大侠wp Security Vulnerabilities

Exploit for Missing Authorization in Cookieinformation Wp-Gdpr-Compliance

CVE-2023-6700 Cookie Information | Free GDPR Consent Solution...

WP Discourse < 2.5.2 - Missing Authorization

Description The WP Discourse plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 2.5.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to perform an unauthorized....

WP eMember < 10.3.9 - Reflected XSS

Description The plugin does not sanitize and escape the "fieldId" parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting. PoC The PoC will be displayed on May 28, 2024, to give users the time to...

WordPress Plugin WP Statistics <= 13.1.5 - SQL Injection

The WP Statistics WordPress plugin is vulnerable to SQL Injection due to insufficient escaping and parameterization of the current_page_id parameter found in the ~/includes/class-wp-statistics-hits.php file which allows attackers without authentication to inject arbitrary SQL queries to obtain...

Site Offline WP Plugin < 1.5.3 - Authorization Bypass

The plugin prevents users from accessing a website but does not do so if the URL contained certain keywords. Adding those keywords to the URL's query string would bypass the plugin's main...

WordPress Plugin WP Statistics <= 13.1.5 - SQL Injection

The WP Statistics WordPress plugin is vulnerable to SQL Injection due to insufficient escaping and parameterization of the current_page_type parameter found in the ~/includes/class-wp-statistics-hits.php file which allows attackers without authentication to inject arbitrary SQL queries to obtain...

WP Fastest Cache 1.2.2 - Unauthenticated SQL Injection

The WP Fastest Cache WordPress plugin before 1.2.2 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by unauthenticated...

WordPress Plugin WP Statistics <= 13.1.5 - SQL Injection

The WP Statistics WordPress plugin is vulnerable to SQL Injection due to insufficient escaping and parameterization of the IP parameter found in the ~/includes/class-wp-statistics-hits.php file which allows attackers without authentication to inject arbitrary SQL queries to obtain sensitive...

WordPress WP Video Gallery <=1.7.1 - SQL Injection

WordPress WP Video Gallery plugin through 1.7.1 contains a SQL injection vulnerability. The plugin does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized...

WP Helper Lite < 4.3 - Cross-Site Scripting

The WP Helper Lite WordPress plugin, in versions &lt; 4.3, returns all GET parameters unsanitized in the response, resulting in a reflected cross-site scripting...

User Meta WP Plugin < 3.1 - Sensitive Information Exposure

The User Meta is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.0 via the /views/debug.php file. This makes it possible for unauthenticated attackers, with to extract sensitive configuration...

WordPress WP Security Audit Log 3.1.1 - Information Disclosure

WordPress WP Security Audit Log 3.1.1 plugin is susceptible to information disclosure. Access to wp-content/uploads/wp-security-audit-log/* files is not restricted. An attacker can obtain sensitive information, modify data, and/or execute unauthorized...

Active Directory Integration WP Plugin < 4.1.10 - Log Disclosure

The Active Directory Integration / LDAP Integration WordPress plugin before 4.1.10 stores sensitive LDAP logs in a buffer file when an administrator wants to export said logs. Unfortunately, this log file is never removed, and remains accessible to any users knowing the URL to do...

Shield Security WP Plugin <= 18.5.9 - Local File Inclusion

The Shield Security Smart Bot Blocking & Intrusion Prevention Security plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 18.5.9 via the render_action_template parameter. This makes it possible for unauthenticated attacker to include and execute PHP...

WordPress Securimage-WP-Fixed <=3.5.4 - Cross-Site Scripting

WordPress Securimage-WP-Fixed plugin 3.5.4 and prior contains a cross-site scripting vulnerability due to the use of $_SERVER['PHP_SELF'] in the ~/securimage-wp.php file, which allows attackers to inject arbitrary web...

Steveas WP Live Chat Shoutbox <= 1.4.2 - SQL Injection

The Steveas WP Live Chat Shoutbox WordPress plugin through 1.4.2 does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL...

WP Migration Plugin DB & Files – WP Synchro < 1.11.3 - Cross-Site Request Forgery

Description The WP Migration Plugin DB & Files – WP Synchro plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.11.2. This is due to missing or incorrect nonce validation on several REST API endpoints. This makes it possible for unauthenticated...

Gravity Forms stored HTML injection vulnerability

Multiple stored HTML injection vulnerabilities in the "poll" and "quiz" features in an additional paid add-on of Rocketgenius Gravity Forms before 2.4.21 allows remote attackers to inject arbitrary HTML code via poll or quiz answers. This code is interpreted by users in a privileged role...

Gravity Forms stored Cross-Site Scripting (XSS) vulnerability in the survey feature

A stored Cross-Site Scripting (XSS) vulnerability in the survey feature in Rocketgenius Gravity Forms before 2.4.21 allows remote attackers to inject arbitrary web script or HTML via a textarea field. This code is interpreted by users in a privileged role (Administrator, Editor,...

Gravity Forms stored Cross-Site Scripting (XSS) vulnerability

A stored Cross-Site Scripting (XSS) vulnerability in forms import feature in Rocketgenius Gravity Forms before 2.4.21 allows remote attackers to inject arbitrary web script or HTML via the import of a GF form. This code is interpreted by users in a privileged role (Administrator, Editor,...

WP Job Manager < 2.3.0 - Unauthenticated Information Exposure

Description The WP Job Manager plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.2.2. This makes it possible for unauthenticated attackers to extract sensitive user or configuration...

Gravity Forms plugin leak hashed passwords

common.php in the Gravity Forms plugin before 2.4.9 for WordPress can leak hashed passwords because user_pass is not considered a special case for a $current_user-&gt;get($property)...

WP etracker <= 1.0.2 - Reflected Cross-Site Scripting

Description The WP etracker plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 1.0.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that...

WP Fastest Cache < 1.2.7 - Admin+ Arbitrary File Deletion

Description The plugin for WordPress is vulnerable to Directory Traversal via the specificDeleteCache function. This makes it possible for authenticated attackers to delete arbitrary files on the server, which can include wp-config.php files of the affected site or other sites in a shared hosting.....

WP Visitor Statistics (Real Time Traffic) < 6.9 - SQL Injection

The plugin does not escape user input which is concatenated to an SQL query, allowing unauthenticated visitors to conduct SQL Injection...

WordPress Plugin File Manager (wp-file-manager) Backup Disclosure

mndpsingh287 WP File Manager v6.4 and lower fails to restrict external access to the fm_backups directory with a .htaccess file. This results in the ability for unauthenticated users to browse and download any site backups, which sometimes include full database backups, that the plugin has...

WP Favorite Posts <= 1.6.8 - Cross-Site Request Forgery

Description The WP Favorite Posts plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.6.8. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to perform an unauthorized action via....

WP Fundraising Donation and Crowdfunding Platform < 1.7.0 - Missing Authorization

Description The WP Fundraising Donation and Crowdfunding Platform plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several functions surrounding donation modification in versions up to, and including, 1.6.4. This makes it possible for...

WordPress All-in-One WP Migration <=7.62 - Cross-Site Scripting

WordPress All-in-One WP Migration plugin 7.62 and prior contains a cross-site scripting vulnerability. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials...

WP Chat App < 3.6.4 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admins to perform Cross-Site Scripting attacks even when unfiltered_html is...

WP Editor < 1.2.9 - Reflected Cross-Site Scripting

Description The WP Editor plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 1.2.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that.....

WP Masquerade <= 1.1.0 - Subscriber+ Account Takeover

Description The WP Masquerade plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.1.0. This makes it possible for authenticated attackers, with subscriber-level access and above, to access other users accounts which may be higher in...

WP GoToWebinar < 15.1 - Missing Authorization

Description The WP GoToWebinar plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the wp_gotowebinar_delete_log_callback() function in versions up to, and including, 14.46. This makes it possible for authenticated attackers, with subscriber-level...

WP Advanced Search <= 1.1.6 - Admin+ SQL Injection

Description The plugin does not properly escape parameters appended to an SQL query, making it possible for users with the administrator role to conduct SQL Injection attacks in the context of a multisite WordPress...

WP Photo Album Plus < 8.7.01.002 - Unauthenticated Arbitrary File Upload

Description The WP Photo Album Plus plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation on the import functionality and no capability check in all versions up to, and including, 8.7.01.001. This makes it possible for unauthenticated attackers to upload.....

WP SMS < 6.5.2 - Authenticated (Administrator+) Stored Cross-Site Scripting

Description The WP SMS – Messaging, SMS & MMS Notifications, 2FA & OTP for WordPress, WooCommerce, GravityForms, etc plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 6.5.1 due to insufficient input sanitization and output...

WP Shortcodes Plugin < 7.1.6 - Contributor+ Stored XSS via su_members Shortcode

Description The plugin is vulnerable to Stored Cross-Site Scripting via the plugin's 'su_members' shortcode due to insufficient input sanitization and output escaping on user supplied 'color' attribute. This makes it possible for authenticated attackers, with contributor-level access and above, to....

WP Prayer <= 2.0.9 - Settings Update via CSRF

Description The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF...

WordPress 99 Robots WP Background Takeover Advertisements <=4.1.4 - Local File Inclusion

WordPress 99 Robots WP Background Takeover Advertisements 4.1.4 is susceptible to local file inclusion via...

Popup Maker WP <= 1.2.8 - Authenticated (Subscriber+) Stored Cross-Site Scripting

Description The Popup Maker WP plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.2.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject....

WordPress HC Custom WP-Admin URL <=1.4 - Admin Login URL Disclosure

WordPress HC Custom WP-Admin URL plugin through 1.4 leaks the secret login URL when sending a specially crafted request, thereby allowing an attacker to discover the administrative login...

WP Travel Engine < 5.8.1 - Unauthenticated Price Manipulation

Description The WP Travel Engine – Best Travel Booking WordPress Plugin plugin for WordPress is vulnerable to price manipulation in all versions up to, and including, 5.8.0. This is due to the plugin not properly validating a price. This makes it possible for unauthenticated attackers to...

WP Migrate Pro < 2.6.11 - Unauthenticated PHP Object Injection

Description The WP Migrate Pro plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.6.10 via deserialization of untrusted input. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present in the...

WP Club Manager < 2.2.12 - Missing Authorization

Description The WP Club Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wpcm_match_players_item_order() function in versions up to, and including, 2.2.11. This makes it possible for unauthenticated attackers to modify an...

WP Prayer <= 2.0.9 - Arbitrary Prayer Deletion via CSRF

Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF...

WP Prayer <= 2.0.9 - Email Settings Update via CSRF

Description The plugin does not have CSRF check in place when updating its email settings, which could allow attackers to make a logged in admin change them via a CSRF...

WP Compress – Image Optimizer [All-In-One] < 6.20.02 - Missing Authorization

Description The WP Compress – Image Optimizer [All-In-One] plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the several functions in versions up to, and including, 6.20.01. This makes it possible for authenticated attackers, with...

WP Latest Posts < 5.0.8 - Authenticated (Subscriber+) Arbitrary Shortcode Execution

Description The WP Latest Posts plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 5.0.7. This is due to the plugin allowing users to execute an action that does not properly validate a user-supplied value prior to using that value in a call...

WP GDPR Compliance <= 2.0.23 - Cross-Site Request Forgery

Description The WP GDPR Compliance plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.23. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to perform an unauthorized...

WP Google Review Slider < 13.6 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite...