Lucene search
+L
WpvulndbRecent

14604 matches found

WPVulnDB
WPVulnDB
added 2022/03/29 12:0 a.m.23 views

Donations <= 1.8 - Unauthenticated SQLi

The plugin does not sanitise and escape the nddonationsid parameter before using it in a SQL statement via the nddonationssinglecauseformvalidatefieldsphpfunction AJAX action available to unauthenticated users, leading to an unauthenticated SQL Injection PoC Create a new "Cause" and fill out the...

9.8CVSS0.7AI score0.01722EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/03/28 12:0 a.m.18 views

Thank Me Later <= 3.3.4 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape the Message Subject field before outputting it in the Messages list, which could allow high privileges users such as admin to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed PoC Add/Edit a message and put the...

4.8CVSS1.7AI score0.00588EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/03/28 12:0 a.m.28 views

Easy Digital Downloads < 2.11.6 - Arbitrary Payment Note Insertion via CSRF

The plugin does not have CSRF check in place when inserting payment notes, which could allow attackers to make a logged admin insert arbitrary notes via a CSRF attack PoC...

4.3CVSS5.5AI score0.00469EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2022/03/28 12:0 a.m.19 views

SearchIQ < 3.9 - Unauthenticated Stored XSS

The plugin contains a flag to disable the verification of CSRF nonces, granting unauthenticated attackers access to the siqajax AJAX action and allowing them to perform Cross-Site Scripting attacks due to the lack of sanitisation and escaping in the customCss parameter PoC Once the plugin is...

6.1CVSS0.6AI score0.00852EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/03/28 12:0 a.m.23 views

Easy Digital Downloads < 2.11.6 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape the Downloadable File Name in the Logs, which could allow high privilege users to perform Cross-Site Scripting attacks when the unfilteredhtml capability is disallowed PoC Create/edit a Download and put the following payload in the File Name field: Download...

4.8CVSS0.8AI score0.0065EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2022/03/28 12:0 a.m.10 views

Shopping Cart & eCommerce Store < 5.2.5 - Arbitrary Design Settings Update via CSRF

The plugin is lacking CSRF checks in various AJAX actions, such as ecadminajaxsavedesignsettings, which could allow attackers to make a logged in admin update arbitrary settings PoC To disable the Live Design Editor To set the custom CSS setting to body background-color: red;...

4.7AI score
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2022/03/28 12:0 a.m.18 views

Good & Bad Comments <= 1.0.0 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed PoC Put the following payload in any of the plugin's settings: "...

4.8CVSS2.3AI score0.00588EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/03/28 12:0 a.m.25 views

Caldera Forms < 1.9.7 - Reflected Cross-Site Scripting

The plugin does not validate and escape the cf-api parameter before outputting it back in the response, leading to a Reflected Cross-Site Scripting PoC The issue is only exploitable when there are no forms created yet...

6.1CVSS0.3AI score0.01195EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/03/28 12:0 a.m.17 views

Text Hover < 4.2 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitize and escape the text to hover, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. PoC As admin, put the following in the plugin's settings: test = " Tick the "Enable text hover in...

4.8CVSS1.1AI score0.00802EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/03/28 12:0 a.m.13 views

Modern Events Calendar Lite < 6.4.7 - Reflected Cross-Site Scripting

The plugin does not escape some generated URLs before outputting them back in attributes, leading to Reflected Cross-Site Scripting PoC On a page where the Total Booking widget is displayed, append the following payload: "...

1.8AI score
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2022/03/28 12:0 a.m.24 views

Page Security & Membership <= 1.5.15 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed PoC Put the following payload in the "Force Public Pages" settings of the plugin...

4.8CVSS1.5AI score0.00588EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/03/28 12:0 a.m.37 views

Tatsu < 3.3.12 - Unauthenticated RCE

The plugin addcustomfont action can be used without prior authentication to upload a rogue zip file which is uncompressed under the WordPress's upload directory. By adding a PHP shell with a filename starting with a dot ".", this can bypass extension control implemented in the plugin. Moreover,...

8.1CVSS8.3AI score0.83354EPSS
Exploits9References1Affected Software1
WPVulnDB
WPVulnDB
added 2022/03/27 12:0 a.m.18 views

Admin Word Count Column <= 2.2 - Unauthenticated Arbitrary File Read

The plugin does not validate the path parameter given to readfile, which could allow unauthenticated attackers to read arbitrary files on server running old version of PHP susceptible to the null byte technique. This could also lead to RCE by using a Phar Deserialization technique PoC...

9.8CVSS2.1AI score0.21881EPSS
Exploits2References2Affected Software1
WPVulnDB
WPVulnDB
added 2022/03/25 12:0 a.m.25 views

Safe SVG < 1.9.10 - SVG Sanitisation Bypass

The sanitisation step of the plugin can be bypassed by spoofing the content-type in the POST request to upload a file. Exploiting this vulnerability, an attacker will be able to perform the kinds of attacks that this plugin should prevent mainly XSS, but depending on further use of uploaded SVG...

6.1CVSS1.5AI score0.01183EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2022/03/23 12:0 a.m.34 views

Daily Prayer Time < 2022.03.01 - Unauthenticated SQLi

The plugin does not sanitise and escape the month parameter before using it in a SQL statement via the getmonthlytimetable AJAX action available to unauthenticated users, leading to an unauthenticated SQL injection PoC curl 'https://example.com/wp-admin/admin-ajax.php' --data...

9.8CVSS3.4AI score0.09103EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/03/23 12:0 a.m.19 views

Hummingbird < 3.3.2 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape the Config Name, which could allow high privilege users, such as admin to perform cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed PoC Go to Hummingbird's Settings Configs edit the "Name and Description" and put the followi...

4.8CVSS1AI score0.0275EPSS
Exploits4Affected Software1
WPVulnDB
WPVulnDB
added 2022/03/23 12:0 a.m.16 views

Amministrazione Aperta < 3.8 - Admin+ LFI

The plugin does not validate the open parameter before using it in an include statement, leading to a Local File Inclusion issue. The original advisory mentions that unauthenticated users can exploit this, however the affected file generates a fatal error when accessed directly and the affected...

6.5CVSS1.2AI score0.02226EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2022/03/23 12:0 a.m.17 views

Simple Event Planner < 1.5.5 - Author+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its Event Options, such as eventorganiser, organiseremail and organisercontact which could allow users with a role as low as author to perform Cross-Site Scripting attacks...

5.4CVSS2.9AI score0.00549EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2022/03/22 12:0 a.m.21 views

WP Downgrade < 1.2.3 - Admin+ Stored Cross-Site Scripting

The plugin only perform client side validation of its "WordPress Target Version" settings, but does not sanitise and escape it server side, allowing high privilege users such as admin to perform Cross-Site attacks even when the unfilteredhtml capability is disallowed PoC Access the settings of th...

4.8CVSS2.4AI score0.04782EPSS
Exploits4References1Affected Software1
WPVulnDB
WPVulnDB
added 2022/03/22 12:0 a.m.24 views

Ad Injection <= 1.2.0.19 - Admin+ Stored Cross-Site Scripting & RCE

The plugin does not properly sanitize the body of the adverts injected into the pages, allowing a high privileged user Admin+ to inject arbitrary HTML or javascript even with unfilteredhtml disallowed, leading to a stored cross-site scripting XSS vulnerability. Further it is also possible to inje...

7.2CVSS0.5AI score0.40237EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/03/22 12:0 a.m.23 views

Woo Product Table < 3.1.2 - Unauthenticated Arbitrary Function Call

The plugin does not have authorisation and CSRF checks in the wptadminupdatenoticeoption AJAX action available to both unauthenticated and authenticated users, as well as does not validate the callback parameter, allowing unauthenticated attackers to call arbitrary functions with either none or o...

9.8CVSS4.1AI score0.26586EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/03/22 12:0 a.m.21 views

Loco Translate < 2.6.1 - Authenticated Stored Cross-Site Scripting

The plugin does not properly remove inline events from elements in the source translation strings before outputting them in the editor in the plugin admin panel, allowing any user with access to the plugin Translator and Administrator by default to add arbitrary javascript payloads to the source...

5.4CVSS0.8AI score0.03932EPSS
Exploits4Affected Software1
WPVulnDB
WPVulnDB
added 2022/03/22 12:0 a.m.19 views

Ninja Forms < 3.6.8 - Unauthenticated Email Address Disclosure

The plugin does not delete the temporary files created when exporting submissions, which could allow unauthenticated attackers to download them and get sensitive information such as the email address of users who submitted a form given that the file is publicly accessible, and with a guessable na...

1AI score
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2022/03/21 12:0 a.m.12 views

Easy Social Icons < 3.2.1 - Unauthenticated Arbitrary Icon Deletion

The plugin does not have authorisation and CSRF checks when deleting icons, allowing unauthenticated user to delete arbitrary icons PoC https://example.com/?cnss-delete==1...

2.5AI score
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2022/03/21 12:0 a.m.27 views

Easy Smooth Scroll Links < 2.23.1 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed PoC Put the following payload in any text field settings of the plugin for example Scroll Speed...

4.8CVSS2.1AI score0.00588EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/03/21 12:0 a.m.22 views

Easy Social Icons < 3.2.1 - Admin+ Stored Cross-Site Scripting in add icon

The plugin does not properly escape the imagefile field when adding a new social icon, allowing high privileged users to inject arbitrary javascript even when the unfilteredhtml capability is disallowed. Version 3.2.0 adressed some of the issues, but was still vulnerable when clicking to edit the...

4.8CVSS2.2AI score0.00588EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/03/21 12:0 a.m.23 views

Advanced Booking Calendar < 1.7.1 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape the room parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting issue PoC...

6.1CVSS0.1AI score0.01618EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2022/03/21 12:0 a.m.23 views

Yoo Slider < 2.1.0 - Arbitrary Slider Duplication/Deletion via CSRF

The plugin does not have CSRF in place when duplicating and deleting sliders, which could allow attackers to make logged in users perform such actions...

5.4CVSS5.4AI score0.00293EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2022/03/21 12:0 a.m.26 views

Salon booking system < 7.6.3 - Customer+ Bookings/Customers Data Disclosure

The plugin does not have proper authorisation in some of its endpoints, which could allow customers to access all bookings and other customer's data PoC Make a booking to get a customer account Login via API and get access token: curl...

7.5CVSS0.9AI score0.01431EPSS
Exploits2Affected Software2
WPVulnDB
WPVulnDB
added 2022/03/21 12:0 a.m.23 views

Image optimization & Lazy Load < 3.3.2 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape its "Lazyload background images for selectors" settings, which could allow high privilege users such as admin to perform Cross-Site scripting attacks even when the unfilteredhtml capability is disallowed. PoC Put the following payload in the Media Optimole...

4.8CVSS3.1AI score0.0073EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2022/03/21 12:0 a.m.20 views

Favicon by RealFaviconGenerator < 1.3.23 - Reflected Cross-Site Scripting

The plugin does not properly sanitise and escape the jsonresulturl parameter before outputting it back in the Favicon admin dashboard, leading to a Reflected Cross-Site Scripting issue PoC...

6.1CVSS0.4AI score0.00863EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2022/03/21 12:0 a.m.23 views

Advanced Booking Calendar < 1.7.1 - Admin+ SQLi

The plugin does not sanitise and escape the id parameter when editing Calendars, which could allow high privilege users such as admin to perform SQL injection attacks PoC Edit an existing Seasons & Calendars /wp-admin/admin.php?page=advanced-booking-calendar-show-seasons-calendars and tamper the ...

7.2CVSS0.5AI score0.01461EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2022/03/21 12:0 a.m.29 views

Podcast Importer SecondLine < 1.3.8 - Admin+ SQLi

The plugin does not sanitise and properly escape some imported data, which could allow SQL injection attacks to be performed by imported a malicious podcast file PoC Put the XML below on a web server replacing the PAYLOAD with the correct one, then import a podcast...

7.2CVSS7.2AI score0.01461EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2022/03/21 12:0 a.m.24 views

One Click Demo Import < 3.1.0 - Admin+ Arbitrary File Upload

The plugin does not validate the imported file, allowing high privilege users such as admin to upload arbitrary files such as PHP even when FILEMODS and FILEEDIT are disallowed PoC Access Tools Import One Click Demo Import Run Importer and import dummy XML file can be empty Intercept the request...

7.2CVSS6.9AI score0.01653EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2022/03/21 12:0 a.m.27 views

Salon booking system < 7.6.3 - Unauthenticated Sensitive Data Disclosure

The plugin does not have proper authorisation when searching bookings, allowing any unauthenticated users to search other's booking, as well as retrieve sensitive information about the bookings, such as the full name, email and phone number of the person who booked it. PoC Although the API only...

5.3CVSS5.1AI score0.01146EPSS
Exploits2Affected Software2
WPVulnDB
WPVulnDB
added 2022/03/16 12:0 a.m.25 views

WP Block and Stop Bad Bots < 6.930 - Unauthenticated SQLi

The plugin does not properly sanitise and escape the fingerprint parameter before using it in a SQL statement via the stopbadbotsgravafingerprint AJAX action, available to unauthenticated users, leading to a SQL injection PoC curl -i 'https://example.com/wp-admin/admin-ajax.php' --data...

9.8CVSS3.2AI score0.07867EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/03/16 12:0 a.m.14 views

LearnPress < 4.1.6 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape the lp-dismiss-notice before outputting it back via the lpbackgroundsingleemail AJAX action, leading to a Reflected Cross-Site Scripting PoC...

6.1CVSS1AI score0.02254EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/03/16 12:0 a.m.19 views

Responsive Menu < 4.1.8 - Subscriber+ Arbitrary File Upload / Theme Deletion / Plugin Settings Update

The plugin is missing authorisation on multiple of its AJAX actions such as savemenuglobalsettings, and relying on CSRF nonces which are disclosed to any authenticated users. As a result, it could allow them to call the affected actions and lead to arbitrary file upload, theme deletion as well as...

8.8CVSS2.8AI score0.01293EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2022/03/16 12:0 a.m.26 views

Download Manager < 3.2.39 - Unauthenticated brute force of files master key

The plugin uses the uniqid php function to generate the master key for a download, allowing an attacker to brute force the key with reasonable resources giving direct download access regardless of role based restrictions or password protections set for the download. PoC...

7.5CVSS2.9AI score0.0151EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/03/16 12:0 a.m.32 views

iQ Block Country < 1.2.13 - Admin+ Arbitrary File Deletion via Zip Slip

The settings of the plugin can be exported or imported using its backup functionality. An authorized user can import preconfigured settings of the plugin by uploading a zip file. After the uploading process, files in the uploaded zip file are extracted one by one. During the extraction process,...

4.9CVSS5AI score0.03315EPSS
Exploits5Affected Software1
WPVulnDB
WPVulnDB
added 2022/03/15 12:0 a.m.12 views

GridKit Portfolio < 2.1.0 - Subscriber+ Stored Cross-Site Scripting

The plugin does not have authorisation and CSRF checks in various functions related to AJAX actions, allowing any authenticated users, such as subscriber, to call them. Due to the lack of sanitisation and escaping, it could also allows attackers to perform Cross-Site Scripting attacks on pages...

5.4CVSS5.2AI score0.00591EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/03/15 12:0 a.m.15 views

Easy Social Icons < 3.2.0 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape its saved settings before outputting them in attributes, which could allow high privilege users to perform Cross-Site Scripting attacks when the unfilteredhtml capability is disallowed. 3.1.3 added some escaping, but data was output elsewhere PoC Put the...

1.2AI score
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2022/03/15 12:0 a.m.14 views

Post Grid < 2.1.16 - Reflected Cross-Site Scripting via keyword

The plugin does not escape the keyword parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting in pages containing a Post Grid with a search form PoC Append the following payload on a page containing a Post Grid with a search form:...

6.1CVSS0.9AI score0.00788EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/03/15 12:0 a.m.16 views

Post Grid < 2.1.16 - Reflected Cross-Site Scripting via post_types

The plugin does not sanitise and escape the posttypes parameter before outputting it back in the response of the postgridupdatetaxonomiestermsbyposttypes AJAX action, available to any authenticated users, leading to a Reflected Cross-Site Scripting PoC...

6.4CVSS2.6AI score0.00632EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/03/15 12:0 a.m.21 views

Sassy Social Share < 3.3.40 - Reflected Cross-Site Scripting

The plugin does not escape the viewed post URL before outputting it back in onclick attributes when the "Enable 'More' icon" option is enabled which is the default setting, leading to a Reflected Cross-Site Scripting issue. Note: Vendor was notified on September 14th, 2021. PoC...

6.1CVSS0.3AI score0.02244EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/03/15 12:0 a.m.18 views

NS WooCommerce Watermark <= 2.11.3 - Abuse of Functionality

An unprivileged user could use the functionality of the plugin to load images that hide malware for example from passing malicious domains to hide their trace, by making them pass through the vulnerable domain. PoC Search for a vulnerable domain with the dork:...

7.5CVSS0.7AI score0.01211EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/03/14 12:0 a.m.35 views

Library File Manager < 5.2.3 - Subscriber+ Arbitrary File Creation/Upload/Deletion

The plugin is using an outdated version of the elFinder library, which is know to be affected by security issues CVE-2021-32682, and does not have any authorisation as well as CSRF checks in its connector AJAX action, allowing any authenticated users, such as subscriber to call it. Furthermore, a...

9.8CVSS0.8AI score0.69934EPSS
Exploits6Affected Software1
WPVulnDB
WPVulnDB
added 2022/03/14 12:0 a.m.27 views

MapPress Maps for WordPress < 2.73.13 - Admin+ File Upload to Remote Code Execution

The plugin allows a high privileged user to bypass the DISALLOWFILEEDIT and DISALLOWFILEMODS settings and upload arbitrary files to the site through the "ajaxsave" function. The file is written relative to the current theme's stylesheet directory, and a .php file extension is added. No validation...

7.2CVSS6.9AI score0.01484EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/03/14 12:0 a.m.21 views

Ad Inserter < 2.7.12 - Reflected Cross-Site Scripting

The plugins do not sanitise and escape the REQUESTURI before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting in browsers which do not encode characters PoC In a browser which does not encode characters:...

6.1CVSS0.9AI score0.03541EPSS
Exploits4Affected Software2
WPVulnDB
WPVulnDB
added 2022/03/14 12:0 a.m.15 views

Amelia < 1.0.48 - Customer+ SMS Service Abuse and Sensitive Data Disclosure

The plugin does not have proper authorisation when handling Amelia SMS service, allowing any customer to send paid test SMS notification as well as retrieve sensitive information about the admin, such as the email, account balance and payment history. A malicious actor can abuse this vulnerabilit...

5.5CVSS0.4AI score0.00609EPSS
Exploits2Affected Software1
Total number of security vulnerabilities14604