Lucene search
K
WpvulndbRecent

14602 matches found

WPVulnDB
WPVulnDB
added 2024/01/02 12:0 a.m.19 views

Autotitle for WordPress <= 1.0.3 - Settings Update to Stored XSS via CSRF

Description The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack. PoC...

8.8CVSS6.5AI score0.00346EPSS
Exploits2References1
WPVulnDB
WPVulnDB
added 2024/01/01 12:0 a.m.21 views

Solid Security Basic < 9.0.1 - Unauthenticated Login Page Disclosure

Description The plugin is vulnerable to protection mechanism bypass due to disclosing the login path when comments are enabled and registration is required. This makes it possible for unauthenticated attackers to discover the login page path and bypass the intended functionality of the security...

7.2AI score
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/01 12:0 a.m.12 views

UsersWP < 1.2.3.23 - Profile Picture Deletion via CSRF

Description The plugin does not have CSRF check when deleting profile pictures, which could allow attackers to make logged in users perform unwanted actions via a CSRF attack...

7AI score
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/01 12:0 a.m.20 views

Meris <= 1.1.2 - Reflected XSS

Description The theme does not sanitise and escape some parameters before outputting them back in the page, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin PoC...

6.1CVSS8.5AI score0.00331EPSS
Exploits1
WPVulnDB
WPVulnDB
added 2023/12/29 12:0 a.m.18 views

EventPrime < 3.3.6 - Unauthenticated Event Access

Description The plugin lacks authentication and authorization, allowing unauthenticated visitors to access private and password protected Events by guessing their numeric id/event name. PoC 1. Create a password-protected event or a private event then publish it. 2. Access to the URL on a private...

5.3CVSS6.9AI score0.00564EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2023/12/29 12:0 a.m.11 views

WP All Import < 3.7.3 - Admin+ Arbitrary File Upload to RCE

Description The plugin accepts all zip files and automatically extracts the zip file into a publicly accessible directory without sufficiently validating the extracted file type. This may allows high privilege users such as administrator to upload an executable file type leading to remote code...

7.2CVSS6.8AI score0.01231EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2023/12/29 12:0 a.m.14 views

WP User Profile Avatar < 1.0.1 - Author+ Avatar Deletion/Update via IDOR

Description The plugin does not properly check for authorisation, allowing authors to delete and update arbitrary avatar PoC POC request: POST /wordpress/wp-admin/admin-ajax.php HTTP/1.1 Host: yoursite User-Agent: Mozilla/5.0 X11; Linux aarch64; rv:102.0 Gecko/20100101 Firefox/102.0 Accept:...

4.3CVSS9.5AI score0.00405EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/12/29 12:0 a.m.19 views

Booking Calendar WpDevArt < 3.2.12 - Admin+ SQLi

Description The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin...

7.7AI score
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/12/29 12:0 a.m.21 views

Mail logging - WP Mail Catcher < 2.1.4 - Admin+ SQLi

Description The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin...

7.6CVSS7.7AI score0.00534EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/12/29 12:0 a.m.15 views

EventON-RSVP < 2.9.5 - Reflected XSS

Description The plugin does not sanitise and escape some parameters before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin PoC Make a logged in admin open a page containing the code below...

6.1CVSS5.9AI score0.0042EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2023/12/28 12:0 a.m.15 views

Product Enquiry for WooCommerce < 3.1 - Arbitrary Enquiry Deletion via CSRF

Description The plugin does not have a CSRF check in place when deleting inquiries, which could allow attackers to make a logged in admin delete them via a CSRF attack PoC 1. Make an enquiry from the frontend form 2. Go to "Woo Quote Popup Enquiry List" 3. Get the ID of an item 4. Add the ID to...

4.3CVSS6.5AI score0.00203EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2023/12/28 12:0 a.m.16 views

Product Enquiry for WooCommerce < 3.1 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC Form Customizer: 1. Navigate to...

4.8CVSS4.9AI score0.00402EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2023/12/26 12:0 a.m.27 views

Colibri Page Builder < 1.0.248 - Contributor+ Stored XSS

Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

6.5CVSS5.9AI score0.0037EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/12/26 12:0 a.m.20 views

FOX – Currency Switcher Professional for WooCommerce < 1.4.1.7 - Subscriber+ Stored XSS

Description The plugin does not sanitise and escape its currency options parameters, which could allow any authenticated users, such as subscribers to perform Stored Cross-Site Scripting attacks...

5.4CVSS5.7AI score0.00416EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/12/26 12:0 a.m.25 views

WP SEO Press < 7.3 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed PoC 1. Navigate to http://vulnerable-site.tld/wp-admin/admin.php?page=seopress-titles. 2...

4.8CVSS5.7AI score0.00402EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2023/12/26 12:0 a.m.18 views

Colibri Page Builder < 1.0.240 - Contributor+ Stored XSS

Description The plugin does not validate and escape some its extendbuilderrenderjs shortcode content before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks PoC...

6.4CVSS8.2AI score0.00373EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/12/26 12:0 a.m.19 views

Ultimate Dashboard < 3.7.12 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5.9CVSS5.4AI score0.00402EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/12/26 12:0 a.m.8 views

Fathom Analytics < 3.1.0 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5.9AI score
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/12/26 12:0 a.m.16 views

WP Review Slider < 13.0 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC Add the payload "...

4.8CVSS5AI score0.00336EPSS
Exploits1Affected Software1
WPVulnDB
WPVulnDB
added 2023/12/26 12:0 a.m.30 views

Menu Image, Icons made easy < 3.11 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5.9CVSS4.7AI score0.00352EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/12/26 12:0 a.m.35 views

All In One WP Security < 5.2.5 - Protection Bypass of Renamed Login Page via URL Encoding

Description The All-In-One Security AIOS – Security and Firewall plugin for WordPress is vulnerable to protection bypass on the login page in all versions up to and including 5.2.4. This makes it possible for unauthenticated attackers to visit the login page in cases where it has been renamed by...

7.1AI score0.00322EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/12/26 12:0 a.m.29 views

404 Solution < 2.35.0 - Admin+ SQLi

Description The plugin does not properly sanitise and escape the orderby parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin...

7.6CVSS7.5AI score0.00541EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2023/12/25 12:0 a.m.21 views

Estatik Real Estate Plugin < 4.1.1 - Subscriber+ Arbitrary Option Update

Description The plugin does not prevent user with low privileges on the site, like subscribers, from setting any of the site's options to 1, which could be used to break sites and lead to DoS when certain options are reset PoC Run the below command in the developer console of the web browser whil...

6.5CVSS6.6AI score0.0061EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2023/12/25 12:0 a.m.21 views

Estatik Real Estate Plugin < 4.1.1 - Unauthenticated PHP Object Injection

Description The plugin unserializes user input via some of its cookies, which could allow unauthenticated users to perform PHP Object Injection when a suitable gadget chain is present on the blog PoC To simulate a gadget chain, put the following code in a plugin: class Evil public function wakeup...

9.8CVSS7.2AI score0.00926EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2023/12/25 12:0 a.m.15 views

Estatik Real Estate Plugin < 4.1.1 - Reflected XSS

Description The plugin does not sanitise and escape various parameters and generated URLs before outputting them back in attributes, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin PoC Make a logged in admin open one of the URLs below some...

6.1CVSS5.8AI score0.0042EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2023/12/23 12:0 a.m.33 views

Sayfa Sayaç <= 2.6 - Unauthenticated SQL Injection

Description The Sayfa Sayaç plugin for WordPress is vulnerable to SQL Injection via the in versions up to, and including, 2.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated...

9.8CVSS7.8AI score0.00629EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2023/12/23 12:0 a.m.25 views

Accredible Certificates & Open Badges < 1.4.9 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5.9CVSS5.3AI score0.00206EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/12/23 12:0 a.m.22 views

Multi Step Form < 1.7.17 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5.9CVSS4.9AI score0.00402EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/12/23 12:0 a.m.46 views

My Calendar < 3.4.22 - Unauthenticated SQL Injection

Description The My Calendar plugin for WordPress is vulnerable to blind|generic|time-based SQL Injection via the 'from' and 'to' parameters of the '/my-calendar/v1/events' rest route in all versions up to, and including, 3.4.21 due to insufficient escaping on the user supplied parameter and lack ...

9.8CVSS7.6AI score0.63141EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/12/23 12:0 a.m.39 views

Disable User Login < 1.3.9 - User Login Toggle via CSRF

Description The plugin does not have CSRF check in its bulk action, which could allow attackers to make logged in admins enable and disable login for arbitrary users via a CSRF attack...

8.8CVSS8.6AI score0.00264EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/12/23 12:0 a.m.15 views

Loan Repayment Calculator and Application Form < 2.9.4 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5.9CVSS5.7AI score0.00335EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/12/23 12:0 a.m.27 views

Advanced Category Template <= 0.1 - Cross-Site Request Forgery

Description The Advanced Category Template plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.1. This is due to missing or incorrect nonce validation on an unknown function. This makes it possible for unauthenticated attackers to perform an...

8.8CVSS6.8AI score0.00286EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2023/12/23 12:0 a.m.27 views

Event Management Tickets Booking <= 1.3.4 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5.9CVSS5.2AI score0.00325EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2023/12/23 12:0 a.m.22 views

WooCommerce Menu Extension <= 1.6.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

Description The WooCommerce Menu Extension plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.6.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor-level and above...

6.5CVSS5.7AI score0.00303EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2023/12/23 12:0 a.m.25 views

WP Edit Username < 1.0.6 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5.9CVSS5.2AI score0.00291EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/12/23 12:0 a.m.29 views

Divi < 4.23.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

Description The Divi theme for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'etpbtext' shortcode in all versions up to, and including, 4.23.1 due to insufficient input sanitization and output escaping on user supplied custom field data. This makes it possible for...

6.4CVSS5.6AI score0.00325EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2023/12/23 12:0 a.m.20 views

Insert or Embed Articulate Content into WordPress < 4.3000000023 - Contributor+ Stored XSS

Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

6.5CVSS5.9AI score0.00309EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/12/23 12:0 a.m.30 views

Simple Counter <= 1.0.2 - Authenticated (Administrator+) Stored Cross-Site Scripting via settings

Description The Simple Counter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...

5.9CVSS5.7AI score0.00325EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2023/12/23 12:0 a.m.25 views

Seos Contact Form <= 1.8.0 - Authenticated (Administrator+) Stored Cross-Site Scripting

Description The Seos Contact Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.8.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-lev...

5.9CVSS5.7AI score0.00316EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2023/12/23 12:0 a.m.32 views

Currency Converter Widget < 3.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode

Description The Currency Converter Widget – Exchange Rates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 3.0.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes i...

6.5CVSS5.7AI score0.00303EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2023/12/23 12:0 a.m.34 views

Events Addon for Elementor < 2.1.3 - Missing Authorization

Description The Events Addon for Elementor plugin for WordPress is vulnerable to unauthorized modification of data due to missing capability checks on the naeventsbwsettingssavefunc, naeventsbwtogglesubmitfunc, naeventsprosettingssavefunc, naeventsprotogglesubmitfunc and naeventsuwsettingssavefun...

7.5CVSS6.8AI score0.0048EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/12/23 12:0 a.m.24 views

CSS & JavaScript Toolbox < 11.9 - Contributor+ Stored XSS

Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

6.5CVSS5.5AI score0.00328EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/12/23 12:0 a.m.25 views

iframe Shortcode <= 2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode

Description The iframe Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 2.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

6.5CVSS5.7AI score0.00321EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2023/12/22 12:0 a.m.22 views

easy.jobs < 2.4.7 - Subscriber+ Arbitrary Settings Update

Description The plugin does not properly secure some of its AJAX actions, allowing any logged-in users to modify its settings. PoC fetch"/wp-admin/admin-ajax.php", "headers": "content-type": "multipart/form-data; boundary=----WebKitFormBoundaryvEIqF0bdJXlPN58D", , "body":...

4.3CVSS6.5AI score0.00405EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2023/12/22 12:0 a.m.27 views

Backup Migration < 1.4.0 - Authenticated (Admin+) OS Command Injection via url

Description The Backup Migration plugin for WordPress is vulnerable to OS Command Injection in all versions up to, and including, 1.3.9 via the 'url' parameter. This vulnerability allows authenticated attackers, with administrator-level permissions and above, to execute arbitrary commands on the...

7.2CVSS7.9AI score0.45898EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/12/22 12:0 a.m.17 views

WP Crowdfunding < 2.1.10 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC Affected settings: - Crowdfunding...

4.8CVSS5.5AI score0.00402EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2023/12/22 12:0 a.m.34 views

Photo Gallery by 10Web < 1.8.19 - Authenticated (Administrator+) Stored Cross-Site Scripting via Widget

Description The Photo Gallery by 10Web plugin for WordPress is vulnerable to Stored Cross-Site Scripting via widgets in versions up to, and including, 1.8.18 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers...

4.8CVSS5.8AI score0.00461EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/12/22 12:0 a.m.31 views

Paid Memberships Pro < 2.12.6 - Missing Authorization via API

Description The Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions plugin for WordPress is vulnerable to unauthorized modification of membership levels created by the plugin due to an incorrectly implemented capability check in the pmprorestapigetpermissionscheck...

5.3CVSS6.7AI score0.00508EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/12/22 12:0 a.m.34 views

Backup Migration < 1.4.0 - Unauthenticated Path Traversal to Arbitrary File Deletion

Description The Backup Migration plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.3.9 via the 'content-backups' and 'content-name', 'content-manifest', or 'content-bmitmp' and 'content-identy' HTTP headers. This makes it possible for unauthenticated...

9.8CVSS8AI score0.0139EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/12/22 12:0 a.m.21 views

Backup Migration 1.0.8 - 1.3.9 - Remote File Inclusion via content-dir

Description The Backup Migration plugin for WordPress is vulnerable to Remote File Inclusion in versions 1.0.8 to 1.3.9 via the 'content-dir' HTTP header. This makes it possible for unauthenticated attackers to include remote files on the server, resulting in code execution. NOTE: Successful...

9.8CVSS7.6AI score0.06419EPSS
Exploits0References1Affected Software1
Total number of security vulnerabilities14602