Lucene search
+L
WpvulndbRecent

14604 matches found

WPVulnDB
WPVulnDB
•added 2022/04/08 12:0 a.m.•25 views

Floating Chat Widget < 2.8.4 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed...

4.8CVSS2.6AI score0.00576EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
•added 2022/04/07 12:0 a.m.•18 views

Plausible Analytics < 1.2.3 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed...

4.8CVSS3.1AI score0.00821EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2022/04/07 12:0 a.m.•21 views

Visual Form Builder < 3.0.7 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape the form's 'Email to' field , which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed PoC Create/edit a form and put the following payload in the 'E-mail To' field: " The XSS will ...

4.8CVSS2.4AI score0.00577EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/04/07 12:0 a.m.•18 views

SiteGround Security < 1.2.6 - Authorization Weakness to Authentication Bypass via 2-FA Back-up Codes

The method in which 2FA back-up code authentication is handled by the plugin makes it possible for attackers to log in if they are able to brute force a back-up code for a user or compromise it via other means such as SQL Injection...

9.8CVSS4.7AI score0.07285EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
•added 2022/04/07 12:0 a.m.•16 views

SiteGround Security < 1.2.6 - Authentication Bypass via 2-FA Authentication Setup

The 2FA functionality of the plugin is insecurely implemented which could allow unauthenticated attackers to gain access to privileged accounts...

9.8CVSS7.4AI score0.02842EPSS
Exploits3References1Affected Software1
WPVulnDB
WPVulnDB
•added 2022/04/06 12:0 a.m.•16 views

Content Egg < 5.3.0 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape the page parameter before outputting back in an attribute in the Autoblogging admin dashboard, leading to a Reflected Cross-Site Scripting PoC...

6.1CVSS1.1AI score0.00897EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/04/05 12:0 a.m.•33 views

Advanced Page Visit Counter < 6.1.2 - Unauthenticated Stored Cross-Site Scripting

The plugin does not sanitise and escape some input before outputting it in an admin dashboard page, allowing unauthenticated attackers to perform Cross-Site Scripting attacks against admins viewing it PoC As unauthenticated: wget "https://example.com/?p=1" --header "Referer: " -O- The XSS will be...

6.1CVSS0.4AI score0.01277EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/04/05 12:0 a.m.•11 views

Tipsacarrier <= 1.4.4.2 - Unauthenticated SQLi

The plugin does not sanitise and escape various parameters before using them in SQL statements, and is lacking authorisation checks in some calls as well, leading to SQL Injection issues Vendor was notified on November 26th, 2021, did not reply nor fix the issue PoC Affected files:...

1.9AI score
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2022/04/05 12:0 a.m.•17 views

Event List < 0.8.8 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks against other admin even when the unfilteredhtml is disallowed PoC Put the following payload in the "iCal link text" Feed Settings of the plugin...

4.8CVSS2.2AI score0.00577EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/04/05 12:0 a.m.•18 views

Ad Invalid Click Protector (AICP) < 1.2.7 - Arbitrary Ban Deletion via CSRF

The plugin does not have CSRF check deleting banned users, which could allow attackers to make a logged in admin remove arbitrary bans PoC https://example.com/wp-admin/admin.php?page=aicpbanneduserdetails=delete=1...

6.5CVSS4.5AI score0.00562EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
•added 2022/04/05 12:0 a.m.•24 views

WP-Appbox < 4.4.0 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed...

4.8CVSS2.9AI score0.00576EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2022/04/05 12:0 a.m.•23 views

Documentor <= 1.5.3 - Unauthenticated SQLi

The plugin fails to sanitize and escape user input before it is being interpolated in an SQL statement and then executed, leading to an SQL Injection exploitable by unauthenticated users. PoC curl https://example.com/wp-admin/admin-ajax.php --data 'action=docsearchresults==1 AND SELECT 6288 FROM...

9.8CVSS1.3AI score0.42764EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/04/05 12:0 a.m.•25 views

Pricing Table <= 1.5.2 - Author+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some parameters, which could allow users with a role as low as author to perform Cross-Site Scripting attacks...

4.8CVSS3.3AI score0.00576EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2022/04/05 12:0 a.m.•7 views

Ad Invalid Click Protector (AICP) < 1.2.7 - Reflected Cross-Site Scripting

The plugin does not have sanitise and escape the page parameter before outputting it back in an attribute, leading to a Reflected cross-Site Scripting PoC...

1.3AI score
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2022/04/05 12:0 a.m.•18 views

Download Monitor < 4.5.91 - Admin+ Arbitrary File Download

The plugin does not ensure that files to be downloaded are inside the blog folders, and not sensitive, allowing high privilege users such as admin to download the wp-config.php or /etc/passwd even in an hardened environment or multisite setup. PoC Create a new download, add a file and put the...

4.9CVSS2.6AI score0.01062EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/04/05 12:0 a.m.•24 views

Tipsacarrier <= 1.4.4.2 - Unauthenticated Orders Disclosure

The plugin does not have any authorisation check in place some functions, which could allow unauthenticated users to access Orders data which could be used to retrieve the client full address, name and phone via tracking URL Vendor was notified on November 26th, 2021, did not reply nor fix the...

7.5CVSS0.2AI score0.0147EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/04/04 12:0 a.m.•17 views

Menubar < 5.8 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape the command parameter before outputting it back in the response via the menubar AJAX action available to any authenticated users, leading to a Reflected Cross-Site Scripting PoC...

5.4CVSS2.7AI score0.00591EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/04/04 12:0 a.m.•22 views

Opensea < 1.0.3 - Admin+ Stored XSS

The plugin does not sanitize and escape some of its settings, like its "Referer address" field, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

4.8CVSS2.9AI score0.00588EPSS
Exploits1Affected Software1
WPVulnDB
WPVulnDB
•added 2022/04/04 12:0 a.m.•19 views

Amr Users < 4.59.4 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed PoC Put the following payload in the "Name of list" field in the User Lists...

4.8CVSS2.7AI score0.00702EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/04/04 12:0 a.m.•27 views

Social comments by WpDevArt < 2.5.0 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when unfilteredhtml is disallowed PoC Put the following payload in any of the plugin's text field settings such as Title , Title font-size etc: "...

4.8CVSS3AI score0.00588EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/04/04 12:0 a.m.•26 views

LifterLMS PayPal < 1.4.0 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape some parameters from the payment confirmation page before outputting them back in the page, leading to a Reflected Cross-Site Scripting issue PoC https://example.com/purchase/confirm-payment/?order=order-xxxxxxx=aa"...

6.1CVSS0.6AI score0.00918EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
•added 2022/04/04 12:0 a.m.•21 views

Testimonial Slider <= 3.5.8.3 - Contributor+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its slider settings, such as mpsppostsbgcolor, mpsppostsdescriptioncolor, mpspslidenavbuttoncolor which could allow users with the editpost capability contributor and above to perform Cross-Site Scripting attacks...

5.4CVSS3.9AI score0.00544EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2022/04/04 12:0 a.m.•13 views

Weblizar Pin It Button On Image Hover And Post < 3.4 - Subscriber+ Arbitrary Settings Update

The plugin does not have authorisation and proper CSRF check when saving its settings, allowing any authenticated users, such as subscribers to update them PoC fetch"https://example.com/wp-admin/admin-ajax.php", "headers": "content-type": "application/x-www-form-urlencoded", , "body": new...

2AI score
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2022/04/02 12:0 a.m.•13 views

Quick Adsense < 2.8.2 - Subscriber+ Post Stats Reset

The plugin does not have authorisation and CSRF checks in some of its AJAX actions allowing any authenticated users, such as subscribers to call them and reset Posts stats for example PoC fetch"/wp-admin/admin-ajax.php", "headers": "accept": "/", "accept-language": "en-US,en;q=0.9", "content-type...

2.2AI score
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2022/04/02 12:0 a.m.•16 views

ULeak Security & Monitoring <= 1.2.3 - Subscriber+ Stored Cross-Site Scripting

The plugin does not have authorisation and CSRF checks when updating its settings, and is also lacking sanitisation as well as escaping in some of them, which could allow any authenticated users such as subscriber to perform Stored Cross-Site Scripting attacks against admins viewing the settings...

5.4CVSS3.2AI score0.01096EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
•added 2022/04/01 12:0 a.m.•39 views

Page Restriction WordPress < 1.2.7 - Admin+ Stored Cross-Site Scripting

The plugin allows bad actors with administrator privileges to the settings page to inject Javascript code to its settings leading to stored Cross-Site Scripting that will only affect administrator users. PoC In Page/Post Access tab, Use XSS Payload as " in any of the pages available. XSS will be...

4.8CVSS2.7AI score0.00588EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/03/31 12:0 a.m.•19 views

ThirstyAffiliates Affiliate Link Manager < 3.10.5 - Subscriber+ Arbitrary Affiliate Links Creation

The plugin does not have authorisation and CSRF checks when creating affiliate links, which could allow any authenticated user, such as subscriber to create arbitrary affiliate links, which could then be used to redirect users to an arbitrary website PoC fetch"/wp-admin/admin-ajax.php", "headers"...

5.4CVSS2.9AI score0.00309EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/03/31 12:0 a.m.•22 views

ThirstyAffiliates < 3.10.5 - Subscriber+ unauthorized image upload + CSRF

The plugin lacks authorization checks in the tainsertexternalimage action, allowing a low-privilege user with a role as low as Subscriber to add an image from an external URL to an affiliate link. Further the plugin lacks csrf checks, allowing an attacker to trick a logged in user to perform the...

4.3CVSS4.4AI score0.00341EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/03/30 12:0 a.m.•29 views

Advanced Custom Fields < 5.12.1 - Contributor+ Database Information Access

The plugin does not have proper authorisation which could allow users with a role as low as contributor to view information on the database without the access permission...

6.5CVSS4.4AI score0.01437EPSS
Exploits0References1Affected Software2
WPVulnDB
WPVulnDB
•added 2022/03/30 12:0 a.m.•33 views

Videos sync PDF <= 1.7.4 - Unauthenticated LFI

The plugin does not validate the p parameter before using it in an include statement, which could lead to Local File Inclusion issues PoC https://example.com/wp-content/plugins/video-synchro-pdf/reglages/MenuPlugins/tout.php?p=LFI...

7.5CVSS0.5AI score0.1129EPSS
Exploits2References2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/03/30 12:0 a.m.•11 views

Donorbox < 7.1.7 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape its Campaign URL settings before outputting it in an attribute, leading to a Stored Cross-Site Scripting issue even when the unfilteredhtml capability is disallowed PoC Put the following payload in the Campaign URL settings of the plugin: "...

4.8CVSS1AI score0.00994EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
•added 2022/03/30 12:0 a.m.•20 views

Cab fare calculator < 1.0.4 - Unauthenticated LFI

The plugin does not validate the controller parameter before using it in require statements, which could lead to Local File Inclusion issues. Despite what the original advisory claims, the issue is not exploitable by accessing the file directly as a fatal error is triggered before the vulnerable...

9.8CVSS0.9AI score0.13791EPSS
Exploits2References2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/03/30 12:0 a.m.•21 views

Use Any Font < 6.2.1 - API Key Deactivation via CSRF

The plugin does not have CSRF check in place when deactivating its API key, which could allow attackers to make a logged in admin perform such action via a CSRF attack...

5.4CVSS4.9AI score0.00381EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2022/03/30 12:0 a.m.•23 views

Spam protection, AntiSpam, FireWall by CleanTalk < 5.174.1 - Reflected Cross-Site Scripting

The plugin does not not sanitise and escape the page parameter brief outputting it back in attributes in the /wp-admin/edit-comments.php?page=ctcheckspam and Users list dashboard, leading to Reflected Cross-Site Scripting issues...

6.1CVSS2.2AI score0.02886EPSS
Exploits3References1Affected Software1
WPVulnDB
WPVulnDB
•added 2022/03/30 12:0 a.m.•9 views

Animate It! < 2.4.0 - Contributor+ Stored Cross-Site Scripting

The plugin has flawed validations and does not escape its shortcode argument, allowing users with a role as low as contributor to perform Cross-Site Scripting attacks via a malicious shortcode PoC v 2.3.8 edsanimate animation="attacker" delay='1"...

4.2AI score
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2022/03/30 12:0 a.m.•15 views

Clipr <= 1.2.3 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape its API Key settings before outputting it in an attribute, leading to a Stored Cross-Site Scripting issue even when the unfilteredhtml capability is disallowed PoC Put the following payload in the API Key settings of the plugin: 'alert/XSS/...

4.8CVSS1.5AI score0.00975EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
•added 2022/03/30 12:0 a.m.•15 views

Be POPIA Compliant < 1.1.6 - Unauthenticated Sensitive Information Exposure

The plugin exposes sensitive information to unauthenticated users such as site visitors emails and usernames via an API route...

5.3CVSS3.3AI score0.01103EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
•added 2022/03/29 12:0 a.m.•23 views

Books & Papers <= 0.20210223 - Admin+ Stored Cross-Site Scripting

The plugin does not escape its Custom DB prefix settings, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed PoC Put the following payload in the Custom DB Prefix settings of the plugin: BooksnPapers"...

4.8CVSS2.4AI score0.00588EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/03/29 12:0 a.m.•39 views

LayerSlider < 7.1.2 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape Project's slug before outputting it back in various place, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfilteredhtml is disallowed PoC Proof of Concept PoC: ======================= 1. The store...

4.8CVSS4.9AI score0.02637EPSS
Exploits4Affected Software1
WPVulnDB
WPVulnDB
•added 2022/03/29 12:0 a.m.•33 views

uDraw < 3.3.3 - Unauthenticated Arbitrary File Access

The plugin does not validate the url parameter in its udrawconverturltobase64 AJAX action available to both unauthenticated and authenticated users before using it in the filegetcontents function and returning its content base64 encoded in the response. As a result, unauthenticated users could re...

7.5CVSS1.3AI score0.07879EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/03/29 12:0 a.m.•15 views

DW Question & Answer Pro <= 1.3.4 - Arbitrary Comment Edition via IDOR

The plugin does not check that the comment to edit belongs to the user making the request, allowing any user to edit other comments. Vendor was notified via Envato on September 28th, 2021, but did not properly fix the issue and was notified numerous times since. PoC As any authenticated user, pos...

4.3CVSS2.9AI score0.00644EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/03/29 12:0 a.m.•23 views

Donations <= 1.8 - Unauthenticated SQLi

The plugin does not sanitise and escape the nddonationsid parameter before using it in a SQL statement via the nddonationssinglecauseformvalidatefieldsphpfunction AJAX action available to unauthenticated users, leading to an unauthenticated SQL Injection PoC Create a new "Cause" and fill out the...

9.8CVSS0.7AI score0.01722EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/03/29 12:0 a.m.•20 views

Flo Launch < 2.4.1 - Missing Authentication Allow Full Site Takeover

The plugin injects code into wp-config.php when creating a cloned site, allowing any attacker to initiate a new site install by setting the flocustomtableprefix cookie to an arbitrary value. PoC On any website where flo-launch is active create cookie "flocustomtableprefix" with any string value t...

9.8CVSS3.7AI score0.01677EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/03/29 12:0 a.m.•20 views

5 Stars Rating Funnel < 1.2.53 - Unauthenticated SQLi

Description The plugin does not properly sanitise, validate and escape lead ids before using them in a SQL statement via the rrtnggdeleteleads AJAX action, available to unauthenticated users, leading to an unauthenticated SQL injection issue. There is an attempt to sanitise the input, using...

9.8CVSS10AI score0.01722EPSS
Exploits2
WPVulnDB
WPVulnDB
•added 2022/03/29 12:0 a.m.•27 views

English WordPress Admin < 1.5.2 - Unauthenticated Open Redirect

The plugin does not validate the admincustomlanguagereturnurl before redirecting users o it, leading to an open redirect issue PoC https://example.com/wp-admin/admin-ajax.php?action=heartbeatcustomlanguagetoggle=1customlanguagereturnurl=https://wpscan.com...

6.1CVSS1.2AI score0.01908EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/03/29 12:0 a.m.•29 views

Advanced Page Visit Counter < 6.1.6 - Subscriber+ Blind SQL injection

The plugin does not escape the artID parameter before using it in a SQL statement in the apvcresetcountart AJAX action, available to any authenticated user, leading to a SQL injection PoC v = 5.0.8 - https://example.com/wp-admin/admin-ajax.php?action=apvcresetcountart=sleep10 v 6.1.6 -...

8.8CVSS0.2AI score0.01324EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/03/29 12:0 a.m.•23 views

Anti-Malware Security and Brute-Force Firewall < 4.20.96 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape the QUERYSTRING before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting in browsers which do not encode characters PoC GET /wp-admin/admin.php?page=GOTMLSViewQuarantine=" HTTP/1.1 Cache-Control: max-age=0...

6.1CVSS2.3AI score0.03013EPSS
Exploits4Affected Software1
WPVulnDB
WPVulnDB
•added 2022/03/29 12:0 a.m.•18 views

DW Question & Answer Pro <= 1.3.4 - Multiple CSRF

The plugin does not properly check for CSRF in some of its functions, allowing attackers to make logged in users perform unwanted actions, such as update a comment or a question status. Vendor was notified via Envato on September 28th, 2021, but did not properly fix the issue and was notified...

4.3CVSS3.6AI score0.00429EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/03/29 12:0 a.m.•21 views

Users Ultra <= 3.1.0 - Unauthenticated SQL Injection

The plugin fails to properly sanitize and escape the datatarget parameter before it is being interpolated in an SQL statement and then executed via the ratingvote AJAX action available to both unauthenticated and authenticated users, leading to an SQL Injection. PoC curl...

9.8CVSS2.5AI score0.0854EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/03/29 12:0 a.m.•18 views

Master Elements <= 8.0 - Unauthenticated SQLi

The plugin does not validate and escape the metaids parameter of its removepostmetacondition AJAX action available to both unauthenticated and authenticated users before using it in a SQL statement, leading to an unauthenticated SQL Injection PoC As unauthenticated:...

9.8CVSS1.4AI score0.07097EPSS
Exploits2Affected Software1
Total number of security vulnerabilities14604