Lucene search
+L
WpvulndbRecent

14604 matches found

WPVulnDB
WPVulnDB
•added 2022/07/11 12:0 a.m.•20 views

Featured Image from URL < 4.0.0 - Arbitrary Settings Update to Stored XSS via CSRF

The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack. Furthermore, due to the lack of validation, sanitisation and escaping in some of them, it could also lead to Stored XSS issues PoC All...

6.1CVSS3.2AI score0.00529EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/07/11 12:0 a.m.•31 views

GiveWP < 2.21.3 - Admin+ Stored Cross-Site Scripting

The plugin does not properly sanitise and escape the currency settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfilteredhtml capability is disallowed for example in multisite setup PoC Get a REST nonce logged in as admin:...

4.8CVSS4.8AI score0.00511EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/07/11 12:0 a.m.•20 views

YaySMTP < 2.2.1 - Subscriber+ Logs Disclosure

The plugin does not have capability check in an AJAX action, allowing any logged in users, such as subscriber to view the Logs of the plugin PoC @author : 0xshdax Rafshanzani Suhada @usage : python3 script.py http://localhost import requests, sys, re, json Setup here url = sys.argv1 headers =...

4.3CVSS4.6AI score0.00605EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/07/11 12:0 a.m.•18 views

Event Timeline <= 1.1.6 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitize and escape Timeline Text, which could allow high-privileged users such as admin to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed PoC Create/edit a Timeline, put the following payload in the "Text" field at the bottom: Click save below the...

4.8CVSS2.2AI score0.00511EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/07/11 12:0 a.m.•22 views

GiveWP < 2.21.3 - DoS via CSRF

The plugin does not have CSRF in place when exporting data, and does not validate the exporting parameters such as dates, which could allow attackers to make a logged in admin DoS the web server via a CSRF attack as the plugin will try to retrieve data from the database many times which leads to...

6.5CVSS3.8AI score0.00383EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/07/08 12:0 a.m.•22 views

Counter Box < 1.2.1 - Arbitrary Counter Activation/Deactivation via CSRF

The plugin is lacking CSRF check when activating and deactivating counters, which could allow attackers to make a logged in admin perform such actions via CSRF attacks PoC https://example.com/wp-admin/admin.php?page=counter-box=1=activate...

8.8CVSS4AI score0.00451EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/07/07 12:0 a.m.•19 views

Team <= 1.2.6 - Contributor+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some parameters, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks...

5.4CVSS3AI score0.00457EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2022/07/07 12:0 a.m.•8 views

Shortcode For Current Date < 2.1.7 - Contributor+ Stored Cross-Site Scripting

The plugin does not escape the some of its shortcode's attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks PoC currentdate format='d/m/Y' size="10px;position:absolute;top:0;left:0;max-width:9999px;width:9999px;height:9999px'...

2.9AI score
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2022/07/07 12:0 a.m.•16 views

Copyright Proof <= 4.16 - Reflected Cross-Site-Scripting

The plugin does not sanitise and escape a parameter before outputting it back via an AJAX action available to both unauthenticated and authenticated users, leading to a Reflected Cross-Site Scripting when a specific setting is enabled. PoC To make it easier to verify the vulnerability without the...

6.1CVSS0.6AI score0.00955EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/07/07 12:0 a.m.•21 views

Microsoft Advertising Universal Event Tracking < 1.0.4 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. Due to the nature of this plugin, well crafted XSS can also leak into the frontpage. PoC Put the followi...

4.8CVSS1.6AI score0.01089EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/07/06 12:0 a.m.•53 views

Simple Membership < 4.1.3 - Unauthenticated Membership Privilege Escalation

The plugin allows user to change their membership at the registration stage due to insufficient checking of a user supplied parameter. Note: This only affects membership from the plugin, not the WordPress role PoC The request contains the levelidentifier parameter with the md52 value, where 2 is...

9.8CVSS1.3AI score0.01126EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/07/06 12:0 a.m.•19 views

Flexi Quote Rotator <= 0.9.4 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. PoC Add the following payload to a new quote:...

4.8CVSS3AI score0.00511EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/07/06 12:0 a.m.•18 views

Simple Membership < 4.1.3 - Membership Privilege Escalation

The plugin does not properly validate the membershiplevel parameter when editing a profile, allowing members to escalate to a higher membership level by using a crafted POST request. Note: This only affects membership from the plugin, not the WordPress role PoC To increase the level, the attacker...

8.8CVSS0.7AI score0.00954EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/07/05 12:0 a.m.•10 views

Invitation Based Registrations <= 2.2.84 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfilteredhtml capability is disallowed for example in multisite setup PoC Put the following payload in the "After Register...

4.8CVSS2.4AI score0.00511EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/07/05 12:0 a.m.•30 views

FreeMind WP Browser <= 1.2 - Stored Cross-Site Scripting via CSRF

The plugin does not have CSRF check in place when updating its setting, and does not have sanitisation as well as escaping in some of them, which could allow attackers to make a logged in admin put a Cross-Site Scripting payload in them via CSRF attack...

6.1CVSS4.4AI score0.00893EPSS
Exploits1Affected Software1
WPVulnDB
WPVulnDB
•added 2022/07/05 12:0 a.m.•23 views

AnyMind Widget <= 1.1 - Stored Cross-Site Scripting via CSRF

The plugin does not have CSRF check in place when updating the setWidgetId setting, and does not have sanitisation as well as escaping applied to it, which could allow attackers to make a logged in admin put a Cross-Site Scripting payload in it via CSRF attack...

4.6AI score0.01165EPSS
Exploits1Affected Software1
WPVulnDB
WPVulnDB
•added 2022/07/05 12:0 a.m.•29 views

WP Visitor Statistics (Real Time Traffic) < 5.8 - Unauthenticated SQLi

The plugin does not properly sanitise and escape some parameters before using them in SQL statements available to unauthenticated users, leading to SQL injection...

9.8CVSS2.8AI score0.03413EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2022/07/05 12:0 a.m.•24 views

Advanced WordPress Reset < 1.6 - Reflected Cross-Site Scripting

The plugin does not escape some generated URLs before outputting them back in href attributes of admin dashboard pages, leading to Reflected Cross-Site Scripting PoC - Completely reset the site using the plugin - Visit https://example.com/wp-admin/tools.php?page=advancedwpreset&"...

6.1CVSS0.6AI score0.00569EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/07/05 12:0 a.m.•23 views

Visualizer: Tables and Charts Manager for WordPress < 3.7.10 - Contributor+ PHAR Deserialization

The plugin does not validate the ‘remotedata’ parameter allowing contributor and above roles to call files using a PHAR wrapper that will deserialize the data and call arbitrary PHP objects when a POP chain is present...

3.8CVSS3.4AI score0.00572EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2022/07/05 12:0 a.m.•24 views

WordPress Popup <= 1.9.3.8 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfilteredhtml capability is disallowed for example in multisite setup PoC On...

4.8CVSS1.4AI score0.00511EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/07/05 12:0 a.m.•31 views

Login with phone number < 1.3.8 - Multiple Admin+ Stored XSS

The plugin does not sanitise and escape plugin settings which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. PoC Plugin settings Style Settings button border radius or other field put to input field:...

4.8CVSS2AI score0.00579EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/07/04 12:0 a.m.•18 views

Unyson < 2.7.27 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting PoC https://example.com/wp-admin/admin.php?page=fw-extensions&sub-page;=extension=feedback...

7.2CVSS0.3AI score0.01448EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/07/04 12:0 a.m.•10 views

NextScripts: Social Networks Auto-Poster < 4.3.26 - Reflected Cross-Site Scripting

The plugin does not escape a generated URL before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting PoC https://example.com/wp-admin/admin.php?page=nxssnap"...

0.3AI score
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2022/07/04 12:0 a.m.•21 views

Header Footer Code Manager < 1.1.24 - Reflected Cross-Site Scripting

The plugin does not escape generated URLs before outputting them back in attributes in an admin page, leading to a Reflected Cross-Site Scripting. PoC https://example.com/wp-admin/admin.php?page=hfcm-list&'...

6.1CVSS0.3AI score0.01072EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/07/04 12:0 a.m.•24 views

Name Directory < 1.25.3 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting. Furthermore, as the payload is also saved into the database after the request, it leads to a Stored XSS as well PoC...

6.1CVSS0.5AI score0.00569EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/07/04 12:0 a.m.•9 views

Booster for WooCommerce < 5.6.2 - Reflected Cross-Site Scripting

The plugin does not escape some generated URLs before outputting them back in attributes, leading to Reflected Cross-Site Scripting PoC v v...

0.8AI score
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2022/07/04 12:0 a.m.•21 views

Name Directory < 1.25.4 - Stored Cross-Site Scripting via CSRF

The plugin does not have CSRF check when importing names, and is also lacking sanitisation as well as escaping in some of the imported data, which could allow attackers to make a logged in admin import arbitrary names with XSS payloads in them. PoC As admin, Import the following CSV...

6.1CVSS3.7AI score0.00284EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/07/04 12:0 a.m.•23 views

Shareaholic < 9.7.6 - Information Disclosure

The plugin does not have proper authorisation check in one of the AJAX action, available to unauthenticated in v 9.7.5 and author+ in v9.7.5 users, allowing them to call it and retrieve various information such as the list of active plugins, various version like PHP, cURL, WP etc. PoC...

5.3CVSS1AI score0.01633EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/07/04 12:0 a.m.•8 views

Name Directory < 1.25.4 - Arbitrary Directory/Name Deletion via CSRF

The plugin does not have CSRF checks in place when deleting Directories and Names, which could allow attackers to make a logged in admin delete them via a CSRF attack PoC https://example.com/wp-admin/admin.php?page=name-directorydir=2...

3.6AI score
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2022/07/04 12:0 a.m.•16 views

Ivory Search < 5.4.7 - Reflected Cross-Site Scripting

The plugin does not escape some URLs before outputting them back in attributes, leading to Reflected Cross-Site Scripting PoC When the plugin displays the usage notice: https://example.com/wp-admin/plugins.php?"...

0.3AI score
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2022/07/04 12:0 a.m.•23 views

Popup Anything < 2.1.7 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape a parameter before outputting it back in a frontend page, leading to a Reflected Cross-Site Scripting PoC On a post/page where the paocdetails display="keyxxx" shortcode is embed, append the following payload: ?xxx=11111%3Cscript%3Ealert/XSS/%3C/script%3E...

6.1CVSS6.2AI score0.0055EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/07/01 12:0 a.m.•15 views

Yellow Yard Searchbar <= 2.7.27 - Reflected Cross-Site Scripting

The plugin does not escape some URL parameters before outputting them back to the user, leading to Reflected Cross-Site Scripting PoC /?searchjob="...

2.5AI score0.00486EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/07/01 12:0 a.m.•65 views

WP All Import < 3.6.8 - Admin+ Arbitrary File Upload

The plugin accepts all zip files and automatically extracts the zip file without validating the extracted file type. Allowing high privilege users such as admin to upload an arbitrary file like PHP, leading to RCE PoC As an admin upload a php file containing the palyload zipped along with a valid...

7.2CVSS0.2AI score0.01374EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/06/30 12:0 a.m.•19 views

Accordions < 2.0.3 - Unauthenticated Arbitrary Options Update

The plugin does not have any authorisation in a REST endpoint, which could allow unauthenticated users to update arbitrary WordPress options...

9.8CVSS4.5AI score0.02654EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2022/06/30 12:0 a.m.•18 views

Gallery for Social Photo < 1.0.0.29 - Arbitrary Post Duplication via CSRF

The plugin does not have CSRF check in place when duplicating a post or page, which could allow attackers to make a logged in a admin duplicate them via a CSRF attack PoC https://example.com/wp-admin/admin-ajax.php?action=gifeedduplicatefeed=12...

5.4CVSS4.2AI score0.00407EPSS
Exploits1Affected Software1
WPVulnDB
WPVulnDB
•added 2022/06/30 12:0 a.m.•17 views

Image Slider < 1.1.123 - Arbitrary Post Duplication via CSRF

The plugin does not have CSRF check in place when duplicating a post or page, which could allow attackers to make a logged in a admin duplicate them via a CSRF attack...

5.4CVSS5.3AI score0.00407EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2022/06/30 12:0 a.m.•21 views

Popup Builder < 4.1.12 - Settings Update via CSRF

The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

5.4CVSS4.3AI score0.00427EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2022/06/29 12:0 a.m.•14 views

WordPress Popular Posts < 6.0.0 - Reflected Cross-Site Scripting

The plugin does not escape some URLs before outputting them back in attributes, leading to Reflected Cross-Site Scripting PoC When the plugin displays a performance notice: https://example.com/wp-admin/plugins.php?"...

0.5AI score
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2022/06/28 12:0 a.m.•27 views

Request a Quote <= 2.3.7 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. PoC Put the following payload in the Misc No Access Message setting of the plugin: The XSS will ...

4.8CVSS3.2AI score0.00532EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/06/28 12:0 a.m.•18 views

WP Maintenance < 6.0.8 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some parameters, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS2.4AI score0.00612EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2022/06/28 12:0 a.m.•28 views

Import any XML or CSV File to WordPress < 3.6.8 - Admin+ Arbitrary Code Execution

The plugin allows high privilege users such as admin to import zip archives containing PHP files, which could allow admin of multisite setup to perform RCE attacks...

9.1CVSS5.3AI score0.0108EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2022/06/28 12:0 a.m.•26 views

Custom Product Tabs for WooCommerce < 1.7.8 - Unauthenticated Toggle Content Setting Update

The plugin does not have proper authorisation in one of its REST endpoint, allowing unauthenticated users to update the "Toggle thecontent filter" setting PoC POST /wp-json/yikes/cpt/v1/settings HTTP/1.1 Accept: / Accept-Language: en-GB,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type:...

5.3CVSS2.3AI score0.01226EPSS
Exploits1Affected Software1
WPVulnDB
WPVulnDB
•added 2022/06/28 12:0 a.m.•28 views

SP Project & Document Manager < 4.58 - Sensitive File Disclosure

The plugin uses an easily guessable path to store user files, bad actors could use that to access other users' sensitive files. PoC 1. Upload a file using the plugin. 2. On another browser, access the newly uploaded file via:...

6.5CVSS0.4AI score0.00807EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/06/28 12:0 a.m.•19 views

Request a Quote <= 2.3.7 - CSV Injection

The plugin does not validate uploaded CSV files, allowing unauthenticated users to attach a malicious CSV file to a quote, which could lead to a CSV injection once an admin download and open it PoC On a page with a Quote Request form, upload the following CSV as an attachment: "First Name","Last...

8.8CVSS2.1AI score0.01184EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/06/28 12:0 a.m.•21 views

WP Meta SEO < 4.4.9 - Social Settings Update via CSRF

The plugin does not have CSRF check in place when updating its social settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

5.4CVSS4.1AI score0.00273EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2022/06/27 12:0 a.m.•20 views

miniOrange's Google Authenticator < 5.5.75 - Reflected Cross-Site Scripting

The plugin does not escape some URLs before outputting them back in attributes, leading to Reflected Cross-Site Scripting PoC https://example.com/wp-admin/admin.php?page=mo2fatwofa"...

0.3AI score
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2022/06/27 12:0 a.m.•17 views

W-DALIL <= 2.0 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its fields, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfilteredhtml capability is disallowed for example in multisite setup PoC Add/edit a Dali Item and put the following payload in...

4.8CVSS2.2AI score0.00608EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
•added 2022/06/27 12:0 a.m.•20 views

Download Manager < 3.2.44 - Reflected Cross-Site Scripting

The plugin does not escape a generated URL before outputting it back in an attribute of the history dashboard, leading to Reflected Cross-Site Scripting PoC https://example.com/wp-admin/edit.php?posttype=wpdmpro=wpdm-stats=historyids=1&"...

6.1CVSS0.2AI score0.0128EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/06/27 12:0 a.m.•23 views

Contact Form 7 Captcha < 0.1.2 - Reflected Cross-Site Scripting

The plugin does not escape the $SERVER'REQUESTURI' parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers PoC https://example.com/wp-admin/options-general.php?page=cf7sredit&"...

6.1CVSS1AI score0.01428EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/06/27 12:0 a.m.•19 views

Woo Discount Rules < 2.4.2 - Reflected Cross-Site Scripting

The plugin does not escape a parameter before outputting it back in an attribute of the plugin's discount rule page, leading to Reflected Cross-Site Scripting PoC https://example.com/wp-admin/admin.php?page=woodiscountrules="+style=animation-name:rotation+onanimationstart=alert/XSS///...

6.1CVSS0.6AI score0.00739EPSS
Exploits2Affected Software1
Total number of security vulnerabilities14604