Lucene search
K
WpvulndbRecent

14602 matches found

WPVulnDB
WPVulnDB
added 2023/12/21 12:0 a.m.37 views

Essential Blocks < 4.4.3 - Unauthenticated Local File Inclusion

Description The plugin does not prevent unauthenticated attackers from overwriting local variables when rendering templates over the REST API, which may lead to Local File Inclusion attacks. PoC curl --url...

9.8CVSS6.5AI score0.50673EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/12/21 12:0 a.m.13 views

Post SMTP < 2.6.1 - Authenticated (Administrator+) SQL Injection

Description The Post SMTP plugin for WordPress is vulnerable to time-based SQL Injection via the logid parameter in versions up to, and including, 2.6.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible...

7.5AI score
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/12/21 12:0 a.m.14 views

WP Custom Widget Area <= 1.2.5 - Subscriber+ Menus Creation/Deletion/Update

Description The plugin does not properly apply capability and nonce checks on any of its AJAX action callback functions, which could allow attackers with subscriber+ privilege to create, delete or modify menus on the site. PoC Log in as a subscriber, and paste any of the following fetch call in...

4.3CVSS6.4AI score0.00386EPSS
Exploits2
WPVulnDB
WPVulnDB
added 2023/12/21 12:0 a.m.14 views

Keap Official Opt-in Forms <= 1.0.11 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example, in multisite setup. PoC 1. Store the script in...

4.8CVSS5.4AI score0.00402EPSS
Exploits2
WPVulnDB
WPVulnDB
added 2023/12/21 12:0 a.m.23 views

DeMomentSomTres WordPress Export Posts With Images <= 20220825 - Subscriber+ unauthorized data export

Description The plugin does not check authorization of requests to export the blog data, allowing any logged in user, such as subscribers to export the contents of the blog, including restricted and unpublished posts, as well as passwords of protected posts. PoC...

8.1CVSS6.5AI score0.00579EPSS
Exploits2
WPVulnDB
WPVulnDB
added 2023/12/21 12:0 a.m.20 views

JSM file_get_contents() Shortcode < 2.7.1 - Contributor+ SSRF

Description The plugin does not validate one of its shortcode's parameters before making a request to it, which could allow users with contributor role and above to perform SSRF attacks. PoC wpfgc url="http://127.0.0.1:8084"...

8.8CVSS6.5AI score0.00694EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2023/12/21 12:0 a.m.15 views

EazyDocs < 2.3.6 - Subscriber+ Arbitrary Posts Deletion and Document Management

Description The plugin does not have authorization and CSRF checks when handling documents and does not ensure that they are documents from the plugin, allowing any authenticated users, such as subscriber to delete arbitrary posts, as well as add and delete documents/sections. PoC 1. Install the...

7.5CVSS6.5AI score0.00248EPSS
Exploits3Affected Software1
WPVulnDB
WPVulnDB
added 2023/12/21 12:0 a.m.15 views

Easy Forms for Mailchimp < 6.9.0 - Admin+ Stored Cross-Site Scripting

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed PoC 1 Create a new opt-in form 2 Edit the form, and add a "First name" field. 3 Update the...

4.8CVSS4.8AI score0.00402EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2023/12/21 12:0 a.m.16 views

Post SMTP < 2.8.7 - Reflected Cross-Site Scripting

Description The plugin does not sanitise and escape the msg parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. PoC Make a logged in admin open the following URL:...

6.1CVSS5.8AI score0.00401EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2023/12/21 12:0 a.m.16 views

Post SMTP < 2.8.7 - Admin+ SQL Injection

Description The plugin does not properly sanitise and escape several parameters before using them in SQL statements, leading to a SQL injection exploitable by high privilege users such as admin. PoC In ps-delete-email-logs action: Visit the Post SMTP Email Log page and run the following code in t...

7.2CVSS7.2AI score0.14169EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2023/12/20 12:0 a.m.9 views

Post Meta Data Manager < 1.2.1 - Missing Authorization to Post, Term, and User Meta Deletion

Description The Post Meta Data Manager plugin for WordPress is vulnerable to unauthorized modification and loss of data due to missing capability checks on the pmdmwpajaxdeletemeta, pmdmwpdeleteusermeta, and pmdmwpdeleteusermeta functions hooked via nopriv AJAX actions in all versions up to, and...

7.1AI score
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/12/20 12:0 a.m.7 views

Simple Calendar < 3.2.5 - Cross-Site Request Forgery via duplicate_feed

Description The Simple Calendar – Google Calendar Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to 3.2.5 exclusive. This is due to missing or incorrect nonce validation on the duplicatefeed function. This makes it possible for unauthenticated attackers...

6.5AI score
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/12/20 12:0 a.m.27 views

Limit Login Attempts Reloaded < 2.25.27 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

Description The Limit Login Attempts Reloaded plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 2.25.26 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible...

6.4CVSS5.6AI score0.0043EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/12/19 12:0 a.m.10 views

GeoDirectory < 2.3.29 - Authenticated (Administrator+) SQL Injection via orderby

Description The GeoDirectory plugin for WordPress is vulnerable to SQL Injection via the ‘orderby’ parameter in all versions up to, and including, 2.3.28 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possibl...

7.5AI score
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/12/19 12:0 a.m.22 views

Simple Membership < 4.3.9 - Reflected Cross-Site Scripting Vulnerability via environment_mode

Description The Simple Membership plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘environmentmode’ parameter in all versions up to, and including, 4.3.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers t...

6.1CVSS6.2AI score0.00377EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/12/19 12:0 a.m.35 views

AMP for WP – Accelerated Mobile Pages < 1.0.92.1 - Authenticated (Contributor+) Cross-Site Scripting via Shortcode

Description The AMP for WP – Accelerated Mobile Pages plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 1.0.92 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

6.4CVSS5.9AI score0.00449EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/12/19 12:0 a.m.12 views

Envo Extra < 1.8.4 - Cross-Site Request Forgery

Description The Envo Extra plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.8.3. This is due to missing or incorrect nonce validation on the ajaxrequiredpluginsactivate function. This makes it possible for unauthenticated attackers to activate...

6.6AI score
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/12/19 12:0 a.m.17 views

SpeedyCache < 1.1.4 - Missing Authorization to Plugin Options Update

Description The SpeedyCache plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the speedycachesavevarniship, speedycacheimgupdatesettings, speedycachepreloadingaddsettings, and speedycachepreloadingdeleteresource functions in all versions ...

4.3CVSS6.2AI score0.00358EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/12/19 12:0 a.m.24 views

Slick Social Share Buttons <= 2.4.11 - Authenticated (Subscriber+) Arbitrary Option Update

Description The Slick Social Share Buttons plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'dcssbajaxupdate' function in versions up to, and including, 2.4.11. This makes it possible for authenticated attackers, with subscriber-leve...

8.8CVSS6.1AI score0.00487EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2023/12/19 12:0 a.m.35 views

Enable Media Replace < 4.1.5 - Reflected Cross-Site Scripting

Description The Enable Media Replace plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the SHORTPIXELDEBUG parameter in all versions up to, and including, 4.1.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers ...

6.1CVSS6.2AI score0.00493EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/12/19 12:0 a.m.16 views

Jquery news ticker < 3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

Description The Jquery news ticker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'jquery-news-ticker' shortcode in versions up to, and including, 3.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS5.7AI score0.00426EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/12/19 12:0 a.m.19 views

MW WP Form < 5.0.4 - Improper Limitation of File Name to Unauthenticated Arbitrary File Deletion

Description The MW WP Form plugin for WordPress is vulnerable to arbitrary file deletion in all versions up to, and including, 5.0.3. This is due to the plugin not properly validating the path of an uploaded file prior to deleting it. This makes it possible for unauthenticated attackers to delete...

9.8CVSS7.9AI score0.01313EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/12/19 12:0 a.m.9 views

Just Custom Fields <= 3.3.2 - Cross-Site Request Forgery on AJAX Actions

Description The Just Custom Fields plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.3.2. This is due to missing or incorrect nonce validation on multiple AJAX actions. This makes it possible for unauthenticated attackers to create, modify, a...

6.7AI score
Exploits0References1
WPVulnDB
WPVulnDB
added 2023/12/19 12:0 a.m.23 views

Post Grid Combo – 36+ Gutenberg Blocks < 2.2.65 - Authenticated (Contributor+) Cross-Site Scripting

Description The Post Grid Combo – 36+ Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the custom JS parameter in all versions up to, and including, 2.2.64 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

6.4CVSS5.8AI score0.00348EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/12/19 12:0 a.m.9 views

404 Solution < 2.33.1 - Sensitive Information Exposure

Description The 404 Solution plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.33.0. This makes it possible for unauthenticated attackers to extract sensitive user or configuration data...

6.9AI score
Exploits0References1
WPVulnDB
WPVulnDB
added 2023/12/19 12:0 a.m.21 views

WP Shortcodes Plugin — Shortcodes Ultimate < 7.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

Description The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'subutton', 'sumembers', and 'sutabs' shortcodes in all versions up to, and including, 7.0.0 due to insufficient input sanitization and output escaping on...

5.4CVSS5.7AI score0.00473EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/12/19 12:0 a.m.19 views

Image horizontal reel scroll slideshow < 13.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

Description The Image horizontal reel scroll slideshow plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'ihrss-gallery' shortcode in versions up to, and including, 13.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

6.4CVSS5.7AI score0.00445EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/12/18 12:0 a.m.17 views

Essential Real Estate < 4.4.0 - Subscriber+ Stored XSS

Description The plugin does not apply proper capability checks on its AJAX actions, which among other things, allow attackers with a subscriber account to conduct Stored XSS attacks. PoC 1. Login with a subscriber account, and visit https://vulnerable-site.tld/wp-admin/profile.php?action=delete...

5.4CVSS5.4AI score0.00403EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2023/12/18 12:0 a.m.15 views

Clone < 2.4.3 - Unauthenticated Backup Download

Description The plugin uses buffer files to store in-progress backup informations, which is stored at a publicly accessible, statically defined file path. PoC While a backup job is running, visitors can access one of the following files it might take a couple tries, as the timing needs to be righ...

7.5CVSS6.4AI score0.01961EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/12/18 12:0 a.m.16 views

Essential Real Estate < 4.4.0 - Subscriber+ Denial of Service via Arbitrary Option Update

Description The plugin does not apply proper capability checks on its AJAX actions, which among other things, allow attackers with a subscriber account to conduct Denial of Service attacks. PoC 1. login, and visit https://vulnerable-site.tld/wp-admin/profile.php?action=delete 2. run the following...

6.5CVSS6.4AI score0.00609EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2023/12/18 12:0 a.m.13 views

WP Blogs' Planetarium <= 1.0 - Settings Update via CSRF

Description The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack PoC...

8.8CVSS8.6AI score0.00348EPSS
Exploits2References1
WPVulnDB
WPVulnDB
added 2023/12/18 12:0 a.m.20 views

Essential Real Estate < 4.4.0 - Subscriber+ Arbitrary File Upload

Description The plugin does not prevent users with limited privileges on the site, like subscribers, from momentarily uploading malicious PHP files disguised as ZIP archives, which may lead to remote code execution. PoC from io import BytesIO import requests import zipfile import sys import re if...

8.8CVSS9AI score0.01095EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2023/12/18 12:0 a.m.11 views

WP Custom Cursors <= 3.2 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC The PoC will be displayed on...

4.8CVSS5.9AI score0.00335EPSS
Exploits1
WPVulnDB
WPVulnDB
added 2023/12/16 12:0 a.m.19 views

Getwid < 2.0.3 - Unauthenticated Arbitrary Email Sending to Admin

Description Any unauthenticated user may send e-mail from the site with any title or content to the admin PoC fetch"http://127.0.0.1:8001/wp-admin/admin-ajax.php?action=getwidsendmail", "headers": "content-type": "application/x-www-form-urlencoded", , "body": "datasubject=Urgent WordPress update...

7.5CVSS6.6AI score0.00563EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2023/12/16 12:0 a.m.10 views

GTG Product Feed for Shopping <= 1.2.4 - Unauthenticated Settings Update

Description The plugin does not have authorisation check when updating its settings, which could allow unauthenticated users to update them...

6.5CVSS6.3AI score0.00541EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2023/12/16 12:0 a.m.10 views

CommentTweets <= 0.6 - Settings Update via CSRF

Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks PoC...

8.8CVSS8.7AI score0.00317EPSS
Exploits1References1
WPVulnDB
WPVulnDB
added 2023/12/15 12:0 a.m.24 views

Essential Real Estate < 4.4.0 - Subscriber+ Arbitrary File Upload

Description The plugin does not properly validate uploaded files via the ajaxUploadFonts function, allowing any authenticated users, such as subscriber to upload arbitrary files...

8.8CVSS6.9AI score0.01265EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/12/15 12:0 a.m.30 views

Duplicator < 1.3.0 - Unauthenticated RCE

Description The plugin does not properly escape values when its installer script replaces values in WordPress configuration files. If this installer script is left on the site after use, it could be use to run arbitrary code on the server. PoC Steps to Reproduce Setup Download WAMP with the...

9.8CVSS6.9AI score0.00916EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2023/12/15 12:0 a.m.14 views

Featured Image from URL (FIFU) < 4.5.4 - Contributor+ Stored XSS

Description The plugin does not sanitise and escape the featured image alt text, which could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks...

6.4CVSS5.8AI score0.0045EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/12/15 12:0 a.m.33 views

E2Pdf < 1.20.26 - Admin+ Arbitrary File Upload

Description The plugin does not properly validate upload files via the importaction function, allowing users having access to the plugin by default admin to upload arbitrary files...

7.2CVSS7AI score0.01274EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/12/15 12:0 a.m.18 views

Email Subscription Popup < 1.2.20 - Reflected XSS

Description The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin PoC Make a logged in admin open...

6.1CVSS5.8AI score0.00442EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2023/12/14 12:0 a.m.50 views

Slider Revolution < 6.6.19 - Author+ Insecure Deserialization leading to RCE

Description The plugin does not prevent users with at least the Author role from unserializing arbitrary content when importing sliders, potentially leading to Remote Code Execution. PoC 1. Make sure to configure the plugin so Authors can access its settings 2. Create a new slider. 3. Save and...

8.8CVSS7.2AI score0.0137EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2023/12/14 12:0 a.m.14 views

WP VR < 8.3.15 - Unauthenticated Plugin Downgrade leading to XSS

Description The plugin does not authorisation and CSRF in a function hooked to admininit, allowing unauthenticated users to downgrade the plugin, thus leading to Reflected or Stored XSS, as previous versions have such vulnerabilities. v3.8.15 partially fixed the issue as the wrong capability chec...

6.1CVSS6.9AI score0.00219EPSS
Exploits1Affected Software1
WPVulnDB
WPVulnDB
added 2023/12/14 12:0 a.m.22 views

Greenshift – animation and page builder blocks < 7.6.3 - Authenticated (Administrator+) Arbitrary File Upload

Description The Greenshift – animation and page builder blocks plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation on the 'gspbsavefiles' function in versions up to, and including, 7.6.2. This makes it possible for authenticated attackers with...

7.2CVSS8AI score0.01274EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/12/14 12:0 a.m.15 views

WP Crowdfunding < 2.1.9 - Reflected XSS

Description The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin PoC 1. Add a "Campaign Search" widget to your site via Appearance Customise Widgets for...

6.1CVSS5.8AI score0.0042EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2023/12/13 12:0 a.m.22 views

Multiple Plugins by KlbTheme - Reflected Cross-Site Scripting

Description The plugins do not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

7.1CVSS6AI score0.00465EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2023/12/13 12:0 a.m.11 views

Multiple Themes by KlbTheme - Cross-Site Request Forgery

Description The themes do not have CSRF checks in some places, which could allow attackers to make logged in admins perform unwanted actions via CSRF attacks...

4.3CVSS6.8AI score0.00261EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2023/12/13 12:0 a.m.19 views

WP Photo Album Plus < 8.6.01.005 - IP Spoofing

Description The plugin does not properly check for IP addresses, allowing attackers to spoof IP addresses via headers and bypass the login protection offered by the plugin...

9.4AI score0.00311EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/12/13 12:0 a.m.18 views

Debug Log Manager < 2.3.0 - Sensitive Logs Exposure

Description The plugin contains a Directory listing vulnerability was discovered, which allows you to download the debug log without authorization and gain access to sensitive data PoC https://yoursite/wordpress/wp-content/uploads/debug-log-manager/...

7.5CVSS6.5AI score0.00647EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/12/13 12:0 a.m.13 views

Ovic Responsive WPBakery < 1.2.9 - Subscriber+ Option Update

Description The plugin does not limit which options can be updated via some of its AJAX actions, which may allow attackers with a subscriber+ account to update blog options, such as 'userscanregister' and 'defaultrole'. It also unserializes user input in the process, which may lead to Object...

8.8CVSS8.9AI score0.0056EPSS
Exploits1Affected Software1
Total number of security vulnerabilities14602