16 matches found
EUVD-2026-42172
The WP Learn Manager plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.1.8. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers to install and activat...
EUVD-2021-11108
Malware in sbrugna...
📄 Anant Addons for Elementor 1.1.5 CSRF / Arbitrary Plugin Installation
Anant Addons for Elementor versions 1.1.5 and below cross site request forgery proof of concept that allows for arbitrary plugin installation. 🛡️ Anant Addons for Elementor Anant Addons for Elementor body background-color: 111; color: 0f0; font-family: monospace;...
WordPress plugin Hunk Companion 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability in...
CVE-2023-2877
The Formidable Forms WordPress plugin before 6.3.1 does not adequately authorize the user or validate the plugin URL in its functionality for installing add-ons. This allows a user with a role as low as Subscriber to install and activate arbitrary plugins of arbitrary versions from the...
Authorization
The Gutenberg Template Library & Redux Framework plugin = 4.2.11 for WordPress used an incorrect authorization check in the REST API endpoints registered under the “redux/v1/templates/” REST Route in “redux-templates/classes/class-api.php”. The permissionscallback used in this file only checked f...
CVE-2021-24192
Low privileged users can use the AJAX action 'cppluginsdobuttonjoblatercallback' in the Tree Sitemap WordPress plugin before 2.9, to install any plugin including a specific version from the WordPress repository, as well as activate arbitrary plugin from then blog, which helps attackers install...
CVE-2021-24192
Low privileged users can use the AJAX action 'cppluginsdobuttonjoblatercallback' in the Tree Sitemap WordPress plugin before 2.9, to install any plugin including a specific version from the WordPress repository, as well as activate arbitrary plugin from then blog, which helps attackers install...
CVE-2021-24190
Low privileged users can use the AJAX action 'cppluginsdobuttonjoblatercallback' in the WooCommerce Conditional Marketing Mailer WordPress plugin before 1.5.2, to install any plugin including a specific version from the WordPress repository, as well as activate arbitrary plugin from then blog,...
CVE-2021-24191
Low privileged users can use the AJAX action 'cppluginsdobuttonjoblatercallback' in the WP Maintenance Mode & Site Under Construction WordPress plugin before 1.8.2, to install any plugin including a specific version from the WordPress repository, as well as activate arbitrary plugin from then blo...
Design/Logic Flaw
In the Redirection for Contact Form 7 WordPress plugin before 2.3.4, low level users, such as subscribers, could use the importfromdebug AJAX action to install any plugin from the WordPress repository...
WordPress plugin WP Maintenance Mode & Site Under Construction 安全漏洞
WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports PHP and MySQL servers to set up a personal blog site.WordPress Plugin is a WordPress open source application plugin . An authorization issue vulnerability exists in versions o...
Multiple WP-Buy Plugins - Arbitrary Plugin Installation/Activation via Low Privilege User
Low privileged users could use the AJAX action "cppluginsdobuttonjoblatercallback" from multiple plugins of the WP-Buy vendor, to install any plugin including a specific version from the WordPress repository, which helps attackers install vulnerable plugins and could lead to more critical...
Redirection for Contact Form 7 < 2.3.4 - Authenticated Arbitrary Plugin Installation
In the plugin, low level users, such as subscribers, could use the importfromdebug AJAX action to install any plugin from the WordPress repository. PoC $wpuser, 'pwd' = $wppass, 'rememberme' = 'forever', 'wp-submit' = 'Log+In', ; $output = curlexec$ch; curlclose$ch; // Install some plugins $ch =...
Imagements <= 1.2.5 - Unauthenticated Arbitrary File Upload to RCE
The Imagements WordPress plugin, versions = 1.2.5, allowed images to be uploaded in comments, however, only checked for the Content-Type HTTP header for validation, which can be tampered with. This allows unauthenticated attackers to upload arbitrary files by using a valid image Content-Type head...
WordPress Teaser Maker plugin <= 0.1.114 - Cross-Site Scripting (XSS) vulnerability
Cross-Site Scripting XSS vulnerability found by WPScan security research team in WordPress Teaser Maker plugin versions = 0.1.114. Solution 2020-02-15 - we were unable to find a patched version of this plugin. Notice from WordPress plugin repository: "This plugin has been closed as of January 14,...