470 matches found
SmartSearchWP < 2.4.6 - OpenAI Key Disclosure
The plugin does not have proper authorization in one of its REST endpoint, allowing unauthenticated users to retrieve the encoded key and then decode it, thereby leaking the OpenAI API key. id: CVE-2024-6845 info: name: SmartSearchWP 2.4.6 - OpenAI Key Disclosure author: s4e-io severity: medium...
WordPress Simple Link Directory <7.7.2 - SQL injection
WordPress Simple Link Directory plugin before 7.7.2 contains a SQL injection vulnerability. The plugin does not validate and escape the postid parameter before using it in a SQL statement via the qcopdupvoteaction AJAX action, available to unauthenticated and authenticated users. An attacker can...
WordPress Spider Calendar <=1.5.65 - Cross-Site Scripting
WorsPress Spider Calendar plugin through 1.5.65 is susceptible to cross-site scripting. The plugin does not sanitize and escape the callback parameter before outputting it back in the page via the window AJAX action, available to both unauthenticated and authenticated users. An attacker can injec...
Popup Builder < 4.0.7 - SQL Injection
The Popup Builder WordPress plugin before 4.0.7 does not validate and properly escape the orderby and order parameters before using them in a SQL statement in the admin dashboard, which could allow high privilege users to perform SQL injection. id: CVE-2022-0228 info: name: Popup Builder 4.0.7 -...
Ditty (formerly Ditty News Ticker) < 3.0.15 - Cross-Site Scripting
The Ditty formerly Ditty News Ticker WordPress plugin before 3.0.15 is affected by a Reflected Cross-Site Scripting XSS vulnerability. id: CVE-2022-0533 info: name: Ditty formerly Ditty News Ticker 3.0.15 - Cross-Site Scripting author: r3Y3r53 severity: medium description: | The Ditty formerly...
CommonsBooking < 2.6.8 - SQL Injection
The plugin does not sanitise and escape the location parameter of the calendardata AJAX action available to unauthenticated users before it is used in dynamically constructed SQL queries, leading to an unauthenticated SQL injection. id: CVE-2022-0658 info: name: CommonsBooking 2.6.8 - SQL Injecti...
Formcraft3 <3.8.28 - Server-Side Request Forgery
Formcraft3 before version 3.8.2 does not validate the URL parameter in the formcraft3get AJAX action, leading to server-side request forgery issues exploitable by unauthenticated users. id: CVE-2022-0591 info: name: Formcraft3 3.8.28 - Server-Side Request Forgery author: Akincibor,j4vaovo severit...
WordPress Mapping Multiple URLs Redirect Same Page <=5.8 - Cross-Site Scripting
WordPress Mapping Multiple URLs Redirect Same Page plugin 5.8 and prior contains a reflected cross-site scripting vulnerability. It does not sanitize and escape the mmurspid parameter before outputting it back in an admin page. id: CVE-2022-0599 info: name: WordPress Mapping Multiple URLs Redirec...
WordPress Page Views Count <2.4.15 - SQL Injection
WordPress Page Views Count plugin prior to 2.4.15 contains an unauthenticated SQL injection vulnerability. It does not sanitise and escape the postids parameter before using it in a SQL statement via a REST endpoint. An attacker can possibly obtain sensitive information, modify data, and/or execu...
WordPress NotificationX <2.3.9 - SQL Injection
WordPress NotificationX plugin prior to 2.3.9 contains a SQL injection vulnerability. The plugin does not sanitize and escape the nxid parameter before using it in a SQL statement, leading to an unauthenticated blind SQL injection. An attacker can possibly obtain sensitive information, modify dat...
WordPress Cookie Information/Free GDPR Consent Solution <2.0.8 - Cross-Site Scripting
WordPress Cookie Information/Free GDPR Consent Solution plugin prior to 2.0.8 contains a cross-site scripting vulnerability via the admin dashboard. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to...
WordPress RSS Aggregator < 4.20 - Authenticated Cross-Site Scripting
WordPress RSS Aggregator 4.20 is susceptible to cross-site scripting. The plugin does not sanitize and escape the id parameter in the wprssfetchitemsrowaction AJAX action before outputting it back in the response, leading to reflected cross-site scripting. id: CVE-2022-0189 info: name: WordPress...
WordPress Permalink Manager <2.2.15 - Cross-Site Scripting
WordPress Permalink Manager Lite and Pro plugins before 2.2.15 contain a reflected cross-site scripting vulnerability. They do not sanitize and escape query parameters before outputting them back in the debug page. id: CVE-2022-0201 info: name: WordPress Permalink Manager 2.2.15 - Cross-Site...
WordPress Page Builder KingComposer <=2.9.6 - Open Redirect
WordPress Page Builder KingComposer 2.9.6 and prior does not validate the id parameter before redirecting the user to it via the kcgetthumbn AJAX action which is available to both unauthenticated and authenticated users. id: CVE-2022-0165 info: name: WordPress Page Builder KingComposer =2.9.7 to...
WordPress Plugin MapPress <2.73.4 - Cross-Site Scripting
WordPress Plugin MapPress before version 2.73.4 does not sanitize and escape the 'mapid' parameter before outputting it back in the "Bad mapid" error message, leading to reflected cross-site scripting. id: CVE-2022-0208 info: name: WordPress Plugin MapPress 2.73.4 - Cross-Site Scripting author:...
WordPress All-in-one Floating Contact Form <2.0.4 - Cross-Site Scripting
WordPress All-in-one Floating Contact Form, Call, Chat, and 50+ Social Icon Tabs plugin before 2.0.4 contains a reflected cross-site scripting vulnerability on the my-sticky-elements-leads admin page. id: CVE-2022-0148 info: name: WordPress All-in-one Floating Contact Form 2.0.4 - Cross-Site...
WordPress XML Sitemap Generator for Google <2.0.4 - Cross-Site Scripting/Remote Code Execution
WordPress XML Sitemap Generator for Google plugin before 2.0.4 contains a cross-site scripting vulnerability that can lead to remote code execution. It does not validate a parameter which can be set to an arbitrary value, thus causing cross-site scripting via error message or remote code executio...
ARMember < 3.4.8 - Unauthenticated Admin Account Takeover
The ARMember WordPress plugin before 3.4.8 is vulnerable to account takeover even the administrator due to missing nonce and authorization checks in an AJAX action available to unauthenticated users, allowing them to change the password of arbitrary users by knowing their username. id:...
WordPress Sensei LMS <4.5.0 - Information Disclosure
WordPress Sensei LMS plugin before 4.5.0 is susceptible to information disclosure. The plugin does not have proper permissions set in a REST endpoint, which can allow an attacker to access private messages. id: CVE-2022-2034 info: name: WordPress Sensei LMS 4.5.0 - Information Disclosure author:...
Wordpress Profile Builder Plugin Cross-Site Scripting
The Profile Builder User Profile & User Registration Forms WordPress plugin is vulnerable to cross-site scripting due to insufficient escaping and sanitization of the siteurl parameter found in the /assets/misc/fallback-page.php file which allows attackers to inject arbitrary web scripts onto a...