Lucene search
+L
WpvulndbRecent

14604 matches found

WPVulnDB
WPVulnDB
added 2022/06/27 12:0 a.m.9 views

Page Generator Plugin < 1.6.6 - Arbitrary Keywords Deletion/Duplication via CSRF

The plugin does not have CSRF check in place when deleting and duplicating keywords, which could allow attackers to make a logged in admin delete and duplicate arbitrary keywords via CSRF attacks PoC https://example.com/wp-admin/admin.php?page=page-generator-keywords=delete=3...

4.1AI score
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2022/06/27 12:0 a.m.21 views

Simple Page Transition <= 1.4.1 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfilteredhtml capability is disallowed for example in multisite setup PoC Put the following payload in the "Ignored Download...

4.8CVSS1.4AI score0.00608EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2022/06/27 12:0 a.m.7 views

Download Manager < 3.2.44 - Unauthenticated Reflected Cross-Site Scripting

The plugin does not escape a generated URL before outputting it back in an attribute of the login page made by the plugin, leading to Reflected Cross-Site Scripting, which is only exploitable against unauthenticated users PoC On the login page from the plugin ie where the wpdmloginform is embed,...

1.2AI score
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2022/06/27 12:0 a.m.41 views

OAuth Single Sign On < 6.22.6 - Authentication Bypass

The plugin doesn't validate that OAuth access token requests are legitimate, which allows attackers to log onto the site with the only knowledge of a user's email address. PoC POST / HTTP/1.1 Accept: / Accept-Language: en-GB,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type:...

5.3CVSS3.2AI score0.01128EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2022/06/27 12:0 a.m.16 views

Insights from Google PageSpeed < 4.0.7 - Multiple CSRF

The plugin does not verify for CSRF before doing various actions such as deleting Custom URLs, which could allow attackers to make a logged in admin perform such actions via CSRF attacks PoC...

8.8CVSS4.1AI score0.00597EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/06/27 12:0 a.m.16 views

Simple Post Notes < 1.7.6 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. PoC Put the following payload in the "Notes placeholder" settings of the plugin:...

4.8CVSS2.7AI score0.00552EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/06/27 12:0 a.m.19 views

Jquery Validation For Contact Form 7 < 5.3 - Arbitrary Options Update via CSRF

The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change Blog options like defaultrole, userscanregister via a CSRF attack PoC...

4.3CVSS4.8AI score0.00412EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/06/27 12:0 a.m.18 views

Page Generator Plugin < 1.6.5 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. PoC Got to Page Generator - Keywords - Add Keyword and put the following payload in the "Terms" field th...

4.8CVSS2.5AI score0.00552EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/06/27 12:0 a.m.20 views

Advanced Database Cleaner < 3.1.1 - Reflected Cross-Site Scripting

The plugin does not escape numerous generated URLs before outputting them back in href attributes of admin dashboard pages, leading to Reflected Cross-Site Scripting PoC https://example.com/wp-admin/admin.php?page=advanceddbcleanertab=croncat=all&" Other pages are affected...

6.1CVSS0.7AI score0.00739EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/06/23 12:0 a.m.22 views

Loading Page with Loading Screen < 1.0.83 - Admin+ Stored Cross-Site Scripting

The plugin does not escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. PoC Go to Settings - Loading Page, in the "Display loading screen in" settings, select either "specific pages" or...

4.8CVSS1AI score0.00552EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/06/22 12:0 a.m.11 views

LearnPress < 4.1.6.7 - Reflected Cross-Site Scripting

The plugin does not escape some URLs before outputting them back in attributes, leading to Reflected Cross-Site Scripting PoC Fixed in 4.1.6.6 - https://example.com/wp-admin/admin.php?page=learn-press-settings=emails=new-order-emails" Fixed in 4.1.6.7 - With a lesson attached to the course id 243...

0.9AI score
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2022/06/22 12:0 a.m.15 views

DX Share Selection < 1.5 - Stored Cross-Site Scripting via CSRF

The plugin does not have CSRF check in place when updating its settings and is lacking escaping as well as sanitisation in some of them, which could allow attackers to make a logged in admin change them and put XSS payloads in them via a CSRF attack...

8.8CVSS4.3AI score0.00644EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2022/06/22 12:0 a.m.22 views

Download Manager < 3.2.48 - Contributor+ Stored Cross-Site Scripting

The plugin does not sanitise and escape the 'Insert URL' field, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks. Note: The attempted fix made in 3.2.46 and 3.2.47 were found to be insufficient PoC As a contributor, create/edit a download an...

6.4CVSS5.4AI score0.0103EPSS
Exploits3References1Affected Software1
WPVulnDB
WPVulnDB
added 2022/06/22 12:0 a.m.22 views

Free Live Chat Support <= 1.0.12 - Stored Cross-Site Scripting via CSRF

The plugin does not have CSRF check in place when updating its settings and is lacking escaping as well as sanitisation in some of them, which could allow attackers to make a logged in admin change them and put XSS payloads in them via a CSRF attack...

8.8CVSS3.9AI score0.00644EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2022/06/22 12:0 a.m.23 views

404s < 3.5.1 - Admin+ Stored Cross-Site Scripting

Description The plugin does not sanitise and escape its fields, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. PoC Create/edit a new 404 via the plugin and put the following payload in the "Please enter th...

4.8CVSS4.6AI score0.00552EPSS
Exploits2
WPVulnDB
WPVulnDB
added 2022/06/22 12:0 a.m.25 views

Data Tables Generator by Supsystic < 1.10.20 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its Table settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfilteredhtml capability is disallowed for example in multisite setup PoC Create/edit a table, go to its settings,...

4.8CVSS0.8AI score0.00552EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/06/21 12:0 a.m.19 views

OAuth 2.0 client for SSO < 1.11.4 - Authenticated Bypass

The plugin allows attackers to login as any user by just knowing their email address PoC POST / HTTP/1.1 Content-Type: application/x-www-form-urlencoded [email protected]...

9.8CVSS4.1AI score0.01344EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/06/21 12:0 a.m.22 views

CDI < 5.1.9 - Reflected Cross-Site-Scripting

The plugin does not sanitise and escape a parameter before outputting it back in the response of an AJAX action available to both unauthenticated and authenticated users, leading to a Reflected Cross-Site Scripting PoC...

6.1CVSS0.2AI score0.01566EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/06/21 12:0 a.m.26 views

LinkedIn Company Updates <= 1.5.3 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. PoC Put the following payload in the "Client ID" settings: "/...

4.8CVSS2.5AI score0.00552EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/06/21 12:0 a.m.19 views

Brizy Page Builder < 2.4.2 - Contributor+ Stored Cross-Site Scripting via Element URL

The plugin does not sanitise and escape some element URL, which could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks PoC As a contributor or above, create a post using Brizy editor, add an Icon or Button element and put the following payload in the...

5.4CVSS1.7AI score0.00648EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2022/06/21 12:0 a.m.16 views

Brizy Page Builder < 2.4.2 - Contributor+ Stored Cross-Site Scripting via Element Content

The plugin does not sanitise and escape some element content, which could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks PoC As a contributor or above, create a post using Brizy editor and: - Add a Text Element then put the following payload: - Add an...

5.4CVSS0.9AI score0.00648EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2022/06/21 12:0 a.m.23 views

Best Contact Management Software <= 3.7.3 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. PoC Put the following payload in the "No Access Message" settings...

4.8CVSS3.2AI score0.00552EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/06/21 12:0 a.m.22 views

Very Simple Breadcrumb <= 1.0 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. PoC Put the following payload in the "Breadcrumb css class name" settings of the plugin: "...

4.8CVSS2.4AI score0.00552EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/06/21 12:0 a.m.17 views

Import CSV Files <= 1.0 - Reflected Cross-Site Scripting

The plugin does not sanitise and escaped imported data before outputting them back in a page, and is lacking CSRF check when performing such action as well, resulting in a Reflected Cross-Site Scripting PoC...

6.1CVSS1.2AI score0.00377EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/06/20 12:0 a.m.13 views

WooCommerce PDF Invoices & Packing Slips < 2.16.0 - Reflected Cross-Site Scripting

The plugin doesn't escape a parameter on its setting page, making it possible for attackers to conduct reflected cross-site scripting attacks. PoC https://example.com/wp-admin/admin.php?page=wpowcpdfoptionspage=xxxxx%22+accesskey%3DX+onclick%3Dalert%281%29+test%3D%22...

6.1CVSS1.9AI score0.00761EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/06/20 12:0 a.m.14 views

Admin Management Xtended < 2.4.5 - Post Visibility/Date/Comment Status Update via CSRF

The plugin does not have CSRF checks in some of its AJAX actions, allowing attackers to make a logged users with the right capabilities to call them. This can lead to changes in post status draft, published, slug, post date, comment status enabled, disabled and more. PoC The following PoC codes a...

6.5CVSS2.9AI score0.00685EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/06/20 12:0 a.m.17 views

WP Maintenance Mode & Coming Soon < 2.4.5 - Subscribed Users Deletion via CSRF

The plugin is lacking CSRF when emptying the subscribed users list, which could allow attackers to make a logged in admin perform such action via a CSRF attack PoC...

6.5CVSS4.6AI score0.00502EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/06/20 12:0 a.m.17 views

Analytify < 4.2.1 - Reflected Cross-Site Scripting

The plugin does not escape the current URL before outputting it back in a 404 page when the 404 tracking feature is enabled, leading to Reflected Cross-Site Scripting PoC When 404 tracking is enabled: https://example.com/aa404bb?aalert/XSS/...

0.1AI score
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2022/06/20 12:0 a.m.61 views

WooCommerce < 6.6.0 - Admin+ Stored HTML Injection

The plugin is vulnerable to stored HTML injection due to lack of escaping and sanitizing in the payment gateway titles PoC Go to WooCommerce - Settings - Payments tab, enable BAC Bank Account Transfers and edit the title in the setup dialog. HTML can be injected there, and will be rendered both f...

4.8CVSS1.3AI score0.00625EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/06/20 12:0 a.m.17 views

WP Opt-in <= 1.4.1 - Arbitrary Settings Update via CSRF

The plugin is vulnerable to CSRF which allows changed plugin settings and can be used for sending spam emails. PoC...

4.3CVSS3.2AI score0.00412EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/06/20 12:0 a.m.262 views

WP OAuth Server ( Login with WordPress ) < 4.0.1 - Authentication Bypass

The plugin is affected by an Auth Bypass security vulnerability. To bypass authentication, we only need to know the user’s username. Depending on whose username we know, which can be easily queried because it is usually public data, we may even be given an administrative role on the client’s...

9.8CVSS1.7AI score0.01025EPSS
Exploits1Affected Software1
WPVulnDB
WPVulnDB
added 2022/06/20 12:0 a.m.12 views

Cache Images < 3.2.1 - Image Upload / Import via CSRF

The plugin does not implement nonce checks, which could allow attackers to make any logged user upload images via a CSRF attack. PoC Allows import of any images with any user level...

6.5CVSS4.3AI score0.00502EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/06/20 12:0 a.m.12 views

WP Duplicate Page < 1.3 - Admin+ Stored Cross Site Scripting

The plugin does not sanitize and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed. PoC 1. Navigate to Settings -Duplicate Page - Duplicate Page Settings and enter the XSS payload into...

4.8CVSS0.5AI score0.00552EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/06/20 12:0 a.m.21 views

Popup Builder < 4.1.11 - Admin+ Stored Cross-Site Scripting

The plugin does not escape and sanitize some settings, which could allow high privilege users to perform Stored Cross-Site Scripting attacks when the unfiltredhtml is disallowed PoC Create/edit a subscription, enabled the GDPR options in it and add the following payload in the "confirmation text"...

4.8CVSS1.2AI score0.00552EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/06/20 12:0 a.m.15 views

Bold Page Builder < 4.3.3 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed. PoC 1. Navigate to Settings - Bold Builder - Bold Builder Settings and enter "" into the "Color...

4.8CVSS1.1AI score0.01046EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/06/20 12:0 a.m.12 views

Give < 2.21.0 - Reflected Cross-Site Scripting

The plugin does not escape some URLs before outputting them back in attributes, leading to Reflected Cross-Site Scripting PoC https://example.com/wp-admin/edit.php?posttype=giveforms=give-tools" https://example.com/wp-admin/edit.php?posttype=giveforms=give-tools=import" Other pages are also affec...

0.2AI score
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2022/06/20 12:0 a.m.22 views

WP Event Manager < 3.1.28 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape its search before outputting it back in an attribute on the event dashboard, leading to a Reflected Cross-Site Scripting PoC Against any authenticated user: https://example.com/event-dashboard/?searchkeywords=aaaa"...

6.1CVSS6.1AI score0.00796EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/06/17 12:0 a.m.31 views

Popup Builder < 4.1.1 - Popup Status Change via CSRF

The plugin does not have CSRF check in place when updating Popup status, which could allow attackers to make a logged in admin update them via a CSRF attack...

5.4CVSS4.5AI score0.00273EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2022/06/17 12:0 a.m.30 views

GiveWP < 2.21.0 - Donor Information Disclosure

The plugin exposes a REST endpoint to unauthenticated users and disclosing donor information...

5.3CVSS1.5AI score0.0108EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2022/06/16 12:0 a.m.35 views

Comment License < 1.4.0 - Arbitrary Settings Update via CSRF

The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack PoC...

4.3CVSS4.8AI score0.00412EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/06/16 12:0 a.m.18 views

Shortcut Macros <= 1.3 - Subscriber+ Arbitrary Settings Update

The plugin does not have authorisation and CSRF checks in place when updating its settings, which could allow any authenticated users, such as subscriber, to update them. PoC Open the following HTML code while being logged in as a subscriber, or make any logged in user open it via a CSRF attack...

4.3CVSS1.5AI score0.00342EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/06/16 12:0 a.m.16 views

WP Paginate < 2.1.9 - Admin+ Stored Cross-Site Scripting

The plugin does not escape one of its settings, which could allow high privilege users to perform Stored Cross-Site Scripting attacks when unfilteredhtml is disallowed PoC Put the following payload on the Preset settings of the plugin: '+accesskey="X"+onclick="alert1"'...

4.8CVSS2.2AI score0.00552EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/06/16 12:0 a.m.52 views

WP Championship < 9.3 - Multiple CSRF

The plugin is lacking CSRF checks in various places, allowing attackers to make a logged in admin perform unwanted actions, such as create and delete arbitrary teams as well as update the plugin's settings. Due to the lack of sanitisation and escaping, it could also lead to Stored Cross-Site...

6.5CVSS1.1AI score0.00502EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/06/16 12:0 a.m.21 views

Pricing Deals for WooCommerce < 2.0.3 - Unauthenticated SQLi

The plugin does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to an unauthenticated SQL injection PoC...

9.8CVSS1.7AI score0.07942EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/06/16 12:0 a.m.27 views

BuddyPress Group Reviews < 2.8.4 - Subscriber+ Arbitrary Settings Update & Review Modification

The plugin is missing capability and CSRF checks in various of its AJAX functions available to any authenticated users, which could allow users with a role as low as subscriber to update arbitrary settings and modify reviews...

6.5CVSS4.5AI score0.00799EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2022/06/16 12:0 a.m.14 views

Button Widget Smartsoft <= 1.0.1 - Arbitrary Settings Update to Stored XSS via CSRF

The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack, as well as put XSS payloads in them due to the lack of sanitisation and escaping...

8.8CVSS5AI score0.00611EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2022/06/16 12:0 a.m.21 views

FoxyShop < 4.8.2 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape a parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting PoC https://example.com/wp-admin/edit.php?posttype=foxyshopproduct=foxyshoptools=error=...

6.1CVSS6.2AI score0.00739EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/06/16 12:0 a.m.23 views

Rename wp-login.php <= 2.6.0 - Secret URL Update via CSRF

The plugin does not have CSRF check in place when updating the secret login URL, which could allow attackers to make a logged in admin change them via a CSRF attack PoC...

6.5CVSS4.2AI score0.00531EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/06/16 12:0 a.m.21 views

WooCommerce - Product Importer <= 1.5.2 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape the imported data before outputting it back in the page, leading to a Reflected Cross-Site Scripting PoC POST /wp-admin/admin.php?page=woopi=import HTTP/1.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8...

6.1CVSS0.8AI score0.00739EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/06/16 12:0 a.m.26 views

MashShare <= 3.8.1 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS1.9AI score0.0049EPSS
Exploits0Affected Software1
Total number of security vulnerabilities14604