Lucene search
+L
WpvulndbRecent

14603 matches found

wpvulndb
wpvulndb
added 2022/11/21 12:0 a.m.17 views

WP Memory < 2.46 - Subscriber+ Arbitrary Plugin Installation

The plugin does not have proper authorisation and CSRF in an AJAX action, allowing any authenticated users, such as subscriber to call it and install and activate arbitrary plugins from wordpress.org PoC Run the below command in the developer console of the web browser while being on the blog as ...

6.5CVSS2.8AI score0.00327EPSS
Exploits2Affected Software1
wpvulndb
wpvulndb
added 2022/11/21 12:0 a.m.15 views

Welcart e-Commerce < 2.8.4 - Subscriber+ Arbitrary Shipping Method Creation/Update/Deletion

The plugin does not have authorisation and CSRF in an AJAX action, allowing any logged-in user to create, update and delete shipping methods. PoC wpajaxshopoptionsajax hook calls shopoptionsajax function without nonce and without access control update shipping method name 0 shipping method id...

6.5CVSS1AI score0.00329EPSS
Exploits2Affected Software1
wpvulndb
wpvulndb
added 2022/11/21 12:0 a.m.19 views

Betheme < 26.6 - Contributor+ PHP Object Injection

The plugin unserializes user input provided via the import, mfn-items-import-page, and mfn-items-import parameters passed through the mfnbuilderimport, mfnbuilderimportpage, importdata, importsinglepage, and importfromclipboard functions. This could allow users with a role as low as contributor t...

8.8CVSS0.5AI score0.01984EPSS
Exploits5References1Affected Software1
wpvulndb
wpvulndb
added 2022/11/21 12:0 a.m.22 views

AntiHacker < 4.20 - Subscriber+ Arbitrary Plugin Installation

The plugin does not have proper authorisation and CSRF in an AJAX action, allowing any authenticated users, such as subscriber to call it and install and activate arbitrary plugins from wordpress.org PoC Run the below command in the developer console of the web browser while being on the blog as ...

6.5CVSS3.3AI score0.0034EPSS
Exploits2Affected Software1
wpvulndb
wpvulndb
added 2022/11/21 12:0 a.m.17 views

Cooked Pro < 1.7.5.7 - Unauthenticated PHP Object Injection

The plugin does not properly validate or sanitize the recipeargs parameter before unserializing it in the cookedloadmore action, allowing an unauthenticated attacker to trigger a PHP Object injection vulnerability. PoC POST /wp-admin/admin-ajax.php HTTP/1.1 Content-Type:...

9.8CVSS2.3AI score0.18966EPSS
Exploits2Affected Software1
wpvulndb
wpvulndb
added 2022/11/21 12:0 a.m.16 views

Dokan < 3.7.6 - Unauthenticated SQLi

The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by unauthenticated users PoC Setup: - Install WooCommerce dependency, no setup required - Install the plugin, complete the wizard no special configuration was...

9.8CVSS0.01059EPSS
Exploits2Affected Software1
wpvulndb
wpvulndb
added 2022/11/21 12:0 a.m.22 views

StopBadBots < 7.24 - Subscriber+ Arbitrary Plugin Installation

The plugin does not have proper authorisation and CSRF in an AJAX action, allowing any authenticated users, such as subscriber to call it and install and activate arbitrary plugins from wordpress.org PoC Run the below command in the developer console of the web browser while being on the blog as ...

6.5CVSS3.3AI score0.00327EPSS
Exploits2Affected Software1
wpvulndb
wpvulndb
added 2022/11/21 12:0 a.m.13 views

Motors - Car Dealer, Classifieds & Listing < 1.4.4 - Arbitrary File Upload

The plugin does not properly validate uploaded files for dangerous file types such as .php in an AJAX action, allowing an attacker to sign up on a victim's WordPress instance, upload a malicious PHP file and attempt to launch a brute-force attack to discover the uploaded payload. PoC This PoC was...

8.8CVSS8.8AI score0.01048EPSS
Exploits2Affected Software1
wpvulndb
wpvulndb
added 2022/11/21 12:0 a.m.56 views

Betheme < 26.6.3 - Subscriber+ Unauthorised Action

The plugin does not have authorisation in some areas, which could allow any authenticated users, such as subscriber to perform unauthorised action...

8.1CVSS4.5AI score0.00497EPSS
Exploits0Affected Software1
wpvulndb
wpvulndb
added 2022/11/21 12:0 a.m.19 views

Booster for WooCommerce - Custom Role Creation/Deletion via CSRF

The plugins does not properly check for CSRF when creating and deleting Customer roles, allowing attackers to make logged admins create and delete arbitrary custom roles via CSRF attacks PoC To delete the custom role dj it's possible to delete roles created by other plugins, make a logged in admi...

6.5CVSS1.4AI score0.00338EPSS
Exploits2Affected Software3
wpvulndb
wpvulndb
added 2022/11/21 12:0 a.m.16 views

Jetpack CRM < 5.4.3 - Admin+ Cross-Site Scripting

The plugin does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. PoC 1. In the settings of the plugin, in the three input boxes are named "Second Address Label", "Login...

4.8CVSS0.7AI score0.0047EPSS
Exploits2Affected Software1
wpvulndb
wpvulndb
added 2022/11/21 12:0 a.m.16 views

Car Dealer < 3.05 - Subscriber+ Arbitrary Plugin Installation

The plugin does not have proper authorisation and CSRF in an AJAX action, allowing any authenticated users, such as subscriber to call it and install and activate arbitrary plugins from wordpress.org PoC Run the below command in the developer console of the web browser while being on the blog as ...

6.5CVSS3.1AI score0.00336EPSS
Exploits2Affected Software1
wpvulndb
wpvulndb
added 2022/11/21 12:0 a.m.19 views

WooCommerce Shipping - DPD baltic < 1.2.57 - Subscriber+ Arbitrary Options Deletion

The plugin does not have authorisation and CSRF in an AJAX action, which could allow any authenticated users, such as subscriber to delete arbitrary options from the blog, which could make the blog unavailable. PoC Run the below command in the developer console of the web browser while being on t...

8.1CVSS1.9AI score0.00424EPSS
Exploits2Affected Software1
wpvulndb
wpvulndb
added 2022/11/21 12:0 a.m.17 views

All In One WP Security & Firewall < 5.0.8 - IP Spoofing

The plugin is susceptible to IP Spoofing attacks, which can lead to bypassed security features like IP blocks, rate limiting, brute force protection, and more. PoC Set HTTPXREALIP or HTTPXFORWARDEDFOR used in getuseripaddress to bypass IP-based blocks...

5.3CVSS1.1AI score0.00576EPSS
Exploits2Affected Software1
wpvulndb
wpvulndb
added 2022/11/21 12:0 a.m.19 views

Welcart e-Commerce < 2.8.4 - Multiple Subscriber+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some parameters, which could allow any authenticated users, such as subscriber to perform Stored Cross-Site Scripting attacks PoC add new payment method with XSS exploit: fetch'http://localhost/tester-wp/wp-admin/admin-ajax.php', method: 'POST', headers: ne...

5.4CVSS5.2AI score0.00468EPSS
Exploits2Affected Software1
wpvulndb
wpvulndb
added 2022/11/21 12:0 a.m.28 views

Listingo < 3.2.7 - Unauthenticated Arbitrary File Upload

The theme does not validate files to be uploaded via an AJAX action available to unauthenticated users, which could allow them to upload arbitrary files and lead to RCE PoC Upload a File: The response give the path to the file uploaded:...

9.8CVSS1.8AI score0.21205EPSS
Exploits2Affected Software1
wpvulndb
wpvulndb
added 2022/11/21 12:0 a.m.20 views

Icegram Express < 5.5.1 - Subscriber+ SQLi

The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by any authenticated users, such as subscriber PoC Open the below URL when logged in as a subscriber and notice the 5s delay...

8.8CVSS0.9AI score0.00742EPSS
Exploits1Affected Software1
wpvulndb
wpvulndb
added 2022/11/21 12:0 a.m.18 views

Livemesh Addons for Elementor < 7.2.4 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. PoC 1. Enter the setting page of this plugin. 2...

4.8CVSS0.2AI score0.0047EPSS
Exploits2Affected Software1
wpvulndb
wpvulndb
added 2022/11/21 12:0 a.m.25 views

User Registration < 2.2.4.1 - Subscriber+ Arbitrary File Upload

The plugin does not properly restrict the files to be uploaded via an AJAX action available to both unauthenticated and authenticated users, which could allow unauthenticated users to upload PHP files for example. PoC The following Python script automates the exploitation of this plugin by...

7.5CVSS2.3AI score0.00743EPSS
Exploits2Affected Software1
wpvulndb
wpvulndb
added 2022/11/19 12:0 a.m.14 views

Quizlord <= 2.0 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. PoC 1. Go to Quizlord » Add a quiz 2. In the...

4.8CVSS2.3AI score0.00535EPSS
Exploits2Affected Software1
wpvulndb
wpvulndb
added 2022/11/18 12:0 a.m.18 views

Plugin for Google Reviews < 2.2.3 - Subscriber+ Widget Creation

The plugin does not have proper authorisation when creating widgets, which could allow users with a role as low as subscriber to create widgets...

4.3CVSS4.2AI score0.00497EPSS
Exploits0Affected Software1
wpvulndb
wpvulndb
added 2022/11/18 12:0 a.m.21 views

WordPress Popular Posts < 6.1.0 - Unauthenticated Views Manipulation

The plugin does not validate some user inputs via a REST endpoint, which could allow unauthenticated users to update the number of views of articles...

7.5CVSS4.4AI score0.00846EPSS
Exploits0References1Affected Software1
wpvulndb
wpvulndb
added 2022/11/17 12:0 a.m.12 views

Ultimate Tables <= 1.6.5 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape some parameters before outputting them back in the page, leading to Reflected Cross-Site Scripting...

6.1CVSS1.7AI score0.00406EPSS
Exploits0Affected Software1
wpvulndb
wpvulndb
added 2022/11/17 12:0 a.m.19 views

Flat PM < 3.0.13 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape some parameters before outputting them back in pages, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin PoC v 3.0.13 the blockid needs to start with an existing block ID...

5.4CVSS5.2AI score0.00869EPSS
Exploits2Affected Software1
wpvulndb
wpvulndb
added 2022/11/17 12:0 a.m.21 views

News Announcement Scroll < 9.0.0 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS2.5AI score0.00392EPSS
Exploits0Affected Software1
wpvulndb
wpvulndb
added 2022/11/17 12:0 a.m.20 views

Chameleon < 1.4.4 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS2AI score0.00392EPSS
Exploits0Affected Software1
wpvulndb
wpvulndb
added 2022/11/17 12:0 a.m.14 views

Buddybadges <= 1.0.0 - Admin+ SQLi

The plugin does not sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users PoC https://example.com/wp-admin/options-general.php?page=buddybadge&wpedit=b2f9b59706=1+AND+SELECT+7741+FROM+SELECTSLEEP10hlAf...

7.2CVSS0.6AI score0.00964EPSS
Exploits2References1Affected Software1
wpvulndb
wpvulndb
added 2022/11/17 12:0 a.m.21 views

WooSwipe WooCommerce Gallery <= 2.0.1 - Subscriber+ Settings Update

The plugin does not have any authorisation when updating its settings, which could allow any authenticated users, such as subscriber to update them PoC POST /wp-admin/admin.php?page=wooswipe-options HTTP/1.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0...

8.8CVSS2.5AI score0.00631EPSS
Exploits1Affected Software1
wpvulndb
wpvulndb
added 2022/11/17 12:0 a.m.14 views

iFeature Slider <= 1.2 - Contributor+ Stored XSS

The plugin does not sanitise and escape some parameters, which could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks...

5.4CVSS3.1AI score0.00393EPSS
Exploits0Affected Software1
wpvulndb
wpvulndb
added 2022/11/17 12:0 a.m.14 views

Export Users With Meta <= 0.6.10 - Subscriber+ CSV Injection

The plugin does not validate data when output it back in a CSV file, which could lead to CSV injection...

2.3AI score
Exploits0Affected Software1
wpvulndb
wpvulndb
added 2022/11/17 12:0 a.m.16 views

GetYourGuide Ticketing < 1.0.4 - Admin+ Stored XSS

The plugin does not sanitise and escape some parameters, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC 1. Navigate toward the GYG Ticketing and GYG...

4.8CVSS2.2AI score0.00392EPSS
Exploits1Affected Software1
wpvulndb
wpvulndb
added 2022/11/17 12:0 a.m.19 views

Crowdsignal Dashboard < 3.0.10 - Contributor+ Rating Settings Update

The plugin does not have proper authorisation, which could allow users with a role as low as contributor to update the rating settings...

8.8CVSS4.2AI score0.00697EPSS
Exploits0References1Affected Software1
wpvulndb
wpvulndb
added 2022/11/17 12:0 a.m.17 views

Anthologize < 0.8.1 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its project parameters, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS2.4AI score0.00392EPSS
Exploits0Affected Software1
wpvulndb
wpvulndb
added 2022/11/17 12:0 a.m.19 views

Betheme < 26.6 - Subscriber+ PHP Object Injection

The plugin unserialize user input, which could allow low privilege users such as subscriber to perform PHP Object Injection when a suitable gadget is present...

8.8CVSS4.5AI score0.00615EPSS
Exploits0Affected Software1
wpvulndb
wpvulndb
added 2022/11/17 12:0 a.m.20 views

Essential Real Estate < 3.9.6 - Reflected Cross-Site-Scripting

The plugin does not sanitize and escapes some parameters, which could allow users with a role as low as Admin to perform Cross-Site Scripting attacks. PoC https://example.com/wp-admin/admin-ajax.php?action=erepropertygalleryfillterajaxgap=%22%3E%3Cscript%3Ealert%22xss%22;%3C/script%3E%3C!--...

5.4CVSS1.7AI score0.00869EPSS
Exploits2Affected Software1
wpvulndb
wpvulndb
added 2022/11/16 12:0 a.m.15 views

WooCommerce Shipping - DPD baltic < 1.2.11 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. PoC Put the following payload in the Name field o...

4.8CVSS0.6AI score0.0047EPSS
Exploits2Affected Software1
wpvulndb
wpvulndb
added 2022/11/16 12:0 a.m.20 views

Directorist < 7.4.2.2 - Subscriber+ Arbitrary User Password Update via IDOR

The plugin suffers from an IDOR vulnerability which an attacker can exploit to change the password of arbitrary users instead of his own. PoC The following Python script automates the exploitation of this vulnerability. The script was tested on an installation of WordPress 6.1 with the vulnerable...

6.5CVSS0.00606EPSS
Exploits2Affected Software1
wpvulndb
wpvulndb
added 2022/11/16 12:0 a.m.14 views

Donation Button <= 4.0.0 - Contributor+ Stored XSS

The plugin does not sanitize and escapes some parameters, which could allow users with a role as low as Contributor to perform Cross-Site Scripting attacks. PoC Put the following shortcode in a blog post: paypaldonationbutton align='center" onmouseover="alert1'...

5.4CVSS2.5AI score0.00534EPSS
Exploits2Affected Software1
wpvulndb
wpvulndb
added 2022/11/16 12:0 a.m.16 views

Easy Form Builder < 3.4.0 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. PoC 1. Navigate to New Form » go to the Settings...

4.8CVSS0.5AI score0.00392EPSS
Exploits1Affected Software1
wpvulndb
wpvulndb
added 2022/11/16 12:0 a.m.16 views

Donation Button <= 4.0.0 - Subscriber+ Broken Access Control leading to SMS Spam

The plugin does not properly check for privileges and nonce tokens in its "donationbuttontwiliosendtestsms" AJAX action, which may allow any users with an account on the affected site, like subscribers, to use the plugin's Twilio integration to send SMSes to arbitrary phone numbers. PoC While...

4.3CVSS2.5AI score0.00486EPSS
Exploits2Affected Software1
wpvulndb
wpvulndb
added 2022/11/16 12:0 a.m.23 views

Image Hover Effects < 5.5 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. PoC Go to the plugin settings Image Hover Effects...

4.8CVSS0.6AI score0.00532EPSS
Exploits2Affected Software1
wpvulndb
wpvulndb
added 2022/11/16 12:0 a.m.12 views

Permalink Manager Lite < 2.2.20.2 - Settings Update via CSRF

The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

8.8CVSS4.7AI score0.00421EPSS
Exploits0Affected Software1
wpvulndb
wpvulndb
added 2022/11/15 12:0 a.m.15 views

Helloprint < 1.4.7 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting PoC Make a logged in admin open the following URL: https://example.com/wp-admin/admin.php?page=language-translate.php=added"...

6.1CVSS6.2AI score0.00897EPSS
Exploits2Affected Software1
wpvulndb
wpvulndb
added 2022/11/14 12:0 a.m.15 views

WP Affiliate Platform < 6.4.0 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5.5CVSS2.9AI score0.00516EPSS
Exploits0Affected Software1
wpvulndb
wpvulndb
added 2022/11/14 12:0 a.m.14 views

Chaty < 3.0.3 - Admin+ SQLi

The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as admin. PoC...

7.2CVSS0.8AI score0.00992EPSS
Exploits2Affected Software1
wpvulndb
wpvulndb
added 2022/11/14 12:0 a.m.20 views

Transposh WordPress Translation <= 1.0.8 - Settings Update via Authorization Bypass

The plugin does not properly check for its "Who can translate" settings when the auto translate is enabled which is the default, which could allow unauthenticated attackers to update settings...

7.5CVSS5.3AI score0.01369EPSS
Exploits4Affected Software1
wpvulndb
wpvulndb
added 2022/11/14 12:0 a.m.22 views

Becustom < 1.0.5.3 - Settings Update via CSRF

The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack PoC...

8.8CVSS4AI score0.00781EPSS
Exploits5References1Affected Software1
wpvulndb
wpvulndb
added 2022/11/14 12:0 a.m.13 views

Feed Them Social < 3.0.1 - Subscriber+ Stored XSS

The plugin does not sanitise and escape some parameters, which could allow users with a role as low as Subscriber to perform Stored Cross-Site Scripting attacks...

3AI score
Exploits0Affected Software1
wpvulndb
wpvulndb
added 2022/11/14 12:0 a.m.23 views

Follow Me Plugin <= 3.1.1 - Stored XSS via CSRF

The plugin does not have CSRF check when updating its settings, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack...

8.8CVSS4.2AI score0.00552EPSS
Exploits1Affected Software1
wpvulndb
wpvulndb
added 2022/11/14 12:0 a.m.20 views

TeraWallet - For WooCommerce < 1.4.4 - Subscriber+ Arbitrary Wallet Lock/Unlock via IDOR

The plugin does not ensure that the wallet to lock/unlock belongs to the user making the request, allowing any authenticated users, such as subscriber to lock/unlock arbitrary wallets via an IDOR attack...

4.3CVSS5.1AI score0.00556EPSS
Exploits0Affected Software1
Total number of security vulnerabilities14603