Lucene search
K
WpvulndbRecent

14602 matches found

WPVulnDB
WPVulnDB
added 2024/01/24 12:0 a.m.18 views

12 Step Meeting List < 3.14.29 - Subscriber+ CSV Download

Description The plugin does not have authorisation in its csv AJAX action, allowing any authenticated users, such a subscriber to export meetings and gain access to sensitive information...

8.8CVSS6.2AI score0.00335EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/01/24 12:0 a.m.14 views

WP-Lister Lite for eBay < 3.5.8 - Reflected Cross-Site Scripting via 's'

Description The WP-Lister Lite for eBay plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 's' parameter in versions up to, and including, 3.5.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

5.8CVSS6.1AI score0.00334EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/24 12:0 a.m.38 views

File Manager Pro < 8.3.5 - Authenticated (Subscriber+) Arbitrary File Upload

Description The File Manager Pro plugin for WordPress is vulnerable to Arbitrary File Upload in all versions up to, and including, 8.3.4 via the mkcheckfilemanagerphpsyntax AJAX function. This makes it possible for authenticated attackers, with subscriber access and above, to execute code on the...

6.5CVSS6.6AI score0.15871EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/24 12:0 a.m.7 views

ARI Stream Quiz < 1.3.0 - Cross-Site Request Forgery

Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...

7.1AI score
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/24 12:0 a.m.14 views

Views for WPForms < 3.2.3 - Missing Authorization via get_form_fields

Description The Views for WPForms – Display & Edit WPForms Entries on your site frontend plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'getformfields' function in all versions up to, and including, 3.2.2. This makes it possible for...

4CVSS6.2AI score0.00359EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/24 12:0 a.m.20 views

SalesKing < 1.6.30 - Unauthenticated Privilege Escalation

Description The plugin is vulnerable to privilege escalation. This allows unauthenticated attackers to create arbitrary malicious administrator accounts...

7AI score0.00585EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/24 12:0 a.m.18 views

PDF Viewer & 3D PDF Flipbook – DearPDF <= 2.0.38 - Authenticated (Contributor+) Stored Cross-Site Scripting

Description The PDF Viewer & 3D PDF Flipbook – DearPDF plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.0.38 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level...

4.9CVSS5.5AI score0.0031EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/01/24 12:0 a.m.15 views

CBX Map for Google Map & OpenStreetMap < 1.1.12 - Contributor+ Stored XSS

Description The plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user...

6.5CVSS5.3AI score0.0031EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/24 12:0 a.m.23 views

Photo Gallery by 10Web - Mobile-Friendly Image Gallery < 1.8.20 - Directory Traversal to Arbitrary File Rename

Description The plugin is vulnerable to Directory Traversal attacks via the renameitem function. This makes it possible for authenticated attackers to rename arbitrary files on the server. Note: By default this can be exploited by administrators only. In the premium version of the plugin,...

5.8CVSS6.4AI score0.01312EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/23 12:0 a.m.20 views

Advanced Page Visit Counter <= 8.0.6 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC 1. Visit the "Settings" interface...

4.8AI score0.00318EPSS
Exploits2
WPVulnDB
WPVulnDB
added 2024/01/23 12:0 a.m.12 views

Marketing Twitter Bot <= 1.11 - Settings Update to Stored XSS via CSRF

Description The plugin does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack PoC Have an admin open an HTML page containing the following:...

8.8AI score0.0014EPSS
Exploits2References1
WPVulnDB
WPVulnDB
added 2024/01/23 12:0 a.m.11 views

Travelpayouts < 1.1.14 - Reflected XSS

Description The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin PoC Make a logged in admin open the URL below:...

5.8AI score0.00318EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/23 12:0 a.m.16 views

Advanced Schedule Posts <= 2.1.8 - Reflected XSS

Description The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admins. PoC...

8.5AI score0.00265EPSS
Exploits2
WPVulnDB
WPVulnDB
added 2024/01/23 12:0 a.m.17 views

illi Link Party! <= 1.0 - Unauthenticated Arbitrary Link Deletion

Description The plugin lacks proper access controls, allowing unauthenticated visitors to delete links. PoC http://example.com/?page=illi3/includes/functions.php=deletesubmission=INSERTID Replace "INSERTID" with an ID of a link and hit enter. The link will be deleted...

9.4AI score0.00374EPSS
Exploits3
WPVulnDB
WPVulnDB
added 2024/01/23 12:0 a.m.24 views

WolfNet IDX for WordPress <= 1.19.1 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC 1. In the settings of the plugin,...

7.8AI score0.00305EPSS
Exploits2
WPVulnDB
WPVulnDB
added 2024/01/23 12:0 a.m.13 views

WP Customer Area < 8.2.3 - Reflected Cross-Site Scripting

Description The WP Customer Area plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tab' parameter in all versions up to, and including, 8.2.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

5.8CVSS6.3AI score0.00471EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/23 12:0 a.m.16 views

illi Link Party! <= 1.0 - Admin+ Stored Cross-Site Scripting

Description The plugin does not sanitize and escape some parameters, which could allow users with a role as low as admin to perform Cross-Site Scripting attacks. PoC 1. Go to "Settings Link Party!". 2. Under "Add a New Party", enter the payload for either the "Party Name" or "Party Description":...

8.7AI score0.00319EPSS
Exploits2
WPVulnDB
WPVulnDB
added 2024/01/23 12:0 a.m.9 views

aBitGone CommentSafe <= 1.0.0 - Settings Update to Stored XSS via CSRF

Description The plugin does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack. PoC Make an admin open an HTML file containing the following:...

8.8AI score0.00163EPSS
Exploits2References1
WPVulnDB
WPVulnDB
added 2024/01/23 12:0 a.m.12 views

Ultimate Noindex Nofollow Tool <= 1.1.2 - Settings Update via CSRF

Description The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack PoC Have an admin open an HTML file containing the following:...

9.2AI score0.00176EPSS
Exploits2References1
WPVulnDB
WPVulnDB
added 2024/01/23 12:0 a.m.10 views

SVG Uploads Support <= 2.1.1 - Author+ Stored XSS via SVG

Description The plugin does not sanitize uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads. PoC Upload an SVG with the following code: Access the uploaded file directly to see the XSS...

9.1AI score0.00243EPSS
Exploits2
WPVulnDB
WPVulnDB
added 2024/01/23 12:0 a.m.9 views

WP-Reply Notify <= 1.1 - Settings Update via CSRF

Description The plugin does not have a CSRF check in place when updating its settings, which could allow attackers to make a logged-in admin change them via a CSRF attack. PoC Make an admin open an HTML page containing the following:...

9.2AI score0.00176EPSS
Exploits2References1
WPVulnDB
WPVulnDB
added 2024/01/23 12:0 a.m.15 views

Better Follow Button for Jetpack <= 8.0 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. PoC 1. Navigate to:...

7.8AI score0.00255EPSS
Exploits2
WPVulnDB
WPVulnDB
added 2024/01/23 12:0 a.m.13 views

illi Link Party! <= 1.0 - Unauthenticated Stored XSS

Description The plugin does not sanitise and escape some parameters, which could allow unauthenticated vistors to perform Cross-Site Scripting attacks. PoC 1. Add a new link party and add its shortcode to a new post. 2. In a new private window, navigate to the post where you added the shortcode...

8.7AI score0.00265EPSS
Exploits2
WPVulnDB
WPVulnDB
added 2024/01/23 12:0 a.m.17 views

illi Link Party! <= 1.0 - Settings Update via CSRF

Description The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack. PoC Make an admin open the following HTML: See that the support the plugin option is toggled on/off...

9.3AI score0.00153EPSS
Exploits2
WPVulnDB
WPVulnDB
added 2024/01/23 12:0 a.m.13 views

Add SVG Support for Media Uploader | inventivo <= 1.0.5 - Author+ Stored XSS via SVG

Description The plugin does not sanitize uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads. PoC Upload an SVG with the following code: Access the uploaded file directly to see the XSS...

9.1AI score0.00243EPSS
Exploits2
WPVulnDB
WPVulnDB
added 2024/01/22 12:0 a.m.13 views

Popup Box Pro < 20.9.0 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed PoC Create/edit a new popup and add the following payload in the Custom Content: Save, and...

5.7AI score0.0048EPSS
Exploits3Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/22 12:0 a.m.11 views

WPZOOM Shortcodes < 1.0.2 - Reflected Cross-Site Scripting

Description The WPZOOM Shortcodes plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via certain input fields in versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

7.1CVSS6.2AI score0.00331EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/22 12:0 a.m.14 views

SimpleMap Store Locator <= 2.6.1 - Unauthenticated Stored Cross-Site Scripting

Description The SimpleMap Store Locator plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.6.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pag...

7.1CVSS5.9AI score0.00331EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/01/22 12:0 a.m.17 views

Popup Box Pro < 7.9.0 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed PoC Create/edit a new popup and add the following payload in the Custom Content: Save, and...

5.7AI score0.0048EPSS
Exploits3Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/22 12:0 a.m.18 views

PDF Generator For Fluent Forms < 1.1.8 - Cross-Site Scripting

Description The PDF Generator For Fluent Forms – The Contact Form Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the header, PDF body and footer content parameters in all versions up to, and including, 1.1.7 due to insufficient input sanitization and output escaping...

4.9CVSS6AI score0.00393EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/22 12:0 a.m.25 views

IP2Location Country Blocker < 2.33.4 - Unauthenticated Sensitive Information Exposure via Debug Log File

Description The IP2Location Country Blocker plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.33.3 via ip2location-country-blocker.php. This makes it possible for unauthenticated attackers to extract sensitive data including debug...

7.5CVSS6.6AI score0.00453EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/22 12:0 a.m.22 views

Asgaros Forum < 2.8.0 - Unauthenticated PHP Object Injection in prepare_unread_status

Description The Asgaros Forum plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.7.2 via deserialization of untrusted input in the prepareunreadstatus function. This makes it possible for unauthenticated attackers to inject a PHP Object. If a POP...

9.8CVSS7.3AI score0.00581EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/22 12:0 a.m.16 views

SalesKing < 1.6.30 - Missing Authorization to Settings Change

Description The SalesKing plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check in all versions up to, and including, 1.6.15. This makes it possible for unauthenticated attackers to modify plugin settings...

6.5CVSS6.6AI score0.00412EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/22 12:0 a.m.13 views

WP To Do < 1.2.9 - Contributor+ Stored XSS

Description The plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input sanitization and output escaping, allowing authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injecte...

6.5CVSS5.4AI score0.00317EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/22 12:0 a.m.18 views

Delhivery Logistics Courier <= 1.0.107 - Authenticated (Subscriber+) SQL Injection

Description The Delhivery Logistics Courier plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 1.0.107 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

8.8CVSS7AI score0.00544EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/01/22 12:0 a.m.14 views

Sticky Buttons < 3.2.3 - Authenticated (Admin+) Stored Cross-Site Scripting

Description The Sticky Buttons – floating buttons builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via sticky URLs in all versions up to, and including, 3.2.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...

4.3CVSS5.8AI score0.00301EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/20 12:0 a.m.12 views

Customer Reviews for WooCommerce < 5.38.2 - Cross-Site Request Forgery via manual review reminders

Description The plugin is vulnerable to Cross-Site Request Forgery in all versions up to 5.38.2 exclusive. This is due to missing or incorrect nonce validation on the manualreviewreminder, manualwareviewreminder, and manualreviewreminderconf functions. This makes it possible for unauthenticated...

6.7AI score
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/20 12:0 a.m.11 views

Author Box, Guest Author and Co-Authors for Your Posts – Molongui < 4.7.5 - Information Exposure via ma_debug

Description The plugin is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.7.4 via the 'madebu' parameter. This makes it possible for unauthenticated attackers to extract sensitive data including post author emails and names if applicable...

7.5CVSS6.5AI score0.00656EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/20 12:0 a.m.24 views

Import and export users and customers < 1.24.7 - Missing Authorization via fire_cron REST endpoint

Description The plugin is vulnerable to unauthorized modification of data due to an improper capability check on the firecron function in versions up to, and including, 1.24.6. This makes it possible for unauthenticated attackers to trigger the plugin's cron job...

6.6AI score0.00317EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/20 12:0 a.m.13 views

Burst Statistics Really Simple Plugins < 1.5.4 - Editor+ SQL Injection

Description The plugin is vulnerable to Post-Authenticated SQL Injection via multiple JSON parameters in the /wp-json/burst/v1/data/compare endpoint. Affected parameters include 'browser', 'device', 'pageid', 'pageurl', 'platform', and 'referrer'. This vulnerability arises due to insufficient...

7.2CVSS7.7AI score0.00622EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/20 12:0 a.m.13 views

Essential Addons for Elementor < 5.9.5 - Contributor+ Stored Cross-Site Scripting via Image URl

Description The plugin is vulnerable to Stored Cross-Site Scripting via the plugin's Filterable Gallery widget in all versions up to, and including, 5.9.4 due to insufficient input sanitization and output escaping on the Image URL. This makes it possible for authenticated attackers with...

5.4CVSS5.9AI score0.00402EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/20 12:0 a.m.19 views

Getwid – Gutenberg Blocks < 2.0.5 - Captcha Bypass

Description The plugin is vulnerable to CAPTCHA Bypass in versions up to, and including, 2.0.4. This makes it possible for unauthenticated attackers to bypass the Captcha Verification of the Contact Form block by omitting 'g-recaptcha-response' from the 'data' array...

5.3CVSS6.7AI score0.00534EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/20 12:0 a.m.27 views

Schema & Structured Data for WP & AMP < 1.26 - Contributor+ Stored Cross-Site Scripting

Description The plugin is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 1.25 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with...

6.5CVSS5.9AI score0.0034EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/20 12:0 a.m.15 views

WP Recipe Maker < 9.1.1 - Contributor+ Stored Cross-Site Scripting via header_tag

Description The plugin is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 9.1.0 due to unrestricted use of the 'headertag' attribute. This makes it possible for authenticated attackers with contributor-level and above permissions to inje...

6.4CVSS5.6AI score0.00561EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/20 12:0 a.m.11 views

Customer Reviews for WooCommerce < 5.38.2 - Missing Authorization via manual review reminders

Description The plugin is vulnerable to unauthorized modification of data due to a missing capability check on the manualreviewreminder, manualwareviewreminder, and manualreviewreminderconf functions in all versions up to 5.38.2 exclusive. This makes it possible for authenticated attackers, with...

6.7AI score
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/20 12:0 a.m.42 views

WPS Hide Login < 1.9.12 - Hidden Login Page Location Disclosure

Description The plugin is vulnerable to login page disclosure in all versions up to, and including, 1.9.11. This makes it possible for unauthenticated attackers to bypass an intended security restriction designed to prevent brute force authentication attempts on multi-site installations...

7.4AI score0.00303EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/20 12:0 a.m.21 views

Product Import Export for WooCommerce < 2.3.8 - Shop Manager+ Arbitrary File Upload via upload_import_file

Description The plugin is vulnerable to arbitrary file uploads due to missing file type validation in the 'uploadimportfile' function n all versions up to, and including, 2.3.7. This makes it possible for authenticated attackers, with Shop Manager access and above, to upload arbitrary files on th...

8CVSS7.6AI score0.00525EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/20 12:0 a.m.24 views

Getwid – Gutenberg Blocks < 2.0.5 - Missing Authorization to Recaptcha API Key Modification

Description The plugin is vulnerable to unauthorized modification of data due to a missing capability check on the recaptchaapikeymanage function in all versions up to, and including, 2.0.3. This makes it possible for authenticated attackers, with subscriber-level access and above, to add, modify...

4.3CVSS6.3AI score0.00428EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/20 12:0 a.m.21 views

Advanced Custom Fields < 6.2.5 - Contributor+ Stored Cross-Site Scripting via Custom Field

Description The plugin is vulnerable to Stored Cross-Site Scripting via a custom text field in all versions up to, and including, 6.2.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to injec...

6.4CVSS5.6AI score0.00523EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/20 12:0 a.m.22 views

WP Recipe Maker < 9.1.1 - Contributor+ Stored Cross-Site Scripting via 'tag'

Description The plugin is vulnerable to Stored Cross-Site Scripting via the use of the 'tag' attribute in the wprm-recipe-name, wprm-recipe-date, and wprm-recipe-counter shortcodes in all versions up to, and including, 9.1.0. This makes it possible for authenticated attackers with contributor-lev...

6.4CVSS5.8AI score0.00578EPSS
Exploits0References1Affected Software1
Total number of security vulnerabilities14602