Lucene search
K
WpvulndbRecent

14603 matches found

WPVulnDB
WPVulnDB
added 2024/02/01 12:0 a.m.17 views

Popup More < 2.2.5 - Admin+ Directory Traversal to Limited Local File Inclusion

Description The plugin is vulnerable to Local File Inclusion via the ycfChangeElementData function. This makes it possible for authenticated attackers, with administrator-level access and above, to include and execute arbitrary files ending with "Form.php" on the server , allowing the execution o...

5.8CVSS7.6AI score0.00659EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/02/01 12:0 a.m.12 views

Advanced iFrame < 2024.0 - Contributor+ Stored XSS

Description The plugin does not validate and escape some of its advancediframe shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

4.9CVSS6.1AI score0.00315EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/02/01 12:0 a.m.16 views

Website Builder by SeedProd < 6.15.22 - Unauthenticated Plugin Page Content Update

Description The plugin does not have authorisation in its seedprodlitenewlpage function, allowing unauthenticated attackers to update the contents of coming-soon, maintenance pages, login and 404 pages set up with the plugin to a blank state PoC As unauthenticated, open the following URL to put t...

5CVSS7.7AI score0.0068EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/31 12:0 a.m.13 views

Active Products Tables for WooCommerce. Professional products tables for WooCommerce store < 1.0.6.2 - Cross-Site Request Forgery

Description The Active Products Tables for WooCommerce. Professional products tables for WooCommerce store plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.6.1. This is due to missing or incorrect nonce validation on several functions...

4.3CVSS6.5AI score0.00246EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/31 12:0 a.m.15 views

NEX-Forms – Ultimate Form Builder – Contact forms and much more < 8.5.7 - Missing Authorization via set_starred()

Description The NEX-Forms – Ultimate Form Builder – Contact forms and much more plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the setstarred function in all versions up to, and including, 8.5.6. This makes it possible for authenticated attackers,...

5CVSS6.7AI score0.00598EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/31 12:0 a.m.15 views

Instant Images < 6.1.1 - Author+ Arbitrary Options Update

Description The plugin is vulnerable to unauthorized arbitrary options update due to an insufficient check that neglects to verify whether the updated option belongs to the plugin on the instant-images/license REST API endpoint, allowing authors and higher to update arbitrary options...

4CVSS6.8AI score0.00791EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/31 12:0 a.m.19 views

SiteOrigin Widgets Bundle < 1.58.2 - Contributor+ Stored XSS

Description The plugin is vulnerable to Stored Cross-Site Scripting via the code editor due to insufficient input sanitization and output escaping, allowing authenticated attackers, with contributor access or higher, to perform Stored XSS attacks...

4.9CVSS5.3AI score0.00531EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/31 12:0 a.m.18 views

SEO Plugin by Squirrly SEO < 12.3.16 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.3CVSS5.6AI score0.00499EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/31 12:0 a.m.7 views

Quotes for WooCommerce < 2.0.2 - Quote Status Update / Quote Sending via CSRF

Description The plugin does not have CSRF checks when updating quote status and send quotes, which could allow attackers to make logged in admins perform such actions via CSRF attacks...

7.1AI score
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/31 12:0 a.m.6 views

Abandoned Cart Lite for WooCommerce < 5.16.2 - Multiple CSRF

Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in admins perform unwanted actions, such as toggle template statuses via CSRF attacks...

7.1AI score
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/31 12:0 a.m.24 views

Cookie Information < 2.0.23 - Subscriber+ Arbitrary Options Update

Description The plugin is vulnerable to arbitrary option updates due to a missing capability check on its AJAX request handler, allowing any authenticated users, such as subscriber to update arbitrary site options PoC Run the below command in the developer console of the web browser while being o...

6.5CVSS8.7AI score0.0147EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/31 12:0 a.m.24 views

Contact Form Entries < 1.3.3 - Admin+ Arbitrary File Upload

Description The plugin is vulnerable to arbitrary file uploads due to insufficient file validation on the 'viewpage' function, allowing authenticated attackers with administrator-level capabilities or above, to upload arbitrary files on the affected site's server which may make remote code...

5.8CVSS7.7AI score0.01219EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/31 12:0 a.m.16 views

NEX-Forms – Ultimate Form Builder – Contact forms and much more < 8.5.7 - Missing Authorization via set_read()

Description The NEX-Forms – Ultimate Form Builder – Contact forms and much more plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the setread function in all versions up to, and including, 8.5.6. This makes it possible for authenticated attackers, with...

5CVSS6.7AI score0.00598EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/31 12:0 a.m.9 views

Active Products Tables for WooCommerce. Professional products tables for WooCommerce store < 1.0.6.2 - Missing Authorization

Description The Active Products Tables for WooCommerce. Professional products tables for WooCommerce store plugin for WordPress is vulnerable to unauthorized access of functionality due to a missing capability check on several functions in all versions up to, and including, 1.0.6.1. This makes it...

4CVSS7.1AI score0.00424EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/31 12:0 a.m.19 views

Starbox < 3.4.8 - Subscriber+ Plugin Preferences / User Settings Access via IDOR

Description The plugin is vulnerable to Insecure Direct Object Reference via the action function due to missing validation on a user controlled key. This makes it possible for subscribers to view plugin preferences and potentially other user settings...

4CVSS6.7AI score0.00576EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/31 12:0 a.m.19 views

Mang Board WP < 1.7.8 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.3CVSS4.9AI score0.00316EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/31 12:0 a.m.11 views

NEX-Forms – Ultimate Form Builder – Contact forms and much more < 8.5.7 - Missing Authorization via restore_records()

Description The NEX-Forms – Ultimate Form Builder – Contact forms and much more plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the restorerecords function in all versions up to, and including, 8.5.6. This makes it possible for authenticated attacker...

5CVSS6.7AI score0.00598EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/31 12:0 a.m.17 views

MapPress < 2.88.17 - Contributor+ Stored XSS via Map Settings

Description The plugin is vulnerable to Stored Cross-Site Scripting via the width and height parameters, allowing with contributor access and above to perform Stored XSS attacks PoC - Go to Plugin’s page /wp-admin/admin.php?page=mappressmaps - Add New Map and search any location you want. - Add...

4.9CVSS5.5AI score0.00491EPSS
Exploits2References2Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/31 12:0 a.m.10 views

Guest Author < 2.4 - Contributor+ Stored XSS

Description The plugin is vulnerable to Stored Cross-Site Scripting via the plugin's guest author parameters due to insufficient input sanitization and output escaping, allowing authenticated attackers, with contributor-level access to inject arbitrary web scripts in pages that will execute...

6AI score
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/30 12:0 a.m.33 views

Avada < 7.11.2 - Author+ Arbitrary File Upload via Zip Extraction

Description The theme is vulnerable to arbitrary file uploads due to missing file type validation when extracting zip files in the 'processupload' and 'regenerateiconfiles' functions. This makes it possible for authenticated attackers with author permissions to upload arbitrary files on the...

9.1CVSS9.3AI score0.00465EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/01/30 12:0 a.m.15 views

WordPress Review & Structure Data Schema Plugin – Review Schema < 2.2.0 - Missing Authorization to Arbitrary Review Update

Description The WordPress Review & Structure Data Schema Plugin – Review Schema plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the rtrsreviewedit function in all versions up to, and including, 2.1.14. This makes it possible for...

4CVSS6.5AI score0.00428EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/30 12:0 a.m.16 views

WOLF – WordPress Posts Bulk Editor and Manager Professional < 1.0.8.2 - Cross-Site Request Forgery

Description The WOLF – WordPress Posts Bulk Editor and Manager Professional plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.8.1. This is due to missing or incorrect nonce validation on the wpbecreatenewterm, wpbeupdatetaxterm, and...

4.3CVSS6.5AI score0.00312EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/30 12:0 a.m.29 views

Avada < 7.11.2 - Contributor+ Arbitrary File Upload

Description The theme is vulnerable to arbitrary file uploads due to missing file type validation in the 'ajaximportoptions' function, making it possible for authenticated attackers with contributor permissions to upload arbitrary files on the affected site's server which may make remote code...

8.8CVSS8.7AI score0.00528EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/01/30 12:0 a.m.20 views

Avada < 7.11.2 - Contributor+ SSRF

Description The theme does not validate a parameter before making a request to it, which could allow users with a role as low as Contributor to perform SSRF attacks...

7.7CVSS7.5AI score0.00462EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/01/30 12:0 a.m.17 views

UserPro < 5.1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

Description The UserPro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'userpro' shortcode in versions up to, and including, 5.1.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers...

6.4CVSS5.9AI score0.00332EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/30 12:0 a.m.9 views

Affiliates Manager < 2.9.35 - Cross-Site Request Forgery

Description The Affiliates Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.9.34. This is due to missing or incorrect nonce validation on the processbulkaction function in ListAffiliatesTable.php. This makes it possible for...

4.3CVSS6.6AI score0.00312EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/30 12:0 a.m.15 views

Persian Fonts <= 1.6 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. PoC 1. Navigate to:...

7.7AI score0.00396EPSS
Exploits2
WPVulnDB
WPVulnDB
added 2024/01/30 12:0 a.m.14 views

WOLF – WordPress Posts Bulk Editor and Manager Professional < 1.0.8.2 - Missing Authorization

Description The WOLF – WordPress Posts Bulk Editor and Manager Professional plugin for WordPress is vulnerable to unauthorized access, modification or loss of data due to a missing capability check on the wpbecreatenewterm, wpbeupdatetaxterm, and wpbedeletetaxterm functions in all versions up to,...

4CVSS6.5AI score0.00533EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/30 12:0 a.m.16 views

Avada < 7.11.2 - Subscriber+ Portfolio Permalinks Creation

Description The theme is vulnerable to unauthorized modification of data due to a missing capability check, allowing any authenticated attackers, with such as subscriber and above, to save Portfolio permalinks...

8.8CVSS8.3AI score0.00528EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/01/30 12:0 a.m.15 views

Fatal Error Notify < 1.5.3 - Subscriber+ Test Error Email Sending

Description The plugin does not have authorisation and CSRF checks in its testerror AJAX action, allowing any authenticated users, such as subscriber to call it and spam the admin email address with error messages. The issue is also exploitable via CSRF PoC As a subscriber, open...

9.1AI score0.00228EPSS
Exploits3References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/30 12:0 a.m.1332 views

WordPress < 6.4.3 - Admin+ PHP File Upload

Description WordPress allows high privileged users Admin / Super Admin on Mulsitite to upload PHP files directly via the plugin/theme upload feature. Note: Such issue is only a concern on hardened blogs where such users are not allowed to install plugins/themes...

6.6AI score
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/01/30 12:0 a.m.914 views

WordPress < 6.4.3 - Deserialization of Untrusted Data

Description WordPress does not sanitizes options when installing and upgrading itself before serializing them, which could allow high privileged users such as admin to perform PHP Object Injection attack...

7.3AI score
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/01/29 12:0 a.m.14 views

Razorpay for WooCommerce < 4.5.7 - Transfers Manipulation via CSRF

Description The plugin does not have CSRF checks when updating, creating and reversing transfers, which could allow attackers to make logged in admins perform such actions via CSRF attacks...

7.1AI score
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/29 12:0 a.m.10 views

User Activity Tracking and Log < 4.1.4 - IP Spoofing

Description This plugin retrieves client IP addresses from potentially untrusted headers, allowing an attacker to manipulate its value. PoC 1. Add X-Forwarded-For: 11.11.11.11 to any request which will be in activity log. For example in creation of new post. 2. View the activity log and see that...

9.4AI score0.0031EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/29 12:0 a.m.16 views

Chart Builder < 1.9.7 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5.9AI score
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/29 12:0 a.m.9 views

Razorpay for WooCommerce < 4.5.7 - Subscriber+ Transfers Manipulation

Description The plugin does not have authorisation checks when updating, creating and reversing transfers, which could allow any authenticated users, such as subscriber to perform such actions...

7AI score
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/29 12:0 a.m.17 views

SchedulePress < 5.0.5 - Contributor+ Arbitrary Post Update/Deletion

Description The plugin does not have proper capability checks on several REST API endpoints, allowing contributors and above roles to edit and delete arbitrary posts...

7.2AI score
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/29 12:0 a.m.14 views

WCMultiShipping < 2.3.8 - Subscriber+ Arbitrary Account Credentials Test

Description The plugin does not have proper capability check on its wmschronoposttestcredentialsajax function, allowing any authenticate duets, such as with subscriber, to test account credentials...

7AI score
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/29 12:0 a.m.20 views

Order Delivery Date for WP e-Commerce <= 1.2 - Unauthenticated Stored Cross-Site Scripting

Description The Order Delivery Date for WP e-Commerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'available-days-tf' parameter in all versions up to, and including, 1.2 due to insufficient input sanitization and output escaping. This makes it possible for...

5.8CVSS5.9AI score0.00446EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/01/27 12:0 a.m.11 views

Allow SVG < 1.2.0 - Author+ Stored XSS via SVG

Description The plugin does not sanitize uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads. PoC Upload an SVG with the following code: Access the uploaded file directly to see the XSS...

9.1AI score0.00319EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/26 12:0 a.m.17 views

Formidable Forms < 6.8 - CSRF to Stored Cross-Site Scripting

Description The plugin is vulnerable to Cross-Site Request Forgery due to missing or incorrect nonce validation on the updatesettings function. This makes it possible for unauthenticated attackers to change form settings and add malicious JavaScript via a forged request granted they can trick a...

4.3CVSS6.2AI score0.00212EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/26 12:0 a.m.24 views

Form-Maker (twb_form-maker) < 1.15.22 - CSRF to limited RCE

Description The plugin is vulnerable to Cross-Site Request Forgery due to missing or incorrect nonce validation on the 'execute' function. This makes it possible for unauthenticated attackers to execute arbitrary methods in the 'BoosterController' class via a forged request granted they can trick...

6.8CVSS7.2AI score0.00229EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/26 12:0 a.m.15 views

Exclusive Addons for Elementor < 2.6.9 - Contributor+ Stored XSS

Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admin...

4.9CVSS6.1AI score0.0032EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/26 12:0 a.m.9 views

Abandoned Cart Lite for WooCommerce < 5.16.1 - Improper Authorization via wcal_delete_expired_used_coupon_code

Description The plugin is vulnerable to unauthorized access of data due to a missing capability check on the wcaldeleteexpiredusedcouponcode function. This makes it possible for unauthenticated attackers to preview emails, granted they are able to obtain a nonce via a separate vulnerability...

6.9AI score
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/26 12:0 a.m.28 views

InstaWP Connect < 0.1.0.10 - Missing Authorization to Sensitive Information Dislcosure

Description The InstaWP Connect – 1-click WP Staging & Migration plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check in all versions up to, and including, 0.1.0.9. This makes it possible for authenticated attackers, with subscriber-level access and...

4CVSS6.4AI score0.00504EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/26 12:0 a.m.20 views

WordPress Simple Shopping Cart < 4.7.2 - Authenticated(Administrator+) Stored Cross-Site Scripting

Description The WordPress Simple Shopping Cart plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the automatic redirect URL setting in all versions up to and including 4.7.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

4.3CVSS5.7AI score0.00304EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/26 12:0 a.m.13 views

wp-dashboard-notes < 1.0.11 - Contributor+ Arbitrary Private Notes Update via IDOR

Description The plugin does not validate that the user has access to the postid parameter in its wpdnupdatenote AJAX action. This allows users with a role of contributor and above to update notes created by other users. PoC 1. Create a note as an admin. View the source of the page to get the Note...

9.4AI score0.00456EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/26 12:0 a.m.13 views

PDF Poster - PDF Embedder Plugin for WordPress < 2.1.18 - Reflected Cross-Site Scripting

Description The PDF Poster - PDF Embedder Plugin for WordPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 2.1.17 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

5.8CVSS6.1AI score0.00331EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/26 12:0 a.m.17 views

WPvivid < 0.9.95 - Missing Authorization

Description The plugin vulnerable to unauthorized access of data due to a missing capability check on the restore and getrestoreprogress function, making it possible for unauthenticated attackers to invoke these functions and obtain full file paths if they have access to a back-up ID...

5CVSS6.6AI score0.00615EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/26 12:0 a.m.14 views

Elementor Addons by Livemesh < 8.3.2 - Contributor+ Stored XSS

Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admin...

4.9CVSS6.1AI score0.00516EPSS
Exploits0References1Affected Software1
Total number of security vulnerabilities14603