4359 matches found
WP Prayer <= 2.0.9 - Arbitrary Prayer Deletion via CSRF
Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks Make and admin open a URL where is any valid prayer ID: https://example.com/wp-admin/admin.php?page=wpemanageprayer&doaction=delete&prayer...
HL Twitter <= 2014.1.18 - Admin+ Stored XSS via Widget
Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup 1. In the widget area, add the widget...
Ultimate Blocks < 3.1.7 - Contributor+ Stored XSS
Description The plugin does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks As a contributor, put the below code in a...
PostX < 4.0.2 - Contributor+ Stored XSS
Description The plugin does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks 1. Create a new Post and add "Ultimate post...
reCAPTCHA Jetpack <= 0.2.2 - Stored XSS via CSRF
Description The plugin does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged-in admin add Stored XSS payloads via a CSRF attack. This requires Jetpack to be installed and to have a page/post with a Jetpack Contact Form...
VikBooking < 1.6.8 - Broken Access Control
Description The plugin's access control mechanism fails to properly restrict access to its settings, permitting any users that can access a menu to manipulate requests and perform unauthorized actions such as editing, renaming or deleting categories for example despite initial settings prohibitin...
VikBooking < 1.6.8 - Insecure Direct Object References
Description The plugin allows direct access to menus, allowing an authenticated user with subscriber privileges or above, to bypass authorization and access settings of the plugin's they shouldn't be allowed to. https://example.com/wp-admin/admin.php?option=comvikbooking&task=config...
reCAPTCHA Jetpack <= 0.2.2 - Settings Update via CSRF
Description The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack Have an admin open an HTML page containing:...
Add Custom CSS and JS <= 1.20 - Stored XSS via CSRF
Description The plugin does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in as author and above add Stored XSS payloads via a CSRF attack Make an author or above role open the following HTML: alert"frontendjs"' /...
LetterPress <= 1.2.2 - Subscriber Deletion via CSRF
Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks, such as delete arbitrary subscribers Make a logged in admin open an HTML file containing:...
Save as PDF < 3.2.0 - Admin+ Stored XSS
Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup 1. On the "Settings Save as PDF Basic...
Ungallery <= 2.2.4 - Stored XSS via CSRF
Description The plugin does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack Make a logged in admin open an HTML file containing the following: /" alert2' Save Changes...
SSL Zen <= 4.5.3 - Unauthenticated Private Keys Access
Description The plugin only relies on the use of .htaccess to prevent visitors from accessing the site's generated private keys, which allows an attacker to read them if the site runs on a server who doesn't support .htaccess files, like NGINX. Install the plugin on a server that doesn't support...
EasyEvent <= 1.0.0 - Admin+ Stored XSS
Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed 1. Got to https://example.com/wp-admin/options-general.php?page=easyevent 2. In the ID fiel...
MF Gig Calendar <= 1.2.1 - Arbitrary Event Deletion via CSRF
Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in Contributors and above delete arbitrary events via a CSRF attack Make a contributor or higher user open a link where is a valid event:...
Fancy Product Designer < 6.1.81 - Admin+ Cross Site Scripting
Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup 1. Go to:...
MF Gig Calendar <= 1.2.1 - Editor+ Stored XSS
Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as editor to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup 1. Go to "MF Gig Calendar Settings" 2...
Crelly Slider <= 1.4.5 - Admin+ Stored XSS
Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup 1. Go to "Crelly Slider" 2. Add a slid...
LiveJournal Shortcode <= 1.1.1 - Contributor+ Stored XSS via Shortcode
Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks Add this shortcode to a page: lj...
Carousel Slider < 2.2.10 - Editor+ Stored XSS
Description The plugin does not validate and escape some of its Slide options before outputting them back in the page/post where the related Slide shortcode is embed, which could allow users with the Editor role and above to perform Stored Cross-Site Scripting attacks As an Editor, create/edit a...
Responsive Contact Form Builder & Lead Generation Plugin <= 1.8.9 - Admin+ Stored XSS
Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup To replicate this vulnerability, follo...
Gutenverse < 1.9.1 - Contributor+ Stored XSS
Description The plugin does not validate the htmlTag option in various of its block before outputting it back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks As a contributor, put the below code in...
Side Menu Lite < 4.2.1 - Menu Deletion via CSRF
Description The plugin does not have CSRF checks in some bulk actions, which could allow attackers to make logged in admins perform unwanted actions, such as deleting buttons via CSRF attacks Make a logged in admin open an HTML file where ID is a valid ID: action...
Popup Box < 2.2.7 - Popup Deletion via CSRF
Description The plugin does not have CSRF checks in some bulk actions, which could allow attackers to make logged in admins perform unwanted actions, such as deleting popups via CSRF attacks Make a logged in admin open an HTML file where ID is a valid ID: action...
Wow Skype Buttons < 4.0.4 - Button Deletion via CSRF
Description The plugin does not have CSRF checks in some bulk actions, which could allow attackers to make logged in admins perform unwanted actions, such as deleting buttons via CSRF attacks As an admin open HTML file containing: action...
Float menu < 6.0.1 - Menu Deletion via CSRF
Description The plugin does not have CSRF check in its bulk actions, which could allow attackers to make logged in admin delete arbitrary menu via a CSRF attack. Make a logged in admin open one a page with the code below, this will make them delete the menu with ID 1:...
Modal Window < 5.3.10 - Modal Deletion via CSRF
Description The plugin does not have CSRF check in place when bulk deleting modals, which could allow attackers to make a logged in admin delete them via a CSRF attack Have a logged in admin open an HTML file containing where ID is an existing modal: action...
Button Generator < 3.0 - Button Deletion via CSRF
Description The plugin does not have CSRF check in place when bulk deleting, which could allow attackers to make a logged in admin delete buttons via a CSRF attack Make a logged in admin open an HTML file containing: action...
Sticky Buttons < 3.2.4 - Button Deletion via CSRF
Description The plugin does not have CSRF checks in some bulk actions, which could allow attackers to make logged in admins perform unwanted actions, such as deleting buttons via CSRF attacks Make a logged in admin open an HTML file where ID is a valid ID: action...
Counter Box < 1.2.4 - Counter Deletion via CSRF
Description The plugin does not have CSRF checks in some bulk actions, which could allow attackers to make logged in admins perform unwanted actions, such deleting counters via CSRF attacks Make a logged in admin open an HTML file where ID is a valid ID: action...
Herd Effects < 5.2.7 - Effect Deletion via CSRF
Description The plugin does not have CSRF checks in some bulk actions, which could allow attackers to make logged in admins perform unwanted actions, such as deleting effects via CSRF attacks Make a logged in admin open an HTML file where ID is a valid ID: action...
WordPress Geo Controller < 8.6.5 - PHP Object Injection
Description The plugin unserializes user input via some of its AJAX actions and REST API routes, which could allow unauthenticated users to perform PHP Object Injection when a suitable gadget is present on the blog...
WP < 6.5.2 - Unauthenticated Stored XSS
Description WordPress does not escape the Author name of its Avatar block when some settings are enabled, leading to Stored Cross-Site Scripting. In a default setup, contributor and above users could perform such attack. However, if the blog is using the mentioned settings in the comment template...
GamiPress < 6.8.9 - Broken Access Control
Description The plugin's access control mechanism fails to properly restrict access to its settings, permitting Authors to manipulate requests and extend access to lower privileged users, like Subscribers, despite initial settings prohibiting such access. This vulnerability resembles broken acces...
Smart Forms < 2.6.96 - Admin+ Stored XSS
Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup 1. Add a new form or edit an existing...
Sassy Social Share < 3.3.61 - Contributor+ Stored XSS
Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks As a contributor, put the below...
Call Now Button < 1.4.7 - Admin+ Stored XSS
Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. 1. Navigate to All Buttons, and add a...
Bannerlid <= 1.1.0 - Reflected XSS
Description The plugin does not escape generated URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as administrators Have an admin open URLs: -...
Salon booking system < 9.6.6 - Editor+ Stored XSS
Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as Editor to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup 1. Go to "Salon Services Add New...
Fancy Product Designer < 6.1.8 - Reflected Cross Site Scripting
Description The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against unauthenticated and admin-level users Note: This requires WooCommerce to be installed. 1. Go to "Fancy Product Designer...
Salon booking system < 9.6.6 - Settings Update via CSRF
Description The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack Make an admin open a page containing the code: input type="submit" valu...
ENL Newsletter <= 1.0.1 - Stored XSS via CSRF
Description The plugin does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack Make an admin open an HTML file containing: Name: alert1' / alert2' /...
MM-email2image <= 0.2.5 - Stored XSS via CSRF
Description The plugin does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack Make a logged in admin open a file containing the HTML: alert2' /...
Shortcodes Ultimate < 7.1.0 - Contributor+ Stored XSS
Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks As a contributor, put the...
MM-email2image <= 0.2.5 - Contributor+ Stored XSS
Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks Add the following payload to a...
Salon booking system < 9.6.6 - Editor+ Stored XSS via Email Settings
Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin or editor depending on plugin configuration to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite...
ENL Newsletter <= 1.0.1 - Admin+ SQL Injection
Description The plugin does not sanitize and escape a parameter before using it in a SQL statement, allowing admin+ to perform SQL injection attacks As an admin open a link like:...
WP Google Review Slider < 13.6 - Admin+ Stored XSS
Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup 1. Go to "WP Google Reviews Templates"...
ENL Newsletter <= 1.0.1 - Campaign Deletion via CSRF
Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in admins delete arbitrary Campaigns via a CSRF attack Make an admin open a URL like where is a valid ID: http://example.com/wp-admin/admin.php?page=enl-campaigns&action=campaign-delete&id=...
WP Chat App < 3.6.4 - Admin+ Stored XSS
Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admins to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed 1. Navigate to http://vulnerable-site.tld/wp-admin/admin.php?page=ntawhatsappfloatingwidge...