Lucene search
K
WpvulndbRecent

14603 matches found

WPVulnDB
WPVulnDB
added 2023/03/03 12:0 a.m.26 views

Watu Quiz < 3.3.9.1 - Reflected XSS

The plugin does not sanitise and escape some parameters such as email, dn, date and points before outputting then back in a page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin PoC...

6.1CVSS6AI score0.01252EPSS
Exploits3Affected Software1
WPVulnDB
WPVulnDB
added 2023/03/03 12:0 a.m.13 views

Schedulicity - Easy Online Scheduling <= 2.21 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. PoC schedulenowbutton bizkey='"...

6.5CVSS5AI score0.0056EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2023/03/02 12:0 a.m.10 views

Cost Calculator <= 1.8 - Contributor+ Stored XSS

The plugin does not escape the ndccmetaboxccpriceicon parameter related to a post meta, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

6.4CVSS5.7AI score0.00476EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/03/02 12:0 a.m.16 views

Instant Images < 5.2.0 - Author+ SSRF

The plugin does not validate a parameter before making a request to it, which could allow users with Author role and above to perform SSRF attack...

6.1AI score0.00805EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/03/02 12:0 a.m.14 views

Cookie Notice & Compliance for GDPR / CCPA < 2.4.7 - Contributor+ XSS

The plugin does not validate and escape some of its cookiesrevoke shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

6.5CVSS5.8AI score0.00387EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/03/02 12:0 a.m.25 views

Metform Elementor Contact Form Builder < 3.2.2 - reCaptcha Bypass

The plugin does not properly check for the submitted from captcha value server side, which could lead to bypass...

5.3CVSS6.2AI score0.00686EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/03/02 12:0 a.m.14 views

JCH Optimize < 3.2.3 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5.9CVSS5.7AI score0.00369EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/03/02 12:0 a.m.18 views

Simple Vimeo Shortcode <= 2.9.1 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

5.8AI score0.00361EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/03/02 12:0 a.m.19 views

Easy Testimonial Slider and Form < 1.0.16 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

7.1CVSS6AI score0.00382EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/03/01 12:0 a.m.14 views

menu shortcode <= 1.0 - Contributor+ Stored XSS via Shortcode

The plugin does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. PoC Exploit shortcode: redirect duration="1"...

5.4CVSS5.4AI score0.00462EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2023/02/28 12:0 a.m.30 views

OAuth Single Sign On - SSO (OAuth Client) Enterprise < 48.4.9 - IdP Deletion via CSRF

The plugin does not have CSRF checks when deleting Identity Providers IdP, which could allow attackers to make logged in admins delete arbitrary IdP via a CSRF attack PoC https://example.com/wp-admin/admin.php?page=mooauthsettings=config=delete=wordpress...

6.5CVSS6.6AI score0.00442EPSS
Exploits5Affected Software1
WPVulnDB
WPVulnDB
added 2023/02/28 12:0 a.m.24 views

OAuth Single Sign On - SSO (OAuth Client) Premium < 38.4.9 - IdP Deletion via CSRF

The plugin does not have CSRF checks when deleting Identity Providers IdP, which could allow attackers to make logged in admins delete arbitrary IdP via a CSRF attack PoC https://example.com/wp-admin/admin.php?page=mooauthsettings=config=delete=wordpress...

6.5CVSS6.6AI score0.00442EPSS
Exploits5Affected Software1
WPVulnDB
WPVulnDB
added 2023/02/28 12:0 a.m.17 views

WP Film Studio < 1.3.5 - Arbitrary Plugin Activation via CSRF

The plugin does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack PoC activate woocommerce plugin exploit: fetch'http://localhost/wp-admin/admin-ajax.php', method: 'POST', headers: new...

6.5CVSS6.7AI score0.00307EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2023/02/28 12:0 a.m.18 views

WP Shamsi <= 4.3.3 - Subscriber+ Attachment Deletion

The plugin has CSRF and broken access control vulnerabilities which leads user with role as low as subscriber delete attachment. PoC Exploit 1 attachment id delete: fetch'http://localhost/wp-admin/admin-ajax.php', method: 'POST', headers: new Headers 'Content-Type':...

6.5CVSS7AI score0.01003EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2023/02/28 12:0 a.m.9 views

HT Politic < 2.3.8 - Arbitrary Plugin Activation via CSRF

The plugin does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack PoC activate woocommerce plugin exploit: fetch'http://localhost/wp-admin/admin-ajax.php', method: 'POST', headers: new...

4.3CVSS5.4AI score0.00252EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2023/02/28 12:0 a.m.18 views

Stripe Payments For WooCommerce by Checkout < 1.4.11 - Settings Update via CSRF

The plugin does not have CSRF check when updating its settings, which could allow attackers to make logged in admins perform such action via a CSRF attack...

4.3CVSS5.1AI score0.00231EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/02/28 12:0 a.m.25 views

HT Slider For Elementor < 1.4.0 - Arbitrary Plugin Activation via CSRF

The plugin does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack PoC activate woocommerce plugin exploit: fetch'http://localhost/wp-admin/admin-ajax.php', method: 'POST', headers: new...

4.3CVSS3.1AI score0.00262EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2023/02/28 12:0 a.m.27 views

OAuth Single Sign On - SSO (OAuth Client) Standard < 28.4.9 - IdP Deletion via CSRF

The plugin does not have CSRF checks when deleting Identity Providers IdP, which could allow attackers to make logged in admins delete arbitrary IdP via a CSRF attack PoC https://example.com/wp-admin/admin.php?page=mooauthsettings=config=delete=wordpress...

6.5CVSS6.6AI score0.00442EPSS
Exploits5Affected Software1
WPVulnDB
WPVulnDB
added 2023/02/28 12:0 a.m.22 views

OAuth Single Sign On - SSO (OAuth Client) < 6.24.2 - IdP Discard via CSRF

The plugin does not have CSRF checks when discarding Identify providers IdP, which could allow attackers to make logged in admins delete all IdP via a CSRF attack PoC Make a logged in admin open: https://example.com/wp-admin/admin.php?page=mooauthsettings=config=discard...

6.5CVSS6.1AI score0.00326EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2023/02/28 12:0 a.m.25 views

WP Plugin Manager < 1.1.8 - Arbitrary Plugin Activation via CSRF

The plugin does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack PoC fetch'https://example.com/wp-admin/admin-ajax.php', method: 'POST', headers: new Headers 'Content-Type':...

4.3CVSS5.4AI score0.00252EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2023/02/28 12:0 a.m.20 views

NEX-Forms < 8.3.3 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks PoC 1. Add a form 2. Insert the following...

5.4CVSS5.4AI score0.00503EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2023/02/28 12:0 a.m.13 views

WP Insurance < 2.1.4 - Arbitrary Plugin Activation via CSRF

The plugin does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack PoC activate woocommerce plugin exploit: fetch'http://localhost/wp-admin/admin-ajax.php', method: 'POST', headers: new...

6.5CVSS6.7AI score0.00307EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2023/02/28 12:0 a.m.5 views

Real Estate 7 < 3.3.5 - Multiple CSRF

The theme does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks, for example create/delete arbitrary lead alerts, manipulate properties add/remove from favourite etc PoC To be disclosed on March 6th...

4.5AI score
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/02/28 12:0 a.m.17 views

WP Education < 1.2.7 - Arbitrary Plugin Activation via CSRF

The plugin does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack PoC activate woocommerce plugin exploit: fetch'http://localhost/wp-admin/admin-ajax.php', method: 'POST', headers: new...

4.3CVSS5.4AI score0.00252EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2023/02/28 12:0 a.m.13 views

Debug Assistant < 1.5 - Administrator Account Creation via CSRF

The plugin does not have CSRF checks in the imltcreateadmin function, which could allow attackers to make logged in Admin users create new attacker-controlled Admin accounts via CSRF...

6.7AI score0.00389EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/02/28 12:0 a.m.9 views

HT Portfolio < 1.1.6 - Arbitrary Plugin Activation via CSRF

The plugin does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack PoC activate woocommerce plugin exploit: fetch'http://localhost/wp-admin/admin-ajax.php', method: 'POST', headers: new...

4.3CVSS5.4AI score0.00281EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2023/02/28 12:0 a.m.20 views

Preview Link Generator < 1.0.4 - Arbitrary Plugin Activation via CSRF

The plugin does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack PoC fetch'https://example.com/wp-admin/admin-ajax.php', method: 'POST', headers: new Headers 'Content-Type':...

4.3CVSS5.4AI score0.00337EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2023/02/28 12:0 a.m.15 views

QuickSwish < 1.1.0 - Arbitrary Plugin Activation via CSRF

The plugin does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack PoC activate woocommerce plugin exploit: fetch'/wp-admin/admin-ajax.php', method: 'POST', headers: new Headers...

4.3CVSS5.4AI score0.00252EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2023/02/28 12:0 a.m.17 views

Ever Compare < 1.2.4 - Arbitrary Plugin Activation via CSRF

The plugin does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack PoC activate woocommerce plugin exploit: fetch'http://localhost/wp-admin/admin-ajax.php', method: 'POST', headers: new...

4.3CVSS5.1AI score0.00252EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2023/02/28 12:0 a.m.11 views

WP Social Bookmarking Light <= 2.0.7 - Cross-Site Request Forgery (CSRF)

The plugin does not protect some of its actions against CSRF attacks, allowing an unauthenticated attacker to perform actions on their behalf by tricking a logged in user to submit a crafted request...

8.8CVSS6.8AI score0.00256EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/02/28 12:0 a.m.7 views

Real Estate 7 < 3.3.5 - Reflected XSS

The theme does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin PoC...

0.4AI score
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/02/28 12:0 a.m.15 views

HT Event < 1.4.6 - Arbitrary Plugin Activation via CSRF

The plugin does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack PoC activate woocommerce plugin exploit: fetch'http://localhost/wp-admin/admin-ajax.php', method: 'POST', headers: new...

4.3CVSS5.4AI score0.00262EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2023/02/28 12:0 a.m.16 views

GMace <= 1.5.2 - Admin+ Path Traversal

The plugin does not validate user input used in a path, which could allow high privilege users, such as admin to perform path traversal attacks...

6.1AI score0.00859EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/02/28 12:0 a.m.23 views

OAuth Single Sign On - SSO (OAuth Client) Free < 6.24.2 - IdP Deletion via CSRF

The plugin does not have CSRF checks when deleting Identity Providers IdP, which could allow attackers to make logged in admins delete arbitrary IdP via a CSRF attack PoC https://example.com/wp-admin/admin.php?page=mooauthsettings=config=delete=wordpress...

6.5CVSS6.6AI score0.00442EPSS
Exploits5Affected Software1
WPVulnDB
WPVulnDB
added 2023/02/28 12:0 a.m.13 views

Contact Form 7 Widget For Elementor Page Builder & Gutenberg Blocks < 1.1.6 - Arbitrary Plugin Activation via CSRF

The plugin does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack PoC activate woocommerce plugin exploit: fetch'http://localhost/wp-admin/admin-ajax.php', method: 'POST', headers: new...

4.3CVSS5.4AI score0.00278EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2023/02/28 12:0 a.m.23 views

WoodMart < 7.1.2 - License Update/Deactivation via CSRF

The theme does not have CSRF checks when updating and deactivating the license, which could allow attackers to make logged in admins perform such actions via CSRF attacks PoC To deactivate the license...

4.8AI score
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/02/28 12:0 a.m.41 views

OoohBoi Steroids for Elementor < 2.1.5 - Subscriber+ Attachment Deletion

The plugin has CSRF and broken access control vulnerabilities which leads user with role as low as subscriber to delete attachment. PoC Exploit 1 attachment id delete: fetch'/wp-admin/admin-ajax.php', method: 'POST', headers: new Headers 'Content-Type': 'application/x-www-form-urlencoded', , body...

6.5CVSS6.9AI score0.01003EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2023/02/28 12:0 a.m.10 views

Debug Assistant < 1.5 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5.9CVSS5.7AI score0.00442EPSS
Exploits1Affected Software1
WPVulnDB
WPVulnDB
added 2023/02/28 12:0 a.m.38 views

Smart Slider 3 < 3.5.1.14 - Contributor+ Stored XSS

The plugin does not properly validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks PoC smartslider3...

5.4CVSS5.4AI score0.00478EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2023/02/28 12:0 a.m.13 views

WP News <= 1.1.9 - Arbitrary Plugin Activation via CSRF

The plugin does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack PoC activate woocommerce plugin exploit: fetch'http://localhost/wp-admin/admin-ajax.php', method: 'POST', headers: new...

6.5CVSS6.7AI score0.00326EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2023/02/28 12:0 a.m.15 views

Simple File List < 6.0.10 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. PoC 1. Go to...

4.8CVSS4.9AI score0.00442EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2023/02/28 12:0 a.m.14 views

Coupon Zen < 1.0.6 - Arbitrary Plugin Activation via CSRF

The plugin does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack PoC fetch'https://example.com/wp-admin/admin-ajax.php', method: 'POST', headers: new Headers 'Content-Type':...

4.3CVSS5.1AI score0.00267EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2023/02/28 12:0 a.m.13 views

WC Sales Notification < 1.2.3 - Arbitrary Plugin Activation via CSRF

The plugin does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack PoC fetch'https://example.com/wp-admin/admin-ajax.php', method: 'POST', headers: new Headers 'Content-Type':...

4.3CVSS5.4AI score0.00252EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2023/02/28 12:0 a.m.14 views

WP No External Links <= 1.0.2 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5.9CVSS5.7AI score0.00369EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/02/28 12:0 a.m.22 views

Free WooCommerce Theme 99fy Extension < 1.2.8 - Arbitrary Plugin Activation via CSRF

Description The plugin does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack PoC activate woocommerce plugin exploit: fetch'http://localhost/wp-admin/admin-ajax.php', method: 'POST',...

4.3CVSS4.9AI score0.00252EPSS
Exploits2
WPVulnDB
WPVulnDB
added 2023/02/27 12:0 a.m.16 views

Simple Slug Translate < 2.7.3 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5.9CVSS5.7AI score0.00369EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/02/27 12:0 a.m.18 views

Shortcodes Ultimate < 5.12.8 - Subscriber+ User Meta Disclosure

The plugin does not validate the user meta to be retrieved via the user shortcode, allowing any authenticated users such as subscriber to retrieve arbitrary user meta except the userpass, such as the user email and activation key by default. PoC Run one of the below commands in the developer...

6.5CVSS6.8AI score0.00654EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2023/02/27 12:0 a.m.23 views

Shortcodes Ultimate < 5.12.8 - Subscriber+ Arbitrary Post Access

The plugin does not ensure that posts to be displayed via some shortcodes are already public and can be accessed by the user making the request, allowing any authenticated users such as subscriber to view draft, private or even password protected posts. It is also possible to leak the password of...

6.5CVSS6.7AI score0.00654EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2023/02/27 12:0 a.m.17 views

WP Meta SEO < 4.5.3 - Subscriber+ Improper Authorization causing Arbitrary Redirect

The plugin does not authorize several ajax actions, allowing low-privilege users to make updates to certain data and leading to an arbitrary redirect vulnerability. PoC Visit, for example, the page ?p=99999. This should create the first auto redirect entry in the wpwpmslinks table with ID 1. Now...

6.1CVSS6.3AI score0.00713EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2023/02/27 12:0 a.m.14 views

We’re Open! < 1.47 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5.9CVSS5.7AI score0.00369EPSS
Exploits0Affected Software1
Total number of security vulnerabilities14603