Lucene search
+L
WpvulndbRecent

14603 matches found

wpvulndb
wpvulndb
added 2022/12/16 12:0 a.m.18 views

ImageLinks Interactive Image Builder for WordPress < 1.5.4 - Contributor+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow users such as contributor+ to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. PoC 1. Create a new vision item with whatever role, even if it's an Administrator. 2...

5.4CVSS1.2AI score0.00471EPSS
Exploits2Affected Software1
wpvulndb
wpvulndb
added 2022/12/16 12:0 a.m.207 views

Vision Interactive For WordPress < 1.5.4 - Contributor+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow users such as contributor+ to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. PoC 1. Create a new vision item with whatever role, even if it's an Administrator 2...

5.4CVSS1.3AI score0.00471EPSS
Exploits2Affected Software1
wpvulndb
wpvulndb
added 2022/12/16 12:0 a.m.21 views

iPages Flipbook For WordPress < 1.4.7 - Contributor+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow users such as contributor+ to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. PoC 1. Create a new book item with whatever role, even if it's an Administrator. 2...

5.4CVSS0.8AI score0.00471EPSS
Exploits2Affected Software1
wpvulndb
wpvulndb
added 2022/12/15 12:0 a.m.9 views

WP CSV <= 1.8.0.0 - Reflected XSS via CSV Import

The plugin does not sanitize and escape a parameter before outputting it back in the page when importing a CSV, and doe snot have CSRF checks in place as well, leading to a Reflected Cross-Site Scripting. PoC Create a .txt file and the below line there: $ echo "" Make a logged in admin import the...

6.1CVSS1AI score0.00251EPSS
Exploits2Affected Software1
wpvulndb
wpvulndb
added 2022/12/15 12:0 a.m.11 views

WP CSV to Database <= 2.6 - CSRF

The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...

7.5CVSS7.4AI score0.00246EPSS
Exploits0Affected Software1
wpvulndb
wpvulndb
added 2022/12/15 12:0 a.m.16 views

Post Status Notifier Lite < 1.10.1 - Reflected XSS

The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which can be used against high privilege users such as admin. PoC Make a logged in high privilege user such as admin open the URL below...

6.1CVSS0.7AI score0.00902EPSS
Exploits2Affected Software1
wpvulndb
wpvulndb
added 2022/12/15 12:0 a.m.22 views

404 to Start <= 1.6.1 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. PoC 1. In the settings of the plugin,...

4.8CVSS4.6AI score0.00532EPSS
Exploits2
wpvulndb
wpvulndb
added 2022/12/14 12:0 a.m.22 views

Permalink Manager Lite < 2.3.0 - Authenticated Stored XSS

The plugin does not escape page/post and media titles, which could allow attackers to perform Stored XSS attacks when another plugin/theme allowing low privilege users to modify such titles is active on the blog as well...

6.4CVSS5.2AI score0.00555EPSS
Exploits0Affected Software1
wpvulndb
wpvulndb
added 2022/12/14 12:0 a.m.16 views

Mega Addons For WPBakery Page Builder <= 4.2.7 - Subscriber+ Settings Update

The plugin does not have authorisation check when updating its settings, which could allow any authenticated users, such as subscriber to update them...

7.1CVSS4.3AI score0.00692EPSS
Exploits0Affected Software1
wpvulndb
wpvulndb
added 2022/12/14 12:0 a.m.22 views

ipBlockList <= 1.0 - CSRF

The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...

8.8CVSS8.5AI score0.00269EPSS
Exploits0Affected Software1
wpvulndb
wpvulndb
added 2022/12/14 12:0 a.m.19 views

WP Table Reloaded <= 1.9.4 - Contributor+ Stored XSS

The plugin does not validate and escapes some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as a contributor to perform Stored Cross-Site Scripting attacks, which could be used against high privilege users such as admins. PoC Explo...

5.4CVSS1.3AI score0.00471EPSS
Exploits2Affected Software1
wpvulndb
wpvulndb
added 2022/12/13 12:0 a.m.19 views

WPQA < 5.9.3 - Missing validation lead to functionality abuse

The plugin which is a companion plugin used with Discy and Himer themes incorrectly tries to validate that a user already follows another in the wpqafollowingyouajax action, allowing a user to inflate their score on the site by having another user send repeated follow actions to them. PoC...

3.5CVSS1.4AI score0.00488EPSS
Exploits2Affected Software3
wpvulndb
wpvulndb
added 2022/12/13 12:0 a.m.18 views

Image Hover Effects Ultimate 9.8.1-9.8.4 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5.5CVSS2AI score0.00526EPSS
Exploits0Affected Software1
wpvulndb
wpvulndb
added 2022/12/13 12:0 a.m.570 views

WP <= 6.2 - Unauthenticated Blind SSRF via DNS Rebinding

Description WordPress is affected by an unauthenticated blind SSRF in the pingback feature. Because of a TOCTOU race condition between the validation checks and the HTTP request, attackers can reach internal hosts that are explicitly forbidden. PoC...

5.9CVSS5.7AI score0.0315EPSS
Exploits5References1
wpvulndb
wpvulndb
added 2022/12/13 12:0 a.m.20 views

WP Custom Admin Interface < 7.29 - Admin+ PHP Object Injection

The plugin unserialize user input provided via the settings, which could allow high privilege users such as admin to perform PHP Object Injection when a suitable gadget is present. PoC action=importsettings=O%3a4%3a%22Evil%22%3a0%3a%7b%7d%3b=6960d7bb50...

7.2CVSS4.5AI score0.17686EPSS
Exploits2Affected Software1
wpvulndb
wpvulndb
added 2022/12/13 12:0 a.m.22 views

Launchpad <= 10.13 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5.5CVSS2.3AI score0.00537EPSS
Exploits0Affected Software1
wpvulndb
wpvulndb
added 2022/12/12 12:0 a.m.20 views

Web Invoice <= 2.1.3 - Authenticated SQLi

The plugin does not properly sanitize and escape a parameter before using it in a SQL statement, leading to a SQL Injection exploitable by high privilege users such as admin by default. However, depending on the plugin configuration, other users, such as subscriber could exploit this as well PoC...

7.2CVSS1AI score0.00983EPSS
Exploits2References1Affected Software1
wpvulndb
wpvulndb
added 2022/12/12 12:0 a.m.19 views

WP AutoComplete Search <= 1.0.4 - Unauthenticated SQLi

The plugin does not sanitise and escape a parameter before using it in a SQL statement via an AJAX available to unauthenticated users, leading to an unauthenticated SQL injection PoC Extract the nonce from the index page search for "wpautosearchconfig", look for the "nonce" field Invoke the...

9.8CVSS0.9AI score0.03595EPSS
Exploits5Affected Software1
wpvulndb
wpvulndb
added 2022/12/12 12:0 a.m.16 views

WP Cerber < 9.3.3 - User Enumeration Bypass via Rest API

The plugin does not properly block access to the REST API users endpoint when the blog is in a subdirectory, which could allow attackers to bypass the restriction in place and list users PoC When the "Block access to users' data via REST API" settings is enabled...

5.3CVSS2.9AI score0.00671EPSS
Exploits2Affected Software1
wpvulndb
wpvulndb
added 2022/12/12 12:0 a.m.23 views

Launchpad <= 1.0.13 - CSRF

The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...

8.8CVSS8.5AI score0.00264EPSS
Exploits0Affected Software1
wpvulndb
wpvulndb
added 2022/12/12 12:0 a.m.16 views

iubenda < 3.3.3 - Subscriber+ Privileges Escalation to Admin

The plugin does does not have authorisation and CSRF in an AJAX action, and does not ensure that the options to be updated belong to the plugin as long as they are arrays. As a result, any authenticated users, such as subscriber can grant themselves any privileges, such as editplugins etc PoC Run...

8.8CVSS0.8AI score0.00462EPSS
Exploits2Affected Software1
wpvulndb
wpvulndb
added 2022/12/12 12:0 a.m.17 views

Wholesale Market for WooCommerce < 2.0.0 - Admin+ Arbitrary Log Download

The plugin does not validate user input against path traversal attacks, allowing high privilege users such as admin to download arbitrary logs from the server even when they should not be able to for example in multisite PoC First call...

2.7CVSS2.5AI score0.00705EPSS
Exploits2Affected Software1
wpvulndb
wpvulndb
added 2022/12/12 12:0 a.m.18 views

Web Invoice <= 2.1.3 - Authenticated SQLi

The plugin does not properly sanitize and escape a parameter before using it in a SQL statement, leading to a SQL Injection exploitable by high privilege users such as admin by default. However, depending on the plugin configuration, other users, such as subscriber could exploit this as well PoC...

7.2CVSS0.5AI score0.00983EPSS
Exploits2References1Affected Software1
wpvulndb
wpvulndb
added 2022/12/12 12:0 a.m.15 views

Multimedial Images <= 1.0b - Admin+ SQLi

The plugin does not properly sanitize and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as Admin. PoC https://example.com/wp-admin/options-general.php?page=mmi=delbg=33+AND+SELECT+5926+FROM+SELECTSLEEP5erUA...

7.2CVSS1.7AI score0.00983EPSS
Exploits2References1Affected Software1
wpvulndb
wpvulndb
added 2022/12/12 12:0 a.m.22 views

Wholesale Market < 2.2.1 - Unauthenticated Arbitrary File Download

The plugin does not have authorisation check, as well as does not validate user input used to generate system path, allowing unauthenticated attackers to download arbitrary file from the server. PoC 1. Install woocommerce dependency, no setup required 2. Install the vulnerable plugin...

9.8CVSS2.6AI score0.01833EPSS
Exploits2Affected Software1
wpvulndb
wpvulndb
added 2022/12/12 12:0 a.m.19 views

LetsRecover < 1.2.0 - Unauthenticated SQLi

The plugin does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection. PoC GET /checkout/order-received/30/?key=wcorderKwss5kjkrhgKG HTTP/1.1 Host: localhost User-Agent: Mozilla/5.0 X11;...

9.8CVSS0.8AI score0.00997EPSS
Exploits1References1Affected Software1
wpvulndb
wpvulndb
added 2022/12/12 12:0 a.m.17 views

Quote-O-Matic <= 1.0.5 - Admin+ SQLi

The plugin does not properly sanitize and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin. PoC https://example.com/wp-admin/edit.php?page=quote-o-matic.php=qomID+AND+SELECT+3477+FROM+SELECTSLEEP5DhVP...

7.2CVSS0.8AI score0.00902EPSS
Exploits2Affected Software1
wpvulndb
wpvulndb
added 2022/12/09 12:0 a.m.21 views

WP User <= 7.0 - Unauthenticated SQLi

The plugin does not properly sanitize and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by unauthenticated users. PoC 1. As an unauthenticated user, visit the "Sign Up" page by default, this is /?pageid=5, or /user/ 2. Extract the...

9.8CVSS9.9AI score0.04756EPSS
Exploits2Affected Software1
wpvulndb
wpvulndb
added 2022/12/09 12:0 a.m.17 views

WP RSS By Publishers <= 0.1 - Admin+ SQLi

The plugin does not properly sanitize and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin PoC https://example.com/wp-admin/admin.php?page=wsysadminfeeds=delete=0,1+AND+SELECT+5926+FROM+SELECTSLEEP5erUA...

7.2CVSS1.1AI score0.00983EPSS
Exploits2References1Affected Software1
wpvulndb
wpvulndb
added 2022/12/09 12:0 a.m.16 views

Image Optimizer, Resizer and CDN < 6.8.1 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. PoC Step 1: Install the plugin and register for a...

4.8CVSS4.7AI score0.0047EPSS
Exploits2Affected Software1
wpvulndb
wpvulndb
added 2022/12/09 12:0 a.m.13 views

Team Members < 5.2.1 - Editor+ Stored XSS

The plugin does not sanitize and escapes some of its settings, which could allow high-privilege users such as editors to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example, in a multisite setup. PoC 1. Go to the "Teams" section » add a ne...

4.8CVSS1.2AI score0.00532EPSS
Exploits2Affected Software1
wpvulndb
wpvulndb
added 2022/12/09 12:0 a.m.18 views

WP-Lister Lite for Amazon < 2.4.4 - Reflected XSS

The plugin does not sanitize and escapes a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which can be used against high-privilege users such as admin. PoC 1. Install and activate WooCommerce dependency, no setup required 2. Install and activate the...

6.1CVSS0.7AI score0.00486EPSS
Exploits2Affected Software1
wpvulndb
wpvulndb
added 2022/12/09 12:0 a.m.15 views

WP RSS By Publishers <= 0.1 - Admin+ SQLi

The plugin does not properly sanitize and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin PoC https://example.com/wp-admin/admin.php?page=wsysadminpublishers=delete=0,1+AND+SELECT+5926+FROM+SELECTSLEEP5erUA...

7.2CVSS1.1AI score0.01096EPSS
Exploits2References1Affected Software1
wpvulndb
wpvulndb
added 2022/12/09 12:0 a.m.23 views

LetsRecover < 1.2.0 - Admin+ SQLi

The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin PoC https://example.com/wp-admin/admin.php?page=letsrecover-manual-notificationid=111+AND+SELECT+5926+FROM+SELECTSLEEP5erUA...

7.2CVSS1.3AI score0.00874EPSS
Exploits1References1Affected Software1
wpvulndb
wpvulndb
added 2022/12/09 12:0 a.m.18 views

Woocommerce Vietnam Checkout < 2.0.5 - Reflected XSS

The plugin does not sanitise and escape the from and to parameters before outputting them back in the page, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

7.1CVSS5.9AI score0.00406EPSS
Exploits0Affected Software1
wpvulndb
wpvulndb
added 2022/12/09 12:0 a.m.22 views

Visual Email Designer for WooCommerce < 1.7.2 - Multiple Author+ SQLi

The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as author. PoC action=INSERT HERE NAME OF...

8.8CVSS1.2AI score0.00907EPSS
Exploits2Affected Software1
wpvulndb
wpvulndb
added 2022/12/09 12:0 a.m.26 views

WP RSS By Publishers <= 0.1 - Admin+ SQLi

The plugin does not properly sanitize and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin PoC https://example.com/wp-admin/admin.php?page=wsysadminrules=delete=0,1+AND+SELECT+5926+FROM+SELECTSLEEP5erUA...

7.2CVSS1.1AI score0.00983EPSS
Exploits2References1Affected Software1
wpvulndb
wpvulndb
added 2022/12/09 12:0 a.m.19 views

Superio - Job Board < 1.2.33 - Subscriber+ Stored Cross-Site Scripting

The theme does not sanitise and escape some parameters, which could allow users with a role as low as a subscriber to perform Stored Cross-Site Scripting attacks. PoC As a candidate, add the following payload on the Social Network option: javascript:alert1 As a recruiter, access the candidate pag...

5.4CVSS2.8AI score0.00484EPSS
Exploits2References1Affected Software1
wpvulndb
wpvulndb
added 2022/12/09 12:0 a.m.10 views

LetsRecover < 1.2.0 - Admin+ SQLi

The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin PoC POST /wp-admin/admin.php?page=letsrecover-templatesid=6id=10+AND+SELECT+5926+FROM+SELECTSLEEP5erUA HTTP/1.1 Host:...

7.2CVSS0.6AI score0.00874EPSS
Exploits1References1Affected Software1
wpvulndb
wpvulndb
added 2022/12/08 12:0 a.m.16 views

Joy Of Text Lite < 2.3.1 - Unauthenticated SQLi

The plugin does not properly sanitise and escape some parameters before using them in SQL statements accessible to unauthenticated users, leading to unauthenticated SQL injection PoC Invoke the following curl command to induce a 5 second sleep: time curl...

9.8CVSS3.2AI score0.01037EPSS
Exploits2Affected Software1
wpvulndb
wpvulndb
added 2022/12/08 12:0 a.m.14 views

Qe SEO Handyman <= 1.0 - Admin+ SQLi

The plugin does not properly sanitize and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin PoC POST /wp-admin/admin-ajax.php HTTP/1.1 Host: localhost User-Agent: Mozilla/5.0 X11; Linux x8664; rv:91.0 Gecko/20100101...

7.2CVSS0.01096EPSS
Exploits2References1Affected Software1
wpvulndb
wpvulndb
added 2022/12/08 12:0 a.m.31 views

White Label CMS < 2.5 - Admin+ PHP Object Injection

The plugin unserializes user input provided via the settings, which could allow high-privilege users such as admin to perform PHP Object Injection when a suitable gadget is present. PoC To simulate a gadget chain, put the following code in a plugin: class Evil public function wakeup : void...

7.2CVSS0.5AI score0.17686EPSS
Exploits2Affected Software1
wpvulndb
wpvulndb
added 2022/12/08 12:0 a.m.15 views

Product list Widget for Woocommerce <= 1.0 - Reflected XSS

The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against both unauthenticated and authenticated users such as high privilege one like admin. PoC Make any unauthenticated or authenticated user...

6.1CVSS0.9AI score0.00483EPSS
Exploits2Affected Software1
wpvulndb
wpvulndb
added 2022/12/08 12:0 a.m.16 views

Qe SEO Handyman <= 1.0 - Admin+ SQLi

The plugin does not properly sanitize and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin PoC POST /wp-admin/admin-post.php HTTP/1.1 Host: localhost User-Agent: Mozilla/5.0 X11; Linux x8664; rv:91.0 Gecko/20100101...

7.2CVSS7.1AI score0.00983EPSS
Exploits2References1Affected Software1
wpvulndb
wpvulndb
added 2022/12/07 12:0 a.m.19 views

Panda Pods Repeater Field < 1.5.4 - Reflected XSS

The plugin does not sanitize and escapes a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against a user having at least Contributor permission. PoC 1. Install Pods plugin dependency - https://wordpress.org/plugins/pods 2. Install...

5.4CVSS0.1AI score0.00841EPSS
Exploits2Affected Software1
wpvulndb
wpvulndb
added 2022/12/07 12:0 a.m.25 views

WP Social Sharing <= 2.2 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. PoC 1. Go to Settings » WP Social Sharing page of...

4.8CVSS0.8AI score0.006EPSS
Exploits2Affected Software1
wpvulndb
wpvulndb
added 2022/12/07 12:0 a.m.21 views

BookingPress < 1.0.31 - Unauthenticated IDOR in appointment_id

The plugin suffers from an Insecure Direct Object Reference IDOR vulnerability in it's thank you page, allowing any visitor to display information about any booking, including full name, date, time and service booked, by manipulating the appointmentid query parameter. PoC curl -s...

5.3CVSS0.5AI score0.00669EPSS
Exploits2Affected Software1
wpvulndb
wpvulndb
added 2022/12/07 12:0 a.m.9 views

GC Testimonials <= 1.3.2 - Contributor+ Stored XSS

The plugin does not sanitise and escape some parameters, which could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks...

6.1CVSS5.8AI score0.00384EPSS
Exploits0Affected Software1
wpvulndb
wpvulndb
added 2022/12/07 12:0 a.m.17 views

WP Calendar <= 1.5.3 - Contributor+ Stored XSS

The plugin does not sanitise and escape some parameters, which could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks...

5.4CVSS5.1AI score0.00393EPSS
Exploits0Affected Software1
wpvulndb
wpvulndb
added 2022/12/07 12:0 a.m.29 views

Login with Cognito < 1.4.9 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. PoC 1. Go to "Cognito Login » Configure OAuth",...

4.8CVSS0.9AI score0.00532EPSS
Exploits2Affected Software1
Total number of security vulnerabilities14603