WordPress Domain Check <1.0.17 - Cross-Site Scripting

WordPress Domain Check plugin before 1.0.17 contains a reflected cross-site scripting vulnerability. It does not sanitize and escape the domain parameter before outputting it back in the page. id: CVE-2021-24926 info: name: WordPress Domain Check 1.0.17 - Cross-Site Scripting author: cckuailong...

Smash Balloon Social Post Feed < 4.1.1 - Authenticated Reflected Cross-Site Scripting

The plugin was affected by a reflected XSS in custom-facebook-feed in cff-top admin page. id: CVE-2021-25065 info: name: Smash Balloon Social Post Feed 4.1.1 - Authenticated Reflected Cross-Site Scripting author: Harsh severity: medium description: | The plugin was affected by a reflected XSS in...

WordPress WPS Hide Login <1.9.1 - Information Disclosure

WordPress WPS Hide Login plugin before 1.9.1 is susceptible to incorrect authorization. An attacker can obtain the secret login page by setting a random referer string and making a request to /wp-admin/options.php as an unauthenticated user. This reveals the secret login location. id:...

WordPress Sassy Social Share Plugin <3.3.40 - Cross-Site Scripting

WordPress plugin Sassy Social Share 3.3.40 contains a reflected cross-site scripting vulnerability. id: CVE-2021-24746 info: name: WordPress Sassy Social Share Plugin 3.3.40 - Cross-Site Scripting author: Supras severity: medium description: WordPress plugin Sassy Social Share 3.3.40 contains a...

NEX-Forms Plugin < 7.9.7 - SQL Injection

The NEX-Forms WordPress plugin before 7.9.7 does not properly sanitise and escape user input before using it in SQL statements, leading to SQL injections. The attack can be executed by anyone who is permitted to view the forms statistics chart, by default administrators, however can be configured...

WordPress Ninja Job Board < 1.3.3 - Direct Request

WordPress Ninja Job Board plugin prior to 1.3.3 is susceptible to a direct request vulnerability. The plugin does not protect the directory where it stores uploaded resumes, making it vulnerable to unauthenticated directory listing which allows the download of uploaded resumes. id: CVE-2022-2544...

WordPress Easy Student Results <=2.2.8 - Improper Authorization

WordPress Easy Student Results plugin through 2.2.8 is susceptible to information disclosure. The plugin lacks authorization in its REST API, which can allow an attacker to retrieve sensitive information related to courses, exams, and departments, as well as student grades and information such as...

SearchWP Live Ajax Search < 1.6.2 - Unauthenticated Arbitrary Post Title Disclosure

The plugin does not ensure that users making. alive search are limited to published posts only, allowing unauthenticated users to make a crafted query disclosing private/draft/pending post titles along with their permalink id: CVE-2022-2535 info: name: SearchWP Live Ajax Search 1.6.2 -...

All-In-One Video Gallery <=2.6.0 - Server-Side Request Forgery

WordPress All-in-One Video Gallery plugin through 2.6.0 is susceptible to arbitrary file download and server-side request forgery SSRF via the 'dl' parameter found in the /public/video.php file. An attacker can download sensitive files hosted on the affected server and forge requests to the serve...

WordPress Duplicator <1.4.7 - Authentication Bypass

WordPress Duplicator plugin before 1.4.7 is susceptible to authentication bypass. The plugin discloses the URL of the backup to unauthenticated visitors accessing the main installer endpoint. If the installer script has been run once by an administrator, this allows download of the full site back...

WordPress Simple Ajax Chat <20220116 - Sensitive Information Disclosure vulnerability

WordPress Simple Ajax Chat before 20220216 is vulnerable to sensitive information disclosure. The plugin does not properly restrict access to the exported data via the sac-export.csv file, which could allow unauthenticated users to access it. id: CVE-2022-27849 info: name: WordPress Simple Ajax...

Ametys CMS Information Disclosure

Ametys CMS before 4.5.0 allows a remote unauthenticated attacker to read documents such as plugins/web/service/search/auto-completion/domain/en.xml and similar pathnames for other languages via the auto-completion plugin, which contain all characters typed by all users, including the content of...

Import XML & RSS Feeds WordPress Plugin <= 2.0.1 Server-Side Request Forgery

WordPress plugin Import XML and RSS Feeds import-xml-feed plugin 2.0.1 contains a server-side request forgery SSRF vulnerability via the data parameter in a moovereadxml action. id: CVE-2020-24148 info: name: Import XML & RSS Feeds WordPress Plugin = 2.0.1 Server-Side Request Forgery author:...

WordPress Plugin File Manager (wp-file-manager) Backup Disclosure

mndpsingh287 WP File Manager v6.4 and lower fails to restrict external access to the fmbackups directory with a .htaccess file. This results in the ability for unauthenticated users to browse and download any site backups, which sometimes include full database backups, that the plugin has taken...

WordPress WP Courses Plugin Information Disclosure

WordPress WP Courses Plugin 2.0.29 contains a critical information disclosure which exposes private course videos and materials. id: CVE-2020-26876 info: name: WordPress WP Courses Plugin Information Disclosure author: dwisiswant0 severity: high description: WordPress WP Courses Plugin 2.0.29...

Event Espresso Core-Reg 4.10.7.p - Cross-Site Scripting

Event Espresso Core-Reg 4.10.7.p is vulnerable to cross-site scripting in wp-content/plugins/event-espresso-core-reg/adminpages/messages/templates/eemsgadminoverview.template.php and allows remote attackers to inject arbitrary web script or HTML via the page parameter. id: CVE-2020-26153 info:...

Jenkins Gitlab Hook <=1.4.2 - Cross-Site Scripting

Jenkins Gitlab Hook 1.4.2 and earlier does not escape project names in the buildnow endpoint, resulting in a reflected cross-site scripting vulnerability. id: CVE-2020-2096 info: name: Jenkins Gitlab Hook =1.4.3 to mitigate this vulnerability. reference: -...

CRM Perks Forms < 1.1.1 - Cross Site Scripting

The plugin does not sanitise and escape some parameters from a sample file before outputting them back in the page, leading to Reflected Cross-Site Scripting id: CVE-2022-38467 info: name: CRM Perks Forms 1.1.1 - Cross Site Scripting author: r3Y3r53 severity: medium description: | The plugin does...

WordPress Related Posts <2.1.3 - Stored Cross-Site Scripting

WordPress Related Posts plugin prior to 2.1.3 contains a cross-site scripting vulnerability in the rp4wpheadingtext parameter. User input is not properly sanitized, allowing the insertion of arbitrary code that can allow an attacker to steal cookie-based authentication credentials and launch othe...

WordPress Visitor Statistics (Real Time Traffic) <4.8 -SQL Injection

WordPress Visitor Statistics Real Time Traffic plugin before 4.8 does not properly sanitize and escape the refUrl in the refDetails AJAX action, which is available to any authenticated user. This could allow users with a role as low as subscriber to perform SQL injection attacks. id: CVE-2021-247...