Lucene search
+L
WpvulndbRecent

14603 matches found

wpvulndb
wpvulndb
•added 2022/12/01 12:0 a.m.•21 views

ARMember < 5.6 - Unauthenticated Privilege Escalation

The plugin could allow unauthenticated attackers to escalate themselves as admin...

9.8CVSS5.5AI score0.00689EPSS
Exploits0Affected Software1
wpvulndb
wpvulndb
•added 2022/12/01 12:0 a.m.•20 views

Google Apps Login < 3.4.5 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. PoC 1. Go to the setting page of this plugin. 2...

4.8CVSS0.6AI score0.00532EPSS
Exploits2Affected Software1
wpvulndb
wpvulndb
•added 2022/12/01 12:0 a.m.•21 views

Afterpay Gateway for WooCommerce < 3.5.1 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape some parameters, allowing an attacker to trick a visitor to send a request with XSS payloads that will trigger when they visit the site...

6.1CVSS4.4AI score0.00427EPSS
Exploits0Affected Software1
wpvulndb
wpvulndb
•added 2022/11/30 12:0 a.m.•19 views

Paytium < 4.3.7 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. PoC 1. Go to Playtium » Settings and in the 'Test...

4.8CVSS1.4AI score0.0047EPSS
Exploits2Affected Software1
wpvulndb
wpvulndb
•added 2022/11/30 12:0 a.m.•16 views

Easy WP SMTP < 1.5.2 - Admin+ Arbitrary File Access

The plugin does not validate some user input used to generate paths, which could allow high privilege users such as admin to access arbitrary files even when they should not be able to, for example in multisite via a traversal attack...

6.8CVSS4.9AI score0.0077EPSS
Exploits0Affected Software1
wpvulndb
wpvulndb
•added 2022/11/30 12:0 a.m.•17 views

Easy WP SMTP < 1.5.2 - Admin+ Arbitrary File Deletion

The plugin does not validate some user input used to generate paths, which could allow high privilege users such as admin to delete arbitrary files even when they should not be able to, for example in multisite via a traversal attack...

8.7CVSS4.6AI score0.00839EPSS
Exploits0Affected Software1
wpvulndb
wpvulndb
•added 2022/11/30 12:0 a.m.•20 views

Custom Product Tabs for WooCommerce < 1.8.0 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS2.2AI score0.00392EPSS
Exploits0Affected Software1
wpvulndb
wpvulndb
•added 2022/11/30 12:0 a.m.•23 views

Sliderby10Web < 1.2.53 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. PoC 1. Go to "Slider » Sliders" and edit one of...

4.8CVSS1.1AI score0.00532EPSS
Exploits2Affected Software1
wpvulndb
wpvulndb
•added 2022/11/30 12:0 a.m.•30 views

Advanced Coupons for WooCommerce Coupons < 4.5.0.1 - Notice Dismiss via CSRF

The plugin does not have CSRF check when dismissing notices, which could allow attackers to make logged in users dismiss the Getting Started notice via a CSRF attack...

5.4CVSS5.4AI score0.00258EPSS
Exploits0Affected Software1
wpvulndb
wpvulndb
•added 2022/11/30 12:0 a.m.•14 views

Eventify <= 2.1 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. PoC 1. Go to Settings » Eventify. 2. Under...

4.8CVSS1.3AI score0.00532EPSS
Exploits2Affected Software1
wpvulndb
wpvulndb
•added 2022/11/30 12:0 a.m.•22 views

Easy WP SMTP < 1.5.2 - Admin+ RCE

The plugin could allow high privilege users such as admin to perform RCE even when they should not be able to for example in multisite setups...

9.1CVSS2.5AI score0.01319EPSS
Exploits0Affected Software1
wpvulndb
wpvulndb
•added 2022/11/29 12:0 a.m.•29 views

Quiz and Survey Master < 8.0.5 - Unauthenticated iFrame Injection

The plugin does not sanitise and escape the questionid parameter, which could allow unauthenticated users to perform iFrame injection attack...

7.2CVSS4.9AI score0.00724EPSS
Exploits0Affected Software1
wpvulndb
wpvulndb
•added 2022/11/29 12:0 a.m.•13 views

Simple:Press < 6.8.1 - Unauthenticated Stored XSS via Forum Replies

The plugin does not sanitise and escape the postitem parameter when posting a forum reply, which could allow unauthenticated users to perform Stored XSS attacks...

7.2CVSS4.1AI score0.00571EPSS
Exploits0Affected Software1
wpvulndb
wpvulndb
•added 2022/11/29 12:0 a.m.•18 views

Appointment Hour Booking < 1.3.73 - CAPTCHA Bypass

The plugin does not have a strong hashing algorithm on the CAPTCHA secret, and displays it to the user via a cookie, which could allow them to bypass the protection in place...

5.3CVSS2.5AI score0.00436EPSS
Exploits0Affected Software1
wpvulndb
wpvulndb
•added 2022/11/29 12:0 a.m.•11 views

Simple:Press < 6.8.1 - Subscriber+ Arbitrary File Deletion

The plugin does not validate a file parameter when a user delete its avatar, which could allow any authenticated users, such as subscriber to delete arbitrary files on the server...

8.1CVSS4.3AI score0.01563EPSS
Exploits0Affected Software1
wpvulndb
wpvulndb
•added 2022/11/29 12:0 a.m.•15 views

Simple:Press < 6.8.1 - Admin+ Arbitrary File Update

The plugin does not validate files to be updated, which could allow high privilege users such as admin to update arbitrary files and not just the one allowed by the plugin...

4.9CVSS3.7AI score0.00669EPSS
Exploits0Affected Software1
wpvulndb
wpvulndb
•added 2022/11/29 12:0 a.m.•21 views

Quiz and Survey Master < 8.0.5 - Improper Input Validation

The plugin does not properly validate the questionid parameter, which could allow attackers to send values other than the expected type...

5.3CVSS5AI score0.00674EPSS
Exploits0Affected Software1
wpvulndb
wpvulndb
•added 2022/11/29 12:0 a.m.•28 views

WP CSV Exporter < 1.3.7 - CSV Injection

The plugin does not properly escape the fields when exporting data as CSV, leading to a CSV injection vulnerability. PoC - create a post using =5+5 as the title - export the data as CSV - open the CSV with a spreadsheet application Excel, Libre Office - the CSV formula gets executed...

7.8CVSS1.2AI score0.0041EPSS
Exploits1Affected Software1
wpvulndb
wpvulndb
•added 2022/11/29 12:0 a.m.•12 views

Appointment Hour Booking < 1.3.73 - CSV Injection

The plugin does not validate data when output it back in a CSV file, which could lead to CSV injection...

7.8CVSS1.1AI score0.00614EPSS
Exploits1Affected Software1
wpvulndb
wpvulndb
•added 2022/11/29 12:0 a.m.•21 views

Menu Item Visibility Control <= 0.5 - Admin+ Arbitrary PHP Code Execution

The plugin doesn't sanitize and validate the "Visibility logic" option for WordPress menu items, which could allow highly privileged users to execute arbitrary PHP code even in a hardened environment. PoC 1. As an admin, go to "Appearance - Menus" and create a menu with some items of your choice...

7.2CVSS3.7AI score0.01225EPSS
Exploits2Affected Software1
wpvulndb
wpvulndb
•added 2022/11/29 12:0 a.m.•18 views

Appointment Hour Booking < 1.3.73 - Unauthenticated iFrame Injection

The plugin does not sanitise and escape the email and general field parameters, which could allow unauthenticated users to perform iFrame injection attack PoC As an unauthenticated user, submit a booking and put an iFrame payload in the email/general field parameter The iFrame will be executed wh...

7.2CVSS2.9AI score0.00687EPSS
Exploits1Affected Software1
wpvulndb
wpvulndb
•added 2022/11/29 12:0 a.m.•19 views

Simple:Press < 6.8.1 - Subscriber+ Stored XSS via Profile Signatures

The plugin does not sanitise and escape the postitem parameter when modifying profile signatures, which could allow any authenticated users, such as subscriber to perform Stored XSS attacks...

6.4CVSS4.3AI score0.00495EPSS
Exploits0Affected Software1
wpvulndb
wpvulndb
•added 2022/11/28 12:0 a.m.•11 views

FlyingPress < 3.9.7 - Arbitrary Settings Update to Stored XSS

The plugin does not have authorisation in various AJAX actions, allowing any authenticated users, such as subscribers to call them. One of those actions could allow them to rewrite static files URL JS, CSS etc to a malicious CDN under their control, which could lead to XSS...

3.5AI score
Exploits0References1Affected Software1
wpvulndb
wpvulndb
•added 2022/11/28 12:0 a.m.•19 views

JobBoardWP < 1.2.2 - Unauthenticated Arbitrary File Upload

The plugin does not properly validate file names and types in its file upload functionalities, allowing unauthenticated users to upload arbitrary files such as PHP. PoC Setup: 1. Install the vulnerable plugin jobboardwp version 1.2.1 2. In the toast message that appears on the plugin's...

7.5CVSS2.3AI score0.01354EPSS
Exploits2Affected Software1
wpvulndb
wpvulndb
•added 2022/11/28 12:0 a.m.•22 views

WP Shamsi < 4.1.1 - Unauthenticated Arbitrary Plugin Deactivation

The plugin does not have authorisation check when activating plugins via an action hooked to init, which could allow unauthenticated attackers to deactivate arbitrary plugins from the blog...

6.5CVSS5.1AI score0.00665EPSS
Exploits0Affected Software1
wpvulndb
wpvulndb
•added 2022/11/28 12:0 a.m.•15 views

JoomSport < 5.2.8 - Unauthenticated SQLi

The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by unauthenticated users PoC 1. Install the vulnerable plugin joomsport-sports-league-results-management version 5.2.6, skip the demo data import when prompted...

9.8CVSS2.4AI score0.04756EPSS
Exploits2Affected Software1
wpvulndb
wpvulndb
•added 2022/11/28 12:0 a.m.•22 views

Theme and plugin translation for Polylang < 3.2.17 - Unauthenticated Translation Settings Update

The theme does not have authorisation in the processpolylangthemetranslationwploaded function, which could allow unauthenticated attack to update translation settings, as well as import arbitrary translations...

6.5CVSS3.4AI score0.00665EPSS
Exploits0Affected Software1
wpvulndb
wpvulndb
•added 2022/11/28 12:0 a.m.•16 views

Wholesale Market for WooCommerce < 1.0.8 - Admin+ Arbitrary File Download

The plugin does not validate user input used to generate system path, allowing high privilege users such as admin to download arbitrary file from the server even when they should not be able to for example in multisite PoC First call...

4.9CVSS2.1AI score0.00798EPSS
Exploits2Affected Software1
wpvulndb
wpvulndb
•added 2022/11/28 12:0 a.m.•19 views

Manage Notification E-mails < 1.8.3 - Settings Reset via CSRF

The plugin does not have CSRF check in place when reseting its settings, which could allow attackers to make a logged in admin reset them via a CSRF attack...

8.8CVSS5.1AI score0.00291EPSS
Exploits0Affected Software1
wpvulndb
wpvulndb
•added 2022/11/28 12:0 a.m.•20 views

Directorist < 7.4.4 - Subscriber+ Sensitive Information Disclosure

The plugin does not prevent users with low privileges like subscribers from accessing sensitive system information. PoC fetch'http://wpscan.local/wp-admin/admin-ajax.php', method: 'POST', headers: new Headers 'Content-Type': 'application/x-www-form-urlencoded', , body: 'action=sendsysteminfo',...

6.5CVSS1.1AI score0.00699EPSS
Exploits2Affected Software1
wpvulndb
wpvulndb
•added 2022/11/28 12:0 a.m.•20 views

InPost Gallery < 2.1.4.1 - Unauthenticated LFI to RCE

The plugin insecurely uses PHP's extract function when rendering HTML views, allowing attackers to force the inclusion of malicious files & URLs, which may enable them to run code on servers. PoC Invoke the following shell commands to disclose the /etc/passwd file: Define the payload "pagepath"...

9.8CVSS0.09519EPSS
Exploits2Affected Software1
wpvulndb
wpvulndb
•added 2022/11/28 12:0 a.m.•26 views

Photo Gallery < 1.8.3 - Stored XSS via CSRF

The plugin does not validate and escape some parameters before outputting them back in in JS code later on in another page, which could lead to Stored XSS issue when an attacker makes a logged in admin open a malicious URL or page under their control. Note: The XSS will only trigger for the...

5.4CVSS0.00244EPSS
Exploits2Affected Software1
wpvulndb
wpvulndb
•added 2022/11/28 12:0 a.m.•19 views

Wholesale Market for WooCommerce < 1.0.7 - Unauthenticated Arbitrary File Download

The plugin does not have authorisation check, as well as does not validate user input used to generate system path, allowing unauthenticated attackers to download arbitrary file from the server. Note: v1.0.7 added capability check, making the issue still exploitable by high privilege users such a...

7.5CVSS2.3AI score0.00857EPSS
Exploits2Affected Software1
wpvulndb
wpvulndb
•added 2022/11/28 12:0 a.m.•25 views

SEO Plugin by Squirrly SEO < 12.1.11 - Contributor+ Arbitrary File Upload

The plugin does not validate files to be uploaded, which could allow users with a role as low as contributor to upload arbitrary files such as PHP...

8.8CVSS3.9AI score0.0072EPSS
Exploits0Affected Software1
wpvulndb
wpvulndb
•added 2022/11/28 12:0 a.m.•15 views

Popup Manager <= 1.6.6 - Unauthenticated Stored XSS

The plugin does not have authorisation and CSRF check when creating/updating popups, and is missing sanitisation as well as escaping, which could allow unauthenticated attackers to create arbitrary popups and add Stored XSS payloads as well PoC fetch'/wp-admin/admin-ajax.php', method: 'POST',...

4.3CVSS4.6AI score0.00285EPSS
Exploits2Affected Software1
wpvulndb
wpvulndb
•added 2022/11/28 12:0 a.m.•19 views

Popup Manager <= 1.6.6 - Unauthenticated Arbitrary Popup Deletion

The plugin does not have authorisation and CSRF checks when deleting popups, which could allow unauthenticated users to delete them PoC As an unauthenticated users, or via CSRF: fetch'/wp-admin/admin-ajax.php', method: 'POST', headers: new Headers 'Content-Type':...

4.3CVSS3.2AI score0.00274EPSS
Exploits2Affected Software1
wpvulndb
wpvulndb
•added 2022/11/28 12:0 a.m.•13 views

Better Click to Tweet < 5.10.4 - Settings Update via CSRF

The plugin lacks CSRF protection when updating the bctt-twitter-handle option, allowing an attacker to change the plugin settings by tricking a logged in admin to submit a form. PoC curl -b .cookies -d bctt-twitter=$NEWHANDLE 'https://example.com/wp-admin/?page=bctt-welcome=welcome'...

2.7AI score0.0038EPSS
Exploits1References1Affected Software1
wpvulndb
wpvulndb
•added 2022/11/28 12:0 a.m.•21 views

Pie Register < 3.8.1.3 - Unauthenticated Arbitrary User Deletion

The plugin does not have authorisation and CSRF when deleting users via an init action handler, allowing unauthenticated attackers to delete arbitrary users along with their posts PoC Invoke the following curl command to delete the user user id 2 curl https://example.com/wp-admin/admin-ajax.php...

6.5CVSS3.8AI score0.00334EPSS
Exploits2Affected Software1
wpvulndb
wpvulndb
•added 2022/11/24 12:0 a.m.•18 views

WP ULike < 4.6.5 - Unauthenticated Rating Tampering via Race Condition

The plugin is affected by a race condition which could allow unauthenticated attackers to increase and decrease ratings...

5.3CVSS5AI score0.0033EPSS
Exploits0Affected Software1
wpvulndb
wpvulndb
•added 2022/11/23 12:0 a.m.•16 views

Contest Gallery < 14.0.0 - Unauthenticated Stored XSS

The plugin does not sanitise and escape some parameters, which could allow unauthenticated users to perform Stored Cross-Site Scripting attacks...

6.1CVSS3.5AI score0.00406EPSS
Exploits0Affected Software1
wpvulndb
wpvulndb
•added 2022/11/22 12:0 a.m.•23 views

Flowplayer Video Player < 1.0.5 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks PoC As a contributor, put, the following shortcode in a page/post flowplayer...

5.4CVSS2.5AI score0.00471EPSS
Exploits2Affected Software1
wpvulndb
wpvulndb
•added 2022/11/22 12:0 a.m.•19 views

Easy Video Player < 1.2.2.3 - Contributor+ Stored XSS

The plugin does not sanitize and escapes some parameters, which could allow users with a role as low as Contributor to perform Cross-Site Scripting attacks. PoC 1. Add a new post and add the payload there: evpembedvideo url='" onerror=alert/XSS/ "' 2. Preview the post, and the XSS will trigger...

5.4CVSS2.3AI score0.00507EPSS
Exploits2Affected Software1
wpvulndb
wpvulndb
•added 2022/11/22 12:0 a.m.•18 views

Checkout for PayPal < 1.0.14 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks PoC As a contributor, put the following shortcode in a page/post...

5.4CVSS2.3AI score0.00471EPSS
Exploits2Affected Software1
wpvulndb
wpvulndb
•added 2022/11/22 12:0 a.m.•33 views

Videojs HTML5 Player < 1.1.9 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks PoC As a contributor, put the following shortcode in a page/post videojsvideo...

5.4CVSS2.3AI score0.00471EPSS
Exploits2Affected Software1
wpvulndb
wpvulndb
•added 2022/11/22 12:0 a.m.•19 views

All-In-One Security < 5.1.1 - Bulk Actions via CSRF

The plugin does not have CSRF checks in some bulk actions, which could allow attackers to make logged in admins perform unwanted actions, such as delete arbitrary blocked IPs via CSRF attacks...

8.8CVSS4.9AI score0.00283EPSS
Exploits0Affected Software1
wpvulndb
wpvulndb
•added 2022/11/22 12:0 a.m.•15 views

SMSA Shipping for WooCommerce < 1.0.5 - Subscriber+ Arbitrary File Download

The plugin does not have authorisation and proper CSRF checks, as well as does not validate the file to be downloaded, allowing any authenticated users, such as subscriber to download arbitrary file from the server PoC Open the following URL when being logged in as any user...

6.5CVSS1.4AI score0.00382EPSS
Exploits2Affected Software1
wpvulndb
wpvulndb
•added 2022/11/22 12:0 a.m.•16 views

Responsive Lightbox2 < 1.0.4 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks PoC As a contributor, put, the following shortcode in a page/post lightbox2...

5.4CVSS2.4AI score0.00471EPSS
Exploits2Affected Software1
wpvulndb
wpvulndb
•added 2022/11/22 12:0 a.m.•26 views

BeTheme < 26.6.3 - Subscriber+ Stored XSS

The plugin does not sanitise and escape some parameters, which could allow users with a role as low as Subscriber to perform Stored Cross-Site Scripting attacks...

5.4CVSS2.7AI score0.00383EPSS
Exploits0Affected Software1
wpvulndb
wpvulndb
•added 2022/11/22 12:0 a.m.•22 views

WP Stripe Checkout < 1.2.2.21 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks PoC As a contributor, put the following shortcode in a page/post...

5.4CVSS1.9AI score0.00471EPSS
Exploits2Affected Software1
wpvulndb
wpvulndb
•added 2022/11/21 12:0 a.m.•18 views

Booking Calendar < 3.2.2 - Unauthenticated Arbitrary File Upload

The plugin does not validate uploaded files, which could allow unauthenticated users to upload arbitrary files, such as PHP and achieve RCE PoC 1. As an unauthenticated user, navigate to the main WordPress page 2. Extract a valid nonce from the page source CTRL+F for "var wpdevart =", field...

9.8CVSS0.04493EPSS
Exploits2Affected Software2
Total number of security vulnerabilities14603