Lucene search
K
WpvulndbRecent

14602 matches found

WPVulnDB
WPVulnDB
added 2024/01/03 12:0 a.m.17 views

FunnelKit Checkout < 3.11.0 - Unauthenticated Arbitrary Content Deletion

Description The FunnelKit Checkout plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on an unknown function in all versions up to, and including, 3.10.3. This makes it possible for unauthenticated attackers, to delete arbitrary content...

7.5CVSS6.8AI score0.00529EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/03 12:0 a.m.16 views

WC Marketplace < 4.0.24 - Missing Authorization via mvx_save_dashpages

Description The WC Marketplace plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'mvxsavedashpages' function in versions up to, and including, 4.0.23. This makes it possible for unauthenticated attackers to update the plugin's setting...

7AI score0.00504EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/03 12:0 a.m.15 views

Essential Blocks for Gutenberg < 4.2.1 - Contributor+ Unauthorised Actions

Description The plugin does not have proper authorisation checks in various functions, allowing contributor and above role to perform unauthorized actions...

7AI score0.00575EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/03 12:0 a.m.15 views

Site Notes <= 2.0.0 - Admin Note Deletion via CSRF

Description The plugin does not have CSRF checks in some of its functionalities, which could allow attackers to make logged in users perform unwanted actions, such as deleting administration notes, via CSRF attacks PoC Have an administrator open the following HTML file:...

4.3CVSS6.4AI score0.00218EPSS
Exploits2
WPVulnDB
WPVulnDB
added 2024/01/03 12:0 a.m.13 views

WP-Members Membership Plugin < 3.4.9 - Contributor+ Sensitive Information Exposure

Description The plugin is vulnerable to Sensitive Information Exposure via the wpmemfield shortcode. This makes it possible for authenticated attackers, with contributor access and above, to extract sensitive data including user emails, password hashes, usernames, and more...

6.5CVSS6.9AI score0.0044EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/03 12:0 a.m.19 views

MapPress Maps for WordPress < 2.88.14 - Contributor+ Stored XSS

Description The plugin does not sanitize and escape the Point of Interest Title and Description options in a map, allowing Contributor and above role to perform Stored Cross-Site Scripting attacks PoC As a contributor, add/edit a Map and search any location you want. Add XSS Payload on Location’s...

6.4CVSS5.4AI score0.00547EPSS
Exploits2References2Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/03 12:0 a.m.17 views

Custom User CSS <= 0.2 - Settings Update via CSRF

Description The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack. PoC Create an HTML form with the following content and make a logged in admin open it...

8.8CVSS6.3AI score0.00349EPSS
Exploits2References1
WPVulnDB
WPVulnDB
added 2024/01/03 12:0 a.m.16 views

WP 2FA < 2.6.0 - Arbitrary Email Sending via CSRF

Description The plugin has a flawed CSRF check when sending emails to registered users, which could allow attackers to make logged in admins perform such action via a CSRF attack...

4.3CVSS7AI score0.00248EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/03 12:0 a.m.26 views

Piotnet Forms Plugin < 1.0.29 - Unauthenticated Arbitrary File Upload

Description The plugin is vulnerable to arbitrary file uploads due to missing file type validation in the 'piotnetformsajaxformbuilder' function, allowing unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible...

9.8CVSS9.9AI score0.00537EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/03 12:0 a.m.21 views

Verge3D < 4.5.3 - Subscriber+ Arbitrary File Upload

Description The plugin is vulnerable to arbitrary file uploads due to missing file type validation in the 'v3duploadappfile' function, allowing any authenticated attackers, with subscriber access and above, to upload arbitrary files on the affected site's server which may make remote code executi...

9.9CVSS9.4AI score0.00594EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/03 12:0 a.m.11 views

Easy Social Feed < 6.5.3 - Subscriber+ Settings Update

Description The plugin is vulnerable to unauthorized modification of data due to a missing capability check on multiple AJAX functions. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform unauthorized actions, such as modifying the plugin's...

4.3CVSS6.8AI score0.00323EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/03 12:0 a.m.12 views

WP 2FA < 2.6.0 - Subscriber+ Arbitrary Email Sending

Description The plugin is vulnerable to Insecure Direct Object Reference via the sendbackupcodesemail due to missing validation on a user controlled key. This makes it possible for subscriber-level attackers to email arbitrary users on the site...

4.3CVSS6.7AI score0.0047EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/03 12:0 a.m.17 views

TJ Shortcodes <= 0.1.3 - Contributor+ Stored XSS via Shortcodes

Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. PoC junkie-button...

5.4CVSS8.2AI score0.00406EPSS
Exploits2References1
WPVulnDB
WPVulnDB
added 2024/01/03 12:0 a.m.25 views

LearnPress < 4.2.5.8 - Subscriber+ Arbitrary Course Progress Disclosure

Description The plugin is vulnerable to Insecure Direct Object Reference in the /wp-json/lp/v1/profile/course-tab REST API due to missing validation on the 'userID' user controlled key. This makes it possible for authenticated attackers, with subscriber-level access and above, to retrieve the...

4.3CVSS6.8AI score0.00347EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/03 12:0 a.m.24 views

Biteship for WooCommerce < 2.2.25 - Reflected Cross-Site Scripting

Description The plugin does not sanitise and escape the biteshiperror and biteshipmessage parameters before outputting them back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin PoC Make a logged in admin open one of the URLs...

6.1CVSS5.8AI score0.0037EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/03 12:0 a.m.18 views

JVM rich text icons < 1.2.4 - Subscriber+ Arbitrary File Upload

Description The JVM Gutenberg Rich Text Icons plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'ajaxuploadicon' function in all versions up to and including 1.2.3. This makes it possible for authenticated attackers, with subscriber access and...

9.9CVSS8AI score0.00606EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/03 12:0 a.m.21 views

Essential Blocks for Gutenberg < 4.2.1 - Subscriber+ Unauthorised Actions

Description The plugin does not have proper authorisation checks in various functions, allowing any authenticated users, such as subscribers to perform unauthorized actions...

6.3AI score0.00573EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/03 12:0 a.m.24 views

MC4WP < 4.9.10 - Unauthenticated Unpublished Form Preview

Description The plugin is vulnerable to unauthorized access of data due to a missing capability check on the 'listen' function, allowing unauthenticated attackers to preview unpublished forms...

7AI score0.0042EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/03 12:0 a.m.19 views

OMGF < 5.7.10 - Unauthenticated Directory Deletion & Stored XSS

Description The plugin is vulnerable to unauthorized modification of data and Stored Cross-Site Scripting due to a missing capability check on the updatesettings function hooked via admininit. This makes it possible for unauthenticated attackers to update the plugin's settings which can be used t...

8.6CVSS6AI score0.00478EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/03 12:0 a.m.19 views

FooGallery Premium < 2.4.6 - Contributor+ Stored XSS

Description The Best WordPress Gallery Plugin – FooGallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the custom attributes in all versions up to, and including, 2.3.3 due to insufficient input sanitization and output escaping. This makes it possible for contributors an...

6.4CVSS5.9AI score0.00407EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/03 12:0 a.m.12 views

EmbedPress < 3.9.6 - Contributor+ Stored XSS

Description The plugin does not validate and escape some of its embedoembedhtml shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

6.4CVSS6.1AI score0.00427EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/03 12:0 a.m.17 views

Product Expiry for WooCommerce < 2.6 - Subscriber+ Settings Update

Description The plugin does not have authorisation check when updating its settings, which could allow any authenticated users, such as subscriber to update them...

5.4CVSS6.7AI score0.00392EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/03 12:0 a.m.11 views

Wp-Adv-Quiz <= 1.0.4 - Admin+ Stored XSS in Quiz Overview

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. PoC 1. Under "WP Adv Quiz - WP Adv...

4.8CVSS4.7AI score0.00402EPSS
Exploits2
WPVulnDB
WPVulnDB
added 2024/01/03 12:0 a.m.13 views

Wp-Adv-Quiz < 1.0.3 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed. PoC 1. Add a new quiz. 2. Under the created quiz, click on "Questions". 3. Add a question...

4.8CVSS5.1AI score0.00402EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/03 12:0 a.m.24 views

WP Compress < 6.10.34 - Unauthenticated Arbitrary File Read

Description The plugin is vulnerable to Directory Traversal via the css parameter. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive information...

9.1CVSS6.7AI score0.0087EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/03 12:0 a.m.13 views

Doofinder for WooCommerce < 2.1.1 - Missing Authorization via multiple AJAX actions

Description The Doofinder for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on the 'doofinderresetcredentials' and 'doofinderforceupdateonsave' anonymous AJAX functions in versions up to, and including, 2.0.3...

6.5CVSS6.7AI score0.00229EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/03 12:0 a.m.11 views

PowerPack Addons for Elementor (Free Widgets, Extensions and Templates) < 2.7.14 - Settings Reset/Update via CSRF

Description The plugin does not have CSRF checks when resetting and updating its settings, which could allow attackers to make logged in admins perform such actions via CSRF attacks...

5.3CVSS6.9AI score0.00196EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/03 12:0 a.m.19 views

FunnelKit Checkout < 3.11.0 - Subscriber+ Arbitrary Plugin Activation

Description The FunnelKit Checkout plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on an unknown function in all versions up to, and including, 3.10.3. This makes it possible for authenticated attackers, with subscriber access and above, t...

6.8AI score0.00294EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/03 12:0 a.m.21 views

PageLayer < 1.7.9 - Contributor+ Stored XSS

Description The plugin is vulnerable to Stored Cross-Site Scripting via the 'pagelayerheadercode', 'pagelayerbodyopencode', and 'pagelayerfootercode' meta fields due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

5.4CVSS5.8AI score0.00427EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/03 12:0 a.m.15 views

JVM rich text icons < 1.2.7 - Subscriber+ Arbitrary File Deletion

Description The JVM Gutenberg Rich Text Icons plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.2.6 via the 'file' parameter. This makes it possible for authenticated attackers, with subscriber access and above, to delete arbitrary files...

7.7CVSS6.9AI score0.00468EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/03 12:0 a.m.12 views

Product Catalog Enquiry for WooCommerce < 5.0.3 - Unauthenticated Inquiry Saving & Sensitive Information Disclosure

Description The plugin is vulnerable to unauthorized access and modification of data due to an improper capability check on the catalogrestroutesreactmodule REST endpoints, allowing unauthenticated attackers to view data from admin tabs and save enquiries...

7.1AI score
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/03 12:0 a.m.14 views

FunnelKit Checkout < 3.11.0 - Subscriber+ Settings Update

Description The plugin does not have authorisation check when updating its settings, which could allow any authenticated users, such as subscriber to update them...

6.9AI score0.00333EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/03 12:0 a.m.15 views

ARForms < 1.5.9 - Unauthenticated Stored XSS

Description The Contact Form, Survey & Popup Form Plugin for WordPress – ARForms Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘ arfhttpreferrerurl’ parameter in all versions up to, and including, 1.5.8 due to insufficient input sanitization and output...

7.2CVSS5.9AI score0.00374EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/03 12:0 a.m.20 views

Ultimate Addons for Beaver Builder < 1.35.15 - Contributor+ Privilege Escalation

Description The Ultimate Addons for Beaver Builder plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.35.14. This makes it possible for authenticated attackers, with contributor access and above, to escalate their privileges to those of a higher lev...

7AI score0.00547EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/03 12:0 a.m.22 views

BERTHA AI Plugin < 1.11.10.8 - Unauthenticated Arbitrary File Upload

Description The BERTHA AI. Your AI co-pilot for WordPress and Chrome plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'bthaiwatranslateaudiocallback' function in all versions up to and including 1.11.10.7. This makes it possible for...

10CVSS8.2AI score0.0063EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/03 12:0 a.m.44 views

Store Locator WordPress < 1.4.15 - Admin+ Arbitrary File Deletion

Description The plugin is vulnerable to Directory Traversal, allowing authenticated attackers, with administrator access and above, to delete arbitrary files...

6.8CVSS7AI score0.00617EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/03 12:0 a.m.15 views

WordPress Users <= 1.4 - Settings Update via CSRF

Description The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack. PoC Create an HTML with the following and open it when logged in as an Editor or above:...

8.8CVSS9.2AI score0.00329EPSS
Exploits2References1
WPVulnDB
WPVulnDB
added 2024/01/03 12:0 a.m.14 views

Integrate Google Drive < 1.3.4 - Subscriber+ Settings Update

Description The plugin does not have authorisation check when updating its settings, which could allow any authenticated users, such as subscriber to update them...

6.6AI score0.00298EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/03 12:0 a.m.22 views

WordPress Toolbar <= 2.2.6 - Open Redirect

Description The plugin redirects to any URL via the "wptbto" parameter. This makes it possible for unauthenticated attackers to redirect users to potentially malicious sites if they can successfully trick them into performing an action. PoC...

6.1CVSS6.6AI score0.25679EPSS
Exploits2References1
WPVulnDB
WPVulnDB
added 2024/01/03 12:0 a.m.13 views

WP Plugin Lister <= 2.1.0 - Settings Update to Stored XSS via CSRF

Description The plugin does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack. PoC Make an admin open an HTML page containing the following code:...

5.4CVSS8.8AI score0.00214EPSS
Exploits2References1
WPVulnDB
WPVulnDB
added 2024/01/03 12:0 a.m.12 views

Business Directory Plugin < 6.3.10 - Contributor+ Arbitrary Listing Deletion

Description The plugin is vulnerable to unauthorized loss of data due to a missing capability check on the 'dispatch' function, allowing authenticated attackers, with contributor-level access and above, to delete listings...

6.5AI score0.00314EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/03 12:0 a.m.19 views

Ultimate Addons for Beaver Builder < 1.35.14 - Contributor+ Arbitrary File Download

Description The Ultimate Addons for Beaver Builder plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.35.13. This makes it possible for authenticated attackers, with Contributor access and above, to read the contents of a limited subset of arbitrary...

6.5AI score0.00562EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/03 12:0 a.m.20 views

WP Social Bookmark Menu <= 1.2 - Settings Update via CSRF

Description The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack. PoC...

8.8CVSS9.3AI score0.00329EPSS
Exploits2References1
WPVulnDB
WPVulnDB
added 2024/01/03 12:0 a.m.22 views

Easy SVG Allow <= 1.0 - Author+ Stored XSS via SVG

Description The plugin does not sanitize uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads. PoC Upload an SVG with the following code: Access the uploaded file directly to trigger the XSS...

5.4CVSS9.1AI score0.0038EPSS
Exploits2
WPVulnDB
WPVulnDB
added 2024/01/03 12:0 a.m.41 views

LearnPress < 4.2.5.8 - Unauthenticated SQLi

Description The plugin does not properly sanitise and escape the orderby parameter before using it in a SQL statement, leading to a SQL injection exploitable by unauthenticated users...

9.8CVSS7.6AI score0.51394EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/03 12:0 a.m.28 views

POST SMTP Mailer < 2.8.8 - Unauthenticated Stored Cross-Site Scripting via device

Description The plugin is vulnerable to Stored Cross-Site Scripting via the ‘device’ header due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an...

7.2CVSS6.2AI score0.00941EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/03 12:0 a.m.16 views

WP SMS < 6.5.1 - Cross-Site Request Forgery to Subscriber Deletion

Description The WP SMS – Messaging & SMS Notification for WordPress, WooCommerce, GravityForms, etc plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.5. This is due to missing or incorrect nonce validation on the 'delete' action of the...

4.3CVSS6.5AI score0.00248EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/03 12:0 a.m.18 views

WP SMS < 6.5.1 - Contributor+ SQLi to Reflected XSS

Description The plugin is vulnerable to SQL Injection via the 'groupid' parameter due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with contributor-level access and above, ...

6.1CVSS7.4AI score0.00414EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/03 12:0 a.m.19 views

Piotnet Forms < 1.0.30 - Missing Authorization via multiple AJAX actions

Description The plugin is vulnerable to unauthorized access of data and modification of data due to a missing capability check on multiple AJAX functions, allowing unauthenticated attackers to save draft posts and download arbitrary JSON files from the server...

9.4AI score0.00295EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/03 12:0 a.m.30 views

Frontend Admin by DynamiApps Plugin < 3.18.4 - Unauthenticated Arbitrary File Upload

Description The plugin is vulnerable to arbitrary file uploads due to missing file type validation in the 'ajaxaddattachment' function, allowing unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible...

10CVSS9.9AI score0.00617EPSS
Exploits0References1Affected Software1
Total number of security vulnerabilities14602