Lucene search
K
WpvulndbRecent

14603 matches found

WPVulnDB
WPVulnDB
added 2023/03/27 12:0 a.m.18 views

WP Meta SEO < 4.5.5 - Author+ PHAR Deserialization

The plugin does not validate image file paths before attempting to manipulate the image files, leading to a PHAR deserialization vulnerability. Furthermore, the plugin contains a gadget chain which may be used in certain configurations to achieve remote code execution. PoC 1. Use a WordPress...

8.8CVSS8.9AI score0.01689EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/03/27 12:0 a.m.19 views

Pagination by BestWebSoft < 1.2.3 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5.9CVSS5.7AI score0.00369EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/03/27 12:0 a.m.16 views

Contact Forms by Cimatti < 1.5.5 - Unauthenticated Stored XSS

The plugin does not sanitise and escape some parameters, which could allow unauthenticated users to perform Stored Cross-Site Scripting attacks...

7.1CVSS6.4AI score0.00382EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/03/23 12:0 a.m.113 views

WooCommerce Payments < 5.6.2 - Unauthenticated Privilege Escalation

The plugin has a flaw allowing unauthenticated attackers to create an admin account and take over the blog PoC POST /wp-json/wp/v2/users HTTP/1.1 Host: 127.0.0.1 Upgrade-Insecure-Requests: 1 Accept:...

9.8CVSS9AI score0.86919EPSS
Exploits9References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/03/23 12:0 a.m.6 views

GiveWP < 2.25.3 - Cross-Site Request Forgery

The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...

6.7AI score
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/03/22 12:0 a.m.14 views

Woo Bulk Price Update < 2.2.2 - Reflected XSS

The plugin does not sanitize and escape escape the page parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin PoC Make a logged in admin open...

5.4CVSS5.1AI score0.00887EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/03/22 12:0 a.m.21 views

Events Made Easy <= 2.3.14 - Subscriber+ SQLi

The plugin does not properly sanitise and escape the searchname parameter before using it in a SQL statement via the emerecurrenceslist AJAX action, leading to a SQL injection exploitable by any authenticated users, such as subscriber PoC Open the URL below while being on the blog as subscriber...

8.8CVSS9AI score0.00872EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/03/22 12:0 a.m.20 views

Pricing Tables For WPBakery Page Builder < 3.0 - Subscriber+ LFI

The plugin does not validate some shortcode attributes before using them to generate paths passed to include function/s, allowing any authenticated users such as subscriber to perform LFI attacks PoC Run the below command in the developer console of the web browser while being on the blog as a...

6.5CVSS6.6AI score0.009EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2023/03/22 12:0 a.m.12 views

Formidable PRO2PDF < 3.11 - Subscriber+ SQLi

The plugin does not properly sanitise and escape the fieldmap parameter before using it in a SQL statement via the fpropdfexportfile AJAX action, leading to a SQL injection exploitable by any authenticated users, such as subscriber PoC Run the below command in the developer console of the web...

8.8CVSS9.1AI score0.00926EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/03/22 12:0 a.m.16 views

I Recommend This <= 3.8.3 - CSRF

The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...

6.7AI score0.00321EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/03/22 12:0 a.m.26 views

W4 Post List < 2.4.6 - Subscriber+ Password Protected Post Content Disclosure

The plugin does not ensure that password protected posts can be accessed before displaying their content, which could allow any authenticated users to access them PoC Setup: Create a default Post list, and create a password protected post with secret content Then, run the below command in the...

6.5CVSS6.7AI score0.00654EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2023/03/22 12:0 a.m.15 views

W4 Post List < 2.4.6 - Reflected XSS

The plugin does not escape some URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting PoC Make a logged in admin open https://example.com/wp-admin/edit.php?posttype=w4pl=w4pl-docs" On a page where there is a list with navigation displayed put a nav in the template o...

6.1CVSS6.4AI score0.00458EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2023/03/22 12:0 a.m.37 views

LiteSpeed Cache <= 5.3 - CSRF

The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...

8.8CVSS6.7AI score0.00264EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/03/22 12:0 a.m.22 views

WooCommerce JazzCash Gateway <= 2.0 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

7.1CVSS6AI score0.00382EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/03/22 12:0 a.m.9 views

Thank You Page Customizer for WooCommerce – Increase Your Sales < 1.0.14 - CSRF

The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...

8.8CVSS6.7AI score0.00256EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/03/22 12:0 a.m.21 views

Product Feed PRO for WooCommerce < 12.4.5 - Multiple CSRF

The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions such as update the plugin's settings as well as update projects via CSRF attacks...

8.8CVSS8.6AI score0.00248EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/03/22 12:0 a.m.29 views

WP Popup Banners <= 1.2.5 - Subscriber+ SQLi

The plugin does not properly sanitise and escape the value parameter before using it in a SQL statement via the getpopupdata AJAX action, leading to a SQL injection exploitable by any authenticated users, such as subscriber PoC Run the below command in the developer console of the web browser whi...

8.8CVSS9.1AI score0.00872EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/03/22 12:0 a.m.20 views

MDTF < 1.3.1 - Reflected XSS

The plugin does not sanitise and escape the taxname parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin PoC Make a logged in admin open...

5.4CVSS5.5AI score0.00441EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/03/22 12:0 a.m.18 views

W4 Post List < 2.4.6 - Contributor+ Stored XSS

The plugin does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. PoC On a post, add a "W4 Post List" block, select a li...

5.4CVSS5.2AI score0.00444EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2023/03/22 12:0 a.m.14 views

InPost Gallery <= 2.1.4.1 - Reflected XSS

The plugin does not sanitise and escape the imgurl parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin PoC Make a logged in admin open...

5.4CVSS5.5AI score0.00441EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/03/22 12:0 a.m.18 views

Gift Voucher < 4.3.3 - Subscriber+ SQLi

The plugin does not properly sanitise and escape the template parameter before using it in a SQL statement via the wpgvdoajaxvoucherpdfsavefunc AJAX action, leading to a SQL injection exploitable by any authenticated users, such as subscriber PoC curl "http://$TARGETHOST/wp-admin/admin-ajax.php"...

9.8CVSS9.6AI score0.42186EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/03/22 12:0 a.m.23 views

Waiting: One-click Countdowns <= 0.6.2 - Subscriber+ SQLi

The plugin does not properly sanitise and escape the pbcdownmetaid parameter before using it in a SQL statement via the pbcsavedowns AJAX action, leading to a SQL injection exploitable by any authenticated users, such as subscriber PoC Run the below command in the developer console of the web...

8.8CVSS9.1AI score0.00872EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/03/22 12:0 a.m.13 views

Pricing Tables For WPBakery Page Builder < 3.0 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks PoC Note: The plugin requires WPBakery Page...

5.4CVSS5.4AI score0.00444EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2023/03/21 12:0 a.m.10 views

Open Graphite < 1.6.1 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape the "topic" parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

7.1CVSS6AI score0.00382EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/03/21 12:0 a.m.13 views

Weather Station <= 3.8.12 - Cross-Site Request Forgery

Cross-Site Request Forgery CSRF vulnerability in Jason Rouet Weather Station plugin = 3.8.12 versions...

8.8CVSS6.9AI score0.00321EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/03/21 12:0 a.m.23 views

Drag and Drop Multiple File Upload PRO - Contact Form 7 Standard < 2.11.1 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high-privilege users such as admins. PoC Visit the following path on the site as an admin user:...

6.1CVSS5.7AI score0.00542EPSS
Exploits3Affected Software1
WPVulnDB
WPVulnDB
added 2023/03/21 12:0 a.m.12 views

Userlike – WordPress Live Chat < 2.3 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5.9CVSS5.7AI score0.00392EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/03/21 12:0 a.m.18 views

Team Member < 4.5 - Editor+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some parameters, which could allow users with a role as low as Editor to perform Cross-Site Scripting attacks...

5.9CVSS6.1AI score0.00367EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/03/21 12:0 a.m.16 views

Disqus Conditional Load < 11.1.2 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5.9CVSS4.8AI score0.00369EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/03/21 12:0 a.m.15 views

JS Job Manager < 2.0.1 - Missing Authorization

The plugin does not have authorisation in various AJAX actions, which could allow users with a role as low as Subscriber to call them and perform unauthorised actions...

6.7AI score0.0049EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/03/21 12:0 a.m.18 views

Redirection < 1.1.5 - Plugin Reset via CSRF

The plugin does not have CSRF checks in the uninstall action, which could allow attackers to make logged in admins delete all the redirections through a CSRF attack. PoC https://example.com/wp-admin/admin-post.php?action=iruninstall...

6.5CVSS6.2AI score0.00326EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2023/03/21 12:0 a.m.14 views

Drag and Drop Multiple File Upload PRO - Contact Form 7 with Remote Storage Integrations < 5.0.6.4 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high-privilege users such as admins. PoC Visit the following path on the site as an admin user:...

6.1CVSS5.7AI score0.00542EPSS
Exploits3Affected Software1
WPVulnDB
WPVulnDB
added 2023/03/21 12:0 a.m.12 views

Update Image Tag Alt Attribute <= 2.4.5 - Cross-Site Request Forgery

The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...

6.7AI score0.00113EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/03/21 12:0 a.m.14 views

VigilanTor <= 1.3.10 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5.9CVSS5.7AI score0.00369EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/03/21 12:0 a.m.17 views

Simple Custom Author Profiles <= 1.0.0 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5.9CVSS5.7AI score0.00369EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/03/21 12:0 a.m.29 views

User Registration < 2.3.3 - Subscriber+ PHP Object Injection

The plugin unserializes user input via the urgetuserextrafields and userregistrationformfield function, which could allow any authenticated users, such as subscriber to perform PHP Object Injection when a suitable gadget is present on the blog...

9.4AI score0.00611EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/03/21 12:0 a.m.16 views

Vertical scroll recent post <= 14.0 - Contributor+ Stored Cross-Site Scripting

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

6.5CVSS5.8AI score0.00361EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/03/21 12:0 a.m.24 views

Lazy Social Comments <= 2.0.4 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5.9CVSS5.7AI score0.00369EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/03/20 12:0 a.m.22 views

ConvertBox Auto Embed WordPress < 1.0.20 - Contributor+ Stored Cross-Site Scripting

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

6.5CVSS5.8AI score0.00361EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/03/20 12:0 a.m.40 views

Hummingbird < 3.4.2 - Unauthenticated Path Traversal

The plugin does not validate the generated file path for page cache files before writing them, leading to a path traversal vulnerability in the page cache module. This allows an attacker to: - Enumerate file system directories where the user who starts the web server process has write access. -...

9.8CVSS9AI score0.01119EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2023/03/20 12:0 a.m.16 views

Google XML Sitemap for Mobile <= 1.6.1 - Cross-Site Request Forgery

Cross-Site Request Forgery CSRF vulnerability in Amit Agarwal Google XML Sitemap for Mobile plugin = 1.6.1 versions...

8.8CVSS6.9AI score0.00321EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/03/20 12:0 a.m.15 views

Scheduled Announcements Widget < 1.0 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. PoC Note: First you need to add an...

5.4CVSS5.4AI score0.00444EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2023/03/20 12:0 a.m.32 views

Stylish Cost Calculator Premium < 7.9.0 - Unauthenticated Stored XSS

The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Stored Cross-Site Scripting which could be used against admins when viewing submissions submitted through the Email Quote Form. PoC POST /wp-admin/admin-ajax.php HTTP/2 Host: hosthere...

6.1CVSS6.4AI score0.00458EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2023/03/20 12:0 a.m.23 views

FluentForms < 4.3.25 - Contributor+ Stored XSS via Custom HTML Form Field

The plugin does not properly sanitize and escape the srcdoc attribute in iframes in it's custom HTML field type, allowing a logged in user with roles as low as contributor to inject arbitrary javascript into a form which will trigger for any visitor to the form or admins previewing or editing the...

5.4CVSS6AI score0.00478EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2023/03/20 12:0 a.m.11 views

Simple Giveaways < 2.45.1 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC Login with admin user and navigate to "Giveawa...

4.8CVSS4.9AI score0.00442EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2023/03/20 12:0 a.m.22 views

All-In-One Security (AIOS) < 5.1.5 - Admin+ Stored XSS

The plugin does not escape the content of log files before outputting it to the plugin admin page, allowing an authorized user admin+ to plant bogus log files containing malicious JavaScript code that will be executed in the context of any administrator visiting this page. PoC Just create a...

4.8CVSS5.9AI score0.32462EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2023/03/20 12:0 a.m.42 views

All-In-One Security (AIOS) < 5.1.5 - Admin+ Arbitrary File/Folder Access via Traversal

The plugin does not limit what log files to display in it's settings pages, allowing an authorized user admin+ to view the contents of arbitrary files and list directories anywhere on the server to which the web server has access. The plugin only displays the last 50 lines of the file. PoC POST...

4.9CVSS5.5AI score0.19921EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2023/03/20 12:0 a.m.15 views

Store Locator WordPress < 1.4.10 - Editor+ Stored XSS

The plugin does not sanitise and escape some parameters such as categoryname, description, description2 etc, which could allow users with a role as low as Editor to perform Cross-Site Scripting attacks...

5.9CVSS6.1AI score0.00396EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/03/20 12:0 a.m.22 views

Event Manager for WooCommerce < 3.8.7 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5.9CVSS5.5AI score0.00369EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/03/20 12:0 a.m.134 views

JetEngine < 3.1.3.1 - Author+ Remote Code Execution

The plugin includes uploaded files without adequately ensuring that they are not executable, leading to a remote code execution vulnerability. PoC fetch"/wp-admin/admin.php?action=jetengineformsimport", "headers": "accept": "text/html", "content-type": "multipart/form-data;...

8.8CVSS8.9AI score0.01519EPSS
Exploits2Affected Software1
Total number of security vulnerabilities14603