PT-2023-16189 · WordPress · Ooohboi Steroids For Elementor

Name of the Vulnerable Software and Affected Versions: OoohBoi Steroids for Elementor WordPress plugin versions prior to 2.1.5 Description: The issue concerns CSRF and broken access control vulnerabilities. These vulnerabilities allow a user with a role as low as a subscriber to delete attachment...

WordPress Quick Restaurant 2.0.2 XSS / CSRF / IDOR / Missing Authorization Vulnerabilities

On January 16, 2023, the Wordfence Threat Intelligence team responsibly disclosed several vulnerabilities in Quick Restaurant Menu, a WordPress plugin that allows users to set up restaurant menus on their sites. This plugin is vulnerable to missing authorization, insecure direct object reference,...

CVE-2022-4790

The CVE covers the WP Google My Business Auto Publish WordPress plugin (pre-3.4). Affected component is a shortcode attribute that is not validated/escaped, enabling Stored XSS for users with as low as Contributor. Public PoCs show a crafted shortcode exploiting this attribute, validating the att...

PT-2023-14971 · WordPress · Members Import

Name of the Vulnerable Software and Affected Versions: Members Import plugin for WordPress versions up to, and including, 1.4.2 Description: The issue is related to Self Cross-Site Scripting via the user login parameter in an imported CSV file due to insufficient input sanitization and output...

CVE-2022-3835 Kwayy HTML Sitemap < 4.0 - Admin+ Stored XSS

The Kwayy HTML Sitemap WordPress plugin before 4.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2022-3677

The Advanced Import WordPress plugin before 1.3.8 does not have CSRF check when installing and activating plugins, which could allow attackers to make a logged in admin install arbitrary plugins from WordPress.org, and activate arbitrary ones from the blog via CSRF attacks...

PT-2022-25346 · WordPress · Quiz/Survey Master

Name of the Vulnerable Software and Affected Versions: Quiz and Survey Master plugin for WordPress versions up to, and including, 8.0.4 Description: The issue arises from insufficient input sanitization and output escaping, allowing iframe tags to be injected via the questionid parameter. This...

CVE-2022-38461 WordPress WPML Multilingual CMS premium plugin <= 4.5.10 - Broken Access Control vulnerability

Broken Access Control vulnerability in WPML Multilingual CMS premium plugin = 4.5.10 on WordPress allows users with a subscriber or higher user role to change plugin settings selected language for legacy widgets, the default behavior for media content...

CVE-2022-3463 FluentForm < 4.3.13 - CSV Injection

The Contact Form Plugin WordPress plugin before 4.3.13 does not validate and escape fields when exporting form entries as CSV, leading to a CSV injection...

PT-2022-21356

Name of the Vulnerable Software and Affected Versions WordPress Classifieds Plugin versions prior to 4.3 Description The issue arises from the improper sanitization and escaping of certain parameters before they are used in a SQL statement. This occurs via an AJAX action that is accessible to...

CVE-2022-3380 Customizer Export/Import < 0.9.5 - Admin+ PHP Objection Injection

The Customizer Export/Import WordPress plugin before 0.9.5 unserializes the content of an imported file, which could lead to PHP object injection issues when an admin imports intentionally or not a malicious file and a suitable gadget chain is present on the blog...

PT-2022-21496 · WordPress · Drag/Drop Multiple File Upload

Name of the Vulnerable Software and Affected Versions: Drag and Drop Multiple File Upload WordPress plugin versions prior to 1.3.6.5 Description: The issue arises from the plugin not properly checking the upload size limit set in forms. Instead, it takes the value from user input sent when...

CVE-2022-3025 Bitcoin / Altcoin Faucet <= 1.6.0 - Settings Update to Stored XSS via CSRF

The Bitcoin / Altcoin Faucet WordPress plugin through 1.6.0 does not have any CSRF check when saving its settings, allowing attacker to make a logged in admin change them via a CSRF attack. Furthermore, due to the lack of sanitisation and escaping, it could also lead to Stored Cross-Site Scriptin...

WordPress plugin Good

WordPress is a blogging platform developed using the PHP language. WordPress plugin Good...

CVE-2022-0770

The Translate WordPress with GTranslate WordPress plugin before 2.9.9 does not have CSRF check in some files, and write debug data such as user's cookies in a publicly accessible file if a specific parameter is used when requesting them. Combining those two issues, an attacker could gain access t...

Wordpress Plugin 404 to 301 2.0.2 - SQL-Injection (Authenticated)

Exploit Title: Wordpress Plugin 404 to 301 2.0.2 - SQL-Injection Authenticated Date 30.01.2022 Exploit Author: Ron Jost Hacker5preme Vendor Homepage: https://de.wordpress.org/plugins/404-to-301/ Software Link: https://downloads.wordpress.org/plugin/404-to-301.2.0.2.zip Version: = 2.0.2 Tested on:...

CVE-2021-24765 Perfect Survey < 1.5.2 - Unauthenticated Stored Cross-Site Scripting

The Perfect Survey WordPress plugin through 1.5.2 does not validate and escape the X-Forwarded-For header value before outputting it in the statistic page when the Anonymize IP setting of a survey is turned off, leading to a Stored Cross-Site Scripting issue...

CVE-2021-24812 BetterLinks < 1.2.6 - Admin+ Stored Cross-Site Scripting

The BetterLinks WordPress plugin before 1.2.6 does not sanitise and escape some of imported link fields, which could lead to Stored Cross-Site Scripting issues when an admin import a malicious CSV...

Contest Gallery < 13.1.0.7 - Subscriber+ Email Address Disclosure

The plugin does not have any proper access controls when exporting users from a gallery, which could allow any authenticated users such as subscriber to list all users from the blog, disclosing their username and email address PoC POST...

CVE-2021-24544

The Responsive WordPress Slider WordPress plugin through 2.2.0 does not sanitise and escape some of the Slider options, allowing Cross-Site Scripting payloads to be set in them. Furthermore, as by default any authenticated user is allowed to create Sliders...