Lucene search
+L
WpvulndbRecent

14604 matches found

WPVulnDB
WPVulnDB
•added 2022/04/19 12:0 a.m.•17 views

Advanced Uploader <= 4.2 - Subscriber+ Arbitrary File Upload

The plugin allows any authenticated users like subscriber to upload arbitrary files, such as PHP, which could lead to RCE PoC As any authenticated user, upload a PHP file via /wp-admin/upload.php?page=adv-file-upload The file will be at https://example.com/wp-content/uploads/2022/03/.php...

8.8CVSS2.6AI score0.15929EPSS
Exploits5Affected Software1
WPVulnDB
WPVulnDB
•added 2022/04/19 12:0 a.m.•21 views

th23 Social <= 1.2.0 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed PoC Put the following payload in the plugin's settings...

4.8CVSS2.9AI score0.00577EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/04/19 12:0 a.m.•24 views

Advanced Image Sitemap <= 1.2 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape the PHPSELF PHP variable before outputting it back in an attribute in an admin page, leading to Reflected Cross-Site Scripting. PoC https://example.com/wp-admin/options-general.php/%22%3E%3Csvg/onload=alert/xss/%3E?page=ais...

6.1CVSS0.3AI score0.00773EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/04/19 12:0 a.m.•20 views

BMI BMR Calculator <= 1.3 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape arbitrary POST data before outputting it back in the response, leading to a Reflected Cross-Site Scripting PoC...

6.1CVSS1.3AI score0.00831EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/04/19 12:0 a.m.•9 views

Videos sync PDF <= 1.7.4 - Stored Cross-Site Scripting via CSRF

The plugin does not have CSRF check in place when editing a video, and does not escape some of its fields, which could allow attackers to make a logged in admin change them and lead to Stored Cross-Site Scripting issues PoC...

4AI score
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
•added 2022/04/18 12:0 a.m.•28 views

MapSVG < 6.2.20 - Unauthenticated SQLi

The plugin does not validate and escape a parameter via a REST endpoint before using it in a SQL statement, leading to a SQL Injection exploitable by unauthenticated users. PoC https://example.com/wp-json/mapsvg/v1/maps/2?id=1%27%20AND%20SELECT%2042%20FROM%20SELECTSLEEP5b--+...

9.8CVSS1.5AI score0.10279EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/04/18 12:0 a.m.•30 views

Popup by Supsystic < 1.10.9 - Unauthenticated Subscriber Email Addresses Disclosure

The plugin does not have any authentication and authorisation in an AJAX action, allowing unauthenticated attackers to call it and get the email addresses of subscribed users PoC POST /wp-admin/admin-ajax.php HTTP/1.1 Content-Length: 104 Accept: application/json, text/javascript, /; q=0.01...

5.3CVSS2.2AI score0.02869EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/04/18 12:0 a.m.•20 views

VikBooking Hotel Booking Engine & PMS < 1.5.4 - Booking Data Disclosure

The plugin has guessable booking IDs, which could allow attackers to retrieve booking data via an IDOR in the search request...

5.3CVSS4AI score0.01067EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2022/04/18 12:0 a.m.•20 views

VikBooking Hotel Booking Engine & PMS < 1.5.4 - Unauthenticated Arbitrary File Upload

The plugin does not properly validate the signature file uploaded via its booking form, which could allow unauthenticated attacker to upload arbitrary files...

9.8CVSS3.4AI score0.01617EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2022/04/18 12:0 a.m.•16 views

Personal Dictionary < 1.3.4 - Unauthenticated SQLi

The plugin fails to properly sanitize user supplied POST data before it is being interpolated in an SQL statement and then executed, leading to a blind SQL injection vulnerability. PoC 1. Create a new page with the plugin's shortcode shortcode can be copied from...

9.8CVSS0.1AI score0.0677EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/04/18 12:0 a.m.•22 views

Ubigeo de Peru < 3.6.4 - Unauthenticated SQLi

The plugin does not properly sanitise and escape some parameters before using them in SQL statements via various AJAX actions, some of which are available to unauthenticated users, leading to SQL Injections PoC curl https://example.com/wp-admin/admin-ajax.php \ --data...

9.8CVSS1.7AI score0.09495EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/04/18 12:0 a.m.•26 views

Slide Anything < 2.3.44 - Editor+ Stored Cross-Site Scripting

The plugin does not sanitize and escape sliders' description, which could allow high privilege users such as editor and above to perform Cross-Site Scripting attacks even when the unfilteredhtml is disallowed PoC Create/edit a Slider with the plugin and put the following payload in a Slide...

4.8CVSS2.5AI score0.00577EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/04/15 12:0 a.m.•23 views

WP Maintenance < 6.0.6 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape multiple of its settings, which could allow high privileged users such as admin to perform Cross-Site Scripting attack when the unfilteredhtml is disallowed...

4.8CVSS3AI score0.00514EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
•added 2022/04/15 12:0 a.m.•23 views

MicroPayments < 1.9.6 - Arbitrary Settings Update via CSRF

The plugin does not have CSRF in place when updating its settings, which could allow attacker to make a logged in admin perform such action via a CSRF attack...

8.8CVSS4.5AI score0.00781EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
•added 2022/04/15 12:0 a.m.•19 views

Simple Ajax Chat < 20220216 - Log Clearing & Arbitrary Chat Message Deletion via CSRF

The plugin does not have CSRF check in place when clearing chat logs and deleting a chat message, which could allow attackers to make a logged in admin perform such actions via a CSRF attack...

5.4CVSS4.9AI score0.00381EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2022/04/15 12:0 a.m.•20 views

Simple Ajax Chat < 20220216 - Sensitive Information Disclosure

The plugin does not properly restrict access to the exported data via the sac-export.csv file, which could allow unauthenticated users to access it...

7.5CVSS4.3AI score0.04619EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2022/04/15 12:0 a.m.•21 views

KB Support <= 1.5.5 - Unauthenticated Stored Cross-Site Scripting

The plugin does not sanitise and escape multiple parameters, which could allow unauthenticated users to perform Stored Cross-Site Scripting attacks...

6.1CVSS3.7AI score0.00675EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2022/04/14 12:0 a.m.•19 views

Fancy Product Designer < 4.7.6 - Arbitrary File Upload via CSRF

The plugin is vulnerable to Cross-Site Request Forgery via the FPDAdminImport class that makes it possible for attackers to upload malicious files that could be used to gain webshell access to a server via a CSRF attack...

8.8CVSS4.8AI score0.00573EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
•added 2022/04/14 12:0 a.m.•11 views

WP 2FA < 2.2.0 - Arbitrary 2FA Disabling via IDOR

The plugin does not properly check for authorisation when disabling 2FA, allowing users to disable the protection of other users via an IDOR attack...

5.2AI score
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2022/04/14 12:0 a.m.•24 views

Modern Events Calendar Lite < 6.5.2 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some parameters, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks when unfilteredhtml is disallowed...

4.8CVSS3.3AI score0.00543EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2022/04/13 12:0 a.m.•24 views

SEMA API < 4.02 - Unauthenticated SQLi

The plugin does not properly sanitise and escape some parameters before using them in SQL statements via an AJAX action, leading to SQL Injections exploitable by unauthenticated users PoC v 3.64: curl http://example.com/wp-admin/admin-ajax.php --data 'action=getsemadata=attributes=-3 UNION ALL...

9.8CVSS1.5AI score0.01779EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/04/13 12:0 a.m.•27 views

BadgeOS <= 3.7.0 - Unauthenticated SQLi

The plugin does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action, leading to an SQL Injection exploitable by unauthenticated users PoC curl 'https://example.com/wp-admin/admin-ajax.php' --data 'action=get-achievementsonly=trueid=11 AND SELECT 9628 FROM...

9.8CVSS2.6AI score0.11725EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/04/13 12:0 a.m.•30 views

IgniteUp <= 3.4.1 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some fields when high privilege users don't have the unfilteredhtml capability, which could lead to Stored Cross-Site Scripting issues PoC Customise a template from the plugin /wp-admin/admin.php?page=cscstemplates and put the following payload in the...

5.4CVSS0.2AI score0.00584EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/04/13 12:0 a.m.•23 views

Admin Menu Editor <= 1.0.4 - Reflected Cross-Site Scripting

The plugin does not sanitize and escape a parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting. PoC https://example.com/wp-admin/options-general.php?page=admin-menu-restriction="...

6.1CVSS0.1AI score0.00773EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/04/13 12:0 a.m.•132 views

Elementor 3.6.0-3.6.2 - Subscriber+ Arbitrary File Upload

The plugin is lacking capability check in a function hooked to admininit introduced in v3.6.0, and only relying on a CSRF check. As the nonce is available to any authenticated users, they could call it and upload a malicious zip archive containing arbitrary files via a subsequent call, leading to...

8.8CVSS0.5AI score0.92658EPSS
Exploits10References2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/04/13 12:0 a.m.•20 views

WP Social Buttons <= 2.2 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. PoC Put the following payload in the Delay Time General Settings or Top Margin Advanced Settings of the...

4.8CVSS3AI score0.00577EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/04/13 12:0 a.m.•21 views

Easily Generate Rest API Url <= 1.0.0 - Admin+ Stored Cross-Site Scripting

The plugin does not escape some of its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed PoC Put the following payload in the "Post Per Page" or "Enter Search Text": settings of the plugin: "autofocu...

4.8CVSS2AI score0.00577EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/04/12 12:0 a.m.•16 views

CalderaWP License Manager <= 1.2.11 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape some parameters before outputting them back, leading to a Reflected Cross-Site Scripting...

6.1CVSS1.7AI score0.0049EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2022/04/12 12:0 a.m.•71 views

Popup Maker < 1.16.5 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its Popup settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed PoC Popup Maker Create Popup Popup Settings Triggers Add New Cookie Add...

4.8CVSS1.4AI score0.55784EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/04/12 12:0 a.m.•13 views

Multiple Plugins from Cool Plugins - Subscriber+ Arbitrary Plugin Installation & Activation

Multiple plugins from the Cool Plugins vendor are missing capability and proper CSRF check in the coolpluginsinstall and coolpluginsactivate AJAX actions, available to any authenticated users, allowing them to install and activate arbitrary plugins via an archive hosted on a remote server they...

4.5AI score
Exploits0References1Affected Software9
WPVulnDB
WPVulnDB
•added 2022/04/12 12:0 a.m.•15 views

Themify - Post Type Builder Search Addon < 1.4.0 - Reflected Cross-Site Scripting

The plugin does not properly escape the current page URL before reusing it in a HTML attribute, leading to a reflected cross site scripting vulnerability. PoC On a page or post with a search form, add the following url query parameter: ?%22%3E%3Cscript%3Ealert1%3C/script%3E...

6.1CVSS6AI score0.00773EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/04/12 12:0 a.m.•24 views

Order Listener for WooCommerce < 3.2.2 - Unauthenticated SQLi

The plugin does not sanitise and escape the id parameter before using it in a SQL statement via a REST route available to unauthenticated users, leading to an SQL injection PoC curl 'http://example.com/?restroute=/olistener/new' --data '"id":" SELECT SLEEP3"' -H 'content-type: application/json'...

9.8CVSS2.7AI score0.09999EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
•added 2022/04/11 12:0 a.m.•23 views

SiteSuperCharger < 5.2.0 - Unauthenticated SQLi

The plugin does not validate, sanitise and escape various user inputs before using them in SQL statements via AJAX actions available to both unauthenticated and authenticated users, leading to Unauthenticated SQL Injections PoC curl https://example.com/wp-admin/admin-ajax.php --data...

9.8CVSS2.1AI score0.01602EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/04/11 12:0 a.m.•25 views

Adrotate < 5.8.23 - Admin+ XSS via Advert Name

The plugin does not sanitise and escape Advert Names which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed PoC Create/edit an Advert and put the following payload in the Name field: " The XSS will be triggered when...

4.8CVSS3.7AI score0.00577EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/04/11 12:0 a.m.•18 views

Wbcom Designs Plugins - Subscriber+ Arbitrary Plugin Installation, Activation and Deactivation

Multiple Plugins from Wbcom Designs have an AJAX action without authorisation and CSRF checks, allowing any logged in user to install, activate or deactivate a plugin on the site. PoC fetch"/wp-admin/admin-ajax.php", "headers": "content-type": "application/x-www-form-urlencoded", , "body":...

3.4AI score
Exploits0Affected Software22
WPVulnDB
WPVulnDB
•added 2022/04/11 12:0 a.m.•22 views

Fast Flow < 1.2.11 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape the page parameter before outputting back in an attribute in an admin dashboard, leading to a Reflected Cross-Site Scripting PoC...

6.1CVSS1.7AI score0.00876EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/04/11 12:0 a.m.•21 views

Import WP < 2.4.6 - Admin+ Arbitrary File Upload to RCE

The plugin does not validate the imported file in some cases, allowing high privilege users such as admin to upload arbitrary files such as PHP, leading to RCE PoC Import a PHP file via an URL Tools Import WP Add Importer put any name, and post template Create Importer Remote File select any file...

7.2CVSS0.4AI score0.01467EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/04/11 12:0 a.m.•38 views

Photo Gallery < 1.6.3 - Unauthenticated SQL Injection

The plugin does not properly escape the $POST'filtertag' parameter, which is appended to an SQL query, making SQL Injection attacks possible. PoC POST /wp-admin/admin-ajax.php?imageid=123 HTTP/1.1 Accept: application/json, text/javascript, /; q=0.01 Accept-Language: zh,en;q=0.5 Accept-Encoding:...

9.8CVSS0.5AI score0.23459EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
•added 2022/04/11 12:0 a.m.•23 views

Visual Form Builder < 3.0.8 - Entries Deletion/Restoration via CSRF

The plugin does not enforce nonce checks which could allow attackers to make a logged in admin or editor delete and restore arbitrary form entries via CSRF attacks PoC Single entry trash: https://example.com/wp-admin/admin.php?page=vfb-entries=trash=2 Since entry permanent deletion:...

8.1CVSS1.8AI score0.00453EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
•added 2022/04/11 12:0 a.m.•20 views

All In One WP Security < 4.4.11 - Authenticated Arbitrary Redirect / Reflected XSS

The plugin does not validate, sanitise and escape the redirectto parameter before using it to redirect user, either via a Location header, or meta url attribute, when the Rename Login Page is active, which could lead to an Arbitrary Redirect as well as Cross-Site Scripting issue. Exploitation of...

4.7CVSS0.3AI score0.00726EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/04/11 12:0 a.m.•40 views

Multiple Shipping Address Woocommerce < 2.0 - Unauthenticated SQLi

The plugin does not properly sanitise and escape numerous parameters before using them in SQL statements via some AJAX actions available to unauthenticated users, leading to unauthenticated SQL injections PoC curl 'https://example.com/wp-admin/admin-ajax.php' --data...

9.8CVSS2.4AI score0.07866EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/04/11 12:0 a.m.•29 views

Yoo Slider < 2.1.0 - Arbitrary Slider Creation/Edition via CSRF

The plugin does not have CSRF check in place when creating and editing sliders, which could allow attackers to make a logged in admin create and edit arbitrary slider via a CSRF attack...

4.3CVSS5.2AI score0.00407EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2022/04/11 12:0 a.m.•20 views

Responsive Tabs < 4.0.6 - Author+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some parameters, which could allow users with a role as low as author to perform Cross-Site Scripting attacks PoC As author or above, create/edit a new Tab and put the following payload as its content:...

4.8CVSS2.7AI score0.00576EPSS
Exploits1Affected Software1
WPVulnDB
WPVulnDB
•added 2022/04/11 12:0 a.m.•26 views

Import and export users and customers < 1.19.2.1 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escaped imported CSV data, which could allow high privilege users to import malicious javascript code and lead to Stored Cross-Site Scripting issues PoC As admin, import the below CSV file via Tools Import and export users and customers /wp-admin/tools.php?page=ac...

4.8CVSS2.4AI score0.00689EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/04/11 12:0 a.m.•22 views

eRoom < 1.3.9 - Cache Deletion via CSRF

The plugin does not have CSRF check in place when deleting cache, which could allow attackers to make logged in users delete cache via a CSRF attack...

4.3CVSS4.8AI score0.00432EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2022/04/11 12:0 a.m.•29 views

HubSpot < 8.8.15 - Contributor+ Blind SSRF

The plugin does not validate the proxy URL given to the proxy REST endpoint, which could allow users with the editposts capability by default contributor and above to perform SSRF attacks PoC As an authenticated user with the editposts capability, get REST nonce via...

8.8CVSS3AI score0.01413EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/04/11 12:0 a.m.•16 views

eRoom < 1.3.8 - Sync Meetings via CSRF

The plugin does not have CSRF check in place when syncing meetings, which could allow attackers to make logged in users perform such action via a CSRF attack...

4.3CVSS4.8AI score0.00432EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2022/04/11 12:0 a.m.•21 views

Sitemap by click5 < 1.0.36 - Unauthenticated Arbitrary Options Update

The plugin does not have authorisation and CSRF checks when updating options via a REST endpoint, and does not ensure that the option to be updated belongs to the plugin. As a result, unauthenticated attackers could change arbitrary blog options, such as the userscanregister and defaultrole,...

8.8CVSS2.8AI score0.13329EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/04/11 12:0 a.m.•25 views

Adrotate < 5.8.23 - Admin+ XSS via Group Name

The plugin does not escape Group Names, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed PoC Create/edit a group and put the following payload in the Name field: " style=animation-name:rotation...

4.8CVSS3.8AI score0.00577EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/04/11 12:0 a.m.•23 views

Photo Gallery < 1.6.3 - Reflected Cross-Site Scripting

The plugin does not properly sanitize the $GET'imageurl' variable, which is reflected back to the users when executing the editimagebwg AJAX action. PoC...

6.1CVSS3.9AI score0.00847EPSS
Exploits2References1Affected Software1
Total number of security vulnerabilities14604