Lucene search
K
WpvulndbRecent

14602 matches found

WPVulnDB
WPVulnDB
added 2023/10/24 12:0 a.m.17 views

Nexter Extension < 2.0.4 - Reflected XSS

Description The plugin does not sanitise and escape some parameters before outputting them back in the page, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

7.1CVSS5.7AI score0.00437EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/10/24 12:0 a.m.19 views

Google Calendar Events < 3.2.6 - Cross-Site Request Forgery (CSRF)

Description The Plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...

8.8CVSS6.5AI score0.00277EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/10/24 12:0 a.m.19 views

AI ChatBot < 4.9.1 - Missing authorization in AJAX calls

Description The plugin does not check capabilities when processing AJAX actions, allowing unauthenticated attackers to perform actions intended for higher privileged users...

9.8CVSS6.4AI score0.00531EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/10/24 12:0 a.m.20 views

AI ChatBot < 4.9.1 - Cross-Site Request Forgery (CSRF)

Description The plugin does not protect some of its actions against CSRF attacks, allowing an unauthenticated attacker to perform actions on their behalf by tricking a logged in user to submit a crafted request...

5.4CVSS6.3AI score0.00206EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/10/24 12:0 a.m.18 views

AI ChatBot < 4.9.3 - Missing authorization in AJAX calls

Description The plugin does not check capabilities when processing AJAX actions, allowing unauthenticated attackers to perform actions intended for higher privileged users. This vulnerability is the same as CVE-2023-5533 but was reintroduced in version 4.9.2...

9.4AI score0.00531EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/10/24 12:0 a.m.13 views

WP Lightbox 2 <= 3.0.6.5 - Admin+ Stored XSS

Description The plugin does not validate and escape some parameters, which could allow users with the admin role and above to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5.9CVSS5.6AI score0.00418EPSS
Exploits0References2
WPVulnDB
WPVulnDB
added 2023/10/24 12:0 a.m.22 views

Print, PDF, Email by PrintFriendly < 5.5.2 - Admin+ Stored XSS

Description The plugin does not validate and escape some parameters, which could allow users with the admin role and above to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5.9CVSS6AI score0.00394EPSS
Exploits0References2Affected Software1
WPVulnDB
WPVulnDB
added 2023/10/24 12:0 a.m.11 views

Proofreading < 1.1 - Reflected XSS

Description The plugin does not sanitise and escape some parameters before outputting them back in the page, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

7.1CVSS6.1AI score0.00437EPSS
Exploits0References2Affected Software1
WPVulnDB
WPVulnDB
added 2023/10/24 12:0 a.m.12 views

Ajax Archive Calendar < 2.6.8 - Contributor+ Stored XSS

Description The plugin does not validate and escape some parameters, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

6.5CVSS5.7AI score0.00409EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/10/24 12:0 a.m.28 views

AI ChatBot < 4.9.1 - Subscriber+ Arbitrary File Deletion

Description The plugin does not properly validate files to be deleted in the qcldopenaideletetrainingfile function, allowing users with roles as low as subscriber to delete arbitrary files on the server...

9.6CVSS6.2AI score0.01626EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/10/24 12:0 a.m.28 views

AI ChatBot < 4.9.3 - Subscriber+ Arbitrary File Deletion

Description The plugin does not properly validate files to be deleted in the qcldopenaideletetrainingfile function, allowing users with roles as low as subscriber to delete arbitrary files on the server. This vulnerability is the same as CVE-2023-5212 but was accidentally reintroduced in version...

8AI score0.01626EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/10/24 12:0 a.m.14 views

Maileon < 2.16.1 - Admin+ Stored XSS

Description The plugin does not validate and escape some parameters, which could allow users with the admin role and above to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5.9CVSS5.6AI score0.00409EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/10/24 12:0 a.m.24 views

AI ChatBot < 4.9.3 - Cross-Site Request Forgery (CSRF)

Description The plugin does not protect some of its actions against CSRF attacks, allowing an unauthenticated attacker to perform actions on their behalf by tricking a logged in user to submit a crafted request. This vulnerability is the same as CVE-2023-5534, but was reintroduced in version 4.9....

5.5AI score0.00206EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/10/24 12:0 a.m.13 views

WP GoToWebinar < 14.46 - Admin+ Stored XSS

Description The plugin does not validate and escape some parameters, which could allow users with the admin role and above to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5.9CVSS5.6AI score0.00418EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/10/24 12:0 a.m.19 views

WP ULike < 4.6.9 - Contributor+ Stored Cross Site Scripting via Shortcode

Description The plugin does not validate and escape some parameters, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

6.5CVSS5.7AI score0.00409EPSS
Exploits0References2Affected Software1
WPVulnDB
WPVulnDB
added 2023/10/24 12:0 a.m.35 views

LiteSpeed Cache < 5.7 - Contributor+ Stored XSS

Description The plugin does not escape the cache attribute of its esi shortcode before outputting it back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

6.4CVSS5.6AI score0.19684EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/10/24 12:0 a.m.9 views

WOLF < 1.0.7.2 - Cross-Site Request Forgery (CSRF)

Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...

8.8CVSS7AI score0.00271EPSS
Exploits0References2Affected Software1
WPVulnDB
WPVulnDB
added 2023/10/23 12:0 a.m.10 views

Serial Numbers for WooCommerce – License Manager < 1.6.4 - Arbitrary Settings Update via CSRF

Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...

8.8CVSS6.5AI score0.00208EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/10/23 12:0 a.m.23 views

Wp Ultimate Review <= 2.2.5 - CSRF

Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...

8.8CVSS9AI score0.00214EPSS
Exploits0
WPVulnDB
WPVulnDB
added 2023/10/23 12:0 a.m.18 views

Rocket Font <= 1.2.3 - Arbitrary Settings Update via CSRF

Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...

8.8CVSS6.5AI score0.0021EPSS
Exploits0
WPVulnDB
WPVulnDB
added 2023/10/23 12:0 a.m.73 views

Royal Elementor Addons and Templates 1.4.78 - Unauthenticated Arbitrary File Upload

Description The plugin does not properly validate uploaded files, which could allow unauthenticated users to upload arbitrary files, such as PHP and achieve RCE. Note that this vulnerability is identical to https://wpscan.com/vulnerability/281518ff-7816-4007-b712-63aed7828b34/ as it was introduce...

9.8CVSS9.5AI score0.81695EPSS
Exploits18
WPVulnDB
WPVulnDB
added 2023/10/23 12:0 a.m.11 views

Userback < 1.0.14 - Arbitrary Settings Update via CSRF

Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...

8.8CVSS6.5AI score0.00214EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/10/23 12:0 a.m.12 views

Smooth Scroll Links <= 1.1.0 - Arbitrary Settings Update via CSRF

Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...

8.8CVSS6.5AI score0.00208EPSS
Exploits0
WPVulnDB
WPVulnDB
added 2023/10/20 12:0 a.m.18 views

OPcache Dashboard <= 0.3.1 - Reflected XSS

Description The plugin does not sanitise and escape some parameters before outputting them back in the page, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

7.1CVSS5.7AI score0.00331EPSS
Exploits0
WPVulnDB
WPVulnDB
added 2023/10/20 12:0 a.m.17 views

Thumbnail Slider With Lightbox < 1.0.20 - Admin+ Stored XSS

Description The plugin does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS5.5AI score0.004EPSS
Exploits0
WPVulnDB
WPVulnDB
added 2023/10/20 12:0 a.m.28 views

ChatBot < 4.9.1 - Unauthenticated Blind SQL Injection

Description The plugin is vulnerable to SQL Injection via the $strid parameter in versions up to, and including...

9.8CVSS7.6AI score0.06888EPSS
Exploits4Affected Software1
WPVulnDB
WPVulnDB
added 2023/10/20 12:0 a.m.8 views

Widgets for Google Reviews < 10.9.1 - Arbitrary Settings Update via CSRF

Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...

4.3CVSS6.5AI score0.00198EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/10/20 12:0 a.m.19 views

BEAR for WordPress < 1.1.4 - Arbitrary Settings Update via CSRF

Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...

4.3CVSS6.5AI score0.0028EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/10/20 12:0 a.m.15 views

BEAR for WordPress < 1.1.4 - Arbitrary Settings Update via CSRF

Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...

4.3CVSS6.5AI score0.0029EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/10/20 12:0 a.m.13 views

WP Simple HTML Sitemap < 2.6 - Contributor+ Stored XSS

Description The plugin does not validate and escape some parameters, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

6.5CVSS5.2AI score0.0031EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/10/20 12:0 a.m.28 views

wpDiscuz < 7.6.4 - Post Rating Increase/Decrease iva IDOR

Description The plugin is vulnerable to unauthorized modification of data due to a missing authorization check on the userRate function...

5.3CVSS6.4AI score0.00401EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/10/20 12:0 a.m.14 views

Ad Inserter – Ad Manager & AdSense Ads < 2.7.31 - Unauthenticated Sensitive Information Exposure

Description The plugin exposes sensitive information to unauthenticated users...

5.3CVSS6.2AI score0.00642EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/10/20 12:0 a.m.16 views

Social Media Share Buttons & Social Sharing Icons < 2.8.6 - Subscriber+ Sensitive Information Exposure

Description The plugin exposes sensitive information to unauthenticated users...

6.5CVSS6.2AI score0.01201EPSS
Exploits1Affected Software1
WPVulnDB
WPVulnDB
added 2023/10/20 12:0 a.m.12 views

BEAR for WordPress < 1.1.4 - Arbitrary Settings Update via CSRF

Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...

4.3CVSS6.5AI score0.00479EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/10/20 12:0 a.m.9 views

Product Category Tree <= 2.5 - Reflected XSS

Description The plugin does not sanitise and escape some parameters before outputting them back in the page, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

7.1CVSS6.1AI score0.00331EPSS
Exploits0
WPVulnDB
WPVulnDB
added 2023/10/20 12:0 a.m.7 views

Tweeple <= 0.9.5 - Reflected XSS

Description The plugin does not sanitise and escape some parameters before outputting them back in the page, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

7.1CVSS6.1AI score0.00331EPSS
Exploits0
WPVulnDB
WPVulnDB
added 2023/10/20 12:0 a.m.16 views

flowpaper < 2.0.4 - Contributor+ Stored XSS

Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admin...

6.4CVSS5.6AI score0.00451EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/10/20 12:0 a.m.11 views

Booster for WooCommerce < 7.1.3 - Contributor+ Stored XSS

Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admin...

6.4CVSS5.6AI score0.00478EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/10/20 12:0 a.m.13 views

Sitekit < 1.5 - Contributor+ Stored XSS

Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admin...

6.4CVSS5.6AI score0.00413EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/10/20 12:0 a.m.9 views

BEAR for WordPress < 1.1.4 - Arbitrary Settings Update via CSRF

Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...

4.3CVSS6.5AI score0.00286EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/10/20 12:0 a.m.26 views

Icegram Express < 5.6.24 - Admin+ Directory Traversal

Description The plugin is not validating the paths of files contained in uploaded zip archives, allowing highly privileged users, such as admins, to write arbitrary files to any part of the file system accessible by the web server via a path traversal vector...

9.1CVSS6.5AI score0.01031EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/10/20 12:0 a.m.10 views

QR Twitter Widget <= 0.2.3 - Contributor+ Stored XSS

Description The plugin does not validate and escape some parameters, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

6.5CVSS5.7AI score0.0031EPSS
Exploits0
WPVulnDB
WPVulnDB
added 2023/10/20 12:0 a.m.15 views

Team Showcase < 2.2 - Contributor+ Stored XSS

Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admin...

6.4CVSS5.6AI score0.00446EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/10/20 12:0 a.m.31 views

Ad Inserter – Ad Manager & AdSense Ads < 2.7.31 - Unauthenticated Sensitive Information Exposure

Description The plugin is vulnerable to Sensitive Information Exposure via the ai-debug-processing-fe URL parameter...

7.5CVSS6.4AI score0.00512EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/10/20 12:0 a.m.10 views

Ebook Store <= 5.785 - Reflected XSS

Description The plugin does not sanitise and escape some parameters before outputting them back in the page, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

7.1CVSS5.7AI score0.00345EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/10/20 12:0 a.m.10 views

WhatsApp Share Button <= 1.0.1 - Contributor+ Stored XSS

Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admin...

6.4CVSS5.6AI score0.00345EPSS
Exploits0
WPVulnDB
WPVulnDB
added 2023/10/20 12:0 a.m.21 views

Photospace Responsive < 2.1.2 - Admin+ Stored XSS

Description The plugin does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS5.5AI score0.00403EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/10/20 12:0 a.m.9 views

User Location and IP <= 1.7 - Contributor+ Stored XSS

Description The plugin does not validate and escape some parameters, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

6.5CVSS5.7AI score0.0031EPSS
Exploits0
WPVulnDB
WPVulnDB
added 2023/10/20 12:0 a.m.16 views

BEAR for WordPress < 1.1.4 - Arbitrary Settings Update via CSRF

Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...

8.8CVSS6.5AI score0.00317EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/10/20 12:0 a.m.27 views

Form Maker by 10Web < 1.15.19 - Reflected XSS

Description The plugin does not sanitise and escape some parameters before outputting them back in the page, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

7.1CVSS6.1AI score0.00354EPSS
Exploits0Affected Software1
Total number of security vulnerabilities14602