Lucene search
K
WpvulndbRecent

14603 matches found

WPVulnDB
WPVulnDB
added 2023/08/07 12:0 a.m.24 views

Ninja Forms < 3.6.26 - Admin+ Stored HTML Injection

Description The plugin does not sanitize and escape its label fields, which could allow high privilege users such as admin to perform Stored HTML injection. Only users with the unfilteredhtml capability can perform this, and such users are already allowed to use JS in posts/comments etc however t...

4.8CVSS6.5AI score0.00379EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2023/08/07 12:0 a.m.20 views

WP Ultimate CSV Importer < 7.9.9 - Author+ RCE

Description The plugin does not validate imported files, which could allow authors and above roles who have been granted access to the plugin settings to perform RCE...

8.8CVSS6.6AI score0.01239EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/08/07 12:0 a.m.12 views

Custom Field Template < 2.6 - Reflected Cross-Site Scripting

Description The plugin does not sanitise and escape the posttype parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

7.1CVSS6.2AI score0.00354EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/08/04 12:0 a.m.16 views

Subscribers Text Counter < 1.7.1 - Settings Update via CSRF to Stored XSS

Description The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack, which also lead to Stored Cross-Site Scripting due to the lack of sanitisation and escaping PoC Create an HTML file with the...

4.3CVSS4.4AI score0.00218EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2023/08/04 12:0 a.m.15 views

User Access Manager < 2.2.18 - IP Spoofing

Description The plugin prioritizes getting a visitor's IP from certain HTTP headers over PHP's REMOTEADDR, which makes it possible for attackers to access restricted content in certain situations. PoC Set HTTPXREALIP which is used in checkUserGroupAccess to use an IP from the allowlist...

5.3CVSS5.2AI score0.00582EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2023/08/02 12:0 a.m.22 views

Simple Blog Card < 1.31 - Contributor+ Stored XSS via Shortcode

Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks PoC As a contributor, put the...

5.4CVSS5.4AI score0.00371EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/08/02 12:0 a.m.14 views

PostX - Gutenberg Post Grid Blocks < 3.0.6 - Reflected Cross-Site Scripting

Description The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin PoC Make a logged in admin open the URL below the post value is the ID of a post/page...

6.1CVSS6.1AI score0.00427EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2023/08/02 12:0 a.m.14 views

Stripe Payment Plugin for WooCommerce < 3.7.8 - Authentication Bypass

Description The plugin does not properly check users during the Stripe checkout process, which could allow unauthenticated attackers to log in as any users having placed an order when the Stripe checkout option is enabled...

9.8CVSS6.5AI score0.00966EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/08/02 12:0 a.m.22 views

Front Editor <= 4.3.5 - Admin+ Stored XSS

Description The plugin does not sanitize and escape some of its form settings, which could allow high-privilege users to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC 1. Add a new form. 2. For the "Post Title",...

4.8CVSS4.8AI score0.00379EPSS
Exploits2
WPVulnDB
WPVulnDB
added 2023/08/02 12:0 a.m.24 views

Bus Ticket Booking with Seat Reservation < 5.2.4 - Reflected XSS

Description The plugin does not sanitise and escape the tabdate and tabdater parameters before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

6.1CVSS6.2AI score0.00378EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/08/02 12:0 a.m.12 views

FormCraft < 1.2.7 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. PoC There are two XSS issues: Example...

4.8CVSS5.1AI score0.00399EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2023/08/02 12:0 a.m.9 views

Upload Media By URL < 1.0.8 - Stored XSS via CSRF

Description The plugin does not have CSRF check when uploading files, which could allow attackers to make logged in admins upload files including HTML containing JS code for users with the unfilteredhtml capability on their behalf. PoC Have a logged in user with the unfilteredhtml capability open...

6.5CVSS6.5AI score0.00261EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/07/31 12:0 a.m.16 views

MultiParcels Shipping For WooCommerce < 1.15.2 - Arbitrary Shipment Deletion via CSRF

Description The plugin does not have CRSF check when deleting a shipment, allowing attackers to make any logged in user, delete arbitrary shipment via a CSRF attack PoC Make any logged in user open https://example.com/wp-admin/admin-post.php?action=multiparcelsdeleteshipping=1 to make them delete...

4.3CVSS4.6AI score0.00231EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2023/07/31 12:0 a.m.16 views

Blog2Social < 7.2.1 - Reflected XSS

Description The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin PoC Make a logged in admin open the URL below...

6.1CVSS6AI score0.0093EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2023/07/31 12:0 a.m.16 views

MultiParcels Shipping For WooCommerce 1.15.2-1.15.3 - Reflected XSS

Description The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin PoC Make a logged in admin open...

6.1CVSS6AI score0.00396EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2023/07/29 12:0 a.m.30 views

Ninja Forms < 3.6.26 - Reflected Cross-Site Scripting

Description The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

7.1CVSS5.8AI score0.0601EPSS
Exploits6Affected Software1
WPVulnDB
WPVulnDB
added 2023/07/29 12:0 a.m.27 views

Ninja Forms < 3.6.26 - Subscriber+ Form Entries Export

Description The plugin does not have proper authorisation check in the processing function, which could allow any authenticated users, such as subscriber to export and download submitted form entries...

6.2AI score0.00427EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/07/29 12:0 a.m.30 views

Ninja Forms < 3.6.26 - Contributor+ Form Entries Export

Description The plugin does not have proper authorisation check in the exportlisten function, which could allow Contributors and above roles to export and download submitted form entries...

6.4AI score0.00431EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/07/28 12:0 a.m.38 views

Multiple Plugins from Inisev - Subscriber+ Plugin Installation

Description Multiple plugins from the Inisev vendor are lacking authorisation in the handleinstallation function hooked to the inisevinstallation AJAX action, allowing any authenticated users, such as subscriber to install plugins from Inisev on the blog...

6.5CVSS6.6AI score0.00557EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/07/28 12:0 a.m.19 views

Multiple Plugins from Inisev - Plugin Installation via CSRF

Description Multiple plugins from the Inisev vendor are lacking CSRF check in the handleinstallation function hooked to the inisevinstallation AJAX action, allowing unauthenticated attackers to make logged in admins install plugins from Inisev on the blog via a CSRF attack...

4.3CVSS4.9AI score0.00512EPSS
Exploits1Affected Software1
WPVulnDB
WPVulnDB
added 2023/07/27 12:0 a.m.10 views

Change WP Admin < 1.1.4 - Secret Login Page Disclosure

Description The plugin discloses the URL of the hidden login page when accessing a crafted URL, bypassing the protection offered. PoC - Set custom Login URL under "Settings Permalinks". For example, login - As an unauthenticated visitor, open https://example.com/wp-admin/customize.php in a...

7.5CVSS6.5AI score0.00692EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2023/07/27 12:0 a.m.12 views

Video Conferencing with Zoom < 4.3.0 - Sensitive Data Disclosure

Description The plugin hardcodes its encryption key, which could allow unauthenticated attackers to decrypt the meeting id and password via the vczapiencryptdecrypt function...

5.3CVSS6.8AI score0.00322EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/07/27 12:0 a.m.13 views

Bit Assist < 1.1.9 - Admin+ Stored Cross-Site Scripting

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC 1. In the plugin's settings, click...

4.8CVSS5.5AI score0.00379EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2023/07/27 12:0 a.m.18 views

ACF Photo Gallery Field < 2.0 - Subscriber+ UserMeta Update

Description The plugin does not check user meta to be updated, allowing any authenticated users, such as subscriber, to update any of their user meta to an arbitrary string...

4.3CVSS6.4AI score0.0041EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/07/27 12:0 a.m.20 views

InstaWP Connect < 0.0.9.19 - Unauthenticated Data Modification

Description The plugin does not have authorisation check in its eventsreceiver function, allowing unauthenticated users to create/update/delete posts/taxonomy, install/activate/deactivate plugin, update the customizer settings as well as create/update/delete arbitrary users...

9.8CVSS6.6AI score0.00758EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/07/25 12:0 a.m.24 views

Freemius SDK < 2.5.10 - Reflected Cross-Site Scripting

Description The Freemius SDK for WordPress does not adequately sanitize inputs or escape outputs, leading to Reflected Cross-Site Scripting. This directly affects over 1000 plugins and themes that use this SDK...

8.6AI score0.00284EPSS
Exploits0
WPVulnDB
WPVulnDB
added 2023/07/25 12:0 a.m.45 views

Freemius SDK < 2.5.10 - Reflected Cross-Site Scripting

Description The Freemius SDK for WordPress does not adequately sanitize inputs or escape outputs, leading to Reflected Cross-Site Scripting. This directly affects over 1000 plugins and themes that use this SDK...

7AI score0.00284EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/07/25 12:0 a.m.34 views

Freemius SDK < 2.5.10 - Reflected Cross-Site Scripting

Description The Freemius SDK for WordPress does not adequately sanitize inputs or escape outputs, leading to Reflected Cross-Site Scripting. This directly affects over 1000 plugins and themes that use this SDK...

6.5AI score0.00284EPSS
Exploits0
WPVulnDB
WPVulnDB
added 2023/07/25 12:0 a.m.248 views

Freemius SDK < 2.5.10 - Reflected Cross-Site Scripting

Description The Freemius SDK for WordPress does not adequately sanitize inputs or escape outputs, leading to Reflected Cross-Site Scripting. This directly affects over 1000 plugins and themes that use this SDK...

7AI score0.00284EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/07/25 12:0 a.m.14 views

Freemius SDK < 2.5.10 - Reflected Cross-Site Scripting

Description The Freemius SDK for WordPress does not adequately sanitize inputs or escape outputs, leading to Reflected Cross-Site Scripting. This directly affects over 1000 plugins and themes that use this SDK...

6.5AI score0.00284EPSS
Exploits0
WPVulnDB
WPVulnDB
added 2023/07/25 12:0 a.m.22 views

Freemius SDK < 2.5.10 - Reflected Cross-Site Scripting

Description The Freemius SDK for WordPress does not adequately sanitize inputs or escape outputs, leading to Reflected Cross-Site Scripting. This directly affects over 1000 plugins and themes that use this SDK...

6.3AI score0.00284EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/07/24 12:0 a.m.44 views

WordPress Database Administrator <= 1.0.3 - Unauthenticated SQL Injection

Description The plugin does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection. PoC Run the command: curl -i -s -k -X POST --data-binary...

9.6AI score0.0084EPSS
Exploits2
WPVulnDB
WPVulnDB
added 2023/07/24 12:0 a.m.22 views

Contact Form Builder by Bit Form < 2.2.0 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC 1. Create a Blank form or select...

4.8CVSS4.9AI score0.00379EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2023/07/24 12:0 a.m.25 views

WP Brutal AI < 2.06 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. PoC In the plugin settings, for a...

4.8CVSS4.7AI score0.01973EPSS
Exploits3Affected Software1
WPVulnDB
WPVulnDB
added 2023/07/24 12:0 a.m.13 views

Custom Field For WP Job Manager < 1.2 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC To test, you also need to have WP...

4.8CVSS5.8AI score0.00382EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2023/07/24 12:0 a.m.65 views

Jupiter X Core <= 2.5.0 - Unauthenticated Arbitrary File Download

Description The plugin does not have authorisation checks and does not validate file paths in the handlefiledownload function, allowing unauthenticated users to download arbitrary files from the server when the premium version of the plugin is activated...

7.5CVSS7.7AI score0.00987EPSS
Exploits1
WPVulnDB
WPVulnDB
added 2023/07/24 12:0 a.m.31 views

WP-EMail < 2.69.1 - Admin+ Stored Cross-Site Scripting

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC 1. In the "Email Options" section...

4.8CVSS4.7AI score0.00402EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2023/07/24 12:0 a.m.23 views

IURNY by INDIGITALL < 3.2.3 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC 1. Go to the plugin's settings. 2...

7.3AI score0.00405EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2023/07/24 12:0 a.m.15 views

Simple Author Box < 2.52 - Contributor+ Arbitrary User Information Disclosure via IDOR

Description The plugin does not verify a user ID before outputting information about that user, leading to arbitrary user information disclosure to users with a role as low as Contributor. PoC 1. Create a new Post as a Contributor user. 2. Add the "Simple Author Box" block. 3. Intercept the...

4.3CVSS4.8AI score0.0043EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/07/24 12:0 a.m.34 views

Ultimate Addons for Contact Form 7 < 3.1.29 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC 1. Ensure Contact Form 7 is...

4.8CVSS4.7AI score0.00402EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2023/07/24 12:0 a.m.18 views

User Activity Log < 1.6.5 - Unauthenticated SQLi

Description The plugin does not correctly sanitise and escape several parameters before using it in a SQL statement as part of its exportation feature, allowing unauthenticated attackers to conduct SQL injection attacks. Version 1.6.4 mitigates the issue for unauthenticated users but it is still...

9.8CVSS10AI score0.00808EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2023/07/24 12:0 a.m.20 views

Ultimate Addons for Contact Form 7 < 3.1.29 - Reflected XSS

Description The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. PoC 1. Ensure Contact Form 7 is installed, along with this plugin 2. Visit Contact...

6.1CVSS6AI score0.00482EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2023/07/20 12:0 a.m.18 views

WP Donate < 1.5 - Unauthenticated SQL Injection

Description A vulnerability was found in wp-donate Plugin up to 1.4 on WordPress. It has been classified as critical. This affects an unknown part of the file includes/donate-display.php. The manipulation leads to sql injection. It is possible to initiate the attack remotely. Upgrading to version...

9.8CVSS9.9AI score0.00866EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/07/20 12:0 a.m.17 views

Custom Post Type Generator <= 2.4.2 - Admin+ Stored Cross-Site Scripting

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5.9CVSS5.8AI score0.00369EPSS
Exploits0
WPVulnDB
WPVulnDB
added 2023/07/20 12:0 a.m.59 views

Essential Addons For Elementor < 5.8.2 - Unauthenticated MailChimp API Key Disclosure

Description The plugin discloses the MailChimp API key in pages with the MailChimp block, allowing unauthenticated users to obtain such key...

5.3CVSS5.5AI score0.00487EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/07/20 12:0 a.m.15 views

Multiple DeoThemes Themes - Reflected Cross-Site Scripting

Description Several themes for WordPress by DeoThemes are vulnerable to Reflected Cross-Site Scripting via breadcrumbs in various versions due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that...

6.1CVSS6.2AI score0.00502EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/07/20 12:0 a.m.12 views

Easy Captcha <= 1.0 - Reflected Cross-Site Scripting

Description The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

7.1CVSS6AI score0.00379EPSS
Exploits0
WPVulnDB
WPVulnDB
added 2023/07/20 12:0 a.m.17 views

Easy Captcha <= 1.0 - Missing Authorization

Description The plugin does not have authorisation in various AJAX actions, which could allow unauthenticated users to call them and perform unauthorised actions...

6.3AI score0.00574EPSS
Exploits0
WPVulnDB
WPVulnDB
added 2023/07/20 12:0 a.m.24 views

OAuth Single Sign On – SSO (OAuth Client) < 6.23.4 - Improper Authentication

Description The plugin does not have authorisation in various AJAX actions, which could allow users with a role as low as Subscriber to call them and perform unauthorised actions...

8.8CVSS8.6AI score0.00958EPSS
Exploits1Affected Software1
WPVulnDB
WPVulnDB
added 2023/07/20 12:0 a.m.23 views

ARMember (free and premium) - Admin+ Stored Cross-Site Scripting

Description The plugin does not sanitise and escape some parameters, which could allow users with a role of Admin and above to perform Cross-Site Scripting attacks...

5.9CVSS5.1AI score0.00388EPSS
Exploits0Affected Software1
Total number of security vulnerabilities14603