WC Marketplace < 4.0.24 - Missing Authorization via mvx_save_dashpages

Description The WC Marketplace plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'mvxsavedashpages' function in versions up to, and including, 4.0.23. This makes it possible for unauthenticated attackers to update the plugin's setting...

MkRapel Regiones y Ciudades de Chile para WC <= 4.3.0 - Cross-Site Request Forgery via multiple functions

Description The MkRapel Regiones y Ciudades de Chile para WC plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.3.0. This is due to missing or incorrect nonce validation on multiple settings functions. This makes it possible for unauthenticated...

Ecwid Ecommerce Shopping Cart < 6.12.5 - Arbitrary Plugin Settings Change via CSRF

Description The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack. PoC http://vulnerable-site.tld/wp-admin/admin-ajax.php?action=ecwidstorefrontsetpageslug=hehehehe Besides, you can disable the...

TriPay Payment Gateway < 3.2.8 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

Exploit for CVE-2023-6289

CVE-2023-6289 Swift Performance Lite = 2.3.6.14 - Missing...

Simple Testimonials Showcase <= 1.1.5 - Cross-Site Request Forgery

Description The Simple Testimonials Showcase plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.5. This is due to missing or incorrect nonce validation on the stssavesettings function. This makes it possible for unauthenticated attackers to upda...

WP Mail Log < 1.1.3 – Incorrect Authorization in REST API Endpoints

Description The plugin does not correctly authorize its REST API endpoints, allowing users with the Contributor role to view and delete data that should only be accessible to Admin users. The following actions may be taken by a Contributor user: --- /wmllogs - Information leak Execute the followi...

WordPress plugin WordPress Backup & Migration security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blog sites on PHP and MySQL servers.WordPress plugin is an...

EWWW Image Optimizer < 7.2.1 - Sensitive Information Exposure

Description The EWWW Image Optimizer for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 7.2.0 due to the plugin saving debug logs in predictable locations. This can allow unauthenticated attackers to obtain information about installation paths, file...

EasyRecipe <= 3.5.3251 - Cross-Site Request Forgery

Description The EasyRecipe plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.5.3251. This is due to missing nonce validation on several functions such as the saveStyle and updateCustomCSS functions. This makes it possible for unauthenticated...

Patreon WordPress < 1.8.8 - Cross-Site Request Forgery

Description The Patreon WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.8.7. This is due to missing or incorrect nonce validation on several functions in the /classes/patreonwordpress.php file. This makes it possible for unauthenticat...

SearchIQ < 4.5 - Unauthenticated Sensitive Information Disclosure

Description The plugin is vulnerable to unauthorized access of data due to a missing capability check on the getSIQPluginSettings function, allowing unauthenticated attackers to view information such as the plugin settings, theme, and WordPress and PHP version...

WP Helper Premium < 4.5.2 - Cross-Site Request Forgery via whp_fields

Description The WP Helper Premium plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.5.1. This is due to missing or incorrect nonce validation on the 'whpfields' function. This makes it possible for unauthenticated attackers to update the plugin...

Simply Excerpts <= 1.4 - Admin+ Stored XSS

Description The plugin does not sanitize and escape some fields in the plugin settings, which could allow high-privilege users such as an administrator to inject arbitrary web scripts even when the unfilteredhtml capability is disallowed for example in a multisite setup. PoC Put the following...

Simply Excerpts <= 1.4 - Admin+ Stored XSS

Description The plugin does not sanitize and escape some fields in the plugin settings, which could allow high-privilege users such as an administrator to inject arbitrary web scripts even when the unfilteredhtml capability is disallowed for example in a multisite setup. Put the following payload...

CVE-2023-5818 Amazonify <= 0.8.1 - Cross-Site Request Forgery to Amazon Tracking ID Update

The Amazonify plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.8.1. This is due to missing or incorrect nonce validation on the amazonifyOptionsPage function. This makes it possible for unauthenticated attackers to update the plugins setting...

CVE-2023-4823

The WP Meta and Date Remover WordPress plugin before 2.2.0 provides an AJAX endpoint for configuring the plugin settings. This endpoint has no capability checks and does not sanitize the user input, which is then later output unescaped. Allowing any authenticated users, such as subscriber change...

CVE-2022-4943

The miniOrange's Google Authenticator plugin for WordPress is vulnerable to authorization bypass due to a missing capability check when changing plugin settings in versions up to, and including, 5.6.5. This makes it possible for unauthenticated attackers to change the plugin's settings...

CVE-2022-3622

The Blog2Social plugin for WordPress is vulnerable to authorization bypass due to missing capability checks in versions up to, and including, 6.9.11. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to change some plugin settings intended to be...

CVE-2022-4943

The miniOrange's Google Authenticator plugin for WordPress is vulnerable to authorization bypass due to a missing capability check when changing plugin settings in versions up to, and including, 5.6.5. This makes it possible for unauthenticated attackers to change the plugin's settings...