Lucene search
K
WpvulndbRecent

14603 matches found

WPVulnDB
WPVulnDB
added 2023/06/12 12:0 a.m.23 views

ND Shortcodes < 7.0 - Subscriber+ LFI

The plugin does not validate some shortcode attributes before using them to generate paths passed to include function/s, allowing any authenticated users such as subscriber to perform LFI attacks PoC Run the below command in the developer console of the web browser while being on the blog as a...

8.8CVSS8.3AI score0.01683EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2023/06/12 12:0 a.m.32 views

Forminator < 1.24.1 - Unauthenticated Race Condition on poll vote

The plugin does not use an atomic operation to check whether a user has already voted, and then update that information. This leads to a Race Condition that may allow a single user to vote multiple times on a poll. PoC 1. Create a poll and publish a page with a poll. 2. Visit the page with the...

3.1CVSS8.5AI score0.00359EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2023/06/12 12:0 a.m.17 views

Tutor LMS < 2.2.1 - Unauthenticated Access to Tutor LMS Lesson Resources via REST API

The plugin does not implement adequate permission checks for REST API endpoints, allowing unauthenticated attackers to access information from Lessons that should not be publicly available. PoC 1. Create a new Course, add a Topic, and add a Lesson to the Topic. 2. In Tutor LMS Settings Course,...

7.5CVSS8.3AI score0.00984EPSS
Exploits2References2Affected Software1
WPVulnDB
WPVulnDB
added 2023/06/12 12:0 a.m.12 views

ND Shortcodes < 7.0 - Contributor+ Stored XSS via Shortcodes

The plugin does not validate and escape numerous of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks PoC ndoptionsteam...

5.4CVSS7.8AI score0.00444EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2023/06/12 12:0 a.m.20 views

CF7 Google Sheets Connector (Free < 5.0.2, Pro < 2.3.7) - Reflected XSS

The plugins do not escape a parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin PoC Make a logged in admin open the URL below cf7-google-sheets-connector -...

6.1CVSS7.9AI score0.00458EPSS
Exploits2Affected Software2
WPVulnDB
WPVulnDB
added 2023/06/09 12:0 a.m.18 views

GD Mail Queue < 4.0 - Unauthenticated Stored Cross-Site Scripting

The plugin does not sufficiently sanitize input and escape output of email contents, resulting in a potential for arbitrary web script injection by unauthenticated users...

7.2CVSS6.8AI score0.00466EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/06/09 12:0 a.m.18 views

WP Mail Catcher < 2.1.3 - Unauthenticated Stored Cross-Site Scripting

The plugin does not adequately sanitize input or escape output in the email subject, which could lead to the injection of arbitrary web scripts...

7.2CVSS6.6AI score0.00466EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/06/08 12:0 a.m.30 views

WP EasyCart < 5.4.11 - Administrator+ Time-based SQL Injection

The plugin does not properly escape user-supplied 'orderby' parameter and lacks adequate preparation of SQL queries. This results in possible appending of additional SQL queries into pre-existing ones, potentially leading to extraction of sensitive data from the database...

7.2CVSS7.3AI score0.00707EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/06/08 12:0 a.m.13 views

Ultimate Addons for Contact Form 7 3.1.23 - Subscriber+ SQLi

The plugin does not properly sanitise and escape the id parameter before using it in a SQL statement, leading to a SQL injection exploitable by any authenticated users, such as subscribers...

8.8CVSS7.8AI score0.0082EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/06/08 12:0 a.m.17 views

FiboSearch - AJAX Search for WooCommerce < 1.24.0 - Admin+ Stored Cross-Site Scripting

The plugin does not properly sanitize and escape input in admin settings, leading to a Stored Cross-Site Scripting vulnerability in affected pages for multi-site installations and instances where unfilteredhtml is disabled...

4.4CVSS5.9AI score0.0056EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/06/08 12:0 a.m.13 views

WP Mail Logging < 1.11.2 - Unauthenticated Stored Cross-Site Scripting

The plugin does not adequately sanitize and escape email contents, enabling the injection of arbitrary web scripts into pages...

7.2CVSS6.7AI score0.00654EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/06/08 12:0 a.m.24 views

WP-Members Membership < 3.4.8 - Subscriber+ Unauthorized Plugin Settings Update

The plugin does not correctly implement capability checks on the dofieldreorder function, allowing authenticated users with only subscriber-level access to reorder form elements on login forms...

4.3CVSS6.7AI score0.00503EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/06/08 12:0 a.m.38 views

Metform Elementor Contact Form Builder < 3.3.1 - Multiple Contributor+ Stored XSS via Shortcode

The plugin does not properly sanitize and escape user input when processed by many of its shortcodes, which could enable users with contributor privileges to conduct Stored Cross-Site Scripting attacks on the site. Affected shortcodes include mf, mffirstname, mflastname, and mfthankyou...

5.4CVSS5.9AI score0.0058EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/06/08 12:0 a.m.21 views

Metform Elementor Contact Form Builder < 3.3.2 - Multiple Subscriber+ Sensitive Information Disclosure Issues

The plugin does not prevent less privileged users, like subscribers, from accessing various sensitive information via the plugin's shortcodes. This includes payment statuses, transaction IDs, submitter's name information, and virtually all fields of any form submissions...

6.5CVSS6.5AI score0.00735EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/06/08 12:0 a.m.24 views

Metform Elementor Contact Form Builder < Unauthenticated CSV Injection

The plugin does not properly escape user-supplied input which is output in CSV files, which could be abused in CSV Injection attacks...

8.3CVSS7.2AI score0.0071EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/06/08 12:0 a.m.29 views

Ultimate Addons for Contact Form 7 < 3.1.24 - Subscriber+ SQL Injection

The plugin does not properly sanitize the 'id' parameter, leading to a SQL Injection vulnerability...

8.8CVSS7.8AI score0.0082EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/06/08 12:0 a.m.20 views

Kanban Boards for WordPress < 2.5.21 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC 1. Go to...

4.8CVSS4.9AI score0.00548EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2023/06/08 12:0 a.m.17 views

Lana Email Logger < 1.1.0 - Unauthenticated Stored Cross-Site Scripting

The plugin does not properly sanitize and escape input in email subjects, leading to potential Stored Cross-Site Scripting issues...

7.2CVSS5.9AI score0.00462EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/06/07 12:0 a.m.26 views

Directorist < 7.5.5 - Subscriber+ Arbitrary User Password Reset to Privilege Escalation

The plugin does not properly validates a user sent a valid password reset token, enabling attackers to take over other user accounts, like administrators...

8.8CVSS6.9AI score0.00984EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/06/07 12:0 a.m.25 views

Directorist < 7.5.5 - Subscriber+ Insecure Direct Object Reference to Arbitrary Post Deletion

The plugin does not properly validate that users are authorized to delete a given listing, or that it is a listing at all, making it possible for less-privileged users like subscribers to delete posts...

6.5CVSS6.8AI score0.00609EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/06/06 12:0 a.m.30 views

Abandoned Cart Lite for WooCommerce < 5.15.0 - Authentication Bypass

The plugin does not use adequate cryptographic practices to secure its cart link decoding process, allowing unauthenticated attackers to bypass authentication and login as customers who have abandoned their carts...

9.8CVSS7.3AI score0.41077EPSS
Exploits5Affected Software1
WPVulnDB
WPVulnDB
added 2023/06/06 12:0 a.m.30 views

Getwid < 1.8.4 - Subscriber+ SSRF

The plugin does not validate a parameter via the getremotecontent REST API endpoint before making a request to it, which could allow any authenticated users, such as subscriber to perform SSRF attack. Note: We do not consider flushing of cache to be a security issue, therefore CVE-2023-1910 has n...

9.6CVSS10AI score0.00606EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/06/05 12:0 a.m.15 views

CodeColorer < 0.10.1 – Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC 1. In the plugin's settings, add the payload "...

4.8CVSS8.2AI score0.00442EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2023/06/05 12:0 a.m.16 views

Ultimate Product Catalog < 5.2.6 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC 1. Navigate to the plugin setup page. 2. Go to...

4.8CVSS8.2AI score0.00501EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2023/06/05 12:0 a.m.14 views

KiviCare Management System < 3.2.1 - Multiple CSRF

The plugin does not have CSRF checks either flawed or missing completely in various AJAX actions, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks. This includes, but is not limited to: Delete arbitrary appointments/medical records/etc, create/update...

8.8CVSS9AI score0.00389EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2023/06/05 12:0 a.m.14 views

WP ERP < 1.12.4 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape the employeename parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. PoC As an admin user, visit the following URL on the site:...

6.1CVSS5.6AI score0.00486EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2023/06/05 12:0 a.m.26 views

KiviCare Management System < 3.2.1 - Subscriber+ Sensitive Information Disclosure

The plugin does not restrict the information returned in a response and returns all user data, allowing low privilege users such as subscriber to retrieve sensitive information such as the user email and hashed password of other users PoC Run the below command in the developer console of the web...

6.5CVSS8.8AI score0.00754EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2023/06/05 12:0 a.m.24 views

USM Premium < 16.3 - Admin+ Stored XSS

The plugin does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example, in multisite setup. PoC Put the payload in any text field of the "8 ...

4.8CVSS8AI score0.00477EPSS
Exploits3Affected Software1
WPVulnDB
WPVulnDB
added 2023/06/05 12:0 a.m.14 views

KiviCare Management System < 3.2.1 - Subscriber+ Unauthorised AJAX Calls

The plugin does not have proper CSRF and authorisation checks in various AJAX actions, allowing any authenticated users, such as subscriber to call them. Attacks include but are not limited to: Add arbitrary Clinic Admin/Doctors/etc and update plugin's settings PoC Run one of the below commands i...

4.3CVSS8.8AI score0.00247EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2023/06/05 12:0 a.m.17 views

Responsive CSS EDITOR <= 1.0 - Admin+ SQLi

The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high-privilege users such as admin. PoC 1. Send a request with the payload:...

7.2CVSS9.6AI score0.0085EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2023/06/05 12:0 a.m.19 views

Catalyst Connect Zoho CRM Client Portal < 2.1.0 - Reflected XSS

The plugin does not sanitize and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high-privilege users such as admin. PoC Make a logged-in admin a page with the code below: Note: Make sure in Client Portal the compan...

6.1CVSS8.2AI score0.00458EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2023/06/05 12:0 a.m.20 views

FormCraft Premium < 3.9.7 - Admin+ SQLi

The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin. PoC 1. View the plugin settings and intercept the request and add the payload sortOrder=ASC%2cselectfromselectsleep20a 2...

7.2CVSS9.6AI score0.0085EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2023/06/05 12:0 a.m.32 views

WP ERP < 1.12.4 - Admin+ SQL Injection

The plugin does not properly sanitise and escape the type parameter in the erp/v1/accounting/v1/people REST API endpoint before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin. PoC Sign in as an admin. In WP Admin, run the following code i...

7.2CVSS7.7AI score0.02632EPSS
Exploits5Affected Software1
WPVulnDB
WPVulnDB
added 2023/06/05 12:0 a.m.30 views

Formidable Forms < 6.3.1 - Subscriber+ Remote Code Execution

The plugin does not adequately authorize the user or validate the plugin URL in its functionality for installing add-ons. This allows a user with a role as low as Subscriber to install and activate arbitrary plugins of arbitrary versions from the WordPress.org plugin repository onto the site,...

8.8CVSS6.6AI score0.22452EPSS
Exploits3Affected Software1
WPVulnDB
WPVulnDB
added 2023/06/05 12:0 a.m.27 views

Social Media Share Buttons & Social Sharing Icons < 2.8.2 - Admin+ Stored XSS

The plugin does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example, in multisite setup. PoC Put the payload in any text field of the "8 ...

4.8CVSS8AI score0.00477EPSS
Exploits3Affected Software1
WPVulnDB
WPVulnDB
added 2023/06/05 12:0 a.m.26 views

Aajoda Testimonials < 2.2.2 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. PoC 1. In Aajoda » Optional Aajoda Style, insert...

4.8CVSS7.9AI score0.00773EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2023/06/05 12:0 a.m.16 views

Accordion & FAQ < 1.9.9 - Reflected XSS

The plugin does not escape various generated URLs, before outputting them in attributes when some notices are displayed, leading to Reflected Cross-Site Scripting PoC Make a logged-in admin open one of the URLs below when the feature notice has not been dismissed yet...

6.1CVSS6.1AI score0.00486EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2023/06/05 12:0 a.m.14 views

WP Inventory Manager < 2.1.0.14 - Inventory Items Deletion via CSRF

The plugin does not have CSRF checks, which could allow attackers to make logged-in admins delete Inventory Items via a CSRF attack PoC Send a payload to logged-in admins with a request to http://127.0.0.1/wordpress/wp-admin/admin.php?page=wpimmanageinventoryitems=deleteid=2...

8.1CVSS8.8AI score0.00353EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2023/06/05 12:0 a.m.19 views

KiviCare Management System < 3.2.1 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as administrator PoC Make a logged in admin open...

6.1CVSS5.6AI score0.01156EPSS
Exploits4Affected Software1
WPVulnDB
WPVulnDB
added 2023/06/04 12:0 a.m.20 views

WP User Switch < 1.0.3 - Subscriber+ Authentication Bypass

The plugin does not properly verify the 'wpuswhoswitch' cookie value, which allows attackers with low-privilege accounts like Subscribers to bypass authentication and login as any other existing user. PoC Log-in as a subscriber onto the affected site. Run the following JS script in your browser's...

8.8CVSS10AI score0.01357EPSS
Exploits1Affected Software1
WPVulnDB
WPVulnDB
added 2023/06/03 12:0 a.m.25 views

B2BKing < 4.6.20 - Subscriber+ Arbitrary Products Price Update

The plugin does not have authorisation in some AJAX actions, allowing any authenticated users, such as subscriber to update the price of any WooCommerce products...

6.5CVSS6.7AI score0.0074EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/06/03 12:0 a.m.11 views

Don8 <= 0.4 - Admin+ Stored XSS

The plugin does not sanitize and escape some fields in the plugin settings, which could allow high-privilege users such as an administrator to inject arbitrary web scripts even when the unfilteredhtml capability is disallowed for example in a multisite setup...

5.9CVSS6.6AI score0.00369EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/06/02 12:0 a.m.18 views

User Email Verification for WooCommerce <= 3.5.0 - Authentication bypass via weak token generation

The plugin uses a weak random token when resending email address verifications, allowing an unauthenticated attacker to impersonate users and trigger an email address verification for arbitrary accounts, including administrative accounts. Furthermore, if the Allow Automatic Login After Successful...

9.8CVSS7.1AI score0.01172EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/06/02 12:0 a.m.32 views

Premium Addons PRO < 2.8.25 - Reflected XSS

The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

7.1CVSS6AI score0.00382EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/06/02 12:0 a.m.12 views

JS Job Manager < 2.0.1 - Multiple CSRF

The plugin does not have CSRF checks in several functions, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...

6.7AI score0.00315EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/06/02 12:0 a.m.13 views

Contact Form and Calls To Action by vcita < 2.7.1 - Contributor+ Stored Cross-Site Scripting

The plugin does not sanitize and escape the email and uid parameters in the plugin settings, which could allow users with roles as low as contributor to inject arbitrary web scripts into the settings, targeting higher-privileged users such as administrators. PoC...

6.4CVSS6AI score0.00518EPSS
Exploits1References2Affected Software1
WPVulnDB
WPVulnDB
added 2023/06/02 12:0 a.m.13 views

Online Booking & Scheduling Calendar for WordPress by vcita <= 4.3.3 - Missing Capability Checks

The plugin does not apply capability checks on the vcitasavesettingscallback function, making it possible for attackers with low privileges, like subscribers, to modify the plugin's settings, upload media files, and conduct XSS attacks...

5.4CVSS5.7AI score0.00484EPSS
Exploits1Affected Software1
WPVulnDB
WPVulnDB
added 2023/06/02 12:0 a.m.14 views

VK Blocks < 1.57.1.0 - Contributor+ Settings Update via REST API

The plugin uses improper authorization for the REST API vk-blocks/v1/updatevkblocksoptions, allowing users with a role as low as contributor to change plugin settings including default icons...

4.3CVSS6.8AI score0.00544EPSS
Exploits0References2Affected Software1
WPVulnDB
WPVulnDB
added 2023/06/02 12:0 a.m.18 views

Online Booking & Scheduling Calendar for WordPress by vcita <= 4.3.3 - Missing authentication

The plugin does not validate authorization in its vcita-wordpress/v1/actions/auth REST route endpoint, allowing an unauthenticated attacker to set the connection parameters for the vcita account connection, including businessname and email address. Furthermore, the variables are stored in the...

5.3CVSS5.6AI score0.00645EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/06/02 12:0 a.m.18 views

Online Booking & Scheduling Calendar for WordPress by vcita <= 4.3.3 - Denial of Service via CSRF

The plugin does not protect its vcitalogout ajax action against CSRF attacks, allowing an unauthenticated attacker to log the site out from it's vcita account by tricking a logged in user to send a crafted request, causing a denial of service for the appointment scheduling functionality. PoC...

6.5CVSS6.6AI score0.00394EPSS
Exploits2References1Affected Software1
Total number of security vulnerabilities14603