Lucene search
K
WpvulndbRecent

14603 matches found

WPVulnDB
WPVulnDB
added 2024/03/29 12:0 a.m.20 views

Stackable < 3.12.12 - Contributor+ Stored XSS via Posts Block

Description The plugin is vulnerable to Stored Cross-Site Scripting via the Postv2 block title tag due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject...

6.4CVSS5.9AI score0.0045EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/03/29 12:0 a.m.23 views

Ultimate Addons for Beaver Builder – Lite < 1.5.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Heading Widget

Description The Ultimate Addons for Beaver Builder – Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Heading widget in all versions up to, and including, 1.5.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

6.4CVSS5.9AI score0.00343EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/03/29 12:0 a.m.20 views

Calculated Fields Form < 1.2.55 - Reflected Cross-Site Scripting

Description The Calculated Fields Form plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via multiple parameters in versions up to, and including, 1.2.54 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

7.1CVSS6.5AI score0.00421EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/03/28 12:0 a.m.21 views

Better Elementor Addons < 1.4.2 - Contributor+ Stored XSS

Description The plugin is vulnerable to Stored Cross-Site Scripting via the widget link URL values due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject...

6.4CVSS6.2AI score0.00404EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/03/28 12:0 a.m.15 views

Sydney Toolbox < 1.27 - Authenticated (Contributor+) Stored Cross-Site Scripting via _id

Description The Sydney Toolbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the id attribute of widgets in all versions up to, and including, 1.26 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS5.9AI score0.0034EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/03/28 12:0 a.m.28 views

WP ERP <= 1.12.9 - Authenticated (AccountingManager+) SQL Injection

Description The WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting plugin for WordPress is vulnerable to time-based SQL Injection via the id parameter via the erp/v1/accounting/v1/vendors/1/products/ REST route in all versions up to, and including, 1.12.9...

7.2CVSS7.6AI score0.00547EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/03/28 12:0 a.m.27 views

WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting <= 1.12.9 - Unauthenticated Stored Cross-Site Scripting

Description The WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'apikey' parameter in all versions up to, and including, 1.12.9 due to insufficient input sanitization and output...

7.2CVSS6.2AI score0.00542EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/03/28 12:0 a.m.17 views

WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting <= 1.12.9 - Authenticated (Subscriber+) SQL Injection

Description The WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting plugin for WordPress is vulnerable to union-based SQL Injection via the 'email' parameter in all versions up to, and including, 1.12.9 due to insufficient escaping on the user supplied...

8.8CVSS7.6AI score0.00548EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/03/28 12:0 a.m.20 views

WP ERP <= 1.12.9 - Authenticated (Accounting Manager+) SQL Injection

Description The WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting plugin for WordPress is vulnerable to time-based SQL Injection via the erp/v1/accounting/v1/transactions/sales REST API endpoint in all versions up to, and including, 1.12.9 due to...

7.2CVSS7.6AI score0.00615EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/03/28 12:0 a.m.13 views

Element Pack Elementor Addons < 5.5.4 - Contributor+ Stored XSS

Description The plugin is vulnerable to Stored Cross-Site Scripting via the link URL due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute...

6.5CVSS5.8AI score0.00336EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/03/28 12:0 a.m.13 views

Shortlinks by Pretty Links < 3.6.3 - Reflected Cross-Site Scripting via post_status

Description The plugin does not sanitise and escape the poststatus parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

7.1CVSS6.3AI score0.00418EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/03/28 12:0 a.m.24 views

Responsive < 5.0.3 - Missing Authorization to HMTL Injection

Description The Responsive theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the savefootertextcallback function in all versions up to, and including, 5.0.2. This makes it possible for unauthenticated attackers to inject arbitrary HTML...

7.5CVSS6.7AI score0.00657EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/03/28 12:0 a.m.18 views

MasterStudy LMS < 3.3.1 - Unauthenticated Local File Inclusion via modal

Description The MasterStudy LMS plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.3.0 via the 'modal' parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of an...

9.8CVSS8AI score0.0154EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/03/28 12:0 a.m.22 views

WP-Eggdrop <= 0.1 - Cross-Site Request Forgery to Settings Update

Description The WP-Eggdrop plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.1. This is due to missing or incorrect nonce validation on the wpeggupdateOptions function. This makes it possible for unauthenticated attackers to update the plugin...

5.4CVSS6.6AI score0.00189EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/03/28 12:0 a.m.17 views

News Wall <= 1.1.0 - Cross-Site Request Forgery to Plugin Settings Update

Description The News Wall plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.0. This is due to missing or incorrect nonce validation on the nwapnewslistpage function. This makes it possible for unauthenticated attackers to update the plugin'...

4.3CVSS6.4AI score0.00204EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/03/28 12:0 a.m.13 views

Pocket News Generator <= 0.2.0 - Cross-Site Request Forgery to Settings Update

Description The Pocket News Generator plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.2.0. This is due to missing or incorrect nonce validation on the optionpage function. This makes it possible for unauthenticated attackers to update the...

5.4CVSS6.4AI score0.00187EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/03/28 12:0 a.m.15 views

Lightbox slider – Responsive Lightbox Gallery <= 1.9.9 - Authenticated (Contributor+) PHP Object Injection

Description The Lightbox slider – Responsive Lightbox Gallery plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.9.9 via deserialization of untrusted input through post meta data. This makes it possible for authenticated attackers, with...

5.4CVSS7.2AI score0.00536EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/03/28 12:0 a.m.15 views

Otter Blocks < 2.6.6 - Contributor+ Stored XSS

Description The plugin does not properly escape its mainHeadings blocks' attribute before appending it to the final rendered block, allowing contributors to conduct Stored XSS attacks. PoC As a contributor, put the following payload in a post while in Code Editor mode The XSS will be triggered wh...

9AI score0.0042EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/03/28 12:0 a.m.13 views

Easy Appointments < 3.11.19 - Authenticated (Contributor+) Stored Cross-Site Scripting

Description The Easy Appointments plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'eafullcalendar' shortcode in all versions up to, and including, 3.11.18 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

6.4CVSS5.8AI score0.00323EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/03/28 12:0 a.m.15 views

Livemesh Addons for WPBakery Page Builder < 3.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode

Description The WPBakery Page Builder Addons by Livemesh plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 3.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

6.5CVSS5.8AI score0.0036EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/03/28 12:0 a.m.18 views

Bold Page Builder < 4.7.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via class

Description The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the css class in versions up to, and including, 4.7.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level acce...

6.5CVSS5.8AI score0.00423EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/03/28 12:0 a.m.13 views

Advanced Sermons < 3.2 - Reflected Cross-Site Scripting via s

Description The Advanced Sermons plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘s' parameter in versions up to, and including, 3.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary we...

7.1CVSS6.3AI score0.00397EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/03/28 12:0 a.m.13 views

BizPrint < 4.5.6 - Cross-Site Request Forgery to Cross-Site Scripting via process.php

Description The BizPrint plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.5.5. This is due to missing or incorrect nonce validation in the process.php file. This makes it possible for unauthenticated attackers to generate invoices containing...

7.1CVSS6.1AI score0.00195EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/03/28 12:0 a.m.13 views

Easy Appointments < 3.11.19 - Insufficient Authorization

Description The Easy Appointments plugin for WordPress is vulnerable to unauthorized modification of data due to insufficient user validation on the ajaxcancelappointment function in all versions up to, and including, 3.11.18. This makes it possible for unauthenticated attackers to cancel other...

4.3CVSS6.8AI score0.00435EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/03/28 12:0 a.m.10 views

Button < 1.1.28 - Contributor+ PHP Object Injection in button_shortcode

Description The plugin is vulnerable to PHP Object Injection via deserialization of untrusted input in the buttonshortcode function. This makes it possible for authenticated attackers, with contributor-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable...

8.8CVSS9.2AI score0.00901EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/03/28 12:0 a.m.17 views

WP-Eggdrop <= 0.1 - Authenticated (Admin+) Stored Cross-Site Scripting

Description The WP-Eggdrop plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...

4.8CVSS5.9AI score0.00319EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/03/28 12:0 a.m.15 views

Christmas Greetings <= 1.2.5 - Reflected Cross-Site Scripting

Description The Christmas Greetings plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the code parameter in all versions up to, and including, 1.2.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

6.1CVSS6.5AI score0.00497EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/03/28 12:0 a.m.19 views

Pocket News Generator <= 0.2.0 - Authenticated (Admin+) Stored Cross-Site Scripting

Description The Pocket News Generator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings such as "Consumer Key" and "Access Token" in all versions up to, and including, 0.2.0 due to insufficient input sanitization and output escaping. This makes it possible for...

4.8CVSS5.7AI score0.00322EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/03/28 12:0 a.m.13 views

130+ Widgets | Best Addons For Elementor – FREE < 1.4.3 - Authenticated (Contributor+) Stored Cross-Site Scripting

Description The 130+ Widgets | Best Addons For Elementor – FREE plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widgets in all versions up to, and including, 1.4.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes...

6.4CVSS6.8AI score0.00335EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/03/28 12:0 a.m.25 views

Elementor Addon Elements < 1.13.3 - Contributor+ DOM-Based Stored XSS

Description The plugin is vulnerable to Stored Cross-Site Scripting via widgets due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in...

6.5CVSS5.7AI score0.00497EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/03/28 12:0 a.m.13 views

DearFlip < 2.2.27 - Contributor+ Stored XSS

Description The plugin is vulnerable to Stored Cross-Site Scripting via the 'forcefit ' parameter due to insufficient input sanitization and output escaping, allowing authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute...

6.5CVSS6AI score0.00336EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/03/28 12:0 a.m.136 views

Astra < 4.6.5 - Editor+ Stored XSS via Theme Header/Footer

Description The theme is vulnerable to Stored Cross-Site Scripting via the theme header and footer content due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with editor-level access, to inject arbitrary web scripts in pages that will...

5.9CVSS5.8AI score0.00359EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/03/28 12:0 a.m.17 views

affiliate-toolkit < 3.4.6 - Authenticated (Author+) Stored Cross-Site Scripting via ratings

Description The affiliate-toolkit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via various ratings postmeta parameters in versions up to, and including, 3.4.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.5CVSS5.8AI score0.00339EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/03/28 12:0 a.m.21 views

Media Library Assistant < 3.14 - Authenticated (Contributor+) Stored Cross-Site Scripting via mla_gallery Shortcode

Description The Media Library Assistant plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 3.13 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS5.8AI score0.00439EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/03/28 12:0 a.m.24 views

WP ERP < 1.30.0 - Authenticated (Accounting Manager+) SQL Injection via id

Description The WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting plugin for WordPress is vulnerable to time-based SQL Injection via the id parameter in all versions up to, and including, 1.12.9 due to insufficient escaping on the user supplied parameter...

7.2CVSS7.6AI score0.00906EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/03/27 12:0 a.m.15 views

Product Import Export for WooCommerce < 2.4.2 - Authenticated(Shop Manager+) Arbitrary File Upload

Description The Product Import Export for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'imagelibraryattachment' function in all versions up to, and including, 2.4.1. This makes it possible for authenticated attackers, with Sho...

9.1CVSS7.7AI score0.00603EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/03/27 12:0 a.m.15 views

Radio Player < 2.0.74 - Missing Authorization via get_players

Description The Radio Player plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'getplayers' function in versions up to, and including, 2.0.73. This makes it possible for unauthenticated attackers to retrieve a list of radio players...

6.5CVSS6.8AI score0.00482EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/03/27 12:0 a.m.16 views

Meta Tag Manager < 3.1 - Subscriber+ PHP Object Injection

Description The plugin is vulnerable to PHP Object Injection via deserialization of untrusted input in the getpostdata function. This makes it possible for authenticated attackers, with contributor access or higher, to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a PO...

8.8CVSS7.2AI score0.00813EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/03/27 12:0 a.m.17 views

WholesaleX < 1.3.2 - Sensitive Information Exposure via export_users

Description The WholesaleX – WooCommerce Wholesale Plugin Wholesale Prices, Dynamic Pricing, Tiered Pricing plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.3.1 via the 'exportusers'. This makes it possible for authenticated attackers,...

6.5CVSS6.6AI score0.00529EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/03/27 12:0 a.m.21 views

Elementor Addon Elements < 1.13.2 - Contributor+ Stored XSS

Description The plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widgets due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to...

5.4CVSS5.8AI score0.00516EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/03/27 12:0 a.m.14 views

Salon Booking System < 9.6.3 - Unauthenticated Stored XSS

Description The plugin does not properly sanitize and escape the 'Mobile Phone' field when booking an appointment, allowing customers to conduct Stored Cross-Site Scripting attacks. The payload gets triggered when an admin visits the 'Customers' page and the malicious script is executed in the...

5.9AI score0.00631EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2024/03/27 12:0 a.m.22 views

GamiPress – The #1 gamification plugin to reward points, achievements, badges & ranks in WordPress < 6.9.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

Description The GamiPress – The 1 gamification plugin to reward points, achievements, badges & ranks in WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 6.9.0 due to insufficient input sanitization and...

6.4CVSS5.6AI score0.00363EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/03/27 12:0 a.m.27 views

Salon booking system < 9.6.3 - Unauthenticated Stored XSS

Description The plugin does not properly sanitize and escape the 'Mobile Phone' field and 'smsprefix' parameter when booking an appointment, allowing customers to conduct Stored Cross-Site Scripting attacks. The payload gets triggered when an admin visits the 'Bookings' page and the malicious...

5.6AI score0.00464EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2024/03/27 12:0 a.m.22 views

Hubbub Lite – Fast, Reliable Social Network Sharing Buttons < 1.33.2 - PHP Object Injection

Description The Hubbub Lite – Fast, Reliable Social Sharing Buttons plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.33.1 via deserialization of untrusted input via the 'dpspmaybeunserialize' function. This makes it possible for authenticated...

7.5CVSS7AI score0.00921EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/03/27 12:0 a.m.18 views

Events Manager < 6.4.7.2 - Cross-Site Request Forgery

Description The Events Manager – Calendar, Bookings, Tickets, and more! plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.4.7.1. This is due to missing or incorrect nonce validation on several actions. This makes it possible for unauthenticat...

4.3CVSS6.5AI score0.00215EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/03/27 12:0 a.m.19 views

WP Staging (Free < 3.4.0, Pro < 5.4.0) - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC 1. Go to "WP Staging Backup &...

4.9AI score0.00423EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/03/27 12:0 a.m.19 views

WP Reset < 2.0 - Sensitive Information Exposure due to Insufficient Randomness

Description The plugin is vulnerable to Sensitive Information Exposure via the use of insufficiently random snapshot names, allowing unauthenticated attackers to extract sensitive data including site backups by brute-forcing the snapshot filenames...

5.9CVSS6.6AI score0.00704EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/03/27 12:0 a.m.18 views

WholesaleX < 1.3.2 - Authenticated(Subscriber+) Missing Authorization via multiple AJAX actions

Description The WholesaleX plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wcinstallcallback AJAX function in versions up to, and including, 1.3.1. This makes it possible for authenticated attackers, with subscriber-level access and...

8.8CVSS6.7AI score0.00474EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/03/27 12:0 a.m.19 views

coreActivity < 2.1 - Unauthenticated IP Spoofing

Description The plugin retrieved IP addresses of requests via headers such X-FORWARDED to log them, allowing users to spoof them by providing an arbitrary value PoC As unauthenticated: curl 'https://example.com/attacker' -H 'X-FORWARDED: 127.0.0.1' Then view the logs and note that the plugin...

6.5AI score0.00482EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2024/03/27 12:0 a.m.17 views

Easy Social Feed < 6.5.6 - Contributor+ Stored XSS

Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admin PoC...

5.7AI score0.00303EPSS
Exploits2References1Affected Software1
Total number of security vulnerabilities14603