Paid Memberships Pro < 2.9.12 - Subscriber+ SQL Injection

The plugin does not prevent subscribers from rendering shortcodes that concatenate attributes directly into an SQL query. While logged in as a subscriber, send the following request: await fetch'/wp-admin/admin-ajax.php',method:'POST', headers: 'Content-Type':...

CVE-2023-26253

In Gluster GlusterFS 11.0, there is an xlators/mount/fuse/src/fuse-bridge.c notify stack-based buffer over-read...

Media Library Assistant < 3.06 - Admin+ SQLi

The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin. POST /wp-admin/tools.php?page=insertfixit-tools HTTP/1.1...

eVision Responsive Column Layout Shortcodes <= 2.3 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. bscolumns class='" onmouseover="alert1"...

Design/Logic Flaw

This affects versions of the package http-cache-semantics before 4.1.1. The issue can be exploited via malicious request header values sent to a server, when that server reads the cache policy from the request using this library...

Easy Digital Downloads < 3.1.0.5 - Contributor+ Stored XSS

The plugin does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. Add the "EDD Buy Button" Gutenberg block to a post and...

Paid Memberships Pro < 2.9.9 - Contributor+ Stored XSS via Shortcode

The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. 1. Insert the...

WP Airbnb Review Slider < 3.3 - Subscriber+ SQLi

The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as subscriber. Run the following code in the browser console on any WP Admin page. fetch'/wp-admin/admin-ajax.php', method: 'POST',...

Online Food Ordering System 2.0 Shell Upload

Exploit Title: Online Food Ordering System v2 - Remote Code Execution RCE Unauthenticated Date: 01/11/2023 Exploit Author: Onurcan Alcan Vendor Homepage: https://www.sourcecodester.com/php/16022/online-food-ordering-system-v2-using-php8-and-mysql-free-source-code.html Software Link:...

GamiPress – Vimeo integration < 1.0.9 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. gamipressvimeo url='https://vimeo.com/"...

Flexible Captcha <= 4.1 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks FCcaptchafields width='" onmouseover="alert1...

WP Show Posts < 1.1.4 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. 1. Add a new...

WP Tabs < 2.1.17 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. trtabs id='"; alert1; "' trtabs id='"...

CD MP3 Terminator V2.07 Local Seh Exploit

Exploit Title: CD MP3 Terminator V2.07 Local Seh Exploit Date: 31.12.2022 Vendor Homepage: http://www.cdmp3terminator.com Software Link: https://www.softpedia.com/dyn-postdownload.php/7a9b28e4e4800cd04331f2f3df26259a/63b031ec/7084/4/2 Exploit Author: Achilles Tested Version: 2.07 Tested on: Windo...

AAWP < 3.12.3 - Unsafe URL Handling

The plugin can be used to abuse trusted domains to load malware or other files through it Reflected File Download to bypass firewall rules in companies. wp-content/aawp/public/image.php?url=base64-url will load and download the file from the base64-decoded URL...

Sql injection

The WP RSS By Publishers WordPress plugin through 0.1 does not properly sanitize and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin...

FluentAuth < 1.0.2 - Bypass blocks by IP Spoofing

The plugin prioritizes getting a visitor's IP address from certain HTTP headers over PHP's REMOTEADDR, which makes it possible to bypass the IP-based blocks set by the plugin. Set HTTPXREALIP, HTTPXFORWARDEDFOR, HTTPCFCONNECTINGIP or HTTPCLIENTIP to spoof the IP address...

MonsterInsights < 8.9.1 - Stored Cross-Site Scripting via Google Analytics

The plugin does not sanitize or escape page titles in the top posts/pages section, allowing an unauthenticated attacker to inject arbitrary web scripts into the titles by spoofing requests to google analytics. 1. Open a WP page with the plugin and Google analytics installed and search for somethi...

Woo Products Widgets For Elementor < 1.0.8 - Contributor+ Stored XSS via Shortcode

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks 1. Install WooCommerce and add a product. 2...

WordPress Events Calendar Plugin < 1.4.5 - Multiple Reflected XSS

The plugin does not sanitize and escapes a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against both unauthenticated and authenticated users such as high-privilege ones like admin. 1. Create a new calendar in the plugin's setting...