Lucene search
+L
WpvulndbRecent

14604 matches found

WPVulnDB
WPVulnDB
added 2022/07/26 12:0 a.m.24 views

Transposh WordPress Translation <= 1.0.8 - Subscriber+ Unauthorised Calls

The plugin exposes a couple of sensitive actions such has “tpreset” under the Utilities tab /wp-admin/admin.php?page=tputils, which can be used/executed as the lowest-privileged user. Basically all Utilities functionalities are vulnerable this way, which involves resetting configurations and...

6.5CVSS0.5AI score0.00891EPSS
Exploits5Affected Software1
WPVulnDB
WPVulnDB
added 2022/07/26 12:0 a.m.23 views

Simple Banner < 2.12.0 - Admin+ Stored Cross Site Scripting

The plugin does not properly sanitize its "Simple Banner Text" Settings allowing high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. PoC Put the following payloads in the "Simple Banner Text" settings of the plugin: Firefox...

4.8CVSS1.4AI score0.00444EPSS
Exploits1Affected Software1
WPVulnDB
WPVulnDB
added 2022/07/25 12:0 a.m.25 views

Transposh WordPress Translation <= 1.0.8 - Unauthenticated Settings Change

The plugin does not have any authorisation in its tptranslation AJAX action, allowing unauthenticated users to call it...

5.3CVSS4.1AI score0.03644EPSS
Exploits6Affected Software1
WPVulnDB
WPVulnDB
added 2022/07/25 12:0 a.m.24 views

WP-DBManager < 2.80.8 - Admin+ Remote Command Execution

The plugin does not prevent administrators from running arbitrary commands on the server in multisite installations, where only super-administrators should. PoC Use any WordPress plugin that allows the users to upload files with extension - ".php" is not required - for example: .jpg usually many...

7.2CVSS4.4AI score0.01012EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/07/25 12:0 a.m.56 views

SearchWP Live Ajax Search < 1.6.2 - Unauthenticated Arbitrary Post Title Disclosure

The plugin does not ensure that users making. alive search are limited to published posts only, allowing unauthenticated users to make a crafted query disclosing private/draft/pending post titles along with their permalink PoC...

5.3CVSS1.1AI score0.01464EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/07/25 12:0 a.m.15 views

Flipbox < 2.6.1 - Authenticated Arbitrary Options Update

The plugin does not have proper authorisation, allowing high privilege users such as editor to update arbitrary Blog options even though they should not be able to...

7.2CVSS4AI score0.00976EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2022/07/25 12:0 a.m.38 views

Transposh WordPress Translation <= 1.0.8 - Usernames Disclosure

The plugin does not have any authorisation in its tphistory AJAX action, allowing unauthenticated users to call it and retrieve a list of usernames which translated text...

5.3CVSS3.4AI score0.0305EPSS
Exploits4Affected Software1
WPVulnDB
WPVulnDB
added 2022/07/23 12:0 a.m.30 views

Translatepress Multilinugal < 2.3.3 - Admin+ SQLi

The plugin is vulnerable to an authenticated SQL injection. By adding a new language via the settings page containing specific special characters, the backticks in the SQL query can be surpassed and a time-based blind payload can be injected. PoC To exploit the vulnerability, someone must send a...

8.8CVSS3.8AI score0.03851EPSS
Exploits5References2Affected Software1
WPVulnDB
WPVulnDB
added 2022/07/22 12:0 a.m.15 views

Homepage Product Organizer for WooCommerce <= 1.1 - Subscriber+ SQLi

The plugin does not properly sanitise and escape some parameters before using them in SQL statements, leading to SQL injection exploitable by any authenticated users such as subscriber...

9.1CVSS1.7AI score0.00713EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2022/07/22 12:0 a.m.81 views

VR Calendar < 2.3.2 - Unauthenticated Arbitrary Function Call

The plugin lets any user execute arbitrary PHP functions on the site. PoC https://example.com/wp-admin/admin-post.php?vrccmd=phpinfo...

9.8CVSS1.3AI score0.12442EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/07/22 12:0 a.m.41 views

Simple Banner < 2.12.0 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape its settings proversionactivationcode settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

6.4CVSS2.1AI score0.00787EPSS
Exploits1Affected Software1
WPVulnDB
WPVulnDB
added 2022/07/22 12:0 a.m.19 views

WP Libre Form 2-2.0.8 - Unauthenticated Arbitrary Submissions Listing & Deletion

The plugin does not have proper authorisation in some of its REST endpoints, which could allow unauthenticated attackers to list and delete arbitrary submissions...

7.3CVSS4.7AI score0.00627EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2022/07/22 12:0 a.m.20 views

Stockists Manager for Woocommerce <= 1.0.2.1 - Stored Cross-Site Scripting via CSRF

The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack. Furthermore, due to the lack of sanitisation and escaping, it could also lead to Stored Cross-Site Scripting issues...

8.8CVSS4.7AI score0.00444EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2022/07/21 12:0 a.m.20 views

GREYD.SUITE < 1.2.7 - Unauthenticated File Upload to RCE

The plugin does not properly validate uploaded custom font packages, and does not perform any authorization or csrf checks, allowing an unauthenticated attacker to upload arbitrary files including php source files, leading to possible remote code execution RCE. Version 1.2.5 added CSRF checks PoC...

9.8CVSS2.2AI score0.01896EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/07/21 12:0 a.m.12 views

Digital Publications by Supsystic < 1.7.4 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. PoC 1. Create new publication, name it whatever 2. Click the "Custom Page" tab to add a new page: -...

4.8CVSS1.1AI score0.00493EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/07/20 12:0 a.m.20 views

Duplicate Page and Post Plugin < 2.8 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. PoC Put the following payload in the "Duplicate Post Suffix" or "Duplicate Link Text" settings: "...

4.8CVSS1.9AI score0.00493EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/07/20 12:0 a.m.27 views

Beaver Builder < 2.5.4.4 - Subscriber+ Arbitrary Post Builder Layout Disabling

The plugin does not have authorisation and CSRF checks in the flbuilderdisable AJAX action, which could allow any authenticated users, such as subscriber to disable the builder layout of arbitrary posts Note: The original advisory mentions the issue has been fixed, however only a CSRF check has...

9.8CVSS3.6AI score0.00751EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2022/07/19 12:0 a.m.12 views

Easy Student Results <= 2.2.8 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting PoC https://example.com/wp-admin/admin.php?page=rpsresultbatch=%3Cscript%3Ealert/XSS/%3C/script%3E...

6.1CVSS0.1AI score0.0051EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/07/19 12:0 a.m.12 views

Easy Student Results <= 2.2.8 - Sensitive Information Disclosure via REST API

The plugin lacks authorisation in its REST API, allowing unauthenticated users to retrieve information related to the courses, exams, departments as well as student's grades and PII such as email address, physical address, phone number etc PoC When the "Enable API for Mobile Apps" settings...

7.5CVSS0.3AI score0.02801EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/07/19 12:0 a.m.24 views

Testimonials <= 3.0.1 - Contributor+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some parameters available to users with a role as low as contributor, allowing them to perform Stored Cross-Site Scripting attacks...

5.4CVSS3.8AI score0.00457EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2022/07/19 12:0 a.m.19 views

Elementor Contact Form DB < 1.8.0 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape some parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting PoC When there is at least one submission: https://example.com/wp-admin/edit.php?posttype=elementorcfdb=sbelemcfdid="...

6.1CVSS0.8AI score0.0051EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/07/19 12:0 a.m.25 views

E Unlocked - Student Result <= 1.0.4 - Arbitrary File Upload via CSRF

The plugin is lacking CSRF and validation when uploading the School logo, which could allow attackers to make a logged in admin upload arbitrary files, such as PHP via a CSRF attack PoC The file will be uploaded to the /wp-content/uploads/result/rand.php, eg:...

8.8CVSS4.3AI score0.00443EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/07/18 12:0 a.m.33 views

Feed Them Social < 2.9.8.6 - Unauthenticated PHAR Deserialisation

The plugin does not validate the ftsurl parameter, which could lead to PHAR deserialisation when an attacker manage to upload a malicious file and a suitable gadget chain is present...

9.8CVSS2.6AI score0.0167EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2022/07/18 12:0 a.m.20 views

Website File Changes Monitor < 1.8.3 - Admin+ SQLi

The plugin does not sanitise and escape user input before using it in a SQL statement via an action available to users with the manageoptions capability by default admins, leading to an SQL injection PoC A user with manageoptions permission can exploit the vulnerability with the following request...

9.8CVSS9.6AI score0.01047EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/07/18 12:0 a.m.31 views

MultiSafepay < 4.16.0 - Unauthenticated Arbitrary File Access

The plugin does not validate a parameter which could allow unauthenticated users to read arbitrary files on the web server...

7.5CVSS4.2AI score0.02193EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2022/07/18 12:0 a.m.25 views

Easy Username Updater < 1.0.5 - Arbitrary Username Update via CSRF

The plugin does not implement CSRF checks, which could allow attackers to make a logged in admin change any user's username includes the admin PoC...

6.5CVSS4.8AI score0.00331EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/07/18 12:0 a.m.25 views

Crowdsignal Polls & Ratings < 3.0.8 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting PoC...

6.1CVSS1.5AI score0.00529EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/07/18 12:0 a.m.17 views

WPDating <= 7.1.9 - Multiple SQL Injection Issues

The plugin does not properly escape user input before concatenating it to certain SQL queries, leading to multiple SQL injection vulnerabilities. PoC http://vulnerable-site.tld/wp-content/plugins/dspdating/m1/postone.php?senderid=senderidsleep10id=senderidsleep10...

9.8CVSS0.9AI score0.00908EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/07/18 12:0 a.m.22 views

WP DS Blog Map <= 3.1.3 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfilteredhtml capability is disallowed for example in multisite setup PoC Put the following payload in any of the settings...

4.8CVSS1AI score0.00511EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/07/18 12:0 a.m.35 views

Directorist - Business Directory Plugin < 7.2.3 - Admin+ Arbitrary File Upload

The plugin allows administrators to download other plugins from the same vendor directly to the site, but does not check the URL domain it gets the zip files from. This could allow administrators to run code on the server, which is a problem in multisite configurations. PoC 1. Craft a custom zip...

4.9CVSS0.1AI score0.00791EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2022/07/18 12:0 a.m.23 views

Inspiro Premium < 7.2.3 - Contributor+ Stored Cross-Site Scripting

The plugin does not sanitize the portfolio slider description, allowing users with privileges as low as Contributor to inject JavaScript into the description. PoC Steps to reproduce: 1 As a Contributor, go to portfolio on the dashboard and add new item. 2 on the editing page that comes up, scroll...

5.4CVSS1.4AI score0.00512EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/07/18 12:0 a.m.20 views

Better Tag Cloud <= 0.99.5 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfilteredhtml capability is disallowed for example in multisite setup PoC Put the following payload in any text field setting...

4.8CVSS1.6AI score0.00511EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/07/18 12:0 a.m.15 views

DW Promobar <= 1.0.4 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfilteredhtml capability is disallowed for example in multisite setup PoC Put the following payload in any of the plugin...

4.8CVSS2.2AI score0.00511EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/07/18 12:0 a.m.17 views

mTouch Quiz <= 3.1.3 - Admin+ Stored Cross Site Scripting

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfilteredhtml capability is disallowed for example in multisite setup PoC Put the following payload in any of the delimiter...

4.8CVSS1.8AI score0.00511EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/07/18 12:0 a.m.18 views

YaySMTP < 2.2.1 - Subscriber+ Stored Cross-Site Scripting

The plugin does not have proper authorisation when saving its settings, allowing users with a role as low as subscriber to change them, and use that to conduct Stored Cross-Site Scripting attack due to the lack of escaping in them as well. v2.2.1 fixed the authorisation issue but not the escaping...

5.4CVSS5.4AI score0.00512EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/07/18 12:0 a.m.28 views

YaySMTP < 2.2.2 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfilteredhtml capability is disallowed for example in multisite setup PoC Put the following payload in the From Email or From...

4.8CVSS1.7AI score0.00511EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/07/18 12:0 a.m.16 views

Thinkific Uploader <= 1.0.0 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks against other administrators. PoC Put the following payload in any of the settings: "...

4.8CVSS2.6AI score0.00511EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/07/18 12:0 a.m.16 views

Google Maps Anywhere <= 1.2.6.3 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape any of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfilteredhtml capability is disallowed for example in multisite setup PoC Put the following payload in any of the plugin...

4.8CVSS1.7AI score0.00511EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/07/18 12:0 a.m.10 views

Name Directory < 1.25.5 - Stored Cross-Site Scripting via CSRF

The plugin does not have CSRF check when adding/editing names, and is also lacking sanitisation as well as escaping in some of the fields, which could allow attackers to make a logged in admin edit arbitrary names and put XSS payloads in them. PoC...

3.7AI score
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2022/07/18 12:0 a.m.41 views

WP OAuth2 Server <= 1.0.1 - Authentication Bypass

The plugin does not properly check for authentication, which could allow attackers to bypass it...

9.8CVSS4.8AI score0.0088EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2022/07/14 12:0 a.m.26 views

Slide Anything < 2.3.47 - Author+ Cross Site Scripting in slide title

The plugin does not properly sanitize or escape the slide title before outputting it in the admin pages, allowing a logged in user with roles as low as Author to inject a javascript payload into the slide title even when the unfilteredhtml capability is disabled. An incomplete fix was introduced ...

0.9AI score0.0053EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/07/14 12:0 a.m.19 views

WP Comments Fields < 4.1 - Admin+ Stored Cross-Site Scripting

The plugin does not escape Field Error Message, which could allow high-privileged users to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed PoC Create/edit a Comment Fields Comments Comment Fields and put the following payload in the Error Message setting: "autofocus...

4.8CVSS2.5AI score0.00511EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/07/12 12:0 a.m.22 views

GiveWP < 2.21.0 - Manager+ Arbitrary File Access via Export

The plugin does not validate the file to be exported, which could allow manager to read arbitrary file on the web server...

5.5CVSS3.3AI score0.00694EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2022/07/12 12:0 a.m.48 views

GiveWP < 2.21.0 - Manager+ Arbitrary File Creation via Export

The plugin does not validate the exported file, which could allow high privilege users such as Managers to create arbitrary files...

9.1CVSS4.7AI score0.01482EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2022/07/12 12:0 a.m.26 views

Discy < 5.0 - Subscriber+ Broken Access Control to change settings

The theme lacks authorization checks then processing ajax requests to the discyupdateoptions action, allowing any logged in users with privileges as low as Subscriber, to change the theme options by sending a crafted POST request. PoC POST /wp-admin/admin-ajax.php HTTP/1.1 Content-Type:...

6.5CVSS4.7AI score0.00645EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/07/12 12:0 a.m.31 views

weForms < 1.6.14 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. PoC On the dashboard navigate to weForms All Forms Add Form Choose Contact Form; Click Create Form...

4.8CVSS0.7AI score0.00511EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/07/12 12:0 a.m.24 views

User Private Files < 1.1.3 - Subscriber+ Arbitrary File Upload

The plugin does not filter file extensions when letting users upload files on the server, which may lead to malicious code being uploaded. PoC 1 Create a file named exploit.php, which contains:...

8.8CVSS2.2AI score0.00795EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/07/11 12:0 a.m.19 views

CAPTCHA 4WP < 7.1.0 - Local File Inclusion via CSRF

The plugin lets user input reach a sensitive requireonce call in one of its admin-side templates. This can be abused by attackers, via a Cross-Site Request Forgery attack to run arbitrary code on the server. PoC 1 Create a malicious PHP script $ echo ' shell.php 2 Add it to a fake .doc file, who...

8.8CVSS1.2AI score0.00499EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/07/11 12:0 a.m.29 views

YaySMTP < 2.2.1 - Subscriber+ SMTP Credentials Leak

The plugin does not have capability check before displaying the Mailer Credentials in JS code for the settings, allowing any authenticated users, such as subscriber to retrieve them PoC Install the plugin and configure any mailer other than Default. Access the wp-admin area with a Subscriber+ use...

6.5CVSS1.5AI score0.0077EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/07/11 12:0 a.m.17 views

Featured Image from URL < 4.0.1 - Admin+ Stored Cross-Site Scripting

The plugin does not validate, sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfilteredhtml capability is disallowed for example in multisite setup PoC POST...

4.8CVSS0.2AI score0.00511EPSS
Exploits2Affected Software1
Total number of security vulnerabilities14604