Lucene search
+L
WpvulndbRecent

14603 matches found

WPVulnDB
WPVulnDB
•added 2022/10/17 12:0 a.m.•18 views

Complianz (Free < 6.3.4, Premium < 6.3.6) - Translator SQLi

The plugins allow a translators to inject arbitrary SQL through an unsanitized translation. SQL can be injected through an infected translation file, or by a user with a translator role through translation plugins such as Loco Translate or WPML. PoC 1. Install Complianz and set the following...

8.8CVSS2.5AI score0.01196EPSS
Exploits2Affected Software2
WPVulnDB
WPVulnDB
•added 2022/10/17 12:0 a.m.•17 views

Import and export users and customers < 1.20.5 - Subscriber+ CSV Injection

The plugin does not properly escape data when exporting it via CSV files. PoC 1 Edit your subscriber account's nickname to: ;=1+3 2 As an administrator, export your users data via http://vulnerable-site.tld/wp-admin/tools.php?page=acui=export, and open the resulting CSV file in Excel or equivalen...

8CVSS1.6AI score0.0099EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
•added 2022/10/17 12:0 a.m.•13 views

Role Based Pricing for WooCommerce < 1.6.2 - Subscriber+ Arbitrary File Upload

The plugin does not have authorisation and proper CSRF checks, and does not validate files to be uploaded, allowing any authenticated users like subscriber to upload arbitrary files, such as PHP PoC As a subscriber, open the HTML code below while being logged in as a subscriber, then choose a fil...

8.8CVSS0.2AI score0.00498EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/10/17 12:0 a.m.•11 views

eCommerce Product Catalog Plugin for WordPress < 3.0.72 - Reflected XSS via AJAX

The plugin does not sanitise and escape a parameter before outputting it back in the response of an AJAX action available to any authenticated users, such as subscriber, leading to a Reflected Cross-Site Scripting PoC Make a logged in user open a page containing the HTML code below...

1.1AI score
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2022/10/17 12:0 a.m.•13 views

Easy Digital Downloads < 3.0 - Arbitrary Post Deletion via CSRF

The plugin does not have CSRF check in place when deleting payment history, and does not ensure that the post to be deleted is actually a payment history. As a result, attackers could make a logged in admin delete arbitrary post via a CSRF attack PoC...

4.3CVSS2.9AI score0.00286EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/10/17 12:0 a.m.•18 views

Product Stock Manager < 1.0.5 - Subscriber+ Unauthorised AJAX Calls

The plugin does not have authorisation and proper CSRF checks in multiple AJAX actions, allowing users with a role as low as subscriber to call them. One action in particular could allow to update arbitrary options PoC To set the default role for new users to administrator, run the below command ...

4.3CVSS2.3AI score0.00264EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/10/17 12:0 a.m.•21 views

FluentForm < 4.3.13 - CSV Injection

The plugin does not validate and escape fields when exporting form entries as CSV, leading to a CSV injection PoC - As unauthenticated, submit a form using =5+5 as value in any field - As admin, export the data as CSV /wp-admin/admin.php?page=fluentformsid=1=entries - open the CSV with a...

9.8CVSS1.6AI score0.01231EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/10/17 12:0 a.m.•19 views

WooCommerce Dropshipping < 4.4 - Unauthenticated SQLi

The plugin does not properly sanitise and escape a parameter before using it in a SQL statement via a REST endpoint available to unauthenticated users, leading to a SQL injection PoC curl -isk -X 'POST' -H "Content-Type: application/json" --data '"sku":"a" AND SELECT 42 FROM SELECTSLEEP5wlHd--...

9.8CVSS2.3AI score0.03686EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/10/17 12:0 a.m.•20 views

Role Based Pricing for WooCommerce < 1.6.3 - Subscriber+ PHAR Deserialization

The plugin does not have authorisation and proper CSRF checks, as well as does not validate path given via user input, allowing any authenticated users like subscriber to perform PHAR deserialization attacks when they can upload a file, and a suitable gadget chain is present on the blog PoC As a...

8.8CVSS0.9AI score0.00511EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/10/17 12:0 a.m.•72 views

WP < 6.0.3 - Stored XSS via wp-mail.php

WordPress does not properly sanitize some parameters when receiving a post by email, which could lead to Stored Cross-Site Scripting issue...

2.6AI score
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2022/10/14 12:0 a.m.•28 views

WP All Import < 3.6.9 - Admin+ Directory traversal via file upload

The plugin is not validating the paths of files contained in uploaded zip archives, allowing highly privileged users, such as admins, to write arbitrary files to any part of the file system accessible by the web server via a path traversal vector. PoC 1 Download 'poc.zip' via...

7.2CVSS3.5AI score0.03187EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/10/14 12:0 a.m.•22 views

WP All Import < 3.6.9 - Admin+ Arbitrary File Upload to RCE

The plugin is not properly filtering which file extensions are allowed to be imported on the server, which could allow administrators in multi-site WordPress installations to upload arbitrary files PoC 1 Create 'poc.zip' with 2 files like below 1-1 'exploit.php.txt' is as follows...

7.2CVSS3.4AI score0.01104EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/10/13 12:0 a.m.•13 views

Rock Convert < 3.0.0 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS2.1AI score0.00412EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2022/10/13 12:0 a.m.•14 views

Highlight Focus <= 1.1 - Admin+ Stored Cross Site Scripting

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC Put the following payload in any of the plugin...

4.8CVSS0.9AI score0.00532EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/10/13 12:0 a.m.•21 views

Page View Count < 2.5.6 - Settings Reset via CSRF

The plugin does not have CSRF check in place when resetting its settings, which could allow attackers to make a logged in admin reset them via a CSRF attack...

5.4CVSS4.6AI score0.00243EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2022/10/12 12:0 a.m.•18 views

AliExpress Dropshipping and Fulfilment for WooCommerce < 1.1.1 - Unauthenticated Sensitive Data Exposure

The plugin disclose sensitive information to unauthenticated users via a crafted request...

7.5CVSS3.1AI score0.00704EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2022/10/12 12:0 a.m.•49 views

Shortcodes Ultimate < 5.12.1 - Stored XSS via CSRF

The plugin does not have CSRF check when adding a Preset, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads in a Preset created via a CSRF attack...

8.8CVSS4.1AI score0.00293EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2022/10/12 12:0 a.m.•19 views

AB Press Optimizer <= 1.1.1 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS2.4AI score0.00396EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2022/10/12 12:0 a.m.•23 views

Accessibility < 1.0.4 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS2.6AI score0.00412EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2022/10/10 12:0 a.m.•11 views

eCommerce Product Catalog Plugin for WordPress < 3.0.71 - Reflected XSS

The plugin does not sanitise and escape an URL before outputting it back in an attribute of product category pages, leading to a Reflected Cross-Site Scripting PoC https://example.com/products-category/cat/?productcategory=1%2522%253e%253cscript%253ealert%2528/XSS/%2529%253c%252fscript%253e=1...

Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
•added 2022/10/10 12:0 a.m.•19 views

AWP Classifieds Plugin < 4.3 - Unauthenticated SQLi

The plugin does not properly sanitise and escape some parameters before using them in a SQL statement via an AJAX action available to unauthenticated users and when a specific premium module is active, leading to a SQL injection PoC To read the userlogin and userpass columns from the wpusers tabl...

9.8CVSS3.4AI score0.05103EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/10/10 12:0 a.m.•16 views

Rock Convert < 2.6.0 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape an URL before outputting it back in an attribute when a specific widget is present on a page, leading to a Reflected Cross-Site Scripting PoC On a page where the "Capture box | Rock Convert" widget is present, append ?", e.g: https://example.com/?"...

6.1CVSS6.2AI score0.00486EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/10/10 12:0 a.m.•56 views

Smart Slider 3 < 3.5.1.11 - PHP Object Injection

The plugin unserialises the content of an imported file, which could lead to PHP object injection issues when a user import intentionally or not a malicious file, and a suitable gadget chain is present on the site. PoC To simulate a gadget chain, put the following code in a plugin class Evil publ...

8.8CVSS1AI score0.01903EPSS
Exploits3Affected Software1
WPVulnDB
WPVulnDB
•added 2022/10/10 12:0 a.m.•21 views

Newspaper < 12 - Reflected Cross-Site Scripting

Description The theme does not sanitise a parameter before outputting it back in an HTML attribute via an AJAX action, leading to a Reflected Cross-Site Scripting. PoC...

6.1CVSS6.2AI score0.00969EPSS
Exploits2
WPVulnDB
WPVulnDB
•added 2022/10/10 12:0 a.m.•18 views

Envira Gallery Lite < 1.8.4.7 - Reflected Cross-Site Scripting

The plugin does not escape the $SERVER'REQUESTURI' parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers PoC https://example.com/wp-admin/edit.php?posttype=envira=envira-gallery-lite-addons&"...

6.1CVSS1.6AI score0.00593EPSS
Exploits3Affected Software1
WPVulnDB
WPVulnDB
•added 2022/10/10 12:0 a.m.•17 views

Official Integration for Billingo < 3.4.0 - ShopManager+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users with a role as low as Shop Manager to perform Stored Cross-Site Scripting attacks. PoC Put the following payload in the WooCommerce Settings Billingo E-mail Beállítások Gomb szöveg field in the...

4.8CVSS2.2AI score0.0047EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/10/10 12:0 a.m.•14 views

WP Contact Slider < 2.4.8 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitize and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. PoC Create/edit a Contact slider and put the payload below in the "Text to display" option:...

4.8CVSS2.4AI score0.00532EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/10/10 12:0 a.m.•15 views

WP Total Hacks <= 4.7.2 - Subscriber+ Arbitrary Options Update to Stored XSS

The plugin does not prevent low privilege users from modifying the plugin's settings. This could allow users such as subscribers to perform Stored Cross-Site Scripting attacks against other users, like administrators, due to the lack of sanitisation and escaping as well. PoC Run the below command...

5.4CVSS1.6AI score0.00411EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/10/10 12:0 a.m.•31 views

Ocean Extra < 2.0.5 - Admin+ PHP Objection Injection

The plugin unserialises the content of an imported file, which could lead to PHP object injections issues when a high privilege user import intentionally or not a malicious Customizer Styling file and a suitable gadget chain is present on the blog. PoC To simulate a gadget chain, put the followin...

7.2CVSS0.9AI score0.01126EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/10/10 12:0 a.m.•10 views

JReviews <= 4.1.5 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting PoC https://example.com/top-user-rated-listings?listview=2%22%3e%3cscript%3ealert1%3c%2fscript%3e=1...

0.2AI score
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
•added 2022/10/10 12:0 a.m.•36 views

Newspaper < 12 - Reflected Cross-Site Scripting

Description The theme does not sanitise a parameter before outputting it back in an HTML attribute via an AJAX action, leading to a Reflected Cross-Site Scripting PoC Affected parameter: acts.tdatts.imagesize...

6.1CVSS6.1AI score0.00551EPSS
Exploits2
WPVulnDB
WPVulnDB
•added 2022/10/10 12:0 a.m.•13 views

Easy WP SMTP < 1.5.0 - Admin+ PHP Objection Injection

The plugin unserialises the content of an imported file, which could lead to PHP object injection issue when an admin import intentionally or not a malicious file and a suitable gadget chain is present on the blog. PoC To simulate a gadget chain, put the following code in a plugin class Evil publ...

7.2CVSS1.9AI score0.01126EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/10/10 12:0 a.m.•15 views

PublishPress Capabilities < 2.5.2 - Admin+ PHP Objection Injection

The plugin unserializes the content of imported files, which could lead to PHP object injection attacks by administrators, on multisite WordPress configurations. Successful exploitation in this case requires other plugins with a suitable gadget chain to be present on the site. PoC To simulate a...

7.2CVSS0.3AI score0.01126EPSS
Exploits2Affected Software2
WPVulnDB
WPVulnDB
•added 2022/10/10 12:0 a.m.•16 views

Rock Convert < 2.11.0 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC Go to the plugin's settings Popup tab, click o...

4.8CVSS1.5AI score0.0047EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/10/05 12:0 a.m.•16 views

Log HTTP Requests < 1.3.2 - Stored Cross-Site Scripting

The plugin does not sanitise and escape a parameter, which could lead to Stored Cross-Site Scriptingill execute whenever a user accesses an injected page...

6.1CVSS0.3AI score0.00627EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2022/10/05 12:0 a.m.•8 views

Create Block Theme < 1.2.2 - Unauthenticated Arbitrary File Upload

The plugin does not have authorisation and CSRF checks, as well as does not validate the file to be uploaded, which could allow unauthenticated attackers to upload arbitrary files to the server PoC As unauthenticated user, open The file will be uploaded at...

2.6AI score
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
•added 2022/10/05 12:0 a.m.•26 views

LearnPress < 4.1.7.2 - Unauthenticated PHP Object Injection via REST API

The plugin unserialises user input in a REST API endpoint available to unauthenticated users, which could lead to PHP Object Injection when a suitable gadget is present, leadint to remote code execution RCE. To successfully exploit this vulnerability attackers must have knowledge of the site...

8.1CVSS3.5AI score0.01786EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/10/05 12:0 a.m.•22 views

WP-Polls < 2.77.0 - Subscriber+ Race Condition

The plugin is affect by a race condition which could allow any authenticated users to tamper with the votes on a poll...

4.3CVSS4.8AI score0.00382EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2022/10/03 12:0 a.m.•19 views

Retain Live Chat <= 0.1 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC Put the following payload in the Rtain App ID...

4.8CVSS1.8AI score0.00554EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/10/03 12:0 a.m.•16 views

Blog2Social < 6.9.10 - Subscriber+ SSRF

The plugin does not have authorisation in an AJAX action, and does not ensure that the URL to make a request to is an external one. As a result, any authenticated users, such as subscriber could perform SSRF attacks PoC Run this script in the web browser console while being logged in as a...

6.5CVSS1.8AI score0.0066EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/10/03 12:0 a.m.•15 views

WP ALL Export Pro < 1.7.9 - Authenticated SQLi

The plugin uses the contents of the ccsql POST parameter directly as a database query, allowing users which has been given permission to run exports to execute arbitrary SQL statements, leading to a SQL Injection vulnerability. By default only users with the Administrator role can perform exports...

8.8CVSS3.1AI score0.00945EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/10/03 12:0 a.m.•23 views

WP ALL Export Pro < 1.7.9 - Authenticated Code Injection

The plugin does not limit some functionality during exports only to users with the Administrator role, allowing any logged in user which has been given privileges to perform exports to execute arbitrary code on the site. By default only administrators can run exports, but the privilege can be...

7.2CVSS4.1AI score0.01307EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/10/03 12:0 a.m.•25 views

Form Maker by 10Web < 1.15.6 - Admin+ SQLI

The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin PoC Create/edit a form, go to the Settings MySQL Mapping i.e /admin.php?page=managefm=editid=1=4id=mapping. Copy the link t...

7.2CVSS7.1AI score0.01015EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/10/03 12:0 a.m.•27 views

Kadence WooCommerce Email Designer < 1.5.7 - Admin+ PHP Objection Injection

The plugin unserialises the content of an imported file, which could lead to PHP object injections issues when an admin import intentionally or not a malicious file and a suitable gadget chain is present on the blog. PoC To simulate a gadget chain, put the following code in a plugin class Evil...

7.2CVSS0.5AI score0.0115EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/10/03 12:0 a.m.•16 views

Post to CSV by BestWebSoft <= 1.4.0 - Author+ CSV Injection

The plugin does not properly escape fields when exporting data as CSV, leading to a CSV injection PoC - create a post using =5+5 as the title - export the data as CSV /wp-admin/admin.php?page=post-to-csv.php - open the CSV with a spreadsheet application Excel, Libre Office - the CSV formula...

9.8CVSS1.1AI score0.01279EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/10/03 12:0 a.m.•16 views

Bricks Builder < 1.5.4 - Subscriber+ Remote Code Execution

The theme allows website editors to include executable code blocks in their website, which can contain arbitrary PHP code. By default, code execution is intended to be disabled, with website administrators having to explicitly allow code execution for specific user roles. However, due to improper...

8.8CVSS3.9AI score0.01556EPSS
Exploits1Affected Software1
WPVulnDB
WPVulnDB
•added 2022/10/03 12:0 a.m.•14 views

WP Humans.txt <= 1.0.6 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC Put the following payload in the Humans.txt...

4.8CVSS2AI score0.00583EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/10/03 12:0 a.m.•20 views

Anti-Spam by CleanTalk < 5.185.1 - Admin+ SQLi

The plugin does not validate ids before using them in a SQL statement, which could lead to SQL injection exploitable by high privilege users such as admin PoC When deleting a scan logs /edit-comments.php?page=ctcheckspamlogs, intercept the request and change the spamids parameter to...

7.2CVSS0.2AI score0.01015EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/10/03 12:0 a.m.•15 views

Bricks Builder < 1.5.4 - Subscriber+ Arbitrary Post/Page Edition

The theme does not have authorisation in an AJAX action, which could allow any authenticated users such as subscriber to call it and edit any page, post, or template on the blog PoC 1. Start with a clean Wordpress install 2. Install Bricks builder v1.5.3 3. Enable registrations on the website...

6.5CVSS1.8AI score0.00618EPSS
Exploits1Affected Software1
WPVulnDB
WPVulnDB
•added 2022/10/03 12:0 a.m.•160 views

WP Super Cache < 1.9 - Unauthenticated Cache Poisoning

The plugin is affected by a cache poisoning issue PoC curl 'https://example.com//?s=12333'...

2.3AI score
Exploits0Affected Software1
Total number of security vulnerabilities14603