Lucene search
K
WpvulndbRecent

14603 matches found

WPVulnDB
WPVulnDB
•added 2023/03/13 12:0 a.m.•17 views

Solidres <= 0.9.4 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC Add a new currency...

4.8CVSS5.1AI score0.00612EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
•added 2023/03/13 12:0 a.m.•15 views

Regina Lite <= 2.0.7 - Reflected XSS

The theme does not sanitise and escape the id parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

5.4CVSS5.2AI score0.00361EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2023/03/13 12:0 a.m.•15 views

Brilliance <= 1.3.1 - Subscriber+ Stored XSS

The theme does not sanitise and escape some parameters, which could allow users with a role as low as subscriber to perform Stored Cross-Site Scripting attacks...

5.9AI score0.00377EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2023/03/13 12:0 a.m.•23 views

Shopping Cart & eCommerce Store < 5.4.3 - Admin+ LFI

The plugin does not validate HTTP requests, allowing authenticated users with admin privileges to perform LFI attacks. PoC 1. Login as Admin. 2. Go to wp-admin/admin.php?page=wp-easycart-products=products 3. Click on Import Products. Browse any file and click on import file. Intercept the...

7.2CVSS6.9AI score0.01084EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2023/03/13 12:0 a.m.•19 views

Klaviyo < 3.0.8 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5.9CVSS5.4AI score0.00396EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2023/03/13 12:0 a.m.•23 views

Robo Gallery < 3.2.13 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

6.5CVSS5.1AI score0.00478EPSS
Exploits1Affected Software1
WPVulnDB
WPVulnDB
•added 2023/03/13 12:0 a.m.•17 views

Site Reviews < 6.6.0 - Contributor+ Stored XSS

The plugin does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

5.8AI score0.00401EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2023/03/13 12:0 a.m.•22 views

User Role by BestWebSoft < 1.6.7 - Privilege Escalation via CSRF

The plugin does not protect against CSRF in requests to update role capabilities, leading to arbitrary privilege escalation of any role. PoC Make a logged in admin open a page with the code below. Then, log in as a subscriber and see that you have full admin access...

8.8CVSS8.8AI score0.00411EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2023/03/13 12:0 a.m.•15 views

Solidres <= 0.9.4 - Multiple Reflected XSS

The plugin does not sanitise and escape numerous parameter before outputting them back in pages, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin PoC Make a logged in admin open...

6.1CVSS6AI score0.00458EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2023/03/13 12:0 a.m.•17 views

Intrepidity <= 1.5.1 - File Upload and Option Update via CSRF

The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...

8.8CVSS6.7AI score0.00319EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2023/03/11 12:0 a.m.•22 views

WH Testimonials <= 3.0.0 - Unauthenticated Stored XSS

The plugin does not sanitise and escape the whhomepage, whtextshort and whtextfull parameters of submitted Testimonials, which could allow unauthenticated attackers to perform Stored Cross-Site Scripting attacks PoC curl -X POST 'http://example.com/add/' \ -H 'Content-Type: multipart/form-data;...

7.2CVSS6.1AI score0.00743EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
•added 2023/03/11 12:0 a.m.•19 views

FluentCRM - Marketing Automation For WordPress < 2.8.0 - Unauthenticated Subscriptions Update

The plugin does not properly secure the use of MD5 hash without a salt to control subscriptions, making it possible for unauthenticated attackers to unsubscribe users from lists and manage subscriptions...

5.3CVSS6.9AI score0.00802EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
•added 2023/03/10 12:0 a.m.•23 views

RapidLoad Power-Up for Autoptimize < 1.7.2 - Unauthorised AJAX Calls

The plugin does not have authorisation and CSRF checks in various AJAX actions such as deleting logs files etc, allowing them to be called by any authenticated users, such a subscriber or via CSRF attacks...

6.3CVSS6.7AI score0.01024EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2023/03/10 12:0 a.m.•25 views

Redirection < 1.1.4 - Redirect Creation via CSRF

The plugin does not add nonce verification in place when adding the redirect, which could allow attackers to add redirects via a CSRF attack. PoC POST /wp-admin/admin-ajax.php HTTP/2 Host: sawcup.s2-tastewp.com Cookie: test=test; User-Agent: useragent Accept: / Accept-Language: en-US,en;q=0.5...

6.5CVSS6.1AI score0.00344EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2023/03/10 12:0 a.m.•23 views

Mass Delete Unused Tags < 3.0.0 - Tags Deletion via CSRF

The plugin does not have CSRF checks when deleting tag, which could allow attackers to make logged in admins perform such action via a CSRF attack...

8.8CVSS6.7AI score0.00265EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2023/03/10 12:0 a.m.•23 views

GiveWP < 2.25.2 - Cross-Site Request Forgery

The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...

8.8CVSS6.7AI score0.00264EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2023/03/10 12:0 a.m.•18 views

GiveWP < 2.25.2 - Author+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some parameters, which could allow users with a role as low as Author to perform Cross-Site Scripting attacks...

6.1AI score0.00423EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2023/03/10 12:0 a.m.•31 views

RapidLoad Power-Up for Autoptimize < 1.7.2 - Multiple Subscriber+ Unauthorised AJAX Calls

The plugin does not have authorisation and CSRF checks in multiple AJAX actions, which could allow users with a role as low as subscriber or an attacker making any authenticated user open a malicious page to call them and modify the plugins cache, add a new license, delete logs files, update cach...

6.3CVSS5.2AI score0.01024EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2023/03/10 12:0 a.m.•21 views

GiveWP < 2.25.2 - Contributor+ Arbitrary Content Deletion

The plugin does not correctly authorize some actions, allowing low-privileged users to delete content from the site which they should not be permitted to delete...

6.7AI score0.00395EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2023/03/09 12:0 a.m.•16 views

Easy Forms for MailChimp < 6.8.9 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its from parameters, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC Edit a form and put the following paylo...

4.8CVSS4.9AI score0.00444EPSS
Exploits1Affected Software1
WPVulnDB
WPVulnDB
•added 2023/03/08 12:0 a.m.•31 views

Drag and Drop Multiple File Upload PRO - Contact Form 7 with Remote Storage Integrations < 5.0.6.3 - Path Traversal

The plugin does not properly check the value of the input "uploaddir", which is modifiable by the user. As a result, by changing the value of this input, it's possible to upload a file anywhere writable in the webserver. PoC 1. Create a contact form and add a "multiple file upload" field. 2. Add...

9.8CVSS8.9AI score0.03004EPSS
Exploits3Affected Software1
WPVulnDB
WPVulnDB
•added 2023/03/08 12:0 a.m.•18 views

Image Over Image For WPBakery Page Builder < 3.0 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. PoC imageoverimagevc...

5.4CVSS5AI score0.00471EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2023/03/08 12:0 a.m.•24 views

GiveWP < 2.25.2 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

6.5CVSS5.8AI score0.00386EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2023/03/08 12:0 a.m.•22 views

Drag and Drop Multiple File Upload PRO - Contact Form 7 Standard < 2.11.0 - Path Traversal

The plugin does not properly check the value of the input "uploaddir", which is modifiable by the user. As a result, by changing the value of this input, it's possible to upload a file anywhere writable in the webserver. PoC 1. Create a contact form and add a "multiple file upload" field. 2. Add...

9.8CVSS8.9AI score0.03004EPSS
Exploits3Affected Software1
WPVulnDB
WPVulnDB
•added 2023/03/08 12:0 a.m.•15 views

W4 Post List < 2.4.5 - Contributor+ Stored XSS

The plugin does not sanitise and escape the w4plnoitemstext parameter, which could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks...

5.9AI score0.00399EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2023/03/08 12:0 a.m.•16 views

CformsII <15.0.4 - Settings Update via CSRF

The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...

8.8CVSS6.7AI score0.00273EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2023/03/08 12:0 a.m.•23 views

HT Easy GA4 ( Google Analytics 4 ) < 1.0.7 - Plugin Activation via CSRF

The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...

8.8CVSS6.7AI score0.00273EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2023/03/08 12:0 a.m.•13 views

Daily Prayer Time <= 2023.05.04 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

5.8AI score0.00399EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2023/03/08 12:0 a.m.•19 views

Daily Prayer Time <= 2023.05.04 - Settings Update via CSRF

The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

6.7AI score0.00324EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2023/03/08 12:0 a.m.•14 views

GiveWP < 2.25.2 - Admin+ Server-Side Request Forgery

The plugin does not validate a parameter before making a request to it, which could allow users with a role of Administrator to perform an SSRF attack...

6.7AI score0.00432EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2023/03/07 12:0 a.m.•24 views

Coming Soon & Maintenance < 4.1.7 - Unauthenticated Post/Page Access in Maintenance Mode

The plugin does not restrict access to published and non protected posts/pages when the maintenance mode is enabled, allowing unauthenticated users to access them PoC Run the below command in the developer console of the web browser while being on the blog as unauthenticated, when maintenance mod...

5.3CVSS6AI score0.01414EPSS
Exploits1Affected Software1
WPVulnDB
WPVulnDB
•added 2023/03/06 12:0 a.m.•22 views

WP Dark Mode < 4.0.8 - Subscriber+ Local File Inclusion

The plugin does not properly sanitize the style parameter in shortcodes before using it to load a PHP template. This leads to Local File Inclusion on servers where non-existent directories may be traversed, or when chained with another vulnerability allowing arbitrary directory creation. PoC As a...

4.3CVSS5.7AI score0.00678EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2023/03/06 12:0 a.m.•19 views

Gallery Blocks with Lightbox < 3.0.8 - Subscriber+ Arbitrary Options Update

The plugin has an AJAX endpoint that can be accessed by any authenticated users, such as subscriber. The callback function allows numerous actions, the most serious one being reading and updating the WordPress options which could be used to enable registration with a default administrator user...

8.1CVSS7.7AI score0.00731EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2023/03/06 12:0 a.m.•19 views

Formidable Forms < 6.1 - IP Spoofing

The plugin uses several potentially untrusted headers to determine the IP address of the client, leading to IP Address spoofing and bypass of anti-spam protections. PoC 1. In WordPress's Settings Discussion page, add your IP address to the Disallowed Comment Keys field. This will block form...

6.5CVSS6.8AI score0.00498EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2023/03/06 12:0 a.m.•38 views

Multiple e-plugins - Subscriber+ Privilege Escalation

The plugins, sold by the same developer e-plugins, do not implementing any security measures in some AJAX calls. For example in the file plugin.php, the function ivdirectoriesupdateprofilesetting uses updateusermeta with any data provided by the ajax call, which can be used to give the logged in...

8.8CVSS8.4AI score0.00905EPSS
Exploits2References1Affected Software11
WPVulnDB
WPVulnDB
•added 2023/03/06 12:0 a.m.•25 views

WP Statistics < 14.0 - Authenticated SQLi

The plugin does not escape a parameter, which could allow authenticated users to perform SQL Injection attacks. By default, the affected feature is available to users with the manageoptions capability admin+, however the plugin has a settings to allow low privilege users to access it as well. PoC...

8.8CVSS8.9AI score0.00898EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2023/03/06 12:0 a.m.•14 views

Cookie Notice & Compliance for GDPR / CCPA < 2.4.7 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks PoC As a contributor, put the below shortcod...

5.4CVSS5.1AI score0.00457EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2023/03/06 12:0 a.m.•13 views

clickfunnels <= 3.1.1 - Settings Update via CSRF

The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

8.8CVSS6.7AI score0.00253EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2023/03/06 12:0 a.m.•29 views

Complianz - GDPR/CCPA Cookie Consent < 6.4.2 - Contributor+ Stored XSS

The plugins do not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks PoC cmplz-consent-area...

5.4CVSS5.2AI score0.00558EPSS
Exploits2Affected Software2
WPVulnDB
WPVulnDB
•added 2023/03/05 12:0 a.m.•14 views

Jetpack CRM < 5.5.0 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5.7AI score0.00396EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2023/03/03 12:0 a.m.•25 views

CPO Content Types <= 1.1.0 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5.9CVSS4.8AI score0.00369EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2023/03/03 12:0 a.m.•19 views

FareHarbor for WordPress < 3.6.7 - Admin+ Stored XSS

The plugin does not sanitise and escape some parameters, which could allow users with a role of Admin to perform Cross-Site Scripting attacks...

5.9CVSS6.1AI score0.00369EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2023/03/03 12:0 a.m.•13 views

WP Clean Up <= 1.2.3 - Cross-Site Request Forgery (CSRF)

The plugin does not protect its wpcleanupoptimize action against CSRF attacks, allowing an unauthenticated attacker to perform various database clean-up operations by tricking a logged in user to submit a crafted request...

8.8CVSS6.9AI score0.00256EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
•added 2023/03/03 12:0 a.m.•17 views

Yet Another Stars Rating < 3.1.3 - Subscriber+ Stored XSS

The plugin does not sanitise and escape some parameters, which could allow users with a role as low as Subscriber to perform Stored Cross-Site Scripting attacks...

6.1CVSS5.7AI score0.00384EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2023/03/03 12:0 a.m.•12 views

Resize at Upload Plus <= 1.3 - Cross-Site Request Forgery (CSRF)

The plugin is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3. This is due to missing or incorrect nonce validation when saving settings. This makes it possible for unauthenticated attackers to modify plugin settings via a forged request granted they can trick a sit...

8.8CVSS6.6AI score0.00248EPSS
Exploits0References2Affected Software1
WPVulnDB
WPVulnDB
•added 2023/03/03 12:0 a.m.•17 views

WP Image Carousel <= 1.0.2 - Contributor+ Stored XSS

The plugin does not sanitise and escape some parameters, which could allow users with a role as low as contributor to perform Cross-Site Scripting attacks. PoC 1. Go to the plugin settings and insert all the settings, then save. 2. Insert the following shortcode in a post/page: wpic speed='"";...

5.4CVSS5.5AI score0.00444EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2023/03/03 12:0 a.m.•15 views

Leyka < 3.30 - Unauthenticated Stored XSS

The plugin does not sanitise and escape some parameters, which could allow unauthenticated users to perform Stored Cross-Site Scripting attacks...

6AI score0.00382EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2023/03/03 12:0 a.m.•16 views

New Adman <= 1.6.8 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5.7AI score0.00369EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2023/03/03 12:0 a.m.•13 views

About Me 3000 widget <= 2.2.6 - CSRF

The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

8.8CVSS6.7AI score0.00256EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2023/03/03 12:0 a.m.•13 views

New Adman <= 1.6.8 - Settings Update via CSRF

The plugin does not have CSRF check when updating its settings, which could allow attackers to make logged in users perform such action via a CSRF attack...

6.7AI score0.00294EPSS
Exploits0Affected Software1
Total number of security vulnerabilities14603