Lucene search
K
WpvulndbRecent

14603 matches found

WPVulnDB
WPVulnDB
added 2024/02/05 12:0 a.m.18 views

OWL Carousel <= 1.4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

Description The OWL Carousel plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.4.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject...

4.9CVSS5.9AI score0.00333EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/02/05 12:0 a.m.20 views

W3SPEEDSTER < 7.20 - Settings Update via CSRF

Description The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

4.3CVSS4.8AI score0.0025EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/02/05 12:0 a.m.15 views

Biteship < 2.2.25 - Reflected Cross-Site Scripting via biteship_error and biteship_message

Description The Biteship plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'biteshiperror' and 'biteshipmessage' parameters in versions up to, and including, 2.2.24 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...

5.8CVSS6.3AI score0.0037EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/02/05 12:0 a.m.18 views

SP Project & Document Manager < 4.70 - Authenticated (Contributor+) SQL Injection via Shortcode

Description The SP Project & Document Manager plugin for WordPress is vulnerable to SQL Injection via the spcdmdisplayprojectshortcodeshow function in versions up to, and including, 4.69 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing...

5.5CVSS6.9AI score0.00544EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/02/05 12:0 a.m.14 views

Happyforms < 1.25.11 - Missing Authorization

Description The plugin is vulnerable to unauthorized access due to a missing capability check, allowing unauthenticated attackers to perform unauthorized actions...

9.5AI score0.00381EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/02/05 12:0 a.m.20 views

WP Dummy Content Generator < 3.1.3 - Missing Authorization

Description The WP Dummy Content Generator plugin for WordPress is vulnerable to unauthorized modification of data due to missing capability check son the wpdummycontentgeneratorDeletePosts and wpdummycontentgeneratorAjaxGenPosts functions in versions up to, and including, 3.1.2. This makes it...

4CVSS6.4AI score0.00359EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/02/05 12:0 a.m.11 views

Five Star Restaurant Reviews < 2.3.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Review URL

Description The Five Star Restaurant Reviews plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the review url parameter in versions up to, and including, 2.3.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

4.9CVSS5.8AI score0.00309EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/02/05 12:0 a.m.19 views

Shareaholic < 9.7.12 - Missing Authorization via accept_terms_of_service

Description The Professional Social Sharing Buttons, Icons & Related Posts – Shareaholic plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'accepttermsofservice' function in all versions up to, and including, 9.7.11. This makes it...

6.7AI score0.00192EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/02/05 12:0 a.m.19 views

Post Thumbnail Editor <= 2.4.8 - Sensitive Information Exposure

Description The Post Thumbnail Editor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.4.8. This makes it possible for unauthenticated attackers to extract sensitive user or configuration data...

5CVSS6.4AI score0.00418EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/02/04 12:0 a.m.15 views

Accessibility < 1.0.7 - Cross-Site Request Forgery

Description The plugin is vulnerable to Cross-Site Request Forgery due to missing or incorrect nonce validation. This makes it possible for unauthenticated attackers to perform unauthorized actions via a forged request granted they can trick a site administrator into performing an action such as...

5.8CVSS5.6AI score0.00187EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/02/04 12:0 a.m.20 views

Scheduling Plugin – Online Booking for WordPress <= 3.5.10 - Authenticated (Contributor+) Stored Cross-Site Scripting

Description The Scheduling Plugin – Online Booking for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 3.5.10 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

4.9CVSS5.5AI score0.00346EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/02/04 12:0 a.m.15 views

Load More Anything < 3.3.4 - Subscriber+ Settings Update

Description The plugin does not have authorisation check when updating its settings, which could allow any authenticated users, such as subscriber to update them...

9.5AI score0.00263EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/02/04 12:0 a.m.16 views

CC BMI Calculator < 2.1.0 - Contributor+ Stored XSS

Description The plugin does not escape some of its BMI Calculator Widget options before outputting them back in a page/post where the Widget is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

4.9CVSS5.5AI score0.00346EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/02/04 12:0 a.m.8 views

Click To Tweet <= 2.0.14 - Authenticated (Contributor+) Stored Cross-Site Scripting

Description The Click To Tweet plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 2.0.14 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to...

4.9CVSS5.7AI score0.00346EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/02/02 12:0 a.m.13 views

Feed Them Social < 4.2.1 - Cross-Site Request Forgery via review_nag_check

Description The Feed Them Social – Page, Post, Video, and Photo Galleries plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.2.0. This is due to missing or incorrect nonce validation on the 'reviewnagcheck' function. This makes it possible for...

4CVSS6.6AI score0.00337EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/02/02 12:0 a.m.21 views

Don't Muck My Markup <= 1.8 - Cross-Site Request Forgery

Description The Don't Muck My Markup plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.8. This is due to missing or incorrect nonce validation on an unknown function. This makes it possible for unauthenticated attackers to perform unauthorize...

4.3CVSS6.4AI score0.00241EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/02/02 12:0 a.m.10 views

The Plus Addons for Elementor < 5.3.4 - Contributor+ Stored XSS

Description The plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input sanitization and output escaping, allowing authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injecte...

6AI score0.00128EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/02/02 12:0 a.m.12 views

WooCommerce Conversion Tracking < 2.0.12 - Subscriber+ Addon Installation

Description The plugin is vulnerable to unauthorized modification of data due to a missing capability check on the 'wcctinstallhappyaddons' function, allowing any authenticated users, such as subscriber to install the Happy Elementor Addons plugin...

4CVSS6.8AI score0.00318EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/02/02 12:0 a.m.12 views

EventON < 4.4.1 - Reflected Cross-Site Scripting

Description The EventON Pro plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via an unknown parameter in all versions up to, and including, 4.4.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrar...

5.8CVSS6.5AI score0.00426EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/02/02 12:0 a.m.14 views

Chartify < 2.0.7 - Authenticated(Administrator+) Stored Cross-Site Scripting

Description The Chartify – WordPress Chart Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.0.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

4.3CVSS5.8AI score0.00316EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/02/02 12:0 a.m.23 views

ARMember < 4.0.25 - Improper Access Control to Sensitive Information Exposure via REST API

Description The ARMember plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.21 via the REST API. This makes it possible for unauthenticated attackers to bypass the plugin's "Default Restriction" feature and view restricted post content...

5CVSS6.8AI score0.00482EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/02/02 12:0 a.m.20 views

Orbit Fox by ThemeIsle < 2.10.29 - Unauthenticated Connected API Keys Update

Description The plugin is vulnerable to unauthorized modification of data due to a missing capability check on the registerreference function, allowing unauthenticated attackers to update the connected API keys...

5CVSS7.1AI score0.0056EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/02/02 12:0 a.m.25 views

SlimStat Analytics < 5.1.4 - Subscriber+ Stored XSS

Description The plugin is vulnerable to Stored Cross-Site Scripting via the 'filterarray' parameter due to insufficient input sanitization and output escaping, allowing any authenticated users, such as subscriber, to inject arbitrary web scripts in pages that will execute whenever a user accesses...

4.9CVSS6AI score0.00452EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/02/02 12:0 a.m.13 views

PropertyHive < 2.0.6 - Unauthenticated PHP Object Injection via propertyhive_currency

Description The PropertyHive plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.0.5 via deserialization of untrusted input from the 'propertyhivecurrency' cookie value. This makes it possible for unauthenticated attackers to inject a PHP Object. No...

4CVSS7.3AI score0.00519EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/02/02 12:0 a.m.18 views

JobSearch WP Job Board < 2.3.4 - Arbitrary File Upload to RCE

Description The plugin does not validate files to be uploaded, which could allow unauthenticated attackers to upload arbitrary files such as PHP on the server PoC Navigate to the site, and paste the following in your browser's console: fetch'/wp-admin/admin-ajax.php', method: 'POST', headers:...

6.8AI score0.00602EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2024/02/02 12:0 a.m.17 views

Anonymous Restricted Content < 1.6.3 - Protection Mechanism Bypass

Description The Anonymous Restricted Content plugin for WordPress is vulnerable to information disclosure in all versions up to, and including, 1.6.2. This is due to insufficient restrictions through the REST API on the posts/pages that protections are being place on. This makes it possible for...

5CVSS6.5AI score0.00608EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/02/02 12:0 a.m.17 views

Easy Digital Downloads < 3.2.7 - Shop Manager+ Stored XSS

Description The plugin is vulnerable to Stored Cross-Site Scripting via the variable pricing option title due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with shop manger-level access, to inject arbitrary web scripts in pages that wi...

4.3CVSS5.8AI score0.00398EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/02/02 12:0 a.m.20 views

LearnDash LMS < 4.10.3 - Sensitive Information Exposure via API

Description The LearnDash LMS plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.10.2 via API. This makes it possible for unauthenticated attackers to obtain access to quiz questions...

5CVSS7AI score0.05285EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/02/02 12:0 a.m.14 views

Essential Addons for Elementor < 5.9.8 - Contributor+ Stored XSS

Description The plugin is vulnerable to Stored Cross-Site Scripting through editing context via the 'data-eael-wrapper-link' wrapper due to insufficient input sanitization and output escaping on user supplied protocols, allowing authenticated attackers with contributor-level and above permissions...

4.9CVSS5.8AI score0.00423EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/02/02 12:0 a.m.11 views

UserPro < 5.1.7 - Disabled Membership Registration Bypass

Description The plugin is vulnerable to Security Feature Bypass, due to the use of client-side restrictions to enforce the 'Disabled registration' Membership feature within the plugin's General settings, allowing unauthenticated attackers to register an account even when account registration has...

5CVSS6.9AI score0.0058EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/02/02 12:0 a.m.22 views

JobSearch WP Job Board < 2.3.4 - Authentication Bypass

Description The plugin does not prevent attackers from logging-in as any users with the only knowledge of that user's email address. PoC Browse to the site, paste the following in your browser's console replace the email address with that site's administrator's email address:...

6.5AI score0.00549EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2024/02/02 12:0 a.m.8 views

PopupAlly < 2.1.1 - Cross-Site Request Forgery via optin_submit_callback

Description The PopupAlly plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.1.0. This is due to missing or incorrect nonce validation on the 'optinsubmitcallback' function. This makes it possible for unauthenticated attackers to opt in...

4CVSS6.4AI score0.00337EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/02/02 12:0 a.m.27 views

Beds24 Online Booking < 2.0.24 - Authenticated(Administrator+) Stored Cross-Site Scripting

Description The Beds24 Online Booking plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.0.23 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

4.3CVSS5.9AI score0.00316EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/02/02 12:0 a.m.8 views

Calculated Fields Form < 1.2.53 - Contributor+ Stored XSS

Description The plugin does not validate and escape some the location attribute of its CPCALCULATEDFIELDS shortcode before outputting it back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

4.9CVSS5.9AI score0.0048EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/02/02 12:0 a.m.19 views

WPDashboardNotes < 1.0.11 - Unauthorised Deletion of Private Notes

Description The plugin is vulnerable to Insecure Direct Object References IDOR in postid= parameter. Authenticated users are able to delete private notes associated with different user accounts. This poses a significant security risk as it violates the principle of least privilege and compromises...

6.4AI score0.00402EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2024/02/02 12:0 a.m.19 views

LearnDash LMS < 4.10.2 - Sensitive Information Exposure via assignments

Description The LearnDash LMS plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.10.1 via direct file access due to insufficient protection of uploaded assignments. This makes it possible for unauthenticated attackers to obtain those uploa...

5CVSS6.7AI score0.02419EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/02/02 12:0 a.m.15 views

Heateor Social Login < 1.1.31 - Authenticated(Contributor+) Stored Cross-Site Scripting via Shortcode

Description The Heateor Social Login WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in version Ngô Thiên An ancorn from VNPT-VCI due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible...

4.9CVSS5.6AI score0.00317EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/02/02 12:0 a.m.23 views

JetBackup < 2.0.9.9 - Directory Listing Exposing Backups

Description The plugin doesn't use index files to prevent public directory listing of sensitive directories in certain configurations, which allows malicious actors to leak backup files. A partial fix was released in 2.0.9.6, removing the ability to list the directory but still allowing direct...

9AI score0.01915EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/02/02 12:0 a.m.24 views

Orbit Fox by ThemeIsle < 2.10.30 - Connected API Keys Update via CSRF

Description The plugin is vulnerable to Cross-Site Request Forgery due to missing or incorrect nonce validation on the registerreference function, allowing attackers to update the connected API keys via a forged request granted they can trick a site administrator into performing an action such as...

4.3CVSS6.6AI score0.00234EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/02/02 12:0 a.m.16 views

Smart Forms < 2.6.87 - Subscriber+ Arbitrary Entry Deletion

Description The plugin does not have authorisation in various AJAX actions, which could allow users with a role as low as subscriber to call them and perform unauthorised actions such as deleting entries. The plugin also lacks CSRF checks in some places which could allow attackers to make logged ...

6.5AI score0.00217EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2024/02/02 12:0 a.m.19 views

DearFlip < 2.2.27 - Contributor+ Stored XSS

Description The plugin is vulnerable to Stored Cross-Site Scripting via outline settings due to insufficient input sanitization and output escaping on user supplied data, allowing authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that wi...

5.4CVSS5.4AI score0.00442EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/02/02 12:0 a.m.40 views

PageLayer < 1.8.1 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC 1. Enter the following payload in...

5.4AI score0.00402EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2024/02/02 12:0 a.m.17 views

Auto Listings < 2.6.6 - Authenticated(Contributor+) Stored Cross-Site Scripting via Shortcode

Description The Auto Listings – Car Listings & Car Dealership Plugin for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 2.6.5 due to insufficient input sanitization and output escaping on user supplied...

4.9CVSS5.5AI score0.0031EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/02/02 12:0 a.m.24 views

Spiffy Calendar < 4.9.9 - Broken Access Control

Description The plugin doesn't check the eventauthor parameter, and allows any user to alter it when creating an event, leading to deceiving users/admins that a page was created by a Contributor+. PoC Using a Contributor+ account and a proxy interceptor such as Burp Suite, create an event. Change...

6.4AI score0.00482EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2024/02/02 12:0 a.m.9 views

Icons Font Loader < 1.1.5 - Authenticated(Administrator+) Arbitrary File Upload

Description The Icons Font Loader plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'upload' function in versions up to, and including, 1.1.4. This makes it possible for authenticated attackers, with administrator access and above, to upload...

5.8CVSS7.6AI score0.00603EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/02/02 12:0 a.m.20 views

LearnDash LMS < 4.10.2 - Sensitive Information Exposure via API

Description The LearnDash LMS plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.10.1 via API. This makes it possible for unauthenticated attackers to obtain access to quizzes...

5CVSS7AI score0.02027EPSS
Exploits3References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/02/02 12:0 a.m.19 views

Ninja Forms Contact Form < 3.7.2 - Unauthenticated Second Order SQL Injection

Description The plugin is vulnerable to Second Order SQL Injection via the email address value submitted through forms due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to...

7.5CVSS8AI score0.00778EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/02/02 12:0 a.m.23 views

ProfilePress < 4.14.4 - Contributor+ Stored XSS

Description The plugin does not validate and escape some of its reg-number-field shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

4.9CVSS5.9AI score0.00371EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/02/01 12:0 a.m.19 views

ProductX – WooCommerce Builder & Gutenberg WooCommerce Blocks < 3.1.5 - PHP Object Injection via wopb_wishlist and wopb_compare

Description The ProductX – WooCommerce Builder & Gutenberg WooCommerce Blocks plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.1.4 via deserialization of untrusted input from the 'wopbwishlist' and 'wopbcompare' cookies. This makes it possible for...

4CVSS7.3AI score0.00519EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/02/01 12:0 a.m.8 views

Fancy Comments WordPress < 1.2.15 - Contributor+ Stored XSS

Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admin PoC...

6.1AI score
Exploits0Affected Software1
Total number of security vulnerabilities14603