Lucene search
K
WpvulndbRecent

14602 matches found

WPVulnDB
WPVulnDB
added 2023/11/23 12:0 a.m.21 views

Inactive Logout < 3.2.3 - Missing Authorization

Description The Inactive Logout plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the inaresetadvsettings function in versions up to, and including, 3.2.2. This makes it possible for authenticated attackers, with subscriber-level access a...

6.7AI score0.00485EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/23 12:0 a.m.12 views

Taggbox <= 3.1 - Missing Authorization

Description The Taggbox plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on an unknown function in versions up to, and including, 3.1. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform unauthorized...

6.7AI score0.00431EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2023/11/23 12:0 a.m.13 views

Premmerce User Roles < 1.0.13 - Missing Authorization via role management functions

Description The Premmerce User Roles plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to missing capability and nonce checks on the 'createRole', 'updateRole', and 'deleteRole' functions in versions up to, and including, 1.0.12. This makes it possible f...

6.7AI score0.00469EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/23 12:0 a.m.31 views

Comment Blacklist Updater < 1.2.0 - Cross-Site Request Forgery via update_blacklist_manual

Description The Comment Blacklist Updater plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.0. This is due to missing or incorrect nonce validation on the 'updateblacklistmanual' function. This makes it possible for unauthenticated attackers to...

6.6AI score0.00485EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/23 12:0 a.m.15 views

Easy Newsletter Signups <= 1.0.4 - Missing Authorization

Description The Easy Newsletter Signups plugin for WordPress is vulnerable to unauthorized modification and disclosure of data due to a missing capability check on the wpesnltableprocessbulkaction function hooked via admininit in versions up to, and including, 1.0.4. This makes it possible for...

6.9AI score0.00445EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2023/11/23 12:0 a.m.22 views

Brands for WooCommerce < 3.8.2.3 - Missing Authorization to Unauthenticated Order Manipulation and Information Retrieval

Description The Brands for WooCommerce plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 3.8.2.2. This is due to missing capability checks on the clearcacheajax, saveorder, brgetproducts, brgetbrands, and saveallorders functions hooked via AJAX nopriv...

6.9AI score0.00485EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/23 12:0 a.m.13 views

Easy Social Icons < 3.2.5 - Missing Authorization via cnss_save_ajax_order

Description The Easy Social Icons plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the cnsssaveajaxorder function in versions up to, and including, 3.2.4. This makes it possible for authenticated attackers, with subscriber-level access a...

6.7AI score0.00411EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/23 12:0 a.m.6 views

VS Contact Form < 14.0 - Missing Authorization

Description The VS Contact Form plugin for WordPress is vulnerable to missing authorization in versions up to, and including, 13.9. Exact implications of this vulnerability are unknown...

7AI score0.00578EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/23 12:0 a.m.18 views

wpMandrill <= 1.33 - Missing Authorization via getAjaxStats

Description The wpMandrill plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the getAjaxStats function in versions up to, and including, 1.33. This makes it possible for authenticated attackers, with subscriber-level access and above, to view...

6.1AI score0.0028EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2023/11/23 12:0 a.m.10 views

Who Hit The Page – Hit Counter <= 1.4.14.3 - Authenticated (Administrator+) SQL Injection

Description The Who Hit The Page – Hit Counter plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 1.4.14.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

7.6CVSS7.5AI score0.00654EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2023/11/23 12:0 a.m.14 views

Funnelforms Free < 3.4.2 - Missing Authorization to Post Modification

Description The Funnelforms Free plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the fnsfaf2savepost function in versions up to, and including, 3.4. This makes it possible for authenticated attackers, with subscriber-level permissions a...

4.3CVSS6.6AI score0.00395EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/23 12:0 a.m.12 views

Welcome Email Editor < 5.0.7 - Subscriber+ Email Sending

Description The plugin does not have authorisation in its ajaxhandler function, allowing any authenticated users, such as subscriber to call it and send various emails...

9.3AI score0.00321EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/23 12:0 a.m.9 views

Forms for Mailchimp by Optin Cat < 2.5.5 - Authenticated (Editor+) Stored Cross-Site Scripting

Description The Forms for Mailchimp by Optin Cat plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the paramsstr function in versions up to, and including, 2.5.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, wit...

5.9CVSS5.9AI score0.00382EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/23 12:0 a.m.13 views

Lava Directory Manager <= 1.1.34 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode

Description The Lava Directory Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 1.1.34 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.5CVSS5.9AI score0.00385EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2023/11/23 12:0 a.m.18 views

Captcha/Honeypot for Contact Form 7 < 1.11.4 - Captcha Bypass

Description The Captcha/Honeypot for Contact Form 7 plugin for WordPress is vulnerable to CAPTCHA Bypass in versions up to, and including, 1.11.3. This makes it possible for unauthenticated attackers to bypass the Captcha Verification...

7.1AI score0.00403EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/23 12:0 a.m.23 views

Elementor Website Builder < 3.16.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via get_inline_svg()

Description The Elementor Website Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the getinlinesvg function in versions up to, and including, 3.16.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.5CVSS5.9AI score0.25337EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/22 12:0 a.m.9 views

WooCommerce Product Table Lite < 3.1.0 - CSRF

Description The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

8.8CVSS7AI score0.00294EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/21 12:0 a.m.15 views

WP All Export (Free < 1.4.1, Pro < 1.8.6) - Author+ PHAR Deserialization via CSRF

Description The plugin does not check nonce tokens early enough in the request lifecycle, allowing attackers with the ability to upload files to make logged in users perform unwanted actions leading to PHAR deserialization, which may lead to remote code execution. PoC 1. Ensure your WordPress...

8.8CVSS9.7AI score0.0055EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/21 12:0 a.m.13 views

Code Snippets < 3.6.0 - Arbitrary settings change via CSRF

Description The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

8.8CVSS7AI score0.00298EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/21 12:0 a.m.25 views

WP All Export (Free < 1.4.0, Pro < 1.8.6) - Admin+ RCE

Description The plugin does not validate and sanitise the wpquery parameter which allows an attacker to run arbitrary command on the remote server PoC 1. Go to "All Export" "New Export" 2. Select "WP Query Results" as the export type 3. Enter the payload phpinfo for the query. 4. Click...

7.2CVSS9.7AI score0.01151EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/21 12:0 a.m.7 views

OneClick Chat to Order < 1.0.5 - Admin+ Stored XSS

Description The plugin does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5.9CVSS6AI score0.004EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/21 12:0 a.m.14 views

Quttera Web Malware Scanner < 3.4.2.1 - Admin+ Path Traversal

Description IThe plugin does not validate user input used in a path, which could allow users with an admin role to perform path traversal attacks PoC 1 Go to http://yoursite/wordpress/wp-admin/admin.php?page=qutterawmscannerint 2 Click "Scan Now" 3 Click "Detected Threats" 4 Navigate to some...

7.2CVSS9.3AI score0.01061EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/21 12:0 a.m.18 views

Quttera Web Malware Scanner < 3.4.2.1 - Directory Listing to Sensitive Data Exposure

Description The plugin doesn't restrict access to detailed scan logs, which allows a malicious actor to discover local paths and portions of the site's code PoC http://yoursite/wordpress/wp-content/plugins/quttera-web-malware-scanner/runtime.log...

5.3CVSS9.1AI score0.18697EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/21 12:0 a.m.17 views

Product Catalog Enquiry for WooCommerce < 5.0.3 - Unauthenticated Stored XSS via Arbitrary Setting Update

Description The plugin does not properly authorize settings updates or escape settings values, leading to stored XSS by unauthenticated users. PoC 1 Make sure the plugin is configured with the "Catalog Mode" activated. 2 Launch the following from your browser's console:...

6.1CVSS5.7AI score0.00531EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/21 12:0 a.m.32 views

Autocomplete Location field Contact Form 7 < 3.0 - Admin+ Store Cross-Site Scripting

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC 1. Go to "Contact Google Place API...

4.8CVSS7.7AI score0.00442EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/21 12:0 a.m.22 views

Simple User Listing < 1.9.3 - Reflected XSS

Description The plugin does not sanitise and escape the as parameter before outputting it back in the page, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

6.1CVSS6.3AI score0.00415EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/21 12:0 a.m.18 views

WP All Export (Free < 1.4.1, Pro < 1.8.6) - Remote Code Execution via CSRF

Description The plugin does not check nonce tokens early enough in the request lifecycle, allowing attackers to make logged in users perform unwanted actions leading to remote code execution. PoC Submit the following form as a Super Admin notice that it does not contain a nonce. Despite the error...

8.8CVSS9.6AI score0.0055EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/20 12:0 a.m.27 views

EazyDocs < 2.3.4 - Subscriber + SQLi

Description The plugin does not properly sanitize and escape "data" parameter before using it in an SQL statement via an AJAX action, which could allow any authenticated users, such as subscribers, to perform SQL Injection attacks. PoC 1. Create a document then create some sections in the documen...

8.8CVSS7.5AI score0.00853EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/20 12:0 a.m.17 views

EmbedPress < 3.9.2 - Reflected XSS

Description The plugin does not sanitise and escape a parameter before outputting it back in the page containing a specific content, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin PoC On a post/page where containing the following output...

6.1CVSS6.2AI score0.00471EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/20 12:0 a.m.17 views

EmbedPress < 3.9.2 - Reflected XSS

Description The plugin does not sanitise and escape user input before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin PoC Make a logged in admin open a page containing the HTML code below...

6.1CVSS5.9AI score0.0062EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/20 12:0 a.m.20 views

File Manager < 6.3 - Admin+ Arbitrary OS File/Folder Access + Path Traversal

Description The plugin does not restrict the file managers root directory, allowing an administrator to set a root outside of the WordPress root directory, giving access to system files and directories even in a multisite setup, where site administrators should not be allowed to modify the sites...

6.5CVSS9.3AI score0.0085EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/18 12:0 a.m.30 views

Paid Memberships Pro < 2.12.4 - Subscriber+ Arbitrary File Upload

Description The plugin does not properly validate file type in its pmpropaypalexpresssessionvarsforuserfields function, which could allow any authenticated users, such as subscriber to upload arbitrary files on the server. Note: Exploitation of the issue requires 2Checkout deprecated since versio...

8.8CVSS7AI score0.51535EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/17 12:0 a.m.16 views

Star CloudPRNT for WooCommerce < 2.0.4 - Reflected XSS

Description The plugin does not sanitise and escape the printersettings parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

6.1CVSS6.3AI score0.00667EPSS
Exploits1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/17 12:0 a.m.14 views

CodeBard's Patron Button and Widgets for Patreon < 2.2.0 - Reflected XSS

Description The plugin does not sanitise and escape the cbp6tab parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

6.1CVSS6.3AI score0.00358EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/17 12:0 a.m.11 views

Icons Font Loader < 1.1.3 - Admin+ Arbitrary File Upload

Description The plugin does not properly validate files to be uploaded, allowing high privilege users such as admin to upload arbitrary file on the server...

7.2CVSS7.1AI score0.01023EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/17 12:0 a.m.9 views

Login Screen Manager <= 3.5.2 - Stored XSS via CSRF

Description The plugin does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack...

8.8CVSS6AI score0.00206EPSS
Exploits0
WPVulnDB
WPVulnDB
added 2023/11/17 12:0 a.m.15 views

Arigato Autoresponder and Newsletter < 2.7.2.3 - CSRF

Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...

8.8CVSS7.1AI score0.00261EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/17 12:0 a.m.13 views

Star CloudPRNT for WooCommerce <= 2.0.3 - Reflected XSS

Description The plugin does not sanitise and escape some parameters before outputting them back in the page, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

7.1CVSS6.3AI score0.00412EPSS
Exploits0
WPVulnDB
WPVulnDB
added 2023/11/17 12:0 a.m.16 views

Donations Made Easy - Smart Donations <= 4.0.12 - Admin+ SQLi

Description The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin...

9.8CVSS7.7AI score0.00547EPSS
Exploits0
WPVulnDB
WPVulnDB
added 2023/11/17 12:0 a.m.10 views

WooCommerce Product Enquiry <= 2.3.4 - Unauthenticated Stored XSS

Description The plugin does not validate and escape some parameters, which could allow unauthenticated users to perform Stored Cross-Site Scripting attacks...

7.1CVSS6.2AI score0.00403EPSS
Exploits0
WPVulnDB
WPVulnDB
added 2023/11/17 12:0 a.m.13 views

Raise Mag <= 1.0.7 and Wishful Blog <= 2.0.1 - Reflected XSS

Description The themes do not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

7.1CVSS6.3AI score0.00413EPSS
Exploits0
WPVulnDB
WPVulnDB
added 2023/11/17 12:0 a.m.18 views

Thumbnail Slider With Lightbox < 1.0.1 - Arbitrary File Upload via CSRF

Description The plugin does not have CSRF check in the addedit feature, which could allow attackers to make logged in admins upload arbitrary files via a CSRF attack...

9.6CVSS6.9AI score0.00317EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/17 12:0 a.m.12 views

Webmaster Tools <= 2.0 - Settings Update to Stored XSS via CSRF

Description The plugin does not have CSRF check when updating its settings, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack...

7.1CVSS6AI score0.00204EPSS
Exploits0
WPVulnDB
WPVulnDB
added 2023/11/17 12:0 a.m.17 views

LearnPress < 4.2.5.5 - Reflected Cross-Site Scripting

Description The plugin does not sanitise and escape user input before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. PoC Make a logged in admin open v...

6.1CVSS5.8AI score0.00916EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/17 12:0 a.m.13 views

Cleverwise Daily Quotes <= 3.2 - Stored XSS via CSRF

Description The plugin does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack...

7.1CVSS6AI score0.00208EPSS
Exploits0
WPVulnDB
WPVulnDB
added 2023/11/17 12:0 a.m.8 views

Edit WooCommerce Templates <= 1.1.1 - Reflected XSS

Description The plugin does not sanitise and escape some parameters before outputting them back in the page, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

7.1CVSS6.3AI score0.00412EPSS
Exploits0
WPVulnDB
WPVulnDB
added 2023/11/17 12:0 a.m.12 views

WD WidgetTwitter <= 1.0.9 - Contributor+ SQLi

Description The plugin does not validate and escape some of its shortcode attributes before using them in SQL statements, which could allow users with the contributor role and above to perform SQL injection attacks...

8.8CVSS8AI score0.00854EPSS
Exploits1
WPVulnDB
WPVulnDB
added 2023/11/17 12:0 a.m.13 views

WP Simple HTML Sitemap < 2.3 - Reflected XSS

Description The plugin does not sanitise and escape the id parameter before outputting it back in the page, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

6.1CVSS6.1AI score0.00412EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/17 12:0 a.m.10 views

Accessibility Suite by Online ADA <= 4.11 - Subscriber+ SQLi

Description The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by any authenticated users, such as subscriber...

9.8CVSS7.7AI score0.0055EPSS
Exploits0
WPVulnDB
WPVulnDB
added 2023/11/17 12:0 a.m.15 views

Under Construction / Maintenance Mode from Acurax <= 2.6 - Unauthenticated Stored XSS

Description The plugin does not validate and escape some parameters, which could allow unauthenticated users to perform Stored Cross-Site Scripting attacks...

7.1CVSS6.2AI score0.00412EPSS
Exploits0
Total number of security vulnerabilities14602