Lucene search
+L
WpvulndbRecent

14604 matches found

WPVulnDB
WPVulnDB
added 2022/06/02 12:0 a.m.21 views

HTML2WP <= 1.0.0 - Arbitrary Settings Update via CSRF

The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them PoC...

4.3CVSS4.9AI score0.00412EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/06/02 12:0 a.m.16 views

HTML2WP <= 1.0.0 - Unauthenticated Arbitrary File Upload

The plugin does not have authorisation and CSRF checks when importing files, and does not validate them, as a result, unauthenticated attackers can upload arbitrary files such as PHP on the remote server PoC await fetch"https://example.com/wp-admin/admin.php?page=html2wp-settings", "headers":...

9.8CVSS2.3AI score0.11866EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/06/02 12:0 a.m.17 views

HTML2WP <= 1.0.0 - Subscriber+ Arbitrary File Deletion

The plugin does not have authorisation and CSRF checks in an AJAX action, available to any authenticated users such as subscriber, which could allow them to delete arbitrary file PoC To delete the license.txt at the root of the blog: await...

8.1CVSS2.1AI score0.00532EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/06/02 12:0 a.m.8 views

Browser and Operating System Finder <= 1.2 - Unauthenticated Settings Reset

The plugin does not have authorisation and CSRF check when resetting its settings, allowing unauthenticated users to reset them PoC https://example.com/?type=reset-all...

2.2AI score
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2022/06/02 12:0 a.m.14 views

Dokan < 3.6.4 - Vendor Stored Cross-Site Scripting

The plugin allows vendors to inject arbitrary javascript in product reviews, which may allow them to run stored XSS attacks against other users like site administrators. PoC As a vendor, add a review in any products with following payload: https://youtu.be/gGUNSG5s5JU...

1.5AI score0.00491EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/06/02 12:0 a.m.17 views

Download manager < 3.2.43 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape the frameid parameter before outputting it back in a JS context, leading to a Reflected Cross-Site Scripting...

6.1CVSS1.6AI score0.01138EPSS
Exploits3References1Affected Software1
WPVulnDB
WPVulnDB
added 2022/06/02 12:0 a.m.16 views

Ultimate Member < 2.4.0 - Subscriber+ Stored Cross-Site Scripting

The plugin does not sanitise and escape the Biography available on user profile pages, which could allow users to perform Cross-Site Scripting attacks via their profile...

6.4CVSS3.8AI score0.00872EPSS
Exploits1Affected Software1
WPVulnDB
WPVulnDB
added 2022/06/02 12:0 a.m.14 views

Co-Authors-Plus 3.5/3.5.1 - Guest Authors Email Address Disclosure

The plugin introduced an information disclosure vulnerability specifically, the e-mails of guest authors via a public REST endpoint accessible without any authentication PoC https://example.com/wp-json/wp/v2/coauthors...

2.1AI score
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2022/06/02 12:0 a.m.20 views

WP Ultimate CSV Importer < 6.5.3 - Admin+ Blind SSRF

The plugin does not fully validate the file to be imported via an URL before making an HTTP request to it, which could allow high privilege users such as admin to perform Blind SSRF attacks PoC Put an internal/LAN URL such as below in the file upload by URL function https://127.0.0.1:8080...

7.2CVSS2.8AI score0.01291EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/06/02 12:0 a.m.15 views

Mihdan: No External Links < 5.0.2 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC Put the following payload in any of the text...

4.8CVSS1.7AI score0.00565EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/06/02 12:0 a.m.15 views

Flower Delivery by Florist One <= 3.5.15 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfilteredhtml capability is disallowed for example in multisite setups PoC As admin, go to the plugin's settings, create a ne...

4.8CVSS1.1AI score0.00565EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/06/02 12:0 a.m.15 views

Ultimate WooCommerce CSV Importer <= 2.0 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape the imported data before outputting it back in the page, leading to a Reflected Cross-Site Scripting PoC POST /wp-admin/admin.php?page=simple-woocommerce-csv-loader%2Fadmin%2FCSVLoader.php HTTP/1.1 Accept:...

6.1CVSS0.7AI score0.00757EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/06/01 12:0 a.m.12 views

My Private Site < 3.0.8 - Arbitrary Settings Update via CSRF

The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack PoC...

4.3CVSS4.9AI score0.00412EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/06/01 12:0 a.m.19 views

New User Approve < 2.4 - Arbitrary Settings Update & Invitation Code Creation via CSRF

The plugin does not have CSRF check in place when updating its settings and adding invitation codes, which could allow attackers to add invitation codes for bypassing the provided restrictions and to change plugin settings by tricking admin users into visiting specially crafted websites. PoC Add...

4.3CVSS4.4AI score0.00367EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/06/01 12:0 a.m.19 views

Cimy Header Image Rotator <= 6.1.1 - Arbitrary Settings Update via CSRF

The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack PoC...

4.3CVSS4.8AI score0.00412EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/06/01 12:0 a.m.14 views

Add Post URL <= 2.1.0 - Arbitrary Settings Update to Stored XSS via CSRF

The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and lead to Stored Cross-Site Scripting due to the lack of sanitisation and escaping PoC XSS will be triggered in all posts...

4.3CVSS4AI score0.00412EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/06/01 12:0 a.m.14 views

Clean-Contact <= 1.6 - Arbitrary Settings Update to Stored XSS via CSRF

The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and lead to Stored XSS due to the lack of sanitisation and escaping as well PoC...

4.3CVSS4.1AI score0.00412EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/06/01 12:0 a.m.19 views

Modern Events Calendar Lite < 6.3.0 - Authenticated Stored Cross-Site Scripting

The plugin does not sanitise and escape some parameters, which could allow low privilege users to perform Stored Cross-Site Scripting attacks...

5.4CVSS4AI score0.00529EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2022/06/01 12:0 a.m.23 views

Mobile Browser Color Select <= 1.0.1 - Stored Cross-Site Scripting via CSRF

The plugin is lacking CSRF check in its adminupdatedata function, which could allow attackers to make a logged in admin call it, and perform Stored Cross-Site Scripting attacks due to the lack of sanitisation and escaping in the processed user input...

8.8CVSS4.3AI score0.00831EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2022/06/01 12:0 a.m.20 views

Social Share Buttons by Supsystic < 2.2.4 - Multiple CSRF

The plugin does not perform CSRF checks in it's ajax endpoints and admin pages, allowing an attacker to trick any logged in user to manipulate or change the plugin settings, as well as create, delete and rename projects and networks. PoC...

4.3CVSS2.7AI score0.00412EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/06/01 12:0 a.m.16 views

Icegram < 2.1.8 - Contributor+ Stored Cross-Site Scripting

The plugin does not sanitize and escape some campaign parameters, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks PoC Create/edit a campaign such as a Black Friday one, check the "Use Opt-in / Subscription / Lead capture form" settings and...

5.4CVSS2AI score0.00571EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/06/01 12:0 a.m.16 views

Easy SVG Support < 3.3.0 - Author+ Stored Cross Site Scripting via SVG

The plugin does not sanitise uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads PoC As an author or above, upload the below SVG file via the Media library: The XSS will be triggered when accessing the file directly, e.g...

5.4CVSS1.5AI score0.00571EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/05/31 12:0 a.m.12 views

Spectra < 1.25.6 - Reflected Cross-Site Scripting

The plugin does not escape some URLs before outputting them back in attributes, leading to Reflected Cross-Site Scripting PoC When the admin notice about Usage Tracking is displayed: https://example.com/wp-admin/index?a"...

0.1AI score
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2022/05/31 12:0 a.m.9 views

CURCY < 2.1.18 - Reflected Cross-Site Scripting

The plugin does not escape some generated URLs before outputting them back in attributes, leading to Reflected Cross-Site Scripting PoC https://example.com/wp-admin/admin.php?page=wc-reports"...

0.1AI score
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2022/05/31 12:0 a.m.17 views

Tiny Contact Form <= 0.7 - Arbitrary Settings Update via CSRF

The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack PoC ''...

4.3CVSS4.7AI score0.00412EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/05/31 12:0 a.m.17 views

OpenBook Book Data <= 3.5.2 - Arbitrary Settings Update to Stored XSS via CSRF

The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and lead to Stored Cross-Site Scripting due to the lack of sanitisation and escaping as well PoC...

4.3CVSS4AI score0.00412EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/05/31 12:0 a.m.17 views

WP Post Styling < 1.3.1 - Multiple CSRF

The plugin does not have CSRF checks in various actions, which could allow attackers to make a logged in admin delete plugin's data, update the settings, add new entries and more via CSRF attacks PoC...

4.3CVSS4.5AI score0.00412EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/05/31 12:0 a.m.12 views

Visualizer < 3.7.7 - Reflected Cross-Site Scripting

The plugin does not escape some URLs before outputting them back in attributes, leading to Reflected Cross-Site Scripting PoC https://example.com/wp-admin/admin-ajax.php?action=visualizer-edit-chart=yes=6190=visualizer"...

0.3AI score
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2022/05/31 12:0 a.m.15 views

WPMK Ajax Finder <= 1.0.1 - Stored Cross-Site Scripting via CSRF

The plugin is missing CSRF check when updating its settings, which could allow attacker to make a logged in admin change them, as well as put XSS payloads in them due to the lack of sanitisation and escaping...

8.8CVSS2.7AI score0.00785EPSS
Exploits1Affected Software1
WPVulnDB
WPVulnDB
added 2022/05/31 12:0 a.m.16 views

WP Sentry <= 1.0 - Arbitrary Settings Update to Stored XSS via CSRF

The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and lead to Stored Cross-Site Scripting due to the lack of sanitisation and escaping as well PoC...

4.3CVSS3.7AI score0.00412EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/05/31 12:0 a.m.17 views

Age Gate < 2.20.4 - Reflected Cross-Site Scripting

The plugin does not escape some URLs before outputting them back in attributes, leading to Reflected Cross-Site Scripting PoC With the "Age Gate User Registration" addon installed: https://example.com/wp-admin/admin.php?page=age-gate" With any addon installed:...

0.5AI score
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2022/05/31 12:0 a.m.57 views

GTM4WP < 1.15.2 - Admin+ Stored Cross-Site Scripting

The plugin does not properly escape the Content Element ID settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when unfilteredhtml is disallowed for example multisite setups...

5.5CVSS2.4AI score0.01071EPSS
Exploits1Affected Software1
WPVulnDB
WPVulnDB
added 2022/05/31 12:0 a.m.24 views

MailPress <= 7.2.1 - Arbitrary Settings Update & Log Files Purge via CSRF

The plugin does not have CSRF checks in various places, which could allow attackers to make a logged in admin change the settings, purge log files and more via CSRF attacks PoC...

6.5CVSS4.9AI score0.00502EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/05/31 12:0 a.m.12 views

Video Conferencing with Zoom < 3.9.3 - Reflected Cross-Site Scripting

The plugin does not escape some URLs before outputting them back in attributes, leading to Reflected Cross-Site Scripting PoC https://example.com/wp-admin/edit.php?posttype=zoom-meetings=zoom-video-conferencing-settings"...

0.2AI score
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2022/05/31 12:0 a.m.12 views

Easy Pricing Tables < 3.2.1 - Reflected Cross-Site-Scripting

The plugin does not sanitise and escape parameter before outputting it back in a page available to any user both authenticated and unauthenticated when a specific setting is enabled, leading to a Reflected Cross-Site Scripting PoC With the "Compatibility Mode"...

6.1CVSS0.2AI score0.01421EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/05/31 12:0 a.m.8 views

Germanized for WooCommerce < 3.9.5 - Reflected Cross-Site Scripting

The plugin does not escape some URLs before outputting them back in attributes, leading to Reflected Cross-Site Scripting PoC https://example.com/wp-admin/admin.php?page=wc-settings=germanized"...

0.1AI score
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2022/05/30 12:0 a.m.16 views

Amazon Einzeltitellinks <= 1.3.3 - Arbitrary Settings Update to Stored XSS via CSRF

The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and lead to Stored Cross-Site Scripting due to the lack of sanitisation and escaping PoC...

6.5CVSS4.2AI score0.00393EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/05/30 12:0 a.m.26 views

Events Made Easy < 2.2.81 - Unauthenticated SQLi

The plugin does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection PoC Obtain a valid nonce visit the "Events" page, default is /events/, and extract it from the source while looking for...

9.8CVSS0.4AI score0.37369EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/05/30 12:0 a.m.16 views

CaPa Protect <= 0.5.8.2 - Arbitrary Settings Update via CSRF

The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and disable the applied protection. PoC...

6.5CVSS5.1AI score0.00513EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/05/30 12:0 a.m.14 views

Multi-page Toolkit <= 2.6 - Arbitrary Settings Update to Stored XSS via CSRF

The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and lead to Stored Cross-Site Scripting due to the lack of sanitisation and escaping as well PoC...

5.4CVSS3.6AI score0.00292EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/05/30 12:0 a.m.21 views

PDF24 Article To PDF <= 4.2.2 - Arbitrary Settings Update via CSRF

The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack PoC .pdf24Plugin-cp border:1px solid silver; .pdf24Plugin-cp inputtype="text" width:200px; border:1px solid silver; margin:0; padding:2px;...

6.5CVSS2.2AI score0.00513EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/05/30 12:0 a.m.21 views

PDF24 Articles To PDF <= 4.2.2 - Arbitrary Settings Update via CSRF

The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack PoC .pdf24Plugin-cp border:1px solid silver; .pdf24Plugin-cp inputtype="text" width:200px; border:1px solid silver; margin:0; padding:2px;...

6.5CVSS2.2AI score0.00513EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/05/30 12:0 a.m.10 views

New User Approve < 2.4.1 - Reflected Cross-Site Scripting

The plugin does not escape some URLs before outputting them back in attributes, leading to Reflected Cross-Site Scripting PoC With the Membership settings /wp-admin/options-general.php disabled: https://example.com/wp-admin/index.php?a"...

0.4AI score
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2022/05/30 12:0 a.m.21 views

WP-Email < 2.69.0 - Anti-Spam Protection Bypass via IP Spoofing

The plugin prioritizes getting a visitor's IP from certain HTTP headers over PHP's REMOTEADDR, which makes it possible to bypass IP-based anti-spamming restrictions. PoC Set HTTPCLIENTIP, HTTPXFORWARDEDFOR or any of the other headers used in getipaddress. curl...

7.5CVSS1.9AI score0.01131EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/05/30 12:0 a.m.22 views

Coming Soon and Maintenance by Colorlib < 1.0.99 - Admin+ Stored Cross Site Scripting

The plugin does not sanitize and escape some settings, allowing high privilege users such as admin to perform Stored Cross-Site Scripting when unfilteredhtml is disallowed for example in multisite setup PoC Put the following payload in the "Google Analytics" settings of the plugin in the General...

4.8CVSS1AI score0.0057EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/05/30 12:0 a.m.16 views

Very Simple Contact Form < 11.6 - Captcha bypass

The plugin exposes the solution to the captcha in the rendered contact form, both as hidden input fields and as plain text in the page, making it very easy for bots to bypass the captcha check, rendering the page a likely target for spam bots. PoC import requests from requestshtml import...

7.5CVSS7.5AI score0.01191EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/05/30 12:0 a.m.20 views

Newsletter < 7.4.6 - Admin+ Stored Cross-Site Scripting

The plugin does not escape and sanitise the preheadertext setting, which could allow high privilege users to perform Stored Cross-Site Scripting attacks when the unfilteredhtml is disallowed PoC Go to Newsletters of Newsletter at wordpress admin panel eg...

4.8CVSS0.6AI score0.00565EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/05/30 12:0 a.m.20 views

Google XML Sitemaps < 4.1.3 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape a settings before outputting it in the Debug page, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC Put the following payload in the "Try ...

4.8CVSS0.00565EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/05/30 12:0 a.m.21 views

Print, PDF, Email by PrintFriendly < 5.2.3 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape the Custom Button Text settings, which could allow high privilege users such as admin to perform cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed PoC In the plugin's settings, tick 'Custom Button' and put the following...

4.8CVSS1AI score0.00565EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/05/30 12:0 a.m.19 views

Better Find and Replace < 1.3.6 - Admin+ SQLi

The plugin does not properly sanitise, validate and escape various parameters before using them in an SQL statement, leading to an SQL Injection PoC...

7.2CVSS0.7AI score0.01244EPSS
Exploits2Affected Software1
Total number of security vulnerabilities14604