Lucene search
K
WpvulndbRecent

14603 matches found

WPVulnDB
WPVulnDB
•added 2023/09/25 12:0 a.m.•14 views

ActivityPub for WordPress < 1.0.1 - Contributor+ Stored XSS

Description The plugin does not sanitize and escape some data from post content, which could allow contributor and above role to perform Stored Cross-Site Scripting attacks PoC As a contributor, create or edit a post with the payload below while in code editor mode xyz The XSS will be triggered...

5.4CVSS5.3AI score0.00403EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2023/09/25 12:0 a.m.•21 views

User Activity Log Pro < 2.3.4 - Unauthenticated Stored Cross-Site Scripting via User Agent

Description The plugin does not properly escape recorded User-Agents in the user activity logs dashboard, which may allow visitors to conduct Stored Cross-Site Scripting attacks. PoC 1 Make sure the plugin's Enable User Agent For Log setting is set at /wp-admin/admin.php?page=ualpsettings 2 If...

5.4CVSS5.4AI score0.00394EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2023/09/25 12:0 a.m.•16 views

Bookly < 22.4 - Admin+ SQLi

Description The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin PoC Go to Bookly Settings Logs Do a search and intercept the request The parameter columns%5B0%5D%5Bdata%5D wit...

7.2CVSS7.2AI score0.00717EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2023/09/25 12:0 a.m.•14 views

WPSchoolPress < 2.2.5 - Teacher+ SQLi

Description The plugin uses the WordPress escsql function on a field not delimited by quotes and did not first prepare the query, leading to a SQL injection exploitable by relatively low-privilege users like Teachers. PoC 1. Install the WPSchoolpress plugin and Import Demo Data. 2. Log in as a...

8.8CVSS9AI score0.00721EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2023/09/25 12:0 a.m.•17 views

PowerPress Podcasting < 11.0.12 - Contributor+ Stored XSS

Description The plugin does not sanitize and escape the media url field in posts, which could allow users with privileges as low as contributor to inject arbitrary web scripts that could target a site admin or superadmin. PoC Add the following payload to the Media URL field:...

5.4CVSS6.8AI score0.00403EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2023/09/25 12:0 a.m.•13 views

ActivityPub for WordPress < 1.0.0 - Subscriber+ Arbitrary Post Title Disclosure

Description The plugin does not ensure that post titles to be displayed are public and belong to the plugin, allowing any authenticated user, such as subscriber to retrieve the title of arbitrary post such as draft and private via an IDOR vector PoC Run the below command in the developer console ...

4.3CVSS4.5AI score0.00468EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2023/09/25 12:0 a.m.•16 views

Simple Posts Ticker < 1.1.6 - Contributor+ Stored XSS

Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. PoC Add a post with the...

5.4CVSS5.4AI score0.00394EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2023/09/25 12:0 a.m.•22 views

ActivityPub for WordPress < 1.0.0 - Contributor+ Stored XSS

Description The plugin does not escape user metadata before outputting them in mentions, which could allow users with a role of Contributor and above to perform Stored XSS attacks PoC As a contributor, put the following payload in a post the payload will have to be updated accordingly to watch th...

5.4CVSS5.2AI score0.00419EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2023/09/25 12:0 a.m.•17 views

Tutor LMS < 2.3.0 - Subscriber+ Stored Cross-Site Scripting

Description The plugin does not sanitise and escape some of its settings, which could allow users such as subscriber to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC 1. Register a student account and go to the...

5.4CVSS5.8AI score0.00403EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2023/09/25 12:0 a.m.•18 views

WordPress File Upload < 4.23.3 - Author+ Stored Cross-Site Scripting

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as authors to perform Stored Cross-Site Scripting attacks. PoC 1. Add the following shortcode to a post: wordpressfileupload redirect="true" redirectlink="javascript:alert1" 2...

5.4CVSS5.2AI score0.00394EPSS
Exploits3Affected Software1
WPVulnDB
WPVulnDB
•added 2023/09/25 12:0 a.m.•19 views

Testimonial Slider Shortcode < 1.1.9 - Contributor+ Stored XSS

Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admin PoC...

5.4CVSS5.4AI score0.00403EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2023/09/25 12:0 a.m.•12 views

WP Matterport Shortcode < 2.1.7 - Reflected XSS

Description The plugin does not escape the PHPSELF server variable when outputting it in attributes, leading to Reflected Cross-Site Scripting issues which could be used against high privilege users such as admin PoC Make a logged in admin open...

6.1CVSS6AI score0.0042EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2023/09/25 12:0 a.m.•24 views

PageLayer < 1.7.7 - Unauthenticated Stored XSS

Description The plugin doesn't prevent unauthenticated attackers from updating a post's header or footer code on scheduled posts. PoC Unauthenticated attacker Proof of Concept 1 As a legitimate administrator, schedule a post to be published in a few minutes. 2 Close every window to that site to...

6.1CVSS6.4AI score0.00455EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2023/09/25 12:0 a.m.•13 views

NextGEN Gallery < 3.39 - Admin+ Local File Inclusion

Description The plugin does not validate some block attributes before using them to generate paths passed to include function/s, allowing Admin users to perform LFI attacks PoC 1. Create a gallery and upload an image. 2. Add the NextGEN Gallery block to a page and click Edit. Select the Gallery...

4.9CVSS5AI score0.00787EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2023/09/25 12:0 a.m.•8 views

PageLayer < 1.7.8 - Author+ Stored XSS

Description The plugin doesn't prevent attackers with author privileges and higher from inserting malicious JavaScript inside a post's header or footer code. PoC - As a user with Author+ capabilities, create a new post draft - Save it, then edit it using the PageLayer page builder - Navigate to...

5.4CVSS5.6AI score0.00415EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2023/09/25 12:0 a.m.•20 views

WP Job Openings < 3.4.3 - Sensitive Data Exposure via Directory Listing

Description The plugin does not block listing the contents of the directories where it stores attachments to job applications, allowing unauthenticated visitors to list and download private attachments if the autoindex feature of the web server is enabled. PoC...

5.3CVSS5.3AI score0.00541EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
•added 2023/09/23 12:0 a.m.•13 views

Contact Form by FormGet <= 5.5.5 - Contributor+ Stored XSS

Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admin...

6.4CVSS6AI score0.00364EPSS
Exploits0References1
WPVulnDB
WPVulnDB
•added 2023/09/23 12:0 a.m.•10 views

Easy Registration Forms <= 2.1.1 - Subscriber+ Information Disclosure via Shortcode

Description The Easy Registration Forms for WordPress is vulnerable to Information Disclosure via the 'erformsusermeta' shortcode due to insufficient controls on the information retrievable via the shortcode...

4.3CVSS6.1AI score0.00441EPSS
Exploits0References1
WPVulnDB
WPVulnDB
•added 2023/09/22 12:0 a.m.•12 views

WordPress Charts < 0.7.0 - Contributor+ Stored XSS

Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admin...

6.4CVSS5.6AI score0.00437EPSS
Exploits0
WPVulnDB
WPVulnDB
•added 2023/09/22 12:0 a.m.•16 views

Media Library Assistant < 3.11 - Contributor+ Stored XSS

Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admin...

6.4CVSS5.6AI score0.00474EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2023/09/21 12:0 a.m.•14 views

DoLogin Security < 3.7.1 - Subscriber+ IP Address leak

Description The plugin does not restrict the access of a widget that shows the IPs of failed logins to low privileged users. PoC Just login to subscriber account and go to: http://localhost/wp-admin/index.phplog...

6.5CVSS6.4AI score0.00861EPSS
Exploits1Affected Software1
WPVulnDB
WPVulnDB
•added 2023/09/21 12:0 a.m.•16 views

Drag and Drop Multiple File Upload < 1.1.1 - Unauthenticated Stored Cross-Site Scripting

Description The plugin does not filter all potentially dangerous file extensions. Therefore, an attacker can upload unsafe .shtml or .svg files containing malicious scripts. PoC Using malicious SVG files: Go to a product page that features the file upload form, and paste the following in your...

5.4CVSS5.5AI score0.00395EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2023/09/21 12:0 a.m.•18 views

EventON < 2.2 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC 1. Create a new events. 2. In the...

4.8CVSS4.8AI score0.00402EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2023/09/21 12:0 a.m.•13 views

Shared Files < 1.7.6 - Unauthenticated Stored Cross-Site Scripting

Description The plugin does not return the right Content-Type header for the specified uploaded file. Therefore, an attacker can upload an allowed file extension injected with malicious scripts. PoC Upload an allowed WordPress extension such as JPG and inject it with a script such as: . To access...

6.1CVSS7.2AI score0.0042EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2023/09/21 12:0 a.m.•23 views

Magee Shortcodes <= 2.1.1 - Contributor+ Stored XSS via shortcode

Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. PoC msalert...

5.4CVSS5.4AI score0.00403EPSS
Exploits2
WPVulnDB
WPVulnDB
•added 2023/09/21 12:0 a.m.•18 views

Enable Media Replace < 4.1.3 - Author+ PHP Object Injection

Description The plugin unserializes user input via the Remove Background feature, which could allow Author+ users to perform PHP Object Injection when a suitable gadget is present on the blog PoC Step 1: Add the following code to the end of the file located at...

8.8CVSS6.9AI score0.00837EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2023/09/20 12:0 a.m.•18 views

WordPress File Sharing < 2.0.4 - Admin+ Stored XSS

Description The plugin does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS5.5AI score0.0088EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2023/09/20 12:0 a.m.•25 views

Funnelforms Free < 3.4 Unauthenticated Stored Cross-Site Scripting

Description The plugin does not sanitise and escape some parameters, which could allow unauthenticated users to perform Cross-Site Scripting attacks PoC 1. Create a contact form 2. Embed the contact form shortcode on a post or page. 3. As an Unauthitncated user, inject the inputs for a malicious...

6.1CVSS6.1AI score0.0047EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2023/09/20 12:0 a.m.•8 views

User Submitted Posts < 20230901 - Contributor+ Stored XSS via Shortcode

Description The User Submitted Posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's uspgallery shortcode in versions up to, and including, 20230811 due to insufficient input sanitization and output escaping on user supplied attributes like 'before'. This makes ...

6.4CVSS5.5AI score0.00325EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2023/09/20 12:0 a.m.•20 views

Super Store Finder < 6.9.4 - Unauthenticated Email Creation/Sending

Description The Super Store Finder plugin for WordPress is vulnerable to unauthenticated arbitrary email creation and relay. This makes it possible for unauthenticated attackers to send emails utilizing the vulnerable site's server, with arbitrary content...

5.8CVSS6.7AI score0.00542EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
•added 2023/09/20 12:0 a.m.•13 views

WP User Control <= 1.5.3 - Unauthenticated password reset

Description The WP User Control plugin for WordPress is vulnerable to unauthorized password resets due to the plugin using native password reset functionality. It is worth mentioning that the new password is only sent to the affected user's email, not being leaked to the attacker...

5.3CVSS6.7AI score0.00377EPSS
Exploits0
WPVulnDB
WPVulnDB
•added 2023/09/20 12:0 a.m.•11 views

Awesome Weather Widget for WordPress <= 3.0.2 - Contributor+ Stored XSS

Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admin...

6.4CVSS5.6AI score0.00418EPSS
Exploits0
WPVulnDB
WPVulnDB
•added 2023/09/20 12:0 a.m.•23 views

Allow PHP in Posts and Pages < 3.0.4 - Authenticated Remote Code Execution (RCE)

Description The Allow PHP in Posts and Pages plugin for WordPress is vulnerable to Remote Code Execution via the 'php' shortcode. This allows authenticated attackers with subscriber-level permissions or above, to execute code on the server...

9.9CVSS7.6AI score0.00748EPSS
Exploits0References1
WPVulnDB
WPVulnDB
•added 2023/09/20 12:0 a.m.•9 views

Simple Download Counter < 1.6.1 - Contributor+ Stored XSS

Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admin...

6.4CVSS5.6AI score0.00313EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2023/09/20 12:0 a.m.•12 views

JQuery Accordion Menu Widget for WordPress <= 3.1.2 - Contributor+ Stored XSS

Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admin...

6.4CVSS5.6AI score0.00436EPSS
Exploits0
WPVulnDB
WPVulnDB
•added 2023/09/20 12:0 a.m.•17 views

intergeo-maps <= 2.3.2 - Contributor+ Stored XSS

Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admin...

6.4CVSS5.6AI score0.00345EPSS
Exploits0
WPVulnDB
WPVulnDB
•added 2023/09/20 12:0 a.m.•8 views

WS Facebook Like Box Widget for WordPress <= 5.0 - Contributor+ Stored XSS

Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admin...

6.4CVSS5.6AI score0.00355EPSS
Exploits0
WPVulnDB
WPVulnDB
•added 2023/09/20 12:0 a.m.•10 views

WooCommerce CVR Payment Gateway < 6.1.0 - Missing Authorization to Authenticated (Contributor+) CVR Update

Description The WooCommerce CVR Payment Gateway plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the refreshordercvrdata AJAX action. This makes it possible for authenticated attackers with contributor-level access and above, to update C...

4.3CVSS6.2AI score0.00321EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2023/09/20 12:0 a.m.•13 views

Defender Security < 4.1.0 - Protection Bypass (Hidden Login Page)

Description The plugin does not prevent redirects to the login page via the authredirect WordPress function, allowing an unauthenticated visitor to access the login page, even when the hide login page functionality of the plugin is enabled. PoC Example using GravityForms to redirect to the login...

5.3CVSS5.3AI score0.02235EPSS
Exploits3References1Affected Software1
WPVulnDB
WPVulnDB
•added 2023/09/19 12:0 a.m.•17 views

Form-Maker < 1.15.20 - Unauthenticated Arbitrary File Upload

Description The plugin does not validate signatures when creating them on the server from user input, allowing unauthenticated users to create arbitrary files and lead to RCE PoC On a page where there is a form with a Signature field, run the following code in the web developer console while...

9.8CVSS7.4AI score0.03283EPSS
Exploits3Affected Software1
WPVulnDB
WPVulnDB
•added 2023/09/19 12:0 a.m.•13 views

File Manager Pro < 1.8.1 - Admin+ Stored Cross-Site Scripting

Description The plugin does not adequately validate and escape some inputs, leading to XSS by high-privilege users. PoC As an admin, open the File Manager and run the following JS code: fetch"http://localhost:10008/wp-admin/admin-ajax.php", "headers": "content-type":...

4.8CVSS4.9AI score0.00402EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2023/09/19 12:0 a.m.•24 views

File Manager Pro < 1.8.1 - Admin+ Remote Code Execution

Description The plugin allows admin users to upload arbitrary files, even in environments where such a user should not be able to gain full control of the server, such as a multisite installation. This leads to remote code execution. PoC As an admin, use the File Manager UI to upload a file...

7.2CVSS7.5AI score0.01331EPSS
Exploits3Affected Software1
WPVulnDB
WPVulnDB
•added 2023/09/19 12:0 a.m.•19 views

Weaver Xtreme Theme Support < 6.3.1 - Admin+ PHP Object Injection

Description The plugin unserialises the content of an imported file, which could lead to PHP object injections issues when a high privilege user import a malicious file and a suitable gadget chain is present on the blog. PoC To simulate a gadget chain, put the following code in a plugin: class Te...

7.2CVSS7.1AI score0.00976EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2023/09/18 12:0 a.m.•9 views

WP Abstracts <= 2.6.3 - Admin+ Stored XSS

Description The plugin does not validate and escape some parameters, which could allow users with the admin role and above to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5.9CVSS5.6AI score0.00402EPSS
Exploits1
WPVulnDB
WPVulnDB
•added 2023/09/18 12:0 a.m.•8 views

Reservation.Studio widget < 1.0.12 - Admin+ Stored XSS

Description The plugin does not validate and escape some parameters, which could allow users with the admin role and above to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5.9CVSS5.6AI score0.00439EPSS
Exploits1Affected Software1
WPVulnDB
WPVulnDB
•added 2023/09/18 12:0 a.m.•12 views

Dropbox Folder Share <= 1.9.7 - Unauthenticated Server-Side Request Forgery via 'link'

Description The Dropbox Folder Share plugin plugin was affected by an Unauthenticated Server-Side Request Forgery SSRF security vulnerability...

7.2CVSS6.7AI score0.0038EPSS
Exploits0
WPVulnDB
WPVulnDB
•added 2023/09/18 12:0 a.m.•25 views

Easy Admin Menu <= 1.3 - Admin+ Stored XSS

Description The plugin does not validate and escape some parameters, which could allow users with the admin role and above to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5.9CVSS4.8AI score0.00366EPSS
Exploits0
WPVulnDB
WPVulnDB
•added 2023/09/18 12:0 a.m.•16 views

Livestream Notice < 1.3.0 - Admin+ Stored XSS

Description The plugin does not validate and escape some parameters, which could allow users with the admin role and above to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5.9CVSS5.6AI score0.00379EPSS
Exploits1Affected Software1
WPVulnDB
WPVulnDB
•added 2023/09/18 12:0 a.m.•18 views

Fitness calculators <= 2.0.7 - Admin+ Stored XSS

Description The plugin does not validate and escape some parameters, which could allow users with the admin role and above to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5.9CVSS5.6AI score0.00316EPSS
Exploits0
WPVulnDB
WPVulnDB
•added 2023/09/18 12:0 a.m.•17 views

Cookie Monster <= 1.51 - Admin+ Stored XSS

Description The plugin does not validate and escape some parameters, which could allow users with the admin role and above to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5.9CVSS5.6AI score0.00362EPSS
Exploits0
Total number of security vulnerabilities14603