Lucene search
K
WpvulndbRecent

14603 matches found

WPVulnDB
WPVulnDB
•added 2023/04/12 12:0 a.m.•18 views

ChatBot < 4.4.7 - Unauthenticated PHP Object Injection

The plugin unserializes user input from cookies via an AJAX action available to unauthenticated users, which could allow them to perform PHP Object Injection when a suitable gadget is present on the blog PoC To simulate a gadget chain, put the following code in a plugin: class Evil public functio...

9.8CVSS9.4AI score0.34351EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2023/04/11 12:0 a.m.•20 views

PowerPress < 10.0.2 - Contributor+ Stored Cross-Site Scripting

The plugin does not properly sanitize and escape user-supplied attributes in its shortcodes, leading to a Stored Cross-Site Scripting vulnerability...

5.4CVSS5.9AI score0.00529EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
•added 2023/04/11 12:0 a.m.•20 views

Web Stories < 1.32 - Author+ Auth Bypass

The plugin does not check password protections on posts before performing some actions, allowing users with the Author role or higher to perform unauthorized actions on posts. The Web Stories for WordPress plugin supports the WordPress built-in functionality of protecting content with a password...

6.5CVSS6.7AI score0.00442EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2023/04/10 12:0 a.m.•12 views

Product Catalog Feed by PixelYourSite < 2.1.1 - Reflected XSS

The plugin does not sanitise and escape the edit parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as administrators. PoC Make a logged in admin open the following URL:...

6.1CVSS6.1AI score0.00519EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2023/04/10 12:0 a.m.•10 views

Product Catalog Feed by PixelYourSite < 2.1.1 - Reflected XSS

The plugin does not sanitise and escape the page parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin PoC Make a logged in admin open a page with the code below...

6.1CVSS8.8AI score0.00458EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2023/04/10 12:0 a.m.•43 views

Download Manager Pro < 6.3.0 - Unauthenticated Sensitive Information Disclosure

The plugin leaks master key information without the need for a password, allowing attackers to download arbitrary password-protected package files. PoC - Create a password protected package containing one or more files. - Navigate to the download page of the package e.g. /download/package1 -...

7.5CVSS7.7AI score0.00738EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2023/04/10 12:0 a.m.•30 views

Advanced Custom Fields < 5.12.5 - Contributor+ PHP Object Injection

The plugin unserializes user controllable data, which could allow users with a role of Contributor and above to perform PHP Object Injection when a suitable gadget is present. PoC Setup As admin - To simulate a gadget chain, put the following code in a plugin: class Evil public function wakeup :...

8.8CVSS9.5AI score0.0108EPSS
Exploits3Affected Software2
WPVulnDB
WPVulnDB
•added 2023/04/10 12:0 a.m.•11 views

WP Custom Author URL < 1.0.5 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. PoC 1. Login as Admin. 2. Go to...

4.8CVSS4.9AI score0.00501EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2023/04/10 12:0 a.m.•18 views

Blocksy Companion < 1.8.82 - Subscriber+ Draft Post Access

The plugin does not ensure that posts to be accessed via a shortcode are already public and can be viewed, allowing any authenticated users, such as subscriber to access draft posts for example PoC Run the below command in the developer console of the web browser while being on the blog as a...

4.3CVSS9AI score0.0055EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2023/04/10 12:0 a.m.•20 views

SEOPress < 6.5.0.3 - Admin+ PHP Object Injection

The plugin unserializes user input provided via the settings, which could allow high-privilege users such as admin to perform PHP Object Injection when a suitable gadget is present. PoC To simulate a gadget chain, put the following code in a plugin: class Evil public function wakeup : void...

7.2CVSS6.5AI score0.18505EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2023/04/10 12:0 a.m.•27 views

Advanced Custom Fields < 6.1.0 - Contributor+ PHP Object Injection

The plugin unserializes user controllable data, which could allow users with a role of Contributor and above to perform PHP Object Injection when a suitable gadget is present. PoC Setup As admin - To simulate a gadget chain, put the following code in a plugin: class Evil public function wakeup :...

8.8CVSS9.5AI score0.0108EPSS
Exploits3Affected Software2
WPVulnDB
WPVulnDB
•added 2023/04/10 12:0 a.m.•30 views

Limit Login Attempts < 1.7.2 - Subscriber+ Stored XSS

The plugin does not sanitize and escape usernames when outputting them back in the logs dashboard, which could allow any authenticated users, such as subscriber to perform Stored Cross-Site Scripting attacks PoC import requests import sys import re if lensys.argv != 4: print'USAGE: python %s ' %...

5.4CVSS5.5AI score0.28799EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2023/04/07 12:0 a.m.•20 views

Comments Ratings < 1.1.7 - Cross-Site Request Forgery

The plugin does not properly validate requests use nonces, leading to a potential Cross-Site Request Forgery vulnerability...

8.8CVSS6.8AI score0.00256EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
•added 2023/04/07 12:0 a.m.•15 views

PixTypes < 1.4.15 - Cross-Site Request Forgery

The plugin does not adequately verify requests use nonces, leading to a potential Cross-Site Request Forgery CSRF vulnerability...

8.8CVSS6.8AI score0.00256EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
•added 2023/04/06 12:0 a.m.•219 views

WP Data Access < 5.3.8 - Subscriber+ Privilege Escalation

The plugin does not have authorisation in the multiplerolesupdate function, allowing any authenticated users, such as subscriber to update their role and set themselves as admin for example, when the 'Enable role management' setting is enabled...

8.8CVSS8.3AI score0.02726EPSS
Exploits3References1Affected Software1
WPVulnDB
WPVulnDB
•added 2023/04/06 12:0 a.m.•18 views

Appointment and Event Booking Calendar for WordPress < 1.0.76 - Reflected XSS

The plugin does not sanitise and escape the code parameter before outputting it back in a page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

7.1CVSS6.3AI score0.00508EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
•added 2023/04/06 12:0 a.m.•23 views

WP Fatest Cache < 1.1.3 - Multiple CSRF

The plugin does not have CSRF checks in various functions, which could allow attackers to make logged in admins perform unwanted actions such as update CDN/Cache settings via CSRF attacks...

4.3CVSS5.3AI score0.00227EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2023/04/06 12:0 a.m.•60 views

Formidable Forms < 6.2 - Unauthenticated PHP Object Injection

The plugin unserializes user input, which could allow anonymous users to perform PHP Object Injection when a suitable gadget is present. PoC To simulate a gadget chain, put the following code in a plugin: class Evil public function wakeup : void die"Arbitrary deserialization"; 1. Active this...

9.5AI score0.00702EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2023/04/06 12:0 a.m.•25 views

Easy Sign Up <= 3.4.1 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

6.5CVSS5.8AI score0.00361EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2023/04/06 12:0 a.m.•34 views

Transbank Webpay REST < 1.6.7 - Admin+ SQLi

The plugin does not properly sanitise and escape the orderby parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin...

7.2CVSS8.3AI score0.00695EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2023/04/06 12:0 a.m.•71 views

The7 < 11.6.1 - Reflected XSS

The plugin does not sanitise and escape a parameter from the legacy DT Flickr widget before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

7.1CVSS6AI score0.00382EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2023/04/06 12:0 a.m.•19 views

Product Catalog Simple < 1.7.0 - Reflected XSS

The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

7.1CVSS6.4AI score0.00382EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2023/04/06 12:0 a.m.•20 views

IMPress Listings <= 2.6.2 - Contributor+ Stored XSS

The plugin does not sanitise and escape some parameters, which could allow users with a role as low as Contributor to perform Cross-Site Scripting attacks...

6.5CVSS6.1AI score0.00361EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2023/04/06 12:0 a.m.•14 views

Maps Widget for Google Maps < 4.25 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS5.5AI score0.00377EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2023/04/06 12:0 a.m.•13 views

PHP Compatibility Checker < 1.6.0 - Cross-Site Request Forgery

The plugin does not adequately protect against Cross-Site Request Forgery CSRF, making it possible to force unsuspecting users to perform actions without their consent...

8.8CVSS6.7AI score0.00271EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
•added 2023/04/06 12:0 a.m.•18 views

Limit Login Attempts < 1.7.2 - Unauthenticated Stored XSS

The plugin does not sanitize and escape the IP address retrieved from headers such as X-Forwarded-For when the "Site Connection" settings is set to "From behind a reversy proxy", which could allow unauthenticated attackers to perform Stored Cross-Site Scripting attacks PoC Setup: As admin, set th...

7.2CVSS6AI score0.00789EPSS
Exploits3Affected Software1
WPVulnDB
WPVulnDB
•added 2023/04/05 12:0 a.m.•12 views

WP SMTP Mailing Queue < 2.0.1 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC 1. Navigate to "Settings SMTP Mailing Queue...

4.8CVSS8.6AI score0.00535EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
•added 2023/04/05 12:0 a.m.•21 views

WCFM Membership < 2.10.1 - Unauthenticated Privilege Escalation

The plugin does not have authorisation in the wcfmajaxcontroller AJAX action, allowing unauthenticated attackers to change membership registration form and set the default role to administrator...

9.8CVSS9AI score0.02099EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2023/04/05 12:0 a.m.•15 views

YourChannel < 1.2.4 - Unauthenticated Settings Reset

The plugin does not have authorisation check when reset its settings, allowing unauthenticated attackers to reset them and remove YT channels from the plugin...

6.5CVSS7AI score0.00705EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2023/04/05 12:0 a.m.•12 views

WCFM Membership < 2.10.0 - Multiple CSRF

The plugin does not have CSRF checks in various AJAX actions, allowing attackers to make logged in admins call them and modify membership details/renewal information etc via CSRF attacks...

8.8CVSS8.6AI score0.00321EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2023/04/05 12:0 a.m.•15 views

WCFM Frontend Manager < 6.6.1 - Subscriber+ Unauthorised AJAX Calls

The plugin does not have authorisation in various AJAX actions, allowing any authenticated users, such as subscriber to call them and modify knowledge bases/notices/payments, manage vendors etc...

8.8CVSS8.6AI score0.00643EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2023/04/05 12:0 a.m.•13 views

Stagtools < 2.3.7 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. PoC 1. Create a Post and add a Shortcode...

5.4CVSS8.7AI score0.00444EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2023/04/05 12:0 a.m.•19 views

WCFM Frontend Manager < 6.6.0 - Multiple CSRF

The plugin does not have CSRF checks in numerous AJAX actions, allowing any attackers to make logged in admin modify knowledge bases/notices/payments, manage vendors/capabilities etc via CSRF attacks...

8.8CVSS8.7AI score0.00248EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2023/04/05 12:0 a.m.•33 views

WCFM Marketplace < 3.4.12 - Subscriber+ Unauthorised AJAX Calls

The plugin does not have authorisation in various AJAX actions, allowing any authenticated users, such as subscriber to call them and modify shipping method details/products, delete arbitrary posts, as well as lead to privilege escalation...

8.8CVSS8.8AI score0.00723EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2023/04/05 12:0 a.m.•16 views

Weaver Xtreme Theme < 6.2 - Contributor+ Stored Cross-Site Scripting

The theme does not properly escape the profile display name, leading to a stored Cross-Site Scripting vulnerability...

6.4CVSS6.1AI score0.00531EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
•added 2023/04/05 12:0 a.m.•19 views

WCFM Marketplace < 3.5.0 - Multiple CSRF

The plugin does not have CSRF in various AJAX actions, allowing attackers to make logged in admin modify shipping method details/products, delete arbitrary posts, etc via CSRF attacks...

8.8CVSS8.8AI score0.00248EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2023/04/05 12:0 a.m.•20 views

WCFM Membership < 2.10.1 - Unauthenticated AJAX Calls

The plugin does not have authorisation in various AJAX actions, allowing unauthenticated attackers to call them and modify membership details/renewal information etc...

7.3CVSS7.1AI score0.01084EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2023/04/05 12:0 a.m.•20 views

Site Reviews < 6.7.1 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. PoC 1. Login as Admin. 2. Go to...

4.8CVSS8.7AI score0.00501EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2023/04/05 12:0 a.m.•23 views

YourChannel < 1.2.5 - Multiple CSRF

The plugin does not have CSRF checks in some places, which could allow attackers to make logged in admins to reset and change the plugin's quick language translation, general and channel settings via CSRF attacks...

5.4CVSS6.8AI score0.00302EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2023/04/05 12:0 a.m.•10 views

Slimstat Analytics < 4.9.4 - Subscriber+ SQL Injection

The plugin does not prevent subscribers from rendering certain shortcodes that concatenate attributes directly into an SQL query. PoC...

7.3AI score
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
•added 2023/04/04 12:0 a.m.•18 views

Zyrex Popup < 1.1 - Admin+ Arbitrary File Upload

The plugin does not validate the type of files uploaded when creating a popup, allowing a high privileged user such as an Administrator to upload arbitrary files, even when modifying the file system is disallowed, such as in a multisite install. PoC Create a new popup by filling in anything in th...

7.2CVSS9AI score0.00962EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2023/04/04 12:0 a.m.•11 views

Sp*tify Play Button for WordPress < 2.08 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS5.5AI score0.00352EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2023/04/04 12:0 a.m.•18 views

Outdoor < 3.9.7 - Reflected XSS

The theme does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

7.1CVSS6.4AI score0.00382EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2023/04/04 12:0 a.m.•13 views

Amr Ical Events Lists <= 6.6 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC 1. Login as Admin. 2. Go to...

4.8CVSS8.4AI score0.00442EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2023/04/04 12:0 a.m.•13 views

Quick Paypal Payments < 5.7.26.4 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC Original request - with sandbox=checked POST...

4.8CVSS5.2AI score0.0047EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2023/04/04 12:0 a.m.•14 views

Comment Reply Notification <= 1.4 - Cross-Site Request Forgery

The plugin does not properly validate requests use nonces, leading to a Cross-Site Request Forgery CSRF vulnerability...

8.8CVSS6.8AI score0.00256EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
•added 2023/04/03 12:0 a.m.•74 views

Ajax Search Lite < 4.11.1, Pro < 4.26.2 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape a parameter before outputting it back in a response of an AJAX action, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin PoC Make a logged in admin open a page with the code below...

6.1CVSS6.2AI score0.00493EPSS
Exploits2Affected Software2
WPVulnDB
WPVulnDB
•added 2023/04/03 12:0 a.m.•22 views

Product Enquiry for WooCommerce < 2.2.13 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5.9CVSS5.5AI score0.00369EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2023/04/03 12:0 a.m.•14 views

WP FEvents Book <= 0.46 - Subscriber+ Stored XSS

The plugin does not sanitise and escape some parameters, which could allow any authenticated users, such as subscriber to perform Cross-Site Scripting attacks PoC 1. Create an event page using the plugin. 2. Access the page using an account with Subscriber role. 3. In the 'User notes' section,...

5.4CVSS5.3AI score0.00441EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2023/04/03 12:0 a.m.•15 views

Albo Pretorio Online < 4.6.2 - Reflected XSS

The plugin does not sanitise and escape the Ente parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

7.1CVSS6.4AI score0.00382EPSS
Exploits0Affected Software1
Total number of security vulnerabilities14603