4359 matches found
Skaut bazar < 1.3.3 - Reflected Cross-Site Scripting
The plugin is vulnerable to Reflected Cross-Site Scripting due to the use of $SERVER'PHPSELF' in the /skaut-bazar.php file which allows attackers to inject arbitrary web scripts https://example.com/wp-admin/options-general.php/"alert/XSS//?page=skatubazaroption...
Moova for WooCommerce < 3.8 - Reflected Cross-Site Scripting
The plugin does not escape the lat parameter of the moovacustomfields AJAA action available to both unauthenticated and authenticated users before outputting it back in the response, leading to a Reflected Cross-Site Scripting issue alert/XSS/" /...
FV Flowplayer Video Player < 7.5.3.727 - Reflected Cross-Site Scripting
The plugin does not escape or validate the playerid parameter before outputting back in the Stats page in the admin dashboard, leading to a Reflected Cross-Site Scripting issue which will be executed in the context of a logged in administrator...
Per Page Add to Head < 1.4.4 - CSRF to Stored XSS
The plugin is lacking any CSRF check when saving its settings, which could allow attackers to make a logged in admin change them. Furthermore, as the plugin allows arbitrary HTML to be inserted in one of the setting feature mentioned by the plugin, this could lead to Stored XSS issue which will b...
Software License Manager < 4.4.8 - Reflected Cross-Site Scripting
The plugin does not sanitise or escape the editrecord parameter before outputting it back in the page in the admin dashboard, leading to a Reflected Cross-Site Scripting issue...
Per Page Add to Head <= 1.4.4 - Authenticated Stored XSS
The plugin does not properly sanitise one of its setting, allowing malicious HTML to be inserted by high privilege users even when the unfilteredhtml capability is disallowed, which could lead to Cross-Site Scripting issues. Note: The plugin is no longer maintained. Put the following payload in t...
Securimage-WP-Fixed <= 3.5.4 - Reflected Cross-Site Scripting (XSS)
The plugin is affected by a Reflected Cross-Site Scripting issue due to the use of $SERVER'PHPSELF' in the /securimage-wp.php file which allows attackers to inject arbitrary web scripts https://example.com/wp-admin/options-general.php/"alert/XSS//script%3E?page=securimage-wp-options%2F...
Quiz And Survey Master < 7.1.14 - Reflected Cross-Site Scripting
The plugin does not sanitise or escape the 's' and paged GET parameter before outputting them in attributes, leading to Reflected Cross-Site Scripting issues https://example.com/wp-admin/admin.php?page=mlwquizlist&s="alert/XSS-s/&paged="alert/XSS-paged/...
AddToAny Share Buttons < 1.7.48 - Admin+ Stored Cross-Site Scripting
The plugin does not escape its Image URL button setting, which could lead allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. Add the following payload in the Universal Button Image URL settings: " onerror=alert/XSS/ " The XSS...
Picture Gallery < 1.4.4 - Authenticated Stored XSS
The plugin does not properly sanitize input on a field found in the plugin's settings page, leading to a stored cross site scripting risk where authenticated users can target other authenticated users. Enter a XSS payload like "alertdocument.location in the "Content URL" field found on the plugin...
Book appointment Online < 1.39 - Authenticated Stored Cross-Site Scripting (XSS)
The plugin does not sanitise or escape Service Prices before outputting it in the List, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. In the admin dashboard navigate to Services Add service and put the followi...
Two Factor Authentication < 1.0.8 - Reflected Cross-Site Scripting
The plugin does not escape the user parameter before outputting it back in an attribute in the dashboard page to confirm the 2FA reset, leading to a Reflected Cross-Site Scripting issue https://example.com/wp-admin/users.php?page=reset&action=resetedit&user="alert/XSS/...
Daily Prayer Time < 2021.08.10 - Authenticated Stored XSS
The plugin does not sanitise or escape some of its settings before outputting them in the page, leading to Authenticated Stored Cross-Site Scripting issues. Put the following payload in the Fajr, Sunrise, Zuhr, Asr, Maghrib and/or Isha field of the Language settings of the plugin...
miniOrange's Google Authenticator < 5.4.40 - Reflected Cross-Site Scripting
The plugin does not escape the user parameter before outputting it back in an attribute in the dashboard page to confirm the 2FA reset, leading to a Reflected Cross-Site Scripting issue https://example.com/wp-admin/users.php?page=reset&action=resetedit&user="alert/XSS/...
Custom Post View Generator <= 0.4.6 - Reflected Cross-Site Scripting
The createpostpage AJAX action of the plugin available to authenticated user does not sanitise or escape user input before outputting it back in the response, leading to a Reflected Cross-Site issue '...
SpeakOut! Email Petitions < 2.13.3 - Reflected Cross-Site Scripting
The plugin does not escape its searchString parameter before outputting it back in an attribute in the admin dashboard, leading to a Reflected Cross-Site Scripting issue https://example.com/wp-admin/admin.php?page=dkspeakoutsignatures&action=search&searchString="alert/XSS/...
AddToAny < 1.7.46 - Authenticated Stored XSS
The plugin does not sanitise its Sharing Header setting when outputting it in frontend pages, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed Put the following payload in the Sharing Header setting of the...
Titan Framework <= 1.12.1 - Reflected Cross-Site Scripting (XSS)
Description The iframe-font-preview.php file of the titan-framework does not properly escape the font-weight and font-family GET parameters before outputting them back in an href attribute, leading to Reflected Cross-Site Scripting issues Edit WPScanTeam: - The original report mentioned the issue...
Keywords & Meta <= 3.0 - CSRF to Stored Cross-Site Scripting (XSS)
The plugin does not sanitise of escape its settings before outputting them back in the page after they are saved, allowing for Cross-Site Scripting issues. Furthermore, it is also lacking any CSRF check, allowing attacker to make a logged in high privilege user save arbitrary setting via a CSRF...
Stop Spammers Security < 2021.18 - Authenticated Stored XSS
The plugin does not escape some of its settings, allowing high privilege users such as admin to set Cross-Site Scripting payloads in them even when the unfilteredhtml capability is disallowed Put the following payload in any of the API field of the Web Services settings: " autofocus...
ProfilePress < 3.1.11 - Unauthenticated Cross-Site Scripting (XSS) in tabbed login/register widget
The plugin's widget for tabbed login/register was not properly escaped and could be used in an XSS attack which could lead to wp-admin access. Further, the plugin in several places assigned $POST as $GET which meant that in some cases this could be replicated with just $GET parameters and no need...
SliceWP < 1.0.46 - Reflected Cross-Site Scripting (XSS)
The plugin does not escape the converted parameter before outputting it back in an attribute in an admin page, leading to a Reflected Cross-Site Scripting issue https://example.com/wp-admin/admin.php?page=slicewp-visits&converted="alert/XSS/...
Form Builder 1.9.8.4 - Reflected Cross-Site Scripting (XSS)
The plugin does not properly sanitise and escape its fromid parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting issue. The formid digits before the payload must be valid: https://example.com/wp-admin/admin.php?page=smuz-forms&formid=1242;alert/XSS/...
WPFront Notification Bar < 2.1.0.08087 - Authenticated Stored XSS
The plugin does not properly sanitise and escape its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. To execute the XSS on all frontend pages and plugin's setting page, add the following payload in the...
Site Reviews < 5.13.1 - Authenticated Stored XSS
The plugin does not sanitise some of its Review Details when adding a review as an admin, which could allow them to perform Cross-Site Scripting attacks when the unfilteredhtml is disallowed As an admin, create a review via the Admin dashboard /wp-admin/post-new.php?posttype=site-review and add t...
WP Fusion Lite < 3.37.31 - Reflected Cross-Site Scripting (XSS)
The plugin does not escape the startdate and enddate parameters before outputting them back in an admin page, leading to a Reflected Cross-Site Scripting issue. This is due to an incorrect fix of CVE-2021-34660 https://wpscan.com/vulnerability/4a4934d6-282d-4e8c-922a-6b1f12884191...
Clean Login 1.12.6.3 - Reflected Cross-Site Scripting
The plugin does not escape the url parameter in its login form page, leading to a Reflected Cross-Site Scripting issue Append the following payload on a page where the clean-login shortcode is embed: ?url="alert/XSS/ Example: https://example.com/clean-login/?url="alert/XSS/...
Tutor LMS < 1.9.6 - Reflected Cross-Site Scripting
The plugin does not escape a page parameter before outputting it back in an student dashboard page, leading to a Reflected Cross-Site Scripting issue alert/XSS/' /...
WordPress Download Manager < 3.2.13 - Email Template Setting Update via CSRF
The plugin did not have CSRF check in place before saving its Email Template setting, allowing attackers to make a logged in admin change them via a CSRF attack...
Form Builder < 1.9.8.4 - Authenticated Stored Cross-Site Scripting
The plugin does not sanitise or escape its Form Title, allowing high privilege users such as admin to set Cross-Site Scripting payload in them, even when the unfilteredhtml capability is disallowed Create a new Form via the plugin, go to Form Settings then add the following payload in the Title...
Block and Stop Bad Bots < 6.60 - Authenticated SQL Injections
The plugin did not validate or escape the order and orderby GET parameter in some of its admin dashboard pages, leading to Authenticated SQL Injections...
WP Simple Booking Calendar <= 2.0.6 (before 07/12/2021) - Authenticated SQL Injection
The plugin did not escape, validate or sanitise the orderby parameter in its Search Calendars action, before using it in a SQL statement, leading to an authenticated SQL injection issue Note WPScanTeam: The issue was fixed without bumping the version, so there are two 2.0.6 versions out there, on...
Paid Member Subscriptions < 2.4.2 - Authenticated SQL Injection
The plugin did not sanitise, validate or escape its order and orderby parameters before using them in SQL statement, leading to Authenticated SQL Injections in the Members and Payments pages. http://www.example.com/wp-admin/admin.php?page=pms-members-page&orderby=userid&order=asc,select from...
WP Fusion Lite < 3.37.30 - Reflected Cross-Site Scripting (XSS)
The plugin is vulnerable to Reflected Cross-Site Scripting via the startdate parameter found in the /includes/admin/logging/class-log-table-list.php file which allows attackers to inject arbitrary web scripts WPScanTeam: The issue was reported as fixed, but the fix was insufficient and a separate...
Welcart e-Commerce < 2.2.8 - Authenticated System Information Disclosure
The uscesdownloadsysteminformation AJAX action of the plugin did not have capability check in place, allowing any authenticated user such as subscriber to can export data including WordPress settings, theme and plugins active/inactive along with their version, Welcart general settings and payment...
Pods < 2.7.29 - Multiple Authenticated Stored Cross-Site Scripting (XSS)
The plugin is vulnerable to an Authenticated Stored Cross-Site Scripting XSS security vulnerability in multiple parameters. 1. Go to /wp-admin/admin.php?page=pods 2. Edit one of the pods 3. Choose "Labels" menu 4. In "Label", "Singular Label", "Add New", or "All" input field, you can inject an XS...
Highlight < 0.9.3 - Authenticated Stored Cross-Site Scripting
The plugin does not sanitise its CustomCSS setting, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed Tick the "Enable Highlight" setting of the plugin, and put the following payload in the CustomCSS setting as well:...
Cookie Notice & Consent Banner for GDPR & CCPA Compliance < 1.7.2 - Authenticated Stored XSS
The plugin does not properly sanitize inputs to prevent injection of arbitrary HTML within the plugin's design customization options. Go to the plugin's Customize Design page and open the "Wizard menu". Now scroll down and you will find an "Info Text" field where you can inject an XSS payload lik...
User Rights Access Manager <= 1.0.5 - Access Restriction Bypass
The plugin does not properly restrict access to pages, allowing admin users with restricted access done by the plugin to still access the related pages. The issue is the same technique than https://blog.nintechnet.com/vulnerabilities-fixed-in-wordpress-controlled-admin-access-plugin/ The PoC will...
WP Mapa Politico Espana < 3.7.0 - Authenticated Stored Cross-Site Scripting
The plugin does not sanitise or escape some of its settings before outputting them in attributes, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml is disallowed Put the following payload in any of the Maps Zona setting fields such as A Coruna:...
Availability Calendar < 1.2.1 - Authenticated SQL Injection
The plugin does not escape the category attribute from its shortcode before using it in a SQL statement, leading to a SQL Injection issue, which can be exploited by any user able to add shortcode to posts/pages, such as contributor+ With an account role as low as contributor, put the following in...
Availability Calendar < 1.2.2 - Authenticated Stored Cross-Site Scripting
The plugin does not sanitise or escape its Category Names before outputting them in page/post where the associated shortcode is embed, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml is disallowed Create a new category via the plugin...
StoryChief < 1.0.31 - Authenticated Stored Cross-Site Scripting (XSS)
The plugin does not sanitise and escape its StoryChief Key setting before outputting it in an attribute, leading to an Authenticated Stored Cross-Site Scripting issue Put the following payload in the StoryChief Key setting and save them: "alert/XSS/...
StoryChief < 1.0.31 - Reflected Cross-Site Scripting (XSS)
The plugin does not sanitise or escape its tab parameter in the Settings page before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting issue https://example.com/wp-admin/options-general.php?page=storychief&tab=%22%3E%3Cscript%3Ealert%28%2FXSS%2F%29%3C%2Fscript%3E...
VDZ Google Analytics or Google Tag Manager / GTM < 1.4.9 - Authenticated Stored XSS
The plugin does not properly sanitise or escape some of its settings, allowing high privilege users such as admin to perform XSS attacks even when the unfilteredhtml capability is disallowed Put the following payloads in the Google Analytics ID settings of the plugin...
WP LMS < 1.1.5 - Unauthenticated Arbitrary User Field Edition/Creation
The plugin is lacking any CSRF and capability checks when creating and editing User Fields, allowing unauthorised edition and creation of them either via CSRF or as any user including unauthenticated v1.1.5 added CSRF but still no capability check POST...
Business Hours Indicator < 2.3.5 - Authenticated Stored XSS
The plugin does not sanitise or escape its 'Now closed message" setting when outputting it in the backend and frontend, leading to an Authenticated Stored Cross-Site Scripting issue Put the following payload in the "Now closed message" setting and save them: alert/XSS/ Then refresh the setting...
Bold Page Builder < 3.1.6 - PHP Object Injection
The btbbgetgrid AJAX action of the plugin passes user input into the unserialize function without any validation or sanitisation, which could lead to a PHP Object Injection. Even though the plugin did not contain a suitable gadget to fully exploit the issue, other installed plugins on the blog...
Email Encoder < 2.1.2 - Reflected Cross Site Scripting
The plugin has an endpoint that requires no authentication and will render a user supplied value in the HTML response without escaping or sanitizing the data. The vulnerable function is nonce protected, the nonce can be found in the site's HTML source by searching for the javascript variable...
Sitewide Notice WP < 2.3 - Authenticated Stored XSS
The plugin does not sanitise some of its settings before outputting them in frontend pages, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed Put the following payload in the Message setting of the plugin: alert/XSS/ The XS...