Lucene search
K
WpvulndbRecent

14602 matches found

WPVulnDB
WPVulnDB
added 2024/01/17 12:0 a.m.9 views

Restaurant & Cafe Addon for Elementor < 1.5.3 - Missing Authorization

Description The plugin is vulnerable to unauthorized modification of data due to missing capability checks on the rcafebwsettingssavefunc, rctlbwtogglesubmitfunc, rcafeuwsettingssavefunc, and rctluwtogglesubmitfunc functions all hooked via nopriv AJAX actions in all versions up to, and including,...

6.9AI score
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/17 12:0 a.m.15 views

Legal Pages < 1.3.9 - Missing Authorization

Description The plugin is vulnerable to unauthorized modification of data due to a missing capability check on the moveToTrash and fetchandinserttemplatedata functions hooked via AJAX in all versions up to, and including, 1.3.8. This makes it possible for authenticated attackers, with...

6.8AI score
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/17 12:0 a.m.5 views

Premmerce Redirect Manager < 1.0.12 - Admin+ Stored XSS

Description The plugin is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to 1.0.12 exclusive due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject...

5.9AI score
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/17 12:0 a.m.23 views

Image Compressor & Optimizer - iLoveIMG < 1.0.6 - Admin+ PHP Object Injection

Description The plugin is vulnerable to PHP Object Injection in all versions up to 1.0.6 exclusive via deserialization of untrusted input. This makes it possible for authenticated attackers, with admin access or higher to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a...

7.4AI score
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/17 12:0 a.m.9 views

WP Courses LMS < 3.2.4 - Subscriber+ Arbitrary Options Update

Description The plugin is vulnerable to unauthorized modification of data due to missing capability check on the wpcsavefeoption function hooked via AJAX in all versions up to, and including, 3.2.3. This makes it possible for authenticated attackers, with subscriber-level access and above, to...

7.2AI score
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/17 12:0 a.m.8 views

Sprout Invoices < 20.5.4 - Sensitive Information Exposure

Description The plugin is vulnerable to Sensitive Information Exposure in all versions up to 20.5.4 exclusive via the systemhealthcheck function. This makes it possible for authenticated attackers with subscriber access and above to extract sensitive data including system configuration informatio...

6.6AI score
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/17 12:0 a.m.10 views

Events Addon for Elementor < 2.1.3 - Cross-Site Request Forgery

Description The plugin is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.1.2. This is due to missing nonce validation on the naeventsbwsettingssavefunc, naeventsbwtogglesubmitfunc, naeventsprosettingssavefunc, naeventsprotogglesubmitfunc and...

6.6AI score
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/17 12:0 a.m.19 views

Analytics Insights for Google Analytics 4 < 6.3 - Open Redirect

Description The plugin is vulnerable to Open Redirect due to insufficient validation on the redirect oauth2callback.php file. This makes it possible for unauthenticated attackers to redirect users to potentially malicious sites if they can successfully trick them into performing an action. PoC...

6.5AI score0.01254EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/17 12:0 a.m.19 views

Orbit Fox by ThemeIsle < 2.10.28 - Contributor+ Stored XSS

Description The plugin is vulnerable to Stored Cross-Site Scripting via the plugin's Pricing Table Elementor Widget in all versions up to, and including, 2.10.27 due to insufficient input sanitization and output escaping on the user supplied link URL...

6.4CVSS5.8AI score0.00525EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/17 12:0 a.m.11 views

Wordpress File Upload < 4.24.1 - Cross-Site Request Forgery

Description The WordPress File Upload plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.24.0. This is due to missing or incorrect nonce validation on the wfuajaxactionsaveshortcode function. This makes it possible for unauthenticated attacker...

6.6AI score
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/17 12:0 a.m.11 views

Restaurant & Cafe Addon for Elementor < 1.5.3 - Cross-Site Request Forgery

Description The plugin is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5.2. This is due to missing nonce validation on the rcafebwsettingssavefunc, rctlbwtogglesubmitfunc, rcafeuwsettingssavefunc, and rctluwtogglesubmitfunc functions. This makes it possible for...

6.6AI score
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/17 12:0 a.m.15 views

avalex – Automatisch sichere Rechtstexte < 3.0.9 - Missing Authorization

Description The plugin is vulnerable to unauthorized modifcation of data due to a missing capability check on the saveApiKey function hooked via admininit in all versions up to, and including, 3.0.8. This makes it possible for unauthenticated attackers to modify the API key for the plugin...

6.9AI score
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/17 12:0 a.m.9 views

WP Courses LMS < 3.2.4 - Cross-Site Request Forgery

Description The plugin is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.2.3. This is due to missing nonce validation on several functions hooked via AJAX in the /ajax/ajax-lesson-order.php file. This makes it possible for unauthenticated attackers to to perform...

6.7AI score
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/17 12:0 a.m.14 views

Advanced Woo Search < 2.97 - Reflected Cross-Site Scripting

Description The plugin is vulnerable to Reflected Cross-Site Scripting via the search parameter in all versions up to, and including, 2.96 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that...

6.1CVSS6.3AI score0.00478EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/17 12:0 a.m.14 views

Order Export & Order Import for WooCommerce < 2.4.4 - Shop Manager+ Arbitrary File Upload

Description The plugin is vulnerable to arbitrary file uploads due to missing file type validation in the uploadimportfile function in all versions up to, and including, 2.4.3. This makes it possible for authenticated attackers, with shop manager-level access and above, to upload arbitrary files ...

8CVSS7.6AI score0.00525EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/17 12:0 a.m.16 views

Welcart e-Commerce < 2.9.5 - Cross-Site Request Forgery

Description The plugin is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.9.4. This is due to missing or incorrect nonce validation on several functions. This makes it possible for unauthenticated attackers to upload files via a forged request granted they can tri...

6.9AI score
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/17 12:0 a.m.28 views

AI Engine: ChatGPT Chatbot < 1.9.99 - Unauthenticated Arbitrary File Upload

Description The plugin is vulnerable to arbitrary file uploads due to missing file type validation in the 'restupload' function in all versions up to, and including, 1.9.98. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make...

10CVSS7.9AI score0.65046EPSS
Exploits4References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/17 12:0 a.m.11 views

WP Courses LMS < 3.2.4 - Missing Authorization

Description The plugin is vulnerable to unauthorized modification of data due to missing capability checks on several functions in the /ajax/ajax-lesson-order.php file hooked via AJAX in all versions up to, and including, 3.2.3. This makes it possible for authenticated attackers, with...

6.8AI score
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/17 12:0 a.m.17 views

Welcart e-Commerce < 2.9.6 - Admin+ PHP Object Injection

Description The plugin is vulnerable to PHP Object Injection in all versions up to 2.9.5 inclusive via deserialization of untrusted input in the welcartconfirmcheckajax function. This makes it possible for administrators to inject a PHP Object. No POP chain is present in the vulnerable plugin. If...

7.5AI score
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/17 12:0 a.m.37 views

popup-builder < 4.2.6 - Admin+ SSRF & File Read

Description The plugin does not validate a parameter before making a request to it, which could allow users with the administrator role to perform SSRF attack in Multisite WordPress configurations. PoC 1. Create a multi-site wordpress setup, i.e. using docker-containers, and setup a second "site"...

6.5AI score0.00812EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/17 12:0 a.m.47 views

Web3 – Crypto wallet Login & NFT token gating < 3.0.0 - Authentication Bypass

Description The plugin is vulnerable to an authentication bypass due to incorrect authentication checking in the login flow in functions 'handleauthrequest' and 'hadleloginrequest'. This makes it possible for non authenticated attackers to log in as any existing user on the site, such as an...

6.5AI score0.01773EPSS
Exploits3Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/17 12:0 a.m.20 views

MapPress Maps for WordPress < 2.88.16 - Unauthenticated Arbitrary Private/Draft Post Disclosure

Description The plugin does not ensure that posts to be retrieve via an AJAX action is a public map, allowing unauthenticated users to read arbitrary private and draft posts. The fix made in 2.88.15 is not sufficient as it still allowed any authenticated users, such s subscriber to read arbitrary...

6.4AI score0.00568EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/17 12:0 a.m.29 views

MapPress Maps for WordPress < 2.88.15 - Contributor+ Stored XSS

Description The plugin does not sanitize and escape the map title when outputting it back in the admin dashboard, allowing Contributors and above roles to perform Stored Cross-Site Scripting attacks PoC As a contributor, create/edit a map with the below payload as title and attach it to a post ca...

5.2AI score0.00462EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/16 12:0 a.m.23 views

EazyDocs < 2.4.0 - Subscriber+ Arbitrary Posts Deletion and Document Management

Description The plugin re-introduced CVE-2023-6029 https://wpscan.com/vulnerability/7a0aaf85-8130-4fd7-8f09-f8edc929597e/ in 2.3.8, allowing any authenticated users, such as subscriber to delete arbitrary posts, as well as add and delete documents/sections. The issue was partially fixed in 2.3.9...

7.4AI score0.00424EPSS
Exploits4Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/16 12:0 a.m.20 views

Contact Form 7 Extension For Mailchimp <= 0.5.70 - Subscriber+ Server-Side Request Forgery

Description The plugin is vulnerable to Server-Side Request Forgery in all versions up to, and including, 0.5.70. This makes it possible for authenticated attackers, with subscriber-level access and above, to make web requests to arbitrary locations originating from the web application which can ...

6.5CVSS6.4AI score0.00277EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/01/15 12:0 a.m.19 views

MailerLite – WooCommerce integration < 2.0.9 - Missing Authorization via Multiple Functions

Description The MailerLite – WooCommerce integration plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on multiple functions in versions up to, and including, 2.0.8. This makes it possible for authenticated attackers, with subscriber-level...

6.7AI score0.00407EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/15 12:0 a.m.22 views

FastDup – Fastest WordPress Migration & Duplicator < 2.2 - Directory Listing to Account Takeover and Sensitive Data Exposure

Description The plugin does not prevent directory listing in sensitive directories containing export files. PoC 1 Run backup function http://yoursite/wordpress/wp-admin/admin.php?page=njt-fastdup/ 2 During backup creation, you can intercept the following paths:...

5.3CVSS5.6AI score0.00913EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/15 12:0 a.m.25 views

MailerLite – WooCommerce integration < 2.0.9 - Cross-Site Request Forgery via Multiple AJAX Functions

Description The MailerLite – WooCommerce integration plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.0.8. This is due to missing or incorrect nonce validation on multiple AJAX functions. This makes it possible for unauthenticated attackers to...

8.8CVSS6.7AI score0.00208EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/15 12:0 a.m.28 views

Beds24 Online Booking < 2.0.25 - Contributor+ Stored XSS

Description The plugin does not sanitise and escape some parameters, which could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks...

6.5CVSS8.1AI score0.0032EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/01/15 12:0 a.m.24 views

Barcode Scanner with Inventory & Order Manager < 1.5.2 - Unauthenticated Arbitrary File Upload via uploadFile

Description The Simple Inventory Management – just scan barcode to manage products and orders. For WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'uploadFile' function in all versions up to, and including, 1.5.1. This makes it...

10CVSS8.2AI score0.00631EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/15 12:0 a.m.16 views

Droit Elementor Addons <= 3.1.5 - Cross-Site Request Forgery

Description The Droit Elementor Addons plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.1.5. This is due to missing or incorrect nonce validation. This makes it possible for unauthenticated attackers to perform unauthorized actions via a forged...

8.8CVSS6.7AI score0.00214EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/01/15 12:0 a.m.18 views

Advanced Flamingo <= 1.0 - Cross-Site Request Forgery

Description The Advanced Flamingo plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0. This is due to missing or incorrect nonce validation. This makes it possible for unauthenticated attackers to perform unauthorized actions via a forged request...

8.8CVSS6.7AI score0.00214EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/01/15 12:0 a.m.17 views

Word Replacer Pro <= 1.0 - Missing Authorization

Description The Word Replacer Pro plugin for WordPress is vulnerable to unauthorized access due to a missing capability check in versions up to, and including, 1.0. This makes it possible for unauthenticated attackers to perform unauthorized actions...

6.5CVSS7AI score0.00498EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/01/15 12:0 a.m.18 views

RabbitLoader < 2.19.14 - Missing Authorization via multiple AJAX actions

Description The RabbitLoader plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on multiple AJAX functions in versions up to, and including, 2.19.13. This makes it possible for authenticated attackers, with subscriber-level...

6.6AI score0.00331EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/15 12:0 a.m.28 views

Seraphinite Accelerator < 2.20.48 - Unauthenticated Sensitive Information Exposure via Log File

Description The plugin is vulnerable to Sensitive Information Exposure, allowing unauthenticated attackers to extract sensitive user or configuration data from log files...

5.3CVSS9.4AI score0.00443EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/15 12:0 a.m.28 views

Barcode Scanner with Inventory & Order Manager < 1.5.2 - Unauthenticated SQL Injection via userToken

Description The Simple Inventory Management – just scan barcode to manage products and orders. For WooCommerce plugin for WordPress is vulnerable to SQL Injection via the ‘userToken’ parameter in all versions up to 1.5.2 exclusive due to insufficient escaping on the user supplied parameter and la...

9.8CVSS7.8AI score0.00553EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/13 12:0 a.m.11 views

Index Now < 2.6.4 - Cross-Site Request Forgery via reset_form

Description The Index Now plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.6.3. This is due to missing or incorrect nonce validation on the 'resetform' function. This makes it possible for unauthenticated attackers to delete arbitrary site...

8.8CVSS6.2AI score0.00266EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/12 12:0 a.m.20 views

Quiz Maker < 6.5.1.2 - Missing Authorization

Description The Quiz Maker plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in versions up to, and including, 6.5.1.1. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform unauthorized actio...

6.2AI score0.00444EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/12 12:0 a.m.16 views

Randomize <= 1.4.3 - Authenticated (Contributor+) SQL Injection

Description The Randomize plugin for WordPress is vulnerable toSQL Injection in versions up to, and including, 1.4.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with...

8.8CVSS7.3AI score0.00544EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/01/12 12:0 a.m.19 views

Infogram <= 1.6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

Description The Infogram plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.6.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject...

6.5CVSS5.5AI score0.0031EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/01/12 12:0 a.m.16 views

HTML5 MP3 Player with Folder Feedburner <= 2.8.0 - Authenticated (Author+) PHP Object Injection

Description The HTML5 MP3 Player with Folder Feedburner Playlist Free plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.8.0 via deserialization of untrusted input. This makes it possible for authenticated attackers, with author-level access and...

9.1CVSS7.4AI score0.00618EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/01/12 12:0 a.m.18 views

Gecka Terms Thumbnails <= 1.1 - Authenticated (Subscriber+) PHP Object Injection

Description The Gecka Terms Thumbnails plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.1 via deserialization of untrusted input. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject a PHP Object. N...

9.9CVSS7.1AI score0.00621EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/01/12 12:0 a.m.10 views

Custom post types < 5.0.0 - Admin+ Stored Cross-Site Scripting

Description The plugin is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to 5.0.0 exclusive due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject...

5.9AI score
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/12 12:0 a.m.11 views

Private Google Calendars < 20240106 - Contributor+ Stored XSS

Description The plugin does not validate and escape some parameters, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

6.5CVSS5.8AI score0.00309EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/12 12:0 a.m.10 views

Constant Contact Forms < 2.4.3 - Information Disclosure via Log Files

Description The Constant Contact Forms plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.4.2. This makes it possible for unauthenticated attackers to extract sensitive data from log files...

7.5CVSS6.7AI score0.00443EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/12 12:0 a.m.20 views

Contact Form 7 – Dynamic Text Extension < 4.2.0 - Insecure Direct Object Reference

Description The plugin is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.1.0 via the CF7getcustomfield and CF7getcurrentuser shortcodes due to missing validation on a user controlled key. This makes it possible for authenticated attackers with contributor...

4.3CVSS6.7AI score0.00349EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/12 12:0 a.m.16 views

Product Delivery Date for WooCommerce – Lite < 2.7.1 - Missing Authorization

Description The Product Delivery Date for WooCommerce – Lite plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the prdddeleteallspecialdelivery function in versions up to, and including, 2.7.0. This makes it possible for unauthenticated attackers to...

6.4AI score0.0025EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/12 12:0 a.m.16 views

Rate Star Review < 1.5.2 - Reflected Cross-Site Scripting

Description The Rate Star Review plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 1.5.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages...

7.1CVSS6.3AI score0.00323EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/12 12:0 a.m.15 views

HTML5 MP3 Player with Playlist Free <= 3.0.0 - Authenticated (Author+) PHP Object Injecton

Description The HTML5 MP3 Player with Playlist Free plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.0.0 via deserialization of untrusted input. This makes it possible for authenticated attackers, with author-level access and above, to inject a PH...

9.1CVSS7.4AI score0.00616EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/01/12 12:0 a.m.12 views

WooCommerce Conversion Tracking < 2.0.12 - Subscriber+ happy-elementor-addons Installation & Activation

Description The plugin does not have authorisation checks in some AJAX actions, which could allow any authenticated users, such as subscriber to install and activate the happy-elementor-addons addon plugin...

9.3AI score0.00232EPSS
Exploits0References1Affected Software1
Total number of security vulnerabilities14602