Lucene search
+L
WpvulndbRecent

14604 matches found

WPVulnDB
WPVulnDB
added 2022/08/02 12:0 a.m.14 views

Link Optimizer Lite <= 1.4.5 - Stored Cross-Site Scripting via CSRF

The plugin does not have CSRF check when saving its settings, and is also lacking sanitisation as well as escaping in some of them, which could allow attacker to make a logged in admin change them via a CSRF attack and put Cross-Site Scripting payloads in them...

8.8CVSS3AI score0.00543EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2022/08/02 12:0 a.m.15 views

Banner Cycler <= 1.4 - Stored Cross-Site Scripting via CSRF

The plugin does not have CSRF check when saving its slide settings, and is also lacking sanitisation as well as escaping in some of them, which could allow attacker to make a logged in admin change them via a CSRF attack and put Cross-Site Scripting payloads in them...

8.8CVSS2.9AI score0.00546EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2022/08/02 12:0 a.m.18 views

Affiliate For WooCommerce < 4.8.0 - Subscriber+ Paypal Email Update via IDOR

The plugin allows users with a role as low as subscriber to change the PayPal Email via an IDOR attack when the WooCommerce PayPal Payments plugin is also installed...

6.5CVSS4.7AI score0.00525EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2022/08/02 12:0 a.m.14 views

uContext for Clickbank <= 3.9.1 - Stored Cross-Site Scripting via CSRF

The plugin does not have CSRF check when saving its settings, and is also lacking sanitisation as well as escaping in some of them, which could allow attacker to make a logged in admin change them via a CSRF attack and put Cross-Site Scripting payloads in them...

8.8CVSS2.8AI score0.00552EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2022/08/01 12:0 a.m.15 views

Affiliate For WooCommerce < 4.8.0 - Subscriber+ Unauthorised Actions

The plugin does not have authorisation in various actions, which could allow users with a role as low as subscriber to call them...

8.8CVSS4.9AI score0.00707EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2022/08/01 12:0 a.m.20 views

Download Manager < 3.2.50 - Bypass IP Address Blocking Restriction

The plugin prioritizes getting a visitor's IP from certain HTTP headers over PHP's REMOTEADDR, which makes it possible to bypass IP-based download blocking restrictions. PoC When downloading a file, add an X-Forwarded-For header that contains a random IP address to your request...

7.5CVSS1.8AI score0.00958EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/08/01 12:0 a.m.12 views

Student Result or Employee Database < 1.8.0 - Unauthorised REST Calls

The plugin has a flawed permission callback in its REST endpoints, allowing unauthenticated attackers to call them and add/edit/delete arbitrary student for example PoC POST /wp-json/v2/ssradddata HTTP/1.1 Accept: / Accept-Language: en-GB,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type:...

1.1AI score
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2022/08/01 12:0 a.m.19 views

Download Manager < 3.2.49 - Contributor+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some parameters which could allow users with a role as low as contruibutor to perform Stored Cross-Site Scripting attacks...

5.4CVSS3AI score0.00449EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2022/08/01 12:0 a.m.19 views

Button Plugin MaxButtons < 9.3 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS2.3AI score0.00424EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2022/08/01 12:0 a.m.39 views

Simple Job Board < 2.10.0 - Resume Disclosure via Directory Listing

The plugin is susceptible to Directory Listing which allows the public listing of uploaded resumes in certain configurations. PoC curl https://example.com/wp-content/uploads/jobpost Search for this path / folder in search engines to find uploaded resumes...

5.3CVSS0.2AI score0.00787EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/08/01 12:0 a.m.14 views

Rich Reviews <= 1.9.15 - Arbitrary Reviews Deletion via CSRF

The plugin does not have CSRF in place when deleting reviews, w which could allow attackers to make a logged in admin delete them via a CSRF attack...

5.4CVSS5.4AI score0.00274EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2022/08/01 12:0 a.m.26 views

Enable SVG, WebP & ICO Upload <= 1.0.1 - Author+ Arbitrary File Upload

The plugin does not validate upload files, which could allow users with a role as low as author to upload arbitrary files...

8.8CVSS3.4AI score0.00998EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2022/08/01 12:0 a.m.27 views

Ninja Job Board < 1.3.3 - Resume Disclosure via Directory Listing

The plugin does not protect the directory where it stores uploaded resumes, making it vulnerable to unauthenticated Directory Listing which allows the download of uploaded resumes. PoC curl https://example.com/wp-content/uploads/wpjobboard Search for this path / folder in search engines to find...

7.5CVSS0.4AI score0.03158EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2022/08/01 12:0 a.m.27 views

MailerLite - Signup forms (official) < 1.5.7 - API Key Update via CSRF

The plugin does not have CSRF check in place when updating its API key, which could allow attackers to make a logged in admin change it via a CSRF attack...

8.8CVSS4.5AI score0.00309EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2022/08/01 12:0 a.m.22 views

WP Edit Menu < 1.5.0 - Unauthenticated Arbitrary Post Deletion

The plugin does not have authorisation and CSRF in an AJAX action, which could allow unauthenticated attackers to delete arbitrary posts/pages from the blog PoC https://example.com/wp-admin/admin-ajax.php?action=filtermenu=post-id...

4.3CVSS2.7AI score0.00336EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2022/08/01 12:0 a.m.24 views

Download Manager < 3.2.49 - Multiple CSRF

The plugin does not have CSRF check in place in some places, which could allow attackers to make a logged in admin perform unwanted actions...

8.8CVSS5.2AI score0.00289EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2022/08/01 12:0 a.m.10 views

Social Slider Feed < 2.0.5 - Subscriber+ Arbitrary Feed Deletion

The plugin does not have authorisation and CSRF check in place when deleting feeds, allowing ay authenticated users, such as subscriber to delete arbitrary feeds PoC As any authenticated user, such as subscriber. Or via CSRF against them...

2.3AI score
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2022/08/01 12:0 a.m.13 views

Social Slider Feed < 2.0.5 - Subscriber+ Stored XSS via Feeds

The plugin does not have authorisation and CSRF check in place when adding and editing a Feed, and does not sanitise as well as escape user input. As a result, users with a role as low as subscriber could add arbitrary feeds, with Stored Cross-Site Scripting payloads in them. PoC As any...

1.6AI score
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2022/08/01 12:0 a.m.14 views

Lana Downloads Manager < 1.8.0 - Contributor+ Arbitrary File Download

The plugin is affected by an arbitrary file download vulnerability that can be exploited by users with "Contributor" permissions or higher. PoC As contributor, navigate to https://target/blog/wp-admin/post-new.php?posttype=lanadownload Inside "File URL:" input, fill the file you want to download,...

6.5CVSS1.7AI score0.00911EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/08/01 12:0 a.m.37 views

Duplicator < 1.4.7.1 - Unauthenticated System Information Disclosure

The plugin does not authenticate or authorize visitors before displaying information about the system such as server software, php version and full file system path to the site. PoC 1. curl 'http://example.com/wp-content/backups-dup-lite/dup-installer/main.installer.php?view=1' 2. curl -d view...

5.3CVSS2.6AI score0.08415EPSS
Exploits5References2Affected Software1
WPVulnDB
WPVulnDB
added 2022/08/01 12:0 a.m.26 views

LinkWorth Plugin < 3.3.4 - Arbitrary Setting Update via CSRF

The plugin does not implement nonce checks, which could allow attackers to make a logged in admin change settings via a CSRF attack. PoC...

4.3CVSS4.7AI score0.00317EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2022/08/01 12:0 a.m.27 views

WP phpMyAdmin < 5.2.0.4 - Admin+ Stored Cross-Site Scripting

The plugin does not escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfilteredhtml capability is disallowed for example in multisite setup PoC Put the following payload in the "phpMyAdmin on hosting" setting...

4.8CVSS2AI score0.00642EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/08/01 12:0 a.m.30 views

NEX-Forms < 7.9.7 - Authenticated SQLi

The plugin does not properly sanitise and escape user input before using it in SQL statements, leading to SQL injections. The attack can be executed by anyone who is permitted to view the forms statistics chart, by default administrators, however can be configured otherwise via the plugin setting...

8.8CVSS2.5AI score0.10375EPSS
Exploits5References2Affected Software1
WPVulnDB
WPVulnDB
added 2022/08/01 12:0 a.m.15 views

Social Slider Feed < 2.0.5 - Reflected Cross-Site Scripting

The plugin does not escape some URLs before outputting them back in attributes, leading to Reflected Cross-Site Scripting...

1.3AI score
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2022/08/01 12:0 a.m.21 views

Multiple Plugins from Puvox.software - Reflected Cross-Site Scripting

The plugins do not escape some URLs before outputting them back in attributes, leading to Reflected Cross-Site Scripting PoC https://example.com/wp-admin/admin.php?page=wp-phpmyadmin-extension=errors-logreset"...

0.2AI score
Exploits0Affected Software19
WPVulnDB
WPVulnDB
added 2022/08/01 12:0 a.m.13 views

Student Result or Employee Database < 1.7.5 - Stored Cross Site Scripting via CSRF

The plugin does not have CSRF in its AJAX actions, allowing attackers to make logged in user with a role as low as contributor to add/edit and delete students via CSRF attacks. Furthermore, due to the lack of sanitisation and escaping, it could also lead to Stored Cross-Site scripting PoC...

5.4CVSS4.6AI score0.00254EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/08/01 12:0 a.m.24 views

Enable SVG, WebP & ICO Upload <= 1.0.1 - Author+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some parameter, which could allow users with a role as low as author to perform stored Cross-Site Scripting attacks...

5.4CVSS2.5AI score0.00462EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2022/08/01 12:0 a.m.32 views

Duplicator < 1.4.7 - Unauthenticated Backup Download

The plugin discloses the url of the a backup to unauthenticated visitors accessing the main installer endpoint of the plugin, if the installer script has been run once by an administrator, allowing download of the full site backup without authenticating. PoC Find the URL of the actual installer...

7.5CVSS7.4AI score0.12485EPSS
Exploits5References2Affected Software1
WPVulnDB
WPVulnDB
added 2022/08/01 12:0 a.m.9 views

Social Slider Feed < 2.0.5 - Subscriber+ Arbitrary API Key Update to Stored XSS

The plugin does not have authorisation and CSRF check in place when saving the YouTube API Key, and does not sanitise as well as escape it. As a result, users with a role as low as subscriber could change it, including setting it with Stored Cross-Site Scripting payloads in it PoC As any...

1.9AI score
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2022/08/01 12:0 a.m.23 views

WP Sticky Button < 1.4.1 - Unauthenticated Arbitrary Settings Update to Stored XSS

The plugin does not have authorisation and CSRF checks when saving its settings, allowing unauthenticated users to update them. Furthermore, due to the lack of escaping in some of them, it could lead to Stored Cross-Site Scripting issues PoC fetch"/wp-admin/admin-ajax.php", "headers":...

5.4CVSS2.8AI score0.00302EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/08/01 12:0 a.m.20 views

WP Edit Menu <= 1.5.0 - Arbitrary Post Deletion via CSRF

The plugin does not have CSRF in an AJAX action, which could allow attackers to make a logged in admin delete arbitrary posts/pages from the blog via a CSRF attack PoC...

4.3CVSS5.1AI score0.00292EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/08/01 12:0 a.m.65 views

Advanced Custom Fields 5.0-5.12.2 - Unauthenticated File Upload

The plugin allows unauthenticated users to upload files allowed in a default WP configuration so PHP is not possible if there is a frontend form available. This vulnerability was introduced in the 5.0 rewrite and did not exist prior to that release. By default WordPress does not allow uploading o...

8.8CVSS1.7AI score0.01264EPSS
Exploits2References1Affected Software2
WPVulnDB
WPVulnDB
added 2022/08/01 12:0 a.m.23 views

Better Search and Replace < 1.4.1 - Admin+ SQLi

The plugin does not properly sanitise and escape table data before inserting it into a SQL query, which could allow high privilege users to perform SQL Injection attacks PoC POST /wp-admin/tools.php?page=better-search-replace&bsr-ajax;=processsearchreplace HTTP/1.1 Accept: application/json,...

7.2CVSS1.4AI score0.01066EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/07/31 12:0 a.m.15 views

Fast Flow < 1.2.13 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its Widget settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC Create/edit a dashboard with an HTML...

5.5CVSS0.7AI score0.00597EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/07/29 12:0 a.m.17 views

Floating Div <= 3.0 - Author+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some parameters which could allow users with a role as low as author to perform Cross-Site Scripting attacks...

4.8CVSS3.2AI score0.00463EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2022/07/29 12:0 a.m.17 views

Simple SEO < 1.7.92 - Contributor+ Stored Cross-Site Scripting

The plugin does not properly sanitise and escape the SEO social and standard title parameters, which could allow users with a role as low as contributor to perform Cross-Site Scripting attacks...

6.4CVSS3.4AI score0.00495EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2022/07/28 12:0 a.m.21 views

VR Calendar <= 2.3.4 - Admin+ LFI

The plugin does not validate user input before using it in a require statement, which could allow high privilege users to perform LFI attacks. The attack could also be performed via a CSRF vector by making a logged in admin open a malicious link PoC...

3.8AI score
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2022/07/28 12:0 a.m.12 views

VR Calendar < 2.3.1 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape some parameters before outputting them back in the page, leading to Reflected Cross-Site Scripting PoC https://example.com/wp-admin/plugins.php?vrcmsg=msgtype="...

0.6AI score
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2022/07/27 12:0 a.m.19 views

WordPress Team Members Showcase < 4.1.2 - Subscriber+ Arbitrary File Read and Deletion

The plugin contains a file which could allow any authenticated users to download arbitrary files from the server via a path traversal vector. Furthermore, the file will also be deleted after its content is returned to the user PoC...

8.8CVSS3.1AI score0.0129EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/07/27 12:0 a.m.21 views

GS Testimonial Slider <= 1.9.1 - Author+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some parameters, which could allow users with a role as low as author to perform Stored Cross-Site Scripting attacks...

4.8CVSS4AI score0.00463EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2022/07/26 12:0 a.m.36 views

Coming Soon - Under Construction <= 1.2.0 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitize and escape some of its settings, which could allow high-privileged users to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed PoC As admin, put the following payload in the "More text information" settings of the plugin: The XSS will be...

4.8CVSS2.1AI score0.00513EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/07/26 12:0 a.m.29 views

Transposh WordPress Translation <= 1.0.8 - Admin+ SQL Injection

The plugin does not sanitise and escape the order and orderby parameters before using them in a SQL statement, leading to a SQL injection PoC https://example.com/wp-admin/admin.php?page=tpeditor=filter-by=+AND+SELECT+42+FROM+SELECTSLEEP5b...

7.2CVSS0.3AI score0.01202EPSS
Exploits5Affected Software1
WPVulnDB
WPVulnDB
added 2022/07/26 12:0 a.m.13 views

Rezgo Online Booking < 4.1.8 - Reflected Cross-Site-Scripting

The plugin does not sanitise and escape some parameters before outputting them back in a page, leading to a Reflected Cross-Site Scripting, which can be exploited either via a LFI in an AJAX action, or direct call to the affected file PoC Direct call:...

6.1CVSS0.1AI score0.00531EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/07/26 12:0 a.m.24 views

Product Slider for WooCommerce < 2.5.7 - Subscriber+ Arbitrary Options Deletion

The plugin has flawed CSRF checks and lack authorisation in some of its AJAX actions, allowing any authenticated users, such as subscriber to call them. One in particular could allow them to delete arbitrary blog options. PoC fetch"/wp-admin/admin-ajax.php", "headers": "content-type":...

4.3CVSS3.7AI score0.00308EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/07/26 12:0 a.m.30 views

WPGraphQL WooCommerce <= 0.11.0 - Unauthenticated Coupon Codes Disclosure

The plugin does not prevent unauthenticated attackers from enumerating a shop's coupon codes and values via GraphQL. PoC The vulnerability exists due to the plugin only preventing users from leaking coupons using the "coupons" aggregate field, and not the regular "coupon" field. Given a valid...

1.6AI score0.00724EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2022/07/26 12:0 a.m.30 views

Feed Them Social < 3.0.1 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting PoC Against any authenticated user: https://example.com/wp-admin/admin-ajax.php?action=ftsencrypttokenajaxtoken=%3Cimg%20src=x%20onerror=alert/XSS/%3E...

6.1CVSS0.00634EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/07/26 12:0 a.m.23 views

Feed Them Social < 3.0.1 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting PoC Both can be used against authenticated and unauthenticated users https://example.com/wp-admin/admin-ajax.php?action=ftsrefreshtokenajaxtoken=...

6.1CVSS0.8AI score0.04873EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/07/26 12:0 a.m.14 views

Automations By Autonami < 2.1.2 - Subscriber+ Automation Creation

The plugin does not have authorisation and CSRF checks in one of its AJAX action, allowing any authenticated users, such as subscriber to create automations PoC var data = new FormData data.append'file',new...

4.3CVSS4.5AI score0.00308EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/07/26 12:0 a.m.26 views

Directorist < 7.3.0 - Subscriber+ Arbitrary E-mail Sending

The plugin does not have authorisation and CSRF checks in an AJAX action, allowing any authenticated users to send arbitrary emails on behalf of the blog PoC fetch"/wp-admin/admin-ajax.php", "headers": "content-type": "application/x-www-form-urlencoded", , "method": "POST", "body":...

4.3CVSS3.8AI score0.00308EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/07/26 12:0 a.m.24 views

Transposh WordPress Translation <= 1.0.8 - Subscriber+ Unauthorised Calls

The plugin exposes a couple of sensitive actions such has “tpreset” under the Utilities tab /wp-admin/admin.php?page=tputils, which can be used/executed as the lowest-privileged user. Basically all Utilities functionalities are vulnerable this way, which involves resetting configurations and...

6.5CVSS0.5AI score0.00891EPSS
Exploits5Affected Software1
Total number of security vulnerabilities14604