Lucene search
+L
WpvulndbRecent

14604 matches found

WPVulnDB
WPVulnDB
added 2022/05/02 12:0 a.m.18 views

WP Subscribe < 1.2.13 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its widgets settings, which could allow high privilege users such as admin to perform Cross-Site Scripting even when unfilteredhtml is disallowed PoC Add the widget of the plugin to a page, and put the following payload in settings such as "Title",...

4.8CVSS1.6AI score0.00533EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
added 2022/05/02 12:0 a.m.18 views

StaffList < 3.1.5 - Admin+ SQLi

The plugin does not properly sanitise and escape a parameter before using it in a SQL statement when searching for Staff in the admin dashboard, leading to an SQL Injection PoC https://example.com/wp-admin/admin.php?page=stafflist=test%'+AND+SELECT+42+FROM+SELECTSLEEP5b+AND+'aa%'='aa...

9.8CVSS0.1AI score0.2038EPSS
Exploits2References2Affected Software1
WPVulnDB
WPVulnDB
added 2022/05/02 12:0 a.m.20 views

Check & Log email < 1.0.6 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape a parameter before outputting it back in an attribute in an admin page, leading to a Reflected Cross-Site Scripting PoC https://example.com/wp-admin/admin.php?page=check-email-settings="...

6.1CVSS6.2AI score0.00773EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/05/02 12:0 a.m.20 views

Nirweb support < 2.8.2 - Unauthenticated SQLi

The plugin does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to an SQL injection PoC curl https://example.com/wp-admin/admin-ajax.php --data 'action=answerdticketform=1 UNION ALL SELECT NULL,NULL,SELECT...

9.8CVSS1.5AI score0.13207EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/05/02 12:0 a.m.26 views

Tabs Responsive < 2.2.8 - Editor+ Stored Cross-Site Scripting

The plugin does not sanitise and escape Tab descriptions, which could allow high privileged users with a role as low as editor to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed PoC Create/edit a Tab via the plugin, and put the following payload in a Tab...

4.8CVSS3.6AI score0.00577EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/05/02 12:0 a.m.19 views

WP Contacts Manager <= 2.2.4 - Unauthenticated SQLi

The plugin fails to properly sanitize user supplied POST data before it is being interpolated in an SQL statement and then executed, leading to an SQL injection vulnerability. PoC curl 'http://127.0.0.1:8080/wp-admin/admin-ajax.php?action=WPContactsManagercall=get-contact' \ --data '"id":"1\u0027...

9.8CVSS1.6AI score0.01603EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/05/02 12:0 a.m.27 views

WP Meta SEO < 4.4.7 - Admin+ Stored Cross-Site Scripting via breadcrumbs

The plugin does not sanitise or escape the breadcrumb separator before outputting it to the page, allowing a high privilege user such as an administrator to inject arbitrary javascript into the page even when unfiltered html is disallowed. PoC As admin, put the following payload in the Breadcrumb...

4.8CVSS0.4AI score0.00689EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/04/29 12:0 a.m.22 views

Ultimate Member < 2.3.2 - Open Redirect

The plugin is vulnerable to open redirects due to insufficient validation on supplied URLs in the social fields of the Profile Page, which makes it possible for attackers to redirect unsuspecting victims...

5.4CVSS4.6AI score0.00707EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
added 2022/04/28 12:0 a.m.26 views

Countdown & Clock <= 2.3.2 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfilteredhtml capability is disallowed...

5.9CVSS2.6AI score0.00533EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2022/04/28 12:0 a.m.111 views

All-in-One WP Migration < 7.59 - Admin+ File Deletion on Windows Hosts via Path Traversal

The plugin is vulnerable to arbitrary file deletion via directory traversal due to insufficient file validation via the /lib/model/class-ai1wm-backups.php file which can be exploited by administrative users, and users who have access to the site’s secret key on WordPress instances with Windows...

6.6CVSS4.4AI score0.47495EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2022/04/28 12:0 a.m.22 views

Hermit <= 3.1.6 - Subscriber+ SQLi

The plugin does not sanitise and escape the ids parameter before using it in a SQL statement, leading to a SQL injection...

8.8CVSS1.6AI score0.00851EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2022/04/28 12:0 a.m.16 views

Hermit <= 3.1.6 - Stored Cross-Site Scripting via CSRF

The plugin does not have CSRF check in when creating a source, and does not sanitise as well as escape the title, which could allow attackers to make a logged in user create an arbitrary source with an XSS payload in it...

6.1CVSS3AI score0.00373EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2022/04/28 12:0 a.m.23 views

Hermit <= 3.1.6 - Unauthenticated SQLi

The plugin does not sanitise and escape the id parameter before using it in a SQL statement, leading to a SQL injection...

9.8CVSS1.6AI score0.01032EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2022/04/28 12:0 a.m.24 views

Footer Text <= 2.0.3 - Stored Cross-Site Scripting via CSRF

The plugin does not have CSRF in place when updating its settings, and is lacking sanitisation as well as escaping in them, which could allow attackers to make a logged in admin change them and perform Cross-Site Scripting attacks...

6.1CVSS4.4AI score0.00373EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2022/04/28 12:0 a.m.16 views

Countdown & Clock <= 2.3.2 - Pro Features Lock Bypass

The plugin does not properly lock its Pro features which could allow high privilege users such as admin to bypass the restriction and use them...

9.8CVSS3.2AI score0.01047EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2022/04/28 12:0 a.m.17 views

Hermit <= 3.1.6 - Arbitrary Cache/Source Deletion & Source Creation via CSRF

The plugin does not have CSRF checks in multiple actions, which could allow attackers to make logged in users perform them via CSRF attacks...

5.8CVSS4.4AI score0.00401EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2022/04/28 12:0 a.m.18 views

Ravpage <= 2.16 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape various base64 encoded parameters before outputting them back in the page, leading to a Reflected Cross-Site Scripting...

6.1CVSS1.5AI score0.00727EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2022/04/28 12:0 a.m.19 views

Countdown & Clock < 2.3.3 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape the ycdtype parameter before outputting back in a page, leading to a Reflected Cross-Site Scripting...

6.1CVSS1.5AI score0.00713EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2022/04/27 12:0 a.m.9 views

WP-Invoice <= 4.3.1 - Arbitrary Settings Update via CSRF

The plugin does not have CSRF check in place when updating its settings, which could allow attacker to make a logged in admin update them and change the minimum role allowed to access the plugin's features to subscriber for example, which would make invoices available to any authenticated users P...

4.4AI score
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2022/04/27 12:0 a.m.11 views

Coru LFMember <= 1.0.2 - Arbitrary Game Deletion/Activation via CSRF

The plugin does not have CSRF in place when deleting and activating games, which could allow attacker to make a logged in admin perform such actions PoC...

4.3AI score
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2022/04/27 12:0 a.m.71 views

Booking Calendar < 9.1.1 - PHP Object Injection

The plugin unserializes user data without being validated first, which could allow attackers to perform PHP object injection attack. If a timeline is published, unauthenticated attackers could perform such attack, otherwise any authenticated could. A suitable POP chain, from another plugin for...

8.8CVSS3.7AI score0.0171EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2022/04/26 12:0 a.m.17 views

Vertical scroll recent post < 14.0 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape a parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting PoC https://example.com/wp-admin/options-general.php?page=vertical-scroll-recent-post=editid=0%22%3E%3Csvg%2Fonload%3Dalert%28%2Fxss%2F%29%3E...

6.1CVSS0.1AI score0.00773EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/04/26 12:0 a.m.14 views

Coru LFMember <= 1.0.2 - Stored Cross-Site Scripting via CSRF

The plugin does not have CSRF check in place when adding a new game, and is lacking sanitisation as well as escaping in their settings, allowing attacker to make a logged in admin add an arbitrary game with XSS payloads PoC...

2.9AI score0.00266EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2022/04/26 12:0 a.m.20 views

Psychological tests & quizzes <= 0.21.19 - Contributor+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its settings available to users with a role as low as contributor, allowing them to perform Cross-Site Scripting attacks...

5.4CVSS3AI score0.0056EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2022/04/26 12:0 a.m.21 views

Tripetto < 5.2.0 - Unauthenticated Stored Cross-Site Scripting

The plugin does not validate uploaded attachment files, which could allow unauthenticated users to upload malicious SVG and lead to Cross-Site Scripting...

6.1CVSS3AI score0.00727EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2022/04/26 12:0 a.m.23 views

Sliderby10Web < 1.2.52 - Admin+ Stored Cross-Site Scripting

The plugin does not properly sanitize and escape some of its settings, which could allow high-privileged users such as admin to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed PoC Create/edit a slider, put the following payload in the CSS settings and save: The XSS wil...

4.8CVSS2.4AI score0.01017EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/04/26 12:0 a.m.15 views

Turn off all comments <= 1.0 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape the rows parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting PoC https://example.com/wp-admin/tools.php?page=toac=success=%3Csvg%2Fonload%3Dalert%28%2Fxss%2F%29%3E...

6.1CVSS0.1AI score0.03016EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/04/26 12:0 a.m.11 views

Domain Replace <= 1.3.8 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape a parameter before outputting it back in an attribute in an admin page, leading to a Reflected Cross-Site Scripting PoC https://example.com/wp-admin/admin.php?page=dr-convert=%3Csvg%2Fonload%3Dalert%28%2Fxss%2F%29%3E...

6.1CVSS0.2AI score0.00773EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/04/26 12:0 a.m.12 views

Donate Extra <= 2.02 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape a parameter before outputting it back in the response, leading to a Reflected cross-Site Scripting PoC...

6.1CVSS1.3AI score0.00773EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/04/25 12:0 a.m.20 views

WP-Invoice <= 4.3.1 - Stored Cross-Site Scripting via CSRF

The plugin does not have CSRF check in place when updating its settings, and is lacking sanitisation as well as escaping in some of them, allowing attacker to make a logged in admin change them and add XSS payload in them PoC...

2.7AI score0.00266EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2022/04/25 12:0 a.m.17 views

Gmedia Photo Gallery < 1.20.0 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape the Album's name before outputting it in pages/posts with a media embed, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered-html capability is disallowed PoC https://youtu.be/kTMg65teTvU...

4.8CVSS1.2AI score0.00872EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/04/25 12:0 a.m.21 views

Call Now Button < 1.1.2 - Reflected Cross-Site Scripting

The plugin does not escape a parameter before outputting it back in an attribute of a hidden input, leading to a Reflected Cross-Site Scripting when the premium is enabled PoC With premium enabled: http://example.com/wp-admin/admin.php?page=call-now-button=xxxxx" accesskey=X onclick=alert/XSS/...

6.1CVSS0.2AI score0.00773EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/04/25 12:0 a.m.17 views

Night Mode < 1.4.0 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its settings, which could allow high privilege users to perform Cross-Site Scripting attacks woven when unfilteredhtml is disallowed...

4.8CVSS3AI score0.00518EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2022/04/25 12:0 a.m.23 views

3xSocializer <= 0.98.22 - Subscriber+ SQLi

Description The plugin does not sanitise and escape some parameter before using them in SQL statements, leading to SQL Injections...

8.8CVSS7.3AI score0.00803EPSS
Exploits0
WPVulnDB
WPVulnDB
added 2022/04/25 12:0 a.m.21 views

ScrollReveal.js Effects <= 1.2 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed PoC Put the following payload in any of the plugin's settings such as Opacity: "...

4.8CVSS2.3AI score0.00662EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2022/04/25 12:0 a.m.15 views

Tracked Tweets <= 0.2.9 - Stored Cross-Site Scripting via CSRF

The plugin does not have SCRF check when updating its settings, as well as does not sanitise and escape them when outputting them back. This could allow attackers to make a logged in admin update them to arbitrary values, including XSS payloads, via a CSRF attack PoC...

4AI score
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2022/04/25 12:0 a.m.22 views

ShortPixel Adaptive Images < 3.4.0 - Subscriber+ Arbitrary Settings Update

The plugin does not have any authorisation when updating its settings via an AJAX action, allowing any authenticated users, such as subscriber to change them...

4.3CVSS5.2AI score0.00606EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2022/04/25 12:0 a.m.20 views

WPC Smart Wishlist for WooCommerce < 2.9.9 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape a parameter before outputting it back in an attribute via an AJAX action, leading to a Reflected Cross-Site Scripting issue. PoC Against any authenticated user:...

6.1CVSS1.8AI score0.00833EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/04/25 12:0 a.m.20 views

WP Subtitle < 3.4.1 - Contributor+ Stored Cross-Site Scripting

The plugin adds a subtitle field and provides a shortcode to display it via wpsubtitle. The subtitle is stored as a custom post meta with the key: "wpssubtitle", which is sanitized upon post save/update, however is not sanitized when updating it directly from the post meta update button via AJAX ...

5.4CVSS0.8AI score0.0058EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/04/25 12:0 a.m.11 views

Content Egg < 5.3.1 - Reflected Cross-Site Scripting

The plugin does not escape some URLs before outputting them back in attributes, leading to Reflected Cross-Site Scripting PoC https://example.com/wp-admin/admin.php?page=content-egg-autoblog-edit"...

Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2022/04/25 12:0 a.m.9 views

Tracked Tweets <= 0.2.9 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape some parameters before outputting them back in an admin page, leading to a Reflected Cross-Site Scripting issue PoC All parameters from the settings page are affected...

2.2AI score
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2022/04/23 12:0 a.m.18 views

Metform Elementor Contact Form Builder < 2.1.4 - Unauthenticated API keys and Secrets Disclosure

The is vulnerable to sensitive information disclosure due to improper access control in the /core/forms/action.php file which can be exploited by an unauthenticated attacker to view all API keys and secrets of integrated third-party APIs such as PayPal, Stripe, Mailchimp, Hubspot, HelpScout,...

7.5CVSS1.2AI score0.09699EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2022/04/21 12:0 a.m.26 views

VikBooking Hotel Booking Engine & PMS < 1.5.7 - Stored Cross-Site Scripting via CSRF

The plugin does not have CSRF check in place when adding a tracking campaign, and does not escape the campaign fields when outputting them In attributes. As a result, attackers could make a logged in admin add tracking campaign with XSS payloads in them via a CSRF attack PoC XSS will be triggered...

6.5CVSS1.9AI score0.00524EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/04/21 12:0 a.m.20 views

VikBooking Hotel Booking Engine & PMS < 1.5.8 - Admin+ PHP File Upload

The plugin does not properly validate images, allowing high privilege users such as administrators to upload PHP files disguised as images and containing malicious PHP code PoC Edit/add a Characteristics /wp-admin/admin.php?option=comvikbooking=carat and upload a fake GIF with PHP code in it as a...

7.2CVSS0.3AI score0.01467EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/04/21 12:0 a.m.22 views

Advanced Contact form 7 DB <= 1.8.7 - Unauthenticated Stored Cross-Site Scripting

The plugin does not sanitise and escape a parameter from its form, which could lead to an unauthenticated Stored Cross-Site Scripting issue...

6.1CVSS2AI score0.00655EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2022/04/21 12:0 a.m.16 views

VikBooking Hotel Booking Engine & PMS < 1.5.8 - Admin+ Stored Cross-Site Scripting

The plugin does not escape various settings before outputting them in attributes, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed PoC v 1.5.7 Add/edit a custom field /wp-admin/admin.php?option=comvikbooking=custom...

4.8CVSS0.2AI score0.00577EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/04/21 12:0 a.m.17 views

Rara One Click Demo Import < 1.3.0 - Arbitrary File Upload via CSRF

The plugin does not have CSRF check when uploading files, which could allow attackers to make a logged in admin upload arbitrary files via a CSRF attack...

8.8CVSS5AI score0.00562EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2022/04/20 12:0 a.m.17 views

Country Selector < 1.6.6 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape the country and lang parameters before outputting them back in the response, leading to a Reflected Cross-Site Scripting PoC...

6.1CVSS1.6AI score0.01436EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2022/04/20 12:0 a.m.18 views

Social Stickers <= 2.2.9 - Stored Cross-Site Scripting via CSRF

The plugin does not have CSRF checks in place when updating its Social Network settings, and does not escape some of these fields, which could allow attackers to make a logged-in admin change them and lead to Stored Cross-Site Scripting issues. PoC...

6.1CVSS4AI score0.00386EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/04/19 12:0 a.m.148 views

Fusion Builder < 3.6.2 - Unauthenticated SSRF

Description The plugin, used in the Avada theme, does not validate a parameter in its forms which could be used to initiate arbitrary HTTP requests. The data returned is then reflected back in the application's response. This could be used to interact with hosts on the server's local network...

9.8CVSS9.2AI score0.71722EPSS
Exploits6References2
Total number of security vulnerabilities14604