Lucene search
K
WpvulndbRecent

14602 matches found

WPVulnDB
WPVulnDB
added 2024/05/28 12:0 a.m.9 views

Simple Share Buttons Adder < 8.5.1 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as editors to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed PoC 1. Go to the plugin settings 2. In the "Additional CSS" field, enter the payload...

5.7AI score0.00399EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/28 12:0 a.m.16 views

Expert Invoice <= 1.0.2 -Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC 1. Navigate to Expert Invoice...

5.2AI score0.00398EPSS
Exploits2
WPVulnDB
WPVulnDB
added 2024/05/28 12:0 a.m.11 views

Fetch JFT < 1.8.4 - Authenticated (Administrator+) Stored Cross-Site Scripting

Description The Fetch JFT plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.8.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...

4.4CVSS5.5AI score0.00246EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/28 12:0 a.m.10 views

WordPress Tour & Travel Booking Plugin for WooCommerce – WpTravelly < 1.7.2 - Missing Authorization via ttbm_new_place_save

Description The WordPress Tour & Travel Booking Plugin for WooCommerce – WpTravelly plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ttbmnewplacesave' function in all versions up to, and including, 1.7.1. This makes it possible for...

5.3CVSS6.7AI score0.00389EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/28 12:0 a.m.15 views

AppPresser < 4.4.0 - Improper Missing Encryption Exception Handling to Authentication Bypass

Description The AppPresser plugin for WordPress is vulnerable to improper missing encryption exception handling on the 'decryptvalue' and on the 'doCookieAuth' functions in all versions up to, and including, 4.3.2. This makes it possible for unauthenticated attackers to log in as any existing use...

8.1CVSS6.8AI score0.00501EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/28 12:0 a.m.12 views

WP STAGING WordPress Backup Plugin – Migration Backup Restore < 3.5.0 - Admin+ Arbitrary File Upload

Description The WP STAGING WordPress Backup Plugin – Migration Backup Restore plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the wpstgprocessing AJAX action in all versions up to, and including, 3.4.3. This makes it possible for authenticated...

9.1CVSS7.6AI score0.00788EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/28 12:0 a.m.19 views

FooBox (Free and Premium) < 2.7.28 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. PoC Go to settings and change the...

7.7AI score0.00335EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/28 12:0 a.m.18 views

Unlimited Elements for Elementor < 1.5.91 - Contributor+ Remote Code Execution via template import

Description The Unlimited Elements For Elementor Free Widgets, Addons, Templates plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.5.89 via the template import functionality. This makes it possible for authenticated attackers, with contributor...

8.8CVSS7.3AI score0.01254EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/28 12:0 a.m.12 views

Ajax Load More < 7.0.2 - Administrator+ Stored Cross-Site Scripting

Description The WordPress Infinite Scroll – Ajax Load More plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 7.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attacker...

5.9AI score
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/28 12:0 a.m.19 views

Essential Addons for Elementor PRO – Best Elementor Templates, Widgets, Kits & WooCommerce Builders < 5.8.15 - Authenticated (Contributor+) Stored Cross-Site Scripting via Team Member Carousel Widget

Description The Essential Addons for Elementor PRO – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Team Member Carousel widget in all Pro versions up to, and including, 5.8.14 due to insufficient...

6.4CVSS5.8AI score0.00263EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/28 12:0 a.m.14 views

Swiss Toolkit For WP < 1.0.8 - Contributor+ Authentication Bypass

Description The Swiss Toolkit For WP plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.0.7. This is due to the plugin storing custom data in post metadata without an underscore prefix. This makes it possible for authenticated attackers with...

8.8CVSS6.8AI score0.00583EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/28 12:0 a.m.17 views

Login with phone number < 1.7.27 - Authentication Bypass due to Missing Empty Value Check

Description The Login with phone number plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.7.26. This is due to the 'activationcode' default value is empty, and the not empty check is missing in the 'lwpajaxregister' function. This makes it possible fo...

9.8CVSS9.3AI score0.00804EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/27 12:0 a.m.10 views

PostX < 4.1.0 - Contributor+ Stored XSS

Description The plugin does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks PoC As a contributor, put the below code in...

8.3AI score0.0043EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/27 12:0 a.m.15 views

Easy Notify Lite < 1.1.33 - Contributor+ Stored XSS

Description The plugin does not sanitise and escape some of its Notification fields, which could allow users such as contributor and above to perform Stored Cross-Site Scripting attacks. PoC - Create/edit a Notification https://example.com/wp-admin/post-new.php?posttype=easynotify - Put the...

5.2AI score0.00312EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/27 12:0 a.m.17 views

Search & Replace < 3.2.2 - Administrator+ SQL injection

Description The Search & Replace plugin for WordPress is vulnerable to SQL Injection via the selecttables parameter in all version up to, and including, 3.2.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...

5.4CVSS7.2AI score0.00202EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/27 12:0 a.m.17 views

Popup Builder by OptinMonster – WordPress Popups for Optins, Email Newsletters and Lead Generation < 2.16.2 - Contributor+ Stored Cross-Site Scripting

Description The Popup Builder by OptinMonster – WordPress Popups for Optins, Email Newsletters and Lead Generation plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘campaignid’ parameter in versions up to, and including, 2.16.1 due to insufficient input sanitization and...

6.4CVSS5.9AI score0.00322EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/24 12:0 a.m.12 views

The Plus Addons for Elementor < 5.5.5 - Contributor+ Stored XSS in Widgets

Description The plugin is vulnerable to Stored Cross-Site Scripting via several of the plugin's widgets due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject...

6.4CVSS5.8AI score0.004EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/24 12:0 a.m.16 views

Elementor Header & Footer Builder < 1.6.26.1 - Contributor+ Stored XSS

Description The plugin is vulnerable to Stored Cross-Site Scripting via the size attribute due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or higher, to inject arbitrary web scripts in pages that will execute...

6.4CVSS5.8AI score0.00322EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/24 12:0 a.m.14 views

WP Prayer II <= 2.4.7 - Email Settings Update via CSRF

Description The plugin does not have CSRF check in place when updating its email settings, which could allow attackers to make a logged in admin change them via a CSRF attack PoC Have an admin open an HTML file containing:...

6.2AI score0.00197EPSS
Exploits2
WPVulnDB
WPVulnDB
added 2024/05/24 12:0 a.m.18 views

The Events Calendar (Free < 6.4.0.1, Pro < 6.4.0.1) - Contributor+ Arbitrary Events Access

Description The plugin does not prevent users with at least the contributor role from leaking details about events they shouldn't have access to. e.g. password-protected events, drafts, etc. PoC Free: 1. ADMIN: Install The Events Calendar 2. ADMIN: Create events with each status: published,...

9.4AI score0.00464EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/24 12:0 a.m.11 views

ND Shortcodes < 7.6 - Authenticated (Author+) Stored Cross-Site Scripting

Description The ND Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's upload feature in all versions up to, and including, 7.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-lev...

6.4CVSS5.9AI score0.00322EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/24 12:0 a.m.13 views

Pie Register - Social Sites Login (Add on) < 1.7.8 - Unauthenticated Privilege Escalation

Description The plugin is vulnerable to authentication bypass due to insufficient verification on the user being supplied during a social login through the plugin. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they ha...

9.8CVSS7.1AI score0.00581EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/24 12:0 a.m.16 views

WordPress Jitsi Shortcode <= 0.1 - Contributor+ Stored XSS via Shortcode

Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks PoC As a contributor, add a...

5.6AI score0.00357EPSS
Exploits2
WPVulnDB
WPVulnDB
added 2024/05/24 12:0 a.m.17 views

Spectra < 2.13.1 - Author+ Stored XSS

Description The plugin is vulnerable to Stored Cross-Site Scripting via the ‘blockid’ parameter due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level permissions and above, to inject arbitrary web scripts in pages that wi...

6.4CVSS5.8AI score0.00263EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/24 12:0 a.m.13 views

Amen <= 3.3.1 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC 1. Go to...

4.9AI score0.00374EPSS
Exploits2
WPVulnDB
WPVulnDB
added 2024/05/24 12:0 a.m.14 views

Inquiry Cart <= 3.4.2 - Stored XSS via CSRF

Description The plugin does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack PoC Make a logged in admin open an HTML file containing:...

8.8AI score0.00212EPSS
Exploits2
WPVulnDB
WPVulnDB
added 2024/05/24 12:0 a.m.11 views

The Plus Addons for Elementor < 5.5.3 - Contributor+ Stored XSS

Description The plugin is vulnerable to Stored Cross-Site Scripting via the ‘buttoncustomattributes’ parameter due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web...

6.4CVSS5.8AI score0.00322EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/24 12:0 a.m.17 views

SVGator <= 1.2.6 - Stored XSS via SVG Upload

Description The plugin does not sanitize SVG file contents, which enables users with at least the author role to SVG with malicious JavaScript to conduct Stored XSS attacks. PoC 1. Create a SVG file with the malicious payload within it; Example SVG file:...

5.5AI score0.00312EPSS
Exploits2
WPVulnDB
WPVulnDB
added 2024/05/24 12:0 a.m.12 views

Similarity <= 3.0 - Plugin Reset via CSRF

Description The plugin does not have CSRF check in place when resetting its settings, which could allow attackers to make a logged in admin reset them via a CSRF attack PoC Make a logged in admin open an HTML file containing:...

6.2AI score0.002EPSS
Exploits2
WPVulnDB
WPVulnDB
added 2024/05/24 12:0 a.m.13 views

Primary Addon for Elementor < 1.5.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Pricing Table Widget

Description The Primary Addon for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Pricing Table widget in all versions up to, and including, 1.5.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

6.4CVSS5.8AI score0.00342EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/24 12:0 a.m.16 views

WP Prayer II <= 2.4.7 - Settings Update via CSRF

Description The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack PoC Have an admin open an HTML file containing:...

6.2AI score0.00211EPSS
Exploits2
WPVulnDB
WPVulnDB
added 2024/05/24 12:0 a.m.13 views

WP Go Maps < 9.0.37 - Contributor+ Stored XSS via Shortcode

Description The plugin is vulnerable to Stored Cross-Site Scripting via the plugin's wpgmza shortcode due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject...

6.4CVSS5.7AI score0.00325EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/24 12:0 a.m.18 views

WordPress Jitsi Shortcode <= 0.1 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC 1. Go to:...

5.4AI score0.00294EPSS
Exploits2
WPVulnDB
WPVulnDB
added 2024/05/24 12:0 a.m.17 views

Social Pixel <= 2.1 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC 1. Go to:...

5.3AI score0.00419EPSS
Exploits2
WPVulnDB
WPVulnDB
added 2024/05/24 12:0 a.m.14 views

Pray For Me <= 1.0.4 - Settings Update via CSRF

Description The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack PoC Make a logged in admin open an HTML file containing:...

6.2AI score0.00198EPSS
Exploits2
WPVulnDB
WPVulnDB
added 2024/05/24 12:0 a.m.19 views

Testimonial Carousel For Elementor < 10.2.1 - Missing Authorization to Limited Setting Update

Description The Testimonial Carousel For Elementor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'savetestimonialsoptioncallback' function in versions up to, and including, 10.2.0. This makes it possible for unauthenticated...

5.3CVSS6.7AI score0.00402EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/24 12:0 a.m.12 views

Similarity <= 3.0 - Stored XSS via CSRF

Description The plugin does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack PoC Make a logged in admin open an HTML file containing:...

5.5AI score0.00229EPSS
Exploits2
WPVulnDB
WPVulnDB
added 2024/05/24 12:0 a.m.16 views

The Plus Addons for Elementor < 5.5.5 - Contributor+ Stored XSS via Hover Card Widget

Description The plugin is vulnerable to Stored Cross-Site Scripting via the Hover Card widget due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary we...

6.4CVSS5.8AI score0.00265EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/24 12:0 a.m.13 views

SEOPress < 7.6 - Contributor+ Stored XSS

Description The plugin is vulnerable to Stored Cross-Site Scripting via the SEO title and description parameters as well as others due to insufficient input sanitization and output escaping. This makes it possible for attackers, with contributor access or higher, to inject arbitrary web scripts i...

6.4CVSS6AI score0.00259EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/24 12:0 a.m.14 views

LuckyWP Table of Contents <= 2.1.4 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC Request: POST...

5.5AI score0.00342EPSS
Exploits2
WPVulnDB
WPVulnDB
added 2024/05/24 12:0 a.m.12 views

SVGMagic <= 1.1 - Stored XSS via SVG Upload

Description The plugin does not sanitize SVG file contents, which enables users with at least the author role to SVG with malicious JavaScript to conduct Stored XSS attacks. PoC 1. Create a SVG file with the malicious payload within it; Example SVG file:...

5.5AI score0.00312EPSS
Exploits2
WPVulnDB
WPVulnDB
added 2024/05/24 12:0 a.m.16 views

Alemha Watermarker <= 1.3.1 - Author+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC 1. As an "author" level user, add ...

5.4AI score0.00359EPSS
Exploits2
WPVulnDB
WPVulnDB
added 2024/05/24 12:0 a.m.13 views

Reviews and Rating – Google Reviews < 5.3 - Authenticated (Author+) Stored Cross-Site Scripting

Description The Reviews and Rating – Google Reviews plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's file upload feature in all versions up to, and including, 5.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

6.4CVSS5.8AI score0.00375EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/24 12:0 a.m.22 views

Custom Fonts – Host Your Fonts Locally < 2.1.5 - Author+ Stored XSS

Description The plugin is vulnerable to Stored Cross-Site Scripting via svg file upload due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author level or higher, to inject arbitrary web scripts in pages that will execute whenever ...

6.4CVSS5.8AI score0.00257EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/24 12:0 a.m.15 views

The Plus Addons for Elementor < 5.5.3 - Contributor+ Stored XSS

Description The plugin is vulnerable to Stored Cross-Site Scripting via the ‘xaiusername’ parameter due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in page...

6.4CVSS5.8AI score0.00707EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/24 12:0 a.m.12 views

AZAN Plugin <= 0.6 - Stored XSS via CSRF

Description The plugin does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack PoC Make a logged in admin open an HTML file containing: If the widget is loaded on a page...

5.4AI score0.00192EPSS
Exploits2
WPVulnDB
WPVulnDB
added 2024/05/24 12:0 a.m.12 views

Pray For Me <= 1.0.4 - Unauthenticated Stored XSS

Description The plugin does not sanitise and escape some parameters, which could unauthenticated visitors to perform Cross-Site Scripting attacks that trigger when an admin visits the Prayer Requests in the WP Admin PoC 1. Configure the plugin to add the first name and last name fields to the...

5.9AI score0.00323EPSS
Exploits2
WPVulnDB
WPVulnDB
added 2024/05/23 12:0 a.m.26 views

WP-ViperGB < 1.6.2 - Cross-Site Request Forgery

Description The WP-ViperGB plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.6.1. This is due to missing or incorrect nonce validation when saving plugin settings. This makes it possible for unauthenticated attackers to change the plugin's...

4.3CVSS6.4AI score0.00185EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/23 12:0 a.m.16 views

140+ Widgets | Best Addons For Elementor – FREE < 1.4.3.2 - Authenticated (Contributor+) PHP Object Injection

Description The 140+ Widgets | Best Addons For Elementor – FREE for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 1.4.3.1 via deserialization of untrusted input in the 'exportcontent' function. This allows authenticated attackers, with contributor-level...

8CVSS7.5AI score0.006EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/23 12:0 a.m.20 views

Spectra – WordPress Gutenberg Blocks < 2.12.9 - Contributor+ Stored XSS via Testimonial Block

Description The plugin is vulnerable to Stored Cross-Site Scripting via the plugin's Testimonial and Image Gallery blocks due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and...

6.4CVSS5.9AI score0.00257EPSS
Exploits0References1Affected Software1
Total number of security vulnerabilities14602