Lucene search
K
WpvulndbRecent

14602 matches found

WPVulnDB
WPVulnDB
added 2023/11/17 12:0 a.m.16 views

Product Enquiry for WooCommerce < 3.2 - Reflected XSS

Description The plugin does not sanitise and escape the name parameter before outputting it back in the page, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

7.1CVSS8AI score0.00412EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/17 12:0 a.m.15 views

Donations Made Easy - Smart Donations <= 4.0.12 - Stored XSS via CSRF

Description The plugin does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in Contributor add Stored XSS payloads via a CSRF attack...

7.1CVSS6AI score0.0022EPSS
Exploits0
WPVulnDB
WPVulnDB
added 2023/11/17 12:0 a.m.22 views

Seo By 10Web <= 1.2.9 - Reflected XSS

Description The plugin does not sanitise and escape some parameters before outputting them back in the page, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

7.1CVSS8AI score0.00403EPSS
Exploits0
WPVulnDB
WPVulnDB
added 2023/11/17 12:0 a.m.12 views

QR Code Tag <= 1.0 - Contributor+ Stored XSS

Description The plugin does not validate and escape some of its qrcodetag shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

6.4CVSS6.1AI score0.00434EPSS
Exploits0
WPVulnDB
WPVulnDB
added 2023/11/16 12:0 a.m.12 views

Bitly's <= 2.7.1 - Contributor+ Stored XSS

Description The plugin does not validate and escape its wpbitly shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

6.4CVSS6.1AI score0.00521EPSS
Exploits0
WPVulnDB
WPVulnDB
added 2023/11/16 12:0 a.m.16 views

Pre-Orders for WooCommerce < 1.2.14 - Contributor+ Stored XSS

Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

5.4CVSS6.1AI score0.0031EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/16 12:0 a.m.19 views

ImageMapper <= 1.2.6 - Subscriber+ Arbitrary Post Deletion

Description The plugin does not authoring in its imgmapdeleteareaajax AJAX action, allowing any authenticated users, such as subscriber to delete arbitrary posts and pages...

5.4CVSS8.8AI score0.00403EPSS
Exploits0
WPVulnDB
WPVulnDB
added 2023/11/16 12:0 a.m.17 views

GD Security Headers < 1.7.1 - Admin+ SQLi

Description The plugin does not properly sanitise and escape the filter-vd and filter-ed parameters before using them in SQL statements, leading to SQL injections exploitable by high privilege users such as admin...

7.2CVSS7.4AI score0.00574EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/16 12:0 a.m.16 views

ShortCodes UI <= 1.9.8 - Contributor+ Stored XSS

Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

5.4CVSS6.1AI score0.00389EPSS
Exploits0
WPVulnDB
WPVulnDB
added 2023/11/16 12:0 a.m.16 views

ImageMapper <= 1.2.6 - Settings Update via CSRF

Description The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

4.3CVSS8.7AI score0.00313EPSS
Exploits0
WPVulnDB
WPVulnDB
added 2023/11/16 12:0 a.m.16 views

Elementor Addon Elements < 1.12.8 - Elementor Addon Element Enabling/Disabling via CSRF

Description The plugin does not have CSRF check in its eaesaveelements function, which could allow attackers to make logged in admins enable and disable Elementor add-on elements via a CSRF attack...

5.4CVSS5.5AI score0.00298EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/16 12:0 a.m.14 views

Product Enquiry for WooCommerce < 3.1 - Unauthenticated Stored XSS

Description The plugin does not sanitise and escape some parameters, which could allow unauthenticated users to perform Stored Cross-Site Scripting attacks...

7.1CVSS6AI score0.00428EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/16 12:0 a.m.11 views

Post Pay Counter < 2.790 - Reflected XSS

Description The plugin does not sanitise and escape the ppc-time-range parameter before outputting it back in the page, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

7.1CVSS6.2AI score0.00412EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/16 12:0 a.m.11 views

Plainview Protect Passwords <= 1.4 - Reflected XSS

Description The plugin does not sanitise and escape some parameters before outputting them back in the page, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

7.1CVSS6.3AI score0.00404EPSS
Exploits0
WPVulnDB
WPVulnDB
added 2023/11/16 12:0 a.m.21 views

Elementor Addon Elements < 1.12.8 - Settings Update via CSRF

Description The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

5.4CVSS9.4AI score0.00298EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/16 12:0 a.m.20 views

Additional Order Filters for WooCommerce < 1.12 - Reflected XSS

Description The plugin does not sanitise and escape the PHPSELF variable before outputting it back in an attribute in an admin page, leading to Reflected Cross-Site Scripting...

7.1CVSS6.8AI score0.00412EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/16 12:0 a.m.13 views

WP MapIt < 3.0.0 - Contributor+ Stored XSS

Description The plugin does not validate and escape some of its wpmapit shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

6.4CVSS6.3AI score0.00544EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/16 12:0 a.m.12 views

Telephone Number Linker <= 1.2 - Contributor+ Stored XSS

Description The plugin does not validate and escape some of its telnumlink shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

6.4CVSS6.1AI score0.00544EPSS
Exploits0
WPVulnDB
WPVulnDB
added 2023/11/16 12:0 a.m.7 views

Featured Image Caption < 0.8.11 - Contributor+ Stored XSS

Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

6.4CVSS6.1AI score0.00604EPSS
Exploits1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/16 12:0 a.m.18 views

ImageLinks Interactive Image Builder < 1.6.0 - Admin+ SQLi

Description The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin...

7.2CVSS7.7AI score0.008EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/16 12:0 a.m.16 views

Essential Grid < 3.1.1 - Reflected XSS

Description The plugin does not sanitise and escape some parameters before outputting them back in the page, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

7.1CVSS6.3AI score0.00838EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/16 12:0 a.m.15 views

EazyDocs < 2.3.6 - Reflected XSS

Description The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

6.8CVSS8AI score0.00396EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/16 12:0 a.m.23 views

Elementor Addon Elements < 1.12.8 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS7.8AI score0.00496EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/16 12:0 a.m.10 views

Interact: Embed A Quiz On Your Site < 3.1 - Contributor+ Stored XSS

Description The plugin does not validate and escape some of its interact-quiz shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

6.4CVSS6.1AI score0.00544EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/16 12:0 a.m.24 views

Elementor Addon Elements < 1.12.8 - Unauthenticated Post ID/Tile Disclosure

Description The plugin does not have authorisation in its ajaxeaepostdata function, allowing unauthenticated users to retrieve arbitrary posts/pages such as draft, private etc IDs and tiles...

5.3CVSS7.3AI score0.00927EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/16 12:0 a.m.20 views

Easy PayPal Shopping Cart < 1.1.11 - Contributor+ Stored XSS

Description The plugin does not validate and escape some parameters, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

6.5CVSS6.1AI score0.00401EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/16 12:0 a.m.17 views

WPDBSpringClean <= 1.6 - Reflected XSS

Description The plugin does not sanitise and escape the tab parameter before outputting it back in the page, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

6.1CVSS6.1AI score0.00412EPSS
Exploits0
WPVulnDB
WPVulnDB
added 2023/11/16 12:0 a.m.23 views

Contact form 7 Custom validation <= 1.1.3 - Unauthenticated SQLi

Description The plugin does not properly sanitise and escape the post parameter before using it in a SQL statement, leading to a SQL injection exploitable by unauthenticated uers...

9.8CVSS8AI score0.00566EPSS
Exploits0
WPVulnDB
WPVulnDB
added 2023/11/16 12:0 a.m.16 views

ImageMapper <= 1.2.6 - Contributor+ Stored XSS

Description The plugin does not validate and escape some of its imagemap shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

6.4CVSS7.7AI score0.00434EPSS
Exploits0
WPVulnDB
WPVulnDB
added 2023/11/16 12:0 a.m.15 views

Social Feed <= 1.5.4.6 - Author+ Stored XSS

Description The plugin does not validate and escape some of its socialfeed shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the Author role and above to perform Stored Cross-Site Scripting attacks...

6.4CVSS7.7AI score0.00467EPSS
Exploits1
WPVulnDB
WPVulnDB
added 2023/11/16 12:0 a.m.15 views

ImageMapper <= 1.2.6 - Stored XSS via CSRF

Description The plugin does not have CSRF check in its imgmapsaveareatitle function, which could allow attackers to make logged in admins update arbitrary post titles with XSS payloads via a CSRF attack...

6.1CVSS8.4AI score0.00214EPSS
Exploits0
WPVulnDB
WPVulnDB
added 2023/11/16 12:0 a.m.9 views

POWR < 2.2.0 - Contributor+ Stored XSS

Description The plugin does not validate and escape some of its powr-powr-pack shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

6.5CVSS5.7AI score0.00557EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/15 12:0 a.m.23 views

Auto Affiliate Links < 6.4.2.5 - Settings Update to Stored XSS via CSRF

Description The plugin does not have CSRF check when updating its settings, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack...

7.1CVSS6AI score0.00208EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/15 12:0 a.m.13 views

Products, Order & Customers Export for WooCommerce <= 2.0.10 - Reflected XSS

Description The plugin does not sanitise and escape various parameters before outputting them back in the page, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

7.1CVSS8AI score0.00412EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2023/11/15 12:0 a.m.12 views

Responsive Column Widgets <= 1.2.7 - Reflected XSS

Description The plugin does not sanitise and escape the tab parameter before outputting it back in the page, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

7.1CVSS8.1AI score0.00412EPSS
Exploits0
WPVulnDB
WPVulnDB
added 2023/11/15 12:0 a.m.12 views

Restrict Categories <= 2.6.4 - Reflected XSS

Description The plugin does not sanitise and escape the rc-search parameter before outputting it back in the page, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

7.1CVSS6.3AI score0.00412EPSS
Exploits0
WPVulnDB
WPVulnDB
added 2023/11/15 12:0 a.m.13 views

Shortcodes Finder < 1.5.4 - Reflected XSS

Description The plugin does not sanitise and escape some parameters before outputting them back in the page, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

7.1CVSS6.3AI score0.00437EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/15 12:0 a.m.14 views

Custom My Account for Woocommerce <= 2.1 - Stored XSS via CSRF

Description The plugin does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack...

7.1CVSS5.8AI score0.00208EPSS
Exploits0
WPVulnDB
WPVulnDB
added 2023/11/15 12:0 a.m.15 views

Seriously Simple Stats < 1.5.1 - Podcast Manager+ SQLi

Description The plugin does not properly sanitise and escape the orderby parameter before using it in a SQL statement, leading to a SQL injection exploitable by podcast manager roles and above...

9.8CVSS7.8AI score0.00554EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/15 12:0 a.m.20 views

MStore API < 4.0.7 - Subscriber+ SQLi

Description The plugin does not properly sanitise and escape some parameters before using them in a SQL statement, leading to a SQL injection exploitable by any authenticated users, such as subscribers...

9.8CVSS7.6AI score0.0055EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/15 12:0 a.m.15 views

Auto Login New User After Registration <= 1.9.6 - Stored XSS via CSRF

Description The plugin does not have CSRF check when updating its settings, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack...

7.1CVSS6AI score0.00204EPSS
Exploits0
WPVulnDB
WPVulnDB
added 2023/11/15 12:0 a.m.9 views

Photo Feed <= 2.2.1 - Reflected XSS

Description The plugin does not sanitise and escape the pf-gid parameter before outputting it back in the page, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

7.1CVSS6.3AI score0.00412EPSS
Exploits0
WPVulnDB
WPVulnDB
added 2023/11/15 12:0 a.m.7 views

WP Crowdfunding < 2.1.7 - Reflected XSS

Description The plugin does not sanitise and escape the postid parameter before outputting it back in the page, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

6.1CVSS6.3AI score0.00366EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/15 12:0 a.m.11 views

Atarim < 3.13 - Unauthenticated Stored XSS

Description The plugin does not validate and escape some parameters, which could allow unauthenticated users to perform Stored Cross-Site Scripting attacks...

7.1CVSS6.2AI score0.00412EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/15 12:0 a.m.19 views

Forminator < 1.28.0 - Admin+ Arbitrary File Upload

Description The plugin does not properly blacklist files via the forminatorallowedmimetypes function, which could allow administrator to upload arbitrary file. However, RCE can not be achieved due to htaccess configuration...

6.6CVSS7.2AI score0.00866EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/15 12:0 a.m.11 views

WP Project Manager < 2.6.1 - Subscriber+ SQLi

Description The plugin does not properly sanitise and escape the user task starting date parameter before using it in a SQL statement, leading to a SQL injection exploitable by any authenticated users, such as subscriber...

9.8CVSS7.7AI score0.00554EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/15 12:0 a.m.17 views

Category Post List Widget <= 2.0 - Settings Update to Stored XSS via CSRF

Description The plugin does not have CSRF check when updating its settings, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack...

7.1CVSS6AI score0.00208EPSS
Exploits0
WPVulnDB
WPVulnDB
added 2023/11/15 12:0 a.m.14 views

SendPress Newsletters < 1.23.11.6 - Contributor+ Stored XSS

Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

6.4CVSS7.7AI score0.0067EPSS
Exploits1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/15 12:0 a.m.15 views

SendPress Newsletters <= 1.23.11.6 - Reflected XSS

Description The plugin does not sanitise and escape some parameters before outputting them back in the page, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

7.1CVSS8AI score0.00412EPSS
Exploits0
WPVulnDB
WPVulnDB
added 2023/11/14 12:0 a.m.12 views

Video Gallery – YouTube Gallery <= 2.2.1 - Admin+ SQLi

Description The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin...

9.8CVSS9.7AI score0.00551EPSS
Exploits0
Total number of security vulnerabilities14602