Lucene search
K
WpvulndbRecent

14602 matches found

WPVulnDB
WPVulnDB
•added 2023/11/29 12:0 a.m.•15 views

Laposta Signup Basic < 1.4.2 - Missing Authorization

Description The Laposta Signup Basic plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajaxResetCache function in versions up to, and including, 1.4.1. This makes it possible for subscriber-level attackers or higher to delete the...

6.8AI score
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
•added 2023/11/29 12:0 a.m.•17 views

rtMedia for WordPress, BuddyPress and bbPress < 4.6.16 - Subscriber+ RCE

Description The plugin does not validate files to be uploaded, which could allow attackers with a low-privilege account e.g. subscribers to upload arbitrary files such as PHP on the server PoC If plugin JSON API is enabled, any logged-in user may execute arbitrary code by uploading a PHP file...

8.8CVSS7.4AI score0.00816EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2023/11/29 12:0 a.m.•18 views

Booster for WooCommerce < 7.1.3 - Missing Authorization to Product Creation/Modification

Description The Booster for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wcjproductaddnew function in all versions up to, and including, 7.1.2. This makes it possible for authenticated attackers, with subscriber-level...

6.7AI score0.00405EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
•added 2023/11/29 12:0 a.m.•27 views

HUSKY – Products Filter for WooCommerce (formerly WOOF) < 1.3.4.3 - Missing Authorization via woof_meta_get_keys()

Description The HUSKY – Products Filter for WooCommerce formerly WOOF plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the woofmetagetkeys function in versions up to, and including, 1.3.4.2. This makes it possible for authenticated attackers,...

6.7AI score0.00477EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
•added 2023/11/29 12:0 a.m.•10 views

Export WP Page to Static HTML/CSS < 2.2.0 - Missing Authorization via Multiple AJAX Actions

Description The Export WP Page to Static HTML/CSS plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on multiple AJAX actions in all versions up to, and including, 2.1.9. This makes it possible for authenticated attackers,...

5.4CVSS5.9AI score0.00458EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
•added 2023/11/29 12:0 a.m.•14 views

Events Manager < 6.4.6 - Reflected Cross-Site Scripting

Description The Events Manager plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via an unknown parameter in all versions up to, and including, 6.4.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

7.1CVSS6.5AI score0.00403EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
•added 2023/11/29 12:0 a.m.•15 views

Theme Editor < 2.8 - Admin+ Arbitrary File Upload

Description The plugin is vulnerable to arbitrary file uploads which could allow users with administrator privileges or higher to upload arbitrary files on the affected site's server which may make remote code execution possible...

9.8AI score0.00603EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
•added 2023/11/28 12:0 a.m.•12 views

Frontier Post <= 6.1 - Cross-Site Request Forgery

Description The Frontier Post plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 6.1. This is due to missing or incorrect nonce validation on an unknown function. This makes it possible for unauthenticated attackers to perform an unauthorized action...

8.8CVSS6.6AI score0.00254EPSS
Exploits0References1
WPVulnDB
WPVulnDB
•added 2023/11/28 12:0 a.m.•17 views

Bulk Comment Remove <= 2 - Cross-Site Request Forgery via brc_admin()

Description The Bulk Comment Remove plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2. This is due to missing or incorrect nonce validation on the brcadmin function. This makes it possible for unauthenticated attackers to delete comments in bulk...

8.8CVSS6.6AI score0.00254EPSS
Exploits0References1
WPVulnDB
WPVulnDB
•added 2023/11/28 12:0 a.m.•13 views

Awesome Support < 6.1.5 - Missing Authorization via wpas_edit_reply_ajax()

Description The Awesome Support plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wpaseditreplyajax function in versions up to, and including, 6.1.4. This makes it possible for authenticated attackers, with subscriber-level access and...

6.7AI score0.00462EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
•added 2023/11/28 12:0 a.m.•8 views

WCMultiShipping < 2.3.6 - Missing Authorization to Log Export

Description The WCMultiShipping plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the wmsexportlog function in all versions up to, and including, 2.3.5. This makes it possible for authenticated attackers, with subscriber-level access and above,...

6.7AI score0.00476EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
•added 2023/11/28 12:0 a.m.•18 views

Seraphinite Post .DOCX Source < 2.16.7 - Settings Update/Reset/Import via CSRF

Description The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin perform such actions CSRF attacks...

8.8CVSS9AI score0.00256EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
•added 2023/11/28 12:0 a.m.•13 views

Availability Calendar <= 1.2.6 - Cross-Site Request Forgery via add_availability_calendar_create_admin_page()

Description The Availability Calendar plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.6. This is due to missing or incorrect nonce validation on the addavailabilitycalendarcreateadminpage function. This makes it possible for unauthenticated...

8.8CVSS6.8AI score0.00249EPSS
Exploits0References1
WPVulnDB
WPVulnDB
•added 2023/11/28 12:0 a.m.•24 views

Preloader for Website < 1.3 - Missing Authorization via plwao_register_settings()

Description The Preloader for Website plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the plwaoregistersettings function in versions up to, and including, 1.2.2. This makes it possible for unauthenticated attackers to reset the plugin's...

6.9AI score0.00511EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
•added 2023/11/28 12:0 a.m.•16 views

League Table < 1.14 - Tables Cloning/Update/Deletion via CSRF

Description The plugin is vulnerable to Cross-Site Request Forgery due to missing or incorrect nonce validation in the view/tables.php file. This makes it possible for unauthenticated attackers to clone, edit, update, and delete tables via a forged request granted they can trick a site...

8.8CVSS8.5AI score0.00269EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
•added 2023/11/28 12:0 a.m.•23 views

TextMe SMS < 1.9.1 - Subscriber+ Settings Update

Description The plugin does not have authorisation check when updating its settings, which could allow any authenticated users, such as subscriber to update them...

9.3AI score0.00457EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
•added 2023/11/28 12:0 a.m.•34 views

Porto Theme - Functionality < 2.12.1 - Missing Authorization

Description The Porto Theme - Functionality plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on an unknown function in versions up to, and including, 2.11.1. This makes it possible for unauthenticated attackers to perform an unauthorized...

7AI score0.00374EPSS
Exploits0References1
WPVulnDB
WPVulnDB
•added 2023/11/28 12:0 a.m.•44 views

Decorator - WooCommerce Email Customizer < 1.2.8 - Cross-Site Request Forgery

Description The Decorator – WooCommerce Email Customizer plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.7. This is due to missing nonce validation on several functions such as ajaxreset, wtdecoratorbuttontext, wtdecoratorsetasdefault, an...

8.8CVSS6.6AI score0.00305EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
•added 2023/11/28 12:0 a.m.•15 views

Debug Log Manager < 2.2.2 - Subscriber+ Debug Log Clearing

Description The plugin does not have authorisation when clearing debug logs, allowing any authenticated users, such as subscriber to perform such action...

7.5CVSS6.9AI score0.0059EPSS
Exploits0References2Affected Software1
WPVulnDB
WPVulnDB
•added 2023/11/28 12:0 a.m.•16 views

Consensu.io <= 1.0.2 - Missing Authorization via update_config_db()

Description The Consensu.io plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the updateconfigdb function in versions up to, and including, 1.0.2. This makes it possible for unauthenticated attackers to modify the plugin's setting...

6.9AI score0.00355EPSS
Exploits0References1
WPVulnDB
WPVulnDB
•added 2023/11/28 12:0 a.m.•17 views

WP Mail Log < 1.1.3 – Contributor+ SQL Injection in wml_logs endpoint

Description The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as Contributor. PoC Run the following within a block editor page. Notice that the request is delayed by the SLEEP call in...

8.8CVSS7.2AI score0.00721EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2023/11/28 12:0 a.m.•23 views

WP Mail Log < 1.1.3 – Contributor+ Arbitrary File Upload to RCE

Description The plugin does not properly validate file extensions uploading files to attach to emails, allowing attackers to upload PHP files, leading to remote code execution. PoC Run the following JS code in any page on the server, setting the id variable to a valid ID of a log entry on the...

8.8CVSS7.1AI score0.01096EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2023/11/28 12:0 a.m.•13 views

WP Mail Log < 1.1.3 – Incorrect Authorization in REST API Endpoints

Description The plugin does not correctly authorize its REST API endpoints, allowing users with the Contributor role to view and delete data that should only be accessible to Admin users. PoC The following actions may be taken by a Contributor user: --- /wmllogs - Information leak Execute the...

7.6CVSS7.3AI score0.00499EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2023/11/28 12:0 a.m.•30 views

Porto Theme - Functionality < 2.12.1 - Unauthenticated SQL Injection

Description The Porto Theme - Functionality plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 2.11.1 due to insufficient escaping on a user supplied parameter and lack of sufficient preparation on an existing SQL query. This makes it possible for unauthenticate...

9.8CVSS7.8AI score0.00774EPSS
Exploits0References1
WPVulnDB
WPVulnDB
•added 2023/11/28 12:0 a.m.•13 views

Awesome Support < 6.1.5 - Cross-Site Request Forgery via wpas_edit_reply_ajax()

Description The Awesome Support plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 6.1.4. This is due to missing or incorrect nonce validation on the wpaseditreplyajax function. This makes it possible for unauthenticated attackers to edit replies vi...

8.8CVSS6.6AI score0.00247EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
•added 2023/11/28 12:0 a.m.•15 views

Taxonomy filter < 2.2.10 - Settings Update via CSRF

Description The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

8.8CVSS8.6AI score0.00264EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
•added 2023/11/28 12:0 a.m.•20 views

Broken Link Checker for YouTube <= 1.3 - Cross-Site Request Forgery via plugin_settings_page()

Description The Broken Link Checker for YouTube plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3. This is due to missing or incorrect nonce validation on the pluginsettingspage function. This makes it possible for unauthenticated attackers to...

8.8CVSS6.6AI score0.00256EPSS
Exploits0References1
WPVulnDB
WPVulnDB
•added 2023/11/28 12:0 a.m.•12 views

WP Mail Log < 1.1.3 – Contributor+ LFI in wml_logs/send_mail endpoint

Description The plugin does not properly validate file path parameters when attaching files to emails, leading to local file inclusion, and allowing an attacker to leak the contents of arbitrary files. PoC Run the following within any page on the site, ensuring that the id parameter is set to a...

6.5CVSS6.4AI score0.00707EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2023/11/28 12:0 a.m.•16 views

Accept Stripe Payments < 2.0.80 - Insecure Direct Object Reference

Description The Stripe Payments plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the handlecreatepi function in versions up to, and including, 2.0.79. This makes it possible for unauthenticated attackers to purchase products in another...

6.9AI score0.00504EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
•added 2023/11/28 12:0 a.m.•19 views

WP Mail Log < 1.1.3 – Contributor+ SQL Injection in wml_logs/send_mail endpoint

Description The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as Contributor. PoC Run the following within any page on the site. Notice that the request is delayed by the SLEEP call i...

8.8CVSS7.2AI score0.10826EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2023/11/28 12:0 a.m.•14 views

WP Child Theme Generator <= 1.0.9 - Admin+ Arbitrary File Upload

Description The plugin is vulnerable to arbitrary file uploads, allowing administrators to upload arbitrary files on the affected site's server which may make remote code execution possible...

9.8AI score0.02276EPSS
Exploits0References1
WPVulnDB
WPVulnDB
•added 2023/11/28 12:0 a.m.•14 views

Simple Testimonials Showcase <= 1.1.5 - Cross-Site Request Forgery

Description The Simple Testimonials Showcase plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.5. This is due to missing or incorrect nonce validation on the stssavesettings function. This makes it possible for unauthenticated attackers to upda...

8.8CVSS6.6AI score0.00247EPSS
Exploits0References1
WPVulnDB
WPVulnDB
•added 2023/11/28 12:0 a.m.•20 views

WP Crowdfunding < 2.1.8 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC 1. Add a campaign and for the...

4.8CVSS5.4AI score0.00451EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2023/11/28 12:0 a.m.•19 views

BookingPress < 1.0.77 - Authenticated (Administrator+) Arbitrary File Upload

Description The BookingPress plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file validation on the 'bookingpressprocessupload' function in versions up to, and including, 1.0.76. This makes it possible for authenticated attackers with administrator-level...

7.2CVSS7.7AI score0.01231EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
•added 2023/11/28 12:0 a.m.•21 views

BSK Forms Blacklist < 3.7 - Admin+ Stored Cross-Site Scripting

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. PoC 1. In the plugin settings ex:...

4.8CVSS7.2AI score0.00379EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2023/11/28 12:0 a.m.•19 views

MyBookTable Bookstore < 3.3.5 - API Key Update via CSRF

Description The plugin does not have CSRF check when updating its API key via the mbtapikeyrefreshajax function, which could allow attackers to make logged in admins update it via a CSRF attack...

8.8CVSS8.9AI score0.00256EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
•added 2023/11/27 12:0 a.m.•17 views

so-widgets-bundle < 1.51.0 - Admin+ Local File Inclusion

Description The plugin does not validate user input before using it to generate paths passed to include function/s, allowing users with the administrator role to perform LFI attacks in the context of Multisite WordPress sites. PoC 1. Create a multi-site wordpress setup, i.e. using...

7.2CVSS8.6AI score0.01034EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
•added 2023/11/27 12:0 a.m.•17 views

Swift Performance Lite <= 2.3.6.14 - Unauthenticated Configuration Export

Description The plugin does not prevent users from exporting the plugin's settings, which may include sensitive information such as Cloudflare API tokens. PoC curl --url 'http://vulnerable-site.tld/wp-admin/admin-post.php?luv-action=export'...

4.3CVSS8.5AI score0.00916EPSS
Exploits3Affected Software1
WPVulnDB
WPVulnDB
•added 2023/11/25 12:0 a.m.•12 views

Video PopUp < 1.1.4 - Contributor+ Stored XSS via Shortcode

Description The plugin does not validate and escape some of its videopopup shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

6.4CVSS8.2AI score0.0044EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
•added 2023/11/25 12:0 a.m.•13 views

Chatbot for WordPress < 2.4.0 - Authenticated (Administrator+) Stored Cross-Site Scripting

Description The Chatbot for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in version 2.3.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and abov...

4.8CVSS5.8AI score0.00295EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
•added 2023/11/25 12:0 a.m.•24 views

WCFM Marketplace < 3.6.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

Description The WCFM Marketplace plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'wcfmstores' shortcode in versions up to, and including, 3.6.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

6.4CVSS5.9AI score0.00443EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
•added 2023/11/24 12:0 a.m.•20 views

Drag and Drop Multiple File Upload - Contact Form 7 < 1.3.7.4 - Unauthenticated Arbitrary File Upload

Description The Drag and Drop Multiple File Upload - Contact Form 7 plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'dnduploadcf7upload' function in versions up to, and including, 1.3.7.3. This makes it possible for unauthenticated...

9.8CVSS8.3AI score0.01793EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
•added 2023/11/24 12:0 a.m.•16 views

Advanced Custom Fields: Extended < 0.8.9.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

Description The Advanced Custom Fields: Extended plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'acfeform' shortcode in versions up to, and including, 0.8.9.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible...

6.4CVSS5.9AI score0.00446EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
•added 2023/11/24 12:0 a.m.•11 views

Metform Elementor Contact Form Builder < 3.3.2 - Authenticated (Subscriber+) Information Disclosure via 'mf_first_name' shortcode

Description The Metform Elementor Contact Form Builder for WordPress is vulnerable to Information Disclosure via the 'mffirstname' shortcode in versions up to, and including, 3.3.1. This allows authenticated attackers, with subscriber-level capabilities or above to obtain sensitive information...

4.3CVSS6.4AI score0.0046EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
•added 2023/11/24 12:0 a.m.•19 views

GiveWP < 2.33.4 - Cross-Site Request Forgery to plugin deactivation

Description The GiveWP plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.33.3. This is due to missing or incorrect nonce validation on the givesendwpdisconnect function. This makes it possible for unauthenticated attackers to deactivate the SendW...

5.4CVSS6.6AI score0.00259EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
•added 2023/11/24 12:0 a.m.•20 views

WooCommerce Canada Post Shipping < 2.8.4 - Cross-Site Request Forgery

Description The WooCommerce Canada Post Shipping plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.8.3. This is due to missing or incorrect nonce validation on one of its functions. This makes it possible for unauthenticated attackers to invoke...

8.8CVSS6.7AI score0.00261EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
•added 2023/11/24 12:0 a.m.•25 views

Stripe Gateway < 7.6.1 - Cross-Site Request Forgery

Description The WooCommerce Stripe Payment Gateway plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to 7.6.1 exclusive. This is due to missing or incorrect nonce validation on the maybehandleredirect function. This makes it possible for unauthenticated attackers...

6.6AI score0.00221EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
•added 2023/11/24 12:0 a.m.•13 views

Simple 301 Redirects < 2.0.8 - Cross-Site Request Forgery via 'clicked'

Description The Simple 301 Redirects plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.0.7. This is due to missing or incorrect nonce validation on the 'clicked' function. This makes it possible for unauthenticated attackers to enable or disable...

6.6AI score
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
•added 2023/11/24 12:0 a.m.•21 views

wpDiscuz < 7.6.6 - Unauthenticated SQL Injection

Description The wpDiscuz plugin for WordPress is vulnerable to SQL Injection via the 'visibleCommentIds' parameter in versions up to, and including, 7.6.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possib...

7.8AI score
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
•added 2023/11/24 12:0 a.m.•6 views

Checkout Field Editor < 1.7.5 - Cross-Site Request Forgery to Checkout Fields Update

Description The Checkout Field Editor plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.4. This is due to missing nonce validation when updating checkout fields. This makes it possible for unauthenticated attackers to update checkout fields via...

6.7AI score
Exploits0References1Affected Software1
Total number of security vulnerabilities14602