Lucene search
K
WpvulndbRecent

14602 matches found

WPVulnDB
WPVulnDB
added 2024/06/10 12:0 a.m.14 views

Quiz And Survey Master < 9.0.2 - Contributor+ Stored XSS

Description The plugin does not validate and escape some of its Quiz fields before outputting them back in a page/post where the Quiz is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks PoC 1. Go to to Quizzes & Surveys 2. Add/edit...

5.2AI score0.00351EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/06/10 12:0 a.m.17 views

Quiz And Survey Master < 9.0.2 - Contributor+ SQLi

Description The plugin is vulnerable does not validate and escape the questionid parameter in the qsmbulkdeletequestionfromdatabase AJAX action, leading to a SQL injection exploitable by Contributors and above role PoC 1 You will need a valid nonce for deletion of quiz questions. 2 Sign in as a...

7.7AI score0.00591EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/06/10 12:0 a.m.12 views

Custom Field Template < 2.6.2 - Authenticated(Contributor+) Information Exposure

Description The Custom Field Template plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.6.1 via the 'cft' shortcode. This makes it possible for authenticated attackers with contributor access and above, to extract sensitive data including...

4.3CVSS6.5AI score0.0029EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/06/10 12:0 a.m.18 views

Blog2Social: Social Media Auto Post & Scheduler < 7.4.2 - Authenticated (Subscriber+) SQL Injection

Description The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to SQL Injection via the 'b2sSortPostType' parameter in all versions up to, and including, 7.4.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the...

9.9CVSS7.2AI score0.00515EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/06/08 12:0 a.m.13 views

WP Force SSL & HTTPS SSL Redirect < 1.67 - Missing Authorization to Settings Update

Description The WP Force SSL & HTTPS SSL Redirect plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ajaxsavesetting' function in versions up to, and including, 1.66. This makes it possible for authenticated attackers, subscriber-leve...

4.3CVSS6.4AI score0.00347EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/06/07 12:0 a.m.9 views

Animated AL List <= 1.0.6 - Reflected XSS

Description The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin PoC 1. Add a new project 2. Access the URL...

5.8AI score0.00475EPSS
Exploits2
WPVulnDB
WPVulnDB
added 2024/06/07 12:0 a.m.10 views

Social Login Lite For WooCommerce <= 1.6.0 - Authentication Bypass

Description The plugin is vulnerable to authentication bypass due to insufficient verification on the user being supplied during the social login through the plugin. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they...

9.8CVSS7.1AI score0.00575EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/06/07 12:0 a.m.11 views

Simple Photoswipe <= 0.1 - Subscriber+ Arbitrary Settings Update

Description The plugin does not have authorisation check when updating its settings, which could allow any authenticated users, such as subscriber to update them PoC the response of the request above is 403, but the settings update still happens...

6.4AI score0.00547EPSS
Exploits2
WPVulnDB
WPVulnDB
added 2024/06/07 12:0 a.m.16 views

Formula < 0.5.2 - Reflected Cross-Site Scripting via ti_customizer_notify_dismiss_recommended_plugins

Description The Formula theme for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘id’ parameter in the 'ticustomizernotifydismissrecommendedplugins' AJAX action in all versions up to, and including, 0.5.1 due to insufficient input sanitization and output escaping. This makes it...

6.1CVSS6.3AI score0.00386EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/06/07 12:0 a.m.13 views

SKT Addons for Elementor < 2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Age Gate and Creative Slider Widgets

Description The SKT Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Age Gate and Creative Slider widgets in all versions up to, and including, 2.0 due to insufficient input sanitization and output escaping on user supplied attributes. This...

7.4CVSS5.8AI score0.00298EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/06/07 12:0 a.m.16 views

CF7 Google Sheets Connector < 5.0.10 - Missing Authorization to Limited Site Configuration Update

Description The CF7 Google Sheets Connector plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'executepostdatacg7free' function in all versions up to, and including, 5.0.9. This makes it possible for unauthenticated attackers to toggl...

6.5CVSS6.5AI score0.00352EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/06/07 12:0 a.m.20 views

Pagerank Tools <= 1.1.5 - Reflected XSS

Description The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin PoC https://example.com/wp-admin/tools.php?page=pagepageranks="...

8.5AI score0.00395EPSS
Exploits4
WPVulnDB
WPVulnDB
added 2024/06/07 12:0 a.m.16 views

Cards for Beaver Builder < 1.1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Cards Widget

Description The Cards for Beaver Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Cards widget in all versions up to, and including, 1.1.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS5.8AI score0.00329EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/06/07 12:0 a.m.12 views

Post Grid Gutenberg Blocks and WordPress Blog Plugin – PostX < 4.1.0 - Authenticated (Contributor+) Stored Cross=Site Scripting

Description The Post Grid Gutenberg Blocks and WordPress Blog Plugin – PostX plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the filterMobileText parameter in all versions up to, and including, 4.0.4 due to insufficient input sanitization and output escaping. This makes it...

5.9AI score0.0043EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/06/07 12:0 a.m.15 views

WP Reset < 2.03 - Missing Authorization to License Key Modification

Description The WP Reset plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the saveajax function in all versions up to, and including, 2.02. This makes it possible for authenticated attackers, with subscriber-level access and above, to...

4.3CVSS6.4AI score0.0028EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/06/07 12:0 a.m.12 views

Formula < 0.5.2 - Reflected Cross-Site Scripting via quality_customizer_notify_dismiss_action

Description The Formula theme for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘id’ parameter in the 'qualitycustomizernotifydismissaction' AJAX action in all versions up to, and including, 0.5.1 due to insufficient input sanitization and output escaping. This makes it possib...

6.1CVSS6.3AI score0.00386EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/06/07 12:0 a.m.10 views

Master Addons – Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor < 2.0.6.2 - Missing Authorization to Unauthenticated Stored Cross-Site Scripting via Navigation Menu Widget

Description The Master Addons – Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Navigation Menu widget of the plugin's Mega Menu extension in all versions up to, and including, 2.0.6.1 due to...

7.2CVSS6AI score0.00307EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/06/07 12:0 a.m.11 views

Widget4Call <= 1.0.7 - Reflected XSS

Description The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin PoC Make an admin open the URL:...

5.8AI score0.00555EPSS
Exploits2
WPVulnDB
WPVulnDB
added 2024/06/07 12:0 a.m.14 views

Simple AL Slider <= 1.2.10 - Reflected XSS

Description The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin PoC 1. Add a new project 2. As an admin, access the URL:...

5.8AI score0.00475EPSS
Exploits4
WPVulnDB
WPVulnDB
added 2024/06/07 12:0 a.m.11 views

Tutor LMS – eLearning and online course solution < 2.7.2 - Authenticated (Instructor+) Insecure Direct Object Reference to Arbitrary Quiz Attempt Deletion

Description The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.7.1 via the 'attemptdelete' function due to missing validation on a user controlled key. This makes it possible for...

4.3CVSS6.6AI score0.00343EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/06/07 12:0 a.m.11 views

Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblue < 3.1.78 - Reflected Cross-Site Scripting

Description The Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblue plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 3.1.77 due to insufficient input sanitization and output escaping. This makes it possible for...

7.1CVSS6.3AI score0.00288EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/06/07 12:0 a.m.13 views

Master Addons – Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor < 2.0.6.2 - Missing Authorization to MA Template Creation or Modification

Description The Master Addons – Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ma-template' REST API route in all versions up to, and including, 2.0.6.1. Th...

6.5CVSS6.7AI score0.00319EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/06/07 12:0 a.m.11 views

Minimal Coming Soon – Coming Soon Page < 2.39 - Missing Authorization to Limited Settings Change

Description The Minimal Coming Soon – Coming Soon Page plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the validateajax, deactivateajax, and saveajax functions in all versions up to, and including, 2.38. This makes it possible for...

6.3CVSS6.4AI score0.00436EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/06/06 12:0 a.m.9 views

Royal Elementor Addons and Templates < 1.3.977 - Authenticated (Author+) Stored Cross-Site Scripting via SVG Uploads

Description The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘customuploadmimes’ function in versions up to, and including, 1.3.976 due to insufficient input sanitization and output escaping. This makes it possible for authenticate...

6.4CVSS5.8AI score0.00314EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/06/06 12:0 a.m.10 views

WP Mobile Menu – The Mobile-Friendly Responsive Menu < 2.8.4.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image Alt

Description The WP Mobile Menu – The Mobile-Friendly Responsive Menu plugin for WordPress is vulnerable to Stored Cross-Site Scripting via image alt text in all versions up to, and including, 2.8.4.2 due to insufficient input sanitization and output escaping. This makes it possible for...

5.4CVSS5.8AI score0.00272EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/06/06 12:0 a.m.10 views

WP jQuery Lightbox < 1.5.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via title Attribute

Description The WP jQuery Lightbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘title’ attribute in all versions up to, and including, 1.5.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS5.8AI score0.0034EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/06/06 12:0 a.m.8 views

WS Form LITE <= 1.9.217 - Unauthenticated CSV Injection

Description The WS Form LITE plugin for WordPress is vulnerable to CSV Injection in versions up to, and including, 1.9.217. This allows unauthenticated attackers to embed untrusted input into exported CSV files, which can result in code execution when these files are downloaded and opened on a...

8.8CVSS7.5AI score0.00493EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/06/06 12:0 a.m.16 views

Strong Testimonials < 3.1.13 - Authenticated(Contributor+) Improper Authorization to Views Modification

Description The Strong Testimonials plugin for WordPress is vulnerable to unauthorized modification of data due to an improper capability check on the wpmtstsaveviewsticky function in all versions up to, and including, 3.1.12. This makes it possible for authenticated attackers, with contributor...

4.3CVSS6.4AI score0.00282EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/06/06 12:0 a.m.14 views

Tutor LMS – eLearning and online course solution < 2.7.2 -Authenticated (Administrator+) SQL Injection

Description The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to time-based SQL Injection via the ‘courseid’ parameter in all versions up to, and including, 2.7.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation o...

7.2CVSS7.3AI score0.00495EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/06/06 12:0 a.m.13 views

Royal Elementor Addons and Templates < 1.3.977 - Authenticated (Contributor+) Stored Cross-Site Scripting

Description The Royal Elementor Addons and Templates for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘inlinelist’ parameter in versions up to, and including, 1.3.976 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...

6.4CVSS5.8AI score0.00314EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/06/06 12:0 a.m.15 views

Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders < 5.8.16 - Authenticated (Contributor+) Stored Cross-Site Scripting via Lightbox and Modal Widget

Description The Essential Addons for Elementor Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘eaellightboxopenbtnicon’ parameter within the Lightbox & Modal widget in all versions up to, and including, 5.8.15 due to insufficient input sanitization and output...

6.4CVSS5.8AI score0.00263EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/06/06 12:0 a.m.21 views

Pure Chat – Live Chat Plugin & More! < 2.23 - Cross-Site Request Forgery

Description The Pure Chat plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.22. This is due to missing or incorrect nonce validation on the purechatupdate function. This makes it possible for unauthenticated attackers to update chat details v...

4.3CVSS6.4AI score0.00183EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/06/06 12:0 a.m.12 views

Envo Extra < 1.8.25 - Authenticated (Contributor+) Stored Cross-Site Scripting via Button Widget

Description The Envo Extra plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘buttoncssid’ parameter within the Button widget in all versions up to, and including, 1.8.23 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

6.4CVSS5.8AI score0.00321EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/06/06 12:0 a.m.14 views

Prime Slider – Addons For Elementor (Revolution of a slider, Hero Slider, Ecommerce Slider) < 3.14.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Pacific Widget

Description The Prime Slider – Addons For Elementor Revolution of a slider, Hero Slider, Ecommerce Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ attribute within the Pacific widget in all versions up to, and including, 3.14.7 due to insufficient input...

6.4CVSS5.8AI score0.00321EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/06/06 12:0 a.m.13 views

WooCommerce Tools < 1.2.10 - Missing Authorization to Authenticated (Subscriber+) Plugin Module Deactivation

Description The WooCommerce Tools plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the woocommercetooltogglemodule function in all versions up to, and including, 1.2.9. This makes it possible for authenticated attackers, with...

5.3CVSS6.5AI score0.00335EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/06/06 12:0 a.m.13 views

Download Plugins and Themes from Dashboard < 1.8.6 - Authenticated (Admin+) Arbitrary File Download

Description The Download Plugins and Themes in ZIP from Dashboard plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.8.5 via the downloadtheme function. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on t...

9.2AI score0.00669EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/06/06 12:0 a.m.7 views

Market Exporter < 2.0.20 - Missing Authorization to Arbitrary File Deletion

Description The Market Exporter plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'removefiles' function in all versions up to, and including, 2.0.19. This makes it possible for authenticated attackers, with Subscriber-level access and above,...

8.1CVSS6.5AI score0.0081EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/06/06 12:0 a.m.15 views

Clever Fox < 25.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

Description The Clever Fox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's info box block in all versions up to, and including, 25.2.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticate...

6.4CVSS5.7AI score0.00257EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/06/06 12:0 a.m.13 views

Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel - Combo Blocks < 2.2.81 - Authenticated (Contributor+) Stored Cross-Site Scripting via Block Attribute

Description The Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel – Combo Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'class' attribute of the menu-wrap-item block in all versions up to, and including, 2.2.80 due to insufficien...

6.4CVSS5.8AI score0.00263EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/06/06 12:0 a.m.17 views

Kadence Blocks Pro < 2.3.8 - Contributor+ Arbitrary Option Access

Description The plugin does not prevent users with at least the contributor role using some of its shortcode's functionalities to leak arbitrary options from the database. PoC 1. ADMIN: Install Kadence Blocks Pro 2. CONTRIBUTOR: Add shortcode to any post and specify/guess the option name and save...

6.5AI score0.00423EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2024/06/06 12:0 a.m.11 views

WP Booking < 2.4.5 - Authenticated Stored Cross-Site Scripting

Description The WP Booking plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 2.4.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers to inject arbitrary web scripts in pages that wil...

5.7AI score0.0037EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/06/06 12:0 a.m.7 views

Quiz And Survey Master – Best Quiz, Exam and Survey Plugin for WordPress < 9.0.2 - Authenticated (Contributor+) SQL Injection

Description The Quiz And Survey Master – Best Quiz, Exam and Survey Plugin for WordPress plugin for WordPress is vulnerable to SQL Injection via the 'questionid' parameter in all versions up to, and including, 9.0.1 due to insufficient escaping on the user supplied parameter and lack of sufficien...

9.9CVSS7.1AI score0.00483EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/06/06 12:0 a.m.13 views

One Page Express Companion < 1.6.38 - Authenticated (Contributor+) Stored Cross-Site Scripting via one_page_express_contact_form Shortcode

Description The One Page Express Companion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's onepageexpresscontactform shortcode in all versions up to, and including, 1.6.37 due to insufficient input sanitization and output escaping on user supplied attributes. Th...

6.4CVSS5.8AI score0.00263EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/06/06 12:0 a.m.10 views

GDPR CCPA Compliance & Cookie Consent Banner < 2.7.1 - Missing Authorization to Settings Update and Stored Cross-Site Scripting

Description The GDPR CCPA Compliance & Cookie Consent Banner plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several functions named ajaxUpdateSettings in all versions up to, and including, 2.7.0. This makes it possible for authenticate...

5.4CVSS6.5AI score0.00276EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/06/06 12:0 a.m.13 views

WP Chat App < 3.6.5 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admins to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed. PoC 1. Navigate to...

5.2AI score0.00373EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2024/06/06 12:0 a.m.11 views

Colibri Page Builder < 1.0.277 - Authenticated (Contributor+) Stored Cross-Site Scripting via colibri_video_player Shortcode

Description The Colibri Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's colibrivideoplayer shortcode in all versions up to, and including, 1.0.276 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

6.4CVSS5.8AI score0.00263EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/06/06 12:0 a.m.14 views

Photo Gallery by 10Web – Mobile-Friendly Image Gallery < 1.8.24 - Authenticated (Contributor+) Stored Cross-Site Scripting via Zipped SVG

Description The Photo Gallery by 10Web – Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘svg’ parameter in all versions up to, and including, 1.8.23 due to insufficient input sanitization and output escaping. This makes it possible for...

6.4CVSS5.7AI score0.00314EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/06/06 12:0 a.m.13 views

H5P < 1.15.8 - Contributor+ Stored XSS

Description The plugin does not validate uploads which could allow a Contributors and above to update malicious SVG files, leading to Stored Cross-Site Scripting issues PoC 1. Upload an H5P archive containing a malicious SVG file w/an XSS 2. Example:...

5.3AI score0.00315EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2024/06/06 12:0 a.m.13 views

BetterDocs – Best Documentation, FAQ & Knowledge Base Plugin with AI Support & Instant Answer for Elementor & Gutenberg < 3.3.4 - Unauthenticated PHP Object Injection

Description The BetterDocs plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.3.3 via deserialization of untrusted input. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present in the vulnerable...

9CVSS7.4AI score0.00864EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/06/06 12:0 a.m.11 views

Clever Fox – One Click Website Importer by Nayra Themes < 25.2.1 - Missing Authorization to arbitrary theme activation via clever-fox-activate-theme

Description The Clever Fox – One Click Website Importer by Nayra Themes plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'clever-fox-activate-theme' function in all versions up to, and including, 25.2.0. This makes it possible for...

5.4CVSS6.3AI score0.00385EPSS
Exploits0References1Affected Software1
Total number of security vulnerabilities14602