Lucene search
+L
WpvulndbRecent

14603 matches found

WPVulnDB
WPVulnDB
added 2022/10/27 12:0 a.m.17 views

Contact Form 7 Database Addon < 1.2.6.5 - CSV Injection

The plugin does not validate data when output it back in a CSV file, which could lead to CSV injection PoC Use a Contact Form 7 form and submit an Excel formula in the message field, such as "=5+5" without quotes. Export the entry as CSV using the plugin and import it into Excel...

9.8CVSS1.3AI score0.03617EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/10/26 12:0 a.m.24 views

Web Stories < 1.25.0 - Subscriber+ Server Side Request Forgery

The plugin does not validate the url parameter passed to the v1/hotlink/proxy REST endpoint, allowing any authenticated users to perform SSRF attacks...

9.6CVSS4.4AI score0.00694EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2022/10/25 12:0 a.m.10 views

Grid Kit Premium <= 1.8.53 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape some parameters before outputting them back in various pages, leading to Reflected Cross-Site Scripting PoC https://example.com/wp-admin/admin.php?page=grid-kit=edit=...

0.9AI score
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2022/10/25 12:0 a.m.27 views

SEO Redirection Plugin < 9.1 - Multiple CSRF

The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...

8.8CVSS5AI score0.00276EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2022/10/25 12:0 a.m.26 views

Image Hover Effects Ultimate < 9.7.2 - Authenticated Arbitrary Options Change

The plugin does not ensure that the options to be updated belong to the plugin, which could allow high privilege users to update arbitrary options even when they should not be allowed to...

7.2CVSS3.5AI score0.00798EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2022/10/24 12:0 a.m.25 views

SearchWP < 4.2.6 - Subscriber+ Settings Update

The plugin does not have authorisation check when updating its settings, which could allow any authenticated users, such as subscriber to update them...

5.4CVSS3.7AI score0.00443EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2022/10/24 12:0 a.m.14 views

IP Blacklist Cloud Plugin <= 5.00 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS2.2AI score0.00392EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2022/10/24 12:0 a.m.20 views

IP Blacklist Cloud Plugin <= 5.00 - Admin+ SQLi

The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin...

9.1CVSS2.2AI score0.00723EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2022/10/24 12:0 a.m.118 views

tagDiv Composer < 3.5 - Unauthenticated Account Takeover

Description The plugin, required by the themes, does not properly implement the Facebook login feature, allowing unauthenticated attackers to login as any user by just knowing their email address PoC Run the below command in the developer console of the web browser while being on the blog as an...

9.8CVSS9.6AI score0.03546EPSS
Exploits2
WPVulnDB
WPVulnDB
added 2022/10/24 12:0 a.m.12 views

Traffic Manager <= 1.4.5 - Subscriber+ Stored Cross-Site Scripting

The plugin does not authorisation and does not sanitise as well as escape some parameters, which could allow users with a role as low as subscriber to perform Stored Cross-Site Scripting attacks...

6.5CVSS3.5AI score0.00403EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2022/10/24 12:0 a.m.17 views

Phone Orders for WooCommerce < 3.7.2 - Subscriber+ Sensitive Data Exposure

The plugin disclose unspecified sensitive information to low privilege users such as subscriber...

6.5CVSS4.1AI score0.00591EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2022/10/21 12:0 a.m.22 views

Contact Form Entries < 1.3.0 - CSV Injection

The plugin does not validate data when its output in a CSV file, which could lead to CSV injection. PoC - Submit a form using Contact Form 7, Ninja Forms, Elementor Forms or WP Forms using =5+5 as the value - Export the data as CSV /wp-admin/admin.php?page=vxcfleads - Open the CSV with a...

0.9AI score0.00428EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/10/21 12:0 a.m.22 views

Quiz And Survey Master < 7.3.5 - Admin+ SQL Injection

The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privileged users...

9.1CVSS2.7AI score0.00816EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2022/10/21 12:0 a.m.16 views

OAuth Client by DigitialPixies <= 1.1.0 - CSRF

The plugin does not have CSRF checks in some places, which could allow attackers to make logged-in users perform unwanted actions. PoC Make a logged in user visit a page with the following code fetch'https://example.com/wp-admin/admin-ajax.php', method: 'POST', headers: new Headers 'Content-Type'...

6.5CVSS2.6AI score0.0034EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/10/21 12:0 a.m.20 views

WP Page Builder < 1.2.7 - Author+ Stored XSS

The plugin does not sanitise and escape some parameters, which could allow users with a role as low as Author to perform Cross-Site Scripting attacks...

5.4CVSS2.6AI score0.00409EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2022/10/21 12:0 a.m.13 views

Quiz And Survey Master < 7.3.5 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting against users with a role as low as editor...

5.4CVSS2.5AI score0.00412EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2022/10/21 12:0 a.m.15 views

Quiz And Survey Master < 7.3.11 - Subscriber+ XSS

The plugin does not sanitise and escape some parameters, which could allow users with a role as low as Subscriber to perform Cross-Site Scripting attacks...

6.1CVSS2.8AI score0.00419EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2022/10/21 12:0 a.m.15 views

Quiz And Survey Master < 7.3.11 - Bypass

The plugin is affected by an unspecified bypass issue...

9.8CVSS2.8AI score0.00687EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2022/10/21 12:0 a.m.15 views

Quiz And Survey Master < 7.3.11 - Sensitive Information Disclosure

The plugin discloses unspecified sensitive information...

7.5CVSS1.5AI score0.00652EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2022/10/21 12:0 a.m.18 views

Quiz And Survey Master < 7.3.7 - Multiple Author+ IDOR

The plugin does not properly check for authorisation, which could allow users with a role as low as author to perform unauthorised actions, such as delete and duplicate quiz they should not be able to...

8.8CVSS3.5AI score0.00525EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2022/10/21 12:0 a.m.19 views

Quiz And Survey Master < 7.3.5 - Contributor+ Stored XSS

The plugin does not sanitise and escape some parameters, which could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks...

5.4CVSS3AI score0.00429EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2022/10/21 12:0 a.m.19 views

OAuth Client by DigitialPixies <= 1.1.0 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitize and escapes some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example, in multisite setup. PoC Put the following payload in any of the...

4.8CVSS2.9AI score0.00501EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/10/21 12:0 a.m.17 views

Quiz And Survey Master < 7.3.5 - Contributor+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some parameters, which could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks...

5.4CVSS3.3AI score0.0044EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2022/10/21 12:0 a.m.14 views

Better Messages < 1.9.10.69 - Subscriber+ SSRF

The plugin does not validate a parameter before making a request to it, which could allow users with a role as low as subscriber to perform SSRF attacks...

8.8CVSS3.8AI score0.00535EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2022/10/20 12:0 a.m.16 views

Simple SEO < 1.8.13 - Sitemap Creation/Deletion via CSRF

The plugin does not have CSRF checks when creating and deleting sitemaps, which could allow attackers to make logged admins create and delete arbitrary sitemaps via CSRF attacks...

5.4CVSS5.1AI score0.00239EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2022/10/20 12:0 a.m.26 views

Welcart eCommerce < 2.7.8 - Unauthenticated Arbitrary File Access

The plugin does not validate user input used in a path, which could allow unauthenticated users to read arbitrary files via a traversal attack...

9.8CVSS5AI score0.05116EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/10/20 12:0 a.m.16 views

Advanced Order Export For WooCommerce < 3.3.3 - Export Files via CSRF

The plugin does not have CSRF check when exporting files, which could allow attackers to make a logged in admin perform such action via a CSRF attack...

6.5CVSS4.6AI score0.00313EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2022/10/20 12:0 a.m.12 views

Simple SEO < 1.8.13 - Subscriber+ Sitemap Creation/Deletion

The plugin does not have authorisation check when creating and deleting sitemaps, which could allow any authenticated users, such as subscriber to create and delete them...

5.4CVSS3.6AI score0.00211EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2022/10/19 12:0 a.m.15 views

reSmush.it Image Optimizer < 0.4.7 - Multiple CSRF

The plugin does not perform CSRF checks for any of its AJAX actions, allowing an attackers to trick logged in users to perform various actions on their behalf on the site. PoC...

6.5CVSS4.3AI score0.00326EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/10/19 12:0 a.m.14 views

Mantenimiento Web < 0.14 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS2AI score0.00437EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2022/10/19 12:0 a.m.409 views

WP < 6.0.3 - CSRF in wp-trackback.php

Description There is no CSRF check in the wp-trackback.php which could allow attackers to make user perform unwanted actions via a CSRF attack...

7AI score
Exploits0References2
WPVulnDB
WPVulnDB
added 2022/10/19 12:0 a.m.126 views

WP < 6.0.3 - Stored XSS via the Customizer

Description WordPress does not escape some input in the Customizer, which could lead to Stored Cross-Site Scripting issue...

6.2AI score
Exploits0References2
WPVulnDB
WPVulnDB
added 2022/10/19 12:0 a.m.15 views

reSmush.it Image Optimizer < 0.4.4 - Subscriber+ AJAX Calls

The plugin lacks authorization in various AJAX actions, allowing any logged-in users, such as subscribers to call them. PoC Examples of actions where low-privileged users can directly ask - https://example.com/wp-admin/admin-ajax.php?action=resmushitbulkgetimages -...

4.3CVSS2.2AI score0.00486EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/10/19 12:0 a.m.10 views

Webmaster Tools Verification <= 1.2 - Unauthenticated Arbitrary Plugin Deactivation

The plugin does not have authorisation and CSRF checks when disabling plugins, allowing unauthenticated users to disable arbitrary plugins PoC curl -X POST --data "wmtvuninstall=1uninstallconfirm=1=akismet/akismet.php" https://example.com...

6.5CVSS3.3AI score0.00349EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/10/19 12:0 a.m.194 views

WP < 6.0.3 - Reflected XSS via SQLi in Media Library

Description WordPress does not properly escape input in the Media Library, which could lead to a Reflected Cross-Site Scripting issue...

6.5AI score
Exploits0References2
WPVulnDB
WPVulnDB
added 2022/10/19 12:0 a.m.301 views

WP < 6.0.3 - Data Exposure via REST Terms/Tags Endpoint

Description The REST Terms/Tags Endpoint does not have proper authorisation in place, which could allow unauthorised users to access sensitive information...

6.6AI score
Exploits0References2
WPVulnDB
WPVulnDB
added 2022/10/19 12:0 a.m.47 views

WP < 6.0.3 - Stored XSS via Comment Editing

Description WordPress does not properly escape comments, which could lead to Stored Cross-Site Scripting issues...

6.2AI score
Exploits0References2
WPVulnDB
WPVulnDB
added 2022/10/19 12:0 a.m.257 views

WP < 6.0.3 - Content from Multipart Emails Leaked

Description When sending multiple emails within one request thus resuing the PHPMailer instance, the plain text content of the first multipart email leaks to the subsequent non-multipart emails as AltBody/plaintext email...

7.1AI score
Exploits0References2
WPVulnDB
WPVulnDB
added 2022/10/19 12:0 a.m.96 views

WP < 6.0.3 - Stored XSS via RSS Widget

Description WP does not escape the error messages in the RSS Widget, which could lead to Stored Cross-Site Scripting issue...

6.2AI score
Exploits0References2
WPVulnDB
WPVulnDB
added 2022/10/19 12:0 a.m.73 views

WP < 6.0.3 - Multiple Stored XSS via Gutenberg

Description The packaged Gutenberg does not escape data from some blocks before outputting ti back in pages, which could lead to Stored XSS issues. Affected blocks: Search, Feature Image, RSS and Widget...

5.9AI score
Exploits0References2
WPVulnDB
WPVulnDB
added 2022/10/19 12:0 a.m.539 views

WP < 6.0.3 - Email Address Disclosure via wp-mail.php

Description WordPress discloses the sender's email address via wp-mail.php...

7.1AI score
Exploits0References2
WPVulnDB
WPVulnDB
added 2022/10/19 12:0 a.m.463 views

WP < 6.0.3 - SQLi in WP_Date_Query

Description WP does not properly sanitize the relation passed to WPDateQuery, which could lead to SQL injection...

8.1AI score
Exploits0References2
WPVulnDB
WPVulnDB
added 2022/10/19 12:0 a.m.140 views

WP < 6.0.3 - Open Redirect via wp_nonce_ays

Description WordPress does not validate the URL to redirect the user to when displaying the nonce error via wpnonceays, which could lead to an Open Redirect issue...

7AI score
Exploits0References2
WPVulnDB
WPVulnDB
added 2022/10/18 12:0 a.m.17 views

ImageMagick-Engine < 1.7.6 - Command Injection via CSRF

The plugin is missing CSRF checks in multiple actions, which could allow attackers to make a logged in admin perform unwanted actions. In this case, it could lead to RCE via Command Injection PoC https://example.com/wp-admin/admin-ajax.php?action=imetestimpathpath=payload...

3.7AI score0.01074EPSS
Exploits2References2Affected Software1
WPVulnDB
WPVulnDB
added 2022/10/18 12:0 a.m.45 views

WP < 6.0.3 - Stored XSS via wp-mail.php

Description WordPress does not properly sanitize some parameters when receiving a post by email, which could lead to Stored Cross-Site Scripting issue...

6.2AI score
Exploits0References2
WPVulnDB
WPVulnDB
added 2022/10/18 12:0 a.m.10 views

Chat Bubble < 2.3 - Unauthenticated Stored Cross-Site Scripting

The plugin does not sanitise and escape some contact parameters, which could allow unauthenticated attackers to set Stored Cross-Site Scripting payloads in them, which will trigger when an admin view the related contact message PoC Setup: - In the General Settings of the plugin, check the "Show...

6.1CVSS2.8AI score0.00526EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/10/18 12:0 a.m.15 views

WP Attachments < 5.0.5 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitize and escapes some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example, in multisite setup. PoC Inject an XSS payload in the title by going...

4.8CVSS1.7AI score0.00532EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/10/18 12:0 a.m.13 views

Grid Kit Premium <= 1.8.53 - Reflected Cross-Site Scripting

The plugin does not escape generated URLs before outputting them back in attributes, leading to a Reflected Cross-Site Scripting. PS: The original advisory mentions the issue being in photo-gallery, however it is not the case. PoC On a page where there is a gallery embed, append a'-alert/XSS///=1...

Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2022/10/17 12:0 a.m.10 views

eCommerce Product Catalog Plugin for WordPress < 3.0.72 - Reflected XSS

The plugin does not sanitise and escape some parameter before outputting them back in attributes and JS code in admin dashboards, leading to Reflected Cross-Site Scripting PoC Make a logged in admin open one of the URLs below...

6.9AI score
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2022/10/17 12:0 a.m.16 views

WP Hide <= 0.0.2 - Unauthenticated Settings Update

The plugin does not have authorisation and CSRF checks in place when updating the customwpadminslug settings, allowing unauthenticated attackers to update it with a crafted request PoC curl -X POST --data "customwpadminslug=attacker-value" https://example.com/wp-admin/admin-post.php Settings is...

5.3CVSS2AI score0.00346EPSS
Exploits2Affected Software1
Total number of security vulnerabilities14603