CVE-2021-24458

The getayspopupboxes and getpopupcategories functions of the Popup box WordPress plugin before 2.3.4 did not use whitelist or validate the orderby parameter before using it in SQL statements passed to the getresults DB calls, leading to SQL injection issues in the admin dashboard...

Sql injection

The getayspopupboxes and getpopupcategories functions of the Popup box WordPress plugin before 2.3.4 did not use whitelist or validate the orderby parameter before using it in SQL statements passed to the getresults DB calls, leading to SQL injection issues in the admin dashboard...

VDZ Google Analytics or Google Tag Manager / GTM < 1.6.0 - Authenticated Stored XSS

The plugin does not escape its Google Analytics ID settings, allowing high privilege users such as admin to perform XSS attacks even when the unfilteredhtml capability is disallowed. The issue was introduced in v1.5.0, fixed in 1.5.4, then re-introduced in 1.5.5 and fixed in 1.6.0 PoC Put the...

Bold Page Builder < 3.1.6 - PHP Object Injection

The btbbgetgrid AJAX action of the plugin passes user input into the unserialize function without any validation or sanitisation, which could lead to a PHP Object Injection. Even though the plugin did not contain a suitable gadget to fully exploit the issue, other installed plugins on the blog...

JiangQie Official Website Mini Program < 1.1.1 - Authenticated SQL Injection

The plugin does not escape or validate the id GET parameter before using it in SQL statements, leading to SQL injection issues PoC https://example.com/wp-admin/admin.php?page=jiangqieowfreefeedback=detail=1+AND+%28SELECT+%2A+FROM+%28SELECT%28SLEEP%285%29%29%29a%29 Could also make a logged in admi...

Splash Header < 1.20.8 - Authenticated Stored Cross-Site Scripting (XSS)

The plugin doesn't sanitise and escape some of its settings while outputting them in the admin dashboard, leading to an authenticated Stored Cross-Site Scripting issue. PoC Put the following payload in the "Note title" and "Note message" settings of the plugin: " and Then visit the Admin Dashboar...

uListing < 2.0.6 - Reflected Cross-Site Scripting

An Authenticated Reflected XSS vulnerability was discovered in the plugin. Vulnerable parameters: id, user, expireddate, createddate, updateddate. WPNonce is present in the original requests, but doesn't pass the correct check, as a result of which it doesn't work. PoC PoC 1 | Authenticated...

Project Status <= 1.6 - Reflected Cross-Site Scripting (XSS)

The pspinduplicatepostsaveasnewpost function of the plugin does not sanitise, validate or escape the post GET parameter passed to it before outputting it in an error message when the related post does not exist, leading to a reflected XSS issue PoC Open the below URL as any authenticated user...

Edit Comments <= 0.3 - Unauthenticated SQL Injection

The plugin does not sanitise, validate or escape the jaleditcomments GET parameter before using it in a SQL statement, leading to a SQL injection issue PoC Post a comment on a page, then open https://example.com//?jaleditcomments=7%20AND%20SELECT%209114%20FROM SELECTSLEEP5wjzD...

Comment Highlighter <= 0.13 - Authenticated SQL Injection

A c GET parameter of the plugin is not properly sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection. PoC GET...

Basic-auth app bundle credential exposure in gatsby-source-wordpress

Impact The gatsby-source-wordpress plugin prior to versions 4.0.8 and 5.9.2 leaks .htaccess HTTP Basic Authentication variables into the app.js bundle during build-time. Users who are not initializing basic authentication credentials in the gatsby-config.js are not affected. Example affected...

Photo Gallery < 1.5.79 - Stored XSS via Uploaded SVG in Zip

The plugin did not ensure that uploaded SVG files inside a Zipped archive added to a gallery do not contain malicious content. As a result, users allowed to add images to gallery can upload an SVG file containing JavaScript code, which will be executed when accessing the image directly ie in the...

WordPress 安全漏洞

WordPress is a blogging platform developed using the PHP language by the WordPress Wordpress Foundation. The platform supports personal blog sites on PHP and MySQL servers.LearnPress is a learning management system plugin used in it. A security vulnerability exists in versions of the WordPress...

WordPress 授权问题漏洞

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. An authorization issue vulnerability exists in the WordPress plugin Basix NEX-Forms 7.8.7 and earlie...

My Site Audit <= 1.2.4 - Authenticated Stored Cross-Site Scripting (XSS)

The plugin does not sanitise or escape the Audit Name field when creating an audit, allowing high privilege users to set JavaScript payloads in them, even when he unfilteredhtml capability is disallowed, leading to an authenticated Stored Cross-Site Scripting issue PoC Create an audit with the...

Telugu Bible Verse Daily <= 1.0 - CSRF to Stored XSS

The plugin is lacking any CSRF check when saving its settings and verses, and do not sanitise or escape them when outputting them back in the page. This could allow attackers to make a logged in admin change the settings, as well as add malicious verses containing JavaScript code in them, leading...

Social Tape <= 1.0 - CSRF to Stored XSS

The plugin does not have CSRF checks in place when saving its settings, and do not sanitise or escape them before outputting them back in the page, leading to a stored Cross-Site Scripting issue via a CSRF attack PoC...

WordPress plugin has an unspecified vulnerability (CNVD-2021-59599)

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers. WordPress Plugin is a WordPress open source application plugin. Backup by 10Web WordPress Plugin 1.0.20 and earlier has...

The vulnerability of the Business Directory plugin of the WordPress content management system, related to the unlimited loading of dangerous files, allows a hacker to read arbitrary files in the catalog of the configuration.

The vulnerability of the Business Directory plugin of the WordPress content management system is related to the unlimited loading of dangerous files. Exploiting this vulnerability allows a malicious actor to read arbitrary files in the directory configuration...

WordPress 跨站脚本漏洞

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL.W3 Total Cache is a website caching plugin. A code injection vulnerability exists in WordPress Plugin...