4 matches found
Everest Backup < 2.2.5 - Admin+ Arbitrary File Upload
Description The plugin does not properly validate backup files to be uploaded, allowing high privilege users such as admin to upload arbitrary files on the server even when they should not be allowed to for example in multisite setup PoC 1. Go to the plugin setting and in the "Restore" section...
Product Enquiry for WooCommerce < 3.1 - Arbitrary Enquiry Deletion via CSRF
Description The plugin does not have a CSRF check in place when deleting inquiries, which could allow attackers to make a logged in admin delete them via a CSRF attack PoC 1. Make an enquiry from the frontend form 2. Go to "Woo Quote Popup Enquiry List" 3. Get the ID of an item 4. Add the ID to...
WP TripAdvisor Review Slider < 11.9 - Admin+ Stored XSS
Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC 1. Go to Get TripAdvisor Reviews...
User Activity Log Pro < 2.3.4 - Unauthenticated Stored Cross-Site Scripting via User Agent
Description The plugin does not properly escape recorded User-Agents in the user activity logs dashboard, which may allow visitors to conduct Stored Cross-Site Scripting attacks. PoC 1 Make sure the plugin's Enable User Agent For Log setting is set at /wp-admin/admin.php?page=ualpsettings 2 If...