Lucene search
+L
WpvulndbRecent

14603 matches found

wpvulndb
wpvulndb
added 2022/12/06 12:0 a.m.24 views

WordPress Filter Gallery Plugin < 0.1.6 - Admin+ Stored XSS

The plugin does not properly escape the filters passed in the ufggalleryfilters ajax action before outputting them on the page, allowing a high privileged user such as an administrator to inject HTML or javascript to the plugin settings page, even when the unfilteredhtml capability is disabled. P...

4.8CVSS0.7AI score0.0047EPSS
Exploits2Affected Software1
wpvulndb
wpvulndb
added 2022/12/06 12:0 a.m.16 views

All-in-One Addons for Elementor - WidgetKit < 2.4.4 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC Go to WidgetKit - API Keys, put the following...

4.8CVSS1.6AI score0.0047EPSS
Exploits2Affected Software1
wpvulndb
wpvulndb
added 2022/12/06 12:0 a.m.14 views

WP User <= 7.0 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5.5CVSS1.9AI score0.00552EPSS
Exploits0Affected Software1
wpvulndb
wpvulndb
added 2022/12/06 12:0 a.m.29 views

WP-Ban < 1.69.1 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. PoC 1. Go to the plugin settings and set these...

4.8CVSS4.8AI score0.00851EPSS
Exploits2Affected Software1
wpvulndb
wpvulndb
added 2022/12/06 12:0 a.m.24 views

WP Smart Import < 1.0.3 - Reflected Cross-Ste Scripting

The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting...

6.1CVSS0.9AI score0.00406EPSS
Exploits0Affected Software1
wpvulndb
wpvulndb
added 2022/12/06 12:0 a.m.25 views

Build App Online < 1.0.19 - Unauthenticated SQL Injection

The plugin does not properly sanitise and escape some parameters before using them in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection PoC Additional plugins required: https://wordpress.org/plugins/wc-multivendor-marketplace/...

0.6AI score0.01037EPSS
Exploits2Affected Software1
wpvulndb
wpvulndb
added 2022/12/06 12:0 a.m.52 views

YITH WooCommerce Gift Cards < 3.20.0 - Unauthenticated Arbitrary File Upload

The plugin does not validate files to be uploaded, allowing unauthenticated attackers to upload arbitrary files, such as PHP...

9.8CVSS4.8AI score0.13514EPSS
Exploits2Affected Software1
wpvulndb
wpvulndb
added 2022/12/05 12:0 a.m.16 views

Contest Gallery < 19.1.5 - Admin+ SQL Injection

The plugins do not escape the wpuserid GET parameter before concatenating it to an SQL query in management-show-user.php. This may allow malicious users with administrator privileges i.e. on multisite WordPress configurations to leak sensitive information from the site's database. PoC Exploit 1:...

4.9CVSS5.3AI score0.00846EPSS
Exploits2References1Affected Software2
wpvulndb
wpvulndb
added 2022/12/05 12:0 a.m.13 views

Contest Gallery < 19.1.5 - Author+ SQL Injection

The plugins do not escape the addCountS POST parameter before concatenating it to an SQL query in 4activate.php. This may allow malicious users with at least author privilege to leak sensitive information from the site's database. PoC POST /wp-admin/admin-ajax.php HTTP/1.1 Host: localhost:8080...

6.5CVSS6.5AI score0.00854EPSS
Exploits2References1Affected Software2
wpvulndb
wpvulndb
added 2022/12/05 12:0 a.m.58 views

Contest Gallery Pro < 19.1.5 - Admin+ SQL Injection

The plugin does not escape the wpuserid GET parameter before concatenating it to an SQL query in management-show-user.php. This may allow malicious users with at administrator privileges i.e. on multisite WordPress configurations to leak sensitive information from the site's database. PoC POST...

4.9CVSS5.1AI score0.00852EPSS
Exploits2References1Affected Software1
wpvulndb
wpvulndb
added 2022/12/05 12:0 a.m.16 views

Welcart e-Commerce < 2.8.5 - Subscriber+ Arbitrary File Access

The plugin does not validate user input before using it to output the content of a file via an AJAX action available to any authenticated users, which could allow users with a role as low as subscriber to read arbitrary files on the server. PoC Run the below command in the developer console of th...

6.5CVSS2.6AI score0.00795EPSS
Exploits2Affected Software1
wpvulndb
wpvulndb
added 2022/12/05 12:0 a.m.17 views

Contest Gallery < 19.1.5 - Author+ SQL Injection

The plugins do not escape the optionid POST parameter before concatenating it to an SQL query in order-custom-fields-with-and-without-search.php. This may allow malicious users with at least author privilege to leak sensitive information from the site's database. PoC POST...

6.5CVSS0.2AI score0.00854EPSS
Exploits2References1Affected Software2
wpvulndb
wpvulndb
added 2022/12/05 12:0 a.m.21 views

GD bbPress Attachments < 4.4 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5.4CVSS2.4AI score0.00418EPSS
Exploits0Affected Software1
wpvulndb
wpvulndb
added 2022/12/05 12:0 a.m.22 views

Contest Gallery < 19.1.5 - Author+ SQL Injection

The plugins do not escape the cgdeactivate and cgactivate POST parameters before concatenating it to an SQL query in 2deactivate.php and 4activate.php, respectively. This may allow malicious users with at least author privilege to leak sensitive information from the site's database. PoC Exploit...

6.5CVSS0.1AI score0.00854EPSS
Exploits2References1Affected Software2
wpvulndb
wpvulndb
added 2022/12/05 12:0 a.m.19 views

Contest Gallery < 19.1.5.1 - Unauthenticated SQL Injection

The plugins do not escape the userid POST parameter before concatenating it to an SQL query in ajax-functions-backend.php. This may allow malicious users with at least author privilege to leak sensitive information from the site's database. PoC POST /wp-admin/admin-ajax.php HTTP/1.1 Host:...

7.5CVSS7.5AI score0.0092EPSS
Exploits2References1Affected Software2
wpvulndb
wpvulndb
added 2022/12/05 12:0 a.m.28 views

Kwayy HTML Sitemap < 4.0 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. PoC 1. Click the 'Settings' button of this plugin...

4.8CVSS0.6AI score0.00532EPSS
Exploits2Affected Software1
wpvulndb
wpvulndb
added 2022/12/05 12:0 a.m.24 views

Contest Gallery < 19.1.5 - Author+ SQL Injection

The plugins do not escape the cgmultiplefilesforpost POST parameter before concatenating it to an SQL query in 0change-gallery.php. This may allow malicious users with at least author privilege to leak sensitive information from the site's database. PoC POST /wp-admin/admin-ajax.php HTTP/1.1 Host...

6.5CVSS0.1AI score0.00854EPSS
Exploits2References1Affected Software2
wpvulndb
wpvulndb
added 2022/12/05 12:0 a.m.18 views

Contest Gallery < 19.1.5 - Admin+ SQL Injection

The plugins do not escape the cgoptionid POST parameter before concatenating it to an SQL query in export-votes-all.php. This may allow malicious users with administrator privileges i.e. on multisite WordPress configurations to leak sensitive information from the site's database. PoC POST...

4.9CVSS0.00883EPSS
Exploits2References1Affected Software2
wpvulndb
wpvulndb
added 2022/12/05 12:0 a.m.26 views

Booster for WooCommerce - Reflected Cross-Site Scripting

The plugins do not escape some URLs and parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting...

6.1CVSS2.3AI score0.00406EPSS
Exploits0Affected Software3
wpvulndb
wpvulndb
added 2022/12/05 12:0 a.m.25 views

Contest Gallery < 19.1.5 - Author+ SQL Injection

The plugins do not escape the cgorder POST parameter before concatenating it to an SQL query in order-custom-fields-with-and-without-search.php. This may allow malicious users with at least author privilege to leak sensitive information from the site's database. PoC POST /wp-admin/admin-ajax.php...

6.5CVSS0.6AI score0.00854EPSS
Exploits2References1Affected Software2
wpvulndb
wpvulndb
added 2022/12/05 12:0 a.m.61 views

Multiple YITH WooCommerce plugins - Cross-Site Scripting via shortcode ajax

Multiple plugins from YITH does not protect its ajax actions against CSRF attacks, allowing an attacker to trick a logged in user to perform actions on their behalf by submitting a crafted request...

3.7AI score0.00144EPSS
Exploits0References1Affected Software7
wpvulndb
wpvulndb
added 2022/12/05 12:0 a.m.20 views

Contest Gallery < 19.1.5.1 - Author+ SQL Injection

The plugins do not escape the upload POST parameter before concatenating it to an SQL query in get-data-create-upload-v10.php. This may allow malicious users with at least author privilege to leak sensitive information from the site's database. PoC POST...

6.5CVSS6.5AI score0.00854EPSS
Exploits2References1Affected Software2
wpvulndb
wpvulndb
added 2022/12/05 12:0 a.m.26 views

Welcart e-Commerce < 2.8.6 - Subscriber+ PHAR Deserialisation

The plugin does not validate user input before using it in fileexist functions via various AJAX actions available to any authenticated users, which could allow users with a role as low as subscriber to perform PHAR deserialisation when they can upload a file and a suitable gadget chain is present...

8.8CVSS2.3AI score0.01073EPSS
Exploits2Affected Software1
wpvulndb
wpvulndb
added 2022/12/05 12:0 a.m.15 views

Contest Gallery < 19.1.5 - Unauthenticated SQL Injection

The plugins do not escape the cgFields POST parameter before concatenating it to an SQL query in users-registry-check-registering-and-login.php. This may allow malicious visitors to leak sensitive information from the site's database. PoC POST /wp-admin/admin-ajax.php HTTP/1.1 Host: localhost:808...

7.5CVSS7.6AI score0.00882EPSS
Exploits2References1Affected Software2
wpvulndb
wpvulndb
added 2022/12/05 12:0 a.m.23 views

Loginizer < 1.7.6 - Unauthenticated Stored Cross-Site Scripting

The plugin does not sanitise and escape some parameters, allowing unauthenticated attackers to send a request with XSS payloads, which will be triggered when a high privilege users such as admin visits a page from the plugin...

3.8AI score0.00435EPSS
Exploits0References1Affected Software1
wpvulndb
wpvulndb
added 2022/12/05 12:0 a.m.17 views

Contest Gallery < 19.1.5.1 - Author+ SQL Injection

The plugins do not escape the cgid POST parameter before concatenating it to an SQL query in 0change-gallery.php. This may allow malicious users with at least author privilege to leak sensitive information from the site's database. PoC POST /wp-admin/admin-ajax.php?page=/index.phpgallery=1=...

6.5CVSS0.00854EPSS
Exploits2References1Affected Software2
wpvulndb
wpvulndb
added 2022/12/05 12:0 a.m.17 views

Contest Gallery < 19.1.5 - Author+ SQL Injection

The plugins do not escape the cgrow POST parameter before concatenating it to an SQL query in 3row-order.php. This may allow malicious users with at least author privilege to leak sensitive information from the site's database. PoC POST /wp-admin/admin-ajax.php HTTP/1.1 Host: localhost:8080...

6.5CVSS0.00854EPSS
Exploits2References1Affected Software2
wpvulndb
wpvulndb
added 2022/12/05 12:0 a.m.22 views

Welcart e-Commerce < 2.8.5 - Unauthenticated Arbitrary File Access

The plugin does not validate user input before using it to output the content of a file, which could allow unauthenticated attacker to read arbitrary files on the server This is a different issue than CVE-2022-41840 PoC...

9.8CVSS1.5AI score0.05116EPSS
Exploits3Affected Software1
wpvulndb
wpvulndb
added 2022/12/05 12:0 a.m.23 views

Stop Spammers Security < 2022.6 - Unauthenticated PHP Object Injection

The plugin passes base64 encoded user input to the unserialize PHP function when CAPTCHA are used as second challenge, which could lead to PHP Object injection if a plugin installed on the blog has a suitable gadget chain PoC To simulate a gadget chain, put the following code in a plugin class Ev...

9.8CVSS1.6AI score0.18121EPSS
Exploits2Affected Software1
wpvulndb
wpvulndb
added 2022/12/05 12:0 a.m.29 views

Contest Gallery < 19.1.5 - Author+ SQL Injection

The plugins do not escape the cgcopystart POST parameter before concatenating it to an SQL query in copy-gallery-images.php. This may allow malicious users with at least author privilege to leak sensitive information from the site's database. PoC POST...

6.5CVSS0.2AI score0.00854EPSS
Exploits2References1Affected Software2
wpvulndb
wpvulndb
added 2022/12/05 12:0 a.m.18 views

Contest Gallery < 19.1.5 - Author+ SQL Injection

The plugins do not escape the optionid POST parameter before concatenating it to an SQL query in edit-options.php. This may allow malicious users with at least author privilege to leak sensitive information from the site's database. PoC POST...

6.5CVSS0.00854EPSS
Exploits2References1Affected Software2
wpvulndb
wpvulndb
added 2022/12/05 12:0 a.m.25 views

Contest Gallery < 19.1.5 - Author+ SQL Injection

The plugins do not escape the cgcopyid POST parameter before concatenating it to an SQL query in cg-copy-comments.php and cg-copy-rating.php. This may allow malicious users with at least author privilege to leak sensitive information from the site's database. PoC POST...

6.5CVSS6.5AI score0.00911EPSS
Exploits2References1Affected Software2
wpvulndb
wpvulndb
added 2022/12/05 12:0 a.m.25 views

Contest Gallery < 19.1.5 - Admin+ SQL Injection

The plugins do not escape the optionid GET parameter before concatenating it to an SQL query in export-images-data.php. This may allow malicious users with at least author privilege to leak sensitive information from the site's database. PoC POST...

6.5CVSS0.2AI score0.00854EPSS
Exploits2References1Affected Software2
wpvulndb
wpvulndb
added 2022/12/05 12:0 a.m.23 views

Return Refund and Exchange For WooCommerce < 4.0.9 - Unauthenticated Arbitrary File Upload

The plugin does not validate attachment files to be uploaded via an AJAX action available to unauthenticated users, which could allow them to upload arbitrary files such as PHP and lead to RCE PoC 1. Install and activate woocommerce dependency, no setup required 2. Install and activate the...

9.8CVSS0.7AI score0.06152EPSS
Exploits3Affected Software1
wpvulndb
wpvulndb
added 2022/12/04 12:0 a.m.21 views

2kb Amazon Affiliates Store <= 2.1.5 - Reflected XSS

Description The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting...

6.1CVSS5.6AI score0.00392EPSS
Exploits0
wpvulndb
wpvulndb
added 2022/12/02 12:0 a.m.25 views

Advanced Booking Calendar <= 1.7.1 - Unauthenticated SQLi

The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by unauthenticated users...

10CVSS2.5AI score0.00748EPSS
Exploits0Affected Software1
wpvulndb
wpvulndb
added 2022/12/02 12:0 a.m.24 views

Chained Quiz < 1.3.2.3 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape the dn parameter before outputting it back in the chainedquizlist page, leading to a Reflected Cross-Site Scripting...

6.1CVSS1.3AI score0.00638EPSS
Exploits0Affected Software1
wpvulndb
wpvulndb
added 2022/12/02 12:0 a.m.14 views

Workreap < 2.6.4 - Subscriber+ Arbitrary Posts Deletion via IDOR

The theme does not verify that an addon service belongs to the user issuing the request, or indeed that it is an addon service, when processing the workreapaddonsserviceremove action, allowing any user to delete any post by knowing or guessing the id. PoC POST /testt/wp-admin/admin-ajax.php HTTP/...

6.5CVSS2.3AI score0.00593EPSS
Exploits2Affected Software1
wpvulndb
wpvulndb
added 2022/12/02 12:0 a.m.24 views

Chained Quiz < 1.3.2.5 - Arbitrary Question Deletion via CSRF

The plugin does not have CSRF check when deleting questions, which could allow attackers to make logged in admins perform such action via a CSRF attack...

5.4CVSS5.7AI score0.00397EPSS
Exploits1Affected Software1
wpvulndb
wpvulndb
added 2022/12/02 12:0 a.m.15 views

Plugin Logic < 1.0.8 - Admin+ SQLi

The plugin does not sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin PoC POST /wp-admin/network/plugins.php?page=plugin-logic=options%20union%20SELECT%20SLEEP16%3b%23 HTTP/1.1 Content-Type:...

7.2CVSS2.2AI score0.01091EPSS
Exploits2References1Affected Software1
wpvulndb
wpvulndb
added 2022/12/02 12:0 a.m.35 views

Chained Quiz < 1.3.2.3 - Admin+ Stored XSS

The plugin does not sanitise and escape its facebookappid and apikey settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5.5CVSS2.3AI score0.00642EPSS
Exploits2Affected Software1
wpvulndb
wpvulndb
added 2022/12/02 12:0 a.m.14 views

ImageInject <= 1.17 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. PoC POST...

4.8CVSS0.00532EPSS
Exploits2Affected Software1
wpvulndb
wpvulndb
added 2022/12/02 12:0 a.m.26 views

Chained Quiz < 1.3.2.4 - Multiple Reflected Cross-Site Scripting

The plugin does not sanitise and escape the ip and date parameters before outputting them back in the chainedquizlist page, which could lead to reflected Cross-Site Scripting...

6.1CVSS1.5AI score0.00881EPSS
Exploits2Affected Software1
wpvulndb
wpvulndb
added 2022/12/02 12:0 a.m.15 views

Chained Quiz < 1.3.2.5 - Arbitrary Quiz Deletion & Copying via CSRF

The plugin does not have CSRF checks when deleting and copying quiz, which could allow attackers to make logged in admins perform such actions via CSRF attacks...

5.4CVSS6AI score0.00422EPSS
Exploits1Affected Software1
wpvulndb
wpvulndb
added 2022/12/02 12:0 a.m.34 views

Chained Quiz < 1.3.2.1 - Multiple Reflected Cross-Site Scripting

The plugin does not sanitise and escape the ipf, emailf, dnf, pointsf and datef parameters before outputting them back in the chainedquizlist page, leading to a Reflected Cross-Site Scripting...

6.1CVSS1.9AI score0.00824EPSS
Exploits5Affected Software1
wpvulndb
wpvulndb
added 2022/12/02 12:0 a.m.15 views

WP Google Review Slider < 11.6 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. PoC POST /wp-admin/admin-ajax.php?fsblogadmin=tru...

4.8CVSS0.9AI score0.00532EPSS
Exploits2Affected Software1
wpvulndb
wpvulndb
added 2022/12/02 12:0 a.m.25 views

Simple Basic Contact Form < 20221201 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. PoC 1. Go to "Settings » Contact Form » Plugin...

4.8CVSS0.4AI score0.00532EPSS
Exploits2Affected Software1
wpvulndb
wpvulndb
added 2022/12/02 12:0 a.m.25 views

Chained Quiz < 1.3.2.5 - Submitted Quiz Response Deletion via CSRF

The plugin does not have CSRF checks when deleting submitted quiz response, which could allow attackers to make logged in admins perform such action via a CSRF attack...

5.4CVSS4.7AI score0.00397EPSS
Exploits1Affected Software1
wpvulndb
wpvulndb
added 2022/12/01 12:0 a.m.17 views

Advanced Booking Calendar <= 1.7.1 - CSRF

The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...

6.5CVSS5AI score0.00234EPSS
Exploits0Affected Software1
wpvulndb
wpvulndb
added 2022/12/01 12:0 a.m.18 views

Afterpay Gateway for WooCommerce < 3.5.1 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape the orderToken parameter before outputting it back in the page via an error message, leading to a Reflected Cross-Site Scripting...

6.1CVSS2.4AI score0.00427EPSS
Exploits0Affected Software1
Total number of security vulnerabilities14603