Lucene search
+L
WpvulndbRecent

14604 matches found

WPVulnDB
WPVulnDB
•added 2022/05/18 12:0 a.m.•18 views

Member Hero <= 1.0.9 - Unauthenticated RCE

The plugin lacks authorization checks, and does not validate the a request parameter in an AJAX action, allowing unauthenticated users to call arbitrary PHP functions with no arguments. PoC curl https://example.com/wp-admin/admin-ajax.php?action=memberherosendform&memberherohook=phpinfo...

9.8CVSS3.1AI score0.09105EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/05/18 12:0 a.m.•16 views

OnePress Social Locker <= 5.6.2 - Arbitrary Settings Update via CSRF

The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack PoC...

6.5CVSS4.7AI score0.00513EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/05/18 12:0 a.m.•21 views

MailerLite < 1.5.4 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting PoC The first digit of the ID must be an existing form ID...

6.1CVSS0.4AI score0.00815EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/05/18 12:0 a.m.•27 views

Jupiter < 6.10.2 & JupiterX Core < 2.0.8 - Subscriber+ Privilege Escalation and Post Deletion

When the theme is installed, any logged-in user can elevate their privileges to an administrator by sending an AJAX request with the action parameter set to abbuninstalltemplate. This calls the uninstallTemplate function, which calls the resetWordpressDatabase function, where the site is...

9CVSS2.4AI score0.01498EPSS
Exploits1References1Affected Software2
WPVulnDB
WPVulnDB
•added 2022/05/18 12:0 a.m.•18 views

Slideshow CK < 1.4.10 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitize and escape Slide's descriptions, which could allow high-privileged users such as admin to perform Cross-Site Scripting attacks when unfilteredhtml is disallowed PoC Create/edit a Slideshow, add a Slide and put the following payload in the Description The XSS will be...

4.8CVSS2.6AI score0.00565EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/05/18 12:0 a.m.•15 views

Log WP_Mail <= 0.1 - Email Logs Publicly Accessible

The plugin saves sent email in a publicly accessible directory using predictable filenames, allowing any unauthenticated visitor to obtain potentially sensitive information like generated passwords. PoC curl https://example.com/wp-content/plugins/logwpmail/log/LWPMAIL-20220330-success.log...

7.5CVSS0.9AI score0.01394EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/05/18 12:0 a.m.•17 views

Jupiter < 6.10.2 - Subscriber+ Arbitrary Plugin Deletion

Any authenticated user, such as subscriber, can delete arbitrary plugins via the abbremoveplugin AJAX action registered in the framework/admin/control-panel/logic/plugin-management.php file...

5.5CVSS3.6AI score0.00697EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
•added 2022/05/18 12:0 a.m.•18 views

Jupiter < 6.10.2 & JupiterX < 2.0.7 - Subscriber+ Path Traversal and Local File Inclusion

Any logged-in users, such as subscriber, can perform Path Traversal and Local File inclusion. In the JupiterX theme, the jupiterxcploadpaneaction AJAX action present in the lib/admin/control-panel/control-panel.php file calls the loadcontrolpanelpane function. It is possible to use this action to...

8.8CVSS2.4AI score0.01624EPSS
Exploits1References1Affected Software2
WPVulnDB
WPVulnDB
•added 2022/05/18 12:0 a.m.•24 views

WP-CRM <= 1.2.1 - CSV Injection

The plugin does not validate and sanitise fields when exporting people to a CSV file, leading to a CSV injection vulnerability. PoC 1. Add new person and put the following CSV calculator payload into the Display Name, Phone Number and Description field and save the entry. payload : =cmd|' /C...

7.8CVSS1.3AI score0.00988EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/05/18 12:0 a.m.•21 views

HC Custom WP-Admin URL <= 1.4 - Arbitrary Settings Update via CSRF

The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack, allowing them to change the login URL PoC...

4.3CVSS4.1AI score0.00412EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/05/18 12:0 a.m.•73 views

Themify - WooCommerce Product Filter < 1.3.8 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape the page parameter before outputting it back in an attribute in an admin page, leading to a Reflected Cross-Site Scripting PoC...

6.1CVSS1.6AI score0.00815EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/05/18 12:0 a.m.•21 views

JupiterX Core < 2.0.7 - Information Disclosure, Modification, and Denial of Service

Any logged in users, such as subscriber could view site configuration and logged-in users, modify post conditions, or perform a denial of service attack via the jupiterxconditionalmanager AJAX action which can be used to call any function in the includes/condition/class-condition-manager.php file...

7.5CVSS2.8AI score0.00819EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
•added 2022/05/18 12:0 a.m.•114 views

The School Management < 9.9.7 - Unauthenticated RCE via REST api

The plugin contains an obfuscated backdoor injected in it's license checking code that registers a REST API handler, allowing an unauthenticated attacker to execute arbitrary PHP code on the site. PoC curl -d 'blowfish=1' -d "blowf=system'id';" 'https://examples.com/wp-json/am-member/license'...

5.4AI score0.64321EPSS
Exploits6Affected Software1
WPVulnDB
WPVulnDB
•added 2022/05/18 12:0 a.m.•16 views

Code Snippets < 2.14.4 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape a parameter before outputting it back in a page, leading to a Reflected Cross-Site Scripting...

6.1CVSS1.3AI score0.00774EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2022/05/18 12:0 a.m.•26 views

Webriti SMTP Mail <= 1.0 - Arbitrary Settings Update via CSRF

The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack PoC...

6.5CVSS4.4AI score0.00513EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/05/18 12:0 a.m.•15 views

Carousel CK <= 1.1.0 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitize and escape Slide's descriptions, which could allow high-privileged users such as admin to perform Cross-Site Scripting attacks when unfilteredhtml is disallowed PoC Create/edit a Carousel, add a Slide and put the following payload in the Description The XSS will be...

4.8CVSS2.2AI score0.00565EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/05/18 12:0 a.m.•27 views

JupiterX < 2.0.7 & JupiterX Core < 2.0.7 - Subscriber+ Arbitrary Plugin Deactivation and Settings Update

Any logged-in user, including subscriber-level users, can access any of the functions registered in lib/api/api/ajax.php, which also grant access to the jupiterxapiajax actions registered by the JupiterX Core Plugin. This includes the ability to deactivate arbitrary plugins as well as update the...

5.5CVSS4.4AI score0.00513EPSS
Exploits0References1Affected Software2
WPVulnDB
WPVulnDB
•added 2022/05/17 12:0 a.m.•15 views

Advanced Admin Search < 1.1.6 - Reflected Cross-Site Scripting

The plugin does not sanitize and escape some parameters before outputting them back in an admin page, leading to a Reflected Cross-Site Scripting. PoC Affected parameters: keyword, user, metaKey, and metaValue https://example.com/wp-admin/admin.php?page=advanced-admin-search="...

6.1CVSS1.3AI score0.00757EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/05/17 12:0 a.m.•13 views

Bestbooks <= 2.6.3 - Unauthenticated SQLi

The plugin does not sanitise and escape some parameters before using them in a SQL statement via an AJAX action, leading to an SQL Injection exploitable by unauthenticated users PoC Affected parameters: credit and debit curl https://example.com/wp-admin/admin-ajax.php \ --data...

9.8CVSS0.8AI score0.09047EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/05/17 12:0 a.m.•18 views

Popup Box < 2.2 - Admin+ LFI

The plugin does not properly validate the current tab used before generating a path and using it in an include statement, which could lead to LFI...

7.2CVSS1AI score0.01021EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2022/05/17 12:0 a.m.•15 views

Useful Banner Manager <= 1.6.1 - Modify banners via CSRF

The plugin does not perform CSRF checks on POST requests to its admin page, allowing an attacker to trick a logged in admin to add, modify or delete banners from the plugin by submitting a form. PoC...

6.5CVSS4.3AI score0.00513EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/05/17 12:0 a.m.•15 views

WP Athletics <= 1.1.7 - Subscriber+ Stored Cross-Site Scripting

The plugin does not sanitize parameters before storing them in the database, nor does it escape the values when outputting them back in the admin dashboard, leading to a Stored Cross-Site Scripting vulnerability. PoC - Log on to the site using a subscriber account. - On the page the shortcode is...

5.4CVSS1AI score0.00571EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/05/17 12:0 a.m.•15 views

Hot Linked Image Cacher <= 1.16 - Image upload/cache abuse via CSRF

The plugin is vulnerable to CSRF. This can be used to store / cache images from external domains on the server, which could lead to legal risks due to copyright violations or licensing rules. PoC...

8.8CVSS1.8AI score0.00609EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/05/17 12:0 a.m.•16 views

iQ Block Country <= 1.2.18 - Protection Bypass due to IP Spoofing

The plugin does not properly checks HTTP headers in order to validate the origin IP address, allowing threat actors to bypass it's block feature by spoofing the headers. PoC curl -i -H 'CF-CONNECTING-IP: 0.0.0.0' https://example.com...

7.5CVSS1.5AI score0.01191EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/05/17 12:0 a.m.•20 views

Code Snippets Extended <= 1.4.7 - Stored Cross-Site Scripting via CSRF

The plugin does not have CSRF in place when creating/editing snippets, as well as is lacking sanitisation and escaping in some fields, which could allow attackers to make a logged in admin create/edit arbitrary snippets and place XSS payloads in them...

6.1CVSS4.8AI score0.00366EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2022/05/17 12:0 a.m.•19 views

WP Athletics <= 1.1.7 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape a parameter before outputting back in an admin page, leading to a Reflected Cross-Site Scripting PoC http://example.com/wp-admin/admin.php?page=wp-athletics-print-rankings=true=all=all=all=1=%3C%2Fscript%3E%3Cscript%3Ealert%281%29%3B%3C%2Fscript%3E...

6.1CVSS6.2AI score0.00757EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/05/17 12:0 a.m.•16 views

Google Places Review < 2.0.0 - Admin+ Stored Cross Site Scripting

The plugin does not properly escape its Google API key setting, which is reflected on the site's administration panel. A malicious administrator could abuse this bug, in a multisite WordPress configuration, to trick super-administrators into viewing the booby-trapped payload and taking over their...

4.8CVSS1.3AI score0.0071EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/05/17 12:0 a.m.•9 views

Code Snippets Extended <= 1.4.7 - Arbitrary Snippet Deletion/Disabling via CSRF

The plugin does not have CSRF in place when deleting or disabling snippets, which could allow attackers to make a logged in admin delete them...

5.8CVSS5.1AI score0.00376EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2022/05/17 12:0 a.m.•16 views

Opal Hotel Room Booking <= 1.2.7 - Contributor+ Stored Cross-Site Scripting

The plugin does not sanitise and escape a parameter which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks...

5.4CVSS2.7AI score0.00515EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2022/05/17 12:0 a.m.•17 views

Enqueue Anything <= 1.0.1 - Subscriber+ Arbitrary Asset/Post Deletion

The plugin does not have authorisation and CSRF checks in the removeasset AJAX action, and does not ensure that the item to be deleted is actually an asset. As a result, low privilege users such as subscriber could delete arbitrary assets, as well as put arbitrary posts in the trash. v1.0.1 added...

6.5CVSS2.1AI score0.00408EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/05/16 12:0 a.m.•13 views

WP Born Babies <= 1.0 - Contributor+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its fields, which could allow users with a role as low as contributor to perform Cross-Site Scripting attacks PoC As a contributor, create a new Baby item and put the following payload in any of the settings such as Birth Date, Time of Birth etc: "...

5.4CVSS2.1AI score0.00571EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/05/16 12:0 a.m.•16 views

FormCraft Basic < 1.2.6 - Admin+ Stored Cross Site Scripting

The plugin does not sanitise and escape Field Labels, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. PoC Put the following payload into a Field Label and save: The XSS will be triggered when accessing the...

4.8CVSS2AI score0.00565EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/05/16 12:0 a.m.•31 views

Photo Gallery < 1.6.4 - Admin+ Stored Cross-Site Scripting

The plugin does not properly validate and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks when unfilteredhtml is disallowed PoC Go to Photo Gallery Global Settings Watermark Using the web browser inspector, change the input...

4.8CVSS0.7AI score0.00995EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/05/16 12:0 a.m.•25 views

LiveSync for WordPress <= 1.0 - Arbitrary Settings Update via CSRF

The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack PoC...

4.3CVSS5AI score0.00412EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/05/16 12:0 a.m.•17 views

User Meta < 2.4.4 - Subscriber+ Local File Enumeration via Path Traversal

The plugin does not validate the filepath parameter of its umshowuploadedfile AJAX action, which could allow low privileged users such as subscriber to enumerate the local files on the web server via path traversal payloads PoC As a subscriber, submit a dummy image on a page/post with a File Uplo...

6.5CVSS2AI score0.02233EPSS
Exploits5Affected Software1
WPVulnDB
WPVulnDB
•added 2022/05/16 12:0 a.m.•25 views

Discy < 5.2 - Restore Default Settings via CSRF

The theme does not check for CSRF tokens in the AJAX action discyresetoptions, allowing an attacker to trick an admin into resetting the site settings back to defaults. PoC...

6.5CVSS3.9AI score0.00513EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/05/16 12:0 a.m.•20 views

Herd Effects < 5.2.1 - Admin+ LFI

The plugin does not properly validate the current tab used before generating a path and using it in an include statement, which could lead to LFI...

6.8CVSS0.8AI score0.01EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2022/05/16 12:0 a.m.•19 views

Hover Effects < 2.1.1 - Admin+ LFI

The plugin does not properly validate the current tab used before generating a path and using it in an include statement, which could lead to LFI...

7.2CVSS1AI score0.01EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2022/05/16 12:0 a.m.•15 views

Counter Box < 1.2 - Admin+ LFI

The plugin does not properly validate the current tab used before generating a path and using it in an include statement, which could lead to LFI...

7.2CVSS1.5AI score0.01EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2022/05/16 12:0 a.m.•20 views

Throws SPAM Away < 3.3.1 - Comment Deletion via CSRF

The plugin does not have CSRF checks in place when deleting comments either all, spam, or pending, allowing attackers to make a logged in admin delete comments via a CSRF attack PoC To delete all comments...

4.3CVSS4.6AI score0.00412EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/05/16 12:0 a.m.•28 views

Video Slider - Slider Carousel < 1.4.8 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitize or escape some of its video settings, which could allow high-privileged users to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed PoC Create/edit a video from a slider and put the following payload in the Description: , then save/update the...

4.8CVSS2.3AI score0.00565EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/05/16 12:0 a.m.•26 views

Discy < 5.2 - Settings Update via CSRF

The theme lacks CSRF checks in some AJAX actions, allowing an attacker to make a logged in admin change arbitrary plugin's settings including payment methods via a CSRF attack PoC...

4.3CVSS3.8AI score0.01244EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/05/16 12:0 a.m.•21 views

FiboSearch < 1.18.0 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfilteredhtml capability is disallowed PoC Put the following payload in the Woocommerce FiboSearch Autocomplete Products - "N...

4.8CVSS2.4AI score0.00565EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/05/13 12:0 a.m.•16 views

Files Download Delay < 1.0.7 - Subscriber+ Settings Reset

The plugin does not have authorisation and CSRF checks when reseting its settings, which could allow any authenticated users, such as subscriber to perform such action. PoC https://example.com/wp-admin/admin-ajax.php?action=ddlayrestoredefaults...

6.5CVSS1.4AI score0.00406EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/05/13 12:0 a.m.•23 views

Donations <= 1.8 - Contributor+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some parameters, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting...

5.4CVSS2.5AI score0.00538EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2022/05/12 12:0 a.m.•20 views

WordPress Forms by Pie Forms < 1.4.9.4 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its form fields, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks when unfilteredhtml is disallowed PoC Create/edit a form, go to the Form Settings - General Settings and put the following payload in the...

4.8CVSS0.5AI score0.00565EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/05/12 12:0 a.m.•16 views

WP Simple Adsense Insertion < 2.1 - Inject ads and javascript via CSRF

The plugin does not perform CSRF checks on updates to its admin page, allowing an attacker to trick a logged in user to manipulate ads and inject arbitrary javascript via submitting a form. PoC...

4.3CVSS2.9AI score0.00412EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/05/12 12:0 a.m.•17 views

Quick Restaurant Reservations < 1.4.2 - Reflected Cross-Site Scripting

The plugin does not escape some parameters before outputting them back in admin pages, leading to Reflected Cross-Site Scripting...

5.9CVSS2.5AI score0.00546EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2022/05/11 12:0 a.m.•19 views

Five Minute Webshop <= 1.3.2 - Admin+ SQLi via orderby

The plugin does not properly validate and sanitise the orderby parameter before using it in a SQL statement via the Manage Products admin page, leading to an SQL Injection PoC https://example.com/wp-admin/admin.php?page=fmwesproducts=id+AND+SELECT+7394+FROM+SELECTSLEEP5UrUZ...

4.9CVSS0.7AI score0.00951EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
•added 2022/05/11 12:0 a.m.•15 views

Database Backup for WordPress < 2.5.2 - Arbitrary Schedule Settings Update via CSRF

The plugin does not have CSRF check in place when updating the schedule backup settings, which could allow an attacker to make a logged in admin change them via a CSRF attack. This could lead to cases where attackers can send backup notification emails to themselves, which contain more details. O...

5.8CVSS3.2AI score0.00402EPSS
Exploits2Affected Software1
Total number of security vulnerabilities14604