4359 matches found
Cimy Header Image Rotator <= 6.1.1 - Arbitrary Settings Update via CSRF
The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack document.getElementById"test".submit; input ty...
Clean-Contact <= 1.6 - Arbitrary Settings Update to Stored XSS via CSRF
The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and lead to Stored XSS due to the lack of sanitisation and escaping as well ' document.getElementById"test".submit;...
Social Share Buttons by Supsystic < 2.2.4 - Multiple CSRF
The plugin does not perform CSRF checks in it's ajax endpoints and admin pages, allowing an attacker to trick any logged in user to manipulate or change the plugin settings, as well as create, delete and rename projects and networks. document.getElementById"test".submit;...
Icegram < 2.1.8 - Contributor+ Stored Cross-Site Scripting
The plugin does not sanitize and escape some campaign parameters, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks Create/edit a campaign such as a Black Friday one, check the "Use Opt-in / Subscription / Lead capture form" settings and put...
My Private Site < 3.0.8 - Arbitrary Settings Update via CSRF
The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack document.getElementById"test".submit; document.getElementById"test".submit; sc...
New User Approve < 2.4 - Arbitrary Settings Update & Invitation Code Creation via CSRF
The plugin does not have CSRF check in place when updating its settings and adding invitation codes, which could allow attackers to add invitation codes for bypassing the provided restrictions and to change plugin settings by tricking admin users into visiting specially crafted websites. Add code...
WP Post Styling < 1.3.1 - Multiple CSRF
The plugin does not have CSRF checks in various actions, which could allow attackers to make a logged in admin delete plugin's data, update the settings, add new entries and more via CSRF attacks HTMLFormElement.prototype.submit.call document.getElementById"test" ;...
CURCY < 2.1.18 - Reflected Cross-Site Scripting
The plugin does not escape some generated URLs before outputting them back in attributes, leading to Reflected Cross-Site Scripting https://example.com/wp-admin/admin.php?page=wc-reports&a"alert/XSS/...
Spectra < 1.25.6 - Reflected Cross-Site Scripting
The plugin does not escape some URLs before outputting them back in attributes, leading to Reflected Cross-Site Scripting When the admin notice about Usage Tracking is displayed: https://example.com/wp-admin/index?a"alert/XSS/...
Visualizer < 3.7.7 - Reflected Cross-Site Scripting
The plugin does not escape some URLs before outputting them back in attributes, leading to Reflected Cross-Site Scripting https://example.com/wp-admin/admin-ajax.php?action=visualizer-edit-chart&library=yes&chart=6190&tab=visualizer&a"alert/XSS/...
Video Conferencing with Zoom < 3.9.3 - Reflected Cross-Site Scripting
The plugin does not escape some URLs before outputting them back in attributes, leading to Reflected Cross-Site Scripting https://example.com/wp-admin/edit.php?posttype=zoom-meetings&page=zoom-video-conferencing-settings&a"alert/XSS/...
MailPress <= 7.2.1 - Arbitrary Settings Update & Log Files Purge via CSRF
The plugin does not have CSRF checks in various places, which could allow attackers to make a logged in admin change the settings, purge log files and more via CSRF attacks document.getElementById"test".submit; input type="text" name="connectionsmtppasswo...
Germanized for WooCommerce < 3.9.5 - Reflected Cross-Site Scripting
The plugin does not escape some URLs before outputting them back in attributes, leading to Reflected Cross-Site Scripting https://example.com/wp-admin/admin.php?page=wc-settings&tab=germanized&a"alert/XSS/...
WP Sentry <= 1.0 - Arbitrary Settings Update to Stored XSS via CSRF
The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and lead to Stored Cross-Site Scripting due to the lack of sanitisation and escaping as well ' " document.getElementById"test".submit; "...
Age Gate < 2.20.4 - Reflected Cross-Site Scripting
The plugin does not escape some URLs before outputting them back in attributes, leading to Reflected Cross-Site Scripting With the "Age Gate User Registration" addon installed: https://example.com/wp-admin/admin.php?page=age-gate&a"alert/XSS/ With any addon installed:...
Easy Pricing Tables < 3.2.1 - Reflected Cross-Site-Scripting
The plugin does not sanitise and escape parameter before outputting it back in a page available to any user both authenticated and unauthenticated when a specific setting is enabled, leading to a Reflected Cross-Site Scripting With the "Compatibility Mode"...
Tiny Contact Form <= 0.7 - Arbitrary Settings Update via CSRF
The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack '' document.getElementById"test".submit;...
OpenBook Book Data <= 3.5.2 - Arbitrary Settings Update to Stored XSS via CSRF
The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and lead to Stored Cross-Site Scripting due to the lack of sanitisation and escaping as well " " " " " input type="text" name="action"...
Google XML Sitemaps < 4.1.3 - Admin+ Stored Cross-Site Scripting
The plugin does not sanitise and escape a settings before outputting it in the Debug page, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup Put the following payload in the "Try to...
Very Simple Contact Form < 11.6 - Captcha bypass
The plugin exposes the solution to the captcha in the rendered contact form, both as hidden input fields and as plain text in the page, making it very easy for bots to bypass the captcha check, rendering the page a likely target for spam bots. import requests from requestshtml import HTMLSession...
PDF24 Articles To PDF <= 4.2.2 - Arbitrary Settings Update via CSRF
The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack input t...
PDF24 Article To PDF <= 4.2.2 - Arbitrary Settings Update via CSRF
The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack input t...
Inline Google Maps <= 5.11 - Arbitrary Settings Update to Stored XSS via CSRF
The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack, and lead to Stored Cross-Site Scripting due to the lack of sanitisation and escaping ' document.getElementById"test".submit;...
WP-Email < 2.69.0 - Anti-Spam Protection Bypass via IP Spoofing
The plugin prioritizes getting a visitor's IP from certain HTTP headers over PHP's REMOTEADDR, which makes it possible to bypass IP-based anti-spamming restrictions. Set HTTPCLIENTIP, HTTPXFORWARDEDFOR or any of the other headers used in getipaddress. curl...
CaPa Protect <= 0.5.8.2 - Arbitrary Settings Update via CSRF
The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and disable the applied protection. HTMLFormElement.prototype.submit.call document.getElementById"test" ;...
Print, PDF, Email by PrintFriendly < 5.2.3 - Admin+ Stored Cross-Site Scripting
The plugin does not sanitise and escape the Custom Button Text settings, which could allow high privilege users such as admin to perform cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed In the plugin's settings, tick 'Custom Button' and put the following payload ...
Better Find and Replace < 1.3.6 - Admin+ SQLi
The plugin does not properly sanitise, validate and escape various parameters before using them in an SQL statement, leading to an SQL Injection...
New User Approve < 2.4.1 - Reflected Cross-Site Scripting
The plugin does not escape some URLs before outputting them back in attributes, leading to Reflected Cross-Site Scripting With the Membership settings /wp-admin/options-general.php disabled: https://example.com/wp-admin/index.php?a"alert/XSS/...
WP-Email < 2.69.0 - Log Deletion via CSRF
The plugin does not protect its log deletion functionality with nonce checks, allowing attacker to make a logged in admin delete logs via a CSRF attack document.getElementById"test".submit;...
Events Made Easy < 2.2.81 - Unauthenticated SQLi
The plugin does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection Obtain a valid nonce visit the "Events" page, default is /events/, and extract it from the source while looking for...
Newsletter < 7.4.6 - Admin+ Stored Cross-Site Scripting
The plugin does not escape and sanitise the preheadertext setting, which could allow high privilege users to perform Stored Cross-Site Scripting attacks when the unfilteredhtml is disallowed Go to Newsletters of Newsletter at wordpress admin panel eg...
Coming Soon and Maintenance by Colorlib < 1.0.99 - Admin+ Stored Cross Site Scripting
The plugin does not sanitize and escape some settings, allowing high privilege users such as admin to perform Stored Cross-Site Scripting when unfilteredhtml is disallowed for example in multisite setup Put the following payload in the "Google Analytics" settings of the plugin in the General...
Multi-page Toolkit <= 2.6 - Arbitrary Settings Update to Stored XSS via CSRF
The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and lead to Stored Cross-Site Scripting due to the lack of sanitisation and escaping as well ' input typ...
Amazon Einzeltitellinks <= 1.3.3 - Arbitrary Settings Update to Stored XSS via CSRF
The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and lead to Stored Cross-Site Scripting due to the lack of sanitisation and escaping ' document.getElementById"test".submit;...
Plausible Analytics < 1.2.4 - Subscriber+ Arbitrary Settings Update
The plugin has a flawed logic when checking for authorisation and CSRF before updating its settings, allowing any authenticated users, such as subscriber, to update the plugin's settings. The attack is also possible via CSRF against any authenticated user. POST /wp-admin/admin-ajax.php HTTP/1.1...
Post Grid, Slider & Carousel Ultimate < 1.5.0 - Admin+ Stored XSS
The plugin does not sanitise and escape the Header Title, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. Create a new Grid/Caroussel, in the General Settings, enable "Display Header Title" and put the following...
Seamless Donations < 5.1.9 - Arbitrary Settings Update via CSRF
The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack document.getElementById"test".submit; Some link: https://google.com input type="text" name="dgxdonateemailanon" value="You have requested th...
underConstruction < 1.21 - Admin+ Stored Cross-Site Scripting
The plugin does not sanitise or escape the "Display a custom page using your own HTML" setting before outputting it, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiletredhtml capability is disallowed. In the plugin's settings, active Under Contraction...
Mail Subscribe List < 2.1.4 - Arbitrary Subscribed User Deletion via CSRF
The plugin does not have CSRF check in place when deleting subscribed users, which could allow attackers to make a logged in admin perform such action and delete arbitrary users from the subscribed list document.getElementById"test".submit;...
underConstruction < 1.20 - Construction Mode Deactivation via CSRF
The plugin does not have CSRF check in place when deactivating the construction mode, which could allow attackers to make a logged in admin perform such action via a CSRF attack...
Ocean Extra < 1.9.5 - Reflected Cross-Site Scripting
The plugin does not escape generated links which are then used when the OceanWP theme is active, leading to a Reflected Cross-Site Scripting issue https://example.com/wp-admin/?step=demo&page=owpsetup&a"alert/XSS/...
Rating by BestWebSoft < 1.6 - Rating Denial of Service
The plugin does not validate the submitted rating, allowing submission of long integer, causing a Denial of Service on the post/page when a user submit such rating Under Settings - Discussion, uncheck "Comment must be manually approved" Install and Enable Rating BestWebSoft plugin Change "Enable...
Appointment Hour Booking < 1.3.56 - Admin+ Stored Cross-Site Scripting
The plugin does not sanitise and escape a settings of its Calendar fields, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml is disallowed. Create/edit a calendar, and put the following payload in the "Additional CSS Class" settings of a...
New User Email Set Up <= 0.5.2 - Arbitrary Settings Update via CSRF
The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack document.getElementById"test".submit;...
postTabs <= 2.10.6 - Arbitrary Settings Update via CSRF to Stored XSS
The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack, which also lead to Stored Cross-Site Scripting due to the lack of sanitisation and escaping ' document.getElementById"test".submit;...
Peter’s Collaboration E-mails <= 2.2.0 - Arbitrary Settings Update via CSRF
The plugin is vulnerable to CSRF due to missing nonce checks. This allows the change of its settings, which can be used to lower the required user level, change texts, the used email address and more. input type="text" name="pceemailstosend...
Core Control <= 1.2.1 - Arbitrary Settings Update via CSRF
The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack document.getElementById"test".submit; document.getElementById"test".submit;...
Static Page eXtended <= 2.1 - Arbitrary Settings Update via CSRF to Stored XSS
Due to missing checks the plugin is vulnerable to CSRF attacks which allows changing the plugin settings, including required user levels for specific features. This could also lead to Stored Cross-Site Scripting due to the lack of escaping in some of the settings...
Filr - Secure Document Library < 1.2.2.1 - Subscriber+ AJAX Calls
The plugin does not have authorisation check in two of its AJAX actions, allowing them to be called by any authenticated users, such as subscriber. They are are protected with a nonce, however the nonce is leaked on the dashboard. This could allow them to upload arbitrary HTML files as well as...
WP Admin Style <= 0.1.2 - Admin+ Stored Cross-Site Scripting
The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfilteredhtml capability is disallowed Put the following payload in the CSS settings of the plugin:...