Lucene search
+L
WpvulndbRecent

14603 matches found

WPVulnDB
WPVulnDB
added 2022/11/14 12:0 a.m.16 views

Comic Book Management System < 2.2.0 - Admin+ SQLi

The plugin does not sanitize and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as Admin. PoC https://example.com/wp-admin/admin.php?page=cbmsweeklypicksadmin=updatepicks=1+AND+SELECT+7741+FROM+SELECTSLEEP3hlAf POST...

7.2CVSS0.1AI score0.00964EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2022/11/14 12:0 a.m.14 views

WordPress Countdown Widget < 3.1.9.3 - Admin+ Stored XSS

The plugin does not sanitise and escape some parameters, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

2.3AI score
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2022/11/14 12:0 a.m.22 views

Advanced Import < 1.3.8 - Arbitrary Plugin Installation & Activation via CSRF

The plugin does not have CSRF check when installing and activating plugins, which could allow attackers to make a logged in admin install arbitrary plugins from WordPress.org, and activate arbitrary ones from the blog via CSRF attacks PoC Make a logged in admin open a page containing the HTML cod...

6.5CVSS3.7AI score0.00356EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/11/14 12:0 a.m.20 views

WP Affiliate Platform < 6.4.0 - Reflected Cross-Site Scripting

The plugin does not escape the $SERVER'REQUESTURI' parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers...

6.1CVSS3.4AI score0.0058EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2022/11/14 12:0 a.m.16 views

WP Affiliate Platform < 6.4.0 - Affiliate Record Deletion via CSRF

The plugin does not have CSRF checks when deleting affiliate records, which could allow attackers to make logged in admins to delete arbitrary record via a CSRF attack...

8.8CVSS5.4AI score0.0042EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2022/11/14 12:0 a.m.24 views

Photospace Gallery <= 2.3.5 - Subscriber+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some parameters, which could allow users with a role as low as subscriber to perform Stored Cross-Site Scripting attacks...

6.4CVSS3.4AI score0.00627EPSS
Exploits1Affected Software1
WPVulnDB
WPVulnDB
added 2022/11/14 12:0 a.m.12 views

Feed Them Social < 3.0.1 - Settings Update via CSRF

The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

4.4AI score
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2022/11/12 12:0 a.m.15 views

Workreap - Freelance Marketplace and Directory < 2.6.3 - Subscriber+ Private Message Disclosure via IDOR

The theme has a vulnerability with the notifications feature as it's possible to read any user's notification employer or freelancer as the notification ID is brute-forceable. PoC POST /testt/wp-admin/admin-ajax.php HTTP/2 Host: host Cookie: Content-Type: application/x-www-form-urlencoded;...

7.5CVSS1AI score0.00783EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/11/11 12:0 a.m.20 views

Broken Link Checker < 1.11.20 - Admin+ Cross-Site Scripting

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC Put the following payload in the Youtube API K...

4.8CVSS2AI score0.00506EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/11/11 12:0 a.m.22 views

AdRotate Banner Manager < 5.9.1 - Password Change via CSRF

The plugin does not have CSRF checks in some places, which could allow attackers to make a logged admin change their password via CSRF attacks...

8.8CVSS5.3AI score0.00264EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2022/11/11 12:0 a.m.13 views

PostmagThemes Demo < 1.0.8 - Admin+ Arbitrary File Upload

The plugin does not validate the imported file, allowing high-privilege users such as admin to upload arbitrary files such as PHP leading to RCE. PoC 1. Go to Appearance » Import Demo Data » Manual demo files upload » Run "Choose a JSON file for customizer import" and import a PHP file. 2. Click...

7.2CVSS0.01042EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/11/10 12:0 a.m.24 views

Add Comments <= 1.0.1 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. PoC POST...

4.8CVSS0.2AI score0.00532EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/11/10 12:0 a.m.31 views

Clerk < 4.0.0 - Authentication Bypass and API Keys Disclosure

The plugin is affected by time-based attacks in the validation function for all API requests due to the usage of comparison operators to verify API keys against the ones stored in the site options. PoC - Install the plugin and set the API creds to: - Key:...

7.5CVSS7.5AI score0.00881EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/11/10 12:0 a.m.19 views

Advanced WP Columns <= 2.0.6 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. PoC Put the following payload in the plugin setti...

4.8CVSS2.3AI score0.00567EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/11/10 12:0 a.m.17 views

Uji Countdown <= 2.2 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. PoC 1. In the settings of the plugin add the...

4.8CVSS1.8AI score0.0047EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/11/10 12:0 a.m.13 views

WP Page Builder <= 1.2.8 - Admin+ Stored Cross-Site

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. PoC Navigate to Setting » add the payload: ", int...

4.8CVSS2AI score0.0047EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/11/10 12:0 a.m.17 views

S2W - Import Shopify to WooCommerce < 1.1.13 - Admin+ Arbitrary File Access

The plugin does not validate files to be accessed, which could allow high privilege users such as admin to read arbitrary files from the server...

4.9CVSS4.1AI score0.00676EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2022/11/10 12:0 a.m.21 views

WP OAuth Server < 3.4.2 - Client Secret Regeneration via CSRF

The plugin does not have CSRF check when regenerating secrets, which could allow attackers to make logged in admins regenerate the secret of an arbitrary client given they know the client ID PoC Make a logged in admin open a page containing the HTML code below. This will regenerate the secret for...

6.5CVSS2.7AI score0.00326EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/11/09 12:0 a.m.16 views

WP CSV Exporter < 1.3.7 - Admin+ SQLi

The plugin does not properly sanitise and escape some parameters before using them in a SQL statement, allowing high privilege users such as admin to perform SQL injection attacks PoC As an admin, go to Tools CSV Export, leave everything as default and click on Export POSTS CSV Intercept the...

7.2CVSS0.1AI score0.0097EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/11/09 12:0 a.m.16 views

Simple Video Embedder <= 2.2 - Contributor+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some parameters, which could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks...

5.4CVSS3.1AI score0.00467EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2022/11/09 12:0 a.m.18 views

WPML < 4.5.11 - Subscriber+ Translation Job Status Update

The plugin does not have authorisation when updating the status of translation jobs, which could allow any authenticated users, such as subscriber to perform such action...

4.3CVSS3.5AI score0.00503EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2022/11/09 12:0 a.m.33 views

WPML < 4.5.14 - CSRF

The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks such as change the status of a translation job...

8.8CVSS4.5AI score0.00298EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2022/11/09 12:0 a.m.23 views

WPML < 4.5.11 - Subscriber+ Settings Update

The plugin does not have authorisation check when updating the selected language for legacy widgets and default behaviour for media content settings, which could allow any authenticated users, such as subscriber to update them...

5.4CVSS4.1AI score0.00503EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2022/11/09 12:0 a.m.18 views

Better Messages < 1.9.10.71 - Subscriber+ Messaging Block Bypass

The plugin does not properly block messages, which could allow subscriber and above role to bypass the block system in place...

6.5CVSS2.7AI score0.00447EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2022/11/09 12:0 a.m.20 views

REST API Authentication < 2.4.1 - Settings Update via CSRF

The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

8.8CVSS4.8AI score0.00264EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2022/11/09 12:0 a.m.16 views

Seed Social < 2.0.4 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. PoC 1. Put the following payload in any of the...

2.2AI score0.00497EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/11/08 12:0 a.m.34 views

Blog2Social < 6.9.12 - Subscriber+ Settings Update

The plugin does not have authorisation check when updating its settings, which could allow any authenticated users, such as subscriber to update them...

4AI score0.00595EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2022/11/08 12:0 a.m.14 views

Salon Booking System < 7.9.4 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting...

6.1CVSS1.4AI score0.00785EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2022/11/08 12:0 a.m.27 views

5 Anker Connect < 1.2.7 - Reflected Cross-Site Scripting

Description The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting...

4.8CVSS5AI score0.00437EPSS
Exploits0
WPVulnDB
WPVulnDB
added 2022/11/08 12:0 a.m.16 views

3DPrint < 3.5.6.9 - Arbitrary File and Directory Deletion via CSRF

Description The plugin does not protect against CSRF attacks in the modified version of Tiny File Manager included with the plugin, allowing an attacker to craft a malicious request that will delete any number of files or directories on the target server by tricking a logged in admin into...

8.1CVSS8AI score0.00404EPSS
Exploits2
WPVulnDB
WPVulnDB
added 2022/11/08 12:0 a.m.16 views

Theme-Demo-Importer < 1.1.1 - Admin+ Arbitrary File Upload

The plugin does not validate the imported file, allowing high-privilege users such as admin to upload arbitrary files such as PHP even when FILEMODS and FILEEDIT are disallowed. PoC 1. Navigate to: Appearance Import Demo Content Theme Demo Importer Manually upload the demo files 2. Use the XML...

1AI score0.012EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/11/08 12:0 a.m.16 views

Form Vibes < 1.4.5 - Admin+ SQLi

The "deleteentries" function does not filter parameters from the request. This leads to an SQL Injection vulnerability. PoC - Create a submission using the Contact From 7 plugin. - On the Form Vibes tab in the dashboard, click "submissions" and implement the delete function on an entry. -...

1.1AI score0.00981EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/11/08 12:0 a.m.16 views

WP OAuth Server < 4.2.2 - Admin+ Stored XSS

The plugin does not sanitize and escape Client IDs, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC Edit a client "OAuth Server Clients and put the followin...

4.8CVSS0.3AI score0.00485EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/11/07 12:0 a.m.27 views

HTML Forms < 1.3.25 - Admin+ SQLi

The plugin does not properly properly escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users PoC Access the submission page on https://example.com/wp-admin/admin.php?page=html-forms=editid=formID=submissions Capture the request after...

7.2CVSS0.8AI score0.01786EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/11/07 12:0 a.m.37 views

Checkout Field Editor for WooCommerce < 1.8.0 - Admin+ PHP Object Injection

The plugin unserialize user input provided via the settings, which could allow high privilege users such as admin to perform PHP Object Injection when a suitable gadget is present PoC To simulate a gadget chain, put the following code in a plugin class Evil public function wakeup : void...

7.2CVSS2.3AI score0.01141EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/11/07 12:0 a.m.14 views

Testimonial Slider <= 1.3.1 - Stored XSS via CSRF

The plugin does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack...

8.8CVSS5.1AI score0.00293EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2022/11/07 12:0 a.m.19 views

WPSmartContracts < 1.3.12 - Author+ SQLi

The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as author PoC Logon as an author and open the following URL, which will result in a delayed response...

8.8CVSS0.3AI score0.03663EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2022/11/07 12:0 a.m.22 views

LoginPress < 1.6.3 - Unauthenticated Settings Update

The plugin does not have authorisation and CSRF checks when updating its Opt-In and Opt-Out tracking settings, which could allow any unauthenticated users to update them...

5.3CVSS4.4AI score0.00479EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2022/11/04 12:0 a.m.18 views

Jeg Elementor Kit < 2.5.7 - Unauthenticated Settings Update

The plugin does not have authorisation check when updating its settings, which could allow unauthenticated users, such as subscriber to update them such as the change the MailChimp API key, 404 page settings etc...

8.6CVSS3.8AI score0.01594EPSS
Exploits1Affected Software1
WPVulnDB
WPVulnDB
added 2022/11/04 12:0 a.m.13 views

WP Admin UI Customize < 1.5.13 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. PoC 1. Go to "WP Admin UI Customize" » "Login...

4.8CVSS1.8AI score0.00533EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/11/04 12:0 a.m.14 views

Donations via PayPal < 1.9.9 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. PoC 1. Click the 'Settings' button of this plugin...

4.8CVSS0.9AI score0.00532EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/11/04 12:0 a.m.41 views

Jeg Elementor Kit < 2.5.7 - Subscriber+ Authorization Bypass

The plugin does not properly authorize requests to various ajax actions, allowing authenticated users with roles as low as subscriber to create header templates and make additional changes to the site using an easily available nonce value...

5.4CVSS2.8AI score0.00644EPSS
Exploits1Affected Software1
WPVulnDB
WPVulnDB
added 2022/11/03 12:0 a.m.15 views

Beautiful Cookie Consent Banner < 2.9.1 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. PoC The PoC will be displayed once the issue has...

4.8CVSS2.6AI score0.00459EPSS
Exploits1Affected Software1
WPVulnDB
WPVulnDB
added 2022/11/03 12:0 a.m.17 views

Find and Replace All < 1.3 - Reflected Cross Site Scripting

The plugin does not sanitize and escape some parameters from its setting page before outputting them back to the user, leading to a Reflected Cross-Site Scripting issue. PoC...

6.1CVSS1.3AI score0.00486EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/11/03 12:0 a.m.20 views

4ECPS Web Forms <= 0.2.17 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS4.7AI score0.00412EPSS
Exploits0
WPVulnDB
WPVulnDB
added 2022/11/03 12:0 a.m.12 views

Fancier Author Box by ThematoSoup <= 1.4 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. PoC 1. Open the setting page of this plugin. 2...

4.8CVSS0.5AI score0.00501EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/11/03 12:0 a.m.19 views

Analytics for WP <= 1.5.1 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. PoC 1. In the Settings page of this plugin, in th...

4.8CVSS0.7AI score0.00519EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/11/03 12:0 a.m.15 views

VR Calendar < 2.3.4 - Calendar Deletion/Update & Settings Update via CSRF

The plugin does not have CSRF checks when deleting and updating calendars, as well as updating the plugin settings, which could allow attackers to make logged a admin delete and update arbitrary calendars and modify the plugin settings via CSRF attacks...

8.8CVSS5.5AI score0.00454EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2022/11/03 12:0 a.m.15 views

Image Hover Effects Css3 <= 4.5 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. PoC 1. Go to Hover Effects » Hover Effects » Add...

4.8CVSS0.4AI score0.0047EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/11/03 12:0 a.m.19 views

reCAPTCHA <= 1.6 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. PoC 1. On the setting page of this plugin, enter...

4.8CVSS2.2AI score0.00532EPSS
Exploits2Affected Software1
Total number of security vulnerabilities14603