Lucene search
K
WpvulndbRecent

14602 matches found

WPVulnDB
WPVulnDB
added 2023/11/23 12:0 a.m.13 views

Smart App Banner <= 1.1.3 - Authenticated (Administrator+) Stored Cross-Site Scripting

Description The Smart App Banner plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.1.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-leve...

5.9CVSS5.9AI score0.0031EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2023/11/23 12:0 a.m.15 views

Phlox Shop <= 2.0.0 - Unauthenticated Local File Inclusion

Description The Phlox Shop plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.0.0. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This...

8.2AI score0.006EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2023/11/23 12:0 a.m.17 views

Spider Facebook <= 1.0.15 - Cross-Site Request Forgery

Description The Spider Facebook plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.15. This is due to missing or incorrect nonce validation. This makes it possible for unauthenticated attackers to perform unauthorized actions via a forged reques...

8.8CVSS6.7AI score0.00254EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2023/11/23 12:0 a.m.39 views

Very Simple Google Maps < 2.9.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

Description The Very Simple Google Maps plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'vsgmap' shortcode in all versions up to, and including, 2.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible fo...

6.4CVSS5.9AI score0.00603EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/23 12:0 a.m.19 views

Post Sliders & Post Grids <= 1.0.20 - Authenticated (Administrator+) Stored Cross-Site Scripting

Description The Post Sliders & Post Grids plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.0.20 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

4.8CVSS5.9AI score0.00397EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2023/11/23 12:0 a.m.13 views

WP Helper Premium < 4.5.2 - Cross-Site Request Forgery via whp_fields

Description The WP Helper Premium plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.5.1. This is due to missing or incorrect nonce validation on the 'whpfields' function. This makes it possible for unauthenticated attackers to update the plugin...

8.8CVSS6.5AI score0.00256EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/23 12:0 a.m.6 views

Auto Limit Posts Reloaded <= 2.5 - Cross-Site Request Forgery

Description The Auto Limit Posts Reloaded plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.5. This is due to missing or incorrect nonce validation on the alpradmin function. This makes it possible for unauthenticated attackers to modify the...

8.8CVSS6.6AI score0.00216EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2023/11/23 12:0 a.m.12 views

Jquery accordion slideshow < 8.2 - Authenticated (Subscriber+) SQL Injection via Shortcode

Description The Jquery accordion slideshow plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 8.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...

8.8CVSS7.5AI score0.0079EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/23 12:0 a.m.11 views

Add Widgets to Page <= 1.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

Description The Add Widgets to Page plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.3.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to...

6.5CVSS7.9AI score0.00416EPSS
Exploits1References1
WPVulnDB
WPVulnDB
added 2023/11/23 12:0 a.m.12 views

TK Google Fonts GDPR Compliant < 2.2.12 - Missing Authorization to Font Deletion

Description The TK Google Fonts GDPR Compliant plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the tkgooglefontsdeletefont function in all versions up to, and including, 2.2.11. This makes it possible for authenticated attackers, with...

8.8CVSS6.8AI score0.00214EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/23 12:0 a.m.16 views

iPanorama 360 – WordPress Virtual Tour Builder < 1.8.1 - Authenticated (Contributor+) SQL Injection via Shortcode

Description The iPanorama 360 – WordPress Virtual Tour Builder plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 1.8.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL...

8.8CVSS7.5AI score0.00618EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/23 12:0 a.m.13 views

Master Slider Pro <= 3.6.5 - Reflected Cross-Site Scripting

Description The Master Slider Pro plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via an unknown parameter in versions up to, and including, 3.6.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

7.1CVSS8AI score0.00412EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2023/11/23 12:0 a.m.12 views

Social Feed | All social media in one place <= 1.5.4.6 - Authenticated (Administrator+) Stored Cross-Site Scripting]

Description The Social Feed | All social media in one place plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.5.4.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

4.8CVSS7.9AI score0.00397EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2023/11/23 12:0 a.m.18 views

BMI Calculator Plugin <= 1.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting

Description The BMI Calculator Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.0.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, ...

6.5CVSS7.9AI score0.00378EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2023/11/23 12:0 a.m.16 views

Wp photo text slider 50 < 8.1 - Authenticated (Subscriber+) SQL Injection via Shortcode

Description The Wp photo text slider 50 plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 8.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...

8.8CVSS7.2AI score0.00797EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/23 12:0 a.m.12 views

RumbleTalk Live Group Chat < 6.2.0 - Missing Authorization via handleRequest

Description The RumbleTalk Live Group Chat plugin for WordPress is vulnerable to unauthorized access of data, modification of data, and loss of data due to a missing capability check on the handleRequest AJAX function in versions up to, and including, 6.1.9. This makes it possible for authenticat...

6.7AI score0.00797EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/23 12:0 a.m.20 views

ANAC XML Bandi di Gara <= 7.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode

Description The ANAC XML Bandi di Gara plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 7.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.5CVSS6AI score0.00386EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2023/11/23 12:0 a.m.10 views

Funnelforms Free < 3.4.2 - Cross-Site Request Forgery to Arbitrary Post Deletion

Description The Funnelforms Free plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.4. This is due to missing or incorrect nonce validation on the fnsfdeleteposts function. This makes it possible for unauthenticated attackers to delete arbitrary...

6.5CVSS6.7AI score0.00306EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/23 12:0 a.m.48 views

iPages Flipbook < 1.5.0 - Authenticated (Administrator+) SQL Injection

Description The iPages Flipbook For WordPress plugin for WordPress is vulnerable to SQL Injection via the orderby parameter in all versions up to 1.5.0 exclusive due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...

7.6CVSS7.4AI score0.0054EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/23 12:0 a.m.11 views

FeedFocal <= 1.2.2 - Unauthenticated Tracking Code Update

Description The plugin is lacking authorisation checks in its feedfocalapisetup function, allowing unauthenticated attackers to update the Tracking Code via the feedfocalsurveycode option...

9.5AI score0.00387EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2023/11/23 12:0 a.m.14 views

Contact Form With Captcha <= 1.6.8 - Cross-Site Request Forgery

Description The Contact Form With Captcha plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.6.8. This is due to missing or incorrect nonce validation on one of its functions. This makes it possible for unauthenticated attackers to invoke this...

6.7AI score0.00333EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2023/11/23 12:0 a.m.16 views

Auto Excerpt everywhere <= 1.5 - Cross-Site Request Forgery

Description The Auto Excerpt everywhere plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.5. This is due to missing or incorrect nonce validation on the autoexcerpteverywhereoptions function and included options.php file. This makes it possible f...

8.8CVSS6.6AI score0.00216EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2023/11/23 12:0 a.m.22 views

video carousel slider with lightbox 1.0 - Cross-Site Request Forgery

Description The video carousel slider with lightbox plugin for WordPress is vulnerable to Cross-Site Request Forgery in version 1.0. This is due to missing or incorrect nonce validation on the responsivevideogallerywithlightboxvideomanagementfunc function. This makes it possible for unauthenticat...

5.4CVSS6.4AI score0.00309EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/23 12:0 a.m.48 views

WP Category Post List Widget <= 2.0.3 - Cross-Site Request Forgery via gen_set_page

Description The WP Category Post List Widget plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.0.3. This is due to missing or incorrect nonce validation on the 'gensetpage' function. This makes it possible for unauthenticated attackers to modify...

8.8CVSS6.6AI score0.00294EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2023/11/23 12:0 a.m.42 views

WP User Frontend < 3.6.6 - Authenticated (Author+) Privilege Escalation

Description The WP User Frontend – Registration, User Profile, Membership, Content Restriction, User Directory, and Frontend Post Submission Plugin plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 3.6.5. This is due to the plugin not providing...

6.4AI score0.00635EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/23 12:0 a.m.13 views

ANAC XML Viewer <= 1.7 - Authenticated (Administrator+) Stored Cross-Site Scripting

Description The ANAC XML Viewer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...

5.9CVSS5.9AI score0.00394EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2023/11/23 12:0 a.m.19 views

E2Pdf < 1.20.19 - Authenticated (Administrator+) PHP Object Injection

Description The E2Pdf plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.20.18 via deserialization of untrusted input within the importaction and ajaxupload functions. This makes it possible for authenticated attackers, with administrative-level...

7.2CVSS7.4AI score0.00735EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/23 12:0 a.m.18 views

SAHU TikTok Pixel for E-Commerce <= 1.2.2 - Authenticated (Administrator+) Stored Cross-Site Scripting

Description The SAHU TikTok Pixel for E-Commerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.2.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

4.8CVSS5.9AI score0.00394EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2023/11/23 12:0 a.m.11 views

Left right image slideshow gallery < 12.1 - Authenticated (Subscriber+) SQL Injection via Shortcode

Description The Left right image slideshow gallery plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 12.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This...

8.8CVSS7.5AI score0.00797EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/23 12:0 a.m.13 views

Permalinks Customizer <= 2.8.2 - Reflected Cross-Site Scripting

Description The Permalinks Customizer plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via an unknown parameter in all versions up to, and including, 2.8.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to injec...

7.1CVSS8.6AI score0.00412EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2023/11/23 12:0 a.m.11 views

Message ticker < 9.3 - Authenticated (Subscriber+) SQL Injection via Shortcode

Description The Message ticker plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 9.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

8.8CVSS7.5AI score0.00797EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/23 12:0 a.m.13 views

Comments Ratings <= 1.1.7 - Authenticated (Administrator+) Stored Cross-Site Scripting

Description The Comments Ratings plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.1.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-leve...

4.8CVSS5.9AI score0.00316EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2023/11/23 12:0 a.m.19 views

Admin Bar & Dashboard Control < 1.2.9 - Authenticated (Administrator+) Stored Cross-Site Scripting

Description The Admin Bar & Dashboard Access Control plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to 1.2.9 exclusive due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

4.8CVSS5.9AI score0.00357EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/23 12:0 a.m.12 views

Copy Anything to Clipboard < 2.6.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

Description The Copy Anything to Clipboard plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'copy' shortcode in versions up to, and including, 2.6.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticate...

6.4CVSS5.9AI score0.00436EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/23 12:0 a.m.8 views

WooCommerce EAN Payment Gateway < 6.1.0 - Missing Authorization to Authenticated (Contributor+) EAN Update

Description The WooCommerce EAN Payment Gateway plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the refreshordereandata AJAX action in versions up to 6.1.0. This makes it possible for authenticated attackers with contributor-level acces...

4.3CVSS6.7AI score0.00357EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/23 12:0 a.m.14 views

Thumbnail carousel slider < 1.0.1 - Cross-Site Request Forgery to Mass Slider Deletion

Description The Thumbnail carousel slider plugin for WordPress is vulnerable to Cross-Site Request Forgery in version 1.0. This is due to missing nonce validation on the deleteselected function. This makes it possible for unauthenticated attackers to delete sliders in bulk via a forged request...

6.5CVSS6.4AI score0.00276EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/23 12:0 a.m.15 views

Funnelforms Free < 3.4.2 - Missing Authorization to Arbitrary Post Deletion

Description The Funnelforms Free plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the fnsfdeleteposts function in versions up to, and including, 3.4. This makes it possible for authenticated attackers, with subscriber-level permissions a...

6.5CVSS6.8AI score0.00408EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/23 12:0 a.m.13 views

UserPro < 5.1.2 - Missing Authorization via multiple functions

Description The UserPro plugin for WordPress is vulnerable to unauthorized access of data, modification of data, loss of data due to a missing capability check on multiple functions in all versions up to, and including, 5.1.1. This makes it possible for unauthenticated attackers to add, modify, o...

7.3CVSS7AI score0.00349EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/23 12:0 a.m.13 views

Audio Merchant <= 5.0.4 - Cross-Site Request Forgery to Arbitrary File Upload

Description The Audio Merchant plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.0.4. This is due to missing or incorrect nonce validation on the function audiomerchantaddaudiofile function. This makes it possible for unauthenticated attacker...

8.8CVSS6.8AI score0.00337EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2023/11/23 12:0 a.m.26 views

WP Ultimate Exporter < 2.4.2 - Unauthenticated Information Disclosure

Description The WP Ultimate Exporter plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 2.4.1 due to insufficient protection on the directory in which exported files are stored in. This can allow unauthenticated attackers to extract sensitive da...

7.5CVSS7.4AI score0.00531EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/23 12:0 a.m.14 views

Thrive Theme Builder < 3.24.0 - Missing Authorization

Description The theme is vulnerable to unauthorized use of functionality due to missing capability check in one of its functions. This makes it possible for authenticated attackers, with subscriber-level access and above, to invoke this function intended for higher-privileged users. The exact...

9.2AI score0.00356EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/23 12:0 a.m.9 views

Slick Popup: Contact Form 7 Popup Plugin < 1.7.15 - Authenticated (Admin+) Stored Cross-Site Scripting

Description The Slick Popup: Contact Form 7 Popup Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the main heading parameter in all versions up to 1.7.15 exclusive due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

4.8CVSS5.8AI score0.00336EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/23 12:0 a.m.15 views

User Submitted Posts < 20230902 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

Description The User Submitted Posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in versions up to, and including, 20230901 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

5.9AI score
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/23 12:0 a.m.11 views

Add Local Avatar <= 12.1 - Cross-Site Request Forgery via manage_avatar_cache

Description The Add Local Avatar plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 12.1. This is due to missing or incorrect nonce validation on the manageavatarcache function. This makes it possible for unauthenticated attackers to manage avatars ...

8.8CVSS8.5AI score0.00323EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2023/11/23 12:0 a.m.27 views

MainWP Dashboard < 4.5.1.3 - Authenticated(Administrator+) CSS Injection

Description The MainWP Dashboard – WordPress Manager for Multiple Websites Maintenance plugin for WordPress is vulnerable to CSS Injection via the ‘newColor’ parameter in all versions up to, and including, 4.5.1.2 due to insufficient input sanitization. This makes it possible for authenticated...

4.8CVSS7.1AI score0.00395EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/23 12:0 a.m.16 views

WP EXtra < 6.3 - Missing Authorization to Arbitrary Email Sending

Description The WP EXtra plugin for WordPress is vulnerable to unauthorized access to restricted functionality due to a missing capability check on the 'test-email' section of the register function in versions up to, and including, 6.2. This makes it possible for authenticated attackers, with...

4.3CVSS6.8AI score0.00395EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/23 12:0 a.m.14 views

Super Testimonials < 3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

Description The Super Testimonials plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'tpsscode' shortcode in all versions up to, and including, 2.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS5.9AI score0.00448EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/23 12:0 a.m.14 views

Patreon WordPress < 1.8.8 - Cross-Site Request Forgery

Description The Patreon WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.8.7. This is due to missing or incorrect nonce validation on several functions in the /classes/patreonwordpress.php file. This makes it possible for unauthenticat...

8.8CVSS6.5AI score0.00294EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/23 12:0 a.m.16 views

WP Full Stripe Free <= 1.6.1 - Cross-Site Request Forgery

Description The WP Full Stripe Free plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.6.1. This is due to missing or incorrect nonce validation via several functions in the /include/wp-full-stripe-admin-menu.php file. This makes it possible for...

8.8CVSS6.4AI score0.00294EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2023/11/23 12:0 a.m.13 views

TCD Google Maps <= 1.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

Description The TCD Google Maps plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'map' shortcode in versions up to, and including, 1.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers wi...

6.4CVSS5.9AI score0.00545EPSS
Exploits0References1
Total number of security vulnerabilities14602