Lucene search
+L
WpvulndbRecent

14603 matches found

wpvulndb
wpvulndb
added 2022/12/23 12:0 a.m.26 views

ProfilePress < 4.5.1 - Admin+ Stored Cross-Site Scripting via Form Settings

The plugin does not sanitize and escape several form fields before outputting them to pages on the site, allowing authenticated admin+ users to inject arbitrary web scripts even when unfiltered html has been disabled such as in a multisite setup...

5.5CVSS1.8AI score0.00634EPSS
Exploits0References1Affected Software1
wpvulndb
wpvulndb
added 2022/12/23 12:0 a.m.27 views

ProfilePress < 4.5.1 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitize and escape the ‘wpusercoverdefaultimageurl parameter before outputting it to the pages on the site, allowing an authenticated admin+ user to inject arbitrary web scripts even when unfilteredhtml has been disabled such as in a multisite setup...

5.5CVSS1.3AI score0.00679EPSS
Exploits0References1Affected Software1
wpvulndb
wpvulndb
added 2022/12/23 12:0 a.m.5 views

WP Spell Check < 9.13 - Ignored Word Deletion via CSRF

The plugin does not have CSRF check in place when deleting ignored words, allowing attacker to make a logged in admin delete them via a CSRF attack PoC Make a logged in admin open https://example.com/wp-admin/admin.php?page=wp-spellcheck-ignore.php=4...

1.6AI score
Exploits0Affected Software1
wpvulndb
wpvulndb
added 2022/12/23 12:0 a.m.36 views

MonsterInsights < 8.9.1 - Stored Cross-Site Scripting via Google Analytics

The plugin does not sanitize or escape page titles in the top posts/pages section, allowing an unauthenticated attacker to inject arbitrary web scripts into the titles by spoofing requests to google analytics. PoC 1. Open a WP page with the plugin and Google analytics installed and search for...

6.1CVSS6.1AI score0.01217EPSS
Exploits3Affected Software1
wpvulndb
wpvulndb
added 2022/12/23 12:0 a.m.28 views

Welcart e-Commerce < 2.8.9 - Contributor+ Stored XSS via Shortcode

The plugin does not validate and escapes one of its shortcode attributes, which could allow users with a role as low as a contributor to perform a Stored Cross-Site Scripting attack. PoC 1. Add a product item to the plugin. The item name, for example, "first". You will also use this in the...

5.4CVSS3AI score0.00471EPSS
Exploits2Affected Software1
wpvulndb
wpvulndb
added 2022/12/23 12:0 a.m.12 views

Show All Comments < 7.0.1 - Reflected XSS

The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against a logged in high privilege users such as admin. PoC Visit the following URL authenticated or not to trigger an alert box:...

6.1CVSS0.4AI score0.00897EPSS
Exploits2Affected Software1
wpvulndb
wpvulndb
added 2022/12/23 12:0 a.m.12 views

Real Cookie Banner < 3.4.10 - Contributor+ Stored XSS

The plugin does not validate and escapes some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as a contributor to perform Stored Cross-Site Scripting attacks against logged-in admins. PoC Exploit shortcode: rcb-consent class='"...

5.4CVSS2.4AI score0.00534EPSS
Exploits2Affected Software1
wpvulndb
wpvulndb
added 2022/12/23 12:0 a.m.34 views

User Post Gallery <= 2.19 - Unauthenticated RCE

The plugin does not limit what callback functions can be called by users, making it possible to any visitors to run code on sites running it. PoC Invoke the following curl command to execute the "id" command via PHP's exec function: curl -i...

9.8CVSS4.9AI score0.42723EPSS
Exploits2Affected Software1
wpvulndb
wpvulndb
added 2022/12/23 12:0 a.m.18 views

Link Library < 7.4.1 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. PoC 1. Install the plugin and go to:...

4.8CVSS1.2AI score0.0047EPSS
Exploits2Affected Software1
wpvulndb
wpvulndb
added 2022/12/23 12:0 a.m.17 views

ConvertKit < 2.0.5 - Contributor+ Stored XSS

The plugin does not validate and escapes some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as a contributor to perform Stored Cross-Site Scripting attacks, which could be used against high-privilege users such as admins. PoC...

5.4CVSS2.7AI score0.00534EPSS
Exploits2Affected Software1
wpvulndb
wpvulndb
added 2022/12/23 12:0 a.m.16 views

WP Spell Check < 9.13 - Admin+ Stored Cross-Site Scripting

The plugin does not escape ignored words, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC Add a word to ignore via...

4.8CVSS2.9AI score0.0047EPSS
Exploits2Affected Software1
wpvulndb
wpvulndb
added 2022/12/23 12:0 a.m.13 views

Themify Portfolio Post < 1.2.1 - Contributor+ Stored XSS

The plugin does not validate and escapes some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as a contributor to perform Stored Cross-Site Scripting attacks, which could be used against high privileged users such as admin. PoC Explo...

5.4CVSS1.7AI score0.00534EPSS
Exploits2Affected Software1
wpvulndb
wpvulndb
added 2022/12/23 12:0 a.m.25 views

MashShare < 3.8.7 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. PoC Exploit:...

5.4CVSS1.6AI score0.00534EPSS
Exploits2Affected Software1
wpvulndb
wpvulndb
added 2022/12/23 12:0 a.m.39 views

Greenshift – animation and page builder blocks < 4.8.9 - Contributor+ Stored XSS via Shortcode

The plugin does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack. PoC Exploit shortcode: wpreusablerender id='2' ajax='true' height='100px;width:100px;background:red;"...

5.4CVSS3.7AI score0.00393EPSS
Exploits1Affected Software1
wpvulndb
wpvulndb
added 2022/12/22 12:0 a.m.24 views

Anti-Malware Security and Brute-Force Firewall < 4.21.86 - Admin+ PHP Object Injection

The plugin unserializes user input provided via the settings, which could allow high privilege users such as admin to perform PHP Object Injection when a suitable gadget is present. PoC 1. To simulate a gadget chain, put the following code in a plugin: class Evil public function wakeup : void...

1.8AI score
Exploits1Affected Software1
wpvulndb
wpvulndb
added 2022/12/22 12:0 a.m.18 views

Font Awesome < 4.3.2 - Contributor+ Stored XSS

The plugin does not validate and escapes some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as a contributor to perform Stored Cross-Site Scripting attacks against logged-in admins. PoC Exploit shortcode: icon...

5.4CVSS2.5AI score0.00471EPSS
Exploits2Affected Software1
wpvulndb
wpvulndb
added 2022/12/22 12:0 a.m.19 views

Real Testimonials < 2.6.0 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. PoC Exploit...

5.4CVSS2.2AI score0.00471EPSS
Exploits2Affected Software1
wpvulndb
wpvulndb
added 2022/12/22 12:0 a.m.36 views

Carousel, Slider, Gallery by WP Carousel < 2.5.3 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. PoC Exploit...

5.4CVSS1.8AI score0.00471EPSS
Exploits2Affected Software1
wpvulndb
wpvulndb
added 2022/12/22 12:0 a.m.28 views

3D FlipBook < 1.13.3 - Contributor+ Stored XSS

The plugin does not validate or escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks against high privilege users like administrators. PoC 1. As an administrator,...

6.1CVSS2AI score0.00534EPSS
Exploits2Affected Software1
wpvulndb
wpvulndb
added 2022/12/21 12:0 a.m.14 views

Woo Products Widgets For Elementor < 1.0.8 - Contributor+ Stored XSS via Shortcode

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks PoC 1. Install WooCommerce and add a product...

5.4CVSS3.3AI score0.00471EPSS
Exploits2Affected Software1
wpvulndb
wpvulndb
added 2022/12/21 12:0 a.m.69 views

Fontsy <= 1.8.6 - Multiple Unauthenticated SQLi

The plugin does not properly sanitize and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection. PoC curl -i 'http://example.com/wp-admin/admin-ajax.php?action=getfonts' \ --data 'id=1 AND SELECT 1 FROM...

9.8CVSS0.5AI score0.04795EPSS
Exploits2Affected Software1
wpvulndb
wpvulndb
added 2022/12/21 12:0 a.m.15 views

Sidebar Widgets by CodeLights <= 1.4 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks PoC Insert the following shortcode in a post...

5.4CVSS5.1AI score0.00471EPSS
Exploits2Affected Software1
wpvulndb
wpvulndb
added 2022/12/21 12:0 a.m.25 views

WCK < 2.3.3 - Admin+ Stored XSS

The plugin does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example, in multisite setup. PoC 1. Create/edit a Post Type via the plugin...

4.8CVSS1.9AI score0.0047EPSS
Exploits2Affected Software1
wpvulndb
wpvulndb
added 2022/12/21 12:0 a.m.23 views

Click to Chat < 3.18.1 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. PoC Exploit...

5.4CVSS1.4AI score0.00534EPSS
Exploits2Affected Software1
wpvulndb
wpvulndb
added 2022/12/21 12:0 a.m.19 views

Page Scroll To ID < 1.7.6 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. PoC Put the...

5.4CVSS1.5AI score0.00471EPSS
Exploits2Affected Software1
wpvulndb
wpvulndb
added 2022/12/21 12:0 a.m.18 views

WP Attachments < 5.0.6 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. PoC Put the following payload in the "List Head" ...

4.8CVSS1.4AI score0.0047EPSS
Exploits2Affected Software1
wpvulndb
wpvulndb
added 2022/12/21 12:0 a.m.18 views

JetWidgets For Elementor < 1.0.14 - Contributor+ Stored XSS via Shortcode

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks PoC jw-posts showimage='yes'...

5.4CVSS3.1AI score0.00477EPSS
Exploits2Affected Software1
wpvulndb
wpvulndb
added 2022/12/21 12:0 a.m.15 views

Seriously Simple Podcasting < 2.19.1 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. PoC 1. Create...

5.4CVSS1.9AI score0.00534EPSS
Exploits2Affected Software1
wpvulndb
wpvulndb
added 2022/12/21 12:0 a.m.13 views

Simple Membership < 4.2.2 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admin. PoC 1. Exploit...

5.4CVSS1.4AI score0.00534EPSS
Exploits2Affected Software1
wpvulndb
wpvulndb
added 2022/12/21 12:0 a.m.18 views

Images Optimize and Upload CF7 <= 2.1.4 - Unauthenticated Arbitrary File Deletion

The plugin does not validate the file to be deleted via an AJAX action available to unauthenticated users, which could allow them to delete arbitrary files on the server via path traversal attack. PoC 1. Install contact-form-7 dependency 2. Install the vulnerable plugin...

9.1CVSS4.9AI score0.29369EPSS
Exploits2Affected Software1
wpvulndb
wpvulndb
added 2022/12/20 12:0 a.m.26 views

Mesmerize Companion < 1.6.135 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. PoC Required...

5.4CVSS0.8AI score0.00575EPSS
Exploits2Affected Software1
wpvulndb
wpvulndb
added 2022/12/20 12:0 a.m.18 views

WOOCS < 1.3.9.4 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. PoC...

5.4CVSS1.7AI score0.00503EPSS
Exploits3Affected Software1
wpvulndb
wpvulndb
added 2022/12/20 12:0 a.m.18 views

WOOCS < 1.3.9.3 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. PoC...

5.4CVSS1.7AI score0.00503EPSS
Exploits3Affected Software1
wpvulndb
wpvulndb
added 2022/12/20 12:0 a.m.24 views

WP Pipes < 1.4.0 - Admin+ SQLi

The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin...

8.2CVSS7.5AI score0.00628EPSS
Exploits0Affected Software1
wpvulndb
wpvulndb
added 2022/12/20 12:0 a.m.18 views

Download Manager < 3.2.62 - Contributor+ Stored XSS

The plugin does not validate and escapes some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as a contributor to perform Stored Cross-Site Scripting attacks against logged-in admins. PoC 1. “Enable modal login form” option in the...

5.4CVSS3AI score0.00575EPSS
Exploits2Affected Software1
wpvulndb
wpvulndb
added 2022/12/20 12:0 a.m.19 views

Ibtana – WordPress Website Builder < 1.1.8.8 - Contributor+ Stored XSS via Shortcode

The plugin does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack PoC Exploit shortcode: ive t='2100-01-01' id='" onmouseover="alert1" style="background:red;"'...

5.4CVSS3.7AI score0.00555EPSS
Exploits2Affected Software1
wpvulndb
wpvulndb
added 2022/12/20 12:0 a.m.22 views

Metricool < 1.18 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. PoC 1. In the settings page of the plugin, add th...

4.8CVSS2AI score0.0047EPSS
Exploits2Affected Software1
wpvulndb
wpvulndb
added 2022/12/20 12:0 a.m.19 views

WordPress Events Calendar Plugin < 1.4.5 - Multiple Reflected XSS

The plugin does not sanitize and escapes a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against both unauthenticated and authenticated users such as high-privilege ones like admin. PoC 1. Create a new calendar in the plugin's...

6.1CVSS0.1AI score0.00891EPSS
Exploits2Affected Software1
wpvulndb
wpvulndb
added 2022/12/19 12:0 a.m.33 views

Table of Contents Plus < 2212 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. PoC toc...

5.4CVSS1.2AI score0.00575EPSS
Exploits2Affected Software1
wpvulndb
wpvulndb
added 2022/12/19 12:0 a.m.17 views

Jetpack CRM < 5.5 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins PoC As a...

5.4CVSS1.9AI score0.00534EPSS
Exploits2Affected Software1
wpvulndb
wpvulndb
added 2022/12/19 12:0 a.m.19 views

Slimstat Analytics < 4.9.3 - Unauthenticated Stored XSS

The plugin does not sanitise and escape the URI when logging requests, which could allow unauthenticated attackers to perform Stored Cross-Site Scripting attacks against logged in admin viewing the logs PoC As an unauthenticated user, open the following URL https://example.com/?s=" The XSS will b...

6.1CVSS0.8AI score0.00642EPSS
Exploits2Affected Software1
wpvulndb
wpvulndb
added 2022/12/19 12:0 a.m.21 views

Mautic Integration For WooCommerce < 1.0.3 - Arbitrary Options Update via CSRF

The plugin does not have proper CSRF check when updating settings, and does not ensure that the options to be updated belong to the plugin, allowing attackers to make a logged in admin change arbitrary blog options via a CSRF attack. The attack could also be performed via a LFI if one is present ...

4.3CVSS2AI score0.00308EPSS
Exploits2Affected Software1
wpvulndb
wpvulndb
added 2022/12/19 12:0 a.m.21 views

WP Recipe Maker < 8.6.1 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admin. PoC Exploit...

5.4CVSS1.7AI score0.00534EPSS
Exploits2Affected Software1
wpvulndb
wpvulndb
added 2022/12/19 12:0 a.m.16 views

Sidebar Widgets by CodeLights <= 1.4 - Admin+ Stored Cross Site Scripting

The plugin does not properly sanitize or escape the Extra CSS class parameter, allowing high privileged users, such as an administrator to inject arbitrary web scripts into pages, even when the unfiltered html capability is disabled e.g in multisite setups...

5.5CVSS2AI score0.00541EPSS
Exploits0Affected Software1
wpvulndb
wpvulndb
added 2022/12/17 12:0 a.m.11 views

Bg Bible References <= 3.8.14 - Reflected XSS

The plugin does not sanitize and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting. PoC Steps to reproduce: 1. Install the vulnerable plugin bg-biblie-references 3.18.4 2. As an unauthenticated or authenticated user, visit the following URL...

6.1CVSS0.2AI score0.00551EPSS
Exploits2Affected Software1
wpvulndb
wpvulndb
added 2022/12/17 12:0 a.m.18 views

Multi Step Form < 1.7.8 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its form fields, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. PoC 1. Create/edit a Form via the plugin. 2...

4.8CVSS0.8AI score0.0047EPSS
Exploits2Affected Software1
wpvulndb
wpvulndb
added 2022/12/16 12:0 a.m.15 views

iPanorama 360 WordPress Virtual Tour Builder < 1.6.30 - Contributor+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow users such as contributor+ to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. PoC 1. Create a new panorama item with whatever role, even if it's an Administrator. 2...

5.4CVSS1.1AI score0.00471EPSS
Exploits2Affected Software1
wpvulndb
wpvulndb
added 2022/12/16 12:0 a.m.17 views

Starter Templates by Kadence WP < 1.2.17 - Admin+ PHP Object Injection

The plugin unserialises the content of an imported file, which could lead to PHP object injection issues when an admin import intentionally or not a malicious file and a suitable gadget chain is present on the blog. PoC To simulate a gadget chain, put the following code in a plugin: class Evil...

8.8CVSS2.5AI score0.00922EPSS
Exploits2Affected Software1
wpvulndb
wpvulndb
added 2022/12/16 12:0 a.m.27 views

ActiveCampaign for WooCommerce < 1.9.8 - Subscriber+ Error Log Cleanup

The plugin does not have authorisation check when cleaning up its error logs via an AJAX action, which could allow any authenticated users, such as subscriber to call it and remove error logs. PoC Run the below command in the developer console of the web browser while being on the blog as a...

4.3CVSS2.6AI score0.00483EPSS
Exploits2Affected Software1
wpvulndb
wpvulndb
added 2022/12/16 12:0 a.m.17 views

Logo Slider < 3.6.0 - Contributor+ Stored XSS in Shortcode

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks PoC Note: First, you need to add a Logo...

5.4CVSS2.2AI score0.00578EPSS
Exploits2Affected Software1
Total number of security vulnerabilities14603