Lucene search
K
WpvulndbRecent

14602 matches found

WPVulnDB
WPVulnDB
added 2024/01/11 12:0 a.m.20 views

Envira Gallery Lite < 1.8.7.3 - Missing Authorization to Gallery Modification via envira_gallery_insert_images

Description The plugin is vulnerable to unauthorized modification of data due to an improper capability check on the 'enviragalleryinsertimages' function in all versions up to, and including, 1.8.7.1. This makes it possible for authenticated attackers, with contributor access and above, to modify...

4.3CVSS6.5AI score0.00406EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/11 12:0 a.m.12 views

WordPress Button Plugin MaxButtons < 9.7.6 - Authenticated (Administrator+) Stored Cross-Site Scripting

Description The WordPress Button Plugin MaxButtons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 9.7.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

4.8CVSS5.7AI score0.00319EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/11 12:0 a.m.80 views

POST SMTP Mailer < 2.8.8 - Authorization Bypass via type connect-app API

Description The plugin is vulnerable to unauthorized access of data and modification of data due to a type juggling issue on the connect-app REST endpoint in all versions up to, and including, 2.8.7. This makes it possible for unauthenticated attackers to reset the API key used to authenticate to...

9.8CVSS9.5AI score0.90339EPSS
Exploits6References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/10 12:0 a.m.18 views

Formidable Forms < 6.7.1 - Admin+ Stored Cross-Site Scripting

Description The plugin is vulnerable to Stored Cross-Site Scripting via the name field label and description field label parameter in all versions up to 6.7 inclusive due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

4.8CVSS5.9AI score0.00316EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/10 12:0 a.m.25 views

ElementsKit Lite < 3.0.4 - Unauthenticated Sensitive Information Exposure

Description The plugin is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.0.3 via the ekitwidgetareacontent function. This makes it possible for unauthenticated attackers to obtain contents of posts in draft, private or pending review status that should not be...

5.3CVSS6.8AI score0.00521EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/10 12:0 a.m.16 views

EventON (Free < 2.2.7, Premium < 4.5.5) - Admin+ Stored Cross-Site Scripting

Description The plugin does not sanitize and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. PoC 1. Go to the EventON Lite setting...

4.8CVSS4.7AI score0.0043EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/10 12:0 a.m.24 views

EventON (Free < 2.2.8, Premium < 4.5.5) - Reflected XSS

Description The plugins do not properly sanitise and escape a parameter before outputting it back in pages, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin PoC Make a logged in admin open a page with the code below...

6.1CVSS6.1AI score0.00366EPSS
Exploits1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/10 12:0 a.m.17 views

WP Customer Area < 8.2.1 - Subscriber+ Account Address Leak

Description The plugin does not properly validates user capabilities in some of its AJAX actions, allowing any users to retrieve other user's account address. PoC Run the below command in the developer console of the browser when being logged in the blog as a subscriber and on your own edit accou...

6.5CVSS6.5AI score0.00483EPSS
Exploits1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/10 12:0 a.m.20 views

Formidable Forms < 6.7.1 - HTML Injection

Description The plugin is vulnerable to HTML injection in versions up to, and including, 6.7. This vulnerability allows unauthenticated users to inject arbitrary HTML code into form fields. When the form data is viewed by an administrator in the Entries View Page, the injected HTML code is...

6.5CVSS7.1AI score0.00393EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/10 12:0 a.m.16 views

WP Customer Area < 8.2.1 - Subscriber+ Account Address Update

Description The plugin does not properly validate users capabilities in some of its AJAX actions, allowing malicious users to edit other users' account address. PoC You may get the nonce from your save address form fetch"https://example.com/wp-admin/admin-ajax.php", "headers": "content-type":...

4.3CVSS4.5AI score0.00394EPSS
Exploits1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/10 12:0 a.m.24 views

EventON (Free < 2.2.8, Premium < 4.5.6) - Unauthenticated Arbitrary Post Metadata Update

Description The plugins do not have authorisation in an AJAX action, and does not ensure that the post to be updated belong to the plugin, allowing unauthenticated users to update arbitrary post metadata. Note: Such issue could lead to Unauthenticated Stored XSS due to the lack of sanitisation in...

6.1CVSS5.9AI score0.00373EPSS
Exploits1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/10 12:0 a.m.20 views

EventON (Free < 2.2.8, Premium < 4.5.5) - Unauthenticated Email Address Disclosure

Description The plugins do not have authorisation in an AJAX action, allowing unauthenticated users to retrieve email addresses of any users on the blog PoC To get the administrator user emails: curl -X POST --data 'userrole=administrator'...

5.3CVSS5.3AI score0.37957EPSS
Exploits3Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/10 12:0 a.m.13 views

EventON (Free < 2.2.9, Premium < 4.5.9) - Unauthenticated Virtual Event Settings Update

Description The plugins do not have authorisation and CSRF in some AJAX actions, allowing unauthenticated users to update virtual events settings, such as meeting URL, moderator, access details etc PoC To set the Meeting URL to https://attacker.com/ on the Virtual Event with ID 240: curl -X POST...

5.3CVSS5.3AI score0.00411EPSS
Exploits1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/10 12:0 a.m.16 views

Voting Record <= 2.0 - Settings Update to Stored XSS via CSRF

Description The plugin does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack PoC Have an admin open an HTML page containing the following: You will see the pop-up...

5.4CVSS5.5AI score0.00207EPSS
Exploits2References1
WPVulnDB
WPVulnDB
added 2024/01/10 12:0 a.m.19 views

EventON (Free < 2.2.8, Premium < 4.5.5) - Unauthenticated Virtual Event Password Disclosure

Description The plugins do not have authorisation in an AJAX action, allowing unauthenticated users to retrieve the settings of arbitrary virtual events, including any meeting password set for example for Zoom PoC curl -X POST --data "eid=240"...

5.3CVSS5.5AI score0.00453EPSS
Exploits1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/10 12:0 a.m.12 views

Voting Record <= 2.0 - Subscriber+ Stored XSS

Description The plugin is missing sanitisation as well as escaping, which could allow any authenticated users, such as subscriber to perform Stored XSS attacks PoC Have a subscriber open an HTML file containing the following: See the XSS when logged in as an admin and viewing recorded votes...

5.4CVSS5.5AI score0.00403EPSS
Exploits2References1
WPVulnDB
WPVulnDB
added 2024/01/09 12:0 a.m.14 views

Community by PeepSo < 6.3.1.2 - Reflected XSS

Description The plugin does not sanitise and escape various parameters and generated URLs before outputting them back attributes, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin PoC Make a logged in admin open When the register your copy...

6.1CVSS5.8AI score0.00515EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/09 12:0 a.m.16 views

Community by PeepSo < 6.3.1.2 - User Post Creation via CSRF

Description The plugin does not have CSRF check when creating a user post visible on their wall in their profile page, which could allow attackers to make logged in users perform such action via a CSRF attack PoC 1. Log in as a normal user. 2. Save the content below as an HTML file. 3. Change...

4.3CVSS6.3AI score0.00237EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/09 12:0 a.m.14 views

Contact Form 7 Connector < 1.2.3 - Reflected XSS

Description The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against administrators. PoC http://vulnerable-site.tld/wp-admin/admin.php?page=ari-cf7connector-log=html=...

6.1CVSS5.9AI score0.00454EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/08 12:0 a.m.14 views

Product Enquiry for WooCommerce < 3.2 - Reflected XSS

Description The plugin does not sanitise and escape the page parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin PoC Make a logged in admin open a page with the code below...

6.1CVSS6.1AI score0.0046EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/08 12:0 a.m.21 views

PageLayer < 1.8.0 - Author+ Stored XSS

Description The plugin doesn't prevent attackers with administrator privileges from inserting malicious JavaScript inside a post's header or footer code, even when unfilteredhtml is disallowed, such as in multi-site WordPress configurations. PoC - As a user with Author+ capabilities, create a new...

4.8CVSS6.6AI score0.00377EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/05 12:0 a.m.19 views

Quiz And Survey Master < 8.1.19 - Quiz Results Deletion via CSRF

Description The plugin does not have CSRF checks in some functions, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks, such as delete quiz results...

5.4CVSS7.1AI score0.00197EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/05 12:0 a.m.22 views

WooCommerce PDF Invoice Builder < 1.2.102 - Cross-Site Request Forgery

Description The WooCommerce PDF Invoice Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.101. This is due to missing or incorrect nonce validation in the /pages/invoicelist.php file. This makes it possible for unauthenticated attackers...

8.8CVSS6.6AI score0.00221EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/05 12:0 a.m.18 views

CRM Perks Forms < 1.1.3 - Authenticated (Administrator+) Stored Cross-Site Scripting

Description The CRM Perks Forms – WordPress Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.1.2 due to insufficient input sanitization and output escaping on the label field. This makes it possible for...

5.9CVSS5.8AI score0.00336EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/05 12:0 a.m.22 views

Pay with Vipps for WooCommerce < 1.14.14 - Authenticated (Contributor+) Stored Cross-Site Scripting

Description The Pay with Vipps for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the buy now button in versions up to, and including, 1.14.13 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.5CVSS5.9AI score0.0031EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/05 12:0 a.m.17 views

WebinarIgnition < 3.05.1 - Missing Authorization to Unauthenticated Privilege Escalation

Description The Webinar Plugin: Create live/evergreen/automated/instant webinars, stream & Zoom Meetings | WebinarIgnition plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 3.05.0. This makes it possible...

9.4AI score0.00721EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/05 12:0 a.m.12 views

Defender Security < 4.2.0 - Sensitive Information Exposure via Log File

Description The Defender Security – Malware Scanner, Login Security & Firewall plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.1.0 via the plugin's log file. This makes it possible for unauthenticated attackers to extract sensitive data...

7.5CVSS6.9AI score0.0048EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/05 12:0 a.m.9 views

WP Simple Booking Calendar < 2.0.8.5 - Cross-Site Request Forgery

Description The WP Simple Booking Calendar plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.8.4. This is due to missing or incorrect nonce validation on the wpsbcrefreshcalendareditor function. This makes it possible for unauthenticated...

6.6AI score0.00202EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/05 12:0 a.m.21 views

Uncode Core < 2.8.9 - Authenticated (Subscriber+) Arbitrary File Deletion

Description The uncode-core plugin for WordPress is vulnerable to arbitrary file deletion in all versions up to, and including, 2.8.8. This makes it possible for authenticated attackers with subscriber level access or higher to delete arbitrary files on the site...

7.7CVSS6.9AI score0.00472EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/05 12:0 a.m.17 views

GeoDirectory < 2.3.29 - Authenticated(Administrator+) SQL Injection

Description The GeoDirectory – WordPress Business Directory Plugin, or Classified Directory plugin for WordPress is vulnerable to SQL Injection via an unknown parameter in all versions up to 2.3.29 exclusive due to insufficient escaping on the user supplied parameter and lack of sufficient...

7.6CVSS7.5AI score0.00545EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/05 12:0 a.m.14 views

Automation By Autonami < 2.7.0 - Authenticated(Administrator+) SQL Injection

Description The Recover WooCommerce Cart Abandonment, Newsletter, Email Marketing, Marketing Automation By FunnelKit plugin for WordPress is vulnerable to SQL Injection via an unknown parameter in all versions up to 2.7.0 exclusive due to insufficient escaping on the user supplied parameter and...

7.6CVSS7.5AI score0.00534EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/05 12:0 a.m.12 views

WP Stripe Checkout < 1.2.2.38 - Sensitive Information Exposure via Debug Log

Description The WP Stripe Checkout plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.2.2.37 via the debug log file. This makes it possible for unauthenticated attackers to extract sensitive data including stripe checkout debug information...

7.5CVSS6.9AI score0.00524EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/05 12:0 a.m.20 views

Uncode Core < 2.8.9 - Privilege Escalation

Description The Uncode Core plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 2.8.8. This makes it possible for subscribers to escalate their privileges to those of a higher level account...

8.8CVSS7.5AI score0.00551EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/05 12:0 a.m.17 views

Product Feed Manager < 7.3.16 - Authenticated (Admin+) Directory Traversal

Description The Product Feed Manager – WooCommerce to Google Shopping, Social Catalogs, and 170+ Popular Marketplaces plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 7.3.15 via the vulnerable parameter 'logKey'. This makes it possible for authenticated...

5.5CVSS7.5AI score0.00423EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/05 12:0 a.m.18 views

Depicter Slider < 2.0.7 - Settings Update via CSRF

Description The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

4.3CVSS7AI score0.00198EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/05 12:0 a.m.14 views

Easy Video Player < 1.2.2.11 - Contributor+ Stored XSS

Description The plugin does not validate and escape the ratiocode attribute of its evpembedvideo shortcode before outputting it back in a page where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

6.5CVSS6.1AI score0.00328EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/05 12:0 a.m.22 views

Republish Old Posts < 1.27 - Cross-Site Request Forgery via rop_options_page

Description The Republish Old Posts plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.21. This is due to missing or incorrect nonce validation on the ropoptionspage function. This makes it possible for unauthenticated attackers to modify the...

8.8CVSS6.6AI score0.00227EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/05 12:0 a.m.16 views

Easy Digital Downloads < 3.2.0 - Missing Authorization

Description The plugin is vulnerable to unauthorized access due to a missing capability check on a function, allowing unauthenticated attackers to perform an unauthorized action...

7.1AI score0.00631EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/05 12:0 a.m.17 views

Pre* Party Resource Hints < 1.8.20 - Admin+ SQLi

Description The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin...

7.6CVSS7.4AI score0.00534EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/05 12:0 a.m.21 views

Webba Booking < 5.0 - Cross-Site Request Forgery

Description The Appointment & Event Booking Calendar Plugin – Webba Booking plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.5.33. This is due to missing or incorrect nonce validation on an unknown function. This makes it possible for...

8.8CVSS6.7AI score0.00222EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/05 12:0 a.m.13 views

MF Gig Calendar <=1.2.1 - Authenticated(Contributor+) SQL Injection

Description The MF Gig Calendar plugin for WordPress is vulnerable to SQL Injection via an unknown parameter in all versions up to, and including, 1.2.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible...

8.8CVSS7.5AI score0.00481EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/01/05 12:0 a.m.14 views

Restrict Usernames Emails Characters Plugin < 3.1.4 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed PoC 1. Access the "Restrict Usernames Emails Characters" settings 2. For the field "The...

4.8CVSS5.7AI score0.00405EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/05 12:0 a.m.12 views

HTML Forms < 1.3.30 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5.9CVSS4.9AI score0.00336EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/05 12:0 a.m.15 views

WooPayments < 6.7.0 - Unauthenticated Order Deletion via IDOR

Description The plugin does not validate orders ownership which could allow unauthenticated attacker to delete orders by knowing the order ID and cart hash i.e. they would have to create a cart that matches the items in the order they are trying to delete. Furthermore, only stores running on lega...

7.5CVSS7.1AI score0.00464EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/05 12:0 a.m.16 views

Rencontre – Dating Site < 3.11 - Unauthenticated Arbitrary File Upload

Description The Rencontre – Dating Site plugin for WordPress is vulnerable to arbitrary file uploads in all versions up to, and including, 3.10.1. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution...

10CVSS8.2AI score0.0063EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/05 12:0 a.m.16 views

Booking for Appointments and Events Calendar – Amelia < 1.0.86 - Contributor+ Stored XSS

Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

6.5CVSS6.1AI score0.00325EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/05 12:0 a.m.14 views

Booking Manager < 2.1.6 - Authenticated(Contributor+) SQL Injection via Shortcode

Description The Booking Manager plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode attributes in all versions up to 2.1.6 exclusive due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...

8.8CVSS7.5AI score0.00537EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/05 12:0 a.m.23 views

Eazy Plugin Manager < 4.1.3 - Missing Authorization via update_options

Description The Eazy Plugin Manager – Powerful Plugin Management Solution for WordPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'updateoptions' function in all versions up to, and including, 4.1.2. This makes it possible for...

6.5AI score0.00655EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/05 12:0 a.m.17 views

NEX-Forms – Ultimate Form Builder – Contact forms and much more < 8.5.6 - Authenticated (Admin+) SQL Injection

Description The NEX-Forms – Ultimate Form Builder – Contact forms and much more plugin for WordPress is vulnerable to SQL Injection via an unknown parameter in all versions up to 8.5.6 exclusive due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the...

7.6CVSS7.5AI score0.00574EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/05 12:0 a.m.20 views

Oxygen Builder < 4.8.1 - Contributor+ Stored XSS

Description The plugin is vulnerable to Stored Cross-Site Scripting via a custom field due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execut...

6.4CVSS5.8AI score0.00315EPSS
Exploits0References1Affected Software1
Total number of security vulnerabilities14602