386 matches found
CVE-2023-25796 WordPress WP BaiDu Submit Plugin <= 1.2.1 is vulnerable to Cross Site Scripting (XSS)
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Include WP BaiDu Submit plugin = 1.2.1 versions...
PT-2023-20103 · WordPress · Oliver Schlöbe Simple Yearly Archive
Name of the Vulnerable Software and Affected Versions: Oliver Schlöbe Simple Yearly Archive plugin versions = 2.1.8 Description: The issue is related to a Stored Cross-Site Scripting XSS vulnerability that requires authentication with admin+ privileges. Recommendations: For Oliver Schlöbe Simple...
Cross site scripting
The Responsive Filterable Portfolio plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the searchterm parameter in versions up to, and including, 1.0.19 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...
CVE-2023-24402 WordPress WP Booking System Plugin <= 2.0.18 is vulnerable to Cross Site Scripting (XSS)
Auth. admin+ Cross-Site Scripting XSS vulnerability in Veribo, Roland Murg WP Booking System – Booking Calendar plugin = 2.0.18 versions...
Cross site request forgery (csrf)
The WP Fastest Cache plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.2. This is due to missing or incorrect nonce validation on the wpfcpreloadsinglesavesettingscallback function. This makes it possible for unauthenticated attackers to change...
Cross site request forgery (csrf)
The WP Fastest Cache plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.2. This is due to missing or incorrect nonce validation on the wpfcclearcacheofallsitescallback function. This makes it possible for unauthenticated attackers to clear cache...
TF Random Numbers < 2.0.1 - Subscriber+ Arbitrary Option Update
The plugin does not have authorisation and CSRF check in an AJAX action, and does not ensure that the options to be updated belong to the plugin. As a result, it could allow any authenticated users, such as subscriber, to update arbitrary blog options, such as enabling registration and set the...
CVE-2022-47173 WordPress Connect Contact Form 7, WooCommerce To Google Sheets & Other Platforms – Advanced Form Integration Plugin <= 1.62.0 is vulnerable to Cross Site Scripting (XSS)
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in nasirahmed Connect Contact Form 7, WooCommerce To Google Sheets & Other Platforms – Advanced Form Integration plugin = 1.62.0 versions...
WordPress CP Multi View Event Calendar Plugin <= 1.4.10 is vulnerable to Other Vulnerability Type
Software CP Multi View Event Calendar Type Plugin Vulnerable versions = 1.4.10 Fixed in 1.4.11 OWASP Top 10 A5: Broken Access Control Classification Other Vulnerability Type CVE CVE-2023-28492 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 1690516e9658 Credits István Márt...
WordPress Sequential Order Numbers for WooCommerce Plugin <= 3.5.7.6 is vulnerable to Broken Access Control
Software Sequential Order Numbers for WooCommerce Type Plugin Vulnerable versions = 3.5.7.6 Fixed in 3.5.7.7 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2022-45813 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 91999026aef4 Credits...
Cross site request forgery (csrf)
The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.1. This is due to missing or incorrect nonce validation on the ucssconnect function. This makes it possible for unauthenticated attackers to connect the si...
CVE-2020-36668 JetBackup – WP Backup, Migrate & Restore <= 1.4.0 - Sensitive Information Disclosure
The JetBackup – WP Backup, Migrate & Restore plugin for WordPress is vulnerable to sensitive information disclosure in versions up to, and including, 1.4.0 due to a lack of proper capability checking on the backupguardgetmanualmodal function called via an AJAX action. This makes it possible for...
WordPress Feed Them Social Plugin <= 3.0.2 is vulnerable to Cross Site Request Forgery (CSRF)
Software Feed Them Social Type Plugin Vulnerable versions = 3.0.2 Fixed in 4.0.0 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-25056 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID d0bf770b4cc9 Credits Rio Darmawan...
WooCommerce Checkout Field Manager < 18.0 - Unauthenticated Arbitrary File Upload
The plugin does not validate files to be uploaded, which could allow unauthenticated attackers to upload arbitrary files such as PHP on the server PoC 1. Install and activate woocommerce dependency, no setup required 2. Install and active the vulnerable plugin n-media-woocommerce-checkout-fields...
WordPress Easy PayPal Buy Now Button Plugin < 1.7.3 is vulnerable to Cross Site Request Forgery (CSRF)
Software Easy PayPal Buy Now Button Type Plugin Vulnerable versions 1.7.3 Fixed in 1.7.3 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE N/A Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID d96c1118d3fb Credits WPScanTeam Required...
PT-2023-14525 · WordPress · Themify Portfolio Post
Name of the Vulnerable Software and Affected Versions: Themify Portfolio Post WordPress plugin versions prior to 1.2.1 Description: The issue allows users with a role as low as a contributor to perform Stored Cross-Site Scripting attacks, which could be used against high privileged users such as...
Improper access control
The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wprsavemegamenusettings' AJAX action in versions up to, and including, 1.3.59. This allows any authenticated user, including those with subscriber-level permissions, to enable and modify Mega Menu...
Cross site scripting
The Royal Elementor Addons plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 1.3.59, due to due to insufficient input sanitization and output escaping of the 'wprajaxsearchlinktarget' parameter in the 'datafetch' function. This makes it possibl...
CVE-2022-4393 ImageLinks Interactive Image Builder for WordPress <= 1.5.3 - Contributor+ Stored XSS
The ImageLinks Interactive Image Builder for WordPress plugin through 1.5.3 does not sanitise and escape some of its settings, which could allow users such as contributor+ to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...
Pardakht Delkhah < 2.9.3 - Unauthenticated Stored XSS
The plugin does not sanitise and escape some parameters, allowing unauthenticated attackers to send a request with XSS payloads, which will be triggered when a high privilege users such as admin visits a page from the plugin. 1. Install and activate WoocCommerce dependency, no configuration...