 12:0 a.m.15 views

Feather Login Page < 1.1.4 - CSRF

Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...

8.8CVSS6.5AI score0.0021EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/06 12:0 a.m.11 views

Job Manager & Career < 1.4.4 - Directory listing to Sensitive Data Exposure

Description The plugin contains a vulnerability in the Directory Listings system, which allows an unauthorized user to view and download private files of other users. This vulnerability poses a serious security threat because it allows an attacker to gain access to confidential data and files of...

7.5CVSS7.7AI score0.00767EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/06 12:0 a.m.15 views

WP-UserOnline < 2.88.3 - Unauthenticated Stored XSS

Description The plugin does not sanitise and escape the X-Forwarded-For header before outputting its content on the page, which allows unauthenticated users to perform Cross-Site Scripting attacks. PoC curl https://example.com -H 'X-Forwarded-For: ' Then, as a high-privileged user, visit...

6.1CVSS6.1AI score0.0051EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/06 12:0 a.m.17 views

Seraphinite Accelerator < 2.20.32 - Unauthorised Settings Reset/Import

Description The plugin does not have authorisation and CSRF checks when resetting and importing its settings, allowing unauthenticated users to reset them The issue was partially fixed in 2.20.29 only adding authorisation checks. CSRF checks were added in 2.20.32 PoC As an unauthenticated user,...

5.3CVSS5.4AI score0.00268EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/06 12:0 a.m.18 views

WassUp Real Time Analytics <= 1.9.4.5 - Unauthenticated Stored XSS

Description The plugin does not escape IP address provided via some headers before outputting them back in an admin page, allowing unauthenticated users to perform Stored XSS attacks against logged in admins PoC wget --header="X-Forwarded-For: " https://example.com -q -O- The XSS will be triggere...

6.1CVSS6AI score0.0051EPSS
Exploits2
WPVulnDB
WPVulnDB
added 2023/11/06 12:0 a.m.21 views

Bookly < 22.5 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC 1. As an admin user, visit the...

4.8CVSS4.8AI score0.00451EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/06 12:0 a.m.34 views

Asgaros Forum < 2.7.1 - Unauthenticated Arbitrary File Upload

Description The plugin allows forum administrators, who may not be WordPress super-administrators, to set insecure configuration that allows unauthenticated users to upload dangerous files e.g. .php, .phtml, potentially leading to remote code execution. PoC Any user who has the rights to modify t...

9.8CVSS9.8AI score0.01964EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/03 12:0 a.m.18 views

Ultimate Addons for WPBakery Page Builder < 3.19.15 - Contributor+ Stored XSS

Description The plugin does not validate and escape some parameters, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

6.5CVSS5.7AI score0.0031EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/03 12:0 a.m.13 views

FareHarbor < 3.6.8 - Contributor+ Stored Cross-Site Scripting

Description The plugin does not adequately sanitize input or escape output on user-supplied attributes, leading to the possibility of Stored Cross-Site Scripting via shortcodes. This issue arises when authenticated users with contributor-level or higher permissions inject arbitrary web scripts in...

6.4CVSS5.7AI score0.0044EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/03 12:0 a.m.17 views

Your Journey theme <= 1.9.8 - Reflected Cross-Site Scripting via Prototype Pollution

Description The plugin does not properly sanitize input and escape output, resulting in a vulnerability to Reflected Cross-Site Scripting via prototype pollution. This could lead to the injection of arbitrary web scripts in pages that execute when a user is tricked into performing an action like...

6.1CVSS6.3AI score0.00386EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2023/11/03 12:0 a.m.11 views

Bellows Accordion Menu < 1.4.3 - Contributor+ Stored Cross-Site Scripting

Description The plugin does not adequately sanitize user-supplied attributes in shortcodes, nor does it correctly escape output. This can lead to injection of arbitrary web scripts in pages by authenticated users with contributor-level permissions...

6.4CVSS6.5AI score0.0045EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/03 12:0 a.m.17 views

Grid Plus <= 1.3.4 - Reflected XSS

Description The plugin does not sanitise and escape some parameters before outputting them back in the page, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

7.1CVSS6.3AI score0.00331EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2023/11/03 12:0 a.m.10 views

HTML filter and csv-file search < 2.8 - Contributor+ Local File Inclusion

Description The plugin does not properly sanitize and validate the 'src' attribute of the 'csvsearch' shortcode, leading to a Local File Inclusion vulnerability...

8.8CVSS7AI score0.00854EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2023/11/03 12:0 a.m.23 views

Grid Plus < 1.3.4 - Subscriber+ Local File Inclusion

Description The plugin does not properly validate and sanitize shortcode attributes, leading to a Local File Inclusion vulnerability. This flaw could enable attackers to include and execute arbitrary PHP files on the server, potentially bypassing access controls, exposing sensitive data, or...

8.8CVSS8.8AI score0.01107EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/03 12:0 a.m.12 views

Live updates from Excel < 2.3.3 - Contributor+ Stored Cross-Site Scripting

Description The plugin does not properly sanitize and escape user supplied attributes in the 'ipushpullpage' shortcode. This lack of sufficient input validation could potentially allow script injection...

6.4CVSS6.4AI score0.0036EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/03 12:0 a.m.17 views

Medialist < 1.4.1 - Contributor+ Stored XSS

Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks PoC medialist style='"...

5.4CVSS5.4AI score0.00452EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/03 12:0 a.m.21 views

Simple Shortcodes <= 1.0.20 - Contributor+ Stored Cross-Site Scripting

Description The plugin does not sufficiently sanitize input or escape output on user-supplied attributes, resulting in a potential for Stored Cross-Site Scripting via shortcodes. This flaw makes it possible for users with contributor-level permissions or higher to inject arbitrary web scripts int...

6.4CVSS5.6AI score0.0064EPSS
Exploits1References1
WPVulnDB
WPVulnDB
added 2023/11/03 12:0 a.m.11 views

Motors – Car Dealer & Classified Ads <= 1.4.6 - Reflected XSS

Description The plugin does not sanitise and escape some parameters before outputting them back in the page, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

7.1CVSS5.7AI score0.00331EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2023/11/03 12:0 a.m.10 views

Winters theme <= 1.4.3 - Reflected Cross-Site Scripting via Prototype Pollution

Description The theme does not properly sanitize user inputs nor escape output, leading to a reflected Cross-Site Scripting vulnerability via prototype pollution...

6.1CVSS5.8AI score0.00386EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2023/11/03 12:0 a.m.15 views

WP Simple Galleries <= 1.34 - Contributor+ PHP Object Injection

Description The plugin does not properly handle deserialization of untrusted input from the 'wpsimplegallerygallery' post meta via 'wpsgallery' shortcode...

8.8CVSS6.6AI score0.01019EPSS
Exploits1References1
WPVulnDB
WPVulnDB
added 2023/11/03 12:0 a.m.15 views

Carousel, Recent Post Slider and Banner Slider < 2.1 - Contributor+ Stored Cross-Site Scripting

Description The plugin does not correctly sanitize and escape user-supplied attributes in the 'spicepostslider' shortcode. This oversight could lead to the injection of arbitrary web scripts into pages that will execute whenever accessed by a user...

6.4CVSS6.8AI score0.00519EPSS
Exploits1References1Affected Software1
Total number of security vulnerabilities14602