Lucene search
+L
WpvulndbRecent

14603 matches found

WPVulnDB
WPVulnDB
•added 2022/09/21 12:0 a.m.•19 views

FavIcon Switcher <= 1.2.11 - Arbitrary Settings Change via CSRF

The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

5.4CVSS5AI score0.00255EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2022/09/21 12:0 a.m.•17 views

WP Custom Cursors < 3.0.1 - Stored Cross-Site Scripting via CSRF

The plugin does not have CSRF check in place when creating and editing cursors, which could allow attackers to made a logged in admin perform such actions via CSRF attacks. Furthermore, due to the lack of sanitisation and escaping in some of the cursor options, it could also lead to Stored...

6.1CVSS0.7AI score0.00251EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/09/20 12:0 a.m.•27 views

Import all XML, CSV & TXT into WordPress < 6.5.8 - Admin+ SQLi

The plugin does not properly sanitise and escape imported data before using them back SQL statements, leading to SQL injection exploitable by high privilege users such as admin PoC With the additional https://wordpress.org/plugins/polylang/ plugin installed, import a CSV with the following payloa...

7.2CVSS0.7AI score0.00992EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/09/20 12:0 a.m.•12 views

We’re Open! < 1.42 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC Put the following payload in the Settings We'r...

4.8CVSS1.1AI score0.00496EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/09/20 12:0 a.m.•14 views

Search Logger <= 0.9 - Admin+ SQLi

The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users PoC ------------------------------------------------- Go to Search Logger Logs Select Delete...

7.2CVSS0.5AI score0.00921EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/09/20 12:0 a.m.•13 views

Import all XML, CSV & TXT into WordPress < 6.5.8 - Missing Authorisation

The plugin does not have authorisation in some places, which could allow any authenticated users to access some of the plugin features if they manage to get the related nonce...

4.2CVSS4AI score0.00386EPSS
Exploits1Affected Software1
WPVulnDB
WPVulnDB
•added 2022/09/19 12:0 a.m.•18 views

Simple File List < 4.4.12 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC First Stored XSS - HTTP Request POST...

4.8CVSS4.7AI score0.0047EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/09/19 12:0 a.m.•16 views

Social Rocket < 1.3.3 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC Logged in the backend of Wordpress as...

4.8CVSS0.1AI score0.0047EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/09/19 12:0 a.m.•19 views

Booster for WooCommerce - Subscriber+ Order Status Update

The plugins allow users to update their own order status via a settings defined by admins when the My Account module is enabled, however does not ensure that the status set is allowed. As a result, users could set arbitrary status to their own orders, making them paid without actually paying for...

1.1AI score
Exploits0Affected Software3
WPVulnDB
WPVulnDB
•added 2022/09/19 12:0 a.m.•15 views

Download Monitor < 4.5.98 - Admin+ Arbitrary File Download

The plugin does not ensure that files to be downloaded are inside the blog folders, and not sensitive, allowing high privilege users such as admin to download the wp-config.php or /etc/passwd even in an hardened environment or multisite setup. PoC Create a new download on:...

4.9CVSS1AI score0.00859EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/09/19 12:0 a.m.•17 views

Simple File List < 4.4.13 - Page Creation via CSRF

The plugin does not implement nonce checks, which could allow attackers to make a logged in admin create new page and change it's content via a CSRF attack. PoC...

6.5CVSS4.2AI score0.00338EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/09/19 12:0 a.m.•14 views

reSmush.it Image Optimizer < 0.4.6 - Admin+ Cross-Site Scripting

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when unfilteredhtml is disallowed. PoC POST /wp-admin/options.php HTTP/1.1 Accept:...

4.8CVSS1.7AI score0.00506EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/09/19 12:0 a.m.•12 views

Memberpress Downloads < 1.2.6 - Subscriber+ Arbitrary File Upload

The plugin does not properly check user capabilities in its file uploading AJAX endpoint, relying on WordPress nonces to do so. Unfortunately, the nonce can be leaked by any logged-in users, like subscribers. Since the Uploader library they use does not check file extensions at all, this may lead...

2.5AI score
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2022/09/19 12:0 a.m.•15 views

Top Bar < 3.0.4 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its settings before outputting them in frontend pages, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC Put t...

4.8CVSS0.9AI score0.00506EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/09/15 12:0 a.m.•16 views

TaskBuilder < 1.0.8 - Subscriber+ Stored XSS via SVG file upload

The plugin does not validate and sanitise task's attachments, which could allow any authenticated user such as subscriber creating a task to perform Stored Cross-Site Scripting by attaching a malicious SVG file PoC Create a SVG with the following content: As any authenticated user, such as...

5.4CVSS5.2AI score0.00468EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/09/15 12:0 a.m.•20 views

SearchWP Live Ajax Search < 1.6.3 - Unauthenticated Local File Inclusion

The plugin does not validate the swpengine parameter of the searchwplivesearch AJAX action, which could allow unauthenticated attackers to perform Local File Inclusion attack via a Path Traversal vector on web server running IIS...

4.6AI score
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2022/09/15 12:0 a.m.•19 views

Advanced Comment Form < 1.2.1 - Admin+ Authenticated Stored XSS

The plugin does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. PoC In the settings of the plugin, add the following payload to the text before the form:...

4.8CVSS2.3AI score0.0047EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/09/15 12:0 a.m.•22 views

CPO Shortcodes <= 1.5.0 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS2AI score0.00457EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2022/09/14 12:0 a.m.•16 views

Advanced Dynamic Pricing for WooCommerce < 4.1.4 - Settings Update via CSRF

The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

5.4CVSS4.8AI score0.00269EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2022/09/14 12:0 a.m.•13 views

Rate my Post < 3.3.5 - Subscriber+ Votes Tampering via Race Condition

The plugin is affected by a race condition issues allowing subscriber users to tamper with votes to increment to decrement them...

4.3CVSS4.9AI score0.00373EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2022/09/14 12:0 a.m.•16 views

Multiple Plugins from Viszt Peter - Multiple CSRF

The plugins are lacking CSRF checks in various AJAX actions, which could allow attackers to make logged in Shop Managers and above perform unwanted actions, such as deactivate the plugin's license PoC With the woo-billingo-plus plugin installed, make a logged in user with the editshoporders...

8.8CVSS1.7AI score0.004EPSS
Exploits2Affected Software5
WPVulnDB
WPVulnDB
•added 2022/09/14 12:0 a.m.•14 views

Rate my Post < 3.3.5 - Cross-Site Request Forgery

The plugin does not have CSRF check in some places, which could allow attackers to make logged in users perform unwanted actions...

4.3CVSS4.6AI score0.00269EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2022/09/14 12:0 a.m.•27 views

Enable Media Replace < 4.0.0 - Admin+ Path Traversal

The plugin does not ensure that renamed files are moved to the Upload folder, which could allow high privilege users such as admin to move them outside to the web root directory via a path traversal attack for example PoC When replacing the file, select "Replace the file, use new file name and...

4.9CVSS1.9AI score0.00781EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/09/14 12:0 a.m.•13 views

Notice Board <= 1.1 - Contributor+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some parameters, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks...

5.4CVSS3AI score0.00451EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2022/09/14 12:0 a.m.•18 views

Slider, Gallery, and Carousel by MetaSlider < 3.27.9 - Admin+ Stored Cross Site Scripting

The plugin does not sanitise and escape some of its Gallery Image parameters, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC Add an image to a Gallery via...

4.8CVSS2.4AI score0.0047EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/09/14 12:0 a.m.•18 views

WP 2FA < 2.3.0 - Time-Based Side-Channel Attack

The plugin uses comparison operators that don't mitigate time-based attacks, which could be abused to leak information about the authentication codes being compared...

5.9CVSS3.5AI score0.00747EPSS
Exploits1Affected Software1
WPVulnDB
WPVulnDB
•added 2022/09/13 12:0 a.m.•22 views

Soledad < 8.2.5 - Reflected Cross-site Scripting

The theme does not sanitise the id,datafiltertype,... parameters in its pencimoreslistpostajax AJAX action, leading to a Reflected Cross-Site Scripting XSS vulnerability. PoC A threat actor can collect the nonce value on the main webpage by searching for it on the ajaxvarmore call: var ajaxvarmor...

6.1CVSS0.00486EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/09/12 12:0 a.m.•15 views

PCA Predict <= 1.0.3 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS2.4AI score0.00457EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2022/09/12 12:0 a.m.•25 views

Add Shortcodes Actions And Filters <= 2.0.9 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS2.2AI score0.00554EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2022/09/12 12:0 a.m.•24 views

YDS Support Ticket System <= 1.0 - Cross-Site Request Forgery

The plugin does not have CSRF check in some places, which could allow attackers to make logged in users perform unwanted actions...

8.8CVSS4.5AI score0.00306EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2022/09/12 12:0 a.m.•22 views

DSGVO All in one for WP < 4.2 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC Go the DSGVO AIO Settings Cookie Notice settin...

4.8CVSS1.2AI score0.00554EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/09/12 12:0 a.m.•16 views

Read more By Adam <= 1.1.8 - Cross-Site Request Forgery

The plugin does not have CSRF check in some places, which could allow attackers to make logged in users perform unwanted actions...

8.8CVSS5.1AI score0.00295EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2022/09/12 12:0 a.m.•17 views

Photospace Gallery <= 2.3.5 - Subscriber+ Arbitrary Settings Update

The plugin does not have authorisation check when updating its settings, which could allow any authenticated users, such as subscriber to update them...

5.4CVSS4.9AI score0.0053EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2022/09/11 12:0 a.m.•18 views

RD Station < 5.2.1 - Multiple CSRF

The plugin does not have CSRF check in some places, which could allow attackers to make logged in users perform unwanted actions...

8.8CVSS4.6AI score0.00287EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2022/09/09 12:0 a.m.•23 views

Corner Ad < 1.0.57 - Ads Deletion via CSRF

The plugin does not have CSRF check when deleting ads, which could allow attackers to make logged in admins delete arbitrary ads via a CSRF attack...

8.8CVSS5.3AI score0.00646EPSS
Exploits1Affected Software1
WPVulnDB
WPVulnDB
•added 2022/09/08 12:0 a.m.•20 views

Contact Form By Mega Forms < 1.2.5 - Subscriber+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some parameters, which could allow users with a role as low as subscriber to perform Stored Cross-Site Scripting attacks...

5.4CVSS3.5AI score0.00455EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2022/09/08 12:0 a.m.•20 views

Zephyr Project Manager < 3.2.55 - Unauthorised AJAX Calls To Stored XSS

The plugin does not have any authorisation as well as CSRF in all its AJAX actions, allowing unauthenticated users to call them either directly or via CSRF attacks. Furthermore, due to the lack of sanitisation and escaping, it could also allow them to perform Stored Cross-Site Scripting attacks...

5.4CVSS2.1AI score0.00385EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/09/07 12:0 a.m.•17 views

Wordfence < 7.6.1 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape a settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS2AI score0.00642EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2022/09/07 12:0 a.m.•14 views

Frontend File Manager < 21.3 - Unauthenticated File Renaming

The plugin allows any unauthenticated user to rename uploaded files from users. Furthermore, due to the lack of validation in the destination filename, this could allow allow them to change the content of arbitrary files on the web server PoC curl -i -s -k -X 'POST' --data-binary...

5.3CVSS3.2AI score0.06263EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/09/07 12:0 a.m.•11 views

Donation Thermometer < 2.1.3 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC Put the following payload in the Settings...

4.8CVSS0.4AI score0.00554EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/09/07 12:0 a.m.•22 views

Frontend File Manager < 21.3 - Subscriber+ Arbitrary File Upload

The plugin allows any authenticated users, such as subscriber, to rename a file to an arbitrary extension, like PHP, which could allow them to basically be able to upload arbitrary files on the server and achieve RCE PoC 1. Navigate to the page where ffmwp shortcode is included as Subscriber 2...

8.8CVSS0.6AI score0.01125EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/09/07 12:0 a.m.•13 views

Goolytics - Simple Google Analytics < 1.1.2 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. PoC As admin, put the following payloads in Settings Goolytics Google Analytics ID field and save: "...

4.8CVSS2.3AI score0.00611EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/09/06 12:0 a.m.•73 views

BackupBuddy < 8.7.5 - Unauthenticated Arbitrary File Access

The plugin is affected by a Directory Traversal attack, allowing unauthenticated attackers to access arbitrary files on the web server, starting in version 8.5.8.0. PoC Install BackupBuddy v8.5.8.0 through v8.7.4.1. curl...

4.9AI score0.63761EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
•added 2022/09/06 12:0 a.m.•19 views

Booking Calendar < 9.2.2 - Arbitrary Translation Update via CSRF

The plugin does not have CSRF check when updating translations, which could allow attackers to make logged in users update arbitrary translations via a CSRF attack...

5.4CVSS5.5AI score0.00279EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2022/09/06 12:0 a.m.•27 views

Ketchup Restaurant Reservations <= 1.0.0 - Unauthenticated Blind SQLi

The plugin does not validate and escape some reservation parameters before using them in SQL statements, which could allow unauthenticated attackers to perform SQL Injection attacks PoC As unauthenticated, fill the reservation form it's on a page where the reservationform is embed, intercept the...

9.8CVSS1.1AI score0.37709EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/09/06 12:0 a.m.•24 views

WP Socializer < 7.3 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its Icons settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC Activate the Share Icons feature of the...

4.8CVSS4.6AI score0.00597EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/09/06 12:0 a.m.•19 views

Ketchup Restaurant Reservations <= 1.0.0 - Unauthenticated Stored XSS

The plugin does not sanitise and escape some of the reservation user inputs, allowing unauthenticated attackers to perform Cross-Site Scripting attacks logged in admin viewing the malicious reservation made PoC As unauthenticated, make a reservation ie on a page where the reservationform is embed...

6.1CVSS0.9AI score0.83373EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/09/05 12:0 a.m.•18 views

CM Download Manager < 2.8.6 - Admin+ Arbitrary File Upload

The plugin allows high privilege users such as admin to upload arbitrary files by setting the any extension via the plugin's setting, which could be used by admins of multisite blog to upload PHP files for example. PoC Activate PHP extension: - Log in and go to "CM Downloads" "Settings" "General"...

7.2CVSS7AI score0.01065EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/09/05 12:0 a.m.•16 views

WP Shamsi < 4.2.0 - Subscriber+ Settings Update

The plugin does not have authorisation check when updating its settings, which could allow any authenticated users, such as subscriber to update them...

4.3CVSS3.5AI score0.00538EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2022/09/05 12:0 a.m.•26 views

All in One SEO < 4.2.4 - Multiple CSRF

The plugin does not have CSRF check in some places, which could allow attackers to make logged in users perform unwanted actions...

8.8CVSS4.3AI score0.00342EPSS
Exploits0Affected Software1
Total number of security vulnerabilities14603