4359 matches found
Content Control < 1.1.10 - Contributor+ Stored XSS
The plugin does not validate and escapes some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as a contributor to perform Stored Cross-Site Scripting attacks, which could be used against high privilege users such as admins. Exploit...
Top 10 < 3.2.3 - Contributor+ Stored XSS
The plugin does not validate and escape some of its Block attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. 1. Insert a Top 1...
Print-O-Matic < 2.1.8 - Contributor+ Stored XSS via Shortcode
The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. Exploit...
Word Balloon < 4.19.3 - Contributor+ Stored XSS via Shortcode
The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. Exploit...
OneClick Chat to Order < 1.0.4.2 - Contributor+ Stored XSS via Shortcode
The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. 1. Install th...
ShiftNav – Responsive Mobile Menu < 1.7.2 - Contributor+ Stored XSS in Shortcode
The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. Exploit...
Meteor Slides < 1.5.7 - Contributor+ Stored XSS
The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. meteorslidesh...
Structured Content < 1.5.1 - Contributor+ Stored XSS in Shortcode
The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. Exploit...
Optimize images ALT Text (alt tag) & names for SEO using AI < 2.0.8 - Settings Update via CSRF
The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged-in admin change them via a CSRF attack. Use the following form to abuse the CSRF vulnerability on the settings page: action layout textColor contentBackgroundColor starColor...
Collapse-O-Matic < 1.8.3 - Contributor+ Stored XSS
The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admin. Exploit...
WP Popups < 2.1.4.8 - Contributor+ Stored XSS
The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. Exploit:...
Product Slider for WooCommerce < 2.6.4 - Contributor+ Stored XSS in Shortcode
The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. Install the...
BruteBank - WP Security & Firewall < 1.9 - Settings Update via CSRF
The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged-in admin change them via a CSRF attack. POST /wp-admin/admin.php?page=brutebank-settings HTTP/1.1 publickey=site.a%22%2522aaaa%3Daaa&secretkey=aaa&update=Update...
User Verification < 1.0.94 - Authentication Bypass
The plugin was affected by an Auth Bypass security vulnerability. To bypass authentication, we only need to know the user’s username. Depending on whose username we know, which can be easily queried because it is usually public data, we may even be given an administrative role on the website...
Search & Filter < 1.2.16 - Contributor+ Stored XSS
The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admin. Insert the...
CBX Petition for WordPress <= 1.0.3 - Unauthenticated SQLi
The plugin does not properly sanitize and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection. 1. Create and publish a new petition. 2. Invoke the following curl command, with the nonce in place, to induce a...
Compact WP Audio Player < 1.9.8 - Contributor+ Stored XSS
The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. Exploit:...
WP Limit Login Attempts <= 2.6.4 - IP Spoofing
The plugin prioritizes getting a visitor's IP from certain HTTP headers over PHP's REMOTEADDR, which makes it possible to bypass IP-based restrictions on login forms. Set HTTPCLIENTIP or HTTPXFORWARDEDFOR as used in wplimitgetip to spoof the IP address and bypass the block...
Page-list < 5.3 - Contributor+ Stored XSS
The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. Exploit...
WP Statistics < 13.2.9 - Authenticated SQLi
The plugin does not escape a parameter, which could allow authenticated users to perform SQL Injection attacks. By default, the affected feature is available to users with the manageoptions capability admin+, however the plugin has a settings to allow low privilege users to access it as well. Log...
Rate my Post – WP Rating System < 3.3.9 - Contributor+ Stored XSS via Shortcode
The plugin does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack. Exploit shortcode: ratemypost-result id='" onmouseover="alert1"'...
Landing Page Builder < 1.4.9.9 - Contributor+ Cross-Site Scripting via Shortcode
The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. 1. Insert the...
Sassy Social Share < 3.3.45 - Contributor+ Stored XSS
The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. Insert the...
Login Logout Menu < 1.4.0 - Contributor+ Stored XSS in Shortcode
The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. Exploit...
EU Cookie Law <= 3.1.6 - Admin+ Stored XSS
The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. 1. Enter the setting page of this plugin. 2. In t...
Easy Appointments < 3.11.2 - Contributor+ Stored XSS in Shortcode
The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. Exploit...
Pardakht Delkhah < 2.9.3 - Unauthenticated Stored XSS
The plugin does not sanitise and escape some parameters, allowing unauthenticated attackers to send a request with XSS payloads, which will be triggered when a high privilege users such as admin visits a page from the plugin. 1. Install and activate WoocCommerce dependency, no configuration...
HashBar – WordPress Notification Bar < 1.3.6 - Contributor+ Stored XSS via Shortcode
The plugin does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack. Exploit shortcode: hashbarbtn btntarget='" onmouseover="alert1"'...
All In One WP Security & Firewall < 5.1.3 - Configuration Leak
The plugin leaked settings of the plugin publicly, including the used email address. Config leak in previous versions: "aiowpsremovewpgeneratormetainfo" filetype:txt https://www.google.com/search?q=%22aiowpsremovewpgeneratormetainfo%22+filetype%3Atxt Search for aiowpsemailaddress...
FluentAuth < 1.0.2 - Bypass blocks by IP Spoofing
The plugin prioritizes getting a visitor's IP address from certain HTTP headers over PHP's REMOTEADDR, which makes it possible to bypass the IP-based blocks set by the plugin. Set HTTPXREALIP, HTTPXFORWARDEDFOR, HTTPCFCONNECTINGIP or HTTPCLIENTIP to spoof the IP address...
Sitemap < 4.4 - Contributor+ Stored XSS
The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. pagelist...
Login as User or Customer < 3.3 - Unauthenticated Privilege Escalation to Admin
The plugin lacks authorization checks to ensure that users are allowed to log in as another one, which could allow unauthenticated attackers to obtain a valid admin session. Run the below command in the developer console of the web browser while being on the blog as an unauthenticated user, then...
Easy Social Feed – Social Photos Gallery – Post Feed – Like Box < 6.4.0 - Contributor+ Stored XSS
The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admin. Exploit...
Mongoose Page Plugin < 1.9.0 - Contributor+ Stored XSS via Shortcode
The plugin does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack. Exploit shortcode: facebook-page-plugin href='test.js' method='sdk' language='" onerror="alert1"'...
Google Analyticator < 6.5.6 - Admin+ PHP Object Injection
The plugin unserializes user input provided via the settings, which could allow high-privilege users such as admin to perform PHP Object Injection when a suitable gadget is present. To simulate a gadget chain, put the following code in the plugin: class Evil public function wakeup : void...
WordPress Simple Shopping Cart < 4.6.2 - Contributor+ Stored XSS via Shortcode
The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. Exploit...
Conditional Payment Methods for WooCommerce <= 1.0 - Admin+ SQLi
The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin|users with a role as low as admin...
Easy Bootstrap Shortcode <= 4.5.4 - Contributor+ Stored XSS
The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. 1. Insert thi...
Store Locator WordPress < 1.4.9 - Contributor+ Stored XSS via Shortcode
The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. Exploit...
Greenshift – animation and page builder blocks < 4.8.9 - Contributor+ Stored XSS via Shortcode
The plugin does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack. Exploit shortcode: wpreusablerender id='2' ajax='true' height='100px;width:100px;background:red;" onmouseover="alert1"'...
Real Cookie Banner < 3.4.10 - Contributor+ Stored XSS
The plugin does not validate and escapes some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as a contributor to perform Stored Cross-Site Scripting attacks against logged-in admins. Exploit shortcode: rcb-consent class='"...
Easy Accordion < 2.2.0 - Contributor+ Stored XSS
The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. Exploit...
MonsterInsights < 8.9.1 - Stored Cross-Site Scripting via Google Analytics
The plugin does not sanitize or escape page titles in the top posts/pages section, allowing an unauthenticated attacker to inject arbitrary web scripts into the titles by spoofing requests to google analytics. 1. Open a WP page with the plugin and Google analytics installed and search for somethi...
User Post Gallery <= 2.19 - Unauthenticated RCE
The plugin does not limit what callback functions can be called by users, making it possible to any visitors to run code on sites running it. Invoke the following curl command to execute the "id" command via PHP's exec function: curl -i...
Welcart e-Commerce < 2.8.9 - Contributor+ Stored XSS via Shortcode
The plugin does not validate and escapes one of its shortcode attributes, which could allow users with a role as low as a contributor to perform a Stored Cross-Site Scripting attack. 1. Add a product item to the plugin. The item name, for example, "first". You will also use this in the shortcode...
Link Library < 7.4.1 - Admin+ Stored XSS
The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. 1. Install the plugin and go to:...
Themify Portfolio Post < 1.2.1 - Contributor+ Stored XSS
The plugin does not validate and escapes some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as a contributor to perform Stored Cross-Site Scripting attacks, which could be used against high privileged users such as admin. Exploit...
WP Spell Check < 9.13 - Ignored Word Deletion via CSRF
The plugin does not have CSRF check in place when deleting ignored words, allowing attacker to make a logged in admin delete them via a CSRF attack Make a logged in admin open https://example.com/wp-admin/admin.php?page=wp-spellcheck-ignore.php&delete=4...
Tickera < 3.5.1.0- Plugin Data Deletion via CSRF
The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged-in admin change them via a CSRF attack. 1. Navigate to Tickera Settings » Delete info 2. Delete info request intercept like that POST...
Show All Comments < 7.0.1 - Reflected XSS
The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against a logged in high privilege users such as admin. Visit the following URL authenticated or not to trigger an alert box:...