Lucene search
K
WpvulndbRecent

14603 matches found

WPVulnDB
WPVulnDB
added 2023/05/12 12:0 a.m.240 views

Elementor Website Builder < 3.13.2 - Missing Authorization

The plugin does not check user capabilities on several functions, allowing authenticated attackers with a low amount of privilege such as Subscribers to perform actions that should only be available to users with higher privileges...

6.8AI score
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/05/11 12:0 a.m.20 views

10WebSocial < 1.2.9 - Reflected XSS

The plugin does not sanitise and escape some parameter before outputting it back in a page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin PoC Make a logged in admin open a page with the code below The XSS will be triggered when pressing...

6.1CVSS8.2AI score0.00458EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2023/05/11 12:0 a.m.216 views

Essential Addons for Elementor 5.4.0-5.7.1 - Unauthenticated Privilege Escalation

The plugin does not validate the password reset key, which could allow unauthenticated attackers to reset arbitrary account's password to anything they want, by knowing the related email or username, gaining access to them...

9.8CVSS7.2AI score0.75531EPSS
Exploits8Affected Software1
WPVulnDB
WPVulnDB
added 2023/05/11 12:0 a.m.19 views

Slimstat Analytics < 5.0.5 - Reflected XSS

The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

7.1CVSS6AI score0.0041EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/05/11 12:0 a.m.20 views

Slimstat Analytics < 5.0.5 - Admin+ SQLi

The plugin does not sanitise and escape the misclimitresults parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin...

7.4AI score0.00517EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/05/11 12:0 a.m.18 views

Frontend Post WordPress Plugin <= 2.8.4 - Contributor+ Arbitrary Redirect

The plugin does not validate an attribute of one of its shortcode, which could allow users with a role as low as contributor to add a malicious shortcode to a page/post, which will redirect users to an arbitrary domain. PoC ap-form-message redirect="https://wpscan.com"...

5.4CVSS8.8AI score0.00433EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2023/05/11 12:0 a.m.23 views

WoodMart < 7.2.2 - Subscriber+ Stored XSS

The plugin does not sanitise and escape some parameters, which could allow users with a role as low as subscriber to perform Stored Cross-Site Scripting attacks...

5.4CVSS5.9AI score0.00361EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/05/10 12:0 a.m.11 views

Tiny carousel horizontal slider plus <= 3.2 - Admin+ Stored XSS

The plugin does not escape several fields in the edit gallery and edit image forms, which could allow high-privilege users to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5.9CVSS5.8AI score0.00369EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/05/10 12:0 a.m.27 views

Seo By 10Web < 1.2.7 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. PoC 1. Go to SEO by 10Web » Sitemap section. 2...

4.8CVSS8AI score0.00909EPSS
Exploits3Affected Software1
WPVulnDB
WPVulnDB
added 2023/05/10 12:0 a.m.17 views

Brands for WooCommerce < 3.8.2 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

6.5CVSS5.8AI score0.00361EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/05/10 12:0 a.m.10 views

WP Replicate Post < 4.1 - Contributor+ SQL Injection

The plugin does not properly escape the postid parameter and lacks sufficient preparation on the SQL query, leading to SQL Injection vulnerability...

8.8CVSS7.8AI score0.00797EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/05/10 12:0 a.m.12 views

Directorist < 7.5.4 - Admin+ LFI

The plugin is vulnerable to Local File Inclusion as it does not validate the file parameter when importing CSV files. PoC This PoC will work on Linux systems. 1. Navigate to the URL path: /wp-admin/edit.php?posttype=atbizdir=tools=2=/etc/passwd=; 2.. You will be presented with the first couple...

8.9AI score0.01342EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2023/05/10 12:0 a.m.13 views

AP Pricing Tables Lite <= 1.1.6 - Admin+ SQLi

The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high-privilege users such as admins. PoC POST /wp-admin/admin-ajax.php HTTP/1.1 Host: localhost Content-Length: 115 Accept: / Content-Type:...

7.2CVSS9.6AI score0.03229EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2023/05/10 12:0 a.m.31 views

Google Analytics by Monster Insights < 8.14.1- Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

6.5CVSS5.8AI score0.0037EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/05/10 12:0 a.m.16 views

Hostel < 1.1.5.2 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. PoC 1. Go to Manage Rooms and click on "Click her...

4.8CVSS8.3AI score0.00442EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2023/05/09 12:0 a.m.23 views

VK Blocks < 1.54.0 - Multiple Stored XSS

The plugins do not sanitise and escape some parameters, which could lead to Stored Cross-Site Scripting issues...

5.4CVSS5.9AI score0.00613EPSS
Exploits0References1Affected Software2
WPVulnDB
WPVulnDB
added 2023/05/09 12:0 a.m.7 views

Wholesale Suite < 2.1.5.1 - Cross-Site Request Forgery

The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...

6.7AI score
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/05/09 12:0 a.m.15 views

SALERT < 1.2.2 - Subscriber+ Missing Authorization

The plugin is vulnerable to unauthorized modification of data due to a missing capability check on the salertsavesettingswithajax function...

10AI score0.00394EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/05/09 12:0 a.m.20 views

Ultimate Addons for Contact Form 7 < 3.1.24 - Unauthenticated SQLi

The plugin does not properly sanitise and escape the id and formid parameters before using them in a SQL statement, leading to a SQL injection exploitable by unauthenticated users...

8AI score0.00652EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/05/09 12:0 a.m.18 views

VK All in One Expansion Unit < 9.88.2 - Multiple Stored XSS

The plugins do not sanitise and escape some parameters, which could lead to Stored Cross-Site Scripting issues...

5.4CVSS5.9AI score0.00613EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/05/09 12:0 a.m.16 views

Team Circle Image Slider With Lightbox < 1.0.18 - Reflected Cross-Site Scripting

The plugin does not properly sanitize and escape the 'searchterm' parameter, leading to Reflected Cross-Site Scripting vulnerability...

6.1CVSS6.1AI score0.00433EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/05/09 12:0 a.m.10 views

SALERT < 1.2.2 - Reflected XSS

The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

7.1CVSS10AI score0.00382EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/05/08 12:0 a.m.23 views

HollerBox < 2.1.4 - Admin+ SQL Injection

The plugin concatenates user input into an SQL query without escaping it first in the plugin's report API endpoint, which could allow administrators in multi-site configuration to leak sensitive information from the site's database. PoC 1. Login as admin 2. Make sure HollerBox is installed and...

4.9CVSS9AI score0.00752EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2023/05/08 12:0 a.m.17 views

Download Manager < 3.2.71 - Broken Access Controls

The plugin does not adequately validate passwords for password-protected files. Upon validation, a master key is generated and exposed to the user, which may be used to download any password-protected file on the server, allowing a user to download any file with the knowledge of any one file's...

6.5CVSS9AI score0.00737EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2023/05/08 12:0 a.m.15 views

WP Abstracts <= 2.6.2 - Unauthenticated Reflected XSS

The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

7.1CVSS10AI score0.00382EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/05/08 12:0 a.m.24 views

Hide My WP Ghost – Security < 5.0.20 - IP Address Spoofing

The plugin does not adequately restrict where IP Address information is retrieved from, leading to an IP Address Spoofing vulnerabilities. Attackers may use this to bypass IP blocking features provided by the plugin...

6.5CVSS6.7AI score0.0032EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/05/05 12:0 a.m.13 views

Easy Appointments < 3.11.10 - Cross-Site Request Forgery

The plugin does not properly validate requests use nonces, leading to potential Cross-Site Request Forgery CSRF vulnerabilities...

8.8CVSS6.8AI score0.00256EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/05/05 12:0 a.m.23 views

WP Job Portal <= 2.0.1 - Unauthenticated Settings Update

The plugin does not have authorisation and CSRF checks when updating its settings, which could allow unauthenticated attackers to change them...

7AI score0.00481EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/05/04 12:0 a.m.37 views

Metform Elementor Contact Form Builder < 3.3.2 - Unauthenticated Permalink Structure Update

The plugin does not properly implement capability checks on the permalinksetup function, leading to unauthorized permalink structure updates...

6.5CVSS6.8AI score0.00629EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/05/04 12:0 a.m.25 views

Cart Lift < 3.1.6 - Reflected XSS

The plugin does not sanitise and escape the cartsearch parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

7.1CVSS5.7AI score0.00382EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/05/04 12:0 a.m.31 views

Advanced Custom Fields < 6.1.6 - Reflected XSS

The plugins do not escape the poststatus parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin PoC Make a logged in admin open...

7.1CVSS6.1AI score0.38768EPSS
Exploits3Affected Software2
WPVulnDB
WPVulnDB
added 2023/05/03 12:0 a.m.28 views

WCFM Membership < 2.11.0 - Unauthenticated Arbitrary Password Update via IDOR

The plugin allows unauthenticated attackers to update the password of arbitrary account via an IDOR attack, which could allow them to gain access to high privilege ones such as administrator...

9.8CVSS7.6AI score0.01093EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/05/03 12:0 a.m.26 views

OSM – OpenStreetMap <= 6.01 - Contributor+ Stored XSS via Shortcode

The plugin does not validate and escape some of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack. PoC osmmap mapborder='3px solid black;background:red;width:100px;height:100px;" onmouseover="alert1"'...

5.4CVSS8.3AI score0.00444EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2023/05/03 12:0 a.m.19 views

UserAgent-Spy <= 1.3.1 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5.9CVSS5.7AI score0.00369EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/05/02 12:0 a.m.18 views

Loginizer 1.7.8 - Reflected XSS

The plugin does not escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin PoC Make a logged in admin open a page with the code below...

6.1CVSS8.5AI score0.00493EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2023/05/02 12:0 a.m.12 views

Newsletter Popup <= 1.2 - Unauthenticated Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow unauthenticated users to perform Stored Cross-Site Scripting attacks PoC 1. Create a Newsletter popup any will do and publish it. 2. Use an incognito window and open the website involved, then run the following code...

6.1CVSS8.5AI score0.0051EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2023/05/02 12:0 a.m.17 views

Otter - Gutenberg Blocks < 2.2.6 - Author+ PHAR Deserialization

The plugin does not sanitize some user-controlled file paths before performing file operations on them. This leads to a PHAR deserialization vulnerability on PHP addFromString'test.png', 'text'; $phar-setStub"\xff\xd8\xff\n"; $phar-setMetadatanew Evil; $phar-stopBuffering; 2. As an Author user,...

8.8CVSS9.1AI score0.17973EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2023/05/02 12:0 a.m.30 views

Easy Digital Downloads < 3.1.1.4.2 - Unauthenticated Privilege Escalation

The plugin does not have authorisation and CSRF in its AJAX action, allowing unauthenticated users to call it, one in particular could allow them to reset any account's password by knowing the username...

9.8CVSS9AI score0.031EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/05/02 12:0 a.m.16 views

WP Fatest Cache < 1.1.5 - Blind SSRF via CSRF

The plugin does not have CSRF check in an AJAX action, and does not validate user input before using it in the wpremoteget function, leading to a Blind SSRF issue Note: CSRF was fixed in 1.1.4, the SSRF in 1.1.5 PoC Make a logged in admin open...

8.8CVSS8.9AI score0.08466EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2023/05/02 12:0 a.m.16 views

Newsletter Popup <= 1.2 - Record Deletion via CSRF

The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks as the wpnewslettershowlocalrecord page is not protected with a nonce. PoC https://localhost/wp-admin/admin.php?page=wpnewslettershowlocalrecord=delet...

8.8CVSS8.8AI score0.00389EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2023/05/02 12:0 a.m.30 views

Image Optimizer by 10web < 1.0.27 - Admin+ Path Traversal

The plugin does not sanitize the dir parameter when handling the getsubdirs ajax action, allowing a high privileged users such as admins to inspect names of files and directories outside of the sites root. PoC - Payload: ../../../../../../../../../../../../../../../../../../../ - At the "Other...

2.7CVSS8.6AI score0.00665EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2023/05/02 12:0 a.m.9 views

Add to Feedly <= 1.2.11 - Admin+ Stored XSS

The plugin does not sanitize and escape its settings, allowing high-privilege users such as admin to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. PoC Install the plugin and insert the following payload in the field "Feed URL http://...": 1" Save the...

4.8CVSS8.4AI score0.00472EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2023/05/02 12:0 a.m.13 views

Orbit Fox < 2.10.24 - Author+ Server-Side Request Forgery

The plugin does not limit URLs which may be used for the stock photo import feature, allowing the user to specify arbitrary URLs. This leads to a server-side request forgery as the user may force the server to access any URL of their choosing. PoC 1. Install the Log HTTP Requests plugin to inspec...

4.3CVSS6.4AI score0.00557EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2023/05/02 12:0 a.m.17 views

AnyWhere Elementor < 1.2.8 - Freemius API Key Disclosure

The plugin discloses a Freemius Secret Key which could be used by an attacker to purchase the pro subscription using test credit card numbers without actually paying the amount. Such key has been revoked. PoC See the disclosed secret key in includes/pro.php...

5.3CVSS6.7AI score0.0062EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2023/05/02 12:0 a.m.127 views

Elementor Website Builder < 3.12.2 - Admin+ SQLi

The plugin does not properly sanitize and escape the Replace URL parameter in the Tools module before using it in a SQL statement, leading to a SQL injection exploitable by users with the Administrator role. PoC 1. Go to Elementor Tools Replace URL 2. Fill the first field with...

7.2CVSS7.3AI score0.19695EPSS
Exploits7Affected Software1
WPVulnDB
WPVulnDB
added 2023/05/02 12:0 a.m.26 views

Login Rebuilder < 2.8.1 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. PoC 1. Go to Settings » Login rebuilder 2. In...

4.8CVSS8.2AI score0.00552EPSS
Exploits3Affected Software1
WPVulnDB
WPVulnDB
added 2023/05/01 12:0 a.m.16 views

WP EasyPay < 4.1 - Reflected Cross-Site Scripting

The plugin does not escape some generated URLs before outputting them back in pages, leading to Reflected Cross-Site Scripting issues which could be used against high privilege users such as admin PoC When there is no account connected, make a logged in admin open...

8.5AI score0.00458EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2023/05/01 12:0 a.m.38 views

Product Addons & Fields for WooCommerce < 32.0.7 - Reflected Cross-Site Scripting

The plugin does not sanitize and escape some URL parameters, leading to Reflected Cross-Site Scripting. PoC Ensure WooCommerce is installed. Visit the following path, while logged in as an Admin: /wp-admin/admin.php?page=ppomid=5meta=edit&"=1...

6.1CVSS8.8AI score0.00952EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2023/05/01 12:0 a.m.10 views

Advanced Woo Search < 2.78 - Admin+ Stored Cross-Site Scripting

The plugin does not properly sanitize input and escape output in admin settings, leading to Stored Cross-Site Scripting vulnerabilities. This issue affects multi-site installations and those with unfilteredhtml disabled...

4.4CVSS5.9AI score0.00536EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/04/29 12:0 a.m.11 views

I Recommend This <= 3.8.3 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5.9CVSS5.7AI score0.00392EPSS
Exploits0Affected Software1
Total number of security vulnerabilities14603