WP Responsive Menu < 3.1.7.1 - Subscriber+ Settings Update to Stored XSS

The plugin does not have capability and CSRF checks in the wprliveupdate AJAX action, as well as do not sanitise and escape some of the data submitted. As a result, any authenticated, such as subscriber could update the plugin's settings and perform Cross-Site Scripting attacks against all visito...

Exploit for Out-of-bounds Write in Polkit_Project Polkit

CVE-2021-...

WP Dependency Installer < 4.3.1 - Subscriber+ Arbitrary Plugin Activation

The wp-dependency-installer library, used in the plugins does not have authorisation and CSRF checks in its dependencyinstaller AJAX action with the activate method, allowing any authenticated users, such as subscriber to activate arbitrary plugin installed on the blog. Furthermore, despite havin...

Image Photo Gallery Final Tiles Grid < 3.5.3 - Contributor+ Stored Cross-Site Scripting

The plugin does not sanitise and escape the Description field when editing a gallery, allowing users with a role as low as contributor to perform Cross-Site Scripting attacks against other users having access to the gallery dashboard As a contributor, create/edit a gallery and add the following...

Five Star Business Profile and Schema < 2.1.7 - Subscriber+ Page Creation & Settings Update to Stored XSS

The plugin does not have any authorisation and CSRF in its bpfwpwelcomeaddcontactpage and bpfwpwelcomesetcontactinformation AJAX action, allowing any authenticated users, such as subscribers, to call them. Furthermore, due to the lack of sanitisation, it also lead to Stored Cross-Site Scripting...

Samsung SecSettings Privilege Mismanagement Vulnerability (CNVD-2025-02716)

Samsung Mobile is a cell phone from the South Korean company Samsung. A privilege mismanagement vulnerability exists in Samsung SecSettings, which arises from a lack of proper privileges on an unprotected dynamic receiver in the system and can be exploited by an attacker to initiate arbitrary...

Give < 2.17.3 - Reflected Cross-Site Scripting via Import Tool

The plugin does not escape the json parameter before outputting it back in an attribute in the Import admin dashboard, leading to a Reflected Cross-Site Scripting var form1 = document.getElementById'hack'; form1.submit;...

Translation Exchange <= 1.0.14 - Authenticated Stored Cross-Site Scripting (XSS)

The plugin was vulnerable to Authenticated Stored Cross-Site Scripting XSS within the Project Key text field found in the plugin's settings. 1. Click on Use on translation exchange connector 2. In Basic Settings,insert following payload in Project Key text field. "alert55 3. Click Save Changes...

Noptin < 1.6.5 - Open Redirect

The plugin does not validate the to parameter before redirecting the user to its given value, leading to an open redirect issue https://example.com/?noptinns=emailclick&to=https://wpscan.com...

Hospitals Patient Records Management System 1.0 - &#039;room_list&#039; Stored Cross Site Scripting (XSS)

Exploit Title: Hospitals Patient Records Management System 1.0 - 'roomlist' Stored Cross Site Scripting XSS Exploit Author: Sant268 Vendor Homepage: https://www.sourcecodester.com/ Software Link:...

SalonERP 3.0.1 - &#039;sql&#039; SQL Injection (Authenticated)

Exploit Title: SalonERP 3.0.1 - 'sql' SQL Injection Authenticated Exploit Author: Betul Denizler Vendor Homepage: https://salonerp.sourceforge.io/ Software Link: https://sourceforge.net/projects/salonerp/files/latest/download Version: SalonERP v3.0.1 Tested on: Ubuntu Mate 20.04 Vulnerable...

PowerPack Lite for Beaver Builder < 1.2.9.3 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape the tab parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting https://example.com/wp-admin/options-general.php?page=ppbb-settings&tab=%22%3E%3Cimg+src+onerror%3Dalert%28/XSS/%29%3E...

WP Ultimate CSV Importer < 6.4.1 - Subscriber+ Arbitrary File Upload

The plugin does not have authorisation and CSRF checks when uploading zip files via the zipupload AJAX call, and does not perform any check on the files to be extracted. As a result, any authenticated user, such as subscriber could upload an archive with PHP files in it, leading to RCE As any...

Ivory Search < 5.4.1 - Multiple Admin+ Stored Cross-Site Scripting

The plugin does not escape some of the Form settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. Go to the AJAX settings of a Form and put the following payload in the "Minimum number of characters required...

Paid Memberships Pro < 2.6.7 - Unauthenticated Blind SQL Injection

The plugin does not escape the discountcode in one of its REST route available to unauthenticated users before using it in a SQL statement, leading to a SQL injection https://example.com/?restroute=/pmpro/v1/checkoutlevel&levelid=3&discountcode=%27%20%20union%20select%20sleep1%20--%20g...

Exploit for Missing Authentication for Critical Function in Apache Apisix_Dashboard

CVE-2021-45232-RCE CVE-2021-45232-RCE – Multi-threaded batch...

CMSimple 5.4 - Cross Site Scripting (XSS)

Exploit Title: CMSimple 5.4 - Cross Site Scripting XSS Date: 22/10/2021 Exploit Author: heinjame Vendor Homepage: https://www.cmsimple.org/en/ Software Link: https://www.cmsimple.org/en/?Downloads Version: images Upload a file Attack vector '-alert1// need to encode ' When the victim clicks the...

Amazon Affiliate < 3.17.1 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape the tab parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting issue https://example.com/wp-admin/admin.php?page=aawp-settings&tab=%22onclick%3Dprompt%288%29%3E%3Csvg%2Fonload%3Dprompt%288%29%3E%22%40x.y...

Advanced Cron Manager - Subscriber+ Arbitrary Events/Schedules Creation/Deletion

The plugins do not have authorisation checks in some of their AJAX actions, allowing any authenticated users, such as subscriber to call them and add or remove events as well as schedules for example Execute the below command in the web developer console of the web browser when being logged in as...

Asset CleanUp < 1.3.8.5 - Reflected Cross-Site Scripting via AJAX Action

The plugin does not sanitise and escape POSted parameters sent to the wpassetcleanupfetchactivepluginsicons AJAX action available to admin users, leading to a Reflected Cross-Site Scripting issue alert/XSS/" / var form1 = document.getElementById'hack'; form1.submit;...