WordPress Warranties and Returns for WooCommerce plugin <= 5.2.1 - Multiple vulnerabilities

Multiple vulnerabilities Authenticated Arbitrary WordPress Options Change, Read and Deletion / Authenticated User Enumeration / Authenticated Plugin Settings Change, Import and Export were discovered by Jerome Bruandet NinTechNet in WordPress Warranties and Returns for WooCommerce plugin versions...

WordPress Live Search for WooCommerce plugin <= 1.3.1 - Multiple vulnerabilities

Multiple vulnerabilities Authenticated Arbitrary WordPress Options Change, Read and Deletion / Authenticated User Enumeration / Authenticated Plugin Settings Change, Import and Export were discovered by Jerome Bruandet NinTechNet in WordPress Live Search for WooCommerce plugin versions = 1.3.1...

Multiple Plugins from CatchThemes - Unauthorised Plugin's Setting Change

Multiple Plugins from the CatchThemes vendor do not perform capability and CSRF checks in the ctpswitch AJAX action, which could allow any authenticated users, such as Subscriber to change the plugin's configurations. 1 Turn off "Turn On Catch Themes & Catch Plugin tabs" jQuery.postajaxurl,...

WordPress Floating Cart plugin <= 1.2.1 - Multiple vulnerabilities

Multiple vulnerabilities Authenticated Arbitrary WordPress Options Change, Read and Deletion / Authenticated User Enumeration / Authenticated Plugin Settings Change, Import and Export were discovered by Jerome Bruandet NinTechNet in WordPress Floating Cart plugin versions = 1.2.1. Solution Update...

WordPress Product Loops for WooCommerce plugin <= 1.6.1 - Multiple vulnerabilities

Multiple vulnerabilities Authenticated Arbitrary WordPress Options Change, Read and Deletion / Authenticated User Enumeration / Authenticated Plugin Settings Change, Import and Export were discovered by Jerome Bruandet NinTechNet in WordPress Product Loops for WooCommerce plugin versions = 1.6.1...

WordPress Autopilot SEO for WooCommerce plugin <=1.5.1 - Multiple vulnerabilities

Multiple vulnerabilities Authenticated Arbitrary WordPress Options Change, Read and Deletion / Authenticated User Enumeration / Authenticated Plugin Settings Change, Import and Export were discovered by Jerome Bruandet NinTechNet in WordPress Autopilot SEO for WooCommerce plugin versions =1.5.1...

WordPress 插件跨站脚本漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports personal blog sites on PHP and MySQL servers.WordPress Plugin is an open source application plugin for WordPress. A cross-site scripting vulnerability exists in the WordPress...

CVE-2021-38341

The WooCommerce Payment Gateway Per Category WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $SERVER"PHPSELF" value in the /includes/pluginsettings.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 2.0.10...

WordPress 插件跨站脚本漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress Plugin is an open source application plugin for WordPress. A cross-site scripting vulnerability exists i...

Picture Gallery < 1.4.4 - Authenticated Stored XSS

The plugin does not properly sanitize input on a field found in the plugin's settings page, leading to a stored cross site scripting risk where authenticated users can target other authenticated users. PoC Enter a XSS payload like " in the "Content URL" field found on the plugin's Settings -...

WPFront Notification Bar < 2.1.0.08087 - Authenticated Stored XSS

The plugin does not properly sanitise and escape its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. To execute the XSS on all frontend pages and plugin's setting page, add the following payload in the...

Simple Banner < 2.10.4 - Authenticated Stored XSS

The plugin does not sanitise and escape one of its settings, allowing high privilege users such as admin to use Cross-Site Scripting payload even when the unfilteredhtml capability is disallowed. Put the following payload in the Simple Banner Text setting of the plugin: The XSS will be triggered ...

BuddyPress Customer.io Analytics Integration <= 1.1.6 - Arbitrary Plugin Settings Update via CSRF

The plugin does not properly perform the CSRF check when saving its settings, allowing attackers to make logged in admin change them to arbitrary values PoC...

WP Prayer < 1.6.7 - Arbitrary Plugin Settings Update via CSRF

The plugin did not properly check for CSRF in some of its module functions, allowing attacker to make logged in admin change all plugin's settings including the email settings for example. v1.6.6 fixed most of CSRF checks, but the one in model.emailsettings.php was improperly fixed bypass still...

WordPress plugin 跨站请求伪造漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports PHP and MySQL servers to set up a personal blog site.WordPress Plugin is a WordPress open source application plugin . 404 SEO Redirection Cross-site request forgery...

WordPress Ship To eCourier plugin <= 1.0.1 - Cross-Site Request Forgery (CSRF) vulnerability allowing Plugin Settings Update

Cross-Site Request Forgery CSRF vulnerability allowing Plugin Settings Update discovered by WPScan Team in WordPress Ship To eCourier plugin versions = 1.0.1. Solution Update the WordPress Ship To eCourier plugin to the latest available version at least 1.0.2...

Select All Categories and Taxonomies < 1.3.2 - Reflected Cross-Site Scripting (XSS)

The settings page of the plugin did not properly sanitise the tab parameter before outputting it back, leading to a reflected Cross-Site Scripting issue PoC https://example.com/wp-admin/options-general.php?page=moove-taxonomy-settings=" onMouseOver="alert1;...

CVE-2021-24174

The Database Backups WordPress plugin through 1.2.2.6 does not have CSRF checks, allowing attackers to make a logged in user unwanted actions, such as generate backups of the database, change the plugin's settings and delete backups...

Cross site request forgery (csrf)

The Database Backups WordPress plugin through 1.2.2.6 does not have CSRF checks, allowing attackers to make a logged in user unwanted actions, such as generate backups of the database, change the plugin's settings and delete backups...

CVE-2021-24196 Social Slider Widget < 1.8.5 - Authenticated Reflected Cross-Site Scripting (XSS)

The Social Slider Widget WordPress plugin before 1.8.5 allowed Authenticated Reflected XSS in the plugin settings page as the ‘tokenerror’ parameter can be controlled by users and it is directly echoed without being sanitized...