WordPress WebP Converter for Media < 4.0.3 - Unauthenticated Open Redirect

WordPress WebP Converter for Media 4.0.3 contains a file passthru.php which does not validate the src parameter before redirecting the user to it, leading to an open redirect issue. id: CVE-2021-25074 info: name: WordPress WebP Converter for Media 4.0.3 - Unauthenticated Open Redirect author:...

WordPress Zip Attachments <= 1.1.4 - Arbitrary File Retrieval

WordPress zip-attachments plugin allows arbitrary file retrieval as it does not check the download path of the requested file. id: CVE-2015-4694 info: name: WordPress Zip Attachments = 1.1.4 - Arbitrary File Retrieval author: 0xAkoko severity: high description: WordPress zip-attachments plugin...

NewStatPress <=1.0.4 - Cross-Site Scripting

WordPress NewStatPress plugin through 1.0.4 contains a cross-site scripting vulnerability. The plugin utilizes, on lines 28 and 31 of the file "includes/nspsearch.php", several variables from the $GET scope without sanitation. While WordPress automatically escapes quotes on this scope, the output...

WordPress AB Google Map Travel <=3.4 - Stored Cross-Site Scripting

WordPress AB Google Map Travel plugin through 3.4 contains multiple stored cross-site scripting vulnerabilities. The plugin allows an attacker to hijack the administrator authentication for requests via the 1 lat Latitude, 2 long Longitude, 3 mapwidth, 4 mapheight, or 5 zoom Map Zoom parameters i...

WordPress Church Admin <0.810 - Cross-Site Scripting

WordPress Church Admin plugin before 0.810 allows remote attackers to inject arbitrary web script or HTML via the address parameter via index.php/2015/05/21/churchadmin-registration-form/. id: CVE-2015-4127 info: name: WordPress Church Admin 0.810 - Cross-Site Scripting author: daffainfo severity...

Last.fm Rotation 1.0 - Path Traversal

Directory traversal vulnerability in lastfm-proxy.php in the Last.fm Rotation lastfm-rotation plugin 1.0 for WordPress allows remote attackers to read arbitrary files via a .. dot dot in the snode parameter. id: CVE-2014-5181 info: name: Last.fm Rotation 1.0 - Path Traversal author: DhiyaneshDK...

WordPress Plugin Uploader 1.0.4 - Cross-Site Scripting

Multiple cross-site scripting vulnerabilities in views/notify.php in the Uploader plugin 1.0.4 for WordPress allow remote attackers to inject arbitrary web script or HTML via the 1 notify or 2 blog parameter. id: CVE-2013-2287 info: name: WordPress Plugin Uploader 1.0.4 - Cross-Site Scripting...

WordPress enhanced-tooltipglossary 3.2.8 - Cross-Site Scripting

WordPress enhanced-tooltipglossary 3.2.8 contains a reflected cross-site scripting vulnerability which allows an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication...

WordPress e-search <=1.0 - Cross-Site Scripting

WordPress e-search 1.0 and before contains a reflected cross-site scripting vulnerability via titleaz.php which allows an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based...

WordPress S3 Video <=0.983 - Cross-Site Scripting

WordPress S3 Video and before contains a reflected cross-site scripting vulnerability which allows an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials...

WordPress Pondol Form to Mail <=1.1 - Cross-Site Scripting

WordPress Pondol Form to Mail 1.1 and before contains a reflected cross-site scripting vulnerability which allows an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authenticati...

WordPress heat-trackr 1.0 - Cross-Site Scripting

WordPress heat-trackr 1.0 contains a cross-site scripting vulnerability via heat-trackrabtestadd.php which allows an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authenticati...

Sender by BestWebSoft < 1.2.1 - Cross-Site Scripting

The sender plugin before 1.2.1 for WordPress has multiple XSS issues. id: CVE-2017-18564 info: name: Sender by BestWebSoft 1.2.1 - Cross-Site Scripting author: luisfelipe146 severity: medium description: | The sender plugin before 1.2.1 for WordPress has multiple XSS issues. impact: | Authenticat...

Transposh WordPress Translation <= 1.0.8 - Unauthenticated Settings Change

The Transposh WordPress Translation plugin for WordPress is vulnerable to unauthorized setting changes by unauthenticated users in versions up to, and including, 1.0.8.1. This is due to insufficient permissions checking on the 'tptranslation' AJAX action and default settings which makes it possib...

Dyn Business Panel Plugin <= 1.0.0 - Cross-Site Scripting

Dyn Business Panel WordPress plugin = 1.0.0 contains a reflected cross-site scripting caused by lack of sanitization and escaping of a parameter in output, letting attackers execute scripts in the context of high privilege users, exploit requires victim to click a malicious link. id: CVE-2024-130...

System Dashboard < 2.8.10 - Cross-Site Scripting

The System Dashboard WordPress plugin before 2.8.10 does not sanitize and escape some parameters, which could allow administrators in multisite WordPress configurations to perform Cross-Site Scripting attacks through header injection, specifically in the X-Forwarded-For header. id: CVE-2023-7246...

WordPress Post Timeline Plugin < 2.2.6 - Cross-Site Scripting

The Post Timeline WordPress plugin before version 2.2.6 contains a reflected cross-site scripting vulnerability. The plugin does not properly sanitize and escape an invalid nonce before outputting it back in an AJAX response, which could allow attackers to execute arbitrary JavaScript code in an...

Duplicator < 1.5.7.1; Duplicator Pro < 4.5.14.2 - Unauthenticated Sensitive Data Exposure

The Duplicator WordPress plugin before 1.5.7.1, Duplicator Pro WordPress plugin before 4.5.14.2 does not disallow listing the backups-dup-lite/tmp directory or the backups-dup-pro/tmp directory in the Pro version, which temporarily stores files containing sensitive data. When directory listing is...

News & Blog Designer Pack – WordPress Blog Plugin <= 3.4.1 - Unauthenticated Local File Inclusion

The News & Blog Designer Pack WordPress plugin up to version 3.4.1 contains a remote code execution caused by local file inclusion in the bdpgetmorepost function, letting unauthenticated attackers include arbitrary PHP files, exploit requires AJAX request with crafted POST data. id: CVE-2023-5815...

Hotel Booking Lite < 4.8.5 - Arbitrary File Download & Deletion

The Hotel Booking Lite WordPress plugin before 4.8.5 does not validate file paths provided via user input, as well as does not have proper CSRF and authorisation checks, allowing unauthenticated users to download and delete arbitrary files on the server id: CVE-2023-5991 info: name: Hotel Booking...