Lucene search
K
WpvulndbRecent

14603 matches found

WPVulnDB
WPVulnDB
added 2023/04/18 12:0 a.m.14 views

OoohBoi Steroids for Elementor < 2.1.5 - Arbitrary File Upload

The plugin does not properly protect its fileuploadercallback function with capability checks, which makes it possible for attackers with a low-privilege account, like subscribers, to upload image attachments to the site...

4.3CVSS6.9AI score0.00573EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/04/18 12:0 a.m.14 views

Essential Blocks < 4.0.7 - Multiple Functions Missing Authorization Checks

The plugin does not apply authorization checks on multiple sensitive functions in the plugin, making them reachable to users with low privileges like Subscribers. Additionally, its nonce validation logic can be bypassed. Affected functions include: save, get, templates, templatecount,...

4.3CVSS6.8AI score0.00607EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/04/18 12:0 a.m.19 views

BadgeOS <= 3.7.1.6 - CSRF

The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...

8.8CVSS6.7AI score0.00246EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/04/18 12:0 a.m.19 views

ApexChat < 1.3.2 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5.9CVSS5.7AI score0.00392EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/04/18 12:0 a.m.16 views

Clock In Portal <= 2.1 - Staff Deletion via CSRF

The plugin does not have CSRF check when deleting Staff members, which could allow attackers to make logged in admins delete arbitrary Staff via a CSRF attack PoC Make a logged in admin open a page with the code below, this will make them delete the Staff with ID 1...

4.3CVSS8.4AI score0.00278EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2023/04/18 12:0 a.m.18 views

Thumbnail carousel slider < 1.1.10 - Reflected XSS

The plugin does not sanitise and escape some parameters before outputting them back in pages, leading to Reflected Cross-Site Scripting vulnerability which could be used against high privilege users such as admin. PoC Make a logged in admin open: GET...

6.1CVSS7.8AI score0.00477EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2023/04/18 12:0 a.m.38 views

YellowPencil Visual CSS Style Editor < 7.5.9 - Admin+ Stored XSS

The plugin does not sanitise and escape some parameters, which could allow users with a role of Admin to perform Cross-Site Scripting attacks...

4.8CVSS6.1AI score0.00352EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/04/18 12:0 a.m.14 views

Semalt Blocker <= 1.1.3 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5.9CVSS5.7AI score0.00369EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/04/18 12:0 a.m.19 views

Themify Portfolio Post < 1.2.5 - Editor+ Stored XSS

The plugin does not sanitise and escape some parameters, which could allow users with a role as low as Editor to perform Cross-Site Scripting attacks...

5.4CVSS6.1AI score0.00364EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/04/17 12:0 a.m.13 views

Product Slider For WooCommerce Lite <= 1.1.7 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks PoC psfwlgutenblock headingtag='h2"...

5.4CVSS5.1AI score0.00503EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2023/04/17 12:0 a.m.28 views

Ultimate Carousel For Elementor <= 2.1.7 - Contributor+ Stored XSS

The plugin does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. The plugin author was made aware of this vulnerability...

5.4CVSS5.4AI score0.00444EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2023/04/17 12:0 a.m.16 views

Video List Manager <= 1.7 - Admin+ SQL Injection

The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin PoC SELECT query: 1. Log in as admin. 2. Visit the following path on the site:...

7.2CVSS9.6AI score0.03229EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2023/04/17 12:0 a.m.16 views

WP Popups < 2.1.5.1 - Contributor+ Stored XSS

The plugin does not properly escape the href attribute of its spu-facebook-page shortcode before outputting it back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. This is due to an insufficie...

6.5CVSS5.1AI score0.00444EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2023/04/17 12:0 a.m.17 views

Membership Database <= 1.0 - Reflected XSS

The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin PoC Make a logged in admin open a page with the code below...

6.1CVSS8.5AI score0.0085EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2023/04/17 12:0 a.m.15 views

Post Shortcode <= 2.0.9 - Contributor+ Stored Cross-Site Scripting

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks PoC pcs template='" onmouseover="alert1"...

5.4CVSS7.7AI score0.00448EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2023/04/17 12:0 a.m.14 views

Bitcoin / AltCoin Payment Gateway <= 1.7.1 - Unauthenticated SQLi

The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by authenticated users PoC Setup: 1. Install woocommerce dependency, no setup required 2. Install the vulnerable plugin woo-altcoin-payment-gateway version 1.7.1...

9.8CVSS9.8AI score0.00898EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2023/04/17 12:0 a.m.13 views

WP Login Box <= 2.0.2 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC Set “Greeting Text” option to: Set “Enable the...

4.8CVSS7.6AI score0.00442EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2023/04/17 12:0 a.m.19 views

Japanized For WooCommerce < 2.5.8 - Reflected XSS

The plugin does not escape generated URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting PoC With the PeachPay payment gateway enabled can be enabled via the settings: http://example.com/wp-admin/admin.php?page=wc4jp-options=payment Make a logged in admin open the...

6.1CVSS6.4AI score0.0085EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2023/04/17 12:0 a.m.27 views

Ultimate Carousel For WPBakery Page Builder <= 2.6 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. The plugin author was made aware of this...

5.4CVSS5.4AI score0.00444EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2023/04/17 12:0 a.m.19 views

LearnPress Export Import < 4.0.3 - Reflected XSS

The plugin does not sanitise and escape the learn-press-export-file-name parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

7.1CVSS6AI score0.00382EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/04/17 12:0 a.m.15 views

Wp-D3 <= 2.4.1 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. PoC d3-source canvas='" onmouseover="alert1...

5.4CVSS8.3AI score0.00444EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2023/04/17 12:0 a.m.11 views

Sloth Logo Customizer <= 2.0.2 - Stored XSS via CSRF

The plugin does not have CSRF check when updating its settings, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack PoC Make a logged in Admin open a page containing the HTML code below...

8.8CVSS7.9AI score0.13871EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2023/04/17 12:0 a.m.19 views

NEX-Forms < 8.4 - Admin+ SQL Injection

The plugin does not properly escape the table parameter, which is populated with user input, before concatenating it to an SQL query. PoC POST /wp-admin/admin-ajax.php HTTP/1.1 Deleted Headers action=nfupdaterecord=Injection PointId=1=shared=exploit%60fields=/Deleted Content/...

7.2CVSS7.4AI score0.44629EPSS
Exploits3References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/04/17 12:0 a.m.16 views

Responsive Filterable Portfolio < 1.0.20 - Reflected XSS

The plugin does not sanitise and escape the searchterm parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

6.1CVSS6.4AI score0.00567EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/04/17 12:0 a.m.54 views

Mega Addons For WPBakery Page Builder < 4.3.0 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. PoC vctestimonial link='target:"...

5.4CVSS5.4AI score0.00444EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2023/04/17 12:0 a.m.14 views

Locatoraid Store Locator < 3.9.15 - Contributor+ Stored Cross-Site Scripting

The plugin does not properly sanitize input and escape output in its shortcodes, leading to stored cross-site scripting vulnerabilities for authenticated users with contributor-level permissions or higher...

5.4CVSS6.1AI score0.00488EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/04/16 12:0 a.m.127 views

WPML Multilingual CMS < 4.6.1 - Reflected Cross-Site Scripting

The plugin does not escape some URL attributes before outputting them to a page, leading to a Reflected Cross-Site Scripting vulnerability. PoC After setting up the plugin, visit the following URL: /wp-login.php?wplang=%20=id=x+type=image%20id=xss%20onfoc%3C!%3Eusin+alert0%0c...

6.1AI score
Exploits0References2Affected Software1
WPVulnDB
WPVulnDB
added 2023/04/14 12:0 a.m.16 views

Affiliate Links Lite <= 2.5 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

6.5CVSS5.8AI score0.00361EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/04/14 12:0 a.m.15 views

Booqable Rental <= 2.4.16 - Admin+ Stored XSS

The plugin does not sanitise and escape some parameters, which could allow users with a role of Admin to perform Cross-Site Scripting attacks...

5.9CVSS6.1AI score0.00369EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/04/14 12:0 a.m.16 views

WP EasyPay < 4.1 - CSRF

The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...

8.8CVSS6.7AI score0.003EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/04/14 12:0 a.m.16 views

Electric Studio Client Login <= 0.8.1 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5.9CVSS5.5AI score0.00369EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/04/14 12:0 a.m.28 views

ZM Ajax Login & Register <= 2.0.2 - Unauthenticated Authentication Bypass

The plugin does not validate that users are allowed to login through the Facebook feature, allowing unauthenticated to be authenticate as any user such as admin by simply knowing the username...

9.8CVSS9AI score0.00989EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/04/14 12:0 a.m.24 views

Motor Racing League <= 1.9.9 - Admin+ XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5.9CVSS5.5AI score0.00369EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/04/13 12:0 a.m.13 views

CoSchedule < 3.3.9 - CSRF

The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...

8.8CVSS6.7AI score0.00249EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/04/13 12:0 a.m.15 views

Simple Popup Images <= 1.8.6 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5.9CVSS5.7AI score0.00369EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/04/13 12:0 a.m.31 views

FooGallery < 2.2.41 - Reflected XSS

The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

7.1CVSS6AI score0.01747EPSS
Exploits1Affected Software1
WPVulnDB
WPVulnDB
added 2023/04/13 12:0 a.m.14 views

Enable Accessibility <= 1.4 - CSRF

The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...

8.8CVSS6.7AI score0.00256EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/04/13 12:0 a.m.20 views

Ultimate Noindex Nofollow Tool II < 1.3.4 - Settings Update via CSRF

The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

8.8CVSS8.5AI score0.00256EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/04/13 12:0 a.m.12 views

ShiftController Employee Shift Scheduling < 4.9.26 - Reflected Cross-Site Scripting

The plugin does not properly sanitize input and escape output in the query string, leading to a Reflected Cross-Site Scripting vulnerability...

6.1CVSS6.1AI score0.00433EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/04/13 12:0 a.m.15 views

Shortlinks by Pretty Links < 3.4.1 - Link Visit Stats Clear via CSRF

The plugin does not have CSRF checks when clearing the Link Visits statistics, which could allow attackers to make logged in admins perform such actions via a CSRF attack...

8.8CVSS6.7AI score0.003EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/04/13 12:0 a.m.29 views

Betheme < 26.8 - Reflected XSS

The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

7.1CVSS6AI score0.00382EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/04/12 12:0 a.m.16 views

Pickup | Delivery | Dine-in date time <= 1.0.9 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC Go to this page:...

4.8CVSS8.8AI score0.00442EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2023/04/12 12:0 a.m.17 views

Cloud Manager <= 1.0 - Reflected XSS

The plugin does not sanitise and escape the query param ricerca before outputting it in an admin panel, allowing unauthenticated attackers to trick a logged in admin to trigger a XSS payload by clicking a link. PoC...

6.1CVSS8.6AI score0.0051EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2023/04/12 12:0 a.m.16 views

ChatBot < 4.4.9 - Subscriber+ OpenAI Settings Update to Stored XSS

The plugin does not have authorisation and CSRF in the AJAX action responsible to update the OpenAI settings, allowing any authenticated users, such as subscriber to update them. Furthermore, due to the lack of escaping of the settings, this could also lead to Stored XSS PoC Run the below command...

5.4CVSS5.2AI score0.00242EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2023/04/12 12:0 a.m.19 views

WP Inventory Manager < 2.1.0.12 - Reflected XSS

The plugin does not sanitise and escape the message parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as administrators. PoC On a page where the wpinventory shortcode is embed, append the following...

6.1CVSS6.1AI score0.00458EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2023/04/12 12:0 a.m.11 views

ChatBot < 4.5.1 - Admin+ Stored XSS

The plugin does not sanitise and escape numerous of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC Put the following payload in the Your...

4.8CVSS5.1AI score0.00442EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2023/04/12 12:0 a.m.20 views

UserPlus <= 2.0 - Stored XSS via CSRF

The plugin does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged-in admin add Stored XSS payloads via a CSRF attack. PoC Open the .html file where the admin user is logged in - Go to...

8.7AI score0.00319EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2023/04/12 12:0 a.m.13 views

ChatBot < 4.4.5 - Stored XSS via CSRF

The plugin does not escape most of its settings before outputting them back in the dashboard, and does not have a proper CSRF check, allowing attackers to make a logged in admin set XSS payloads in them. Note: v4.4.5 fixed the CSRF issue, the lack of escaping was fixed in 4.5.1 and a separate iss...

6.1CVSS6.4AI score0.00237EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2023/04/12 12:0 a.m.20 views

ChatBot < 4.4.9 - Unauthenticated Stored XSS

The plugin does not have authorisation and CSRF in a function hooked to init, allowing unauthenticated users to update some settings, leading to Stored XSS due to the lack of escaping when outputting them in the admin dashboard PoC curl -X POST --data 'qcbotstrweight=" style=animation-name:rotati...

6.1CVSS5.8AI score0.00269EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2023/04/12 12:0 a.m.20 views

hiWeb Migration Simple <= 2.0.0.1 Reflected Cross-Site Scripting

The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high-privilege users such as admins. The hiweb-migration-simple plugin is vulnerable to POST based XSS on endpoint...

8.5AI score0.00476EPSS
Exploits2Affected Software1
Total number of security vulnerabilities14603