Lucene search
+L
WpvulndbRecent

14603 matches found

WPVulnDB
WPVulnDB
added 2022/11/03 12:0 a.m.10 views

Showing URL in QR Code <= 0.0.1 - Stored XSS via CSRF

The plugin does not have CSRF check when updating its settings, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin or editor add Stored XSS payloads via a CSRF attack PoC Make a logged in editor or admin open a page with the below payload...

6.1CVSS3.5AI score0.00268EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2022/11/03 12:0 a.m.15 views

Find and Replace All <= 1.3 - Arbitrary Replacement via CSRF

The plugin does not have CSRF check when replacing string, which could allow attackers to make a logged admin replace arbitrary string in database tables via a CSRF attack PoC Make a logged in admin open a page with the below code...

4.3CVSS5.1AI score0.00267EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/11/02 12:0 a.m.17 views

OWM Weather < 5.6.9 - Contributor+ SQLi

The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as contributor PoC Logon as contributor and open the below URL, which will result in a delayed response If the "could not find origin...

8.8CVSS0.2AI score0.01053EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2022/11/02 12:0 a.m.54 views

Font Awesome 4 Menus <= 4.7.0 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. PoC Put the following payload in the "A custom...

1.2AI score0.00524EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/11/02 12:0 a.m.12 views

AM-HiLi <= 1.0 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS2.1AI score0.00412EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2022/11/02 12:0 a.m.16 views

AgentEasy Properties <= 1.0.4 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS2.2AI score0.00412EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2022/11/02 12:0 a.m.15 views

Video Thumbnails <= 2.12.3 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. PoC Put the following payload in the "Custom Fiel...

4.8CVSS1.7AI score0.00495EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/11/02 12:0 a.m.16 views

Salat Times < 3.2.2 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitize and escapes its settings, allowing high-privilege users such as admin to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. PoC Put the following payload in any text field of Settings Salat Times: " Save, and the XSS will be...

4.8CVSS2.6AI score0.00501EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/11/02 12:0 a.m.14 views

Jeeng Push Notifications < 2.0.4 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC Put the following payload in the "Account ID"...

4.8CVSS1.1AI score0.00501EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/11/01 12:0 a.m.17 views

Permalink Manager Lite < 2.2.20.1 - Unauthenticated URI Deletion

The plugin does not have authorisation checks when deleting URI, which could allow unauthenticated attackers to delete them...

9.8CVSS4.8AI score0.00649EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2022/11/01 12:0 a.m.20 views

WatchTowerHQ < 3.6.16 - Unauthenticated Arbitrary File Access

The plugin does properly check for the access token in its REST API endpoints, which could allow unauthenticated attackers to call them and download arbitrary files...

7.5CVSS4.6AI score0.007EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2022/11/01 12:0 a.m.21 views

Homepage Pop-up <= 1.2.5 - CSRF

The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...

8.8CVSS4.5AI score0.00264EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2022/11/01 12:0 a.m.22 views

WatchTowerHQ < 3.6.16 - Unauthenticated Arbitrary File Deletion

The plugin does properly check for the access token in its REST API endpoints, which could allow unauthenticated attackers to call them and delete arbitrary files...

9.1CVSS4.6AI score0.00819EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2022/10/31 12:0 a.m.19 views

WP-Polls < 2.76.0 - IP Validation Bypass

The plugin prioritizes getting a visitor's IP from certain HTTP headers over PHP's REMOTEADDR, which makes it possible to bypass IP-based limitations to vote in certain situations...

5.3CVSS2.1AI score0.0063EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
added 2022/10/31 12:0 a.m.18 views

Restaurant Menu < 2.3.2 - Multiple CSRF

The plugin does not have proper CSRF checks in some AJAX actions, allowing any attackers to make a logged in admin perform unwanted actions via CSRF attacks...

8.8CVSS5.3AI score0.00482EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2022/10/31 12:0 a.m.19 views

Restaurant Menu < 2.3.1 - Unauthorised AJAX Calls

The plugin does not have authorisation and CSRF checks in some AJAX actions, allowing any authenticated users, such as subscriber to call them and perform unauthorised actions such as update the plugin's settings...

6.5CVSS4.3AI score0.00534EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2022/10/31 12:0 a.m.25 views

miniOrange's Google Authenticator < 5.6.2 - Subscriber+ Settings Update

The plugin does not have authorisation check when updating its settings, which could allow any authenticated users, such as subscriber to update them...

8.8CVSS4.5AI score0.00636EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2022/10/31 12:0 a.m.20 views

Booster for WooCommerce - Checkout Files Deletion via CSRF

The plugins do not have CSRF check in place when deleting files uploaded at the checkout, allowing attackers to make a logged in shop manager or admin delete them via a CSRF attack PoC Requirements: - Enable the "Checkout File Upload" module of the plugin...

8.1CVSS0.5AI score0.00371EPSS
Exploits2Affected Software3
WPVulnDB
WPVulnDB
added 2022/10/31 12:0 a.m.28 views

Popup Maker < 1.16.11 - Contributor+ Stored Cross Site Scripting

The plugin does not sanitise and escape some of its Popup options, which could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks, which could be used against admins PoC Create a New popup Insert pop-up name, title, and body text. Add a new trigger with...

5.5CVSS0.9AI score0.00622EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/10/31 12:0 a.m.21 views

WP User Frontend < 3.5.29 - Obscure Registration as Admin

The plugin uses a user supplied argument called urhidden in its registration form, which contains the role for the account to be created with, encrypted via wpufencryption. This could allow an attacker having access to the AUTHKEY and AUTHSALT constant via an arbitrary file access issue for...

9.8CVSS1.2AI score0.00646EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/10/31 12:0 a.m.17 views

Mantenimiento web < 0.14 - Stored XSS via CSRF

The plugin does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack...

6.1CVSS4.4AI score0.00216EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2022/10/31 12:0 a.m.21 views

Event Monster < 1.2.1 - Admin+ SQLi

The plugin does not validate and escape some parameters before using them in SQL statements, which could lead to SQL Injection exploitable by high privilege users PoC...

7.2CVSS2.9AI score0.00962EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/10/31 12:0 a.m.16 views

Booster for WooCommerce - ShopManager+ Arbitrary File Download

The plugins do not validate files to download in some of its modules, which could allow ShopManager and Admin to download arbitrary files from the server even when they are not supposed to be able to for example in multisite PoC Enable the "Checkout File Upload" module and open the following URL ...

6.5CVSS6.4AI score0.00914EPSS
Exploits2Affected Software3
WPVulnDB
WPVulnDB
added 2022/10/31 12:0 a.m.23 views

Content Egg < 5.5.0 - Multiple CSRF

The plugin does not have CSRF checks in some places, which could allow attackers to make logged in admins perform unwanted actions via CSRF attacks...

8.8CVSS5.4AI score0.00284EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2022/10/31 12:0 a.m.16 views

Event Monster < 1.2.0 - Visitors Deletion via CSRF

The plugin does not have CSRF check when deleting visitors, which could allow attackers to make logged in admin delete arbitrary visitors via a CSRF attack PoC To delete the attendee/visitor with ID 1, make a logged in admin open a page with the HTML code below The statement deleting attendee is...

4.3CVSS3.3AI score0.00274EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/10/30 12:0 a.m.26 views

Appointment Booking Calendar < 1.3.70 - Feedback Submission via CSRF

The plugin does not have CSRF check when submitting feedback, which could allow attackers to make logged in users do such action on their behalf via a CSRF attack...

8.8CVSS4.9AI score0.00494EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2022/10/30 12:0 a.m.23 views

Advanced Dynamic Pricing for WooCommerce < 4.1.6 - Settings Import via CSRF

The plugin does not have CSRF check in place when importing its settings, which could allow attackers to make a logged in admin import them via a CSRF attack...

5.4CVSS5.6AI score0.00277EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2022/10/30 12:0 a.m.21 views

Appointment Hour Booking < 1.3.72 - Feedback Submission via CSRF

The plugin does not have CSRF check when submitting feedback, which could allow attackers to make logged in users do such action on their behalf via a CSRF attack...

8.8CVSS4.1AI score0.00494EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2022/10/30 12:0 a.m.26 views

Advanced Dynamic Pricing for WooCommerce < 4.1.6 - Rule Type Migration via CSRF

The plugin does not have CSRF check when migrating rule types, which could allow attackers to make logged in admin perform such action via a CSRF attack...

5.4CVSS5AI score0.00243EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2022/10/30 12:0 a.m.26 views

Soledad < 8.2.6 - Subscriber+ Cross-Site Scripting

The plugin does not sanitise and escape a parameter, which could allow users with a role as low as subscriber to perform Cross-Site Scripting attacks...

5.4CVSS2.8AI score0.00397EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2022/10/30 12:0 a.m.18 views

TeraWallet – For WooCommerce < 1.4.0 - Settings Update via CSRF

The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

8.8CVSS5AI score0.00264EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2022/10/29 12:0 a.m.15 views

Evaluate <= 1.0 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitize and escapes some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example, in multisite setup. PoC 1. Go to Settings » Evaluate » Add New. 2...

4.8CVSS2.4AI score0.00501EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/10/28 12:0 a.m.16 views

Login Block IPs <= 1.0.0 - IP Spoofing Bypass

The function checkisloginpage uses headers for the IP check, which can be easily spoofed. PoC Set HTTPCLIENTIP to bypass blocks / use allowed IP addresses...

7.5CVSS1.6AI score0.00664EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/10/28 12:0 a.m.19 views

Ultimate Member < 2.5.1 - Admin+ LFI via Traversal

The plugin does not validate and sanitize the pack parameter before using it in an include statement, which could allow high privilege users to perform local file inclusion attacks via a Traversal vector...

5.2AI score
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2022/10/28 12:0 a.m.14 views

Api2Cart Bridge Connector < 1.2.0 - Unauthenticated RCE

The plugin does not validate some parameters which could lead to RCE...

10CVSS3.5AI score0.0106EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2022/10/28 12:0 a.m.18 views

Ultimate Member < 2.5.1 - Admin+ RCE

The plugin does not validate user input passed to calluserfunc via the getoptionvaluefromcallback function, which could allow high privilege users to perform RCE even when they are not allowed to for example in multisite setup...

7.2CVSS4.1AI score0.0278EPSS
Exploits1Affected Software1
WPVulnDB
WPVulnDB
added 2022/10/28 12:0 a.m.28 views

Creative Mail < 1.6.0 - Multiple CSRF

The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks, such as enable disable contact sync, reset the plugin, unlink accounts and update email marketing settings...

8.8CVSS4.2AI score0.00276EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2022/10/28 12:0 a.m.13 views

My wpdb < 2.5 - Arbitrary SQL Query via CSRF

The plugin is missing CSRF check when running SQL queries, which could allow attacker to make a logged in admin run arbitrary SQL query via a CSRF attack PoC...

8.8CVSS4AI score0.00425EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/10/28 12:0 a.m.17 views

Creative Mail < 1.6.0 - CSRF

The plugin does not have CSRF checks in some places, which could allow attackers to make logged in admins perform unwanted actions such as Update Marketing Information via CSRF attacks...

8.8CVSS5AI score0.00264EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2022/10/28 12:0 a.m.14 views

Api2Cart Bridge Connector < 1.2.0 - Unauthenticated Arbitrary File Upload

The plugin does not validate file to be uploaded, which could allow unauthenticated attackers to upload arbitrary files such as PHP...

9.8CVSS4.9AI score0.00893EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2022/10/28 12:0 a.m.19 views

Modula < 2.6.91 - Unauthenticated Troubleshooting Settings Update

The plugin does not have authorisation and CSRF checks when updating its troubleshooting settings, which could allow any unauthenticated user to update them...

6.5CVSS3.2AI score0.00454EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2022/10/28 12:0 a.m.18 views

WP Best Quiz <= 1.0 - Author+ Stored XSS

The plugin does not sanitize and escape some parameters, which could allow users with a role as low as Author to perform Cross-Site Scripting attacks. PoC 1. Go to Quiz » Add Categories. 2. Inset a category with the payload as name: . 3. The XSS will be trigged when accessing the Add Categories...

2.4AI score0.00677EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/10/28 12:0 a.m.19 views

Ultimate Member < 2.5.1 - Contributor+ LFI via Traversal

The plugin does not validate and sanitize the template attribute of its shortcode before using it in an include statement, which could allow users with a role as low as contributor to perform local file inclusion attacks via a Traversal vector...

4.3CVSS4.8AI score0.02484EPSS
Exploits1Affected Software1
WPVulnDB
WPVulnDB
added 2022/10/28 12:0 a.m.14 views

Spacer < 3.0.7 - Admin+ Stored XSS

The plugin does not sanitize and escapes some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example, in multisite setup. PoC Add new Spacers and add payload " Gem to...

4.8CVSS2.7AI score0.0047EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/10/28 12:0 a.m.46 views

Ultimate Member < 2.5.1 - Subscriber+ RCE

The plugin does not validate user input passed to calluserfunc via the populatedropdownoptions function, which could allow any authenticated users, such as subscriber to call arbitrary functions without argument ie phpinfo...

7.2CVSS4.6AI score0.02735EPSS
Exploits1Affected Software1
WPVulnDB
WPVulnDB
added 2022/10/28 12:0 a.m.17 views

Booster for WooCommerce < 5.6.7 - Settings Reset via CSRF

The plugin does not have CSRF check in place when resetting its settings, which could allow attackers to make a logged in admin reset them via a CSRF attack...

5.4CVSS5.1AI score0.00231EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2022/10/28 12:0 a.m.22 views

Creative Mail < 1.6.0 - Settings Reset via CSRF

The plugin does not have CSRF check when resetting its settings, which could allow attackers to make logged in admins perform such action via a CSRF attack...

8.8CVSS4.7AI score0.00707EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2022/10/27 12:0 a.m.72 views

Avada < 7.8.2 - Arbitrary Plugin Instalation/Activation via CRSF

Description The theme does not have CSRF check when installing and activating plugins, which could allow attackers to make logged admins install and activate arbitrary plugins via CSRF attacks...

8.8CVSS8.8AI score0.00457EPSS
Exploits0
WPVulnDB
WPVulnDB
added 2022/10/27 12:0 a.m.19 views

All in One SEO Pro < 4.2.6 - Admin+ SSRF

The plugin does not validate a parameter before making a request to it, which could allow users with a role as low as Admin to perform SSRF attack...

6.5CVSS4AI score0.00553EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2022/10/27 12:0 a.m.26 views

Zoho CRM Lead Magnet < 1.7.6.2 - Subscriber+ Arbitrary Options Update

The plugin does not have authorisation and CSRF in some AJAX actions, and does not ensure that the option to be updated belong to the plugin. As a result, any authenticated users, such as subscriber could update arbitrary blog options such as defaultrole and userscanregister. PoC v response.text...

8.8CVSS0.9AI score0.02971EPSS
Exploits1Affected Software1
Total number of security vulnerabilities14603