Lucene search
+L
WpvulndbRecent

14604 matches found

WPVulnDB
WPVulnDB
added 2022/05/11 12:0 a.m.35 views

WP Fundraising Donation and Crowdfunding Platform < 1.5.0 - Unauthenticated SQLi

The plugin does not sanitise and escape a parameter before using it in a SQL statement via one of it's REST route, leading to an SQL injection exploitable by unauthenticated users PoC curl 'https://example.com/index.php?restroute=/xs-donate-form/payment-redirect/3' \ --data '"id": "SELECT 1 FROM...

9.8CVSS3.5AI score0.07879EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/05/11 12:0 a.m.23 views

WooCommerce Green Wallet Gateway < 1.0.2 - Reflected Cross Site Scripting in checkout page

The plugin does not escape the errorenvision query parameter before outputting it to the page, leading to a Reflected Cross-Site Scripting vulnerability. PoC 1. Enable greenwallet-gateway as a woocommerce payment gateway 2. add something in your cart and visit the checkout page 3. visit...

6.1CVSS1.4AI score0.00757EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/05/10 12:0 a.m.24 views

Easy FAQ with Expanding Text <= 3.2.8.3.1 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape its settings, allowing high privilege users to perform Cross-Site Scripting attacks when unfilteredhtml is disallowed PoC Put the following payload in any of the plugin's settings such as Font size, Font Color and save: "...

4.8CVSS2.1AI score0.00565EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/05/10 12:0 a.m.25 views

WP Statistics < 13.2.2 - Reflected Cross-Site Scripting

The plugin does not sanitise the REQUESTURI parameter before outputting it back in the rendered page, leading to Cross-Site Scripting XSS in web browsers which do not encode characters PoC GET /wp-admin/admin.php?page=wpssettingspage= HTTP/1.1 Accept:...

6.1CVSS2.4AI score0.00857EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/05/10 12:0 a.m.20 views

Quotes llama < 1.0.0 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape Quotes, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed. The attack could also be performed by tricking an admin to import a malicious CSV file PoC Create/edit a quote and p...

4.8CVSS1.3AI score0.0064EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/05/09 12:0 a.m.23 views

Simple Real Estate Pack <= 1.4.8 - Admin+ Stored Cross Site Scripting

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfilteredhtml capability is disallowed PoC Put the following payload in the plugin's settings such as "Consumer Key": "...

4.8CVSS2.2AI score0.00565EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/05/09 12:0 a.m.22 views

Amazon Link <= 3.2.10 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed. PoC Put the following payload in settings such as the "AWS Public Key": "...

4.8CVSS2.9AI score0.00565EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/05/09 12:0 a.m.14 views

StaffList < 3.1.7 - Reflected Cross-Site Scripting

The plugin does to sanitise and escape a parameter before outputting it back in various places in an admin page, leading to a Reflected cross-Site Scripting PoC v v 3.1.7 - https://example.com/wp-admin/admin.php?page=stafflist=aa' style=animation-name:rotation onanimationstart=alert/XSS///...

0.4AI score
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2022/05/09 12:0 a.m.25 views

Change wp-admin Login < 1.1.0 - Unauthenticated Arbitrary Settings Update

The plugin does not properly check for authorisation and is also missing CSRF check when updating its settings, which could allow unauthenticated users to change the settings. The attacked could also be performed via a CSRF vector PoC curl --url...

7.5CVSS3.9AI score0.00578EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/05/09 12:0 a.m.13 views

No Future Posts <= 1.4 - Admin+ Stored Cross-Site Scripting

The plugin does not escape its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks when unfilteredhtml is disallowed PoC Put the following payload in any of the plugin's settings such as Exclude posts IDs and save: " autofocus onfocus=alert/XSS//...

4.8CVSS2.3AI score0.00565EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/05/09 12:0 a.m.27 views

User Meta < 2.4.3 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape the Form Name, as well as Shared Field Labels before outputting them in the admin dashboard when editing a form, which could allow high privilege users to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed PoC An an admin -...

4.8CVSS0.7AI score0.00565EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/05/09 12:0 a.m.14 views

HPB Dashboard <= 1.3.1 - Admin+ Stored Cross Site Scripting

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed. PoC Put the following payload in the plugin's settings: "...

4.8CVSS2.2AI score0.00565EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/05/09 12:0 a.m.24 views

Form Maker By 10Web < 1.14.12 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitize and escape the Custom Text settings, which could allow high privilege user such as admin to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed PoC In a form settings, put the following payload in the Actions after submission Action Type Custom...

4.8CVSS1.1AI score0.00995EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/05/09 12:0 a.m.25 views

IMDB info box <= 2.0 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitize and escape some of its settings, which could allow high-privileged users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed PoC As administrator, put the following payload in any of the plugin's settings and save: "...

4.8CVSS2.5AI score0.00565EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/05/09 12:0 a.m.14 views

Slideshow <= 2.3.1 - Author+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its Slideshow settings, which could allow users with a role as low as Author to perform Cross-Site Scripting attacks PoC As author and above, create/edit a slideshow and put the following payload in the "Number of seconds the slide takes to slide in...

1.1AI score
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2022/05/09 12:0 a.m.16 views

Team Members < 5.1.1 - Admin+ Stored Cross-Site Scripting

The plugin does not escape some of its Team settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed PoC The teamcolor field ie "Main color" setting of a team is affected POST /wp-admin/post.php HTTP/1.1 Accept:...

4.8CVSS0.9AI score0.00565EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/05/09 12:0 a.m.18 views

Logo Slider <= 1.4.8 - Admin+ SQLi

The plugin does not sanitise and escape the lspsliderid parameter before using it in a SQL statement via the Manage Slider Images admin page, leading to an SQL Injection PoC https://example.com/wp-admin/admin.php?page=manageimagessliderid=1+AND+SELECT+7741+FROM+SELECTSLEEP5hlAf...

4CVSS0.4AI score0.00764EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2022/05/09 12:0 a.m.19 views

Birthdays Widget <= 1.7.18 - Admin+ Stored Cross Site Scripting

The plugin does not sanitise and escape some of its fields, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfilteredhtml capability is disallowed PoC As admin, create/edit a Birthday and add the following payload in the Name field:...

4.8CVSS2.4AI score0.00565EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/05/09 12:0 a.m.19 views

Note Press <= 0.1.10 - Admin+ SQLi via id

The plugin does not sanitise and escape the id parameter before using it in various SQL statement via the admin dashboard, leading to SQL Injections PoC https://example.com/wp-admin/admin.php?page=NotePress-Main-Menu=view=17+AND+SELECT+3630+FROM+SELECTSLEEP5KdTt...

4CVSS0.4AI score0.00764EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2022/05/09 12:0 a.m.18 views

BannerMan <= 0.2.4 - Multiple Admin+ Stored Cross-Site Scripting

The plugin does not sanitize or escape its settings, which could allow high-privileged users to perform Cross-Site Scripting attacks when the unfilteredhtml is disallowed such as in multisite PoC As administrator, put the following payloads in the mentioned settings of the plugin...

4.8CVSS2.7AI score0.00565EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/05/09 12:0 a.m.19 views

Slideshow <= 2.3.1 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitize and escape some of its default slideshow settings, which could allow high-privileged users such as admin to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed PoC As admin, put the following payload in the "Number of seconds the...

4.8CVSS0.9AI score0.00565EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/05/09 12:0 a.m.12 views

Call&Book Mobile Bar <= 1.2.2 - Admin+ Stored Cross Site Scripting

The plugin does not sanitize and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed. PoC Put the following payload in any of the plugin's settings: "...

4.8CVSS2.3AI score0.00565EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/05/09 12:0 a.m.17 views

Note Press <= 0.1.10 - Admin+ SQLi via Bulk Actions

The plugin does not sanitise and escape the ids from the bulk actions before using them in a SQL statement in an admin page, leading to an SQL injection PoC...

4CVSS1AI score0.00764EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2022/05/09 12:0 a.m.19 views

Five Minute Webshop <= 1.3.2 - Admin+ SQLi via id

The plugin does not sanitise and escape the id parameter before using it in a SQL statement when editing a product via the admin dashboard, leading to an SQL Injection PoC https://example/wp-admin/admin.php?page=fmweseditproduct=1+AND+SELECT+6037+FROM+SELECTSLEEP5Uiuu...

4CVSS0.8AI score0.00764EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2022/05/09 12:0 a.m.19 views

JivoChat < 1.3.5.4 - Stored Cross-Site Scripting via CSRF

The plugin does not properly check CSRF tokens on POST requests to the plugins admin page, and does not sanitise some parameters, leading to a stored Cross-Site Scripting vulnerability where an attacker can trick a logged in administrator to inject arbitrary javascript. PoC XSS will be triggered...

5.4CVSS3.2AI score0.00292EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/05/09 12:0 a.m.22 views

CP Image Store with Slideshow < 1.0.68 - Unauthenticated SQLi

The plugin does not sanitise and escape the orderingby query parameter before using it in a SQL statement in pages where the codepeople-image-store is embed, allowing unauthenticated users to perform an SQL injection attack PoC On a page where the codepeople-image-store is embed, append the...

9.8CVSS0.9AI score0.1036EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2022/05/09 12:0 a.m.18 views

Note Press <= 0.1.10 - Admin+ SQLi via Update

The plugin does not sanitise and escape the Update parameter before using it in a SQL statement when updating a note via the admin dashboard, leading to an SQL injection PoC POST /wp-admin/admin.php?page=NotePress-Main-Menu=edit=17 HTTP/1.1 Accept:...

4CVSS0.7AI score0.00764EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2022/05/09 12:0 a.m.13 views

External Links in New Window / New Tab < 1.43 - Unauthenticated Stored Cross-Site Scripting

The plugin does not properly escape URLs it concatenates to onclick event handlers, which makes Stored Cross-Site Scripting attacks possible. PoC On any post on the affected site, add the following link to a comment: Click here for XSS-'/ Click on the link, you should be getting an alert box...

6.1CVSS1.8AI score0.00757EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/05/09 12:0 a.m.16 views

Realty Workstation < 1.0.15 - Agent SQLi

The plugin does not sanitise and escape the transedit parameter before using it in a SQL statement when an agent edit a transaction, leading to an SQL injection PoC As a logged in agent: https://example.com/workstation/?transactions=opentransactionsedit=1%20AND%20SELECT%2042%20FROM%20SELECTSLEEP5...

4.9CVSS5.1AI score0.00951EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2022/05/09 12:0 a.m.21 views

amtyThumb <= 4.2.0 - Subscriber+ SQLi

The plugin does not sanitise and escape a parameter before using it in a SQL statement via its shortcode, leading to an SQL injection and is exploitable by any authenticated user and not just Author+ like the original advisory mention due to the fact that they can execute shortcodes via an AJAX...

8.8CVSS0.7AI score0.0151EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2022/05/09 12:0 a.m.17 views

External Links in New Window / New Tab < 1.43 - Tabnabbing

The plugin does not ensure window.opener is set to "null" when links to external sites are clicked, which may enable tabnabbing attacks to occur. PoC Create an external link, check window.opener in the newly opened tab after clicking the external link...

6.5CVSS1.8AI score0.01265EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/05/06 12:0 a.m.25 views

WP 2FA < 2.2.1 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape a parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting PoC https://example.com/wp-admin/admin.php?page=wp-2fa-settingserror=...

6.1CVSS6.2AI score0.00815EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/05/06 12:0 a.m.18 views

PNG to JPG < 4.1 - Stored Cross-Site Scripting via CSRF

The plugin does not have CSRF check in place when updating its settings, allowing attackers to make a logged in admin do such action via a CSRF attack which could lead to Stored XSS issues due to the lack of sanitisation and escaping in some of them...

6.1CVSS4.3AI score0.00343EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2022/05/06 12:0 a.m.17 views

Remove CPT Base < 5.9 - CPT Deletion via CSRF

The plugin does not have CSRF check in place when deleting the custom post type CPT, allowing attackers to make a logged in admin do such action via a CSRF attack...

5.8CVSS5AI score0.00369EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2022/05/04 12:0 a.m.19 views

Andrea Pernici News Sitemap for Google <= 1.0.16 - Contributor+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some parameters, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks...

5.4CVSS3.6AI score0.00538EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2022/05/04 12:0 a.m.15 views

Code Snippets Extended <= 1.4.7 - RCE via CSRF

The plugin could allow attackers to perform RCE by using a CSRF attack against a logged in admin...

8.8CVSS4.8AI score0.00913EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2022/05/04 12:0 a.m.16 views

Poll Maker < 4.0.2 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some settings, which could allow high privilege users such as admin to perform Store Cross-Site Scripting attack even when unfilteredhtml is disallowed PoC Put the following payload in any of the Mailchimp integration settings...

4.8CVSS2.7AI score0.00565EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/05/04 12:0 a.m.19 views

WP Slider <= 1.4.5 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfilteredhtml capability is disallowed...

4.8CVSS2.7AI score0.00499EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2022/05/04 12:0 a.m.20 views

Disable Right Click For WP <= 1.1.6 - Arbitrary Settings Update via CSRF

The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

8.8CVSS4AI score0.0041EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2022/05/04 12:0 a.m.15 views

Image Hover Effects Ultimate < 9.7.2 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape parameters before outputting them back in an admin page, leading to a Reflected Cross-Site Scripting...

4.8CVSS1.7AI score0.00499EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2022/05/04 12:0 a.m.13 views

Checkout Files Upload for WooCommerce < 2.1.3 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape filenames before outputting them back in order confirmation page, leading to a Reflected Cross-Site Scripting...

6.1CVSS0.8AI score0.00669EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2022/05/03 12:0 a.m.9 views

Helpful < 4.5.15 - Votes Tampering

The plugin allowed users to vote more than once, which could allow attackers to increase votes drastically on some posts...

3.7AI score
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2022/05/03 12:0 a.m.23 views

WP JS <= 2.0.6 - Reflected Cross-Site Scripting

The plugin contains a script called wp-js.php with the function wpjsadmin, that accepts unvalidated user input and echoes it back to the user, leading to a Reflected Cross-Site Scripting...

6.1CVSS1.2AI score0.01141EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2022/05/03 12:0 a.m.429 views

Smush < 3.9.9 - Admin+ Reflected Cross-Site Scripting

The plugin does not sanitise and escape a configuration parameter before outputting it back in an admin page when uploading a malicious preset configuration, leading to a Reflected Cross-Site Scripting. For the attack to be successful, an attacker would need an admin to upload a malicious...

6.1CVSS1.2AI score0.00757EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/05/03 12:0 a.m.16 views

VikBooking < 1.5.9 - Reflected Cross-Site Scripting

The plugin does not escape the current URL before putting it back in a JavaScript context, leading to a Reflected Cross-Site Scripting PoC https://example.com/wp-admin/?test%22-alert/XSS/-%22 https://example.com/wp-admin/profile.php?test%22-alert/XSS/-%22...

6.1CVSS6.2AI score0.00757EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/05/03 12:0 a.m.18 views

Enable SVG < 1.4.0 - Author+ Stored Cross Site Scripting via SVG

The plugin does not sanitise uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads PoC As an author or above, upload the below SVG file via the Media library: The XSS will be triggered when accessing the file directly, e.g...

5.4CVSS1.5AI score0.00571EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/05/03 12:0 a.m.9 views

StaffList < 3.1.6 - Reflected Cross-Site Scripting

The plugin does to sanitise and escape a parameter before outputting it back in an admin page, leading to a Reflected cross-Site Scripting PoC https://example.com/wp-admin/admin.php?page=stafflist=1=1%27%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E...

0.6AI score
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2022/05/03 12:0 a.m.21 views

Content Mask < 1.8.4.1 - Subscriber+ Arbitrary Options Update

The plugin does not have authorisation and CSRF checks in various AJAX actions, as well as does not validate the option to be updated to ensure it belongs to the plugin. As a result, any authenticated user, such as subscriber could modify arbitrary blog options PoC POST /wp-admin/admin-ajax.php...

4.3CVSS1.4AI score0.01052EPSS
Exploits3Affected Software1
WPVulnDB
WPVulnDB
added 2022/05/02 12:0 a.m.22 views

Breeze < 2.0.3 - Subscriber+ Arbitrary Settings Update to Stored XSS

The plugin is lacking authorisation, CSRF and sanitisation in its AJAX actions available to any authenticated users, which could allow any logged in user to change the plugin's settings and perform XSS attacks...

6.5CVSS4.7AI score0.00538EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2022/05/02 12:0 a.m.16 views

StaffList < 3.1.6 - Arbitrary Staff Deletion via CSRF

The plugin does not have CSRF check in place when deleting staff members, which could allow attacker to make a logged in admin perform such action and delete arbitrary staff via a CSRF attack PoC https://example.com/wp-admin/admin.php?page=stafflist=last=1=1...

4.5AI score
Exploits0References1Affected Software1
Total number of security vulnerabilities14604