Lucene search
+L
WpvulndbRecent

14603 matches found

WPVulnDB
WPVulnDB
•added 2022/08/29 12:0 a.m.•26 views

Zephyr Project Manager < 3.2.5 - Multiple Unauthenticated SQLi

The plugin does not sanitise and escape various parameters before using them in SQL statements via various AJAX actions available to both unauthenticated and authenticated users, leading to SQL injections PoC POST /wp-admin/admin-ajax.php HTTP/1.1 Accept:...

9.8CVSS1.5AI score0.09675EPSS
Exploits5Affected Software1
WPVulnDB
WPVulnDB
•added 2022/08/29 12:0 a.m.•20 views

Beaver Builder < 2.5.5.3 - Authenticated Stored XSS via Image URL

The plugin does not sanitise and escape the Image URL field of the Media block, which could allow users with access to the plugin's editor to perform Cross-Site Scripting attacks...

6.4CVSS2.9AI score0.00457EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2022/08/29 12:0 a.m.•25 views

Beaver Builder < 2.5.5.3 - Authenticated Stored XSS via Text Editor

The plugin does not sanitise and escape the Text Editor block, which could allow users with access to the plugin's editor to perform Cross-Site Scripting attacks...

6.4CVSS3.6AI score0.00457EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2022/08/29 12:0 a.m.•15 views

Gettext override translations < 2.0.0 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC Create/edit a translation and put the followin...

4.8CVSS2.2AI score0.0056EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/08/29 12:0 a.m.•22 views

Visual Composer Website Builder < 45.0.1 - Authenticated Stored XSS via Text Block

The plugin does not sanitise and escape its Text Block fields, which could allow users with access to the plugin's editor to perform Cross-Site Scripting attacks PoC Create a post using the plugin editor, add a Text Block and put the following payload in its content: The XSS will be triggered whe...

6.4CVSS1.8AI score0.00508EPSS
Exploits1Affected Software1
WPVulnDB
WPVulnDB
•added 2022/08/25 12:0 a.m.•22 views

WP Forecast < 7.6 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS2AI score0.00454EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2022/08/25 12:0 a.m.•17 views

Better Font Awesome < 2.0.2 - Settings Update via CSRF

The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

8.8CVSS4.3AI score0.00319EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2022/08/25 12:0 a.m.•18 views

Advanced Order Export For WooCommerce < 3.3.2 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape a parameter before outputting it back in the response, leading to a Reflected Cross-Site Scripting...

4.8CVSS1.2AI score0.00454EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2022/08/25 12:0 a.m.•16 views

Event Calendar < 1.4.7 - Unauthenticated Arbitrary Event Deletion

The plugin does not have authorisation check when deleting events, which could allow unauthenticated attackers to delete them...

6.5CVSS5.3AI score0.00555EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2022/08/25 12:0 a.m.•19 views

Accommodation System <= 1.0.1 - Subscriber+ Unauthorised Actions

The plugin does not have authorisation in various actions, which could allow users with a role as low as subscriber to call them and perform unauthorised actions...

9.8CVSS4.8AI score0.00736EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2022/08/25 12:0 a.m.•12 views

Event Calendar < 1.4.7 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting exploitable against any authenticated user...

5.4CVSS1AI score0.00469EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2022/08/25 12:0 a.m.•18 views

SEO Scout <= 0.9.83 - Settings Update via CSRF

The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

5.4CVSS4.4AI score0.00249EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2022/08/25 12:0 a.m.•26 views

About Me <= 1.0.12 - Subscriber+ Arbitrary Network Creation/Deletion

The plugin does not have authorisation and CRSF when adding and deleting networks via AJAX actions, which could allow any authenticated users, such as subscriber to create and delete arbitrary networks...

9.8CVSS4.4AI score0.00779EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2022/08/25 12:0 a.m.•18 views

Alphabetic Pagination < 3.0.8 - Unauthenticated Arbitrary Option Update

The plugin does not have any proper authorisation in place when updating some settings via a REST endpoint, and does not ensure that the options to be updated belong to the plugin. As a result, unauthenticated attackers could update arbitrary option from the blog and allow registration with a...

4.2AI score
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2022/08/25 12:0 a.m.•22 views

About Rentals <= 1.5 - Unauthenticated Actions

The plugin does not have authorisation in various actions, which could allow unauthenticated users to call them and perform unauthorised actions...

9.8CVSS4.7AI score0.00699EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2022/08/25 12:0 a.m.•22 views

Launcher: Coming Soon & Maintenance Mode <= 1.0.11 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS2.4AI score0.00475EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2022/08/25 12:0 a.m.•19 views

Access Code Feeder <= 1.0.3 - CSRF

The plugin does not have CSRF check in some places, which could allow attackers to make logged in users perform unwanted actions...

8CVSS5AI score0.00288EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2022/08/25 12:0 a.m.•21 views

Poll, Survey, Questionnaire and Voting system <= 1.7.4 - Admin+ Stored XSS

The plugin does not sanitise and escape some parameters, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS2.7AI score0.00449EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2022/08/24 12:0 a.m.•20 views

59sec LITE <= 3.4.1 - Unauthenticated Settings Update

Description The plugin does not have any authorisation in place when updating its settings, allowing unauthenticated attackers to do so...

6.5CVSS5.5AI score0.00547EPSS
Exploits0
WPVulnDB
WPVulnDB
•added 2022/08/24 12:0 a.m.•23 views

Ajax Load More < 5.5.4.1 - Admin+ Arbitrary File Read

The plugin does not properly validates paths generated with user input in the almrepeatersexport function, which could allow high privilege users to read arbitrary files form the server even when they should not be able to have access to any, for example in multisite setup This is due to an...

1.6AI score0.01355EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/08/24 12:0 a.m.•20 views

Notification Bar for WordPress <= 1.1.8 - Unauthenticated Stored Cross-Site Scripting

Description The plugin does not sanitise and escape some parameters which could allow unauthenticated attackers to perform Stored Cross-Site Scripting attacks...

6.1CVSS5.9AI score0.00446EPSS
Exploits0
WPVulnDB
WPVulnDB
•added 2022/08/23 12:0 a.m.•37 views

All-in-One WP Migration < 7.63 - Unauthenticated Reflected XSS

The plugin uses the wrong content type for, and does not properly escape the response from the ai1wmexport action, allowing an attacker to craft a request that when submitted by any visitor will inject arbitrary html or javascript into the response that will be executed in the victims session. Po...

1.3AI score0.01204EPSS
Exploits3Affected Software1
WPVulnDB
WPVulnDB
•added 2022/08/23 12:0 a.m.•19 views

BadgeOS < 3.7.1.3 - Subscriber+ SQLi

The plugin does not sanitise and escape parameters before using them in SQL statements via AJAX actions available to any authenticated users, leading to SQL Injections PoC Open the following URL as any authenticated user such as subscriber:...

8.8CVSS1.5AI score0.00994EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/08/23 12:0 a.m.•13 views

Float to Top Button <= 2.3.6 - Admin+ Stored Cross-Site Scripting

The plugin does not escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC Put the following payload in the "Text for the button" or...

4.8CVSS0.7AI score0.00494EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/08/23 12:0 a.m.•16 views

Scroll To Top < 1.4.1 - Admin+ Stored Cross-Site Scripting

The plugin does not escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC Put the following payload in the "Text" settings of the...

4.8CVSS1.8AI score0.005EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/08/23 12:0 a.m.•18 views

WordPress Ping Optimizer < 2.35.1.3.0 - Arbitrary Settings Update via CSRF

The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack PoC http://evil.com aaaa bbbb...

4.3CVSS3.5AI score0.00284EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/08/22 12:0 a.m.•18 views

Search Exclude < 1.2.7 - Author+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some parameters which could allow users with a role as low as editor to perform Stored Cross-Site Scripting attacks...

5.4CVSS2.7AI score0.0042EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2022/08/22 12:0 a.m.•20 views

Classima < 2.1.11 - Reflected Cross-Site Scripting

The theme and some of its required plugins do not escape a parameter before outputting it back in attributes, leading to Reflected Cross-Site Scripting PoC https://example.com/all-ads/?q="+onmouseover%3Dalert%281%29+id%3Dx+tabindex%3D0+style%3Ddisplay%3Ablock The XSS will be triggered when the us...

6.1CVSS0.4AI score0.00491EPSS
Exploits2Affected Software5
WPVulnDB
WPVulnDB
•added 2022/08/22 12:0 a.m.•16 views

Better Messages < 1.9.10.58 - Subscriber+ Denial Of Service

The plugin does not limit the length of messages, which could allow any authenticated users sending messages to cause a denial fo service...

7.7CVSS4.1AI score0.00871EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2022/08/22 12:0 a.m.•12 views

WP Taxonomy Import <= 1.0.4 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting PoC...

6.1CVSS0.8AI score0.00491EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/08/22 12:0 a.m.•22 views

WBW Currency Switcher for WooCommerce < 1.6.6 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC In the plugin's settings WooCommerce Settings...

4.8CVSS0.3AI score0.00475EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/08/22 12:0 a.m.•10 views

Classified Listing Pro < 2.0.20 - Reflected Cross-Site Scripting

The plugin does not escape a generated URL before outputting it back in an attribute in an admin page, leading to a Reflected Cross-Site Scripting PoC https://example.com/all-ads/?" https://example.com/all-properties/?"...

6.1CVSS0.5AI score0.00557EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/08/22 12:0 a.m.•23 views

Login No Captcha reCAPTCHA < 1.7 - IP Check Bypass

The plugin doesn't check the proper IP address allowing attackers to spoof IP addresses on the allow list and bypass the need for captcha on the login screen. PoC Set HTTPCLIENTIP, HTTPXFORWARDEDFOR or any other header in LoginNoCaptcha::getipaddress which is then checked against the whitelist an...

4.3CVSS2.2AI score0.0057EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/08/22 12:0 a.m.•12 views

Tutor LMS < 2.0.9 - Reflected Cross-Site Scripting

The plugin does not escape an URL before outputting it back in an attribute, leading to Reflected Cross-Site Scripting The issue was initially fixed in 1.9.13 but re-introduced in 2.0.0 PoC https://example.com/wp-admin/post.php?post=1369=edittab=general'...

0.2AI score
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2022/08/22 12:0 a.m.•14 views

Post SMTP < 2.1.4 - Admin+ Stored Cross-Site Scripting

The plugin does not escape some of its settings before outputting them in the admins dashboard, allowing high privilege users to perform Cross-Site Scripting attacks against other users even when the unfilteredhtml capability is disallowed. PoC Put the following payload in the Post SMTP Settings...

4.8CVSS1.5AI score0.00538EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/08/22 12:0 a.m.•19 views

Ajax Load More < 5.5.4 - Admin+ Arbitrary File Read

The plugin does not validate a path which could allow high privilege users such as admin to read arbitrary files from the server...

4.9CVSS3.8AI score0.01501EPSS
Exploits3Affected Software1
WPVulnDB
WPVulnDB
•added 2022/08/22 12:0 a.m.•14 views

WP Hotel Booking < 2.0.1 - Unauthenticated Arbitrary Settings Update

The plugin does not have authorisation and CSRF checks in place when updating its settings, which could allow unauthenticated attackers to change them. PoC All settings are affected, example, to change the Thousands Separator one, run the below command in the developer console of the web browser...

3.2AI score
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2022/08/22 12:0 a.m.•21 views

Ajax Load More < 5.5.4 - PHAR Deserialization via CSRF

The plugin does not validate user input before using it to generate a path, allowing attacker to fully control it and use any wrapper, such as PHAR which could lead to deserialisation if they can trick an admin to open a malicious link and a suitable gadget chain is present...

8.8CVSS2.9AI score0.01251EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2022/08/22 12:0 a.m.•12 views

WP Server Health Stats < 1.7.0 - Admin+ Stored Cross-Site Scripting

The plugin does not escape some of its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. PoC As admin, put the following payload in the "Provide your IP-API Pro key", "Memcached Server Host", "Set the...

4.8CVSS0.9AI score0.00538EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/08/19 12:0 a.m.•22 views

Craw Data <= 1.0.0 - Server Side Request Forgery

The plugin does not implement nonce checks, which could allow attackers to make a logged in admin change the url value performing unwanted crawls on third-party sites SSRF. PoC When configuring the CrawData addon, the request is as follows GET...

4.3CVSS1.8AI score0.00552EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/08/19 12:0 a.m.•8 views

Calendar Event Multi View < 1.4.07 - Unauthenticated Arbitrary Event Deletion

The plugin does not have any authorisation and CSRF checks in place when deleting events which could allow unauthenticated attackers to delete arbitrary events PoC As an unauthenticated user, open the code below, this will delete the event with ID 4 from the calendar with ID 1...

5.4AI score
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2022/08/17 12:0 a.m.•30 views

Download Manager < 3.2.50 - Contributor+ PHAR Deserialization

The plugin does not validate a parameter, which could allow users with a role as low as contributor to perform PHAR deserialisation when a suitable gadget chain is also present...

8.8CVSS4.1AI score0.01408EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2022/08/17 12:0 a.m.•15 views

Mobile Events Manager < 1.4.8 - Admin+ CSV Injection

The plugin does not properly escape the Enquiry source field when exporting events, or the Paid for field when exporting transactions as CSV, leading to a CSV injection vulnerability. PoC Export events with malicious CSV: 1. Create and save a new Enquiry source and add the following in the name...

8.8CVSS1.4AI score0.00977EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/08/17 12:0 a.m.•20 views

Titan Anti-spam & Security < 7.3.1 - Protection Bypass due to IP Spoofing

The plugin does not properly checks HTTP headers in order to validate the origin IP address, allowing threat actors to bypass it's block feature by spoofing the headers. PoC The function wantispampgetip is vulnerable to IP spoofing because of the general usage of $SERVER'HTTPXFORWARDEDFOR' curl -...

5.3CVSS1.3AI score0.00615EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/08/17 12:0 a.m.•23 views

All-in-One Video Gallery 2.5.8 - 2.6.0 - Unauthenticated Arbitrary File Download & SSRF

The plugin does not validate the dl parameter which could allow unauthenticated users to download arbitrary files from the server, as well as perform SSRF attacks...

8.2CVSS4.6AI score0.25869EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2022/08/17 12:0 a.m.•13 views

WP STAGING < 2.9.18 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC With the web browser inspector, change the inp...

4.8CVSS4.6AI score0.00538EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/08/16 12:0 a.m.•14 views

Affiliates Manager < 2.9.14 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. PoC Put the following payload in the "Currency Symbol" settings of the plugin and save: " Other...

4.8CVSS3AI score0.00538EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/08/16 12:0 a.m.•7 views

Affiliates Manager < 2.9.14 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape parameters before outputting them back in pages, which could lead to Reflected Cross-Site Scripting PoC GET /wp-admin/admin.php?page=wpam-settings=" HTTP/1.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8...

1.9AI score
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2022/08/16 12:0 a.m.•11 views

Affiliates Manager < 2.9.14 - Arbitrary Affiliates & Creatives Deletion via CSRF

The plugin does not have CSRF checks when deleting affiliates and creatives, which could allow attackers to make a logged in admin perform such actions via CSRF attacks PoC Make a logged in admin open - https://example.com/wp-admin/admin.php?page=wpam-affiliatesaid=2 -...

4.1AI score
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2022/08/16 12:0 a.m.•15 views

Calendar Event Multi View < 1.4.07 - Unauthenticated Arbitrary Event Creation to Stored XSS

The plugin does not have any authorisation and CSRF checks in place when creating an event, and is also lacking sanitisation as well as escaping in some of the event fields. This could allow unauthenticated attackers to create arbitrary events and put Cross-Site Scripting payloads in it. PoC As a...

4.3CVSS1.5AI score0.02179EPSS
Exploits5Affected Software1
Total number of security vulnerabilities14603