4359 matches found
WooCommerce - Product Importer <= 1.5.2 - Reflected Cross-Site Scripting
The plugin does not sanitise and escape the imported data before outputting it back in the page, leading to a Reflected Cross-Site Scripting POST /wp-admin/admin.php?page=woopi&tab=import HTTP/1.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8...
Ninja Forms < 3.6.11 - Unauthenticated PHP Object Injection
The plugin does not validate merge tags provided in the request, which could allow unauthenticated attackers to call any static method present in the blog. One from the plugin in particular could allow for PHP Object Injection when a suitable gadget is also present on the blog. Attackers have bee...
Sharebar <= 1.4.1 - Arbitrary Settings Update to Stored XSS via CSRF
The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and also lead to Stored Cross-Site Scripting issue due to the lack of sanitisation and escaping in some of them test1" test2"...
Core Plugin for Kitestudio Themes < 2.3.1 - Reflected Cross-Site-Scripting
The plugin does not sanitise and escape some parameters before outputting them back in a response of an AJAX action, available to both unauthenticated and authenticated users when a premium theme from the vendor is active, leading to a Reflected Cross-Site Scripting. Install and active the...
eaSYNC < 1.1.16 - Unauthenticated Arbitrary File Upload
The plugin suffers from insufficient input validation which leads to arbitrary file upload and subsequently to remote code execution. An AJAX action accessible to unauthenticated users is affected by this issue. An allowlist of valid file extensions is defined but is not used during the validatio...
Photo Gallery by Supsystic < 1.15.6 - Arbitrary Settings Update via CSRF
The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...
Pagebar < 2.70 - Arbitrary Settings Update via CSRF to Stored XSS
The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack. Furthermore, due to the lack of sanitisation in some of them, it could also lead to Stored XSS issues ' input type="text" name="postaftloop...
Easy Testimonials < 3.9 - Reflected Cross-Site Scripting
The plugin, when used along the Pro version, does not escape an URL before outputting it back in an attribute, leading to Reflected Cross-Site Scripting With the pro version installed and when consent hasn't been given yet:...
Clearfy Cache < 2.0.5 - Reflected Cross-Site Scripting
The plugin does not escape some generated URLs before outputting them back in attributes, leading to Reflected Cross-Site Scripting When Disable assets manager on back-end" is off: https://example.com/wp-admin/admin.php?page=gonzales-wbcrclearfy&action=index&wbcrassetsmanager=1&a"alert/XSS/...
ShortPixel Image Optimizer < 4.22.10 - Reflected Cross-Site Scripting
The plugin does not escape a generated URLs before outputting them back in an attribute, leading to Reflected Cross-Site Scripting https://example.com/wp-admin/options-general.php?page=wp-shortpixel-settings&"alert/XSS/...
404 to 301 < 3.1.2 - Reflected Cross-Site Scripting
Description The plugin does not escape some URLs before outputting them back in attributes, leading to Reflected Cross-Site Scripting https://example.com/wp-admin/admin.php?page=jj4t3-logs&a"alert/XSS/...
Modula Image Gallery < 2.6.7 - Reflected Cross-Site Scripting
The plugin does not escape some URLs before outputting them back in attributes, leading to Reflected Cross-Site Scripting https://example.com/wp-admin/edit.php?posttype=modula-gallery&page=modula-addons&a"alert/XSS/ Other URLs are affected...
WooCommerce Menu Cart < 2.12.0 - Reflected Cross-Site Scripting
The plugin does not escape some URLs before outputting them back in attributes, leading to Reflected Cross-Site Scripting When there is no shop active yet: https://example.com/wp-admin/index.php?a"alert/XSS/...
Woody Code Snippets < 2.4.6 - Reflected Cross-Site Scripting
The plugin does not escape a generated URLs before outputting them back in an attribute, leading to Reflected Cross-Site Scripting https://example.com/wp-admin/edit.php?posttype=wbcr-snippets&page=import-wbcrinsertphp&a"alert/XSS/...
WooCommerce PDF Invoices & Packing Slips < 2.15.0 - Reflected Cross-Site Scripting
The plugin does not escape some URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting https://example.com/wp-admin/admin.php?page=wpowcpdfoptionspage&tab=documents§ion=invoice&"alert/XSS/...
Checkout Fields Manager for WooCommerce < 5.5.7 - Reflected Cross-Site Scripting
The plugin does not escape some URLs before outputting them back in attributes, leading to Reflected Cross-Site Scripting https://example.com/wp-admin/admin.php?page=wc-settings&tab=wooccm§ion=advanced&"--alert/XSS/...
WordPress Real Cookie Banner < 2.18.2 - Reflected Cross-Site Scripting
The plugin does not escape some URLs before outputting them back in attributes, leading to Reflected Cross-Site Scripting When there is the notice about the updated template: https://example.com/wp-admin/index.php?a"alert/XSS/...
WP All Export < 1.3.6 - Reflected Cross-Site Scripting
The plugin does not escape some URLs before outputting them back in attributes, leading to Reflected Cross-Site Scripting https;?/example.com/wp-admin/admin.php?page=pmxe-admin-manage&a"alert/XSS/...
Gravity PDF < 6.3.1 - Reflected Cross-Site Scripting
The plugin does not escape some URLs before outputting them back in attributes, leading to Reflected Cross-Site Scripting https://example.com/wp-admin/admin.php?page=gfeditforms&view=settings&subview=pdf&id=1&a'alert/XSS/...
WP Contact Slider < 2.4.7 - Editor+ Stored Cross-Site Scripting
The plugin does not sanitize and escape the Text to Display settings of sliders, which could allow high privileged users such as editor and above to perform Cross-Site Scripting attacks even when the unfilteredhtml is disallowed Create/edit a Slider, select the "text or HTML" for the " What would...
Elementor < 3.5.6 - DOM Reflected Cross-Site Scripting
The plugin does not sanitise and escape user input appended to the DOM via malicious Lightbox settings, resulting in a DOM Cross-Site Scripting issue...
Gallery < 2.0.0 - Reflected Cross-Site Scripting
The plugin does not sanitise and escape a parameter before outputting it back in the response of an AJAX action available to both unauthenticated and authenticated users, leading to a Reflected Cross-Site Scripting issue...
Ninja Forms < 3.6.10 - Admin+ Stored Cross-Site Scripting
The plugin does not sanitise and escape field labels, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. As admin, put the following payload in a field label: The XSS will be triggered when editing the form, as well as in...
Ninja Forms < 3.6.10 - Admin+ Stored Cross-Site Scripting via Import
The plugin does not sanitize and escape some imported data, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. - Make a test form and then export it to your system. - Edit the file and enter an XSS payload like "img src=x...
WordPress Security < 4.2.1 - Admin+ Stored Cross-Site Scripting
The plugin does not sanitise and escape some of its settings, leading to malicious users with administrator privileges to store malicious Javascript code leading to Cross-Site Scripting attacks when unfilteredhtml is disallowed for example in multisite setup Put the following payload in the...
miniOrange's Google Authenticator < 5.5.6 - Admin+ Stored Cross-Site Scripting
The plugin does not sanitise and escape some of its settings, leading to malicious users with administrator privileges to store malicious Javascript code leading to Cross-Site Scripting attacks when unfilteredhtml is disallowed for example in multisite setup Enable 2FA + Website Security and put...
Limit Login Attempts < 4.0.72 - Admin+ Stored Cross-Site Scripting
The plugin does not sanitise and escape some of its settings, leading to malicious users with administrator privileges to store malicious Javascript code leading to Cross-Site Scripting attacks when unfilteredhtml is disallowed for example in multisite setup Put the following payload in the...
Google Authenticator < 1.0.8 - Admin+ Stored Cross-Site Scripting
The plugin does not escape its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfilteredhtml is disallowed Put the following payload in the Account Name settings and click on the 'Change App name' button: " autofocus onfocus=alert/XSS//...
miniOrange Google Authenticator < 1.0.5 - CSRF to Stored Cross-Site Scripting
The plugin does not have CSRF check when saving its settings, and does not sanitise as well as escape them, allowing attackers to make a logged in admin change them and perform Cross-Site Scripting attacks v ' / v...
NextCellent Gallery <= 1.9.35 - Admin+ Stored XSS
The plugin does not sanitise and escape some of its image settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfilteredhtml capability is disallowed for example in multisite setup Create/edit a gallery with at least one image, pu...
Nested Pages < 3.1.21 - Admin+ Stored Cross Site Scripting
The plugin does not escape and sanitize the some of its settings, which could allow high privilege users to perform Stored Cross-Site Scripting attacks when the unfilteredhtml is disallowed Put the following payload on the "Menu Name" settings of the plugin: "onmouseover=alert"XSS"//...
Login using WordPress Users < 1.13.4 - Admin+ Stored Cross-Site Scripting
The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfilteredhtml capability is disallowed for example in multisite setup Put the following payload in the "IDP Metadata" "IdP...
Site Offline or Coming Soon <= 1.6.6 - Stored Cross-Site Scripting via CSRF
The plugin does not have CSRF check in place when updating its settings, and it also lacking sanitisation as well as escaping in some of them. As a result, attackers could make a logged in admin change them and put Cross-Site Scripting payloads in them via a CSRF attack "...
Qubely < 1.8.1 - Authenticated Arbitrary Settings Update
The plugin does not have proper authorisation when saving its settings, allowing users with a role as low as subscriber in versions 1.7.9 or contributor in v 1.8.1 to update them As a subscriber Nonce can be taken from the qubelylocalscript-js-extra script on the homepage...
miniOrange's Malware Scanner < 4.5.2 - Admin+ Stored Cross-Site Scripting
The plugin does not sanitise and escape some of its settings, leading to malicious users with administrator privileges to store malicious Javascript code leading to Cross-Site Scripting attacks when unfilteredhtml is disallowed for example in multisite setup Put the following payload in the...
XCloner < 4.3.6 - Plugin Settings Reset
The plugin does not have authorisation and CSRF checks when resetting its settings, allowing unauthenticated attackers to reset them, including generating a new backup encryption key. v4.3.5 added capability check, but CSRF one still missing. v...
Form - Contact Form <= 1.2.4 - Admin+ Stored Cross-Site Scripting
The plugin does not sanitize and escape Custom text fields, which could allow high-privileged users such as admin to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed Create/edit a form, add a Custom Text field, put the following payload in it: alert/XSS/, save the field...
Image Gallery - Grid Gallery < 1.1.6 - Admin+ Stored Cross-Site Scripting
The plugin does not sanitize and escape some of its Image fields, which could allow high-privileged users such as admin to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed Create a gallery with the "Gallery Theme" set to "Gallery Image 2", add an image and put the...
HTML2WP <= 1.0.0 - Subscriber+ Arbitrary File Deletion
The plugin does not have authorisation and CSRF checks in an AJAX action, available to any authenticated users such as subscriber, which could allow them to delete arbitrary file To delete the license.txt at the root of the blog: await...
WP Ultimate CSV Importer < 6.5.3 - Admin+ Blind SSRF
The plugin does not fully validate the file to be imported via an URL before making an HTTP request to it, which could allow high privilege users such as admin to perform Blind SSRF attacks Put an internal/LAN URL such as below in the file upload by URL function https://127.0.0.1:8080...
Co-Authors-Plus 3.5/3.5.1 - Guest Authors Email Address Disclosure
The plugin introduced an information disclosure vulnerability specifically, the e-mails of guest authors via a public REST endpoint accessible without any authentication https://example.com/wp-json/wp/v2/coauthors...
HTML2WP <= 1.0.0 - Arbitrary Settings Update via CSRF
The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them input type=...
Mihdan: No External Links < 5.0.2 - Admin+ Stored Cross-Site Scripting
The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup Put the following payload in any of the text field...
Browser and Operating System Finder <= 1.2 - Unauthenticated Settings Reset
The plugin does not have authorisation and CSRF check when resetting its settings, allowing unauthenticated users to reset them https://example.com/?type=reset-all...
Flower Delivery by Florist One <= 3.5.15 - Admin+ Stored Cross-Site Scripting
The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfilteredhtml capability is disallowed for example in multisite setups As admin, go to the plugin's settings, create a new...
Dokan < 3.6.4 - Vendor Stored Cross-Site Scripting
The plugin allows vendors to inject arbitrary javascript in product reviews, which may allow them to run stored XSS attacks against other users like site administrators. As a vendor, add a review in any products with following payload: https://youtu.be/gGUNSG5s5JU...
HTML2WP <= 1.0.0 - Unauthenticated Arbitrary File Upload
The plugin does not have authorisation and CSRF checks when importing files, and does not validate them, as a result, unauthenticated attackers can upload arbitrary files such as PHP on the remote server await fetch"https://example.com/wp-admin/admin.php?page=html2wp-settings", "headers":...
Ultimate WooCommerce CSV Importer <= 2.0 - Reflected Cross-Site Scripting
The plugin does not sanitise and escape the imported data before outputting it back in the page, leading to a Reflected Cross-Site Scripting POST /wp-admin/admin.php?page=simple-woocommerce-csv-loader%2Fadmin%2FCSVLoader.php HTTP/1.1 Accept:...
Add Post URL <= 2.1.0 - Arbitrary Settings Update to Stored XSS via CSRF
The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and lead to Stored Cross-Site Scripting due to the lack of sanitisation and escaping " document.getElementById"test".submit; XSS will be...
Easy SVG Support < 3.3.0 - Author+ Stored Cross Site Scripting via SVG
The plugin does not sanitise uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads As an author or above, upload the below SVG file via the Media library: alert/XSS/; The XSS will be triggered when accessing the file directly, e...