Lucene search
+L
WpvulndbRecent

14604 matches found

WPVulnDB
WPVulnDB
•added 2022/08/16 12:0 a.m.•15 views

Calendar Event Multi View < 1.4.07 - Unauthenticated Arbitrary Event Creation to Stored XSS

The plugin does not have any authorisation and CSRF checks in place when creating an event, and is also lacking sanitisation as well as escaping in some of the event fields. This could allow unauthenticated attackers to create arbitrary events and put Cross-Site Scripting payloads in it. PoC As a...

4.3CVSS1.5AI score0.02179EPSS
Exploits5Affected Software1
WPVulnDB
WPVulnDB
•added 2022/08/16 12:0 a.m.•19 views

Broken Link Checker < 1.11.17 - Admin+ PHAR Deserialization

The plugin does not validate a parameter, which could allow high privilege users such as admin to perform PHAR deserialisation when a suitable gadget chain is also present...

7.2CVSS4.7AI score0.01385EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2022/08/16 12:0 a.m.•15 views

Affiliates Manager < 2.9.14 - Affiliate CSV Injection

The plugin does not validate and sanitise the affiliate data, which could allow users registering as affiliate to perform CSV injection attacks against an admin exporting the data PoC Register as an affiliate and put the following payload in the Firstname, Lastname or Company fields: =10+2+30 As...

8CVSS4.8AI score0.0095EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/08/15 12:0 a.m.•15 views

Visual Portfolio < 2.19.0 - Contributor+ CSS Injection

The plugin does not have proper authorisation checks in some of its REST endpoints, allowing users with a role as low as contributor to call them and inject arbitrary CSS in arbitrary saved layouts PoC The postid is the ID of a saved layout As a contributor, get a REST nonce via...

5.4CVSS0.8AI score0.00432EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/08/15 12:0 a.m.•19 views

WP Database Backup < 5.9 - Admin+ Stored Cross-Site Scripting

The plugin does not escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfilteredhtml capability is disallowed for example in multisite setup PoC Put the following payload in any of the Destination FTP Settings...

4.8CVSS2AI score0.00419EPSS
Exploits1Affected Software1
WPVulnDB
WPVulnDB
•added 2022/08/15 12:0 a.m.•25 views

Visual Portfolio < 2.18.0 - Unauthenticated CSS Injection

The plugin does not have proper authorisation checks in some of its REST endpoints, allowing unauthenticated users to call them and inject arbitrary CSS in arbitrary saved layouts PoC The postid is the ID of a saved layout...

6.1CVSS3.7AI score0.00496EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/08/15 12:0 a.m.•10 views

Fast Flow < 1.2.12 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape some parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting PoC https://example.com/wp-admin/admin.php?page=fast-flow="...

1AI score
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2022/08/15 12:0 a.m.•11 views

Multivendor Marketplace Solution for WooCommerce < 3.8.12 - Multiple Reflected Cross-Site Scripting

The plugin does not sanitise and escape numerous parameters before outputting them back in admin pages via various AJAX actions, leading to Reflected Cross-Site Scripting PoC With SitePress active, and with more than 1 active language: 6458 being a valid Product ID 16 being valid vendor id...

3.3AI score
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2022/08/15 12:0 a.m.•20 views

Multivendor Marketplace Solution for WooCommerce < 3.8.12 - Unauthenticated LFI

The plugin does not validate and sanitise a parameter before using it to include a file via an AJAX action available to both unauthenticated and authenticated users, which could lead to Local File Inclusion PoC POST /wp-admin/admin-ajax.php HTTP/1.1 Accept:...

2.9AI score
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2022/08/15 12:0 a.m.•20 views

Multivendor Marketplace Solution for WooCommerce < 3.8.12 - Unauthorised AJAX Calls

The plugin is lacking authorisation and CSRF in multiple AJAX actions, which could allow any authenticated users, such as subscriber to call them and suspend vendors reporter by the submitter or update arbitrary order status identified by WPScan when verifying the issue for example. Other...

4.3CVSS3.5AI score0.00275EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/08/12 12:0 a.m.•20 views

Alpine PhotoTile for Pinterest <= 1.3.1 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5.4CVSS2.6AI score0.00504EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2022/08/12 12:0 a.m.•25 views

Rank Math SEO < 1.0.95.1 - Unauthenticated SSRF

The plugin does not properly restrict access to some .htaccess blocked REST endpoints when the headless settings is enabled, which could allow unauthenticated attackers to perform SSRF attacks...

9.8CVSS4.3AI score0.00792EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2022/08/11 12:0 a.m.•22 views

Uploading SVG, WEBP and ICO files <= 1.0.1 - Author+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some parameters which could allow users with a role as low as author to perform Stored Cross-Site Scripting attacks...

5.4CVSS2.5AI score0.00445EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2022/08/11 12:0 a.m.•17 views

Uploading SVG, WEBP and ICO files <= 1.0.1 - Admin+ Arbitrary File Upload

The plugin does not validate the files to be uploaded, which could allow high privilege users such as admin to upload arbitrary files, even when they are not supposed to...

7.2CVSS3.1AI score0.00946EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2022/08/10 12:0 a.m.•15 views

Best Payments Plugin for WP < 4.2.1 - Unauthenticated Stored Cross-Site Scripting

The plugin does not sanitise and escape user input given in its forms, which could allow unauthenticated attackers to perform Cross-Site Scripting attacks against admins PoC As unauthenticated, on a page/post where there is a contact form created via the plugin, put the following payload in the...

7.2CVSS3AI score0.0059EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/08/10 12:0 a.m.•16 views

Easy Digital Downloads < 3.0.2 - Admin+ PHP Object Injection

The plugin does not validate user input before unserialising it, which could allow high privilege users to perform PHP Objection injection attacks...

7.2CVSS4.4AI score0.0069EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2022/08/10 12:0 a.m.•40 views

Gallery PhotoBlocks <= 1.2.6 - Authenticated Stored XSS

The plugin does not sanitise and escape some parameters, which could allow low privileged users to perform Stored Cross-Site Scripting attacks...

5.4CVSS4.3AI score0.00507EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2022/08/10 12:0 a.m.•40 views

Directorist < 7.3.1 - Unauthenticated Email Address Disclosure

The plugin discloses the email address of all users in an AJAX action available to both unauthenticated and any authenticated users PoC https://example.com/wp-admin/admin-ajax.php?action=directoristauthorpagination...

5.3CVSS1.2AI score0.01408EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/08/10 12:0 a.m.•8 views

Best Payments Plugin for WP < 4.2.1 - Reflected Cross-Site Scripting

The plugin does not escape an URL before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting PoC Append the following payload on a page where the is a form from the plugin: a" e.g: https://example.com/contact-form/?a"...

Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2022/08/10 12:0 a.m.•18 views

SP Project & Document Manager < 4.62 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting...

6.1CVSS0.9AI score0.00492EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2022/08/10 12:0 a.m.•25 views

Gallery PhotoBlocks <= 1.2.6 - Cross-Site Request Forgery

The plugin does not have CSRF check in some places, which could allow attackers to make logged in users perform unwanted actions...

8.8CVSS5AI score0.00306EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2022/08/09 12:0 a.m.•10 views

Social Slider Feed < 2.0.7 - Admin+ Stored XSS via Feeds

The plugin does not sanitise as well as escape user input in feeds, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC Put the following payload in a Instagram...

1.2AI score
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2022/08/09 12:0 a.m.•26 views

Simple Single Sign On <= 4.1.0 - Authentication Bypass

The plugin leaks its OAuth clientsecret, which could be used by attackers to gain unauthorized access to the site. PoC When we click the "Single Sign On" button, the plugin redirects us to the OAuth server to authenticate ourselves if we are not logged in. The button invokes the following URL:...

7.5CVSS0.5AI score0.00619EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
•added 2022/08/09 12:0 a.m.•9 views

Photo Gallery < 1.7.1 - Reflected Cross-Site Scripting

The plugin does not escape some URLs before outputting them back in attributes, leading to Reflected Cross-Site Scripting PoC When the plugin displays a notice: https://example.com/wp-admin/plugins.php?"...

0.3AI score
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2022/08/09 12:0 a.m.•26 views

amCharts: Charts and Maps < 1.4.1 - Contributor+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its parameters, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks...

5.4CVSS3AI score0.00449EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2022/08/09 12:0 a.m.•25 views

Contest Gallery < 17.0.5 - Author+ SQLi

The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as author...

8.8CVSS3.4AI score0.00737EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2022/08/08 12:0 a.m.•18 views

Leaflet Maps Marker < 3.12.5 - Admin+ SQLi

The plugin does not properly sanitize some parameters before inserting them into SQL queries. As a result, high privilege users could perform SQL injection attacks. PoC PoC for filter-operator1 parameter: POST...

7.2CVSS0.4AI score0.01062EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/08/08 12:0 a.m.•17 views

WP Hide & Security Enhancer < 1.8 - Reflected Cross-Site Scripting

The plugin does not escape a parameter before outputting it back in an attribute of a backend page, leading to a Reflected Cross-Site Scripting PoC http://example.com/wp-admin/admin.php?page=wp-hide-cdn=%22+style%3Danimation-name%3Arotation+onanimationstart%3Dalert%28/XSS/%29+x...

6.1CVSS6.2AI score0.0055EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/08/08 12:0 a.m.•18 views

Stop Spam Comments <= 0.2.1.2 - Access Token Bypass

The plugin does not properly generate the Javascript access token for preventing abuse of comment section, allowing threat authors to easily collect the value and add it to the request. PoC Collect the name and value of ssckey for the target post and use it on the request. curl...

6.5CVSS2.3AI score0.00546EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/08/08 12:0 a.m.•14 views

Simply Schedule Appointments < 1.5.7.7 - Unauthenticated Email Address Disclosure

The plugin is missing authorisation in a REST endpoint, allowing unauthenticated users to retrieve WordPress users details such as name and email address PoC https://example.com/wp-json/ssa/v1/users...

5.3CVSS1.5AI score0.01424EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/08/08 12:0 a.m.•17 views

Simply Schedule Appointments < 1.5.7.7 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC Navigate to style settings:...

4.8CVSS0.8AI score0.00559EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/08/08 12:0 a.m.•20 views

JoomSport < 5.2.6 - Admin+ SQLi

The plugin does not properly escape the orderby parameter before using it in multiple SQL statement, which could allow high privilege users to perform SQL injection...

7.2CVSS3.3AI score0.01172EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2022/08/08 12:0 a.m.•26 views

String Locator < 2.6.0 - Authenticated PHAR Deserialization

The plugin does not validate a parameter, which could lead to PHAR deserialisation when an attacker manage to upload a malicious file crafted with a suitable gadget chain and having a logged in admin open a malicious link...

8.8CVSS2.9AI score0.01279EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2022/08/08 12:0 a.m.•22 views

Testimonial Builder < 1.6.2 - Editor+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as editor to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5.4CVSS2.9AI score0.00472EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2022/08/06 12:0 a.m.•24 views

ActiveDEMAND plugin <= 0.2.27 - Unauthenticated Post Creation/Update/Deletion

The plugin does not have any authorisation in some of its REST route, which could allow unauthenticated users to delete, create and update arbitrary post...

6.5CVSS4.4AI score0.00589EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2022/08/04 12:0 a.m.•12 views

Download Manager < 3.2.53 - Unauthenticated Reflected Cross-Site Scripting

The plugin does not escape the $SERVER'REQUESTURI' parameter before outputting it back in an attribute of the modal login page only available when users are not logged in, which could lead to Reflected Cross-Site Scripting in old web browsers. PoC On the modal login page from the plugin and using...

0.9AI score
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2022/08/04 12:0 a.m.•18 views

Ecwid Ecommerce Shopping Cart < 6.10.24 - Settings Update via CSRF

The plugin does not correctly check for CSRF when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

8.8CVSS4.5AI score0.00482EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
•added 2022/08/04 12:0 a.m.•21 views

Sensei LMS < 4.5.0 - Unauthenticated Private Messages Disclosure via Rest API

The plugin does not have proper permissions set in one of its REST endpoint, allowing unauthenticated users to access private messages sent to teachers PoC https://example.com/wp-json/wp/v2/sensei-messages/...

5.3CVSS2.2AI score0.01868EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
•added 2022/08/04 12:0 a.m.•9 views

Sensei LMS < 4.5.2 - Arbitrary Private Message Sending via IDOR

The plugin does not ensure that the sender of a private message is either the teacher or the original sender, allowing any authenticated user to send messages to arbitrary private conversation via a IDOR attack. Note: Attackers are not able to see responses/messages between the teacher and studen...

4.3CVSS4AI score0.00645EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
•added 2022/08/03 12:0 a.m.•18 views

Download Manager < 3.2.51 - Contributor+ Arbitrary File Deletion

The plugin does not properly validate the path of the file saved within the download post to ensure it is a safe file type or is associated with a download post. As a result, authenticated users able to create downloads, could delete arbitrary files from the server...

8.8CVSS3.8AI score0.02678EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
•added 2022/08/03 12:0 a.m.•45 views

MailChimp for Woocommerce < 2.7.1 - Subscriber+ SSRF

The plugin has an AJAX action that allows any logged in users such as subscriber to perform a POST request on behalf of the server to the internal network/LAN, the body of the request is also appended to the response so it can be used to scan private network for example PoC As any logged in user:...

4.3CVSS4.5AI score0.00585EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/08/03 12:0 a.m.•20 views

MailChimp for Woocommerce < 2.7.2 - Admin+ SSRF

The plugin has an AJAX action that allows high privilege users to perform a POST request on behalf of the server to the internal network/LAN, the body of the request is also appended to the response so it can be used to scan private network for example PoC As an admin:...

2.7CVSS0.7AI score0.00632EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/08/03 12:0 a.m.•19 views

Anti-Malware Security and Brute-Force Firewall < 4.21.83 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape some parameters before outputting them back in an admin dashboard, leading to Reflected Cross-Site Scripting PoC https://example.com/wp-admin/admin.php?page=GOTMLS-settingsdebug=%3C%2Fscript%3E%3Cimg+src+onerror%3Dalert%281%29%3B%3E Also possible with the...

6.1CVSS0.3AI score0.0102EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/08/03 12:0 a.m.•18 views

WooCommerce PDF Invoices & Packing Slips < 3.0.1 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape some parameters before outputting them back in an attributes of an admin page, leading to Reflected Cross-Site Scripting. This is a re-introduction of CVE-2021-24991 in 2.14.0 PoC...

6.1CVSS0.5AI score0.01188EPSS
Exploits4Affected Software1
WPVulnDB
WPVulnDB
•added 2022/08/02 12:0 a.m.•18 views

Download Manager < 3.2.49 - Clear Stats & Cache via CSRF

The plugin does not have CSRF check in place in some of its action such as clear cache and stats as well as update template status, which could allow attackers to make a logged in admin call them via CSRF attacks...

8.8CVSS4.3AI score0.00309EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2022/08/02 12:0 a.m.•7 views

Social Slider Feed < 2.0.6 - Admin+ Stored XSS via API Key

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC Put the following payload in the YT API Key...

2.7AI score
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2022/08/02 12:0 a.m.•17 views

WP Hotel Booking < 1.10.6 - CSRF

The plugin is lacking CSRF which could allow attackers to a logged in admin perform unwanted actions via a CSRF attack...

8CVSS4.9AI score0.00325EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2022/08/02 12:0 a.m.•17 views

Fluent Support < 1.5.8 - Admin+ SQLi

The plugin does not properly sanitise, validate and escape various parameters before using them in an SQL statement, leading to an SQL Injection vulnerability exploitable by high privilege users PoC With at least one support ticket in the system:...

7.2CVSS1.4AI score0.00966EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/08/02 12:0 a.m.•21 views

MaxButtons < 9.3 - Arbitrary Settings Update via CSRF

The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

8.8CVSS5.7AI score0.00334EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2022/08/02 12:0 a.m.•16 views

uContext for Amazon <= 3.9.1 - Stored Cross-Site Scripting via CSRF

The plugin does not have CSRF check when saving its settings, and is also lacking sanitisation as well as escaping in some of them, which could allow attacker to make a logged in admin change them via a CSRF attack and put Cross-Site Scripting payloads in them...

8.8CVSS2.7AI score0.0056EPSS
Exploits0Affected Software1
Total number of security vulnerabilities14604