Lucene search
+L
WpvulndbRecent

14604 matches found

WPVulnDB
WPVulnDB
•added 2022/03/14 12:0 a.m.•24 views

KingComposer <= 2.9.6 - Subscriber+ Stored Cross-Site Scripting

The plugin does not have authorisation, CSRF and sanitisation/escaping when creating profile, allowing any authenticated users to create arbitrary ones, with Cross-Site Scripting payloads in them PoC Create profile: fetch"https://example.com/wp-admin/admin-ajax.php?action=kccreateprofile",...

5.4CVSS1.1AI score0.00627EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/03/14 12:0 a.m.•23 views

Mark Posts < 2.0.1 - Admin+ Stored Cross-Site Scripting

The plugin does not escape new markers, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed PoC Put the following payload in the 'Add new markers' settings of the plugin: "autofocus onfocus=alert/XSS/ b=...

4.8CVSS2.9AI score0.00644EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
•added 2022/03/14 12:0 a.m.•30 views

Amelia < 1.0.49 - Customer+ Arbitrary Appointments Status Update

The plugin does not have proper authorisation when managing appointments, allowing any customer to update other's booking status, as well as retrieve sensitive information about the bookings, such as the full name and phone number of the person who booked it. PoC 1. Make a booking to become...

5.5CVSS1.7AI score0.00788EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
•added 2022/03/14 12:0 a.m.•13 views

Dropdown Menu Widget <= 1.9.7 - Subscriber+ Arbitrary Settings Update to Stored XSS

The plugin does not have authorisation and CSRF checks when saving its settings, allowing low privilege users such as subscriber to update them. Due to the lack of sanitisation and escaping, it could also lead to Stored Cross-Site Scripting issues PoC Open the following URL as a subscriber:...

5.4CVSS0.2AI score0.00595EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/03/14 12:0 a.m.•13 views

Members List < 4.3.7 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape some parameters in various pages before outputting them back, leading to Reflected Cross-Site Scripting issues PoC https://example.com/wp-content/plugins/members-list/admin/view/user.php?page=%22%3E%3Cimg/src/onerror=alert/XSS/%20x...

0.5AI score
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
•added 2022/03/11 12:0 a.m.•44 views

WordPress (5.9-5.9.1) / Gutenberg (9.8.0-12.7.1) - Contributor+ Stored Cross-Site Scripting

Description Post authors are able to bypass KSES restrictions in WordPress = 5.9 and or Gutenberg = 9.8.0 due to the order filters are executed, which could allow them to perform to Stored Cross-Site Scripting attacks PoC As a user without the UNFILTEREDHTML capability, create a post containing t...

6.3AI score
Exploits0References1
WPVulnDB
WPVulnDB
•added 2022/03/11 12:0 a.m.•93 views

WordPress < 5.9.2 - Prototype Pollution in jQuery

Description The jQuery library used in WordPress is affected by a Prototype Pollution issue...

7.1AI score
Exploits0References1
WPVulnDB
WPVulnDB
•added 2022/03/11 12:0 a.m.•18 views

Material Design for Contact Form 7 <= 2.6.4 - Subscriber+ Arbitrary Settings Update leading to DoS

The plugin does not check authorization or that the option mentioned in the notice param belongs to the plugin when processing requests to the cf7mddismissnotice action, allowing any logged in user with roles as low as Subscriber to set arbitrary options to true, potentially leading to Denial of...

6.5CVSS1.1AI score0.01036EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/03/11 12:0 a.m.•339 views

WordPress < 5.9.2 / Gutenberg < 12.7.2 - Prototype Pollution via Gutenberg’s wordpress/url package

Description The @wordpress/url package used in WordPress and the Gutenberg plugin is affected by a Prototype Pollution issue...

7.1AI score
Exploits0References2
WPVulnDB
WPVulnDB
•added 2022/03/10 12:0 a.m.•243 views

WooCommerce < 6.3.1 - Orders Marked as Paid (via PayPal Standard Gateway)

The PayPal Standard payment gateway deprecated since July 2021 of the plugin could allow attackers to mark an order as paid without actually making a payment, when PDT is enabled...

4.6AI score
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
•added 2022/03/10 12:0 a.m.•25 views

UpdraftPlus < 1.22.9 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape the updraftinterval parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting XSS vulnerability. PoC https://example.com//wp-admin/options-general.php?page=updraftplusinterval"confirm1...

6.1CVSS6AI score0.07355EPSS
Exploits4Affected Software1
WPVulnDB
WPVulnDB
•added 2022/03/09 12:0 a.m.•8 views

WP HTML Mail < 3.1.3 - Reflected Cross-Site Scripting

The plugin does not escape some URLs before outputting them back in attributes, leading to Reflected Cross-Site Scripting PoC https://example.com/wp-admin/options-general.php?page=wp-html-mail=advanced"...

6.9AI score
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2022/03/09 12:0 a.m.•15 views

Booking Package < 1.5.29 - Unauthenticated Sensitive Data Disclosure

The plugin requires a token for exporting the ical representation of it's booking calendar, but this token is returned in the json response to unauthenticated users performing a booking, leading to a sensitive data disclosure vulnerability. PoC When a guest make a booking via sending "action:...

7.5CVSS1AI score0.01594EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/03/08 12:0 a.m.•17 views

Easy Social Icons < 3.1.4 - Admin+ SQL Injection

The plugin does not sanitize the selectedicons attribute to the cnsswidget before using it in an SQL statement, leading to a SQL injection vulnerability. PoC Author : Qerogram import requests from bs4 import BeautifulSoup BASEURL = "http://localhost:8000" id = "wordpress" pw = "wordpress" def...

7.2CVSS7.2AI score0.01265EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/03/08 12:0 a.m.•13 views

FormBuilder <= 1.08 - Stored Cross-Site Scripting via CSRF

The plugin does not have CSRF checks in place when creating/updating and deleting forms, and does not sanitise as well as escape its form field values. As a result, attackers could make logged in admin update and delete arbitrary forms via a CSRF attack, and put Cross-Site Scripting payloads in...

6.5CVSS1AI score0.00534EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/03/08 12:0 a.m.•32 views

Ninja Forms File Uploads Extension < 3.3.13 - Unauthenticated Stored Cross-Site Scripting

The plugin is vulnerable to stored cross-site scripting due to missing sanitization of the files filename parameter found in the /includes/ajax/controllers/uploads.php file which can be used by unauthenticated attackers to add malicious web scripts to vulnerable WordPress sites...

7.2CVSS2.4AI score0.00748EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
•added 2022/03/08 12:0 a.m.•21 views

Google Pagespeed Insights < 4.0.4 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape various parameters before outputting them back in attributes in the plugin's settings dashboard, leading to Reflected Cross-Site Scripting PoC...

6.1CVSS1.4AI score0.00863EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
•added 2022/03/08 12:0 a.m.•13 views

Ninja Forms File Uploads Extension < 3.3.1 - Unauthenticated Arbitrary File Upload

The plugin is vulnerable to arbitrary file uploads due to insufficient input file type validation found in the /includes/ajax/controllers/uploads.php file which can be bypassed making it possible for unauthenticated attackers to upload malicious files that can be used to obtain remote code...

9.8CVSS0.4AI score0.39393EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
•added 2022/03/08 12:0 a.m.•18 views

Slide Anything < 2.3.41 - Contributor+ SQLi

The plugin does not sanitise and escape some parameters before using them in a SQL statement when duplicating Sliders, which could allow users with a role as low as Contributor to perform SQL injections...

2.9AI score
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
•added 2022/03/08 12:0 a.m.•24 views

WP Block and Stop Bad Bots < 6.88 - Unauthenticated SQLi

The plugin does not properly sanitise and escape the User Agent before using it in a SQL statement to record logs, leading to an SQL Injection issue PoC GET / HTTP/1.1 User-Agent: '+SLEEP5-- g Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8...

9.8CVSS0.7AI score0.01583EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/03/07 12:0 a.m.•43 views

Menu Image, Icons made easy < 3.0.8 - Subscriber+ Stored Cross-Site Scripting

The plugin does not have authorisation and CSRF checks when saving menu settings, and does not validate, sanitise and escape them. As a result, any authenticate users, such as subscriber can update the settings or arbitrary menu and put Cross-Site Scripting payloads in them which will be triggere...

5.4CVSS0.5AI score0.00595EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/03/07 12:0 a.m.•20 views

Plezi < 1.0.3 - Unauthenticated Stored XSS

The plugin has a REST endpoint allowing unauthenticated users to update the plzconfigurationtrackerenable option, which is then displayed in the admin panel without sanitisation and escaping, leading to a Stored Cross-Site Scripting issue PoC curl -X POST...

6.1CVSS2.4AI score0.00852EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/03/07 12:0 a.m.•24 views

Popup Builder < 4.1.1 - SQL Injection to Reflected Cross-Site Scripting

The plugin does not sanitise and escape the sgpb-subscription-popup-id parameter before using it in a SQL statement in the All Subscribers admin dashboard, leading to a SQL injection, which could also be used to perform Reflected Cross-Site Scripting attack against a logged in admin opening a...

9.8CVSS0.1AI score0.4408EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
•added 2022/03/07 12:0 a.m.•26 views

Wow Countdowns <= 3.1.2 - Admin+ SQLi

The plugin does not sanitize user input into the 'did' parameter and uses it in a SQL statement, leading to an authenticated SQL Injection. PoC https://example.com/wp-admin/admin.php?page=mwp-countdown=del=1+AND+SELECT+5382+FROM+SELECTSLEEP5PpNt...

7.2CVSS0.01306EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/03/07 12:0 a.m.•22 views

Title Experiments Free < 9.0.1 - Unauthenticated SQLi

The plugin does not sanitise and escape the id parameter before using it in a SQL statement via the wpextitles AJAX action available to unauthenticated users, leading to an unauthenticated SQL injection PoC curl 'https://example.com/wp-admin/admin-ajax.php' --data 'action=wpextitles=1 AND SELECT...

9.8CVSS2.9AI score0.10079EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/03/07 12:0 a.m.•13 views

Interactive Medical Drawing of Human Body < 2.6 - Admin+ Stored XSS

The plugin does not sanitise and escape the Link field, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. PoC Put the following payload in the Link settings of a body party and save the change: "alert/XSS-link/...

4.8CVSS1.5AI score0.00588EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/03/07 12:0 a.m.•32 views

Akismet Privacy Policies <= 2.0.1- Reflected Cross-Site Scripting

The plugin does not sanitise and escape the translation parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting PoC https://example.com/wp-admin/options-general.php?page=akismetprivacynoticesettingsgroup=%22%3E%3Cscript%3Ealert%281%29%3B%3C%2Fscript%3E...

6.1CVSS0.6AI score0.00788EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/03/07 12:0 a.m.•19 views

Drag and Drop Multiple File Upload - Contact Form 7 < 1.3.6.3 - Unauthenticated Stored XSS

The plugin allows SVG files to be uploaded by default via the dndcodedropzupload AJAX action, which could lead to Stored Cross-Site Scripting issue PoC POST /wp-admin/admin-ajax.php HTTP/1.1 Accept: application/json, text/javascript, /; q=0.01 Accept-Language: en-GB,en;q=0.5 Accept-Encoding: gzip...

5.4CVSS0.2AI score0.13575EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
•added 2022/03/07 12:0 a.m.•24 views

Church Admin < 3.4.135 - Unauthenticated Plugin's Backup Disclosure

The plugin does not have authorisation and CSRF in some of its action as well as requested files, allowing unauthenticated attackers to repeatedly request the "refresh-backup" action, and simultaneously keep requesting a publicly accessible temporary file generated by the plugin in order to...

4.3CVSS0.1AI score0.00487EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/03/07 12:0 a.m.•29 views

SpeakOut! Email Petitions < 2.14.15.1 - Unauthenticated SQLi

The plugin does not sanitise and escape the id parameter before using it in a SQL statement via the dkspeakoutsendmail AJAX action, leading to an SQL Injection exploitable by unauthenticated users PoC Create a new email petition /wp-admin/admin.php?page=dkspeakoutaddnew, check x Do not send email...

9.8CVSS0.8AI score0.08785EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/03/04 12:0 a.m.•16 views

Conference Scheduler < 2.4.3 - Reflected Cross-Site Scripting

The plugin does not sanitize and escape the tab parameter before outputting back in an admin page, leading to a Reflected Cross-Site Scripting. PoC https://example.com/wp-admin/edit.php?posttype=confworkshop=confscheduleroptions="...

6.1CVSS6.2AI score0.00788EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/03/02 12:0 a.m.•25 views

Coupon Affiliates < 4.16.4.5 - Unauthenticated Stored XSS

The plugin does not have authorization and CSRF checks on a specific action handler, as well as does not sanitize its settings, which enables an unauthenticated attacker to inject malicious XSS payloads into the settings page of the plugin. PoC curl https://example.com/wp-admin/admin-ajax.php...

6.1CVSS1.3AI score0.00852EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/03/02 12:0 a.m.•16 views

MC4WP < 4.8.7 - Admin+ Stored Cross-Site Scripting

The plugin does not properly sanitise from data, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. PoC Create a form and put the following payload in the Form Code textarea: The XSS will be triggered...

2.5AI score
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
•added 2022/03/02 12:0 a.m.•31 views

Amelia < 1.0.47 - Unauthenticated Stored XSS via lastName

The plugin is vulnerable to Cross-Site Scripting due to insufficient escaping and sanitization of the lastName parameter found in the /src/Application/Controller/User/Customer/AddCustomerController.php file which allows attackers to inject arbitrary web scripts onto a pages that executes whenever...

7.2CVSS4.9AI score0.00519EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
•added 2022/03/02 12:0 a.m.•27 views

MC4WP < 4.8.7 - Admin+ Stored Cross-Site Scripting

The plugin does not properly sanitise form data, which could allow high privilege users to perform Cross-Site Scripting attacks when unfilteredhtml is disallowed...

4.8CVSS3.5AI score0.00499EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2022/03/02 12:0 a.m.•43 views

Limit Login Attempts (Spam Protection) < 5.1 - Unauthenticated SQLi

The plugin does not sanitise and escape some parameters before using them in SQL statements via AJAX actions available to unauthenticated users, leading to SQL Injections PoC order and columns parameters are affected curl 'https://example.com/wp-admin/admin-ajax.php' --data...

9.8CVSS3.4AI score0.08852EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/03/01 12:0 a.m.•13 views

Mapping Multiple URLs Redirect Same Page <= 5.8 - Reflected Cross-Site Scripting

The plugin does not sanitize and escape the mmurspid parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting. PoC https://example.com/wp-admin/admin.php?page=mmursp-list=editid="...

6.1CVSS0.3AI score0.01713EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/03/01 12:0 a.m.•26 views

Amelia < 1.0.47 - Customer+ Arbitrary Appointments Update and Sensitive Data Disclosure

The plugin does not have proper authorisation when managing appointments, allowing any customer to update other's booking, as well as retrieve sensitive information about the bookings, such as the full name and phone number of the person who booked it. PoC 1. Create a booking with user01 2...

5.5CVSS0.4AI score0.00609EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/03/01 12:0 a.m.•13 views

Sermon Browser <= 0.45.22 - Arbitrary File Upload via CSRF

The plugin does not have CSRF checks in place when uploading Sermon files, and does not validate them in any way, allowing attackers to make a logged in admin upload arbitrary files such as PHP ones. PoC Or, as admin, upload a PHP file via the Sermon Files feature of the plugin. The file will be ...

8.8CVSS3.9AI score0.00618EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/03/01 12:0 a.m.•29 views

Database Peek <= 1.2 - Reflected Cross-Site Scripting

The plugin does not sanitize and escape the match parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting. PoC https://example.com/wp-admin/admin.php?page=ab-database-peek=wpusers="...

6.1CVSS0.00788EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/03/01 12:0 a.m.•28 views

Bank Mellat <= 1.3.7 - Reflected Cross-Site Scripting

The plugin does not sanitize and escape the orderId parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting. PoC https://example.com/wp-admin/admin.php?page=bank-mellat="...

6.1CVSS0.3AI score0.00788EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/03/01 12:0 a.m.•19 views

dTabs <= 1.4 - Reflected Cross-Site Scripting

The plugin does not sanitize and escape the tab parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting. PoC https://example.com/wp-admin/options-general.php?page=dtabs.php=edit="...

6.1CVSS0.2AI score0.00788EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/03/01 12:0 a.m.•25 views

Narnoo Distributor <= 2.5.1 - Unauthenticated LFI to Arbitrary File Read / RCE

The plugin fails to validate and sanitize the libpath parameter before it is passed into a call to require via the narnoodistributorlibrequest AJAX action available to both unauthenticated and authenticated users which results in the disclosure of arbitrary files as the content of the file is the...

9.8CVSS0.3AI score0.4783EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/03/01 12:0 a.m.•17 views

Bulk Creator <= 1.0.1 - Reflected Cross-Site Scripting

The plugin does not sanitize and escape the posttype parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting. PoC https://example.com/wp-admin/admin.php?page=bulk-creatortype="...

0.4AI score0.00788EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/03/01 12:0 a.m.•17 views

WPC Smart Wishlist for WooCommerce < 2.9.4 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape the key parameter before outputting it back in the wishlistquickview AJAX action's response available to any authenticated user, leading to a Reflected Cross-Site Scripting PoC The source and destination should use the https:// protocol for the exploit to...

5.4CVSS5.4AI score0.00591EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/03/01 12:0 a.m.•58 views

Folders Disclosure via Outdated jQueryFileTree Library

The plugins are using the admin-page-framework framework which is shipped with the outdated and no longer maintained library jQueryFileTree known to be affected by a path traversal issue, allowing unauthenticated attackers to disclose the folder structure of the web server PoC curl...

7.5CVSS3.9AI score0.59063EPSS
Exploits7References1Affected Software6
WPVulnDB
WPVulnDB
•added 2022/03/01 12:0 a.m.•18 views

Delete Old Orders <= 0.2 - Reflected Cross-Site Scripting

The plugin does not sanitize and escape the date parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting. PoC https://example.com/wp-admin/admin.php?page=woo-delete-old-orders=3="...

6.1CVSS0.3AI score0.00788EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2022/03/01 12:0 a.m.•8 views

Multilist Subscribe for Sendy <= 1.6.1 - Subscriber+ Arbitrary Options Update

The plugin is using an outdated version of the Freemius library 1.2.2.9, which is known to be affected by a security issue allowing any authenticated users, such as subscriber to set arbitrary blog options PoC As any authenticated user: Enable new user registrations:...

2AI score
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2022/03/01 12:0 a.m.•34 views

WordPress File Upload < 4.16.3 - Contributor+ Path Traversal to RCE

The plugin allows users with a role as low as Contributor to perform path traversal via a shortcode argument, which can then be used to upload a PHP code disguised as an image inside the auto-loaded directory of the plugin, resulting in arbitrary code execution. PoC As a contributor or above, add...

8.8CVSS1AI score0.02849EPSS
Exploits2References1Affected Software2
WPVulnDB
WPVulnDB
•added 2022/03/01 12:0 a.m.•17 views

OSMapper <= 2.1.5 - Unauthenticated Arbitrary Post Deletion

The plugin contains an AJAX action to delete a plugin related post type named 'map' and is registered with the wpajaxnopriv prefix, making it available to unauthenticated users. There is no authorisation, CSRF and checks in place to ensure that the post to delete is a map one. As a result,...

5.3CVSS1.7AI score0.00519EPSS
Exploits2Affected Software1
Total number of security vulnerabilities14604