119 matches found
Simple Tweet <= 1.4.0.2 - Admin+ Stored XSS
Description The plugin does not validate and escape some parameters, which could allow users with the admin role and above to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
Awesome Support < 6.1.5 - Reflected Cross-Site Scripting
Description The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. PoC Visit the following URL as an admin user, with any valid ticket ID. Press the acce...
Cookie Monster <= 1.51 - Admin+ Stored XSS
Description The plugin does not validate and escape some parameters, which could allow users with the admin role and above to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
WPCode < 2.0.13.1 - Reflected XSS
Description The plugin does not escape generated URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting PoC Make a logged in admin open https://example.com/wp-admin/admin.php?page=wpcode"=2...
Call Now Accessibility Button < 1.1 - Admin+ Stored Cross Site Scripting
Description The plugin does not properly sanitize some of its settings, which could allow high-privilege users to perform Stored Cross-Site Scripting XSS attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. 1. In the plugin's "Quick Start" field, add the...
CVE-2020-36701
The Page Builder: KingComposer plugin for WordPress is vulnerable to Arbitrary File Uploads in versions up to, and including, 2.9.3 via the 'processbulkaction' function in the 'kingcomposer/includes/kc.extensions.php' file. This makes it possible for authenticated users with author level...
Ultimate Product Catalog < 5.2.6 - Admin+ Stored XSS
The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC 1. Navigate to the plugin setup page. 2. Go to...
CVE-2023-32986
Jenkins File Parameter Plugin 285.v757c5b67ac25 and earlier does not restrict the name and resulting uploaded file name of Stashed File Parameters, allowing attackers with Item/Configure permission to create or replace arbitrary files on the Jenkins controller file system with attacker-specified...
OSM – OpenStreetMap <= 6.01 - Contributor+ Stored XSS via Shortcode
The plugin does not validate and escape some of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack. PoC osmmap mapborder='3px solid black;background:red;width:100px;height:100px;" onmouseover="alert1"'...
CVE-2023-27614
CVE-2023-27614 is a confirmed XSS vulnerability in the WordPress plugin “Motor Racing League” (versions
Shortcodes Ultimate < 5.12.8 - Subscriber+ Arbitrary Post Access
The plugin does not ensure that posts to be displayed via some shortcodes are already public and can be accessed by the user making the request, allowing any authenticated users such as subscriber to view draft, private or even password protected posts. It is also possible to leak the password of...
CVE-2023-0405
The GPT AI Power: Content Writer & ChatGPT & Image Generator & WooCommerce Product Writer & AI Training WordPress plugin before 1.4.38 does not perform any kind of nonce or privilege checks before letting logged-in users modify arbitrary posts...
Loan Comparison < 1.5.3 - Contributor+ Stored XSS via shortcode
The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks PoC loancomparison slider='"...
CVE-2023-24456
Jenkins Keycloak Authentication Plugin 2.3.0 and earlier does not invalidate the previous session on login...
Show All Comments < 7.0.1 - Reflected XSS
The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against a logged in high privilege users such as admin. PoC Visit the following URL authenticated or not to trigger an alert box:...
CVE-2022-38461 WordPress WPML Multilingual CMS premium plugin <= 4.5.10 - Broken Access Control vulnerability
Broken Access Control vulnerability in WPML Multilingual CMS premium plugin = 4.5.10 on WordPress allows users with a subscriber or higher user role to change plugin settings selected language for legacy widgets, the default behavior for media content...
CVE-2022-45381
Jenkins Pipeline Utility Steps Plugin 2.13.1 and earlier does not restrict the set of enabled prefix interpolators and bundles versions of Apache Commons Configuration library that enable the 'file:' prefix interpolator by default, allowing attackers able to configure Pipelines to read arbitrary...
CVE-2022-3380 Customizer Export/Import < 0.9.5 - Admin+ PHP Objection Injection
The Customizer Export/Import WordPress plugin before 0.9.5 unserializes the content of an imported file, which could lead to PHP object injection issues when an admin imports intentionally or not a malicious file and a suitable gadget chain is present on the blog...
tagDiv Composer < 3.5 - Unauthenticated Account Takeover
Description The plugin, required by the themes, does not properly implement the Facebook login feature, allowing unauthenticated attackers to login as any user by just knowing their email address PoC Run the below command in the developer console of the web browser while being on the blog as an...
CVE-2022-3025 Bitcoin / Altcoin Faucet <= 1.6.0 - Settings Update to Stored XSS via CSRF
The Bitcoin / Altcoin Faucet WordPress plugin through 1.6.0 does not have any CSRF check when saving its settings, allowing attacker to make a logged in admin change them via a CSRF attack. Furthermore, due to the lack of sanitisation and escaping, it could also lead to Stored Cross-Site Scriptin...