GO-2023-2011 Yaklang Plugin's Fuzztag Component Allows Unauthorized Local File Reading in github.com/yaklang/yaklang

Yaklang Plugin's Fuzztag Component Allows Unauthorized Local File Reading in github.com/yaklang/yaklang...

File Renaming on Upload < 2.5.2 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup Multiple inputs in the plugin's settings -- for...

CVE-2022-0833 Church Admin < 3.4.135 - Unauthenticated Plugin's Backup Disclosure

The Church Admin WordPress plugin before 3.4.135 does not have authorisation and CSRF in some of its action as well as requested files, allowing unauthenticated attackers to repeatedly request the "refresh-backup" action, and simultaneously keep requesting a publicly accessible temporary file...

Dropdown Menu Widget <= 1.9.7 - Subscriber+ Arbitrary Settings Update to Stored XSS

The plugin does not have authorisation and CSRF checks when saving its settings, allowing low privilege users such as subscriber to update them. Due to the lack of sanitisation and escaping, it could also lead to Stored Cross-Site Scripting issues Open the following URL as a subscriber:...

WP Google Map < 1.8.4 - Arbitrary Post Deletion and Plugin's Settings Update via CSRF

The plugin does not have CSRF checks in most of its AJAX actions, which could allow attackers to make logged in admins delete arbitrary posts and update the plugin's settings via a CSRF attack Removing post: fetch"https://example.com/wp-admin/admin-ajax.php", "headers": "content-type":...

TrustMate.io integration for WooCommerce < 1.8.12 - Subscriber+ Arbitrary Plugin's Settings Update

The plugin does not have any CSRF and authorisation checks in the savecheckbox AJAX action, available to any authenticated users, allowing any authenticated user, such as subscriber to update arbitrary settings from the plugin. Due to the lack of escaping, it could lead to Stored Cross-Site...

CVE-2021-24818 WP Limits <= 1.0 - Plugin's Settings Update via CSRF

The WP Limits WordPress plugin through 1.0 does not have CSRF check when saving its settings, allowing attacker to make a logged in admin change them, which could make the blog unstable by setting low values...

Single Post Exporter <= 1.1.1 - Plugin's Settings Update via CSRF

The plugin does not have CSRF checks when saving its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and give access to the export feature to any role such as subscriber. Subscriber users would then be able to export an arbitrary post/page such as...

MouseWheel Smooth Scroll < 5.7 - Plugin's Setting Update via CSRF

The plugin does not have CSRF check in place on its settings page, which could allow attackers to make a logged in admin change them via a CSRF attack PoC...

Print-O-Matic < 2.0.3 - Admin+ Stored Cross-Site Scripting

The plugin does not escape some of its settings before outputting them in attribute, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. Put the following payload in the "Pause Before Print" settings of the plugin: ...

JobSearch WP Job Board < 1.8.2 - Unauthenticated Plugin's Settings Update

The savelocsettings function, hooked to the init action which will therefore run each time the blog is loaded could allow unauthenticated users to modify the plugin's settings...

Logo Slider and Showcase < 1.3.37 - Editor Plugin's Settings Update

The plugin allows Editor users to update the plugin's settings via the rtWLSSettings AJAX action because it uses a nonce for authorisation instead of a capability check. - As Editor, go to Logo Showcase - Shortcode Generator - Run...

Far Future Expiry Header < 1.5 - Plugin's Settings Update via CSRF

The plugin does not have CSRF check when saving its settings, which could allow attackers to make a logged in admin change them via a CSRF attack. PoC...

WPCS < 1.1.7 - Arbitrary Plugin's Settings Change via CSRF

The plugin did not have any CSRF in place when saving its options, which could allow attacker to make a logged in administrator change them...

CVE-2021-31828

An SSRF issue in Open Distro for Elasticsearch ODFE before 1.13.1.0 allows an existing privileged user to enumerate listening services or interact with configured resources via HTTP requests exceeding the Alerting plugin's intended scope...

Ship To Ecourier < 1.0.2 - Plugin's Settings Update via CSRF

The plugin did not properly check for CSRF, allowing attackers to make a logged in administrator update the plugin's settings PoC...

Parcel Tracker eCourier < 1.0.2 - Plugin's Settings Update via CSRF

The plugin did not properly check for CSRF, allowing attackers to make a logged in administrator update the plugin's settings...

Ship To Ecourier < 1.0.2 - Plugin's Settings Update via CSRF

The plugin did not properly check for CSRF, allowing attackers to make a logged in administrator update the plugin's settings...

WP GDPR Compliance < 1.5.6 - Unauthenticated Stored Cross-Site Scripting (XSS)

The GDPR Compliance action=wpgdprcprocessaction=cccf5a60ec="type":"accessrequest","email":"[email protected]","consent":true...

Search Meter < 2.13.3 - CSV Injection

A CSV Injection vulnerability was discovered in the Search Meter WordPress plugin. Version 2.13.2 and possibly earlier versions of the plugin was found to be affected. According to the reporter, the issue was reported to the plugin's author but they did not respond...