Cross site scripting

The Simple Banner WordPress plugin before 2.10.4 does not sanitise and escape one of its settings, allowing high privilege users such as admin to use Cross-Site Scripting payload even when the unfilteredhtml capability is disallowed...

Simple School Staff Directory <= 1.1 - Admin+ Arbitrary File Upload

The plugin does not validate uploaded logo pictures to ensure that are indeed images, allowing high privilege users such as admin to upload arbitrary file like PHP, leading to RCE As admin, upload a PHP file via the Add Logo page of the plugin...

Donate With QRCode <= 1.4.5 - Plugin's Setting Update via CSRF

The plugin does not have CSRF check in place when saving its settings, which could allow attackers to make a logged in admin update them PoC...

Jock on air now < 5.6.2 - Arbitrary Plugin's Settings Update via CSRF

The plugin does not have CSRF check in place when saving its settings, allowing attackers to make logged in admin change them to arbitrary values via a CSRF attack...

CVE-2021-34659

The Plugmatter Pricing Table Lite WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the email parameter in the /license.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.0.32...

CVE-2021-24534

The PhoneTrack Meu Site Manager WordPress plugin through 0.1 does not sanitise or escape its "phpid" setting before outputting it back in an attribute in the page, leading to a stored Cross-Site Scripting issue...

Cross site request forgery (csrf)

The Shantz WordPress QOTD WordPress plugin through 1.2.2 is lacking any CSRF check when updating its settings, allowing attackers to make logged in administrators change them to arbitrary values...

WordPress plugin WP Fountain 跨站脚本漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an open source application plugin for WordPress. A cross-site scripting vulnerability exists i...

WordPress 插件跨站脚本漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports PHP and MySQL server set up a personal blog site . Custom Login Redirect plugin is a WordPress open source application plugin . WordPress Custom Login Redirect plugin 1.0.0 an...

WordPress 插件路径遍历漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports personal blog sites on PHP and MySQL servers.WordPress Plugin is an open source application plugin for WordPress. 10Web â€" A path traversal vulnerability exists in the...

Per Page Add to Head < 1.4.4 - CSRF to Stored XSS

The plugin is lacking any CSRF check when saving its settings, which could allow attackers to make a logged in admin change them. Furthermore, as the plugin allows arbitrary HTML to be inserted in one of the setting feature mentioned by the plugin, this could lead to Stored XSS issue which will b...

CVE-2021-24520

The Stock in & out WordPress plugin through 1.0.4 lacks proper sanitization before passing variables to an SQL request, making it vulnerable to SQL Injection attacks. Users with a role of contributor or higher can exploit this vulnerability...

CVE-2021-24505

The Forms WordPress plugin before 1.12.3 did not sanitise its input fields, leading to Stored Cross-Site scripting issues. The plugin was vulnerable to an Authenticated Stored Cross-Site Scripting XSS vulnerability within the Forms "Add new" field...

Clean Login 1.12.6.3 - Reflected Cross-Site Scripting

The plugin does not escape the url parameter in its login form page, leading to a Reflected Cross-Site Scripting issue PoC Append the following payload on a page where the clean-login shortcode is embed: ?url=" Example: https://example.com/clean-login/?url="...

WPFront Notification Bar < 2.1.0.08087 - Authenticated Stored XSS

The plugin does not properly sanitise and escape its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. PoC To execute the XSS on all frontend pages and plugin's setting page, add the following payload in...

Highlight < 0.9.3 - Authenticated Stored Cross-Site Scripting

The plugin does not sanitise its CustomCSS setting, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed PoC Tick the "Enable Highlight" setting of the plugin, and put the following payload in the CustomCSS setting as well:...

Block and Stop Bad Bots < 6.60 - Authenticated SQL Injections

The plugin did not validate or escape the order and orderby GET parameter in some of its admin dashboard pages, leading to Authenticated SQL Injections PoC https://example.com/wp-admin/admin.php?page=sbbmy-custom-submenu-page=1+AND+%28SELECT+4242+FROM+%28SELECT%28SLEEP%285%29%29%29aaa%29=asc...

User Rights Access Manager <= 1.0.5 - Access Restriction Bypass

The plugin does not properly restrict access to pages, allowing admin users with restricted access done by the plugin to still access the related pages. The issue is the same technique than https://blog.nintechnet.com/vulnerabilities-fixed-in-wordpress-controlled-admin-access-plugin/ PoC The PoC...

WordPress plugin Download Manager 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A code issue exists in WordPress plugin...

CVE-2021-34628 Admin Custom Login <= 3.2.7 - Cross-Site Request Forgery to Stored Cross-Site Scripting

The Admin Custom Login WordPress plugin is vulnerable to Cross-Site Request Forgery due to the loginbgSave action found in the /includes/Login-form-setting/Login-form-background.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 3.2.7...