Lucene search
K
WpvulndbRecent

14602 matches found

WPVulnDB
WPVulnDB
added 2023/10/20 12:0 a.m.10 views

Modern Footnotes < 1.4.17 - Contributor+ Stored XSS

Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admin...

6.4CVSS5.6AI score0.00395EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/10/20 12:0 a.m.11 views

MpOperationLogs <= 1.0.1 - Unauthenticated Stored XSS

Description The plugin is vulnerable to Unauthenticated Stored Cross-Site Scripting via the IP Request Headers...

7.2CVSS5.8AI score0.00985EPSS
Exploits1
WPVulnDB
WPVulnDB
added 2023/10/20 12:0 a.m.17 views

WP Customer Reviews < 3.6.7 - Admin+ Stored XSS

Description The plugin does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS5.5AI score0.00303EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/10/20 12:0 a.m.18 views

Migration, Backup, Staging – WPvivid < 0.9.90 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS5.4AI score0.00333EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/10/20 12:0 a.m.18 views

ChatBot < 4.9.1 - Unauthenticated Sensitive Data Disclosure

Description The plugin is vulnerable to Sensitive Information Exposure in versions up to, and including, 4.8.9 via the qcldwbchatbotcheckuser function...

5.3CVSS6.4AI score0.00767EPSS
Exploits1Affected Software1
WPVulnDB
WPVulnDB
added 2023/10/20 12:0 a.m.10 views

BEAR for WordPress < 1.1.4 - Arbitrary Settings Update via CSRF

Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...

5.4CVSS7AI score0.00288EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/10/20 12:0 a.m.23 views

Social Media Share Buttons & Social Sharing Icons < 2.8.6 - Arbitrary Settings Update via CSRF

Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...

8.8CVSS6.5AI score0.00222EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/10/20 12:0 a.m.20 views

Skype Legacy Buttons <= 3.1 - Contributor+ Stored XSS

Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admin...

6.4CVSS5.6AI score0.00354EPSS
Exploits0
WPVulnDB
WPVulnDB
added 2023/10/20 12:0 a.m.21 views

Website Builder by SeedProd < 6.15.15.3 - Arbitrary Settings Update via CSRF

Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...

4.3CVSS6.5AI score0.0028EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/10/20 12:0 a.m.7 views

Contact form Form For All <= 1.2 - Contributor+ Stored XSS

Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admin...

6.4CVSS6AI score0.00345EPSS
Exploits0
WPVulnDB
WPVulnDB
added 2023/10/20 12:0 a.m.11 views

Gumroad <= 3.1.0 - Contributor+ Stored XSS

Description The plugin does not validate and escape some parameters, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

6.5CVSS5.7AI score0.0031EPSS
Exploits0
WPVulnDB
WPVulnDB
added 2023/10/20 12:0 a.m.19 views

Migration, Backup, Staging – WPvivid < 0.9.90 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS5.4AI score0.00328EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/10/20 12:0 a.m.15 views

BEAR for WordPress < 1.1.4 - Arbitrary Settings Update via CSRF

Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...

5.4CVSS6.5AI score0.00288EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/10/20 12:0 a.m.14 views

Responsive Image Gallery, Gallery Album <= 2.0.3 - Unauthenticated Stored XSS

Description The plugin does not validate and escape some parameters, which could allow unauthenticated users to perform Stored Cross-Site Scripting attacks...

7.1CVSS5.8AI score0.00313EPSS
Exploits0
WPVulnDB
WPVulnDB
added 2023/10/20 12:0 a.m.9 views

BEAR for WordPress < 1.1.4 - Arbitrary Settings Update via CSRF

Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...

4.3CVSS6.5AI score0.00483EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/10/20 12:0 a.m.22 views

Migration, Backup, Staging – WPvivid < 0.9.90 - Admin+ Arbitrary Directory Deletion via Path Traversal

Description The plugin is vulnerable to Directory Traversal allowing authenticated bad actors with administrative privileges to delete the contents of arbitrary directories on the server, which can be a critical issue in a shared environments...

8.7CVSS6.4AI score0.01219EPSS
Exploits1Affected Software1
WPVulnDB
WPVulnDB
added 2023/10/20 12:0 a.m.18 views

Smart Cookie Kit < 2.3.2 - Contributor+ Stored XSS

Description The plugin does not validate and escape some parameters, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

6.5CVSS5.7AI score0.0031EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/10/20 12:0 a.m.8 views

WPLegalPages < 2.9.3 - Contributor+ Stored XSS

Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admin...

5.5CVSS5.6AI score0.00449EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/10/20 12:0 a.m.26 views

Open User Map | Everybody can add locations < 1.3.27 - Admin+ Stored XSS

Description The plugin does not validate and escape some parameters, which could allow users with the admin role and above to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5.9CVSS5.6AI score0.00316EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/10/20 12:0 a.m.12 views

Order auto complete for WooCommerce < 1.2.1 - Admin+ Stored XSS

Description The plugin does not validate and escape some parameters, which could allow users with the admin role and above to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5.9CVSS5.6AI score0.00316EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/10/20 12:0 a.m.20 views

BEAR for WordPress < 1.1.4 - Arbitrary Settings Update via CSRF

Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...

5.4CVSS7AI score0.00273EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/10/20 12:0 a.m.15 views

Video Player <= 1.5.22 - Reflected XSS

Description The plugin does not sanitise and escape some parameters before outputting them back in the page, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

7.1CVSS6.1AI score0.00331EPSS
Exploits0
WPVulnDB
WPVulnDB
added 2023/10/20 12:0 a.m.12 views

Download canvasio3D Light <= 2.4.6 - Reflected XSS

Description The plugin does not sanitise and escape some parameters before outputting them back in the page, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

7.1CVSS6.1AI score0.00331EPSS
Exploits0
WPVulnDB
WPVulnDB
added 2023/10/20 12:0 a.m.23 views

Form Maker by 10Web < 1.15.19 - Unauthenticated Stored XSS

Description The plugin does not validate and escape some parameters, which could allow unauthenticated users to perform Stored Cross-Site Scripting attacks...

7.1CVSS6.2AI score0.00331EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/10/20 12:0 a.m.11 views

AmpedSense – AdSense Split Tester < 4.69 - Reflected XSS

Description The plugin does not sanitise and escape some parameters before outputting them back in the page, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

7.1CVSS5.7AI score0.00331EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/10/20 12:0 a.m.14 views

Mendeley <= 1.3.4 - Admin+ Stored XSS

Description The plugin does not validate and escape some parameters, which could allow users with the admin role and above to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5.9CVSS4.8AI score0.00316EPSS
Exploits0
WPVulnDB
WPVulnDB
added 2023/10/20 12:0 a.m.23 views

Magic Action Box <= 2.17.2 - Contributor+ Stored XSS

Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admin...

6.4CVSS6AI score0.00345EPSS
Exploits0
WPVulnDB
WPVulnDB
added 2023/10/20 12:0 a.m.16 views

Image vertical reel scroll slideshow <= 9.2 - Admin+ Stored XSS

Description The plugin does not validate and escape some parameters, which could allow users with the admin role and above to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5.9CVSS4.8AI score0.00316EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2023/10/20 12:0 a.m.12 views

Auto Amazon Links < 5.3.2 - Contributor+ Stored XSS

Description The plugin does not sanitize and escape some of its settings, which could allow contributor+ to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

6.4CVSS5.6AI score0.00323EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/10/20 12:0 a.m.24 views

WordPress Popular Posts < 6.3.3 - Contributor+ Stored XSS

Description The plugin does not validate and escape some parameters, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

6.5CVSS5.7AI score0.0034EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/10/20 12:0 a.m.20 views

Get Custom Field Values < 4.1 - Admin+ Stored XSS

Description The plugin does not validate and escape some parameters, which could allow users with the admin role and above to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5.9CVSS5.6AI score0.00316EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/10/20 12:0 a.m.31 views

Slimstat Analytics < 5.0.10 - Contributor+ SQL Injection

Description The plugin is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 5.0.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers wit...

8.8CVSS6.6AI score0.00916EPSS
Exploits4Affected Software1
WPVulnDB
WPVulnDB
added 2023/10/20 12:0 a.m.14 views

Horizontal scrolling announcement <= 9.2 - Authenticated (subscriber+) Blind SQL Injection

Description The plugin did not sanitise its sid shortcode parameter before using it in a SQL statement, allowing low privilege users subscriber+ to perform Blind SQL Injection attack...

8.8CVSS7.4AI score0.00725EPSS
Exploits1
WPVulnDB
WPVulnDB
added 2023/10/20 12:0 a.m.15 views

BEAR for WordPress < 1.1.4 - Arbitrary Settings Update via CSRF

Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...

4.3CVSS6.5AI score0.0028EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/10/20 12:0 a.m.19 views

Bulk NoIndex & NoFollow Toolkit < 1.5 - Reflected XSS

Description The plugin does not sanitise and escape some parameters before outputting them back in the page, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

7.1CVSS6.1AI score0.00331EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/10/20 12:0 a.m.9 views

Migration, Backup, Staging - WPvivid < 0.9.92 - Unauthenticated Sensitive Information Exposure

Description The Migration, Backup, Staging - WPvivid plugin for WordPress exposes sensitive information to unauthenticated users via Google Drive API secrets stored in plaintext in the publicly visible plugin source. This could allow unauthenticated attackers to impersonate the WPVivid Google Dri...

9.3CVSS9.1AI score0.00755EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/10/20 12:0 a.m.15 views

wpDiscuz < 7.6.4 - Unauthenticated Data Modification via IDOR

Description The plugin does not prevent non-administrator users from changing data...

5.3CVSS6.5AI score0.00401EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/10/20 12:0 a.m.17 views

BEAR for WordPress < 1.1.4 - Arbitrary Settings Update via CSRF

Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...

4.3CVSS6.5AI score0.00431EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/10/20 12:0 a.m.11 views

WP Mailto Links – Protect Email Addresses < 3.1.4 - Contributor+ Stored XSS

Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admin...

6.4CVSS5.6AI score0.00424EPSS
Exploits1Affected Software1
WPVulnDB
WPVulnDB
added 2023/10/18 12:0 a.m.21 views

Hitsteps Web Analytics < 5.87 - Admin+ Stored XSS

Description The plugin does not validate and escape some parameters, which could allow users with the admin role and above to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5.9CVSS6AI score0.00316EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/10/18 12:0 a.m.10 views

Comment Reply Email < 1.0.4 - Admin+ Stored XSS

Description The plugin does not validate and escape some parameters, which could allow users with the admin role and above to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5.9CVSS5.6AI score0.00316EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/10/18 12:0 a.m.13 views

YouTube Playlist Player < 4.6.8 - Contributor+ Stored XSS

Description The plugin does not validate and escape some parameters, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

6.5CVSS5.7AI score0.0031EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/10/17 12:0 a.m.12 views

WooODT Lite <= 2.4.7 - Reflected XSS

Description The plugin does not sanitise and escape some parameters before outputting them back in the page, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

7.1CVSS6AI score0.00331EPSS
Exploits0
WPVulnDB
WPVulnDB
added 2023/10/17 12:0 a.m.8 views

Seriously Simple Stats < 1.5.2 - Reflected XSS

Description The plugin does not sanitise and escape some parameters before outputting them back in the page, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

7.1CVSS5.7AI score0.00331EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/10/17 12:0 a.m.8 views

IRivYou <= 2.2.1 - Arbitrary Settings Update via CSRF

Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...

8.8CVSS6.5AI score0.00214EPSS
Exploits0
WPVulnDB
WPVulnDB
added 2023/10/17 12:0 a.m.11 views

Simple URLs < 121 - Arbitrary Actions via CSRF

Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...

8.8CVSS6.5AI score0.00214EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/10/17 12:0 a.m.19 views

Timely Booking Button <= 2.0.2 - Admin+ Stored XSS

Description The plugin does not validate and escape some parameters, which could allow users with the admin role and above to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5.9CVSS5.6AI score0.00316EPSS
Exploits0
WPVulnDB
WPVulnDB
added 2023/10/17 12:0 a.m.21 views

Hotjar < 1.0.16 - Admin+ Stored XSS

Description The plugin does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5.5CVSS5.5AI score0.00497EPSS
Exploits1Affected Software1
WPVulnDB
WPVulnDB
added 2023/10/17 12:0 a.m.21 views

AGP Font Awesome Collection <= 3.2.4 - Arbitrary Settings Update via CSRF

Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...

8.8CVSS6.5AI score0.00214EPSS
Exploits0
WPVulnDB
WPVulnDB
added 2023/10/17 12:0 a.m.13 views

Video Playlist For YouTube <= 6.1 - CSRF

Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...

8.8CVSS8.7AI score0.00214EPSS
Exploits0References1
Total number of security vulnerabilities14602