Lucene search
K
WpvulndbRecent

14602 matches found

WPVulnDB
WPVulnDB
added 2023/12/07 12:0 a.m.15 views

WP Staging (Free < 3.1.3, Pro < 5.1.3) - Unauthenticated Backup Download

Description The plugin does not prevent visitors from leaking key information about ongoing backups processes, allowing unauthenticated attackers to download said backups later. PoC The plugin creates temporary cache files when backing up sites, which are publicly accessible to anyone. Said cache...

7.5CVSS6.3AI score0.00782EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/12/07 12:0 a.m.21 views

Antispam Bee < 2.11.4 - IP Address Spoofing via get_client_ip

Description The Antispam Bee plugin for WordPress is vulnerable to IP Address Spoofing in all versions up to, and including, 2.11.3 due to use of user-supplied HTTP headers as a primary method for IP retrieval. This makes it possible for unauthenticated attackers to bypass country blocking...

6.5AI score0.00372EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/12/07 12:0 a.m.21 views

Ocean Extra < 2.2.3 - Cross-Site Request Forgery to Arbitrary Plugin Activation

Description The Ocean Extra plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2.2. This is due to missing or incorrect nonce validation on the ajaxrequiredpluginsactivate function. This makes it possible for unauthenticated attackers to...

8.8CVSS6.2AI score0.00286EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/12/06 12:0 a.m.14 views

Royal Elementor Addons and Templates < 1.3.81 - Unauthenticated Arbitrary Post Read

Description The plugin does not ensure that users accessing posts via an AJAX action and REST endpoint, currently disabled in the plugin have the right to do so, allowing unauthenticated users to access arbitrary draft, private and password protected posts/pages content PoC WooCommerce needs to b...

7.5CVSS7AI score0.0071EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2023/12/05 12:0 a.m.6 views

Geo Controller < 8.5.3 - Authenticated (Administrator+) Stored Cross-Site Scripting

Description The Geo Controller plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 8.5.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...

5.9AI score
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/12/05 12:0 a.m.13 views

Ecwid Ecommerce Shopping Cart < 6.12.5 - Arbitrary Plugin Settings Change via CSRF

Description The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack. PoC http://vulnerable-site.tld/wp-admin/admin-ajax.php?action=ecwidstorefrontsetpageslug=hehehehe Besides, you can disable the...

4.3CVSS6.5AI score0.00217EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2023/12/05 12:0 a.m.8 views

WPGetAPI 2.1.0 - 2.2.1 - Authenticated (Subscriber+) Arbitrary Options Update

Description The WPGetAPI plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the importendpoints function in versions 2.1.0 - 2.2.1. This makes it possible for authenticated attackers, with subscriber-level access and above, to update...

6.9AI score
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/12/05 12:0 a.m.11 views

Marker.io < 1.1.7 - Cross-Site Request Forgery

Description The Marker.io plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.6. This is due to missing nonce validation on the markeriosavedestination and markeriosaveoption functions. This makes it possible for unauthenticated attackers to modi...

6.6AI score
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/12/04 12:0 a.m.32 views

MW WP Form < 5.0.2 - Unauthenticated Arbitrary File Upload

Description The plugin does not properly handle unauthorised files from being uploaded, only logging the issue without stopping the process, allowing unauthenticated users to upload arbitrary files to the server when the 'Saving inquiry data in database' settings is enabled in the plugin...

9.8CVSS6.7AI score0.01448EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/12/04 12:0 a.m.17 views

JSON Content Importer < 1.5.4 - Reflected XSS

Description The plugin does not sanitise and escape the tab parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin PoC Make a logged in admin open:...

6.1CVSS5.8AI score0.0042EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2023/12/04 12:0 a.m.25 views

Duplicator < 1.5.7.1; Duplicator Pro < 4.5.14.2 - Unauthenticated Sensitive Data Exposure

Description The plugin does not disallow listing the backups-dup-lite/tmp directory or the backups-dup-pro/tmp directory in the Pro version, which temporarily stores files containing sensitive data. When directory listing is enabled in the web server, this allows unauthenticated attackers to...

7.5CVSS8.7AI score0.30894EPSS
Exploits5References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/12/02 12:0 a.m.22 views

Happyforms < 1.25.10 - Reflected Cross-Site Scripting

Description The plugin does not sanitise and escape a parameter before outputting it back in an hidden attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

7.1CVSS6.4AI score0.00412EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/12/02 12:0 a.m.18 views

SoundCloud Shortcode < 4.0.0 - Authenticated (Administrator+) Stored Cross-Site Scripting

Description The SoundCloud Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 3.1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

5.9CVSS5.4AI score0.00397EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/12/02 12:0 a.m.21 views

Campaign Monitor for WordPress < 2.8.14 - Reflected Cross-Site Scripting

Description The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

7.1CVSS6.4AI score0.00412EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/12/02 12:0 a.m.15 views

360 Javascript Viewer < 1.7.12 - Unauthenticated Settings Update

Description The plugin does not have authorisation check when updating its settings, which could allow unauthenticated users to update them...

9.5AI score0.00562EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2023/12/02 12:0 a.m.13 views

Download canvasio3D Light <= 2.5.0 - Subscriber+ Entries Update/Deletion

Description The plugin is vulnerable to unauthorized access & modification of data due to a missing capability check on the caARConnect function, allowing authenticated attackers, with subscriber-level access and above, to retrieve data from the plugin and save/delete entries...

9.2AI score0.00457EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2023/12/02 12:0 a.m.19 views

Molongui < 4.6.20 - Authenticated (Administrator+) Stored Cross-Site Scripting

Description The Author Box, Guest Author and Co-Authors for Your Posts – Molongui plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 4.6.19 due to insufficient input sanitization and output escaping. This makes it possible fo...

5.9CVSS5.9AI score0.00386EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/12/02 12:0 a.m.30 views

JetBlocks For Elementor < 1.3.8.1 - Reflected Cross Site Scripting

Description The JetBlocks for Elementor plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 1.3.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in...

7.1CVSS6.2AI score0.00412EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/12/02 12:0 a.m.17 views

Multiple Post Passwords < 1.1.2 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5.9CVSS7.2AI score0.00394EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/12/02 12:0 a.m.15 views

Evergreen Content Poster < 1.4.1 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5.9CVSS5.2AI score0.00386EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/12/02 12:0 a.m.15 views

IdeaPush < 8.58 - Subscriber+ Memory Tab/Routine/Taxonomy Creation

Description The plugin does not have authorisation in various AJAX calls, allowing any authenticated users, such as subscriber to create memory tabs, routines and taxonomies...

6.9AI score0.00462EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/12/02 12:0 a.m.22 views

Delete Post Revisions In WordPress <= 4.6 - Cross-Site Request Forgery

Description The delete-post-revisions-on-single-click theme for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.6. This is due to missing or incorrect nonce validation on the createadminpage function. This makes it possible for unauthenticated attacke...

8.8CVSS6.4AI score0.00264EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2023/12/02 12:0 a.m.16 views

Simple Long Form <= 2.2.2 - Authenticated (Administrator+) Stored Cross-Site Scripting

Description The Simple Long Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.2.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-leve...

5.9CVSS5.7AI score0.00394EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2023/12/01 12:0 a.m.26 views

Restricted Site Access <= 7.4.1 - IP Spoofing to Protection Mechanism Bypass

Description The Restricted Site Access plugin for WordPress is vulnerable to IP Address Spoofing in versions up to, and including, 6.3.0. This is due to insufficient restrictions on where the IP Address information is being retrieved for user IP Addresses. This makes it possible for attackers to...

7AI score0.0035EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2023/12/01 12:0 a.m.25 views

Backup Migration < 1.3.7 - Unauthenticated Arbitrary File Download to Sensitive Information Exposure

Description The Backup Migration plugin for WordPress is vulnerable to unauthorized access of data due to insufficient path and file validation on the BMIBACKUP case of the handledownloading function in all versions up to, and including, 1.3.6. This makes it possible for unauthenticated attackers...

7.5CVSS6.3AI score0.02072EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/12/01 12:0 a.m.115 views

Contact Form 7 < 5.8.4 - Authenticated (Editor+) Arbitrary File Upload

Description The Contact Form 7 plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'validate' function and insufficient blocklisting on the 'wpcf7antiscriptfilename' function in versions up to, and including, 5.8.3. This makes it possible f...

7.2CVSS7.6AI score0.01732EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/12/01 12:0 a.m.28 views

Hotel Booking Lite < 4.8.5 - Unauthenticated Arbitrary File Download & Deletion

Description The plugin does not validate file paths provided via user input, as well as does not have proper CSRF and authorisation checks, allowing unauthenticated users to download and delete arbitrary files on the server PoC To download /etc/passwd: curl...

9.8CVSS6.8AI score0.03313EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/30 12:0 a.m.16 views

WP Sessions Time Monitoring Full Automatic < 1.0.9 - Unauthenticated SQL injection

Description The plugin does not sanitize the request URL or query parameters before using them in an SQL query, allowing unauthenticated attackers to extract sensitive data from the database via blind time based SQL injection techniques, or in some cases an error/union based technique. PoC Blind...

7.5CVSS8AI score0.02221EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/30 12:0 a.m.34 views

Qode Essential Addons < 1.5.3 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Installation/Activation

Description The Qode Essential Addons plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the installplugin function in all versions up to, and including, 1.5.2. This makes it possible for authenticated attackers, with subscriber-level acce...

9.9CVSS6.8AI score0.01408EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/30 12:0 a.m.24 views

12 Step Meeting List < 3.14.25 - Authenticated (Contributor+) Server-Side Request Forgery

Description The 12 Step Meeting List plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 3.14.24 via the tsmladddatasource parameter. This makes it possible for authenticated attackers, with contributor-level access and above, to make web reques...

5.4CVSS5.5AI score0.00312EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2023/11/30 12:0 a.m.18 views

Quiz Maker < 6.4.9.5 - Reflected Cross-Site Scripting

Description The plugin does not escape generated URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting PoC Visit the following URL: https://example.com/wp-admin/admin.php?page=quiz-maker-questions%22%3E%3Cscript%3Ealert/xss/%3C/script%3E=something...

6.1CVSS6.4AI score0.0042EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/30 12:0 a.m.10 views

Participants Database < 2.5.6 - Missing Authorization

Description The Participants Database plugin for WordPress is vulnerable to unauthorized manipulation of data due to a missing capability check on several functions hooked via admin-post in all versions up to, and including, 2.5.5. This makes it possible for unauthenticated attackers to add and...

8.8CVSS7AI score0.0025EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/30 12:0 a.m.18 views

Debug Log Manager < 2.2.2 - Debug Log Clearing via CSRF

Description The plugin does not have CSRF checks when clearing debug logs, which could allow attackers to make logged in admins perform such action via a CSRF attack...

4.3CVSS6.8AI score0.00259EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/30 12:0 a.m.14 views

Quiz Maker < 6.4.9.5 - Unauthenticated Email Address Disclosure

Description The plugin does not adequately authorize the aysquizauthorusersearch AJAX action, allowing an unauthenticated attacker to perform a search for users of the system, ultimately leaking user email addresses. PoC import string import requests baseurl =...

5.3CVSS6.5AI score0.00565EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/29 12:0 a.m.49 views

eCommerce Product Catalog for WordPress < 3.3.27 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

Description The eCommerce Product Catalog Plugin for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's iccontainer shortcode in all versions up to, and including, 3.3.26 due to insufficient input sanitization and output escaping on user supplied...

6.5CVSS5.7AI score0.00409EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/29 12:0 a.m.9 views

Maspik – Spam blacklist < 0.9.3 - Unauthenticated Stored Cross-Site Scripting via efas_add_to_log

Description The Maspik – Spam Blacklist plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the efasaddtolog function in all versions up to, and including, 0.9.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to...

7.1CVSS6.2AI score0.00412EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/29 12:0 a.m.17 views

WordPress Job Board and Recruitment Plugin – JobWP < 2.2 - Sensitive Information Exposure

Description The WordPress Job Board and Recruitment Plugin – JobWP plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.1. This makes it possible for unauthenticated attackers to extract sensitive user data via resumes...

7.5CVSS6.9AI score0.00509EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/29 12:0 a.m.27 views

Enfold < 5.6.5 - Reflected Cross-Site Scripting

Description The Enfold - Responsive Multi-Purpose Theme theme for WordPress is vulnerable to Reflected Cross-Site Scripting via an unknown parameter in all versions up to, and including, 5.6.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...

7.1CVSS6.5AI score0.00403EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/29 12:0 a.m.49 views

Form Maker < 1.15.21 - Captcha Bypass

Description The Form Maker plugin for WordPress is vulnerable to Captcha Bypass in versions up to, and including, 1.15.20 due to insufficient input verification. This makes it possible for unauthenticated attackers to automate form submissions...

7AI score0.00374EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/29 12:0 a.m.24 views

Grab & Save <= 1.0.4 - Cross-Site Request Forgery

Description The Grab & Save plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.4. This is due to missing or incorrect nonce validation on the mediaprocess function. This makes it possible for unauthenticated attackers to upload images via a forg...

6.7AI score0.00172EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2023/11/29 12:0 a.m.22 views

Salient Core < 2.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting

Description The salient-core plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 2.0.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

6.5CVSS5.9AI score0.00385EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/29 12:0 a.m.17 views

wpForo Forum < 2.2.4 - Authenticated (Subscriber+) Stored Cross-Site Scripting

Description The wpForo Forum plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.2.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject...

6.5CVSS5.9AI score0.00377EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/29 12:0 a.m.16 views

Perfmatters < 2.1.7 - Cross-Site Request Forgery

Description The Perfmatters plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.1.6. This is due to missing or incorrect nonce validation on an unknown function. This makes it possible for unauthenticated attackers to perform an unknown action...

8.8CVSS9.4AI score0.0024EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/29 12:0 a.m.23 views

WP Forms Puzzle Captcha <= 4.1 - Cross-Site Request Forgery to Cross-Site Scripting

Description The WP Forms Puzzle Captcha plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.1. This is due to missing or incorrect nonce validation on one of its functions. This makes it possible for unauthenticated attackers to invoke this functio...

7.1CVSS6.3AI score0.00207EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2023/11/29 12:0 a.m.35 views

Contact Form to Any API < 1.1.7 - Subscriber+ API Entry Record Deletion

Description The plugin does not have authorisation check when deleting CF7 API entry records, which could allow any authenticated users, such as subscriber to delete them...

9.3AI score0.00465EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/29 12:0 a.m.10 views

BlossomThemes Email Newsletter < 2.2.5 - Missing Authorization

Description The BlossomThemes Email Newsletter plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the btengetmailinglist function in versions up to, and including, 2.2.4. This makes it possible for unauthenticated attackers to obtain a mailing...

6.9AI score0.00362EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/29 12:0 a.m.18 views

Super Progressive Web Apps < 2.2.22 - Missing Authorization

Description The Super Progressive Web Apps plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the superpwanewslettersubmit function hooked via a nopriv AJAX action in versions up to, and including, 2.2.21. This makes it possible for...

9.2AI score0.00584EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/29 12:0 a.m.16 views

wpForo Forum < 2.2.6 - Subscriber+ Content Injection

Description The plugin does not properly escape user input, allowing any authenticated users, such as Subscriber to inject content...

9.3AI score0.00296EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/29 12:0 a.m.27 views

WP Shortcodes Plugin — Shortcodes Ultimate < 7.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

Description The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's sumeta shortcode combined with post meta data in all versions up to, and including, 5.13.3 due to insufficient input sanitization and output escaping on us...

6.4CVSS5.7AI score0.00485EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/29 12:0 a.m.44 views

Footer Putter <= 6.1.3 - Reflected Cross-Site Scripting

Description The Footer Putter plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via an unknown parameter in all versions up to, and including, 6.1.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

7.1CVSS6.5AI score0.00437EPSS
Exploits0References1
Total number of security vulnerabilities14602