Lucene search
+L
WpvulndbRecent

14603 matches found

WPVulnDB
WPVulnDB
added 2022/09/05 12:0 a.m.31 views

OAuth client Single Sign On for WordPress < 3.0.4 - Unauthenticated Settings Update to Authentication Bypass

The plugin does not have authorisation and CSRF when updating its settings, which could allow unauthenticated attackers to update them and change the OAuth endpoints to ones they controls, allowing them to then be authenticated as admin if they know the correct email address PoC POST / HTTP/1.1...

7.5CVSS3.5AI score0.00368EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/09/05 12:0 a.m.20 views

Post SMTP < 2.1.7 - Admin+ Blind SSRF

The plugin does not have proper authorisation in some AJAX actions, which could allow high privilege users such as admin to perform blind SSRF on multisite installations for example. PoC Navigate to https://example.com/wp-admin/admin.php?page=postman%2Fporttest Inside "Outgoing Mail Server...

7.2CVSS6.9AI score0.01039EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/09/05 12:0 a.m.18 views

Slider Hero < 8.4.4 - Admin+ Stored Cross-Site Scripting

The plugin does not escape the slider Name, which could allow high-privileged users to perform Cross-Site Scripting attacks. PoC Create or edit a Slide and put the following payload in the Name field: " onfocus=alert/XSS/ autofocus=" The XSS will be triggered when editing the slide again...

4.8CVSS1.6AI score0.0048EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/09/05 12:0 a.m.17 views

Scripts Organizer < 3.0 - Unauthenticated Arbitrary File Upload

The plugin does not have capability and CSRF checks in the saveScript AJAX action, available to both unauthenticated and authenticated users, and does not validate user input in any way, which could allow unauthenticated users to put arbitrary PHP code in a file PoC POST /wp-admin/admin-ajax.php...

8.8CVSS0.5AI score0.00462EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2022/09/05 12:0 a.m.20 views

NinjaForms < 3.6.13 - Admin+ PHP Objection Injection

The plugin unserialises the content of an imported file, which could lead to PHP object injections issues when an admin import intentionally or not a malicious file and a suitable gadget chain is present on the blog. PoC To simulate a gadget chain, put the following code in a plugin class Evil...

7.2CVSS1.5AI score0.01091EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/09/05 12:0 a.m.19 views

Ldap WP Login / Active Directory Integration < 3.0.2 - Reflected Cross-Site Scripting

The plugin does not escape generated URLs before outputing them in attrubutes, leading to Reflected Cross-Site Scripting PoC Make a logged in admin open https://example.com/wp-admin/admin.php?page=LDAP+authentication+intergrating+with+AD"...

0.8AI score
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2022/09/05 12:0 a.m.14 views

WP Popup Builder < 1.2.9 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting PoC The custom-popup parameter needs to be the ID of an existing popup https://example.com/wp-admin/admin.php?page=wppb&pos-name;=xxx"...

6.1CVSS0.00497EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/09/05 12:0 a.m.21 views

Login Block IPs <= 1.0.0 - Arbitrary Setting Update via CSRF

The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack PoC Make a logged in admin open a page containing the HTML code below...

4.3CVSS3.8AI score0.0027EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/09/05 12:0 a.m.17 views

SEO Smart Links <= 3.0.1 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC Put the following payload in the "Whitelisted...

4.8CVSS1.7AI score0.00538EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/09/05 12:0 a.m.21 views

Ldap WP Login / Active Directory Integration < 3.0.2 - Unauthenticated Settings Update to Auth Bypass

The plugin does not have any authorisation and CSRF checks when updating it's settings which are hooked to the init action, allowing unauthenticated attackers to update them. Attackers could set their own LDAP server to be used to authenticated users, therefore bypassing the current authenticatio...

7.5CVSS3.1AI score0.0039EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/09/05 12:0 a.m.20 views

Download Manager < 3.2.55 - Admin+ Arbitrary File/Folder Access via Path Traversal

The plugin does not validate one of its settings, which could allow high privilege users such as admin to list and read arbitrary files and folders outside of the blog directory PoC 1. Navigate to settings page /wp-admin/edit.php?posttype=wpdmpro=settings 2. In the “File Browser Root:” setting,...

4.9CVSS3.5AI score0.01329EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/09/05 12:0 a.m.30 views

WP Popup Builder < 1.3.0 - Subscriber+ Arbitrary Popup Deletion

The plugin does not have authorisation and CSRF check in an AJAX action, allowing any authenticated users, such as subscribers to delete arbitrary Popup PoC fetch'/wordpress/wp-admin/admin-ajax.php?action=deletepopup', method: 'POST',headers:"content-type":"application/x-www-form-urlencoded", bod...

4.3CVSS3.5AI score0.00265EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/09/02 12:0 a.m.13 views

Meet My Team <= 2.0.5 - Contributor+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some parameters, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks...

5.4CVSS3AI score0.00425EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2022/09/02 12:0 a.m.25 views

Pop-up < 1.1.6 - Arbitrary Settings Update via CSRF

The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

8.8CVSS5.2AI score0.00802EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2022/09/02 12:0 a.m.23 views

WP Cerber Security < 9.1 - Username Enumeration Bypass

The plugin does not properly validate the author was blocking request trying to enumerate usernames, which could allow attackers to bypass the protection offered...

5.3CVSS4.7AI score0.00688EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2022/09/02 12:0 a.m.15 views

History Timeline <= 1.0.5 - Author+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some parameters, which could allow users with a role as low as author to perform Stored Cross-Site Scripting attacks...

5.4CVSS2.5AI score0.00446EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2022/09/02 12:0 a.m.25 views

Mega Addons For WPBakery Page Builder <= 4.2.7 - Settings Update via CSRF

The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

8.8CVSS5.1AI score0.00289EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2022/09/02 12:0 a.m.17 views

Torro Forms <= 1.0.16 - Contributor+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some parameters, which could allow users with a role as low as contributor to perform Cross-Site Scripting attacks...

5.4CVSS3AI score0.00458EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2022/09/01 12:0 a.m.28 views

WHA Crossword <= 1.1.10 - Contributor+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some parameters, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks...

5.4CVSS3AI score0.00433EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2022/09/01 12:0 a.m.18 views

Captcha Code < 2.8 - Settings Update via CSRF

The plugin does not have CSRF check when saving its settings, which could allow attackers to make a logged in admin update them via a CSRF attack...

8.8CVSS4.5AI score0.0031EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2022/09/01 12:0 a.m.17 views

GetResponse < 5.5.21 - API Key Update via CSRF

The plugin does not have CSRF check when updating the API key, which could allow attackers to make logged admins update it via a CSRF attack...

8.8CVSS5AI score0.00314EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2022/09/01 12:0 a.m.13 views

Blossom Recipe Maker < 1.0.8 - Contributor+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some parameters, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks...

5.4CVSS3.1AI score0.00425EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2022/09/01 12:0 a.m.25 views

MP3 jPlayer <= 2.7.3 - Multiple CSRF

The plugin does not have CSRF check in some places, which could allow attackers to make logged in users perform unwanted actions...

8.8CVSS4.7AI score0.00377EPSS
Exploits1Affected Software1
WPVulnDB
WPVulnDB
added 2022/09/01 12:0 a.m.14 views

WHA Crossword <= 1.1.10 - Contributor+ Stored XSS

The plugin does not sanitise and escape some parameters, which could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks...

5.4CVSS2.9AI score0.00568EPSS
Exploits1Affected Software1
WPVulnDB
WPVulnDB
added 2022/09/01 12:0 a.m.13 views

Easy Org Chart <= 3.1 - Contributor+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some parameters, which could allow users with a role as low as contributor to perform Cross-Site Scripting attacks...

5.4CVSS2.8AI score0.00449EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2022/09/01 12:0 a.m.16 views

Word Search Puzzles game <= 2.0.1 - Contributor+ Stored XSS

The plugin does not sanitise and escape some parameters, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks...

5.4CVSS2.6AI score0.00421EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2022/09/01 12:0 a.m.17 views

CallRail Phone Call Tracking < 0.4.10 - Stored XSS via CSRF

The plugin does not have CSRF check in place and it also lacking sanitisation as well as escaping in some parameters, which could allow attackers to make a logged in admin put Stored Cross-Site Scripting payloads in them...

6.1CVSS4.2AI score0.00299EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2022/09/01 12:0 a.m.23 views

Word Search Puzzles Game <= 2.0.1 - Author+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some parameters, which could allow users with a role as low as author to perform Cross-Site Scripting attacks...

4.8CVSS2.9AI score0.00454EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2022/08/31 12:0 a.m.24 views

WP-PostRatings < 1.90 - Ratings Tempering via Race Condition

The plugin is affected by a race condition allowing any authenticated user to tamper with ratings and decrease/increase their value...

4.3CVSS4.4AI score0.00393EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2022/08/31 12:0 a.m.12 views

WP Shop Original <= 3.9.6 - Unauthenticated Settings Update

The plugin does not have authorisation check when updating its settings, which could allow unauthenticated attackers to update them...

9.1CVSS4.2AI score0.00749EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2022/08/31 12:0 a.m.26 views

Generate PDF using Contact Form 7 < 3.6 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. PoC 1 - Install and activate "Generate PDF using Contact Form 7 Version 3.5" 2 - Click on "Contact - Add...

4.8CVSS0.6AI score0.00544EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/08/31 12:0 a.m.20 views

add2fav <= 1.0 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS2.1AI score0.00454EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2022/08/31 12:0 a.m.22 views

Image Hover Effects Ultimate < 9.8.0 - Authenticated Stored XSS

The plugin does not sanitise and escape the Media Image URL, Video Link, Title and Description field of an Image Hover, which could lead to Stored XSS when low privileged users are allowed to access the plugin's feature which can be set via the plugin settings...

6.4CVSS3.5AI score0.00508EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2022/08/31 12:0 a.m.17 views

Wordlift < 3.37.2 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. PoC - Go to publisher and select Create a New Publisher - Add publisher name " - Click on Save Changes...

4.8CVSS1.5AI score0.00475EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/08/31 12:0 a.m.13 views

Bitcoin / Altcoin Faucet <= 1.6.0 - Settings Update to Stored XSS via CSRF

The plugin does not have any CSRF check when saving its settings, allowing attacker to make a logged in admin change them via a CSRF attack. Furthermore, due to the lack of sanitisation and escaping, it could also lead to Stored Cross-Site Scripting issues PoC Make a logged in admin open a page...

5.4CVSS0.7AI score0.00246EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/08/31 12:0 a.m.12 views

Simple Bitcoin Faucets <= 1.7.0 - Unauthorised AJAX Call to Stored XSS

The plugin does not have any authorisation and CSRF in an AJAX action, allowing any authenticated users, such as subscribers to call it and add/delete/edit Bonds. Furthermore, due to the lack of sanitisation and escaping, it could also lead to Stored Cross-Site Scripting issues PoC Open a page...

5.4CVSS1.2AI score0.00233EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/08/31 12:0 a.m.24 views

Restricted Site Access < 7.3.2 - Access Bypass via IP Spoofing

The plugin prioritizes getting a visitor's IP from certain HTTP headers over PHP's REMOTEADDR, which makes it possible to bypass IP-based limitations in certain situations. PoC Set HTTPCFCONNECTINGIP or any of the other headers in getclientipaddress to spoof the IP address...

5.3CVSS2.6AI score0.00589EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/08/30 12:0 a.m.22 views

Add User Role <= 0.0.1 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS2.1AI score0.00454EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2022/08/30 12:0 a.m.16 views

Beaver Builder < 2.5.5.3 - Authenticated Stored XSS via Caption On Hover

The plugin does not sanitise and escape the Caption On Hover field of images, which could allow users with access to the plugin's editor to perform Cross-Site Scripting attacks...

6.4CVSS3.2AI score0.0045EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2022/08/30 12:0 a.m.69 views

WP < 6.0.2 - Reflected Cross-Site Scripting

Description Plugin's deactivation and deletion error messages are not escaped when output in the plugins screen, which could lead to Reflected Cross-Site Scripting...

6.5AI score
Exploits0References1
WPVulnDB
WPVulnDB
added 2022/08/30 12:0 a.m.37 views

WP < 6.0.2 - Authenticated Stored Cross-Site Scripting

Description There is a lack of escaping of the meta keys and values in themeta function, which could lead to Cross-Site Scripting issue...

6.5AI score
Exploits0References1
WPVulnDB
WPVulnDB
added 2022/08/30 12:0 a.m.1068 views

WP < 6.0.2 - SQLi via Link API

Description The getbookmarks function does not validate and escape a parameter before using it in a SQL statement, which could lead to SQL injection when user input is passed to it directly or via wplistbookmarks for example...

7.9AI score
Exploits0References1
WPVulnDB
WPVulnDB
added 2022/08/30 12:0 a.m.25 views

Beaver Builder < 2.5.5.3 - Authenticated Stored XSS via Caption

The plugin does not sanitise and escape the caption parameter added to images via the media uploader, which could allow users with access to the plugin's editor to perform Cross-Site Scripting attacks...

6.4CVSS3.8AI score0.00469EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2022/08/30 12:0 a.m.15 views

Simple File List < 4.4.12 - Reflected Cross-Site Scripting

The plugin does not escape parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting PoC https://example.com/wp-admin/admin.php?page=ee-simple-file-list="style=animation-name:rotation+onanimationstart=alert/XSS///...

6.1CVSS0.7AI score0.44095EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/08/29 12:0 a.m.22 views

Visual Composer Website Builder < 45.0.1 - Authenticated Stored XSS via Title

The plugin does not sanitise and escape post/page Title, which could allow users with access to the plugin's editor to perform Cross-Site Scripting attacks PoC Create a post using the plugin editor and add the following payload in the Title: " The XSS will be triggered when editing the post again...

6.4CVSS3AI score0.00508EPSS
Exploits1Affected Software1
WPVulnDB
WPVulnDB
added 2022/08/29 12:0 a.m.10 views

Zephyr Project Manager < 3.2.5 - Unauthorised REST Calls to Stored XSS

The plugin does not have proper authorisation even when the Require Authorisation for REST API Requests is enabled in all its REST endpoints, allowing unauthenticated users to call them either directly. Furthermore, due to the lack of sanitisation and escaping, it could also allow them to perform...

0.3AI score
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2022/08/29 12:0 a.m.19 views

Site Offline < 1.5.3 - Access Bypass

The plugin prevents users from accessing a website but does not do so if the URL contained certain keywords. Adding those keywords to the URL's query string would bypass the plugin's main feature. PoC https://example.com/?admin...

4.3CVSS1.6AI score0.01299EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/08/29 12:0 a.m.12 views

Zephyr Project Manager < 3.2.5 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape a parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting PoC https://example.com/wp-admin/admin.php?page=zephyrprojectmanagerprojectspage=--...

Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2022/08/29 12:0 a.m.16 views

Slickr Flickr <= 2.8.1 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. PoC Open the plugin and intercept the request using burpsuite. Give the below payload in the parameter...

4.8CVSS2AI score0.00494EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/08/29 12:0 a.m.14 views

Form Builder CP < 1.2.32 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its form settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC Create/edit a form and put the following...

4.8CVSS1.7AI score0.005EPSS
Exploits2Affected Software1
Total number of security vulnerabilities14603