Lucene search
K
WpvulndbRecent

14603 matches found

WPVulnDB
WPVulnDB
added 2023/06/26 12:0 a.m.15 views

POST SMTP Mailer < 2.5.7 - Account Takeover via CSRF

The plugin does not have proper CSRF checks in some AJAX actions, which could allow attackers to make logged in users with the managepostmansmtp capability resend an email to an arbitrary address for example a password reset email could be resent to an attacker controlled email, and allow them to...

8.8CVSS7.1AI score0.00386EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2023/06/26 12:0 a.m.13 views

Coupon Affiliates < 5.4.4 - Unauthenticated Reflected XSS

The plugin was vulnerable to Unauthenticated Reflected Cross-Site Scripting XSS via the 'wcucoupons' parameter...

7.1CVSS5.9AI score0.00382EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/06/26 12:0 a.m.16 views

Login Configurator <= 2.1 - Reflected Cross-Site Scripting

The plugin does not properly escape a URL parameter before outputting it to the page, leading to a reflected cross-site scripting vulnerability targeting site administrators. PoC Visit the following path:...

6.1CVSS8.2AI score0.00712EPSS
Exploits3Affected Software1
WPVulnDB
WPVulnDB
added 2023/06/26 12:0 a.m.15 views

Image Map Pro – Drag-and-drop Builder for Interactive Images – Lite < 1.0.0 - CSRF to Stored XSS

The plugin does not have CSRF checks in place when saving its settings, and do not sanitise or escape them before outputting them back in the page, leading to a stored Cross-Site Scripting issue via a CSRF attack...

6.1CVSS6.1AI score0.00253EPSS
Exploits1Affected Software1
WPVulnDB
WPVulnDB
added 2023/06/26 12:0 a.m.30 views

AN_GradeBook <= 5.0.1 - Subscriber+ SQLi

The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as subscriber PoC Access the following URL to demonstrate SQLi:...

8.8CVSS9.6AI score0.0464EPSS
Exploits5Affected Software1
WPVulnDB
WPVulnDB
added 2023/06/26 12:0 a.m.20 views

WooCommerce Google Sheet Connector <= 1.3.5 - Access Code Update via CSRF

The plugin does not have CSRF check when updating its Access Code, which could allow attackers to make logged in admin change the access code to an arbitrary one via a CSRF attack PoC Make a logged in admin open https://example.com/wp-admin/admin.php?page=wc-gsheetconnector-config=attacker-code...

8.8CVSS6.5AI score0.00389EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2023/06/26 12:0 a.m.16 views

Floating Chat Widget < 3.1.2 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC Steps to Reproduce: 1. Open Chaty Plugin...

4.8CVSS5AI score0.00451EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2023/06/26 12:0 a.m.14 views

Lana Shortcodes < 1.2.0 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which allows users with the contributor role and above to perform Stored Cross-Site Scripting attacks. PoC Insert any of the following shortcodes in a...

5.5AI score0.00485EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2023/06/26 12:0 a.m.20 views

Image Map Pro – Drag-and-drop Builder for Interactive Images – Lite < 1.0.0 - Subscriber+ Stored XSS

The plugin does not sanitize and escape reviews, which could allow users any authenticated users, such as Subscribers to perform Stored Cross-Site Scripting attacks...

6.4CVSS5.8AI score0.00352EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/06/26 12:0 a.m.12 views

EmbedPress – Embed PDF, YouTube, Google Docs, Vimeo, Wistia Videos, Audios, Maps & Any Documents in Gutenberg & Elementor < 3.8.0 - Sensitive Data Disclosure

The plugin could expose backup files if the web server had Directory Listing enabled...

7.5CVSS6.8AI score0.00544EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/06/26 12:0 a.m.11 views

TheRoof < 1.0.4 - Unauthenticated Reflected XSS

The plugin does not sanitize and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against visitors following crafted links...

7.1CVSS6AI score0.00382EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/06/26 12:0 a.m.17 views

NEX-Forms < 8.4.4 - Authenticated Stored XSS

The plugin does not escape its form name, which could lead to Stored Cross-Site Scripting issues. By default only SuperAdmins in multisite / admins in single site can create forms, however there is a settings allowing them to give lower roles access to such feature. PoC Create a new form with the...

5.4CVSS5.4AI score0.00367EPSS
Exploits1Affected Software1
WPVulnDB
WPVulnDB
added 2023/06/26 12:0 a.m.20 views

WooCommerce Stripe Payment Gateway < 7.4.1 - Subscriber+ Order Intent Update

The plugin does not properly restrict users from making a certain set of changes to other customers' orders. TODO: ADD link to Patchstack's post instead of H1 PoC Affected functions: createpaymentintentajax updatepaymentintentajax saveupeappearanceajax updateorderstatusajax updatefailedorderajax ...

6.4AI score0.00614EPSS
Exploits1References2Affected Software1
WPVulnDB
WPVulnDB
added 2023/06/26 12:0 a.m.14 views

Optin Forms <= 1.3.2 - Admin+ Stored XSS

The plugin does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5.9CVSS5.8AI score0.00369EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/06/26 12:0 a.m.23 views

Querlo Chatbot <= 1.2.4 - Stored Cross-Site Scripting

The plugin does not escape or sanitize chat messages, leading to a stored Cross-Site Scripting vulnerability. PoC Submit the following in the chat message: """ See the XSS in Querlo...

8.2AI score
Exploits1Affected Software1
WPVulnDB
WPVulnDB
added 2023/06/23 12:0 a.m.18 views

JS Help Desk – Best Help Desk & Support <= 2.7.7 - Ticket Manipulation via IDOR

Submission imported from CVE-2023-23679. Authorization Bypass Through User-Controlled Key vulnerability in JS Help Desk js-support-ticket allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects JS Help Desk: from n/a through 2.7.7...

8.8CVSS6.8AI score0.00472EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/06/23 12:0 a.m.19 views

MStore API < 4.0.2 - Unauthenticated SQL Injection

The plugin does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection...

9.8CVSS7.5AI score0.03902EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/06/23 12:0 a.m.19 views

Enable SVG, WebP & ICO Upload <= 1.0.3 - Author+ Stored XSS

The plugin does not sanitize SVG file contents, leading to a Cross-Site Scripting vulnerability. PoC 1. Upload an SVG file with the following contents. 2. View the SVG file on the frontend and see the alerts...

5.4CVSS5.8AI score0.0032EPSS
Exploits1Affected Software1
WPVulnDB
WPVulnDB
added 2023/06/23 12:0 a.m.14 views

Supsystic Popup < 1.10.19 - Prototype Pollution

The plugin has a prototype pollution vulnerability that could allow an attacker to inject arbitrary properties into Object.prototype. PoC 1 Create a pop-up that is set to load on any page 2 Go to http://example.com/?protopoc=polluted 3 Open browser console 4 Type poc and see polluted as the resul...

9.8CVSS6.4AI score0.01442EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2023/06/23 12:0 a.m.19 views

MStore API < 3.9.8 - Unauthenticated SQL Injection

The plugin does not properly sanitize and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by unauthenticated users...

8AI score0.00571EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/06/23 12:0 a.m.11 views

Lana Text to Image < 1.1.0 - Contributor+ Stored Cross-Site Scripting

The plugin does not sanitize or escape some of its settings before outputting them in the admin's dashboard, allowing Contributor+ privileged users to perform Cross-Site Scripting attacks against other users even when the unfilteredhtml capability is disallowed...

6.4CVSS6AI score0.00532EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/06/23 12:0 a.m.12 views

MainWP Child < 4.4.1.1 - Sensitive File Disclosure

The plugin uses an easily guessable path to store user files, bad actors could use that to access other users' sensitive files...

7.5CVSS6.7AI score0.00662EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/06/23 12:0 a.m.21 views

OOPSpam Anti-Spam < 1.1.45 - Cross-Site Request Forgery

The plugin does not adequately verify requests use nonces, leading to a potential Cross-Site Request Forgery vulnerability...

8.8CVSS6.8AI score0.00271EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/06/23 12:0 a.m.18 views

InventoryPress <= 1.7 - Author+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow users with the role of author and above to perform Stored Cross-Site Scripting attacks. PoC 1. Create a "New Inventory Item" 2. In the "Description" field, add the value " 3. Edit the created item and see the XSS...

5.4CVSS5.5AI score0.01129EPSS
Exploits3References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/06/22 12:0 a.m.17 views

Metform Elementor Contact Form Builder < 3.3.3 - Cross-Site Request Forgery

The plugin does not correctly validate nonces on the permalinksetup function. This can potentially enable the alteration of permalink structure via a forged request, if an administrator is tricked into clicking a deceptive link. Verification only takes place when a nonce is provided, leaving the...

5.4CVSS6.6AI score0.00402EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/06/22 12:0 a.m.22 views

Ninja Forms < 3.6.25 - Admin+ Arbitrary File Deletion

The plugin does not validate the path of files to be deleted, which could allow administrators to delete arbitrary files on the server even when they should not be able to...

6.8AI score0.00601EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/06/22 12:0 a.m.20 views

Event Manager for WooCommerce < 3.9.6 - Editor+ Stored Cross-Site Scripting

The plugin does not correctly sanitize user inputs, leading to potential Stored Cross-Site Scripting XSS vulnerabilities...

5.9CVSS5.7AI score0.00286EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/06/22 12:0 a.m.230 views

WPBakery Page Builder < 6.13.0 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

6.5CVSS5.8AI score0.00383EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/06/22 12:0 a.m.22 views

WooCommerce Payments < 4.5.1 - Intent Parameter Tampering

The plugin allows customer to complete an order on a merchant’s site without paying for it...

6.8AI score
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/06/22 12:0 a.m.16 views

Gallery Metabox <= 1.5 - Subscriber+ Unauthorized Data Access

The plugin does not correctly implement capability checks on the refreshmetabox function, leading to unauthorized access of data. As a result, subscribers can obtain a list of images attached to a post...

4.3CVSS6.7AI score0.00458EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/06/22 12:0 a.m.18 views

Mail Queue < 1.2 - Unauthenticated Stored Cross-Site Scripting

The plugin does not properly sanitize and escape user input for the email subject field. This can lead to the injection of arbitrary web scripts that execute whenever a page is accessed...

7.2CVSS7.4AI score0.00443EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/06/22 12:0 a.m.12 views

About Me 3000 widget <= 2.2.6 - Administrator Stored Cross-Site Scripting

The plugin does not sufficiently sanitize user inputs nor escape output in the admin settings, leading to a Stored Cross-Site Scripting vulnerability. This can result in the injection of arbitrary web scripts in pages that execute when a user accesses an injected page. The issue primarily affects...

4.8CVSS5.5AI score0.00373EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/06/21 12:0 a.m.24 views

WooCommerce Product Vendors < 2.1.77 - Reflected XSS

The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin PoC Make a logged in admin open a page with the code below html...

7.1CVSS5.9AI score0.00382EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/06/21 12:0 a.m.57 views

Gravity Forms < 2.7.5 - Reflected XSS

The plugin does not escape generated URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting which could be used against high-privileged users such as admin. PoC Make a logged in admin open the following URL:...

6.1CVSS8.4AI score0.00482EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2023/06/21 12:0 a.m.17 views

WooCommerce Pre-Orders < 2.0.1 - Contributor+ Stored XSS

The plugin does not validate and escape its layout shortcode attribute before outputting it back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks PoC woocommercepreordercountdown productid="64"...

5.5AI score0.00374EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/06/21 12:0 a.m.23 views

WooCommerce Product Vendors < 2.1.77 - Vendor Admin+ SQLi

The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as Admin Vendor and above PoC As an Admin vendor, open the URL below...

7.4AI score0.00929EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/06/21 12:0 a.m.16 views

Potent Donations for WooCommerce < 1.1.10 - Cross-Site Request Forgery

Cross-Site Request Forgery CSRF vulnerability in WP Zone Potent Donations for WooCommerce plugin = 1.1.9 versions...

8.8CVSS6.9AI score0.00341EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/06/20 12:0 a.m.25 views

BookIt < 2.3.8 - Authentication Bypass

The plugin does not perform any authorisation check when a user book an appointment using an email from an existing account, allowing unauthenticated attackers to login as any user from the blog by providing their email address PoC On a page where the bookit is embed, book an appointment using an...

9.8CVSS9AI score0.01914EPSS
Exploits3References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/06/20 12:0 a.m.26 views

WooCommerce Bulk Stock Management < 2.2.34 - Reflected XSS

The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin PoC Make a logged in admin open the URL below...

7.1CVSS8.4AI score0.00424EPSS
Exploits1Affected Software1
WPVulnDB
WPVulnDB
added 2023/06/20 12:0 a.m.15 views

3DPrint < 3.5.6.9 - CSRF to arbitrary file downlad

Description The plugin does not protect against CSRF attacks in the modified version of Tiny File Manager included with the plugin, allowing an attacker to craft a malicious request that will create an archive of any files or directories on the target server by tricking a logged in admin into...

5.3CVSS6.8AI score0.003EPSS
Exploits2References1
WPVulnDB
WPVulnDB
added 2023/06/20 12:0 a.m.20 views

Mailtree Log Mail < 1.0.1 - Unauthenticated Stored Cross-Site Scripting

The plugin does not properly sanitize and escape the input received through the email subject, leading to potential Stored Cross-Site Scripting XSS. This can result in the execution of arbitrary web scripts whenever a user accesses a compromised page...

7.2CVSS6.1AI score0.00462EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/06/20 12:0 a.m.20 views

WooCommerce PayPal Payments < 2.0.5 - Merchant ID Details Update via CSRF

The plugin does not have CSRF checks when updating the merchant ID details, which could allow attackers to make logged in users update them via a CSRF attack...

8.8CVSS8.7AI score0.00291EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/06/19 12:0 a.m.17 views

Form Builder <= 1.9.9.0 - CSRF

The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...

8.8CVSS8.9AI score0.00264EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/06/19 12:0 a.m.15 views

All In One Redirection < 2.2.0 - Admin+ SQLi

The plugin does not properly sanitise and escape multiple parameters before using them in an SQL statement, leading to a SQL injection exploitable by high privilege users such as admin. PoC When adding a redirection, sourceurlinsert is vulnerable with the payload: sourceurlinsert...

7.2CVSS9.6AI score0.01077EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2023/06/19 12:0 a.m.23 views

WP Sticky Social 1.0.1 - Stored XSS via CSRF

The plugin does not have CSRF check when updating its settings, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack...

8.8CVSS6AI score0.02304EPSS
Exploits4Affected Software1
WPVulnDB
WPVulnDB
added 2023/06/19 12:0 a.m.23 views

MStore API < 3.9.7 - Subscriber+ Unauthorized Settings Update

The plugin does not secure most of its AJAX actions by implementing privilege checks, nonce checks, or a combination of both. PoC Make sure the site also has WooCommerce installed and activated, then, while logged-in as a subscriber, visit the following URLs: -...

4.3CVSS6.4AI score0.00609EPSS
Exploits3Affected Software1
WPVulnDB
WPVulnDB
added 2023/06/19 12:0 a.m.13 views

Smoothscroller <= 1.0.0 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5.9CVSS5.7AI score0.00392EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/06/19 12:0 a.m.13 views

CMS Commander < 2.288 - Unauthenticated Authorisation Bypass

The plugin does not use a sufficient unique cryptographic signature in its cmscaddsite feature, which could allow unauthenticated users to update the cmscpublickey settings when the plugin has not been configured yet, and get access to the plugin's remote control features such as creating an...

9.8CVSS6.9AI score0.00553EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/06/19 12:0 a.m.26 views

Simple Iframe < 1.2.0 - Contributor+ Stored XSS

The plugin does not properly validate one of its WordPress block attribute's content, which may allow users whose role is at least that of a contributor to conduct Stored Cross-Site Scripting attacks. PoC POST /wp-json/wp/v2/posts/60?locale=user HTTP/1.1 Host: 127.0.0.1 Content-Length: 378...

5.4CVSS8.4AI score0.00544EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2023/06/19 12:0 a.m.15 views

TinyMCE Custom Styles < 1.1.4 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. PoC 1. Go to "Settings" » "TinyMCE Custom Styles"...

4.8CVSS5.4AI score0.00542EPSS
Exploits2Affected Software1
Total number of security vulnerabilities14603