14602 matches found
MapPress Maps < 2.54.6 - Improper Capability Checks in AJAX Calls
Due to incomplete fixes for CVE-2020-12077, an attacker with subscriber privileges may be able to download, delete and upload arbitrary PHP files, which could result in remote command execution...
WordPress < 5.4.1 - Authenticated Cross-Site Scripting (XSS) in Search Block
Description An authenticated user could customise the class of the search block, leading to Cross-Site Scripting XSS...
Awesome Support < 6.0.0 - Stored XSS via Ticket Title
The lack of sanitisation in the posttitle of a ticket could allow users with the Support Supervisor capability to create tickets containing XSS payloads. The risk is relatively low, as CSRF checks are in place and the affected role is close to an admin one. Using the DISALLOWUNFILTEREDHTML consta...
YIT Plugin Framework <= 3.3.8 - Authenticated Plugin's Settings Change
...
WordPress 5.2.2 - Potential Open Redirect
Description According to the WordPress release notes: "Props to Tim Coen for disclosing an issue where validation and sanitization of a URL could lead to an open redirect. "...
WPS Limit Login <= 1.4.5 - Multiple Issues
Protection Bypass, Stored XSS...
LiveChat <= 3.7.2 - Unauthenticated Option Update/Reset and Stored XSS
The lack of proper CSRF and Authorisation checks could allow an unauthenticated attacker to update or reset the plugin's settings. Furthermore, when updating the livechatemail option, no sanitisation is performed, leading to a Stored XSS issue in the plugin's settings page. CSRF and XSS fixed in...
Form Maker by 10Web < 1.13.3 - Authenticated SQL Injection
The Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder WordPress plugin was affected by an Authenticated SQL Injection security vulnerability...
W3 Total Cache <= 0.9.7.3 - Cross-Site Scripting (XSS)
The W3 Total Cache WordPress plugin was affected by a Cross-Site Scripting XSS security vulnerability. PoC...
Groundhogg < 1.3.5 - Remote Code Execution
The WordPress CRM, Email & Marketing Automation for WordPress | Award Winner — Groundhogg WordPress plugin was affected by a Remote Code Execution security vulnerability...
SG Optimizer <= 5.0.12 - Unauthenticated File Upload
According to the original researchers: "A successful attack on the SiteGround Optimizer would allow bad actors to store backdoors on vulnerable sites."...
WordPress <= 5.0 - Authenticated File Delete
Description According to WordPress: "Karim El Ouerghemmi discovered that authors could alter meta data to delete files that they weren’t authorized to."...
TablePress <= 1.8 - Authenticated XML External Entity (XXE)
The TablePress WordPress plugin was affected by an Authenticated XML External Entity XXE security vulnerability...
WP Live Chat Support < 7.1.03 - XSS
The 3CX Live Chat WordPress plugin was affected by a XSS security vulnerability...
All In One Schema.org Rich Snippets <= 1.4.4 - Authenticated Cross-Site Scripting (XSS)
The Schema – All In One Schema Rich Snippets WordPress plugin was affected by an Authenticated Cross-Site Scripting XSS security vulnerability. PoC http://vulnerablesite.com/wp-admin/admin.php?page=richsnippetdashboardforcesend=truesendlabel=...
WordPress 3.3-4.7.4 - Large File Upload Error XSS
...
Image Gallery with Slideshow <= 1.5.2 - Multiple XSS and SQL Injection
The plugin is still affected and has been closed...
AnyVar 0.1.1 - Stored Cross-Site Scripting (XSS)
The anyvar WordPress plugin was affected by a Stored Cross-Site Scripting XSS security vulnerability...
NextGEN Gallery <= 2.1.56 - Authenticated Local File Inclusion (LFI) & SQLi
The WordPress Gallery Plugin – NextGEN Gallery WordPress plugin was affected by an Authenticated Local File Inclusion LFI & SQLi security vulnerability...
WordPress 4.5.2 - Redirect Bypass
...
WordPress 4.2-4.5.2 - Authenticated Attachment Name Stored XSS
...
WordPress <= 4.3 - User List Table Cross-Site Scripting (XSS)
...
Clean Login < 1.5.1 - Reflected XSS
The Clean Login WordPress plugin was affected by a Reflected XSS security vulnerability...
Count Per Day 3.4 - SQL Injection
The Count per Day WordPress plugin was affected by a SQL Injection security vulnerability...
Easy2Map <= 1.24 - SQL Injection
The Function.php file uses sprintf to format queries being sent to the database, this doesn't provide proper sanitisation of user input or properly parameterises the query. PoC $ sqlmap -u 'http://www.example.com/wp-admin/admin-ajax.php' --data="mapID=11='+or+1%3D%3D1%3B=e2mimgsavemapname"...
Adsense Click Fraud Monitoring <= 1.7.5 - XSS
XSS via the phpwhois https://github.com/phpWhois/phpWhois component, which is also affected by a RCE apparently https://github.com/phpWhois/phpWhois/issues/34. It is unclear whether or not the issue has been fixed in the plugin...
WordPress <= 4.2 - Unauthenticated Stored Cross-Site Scripting (XSS)
...
Simple Ads Manager <= 2.5.94 - Arbitrary File Upload & SQL Injection
The simple-ads-manager WordPress plugin was affected by an Arbitrary File Upload & SQL Injection security vulnerability...
ChurcHope Theme <= 2.1 - Local File Inclusion (LFI)
The vulnerability is caused by improper filtration of user-supplied input passed via the 'file' HTTP GET parameter to the '/lib/downloadlink.php' script, which is publicly accessible. PoC http://www.example.com/wp-content/themes/churchope/lib/downloadlink.php?file=../../../../wp-config.php...
WP-DBManager < 2.7.2 - Authenticated Command Injection
The WP-DBManager WordPress plugin was affected by an Authenticated Command Injection security vulnerability...
wpcb 2.4.8 - facture.php id Parameter Reflected XSS
The wpcb WordPress plugin was affected by a facture.php id Parameter Reflected XSS security vulnerability...
Cart66 Lite - admin.php cart66-products Page Multiple Field Stored XSS
The cart66-lite WordPress plugin was affected by an admin.php cart66-products Page Multiple Field Stored XSS security vulnerability...
seo-spy-google - ofc_upload_image.php Arbitrary File Upload
The seo-spy-google-wordpress-plugin WordPress plugin was affected by an ofcuploadimage.php Arbitrary File Upload security vulnerability...
php-analytics - ofc_upload_image.php Arbitrary File Upload
The php-analytics WordPress plugin was affected by an ofcuploadimage.php Arbitrary File Upload security vulnerability...
jaspreetchahals-coupons-lite <= 2.1 - XSS in ZeroClipboard
The JC Coupon WordPress plugin was affected by a XSS in ZeroClipboard security vulnerability...
geshi-source-colorer <= 0.13 - XSS in ZeroClipboard
The geshi-source-colorer WordPress plugin was affected by a XSS in ZeroClipboard security vulnerability...
Mingle Forum 1.0.33.3 - wpf.class.php Multiple Parameter SQL Injection
The mingle-forum WordPress plugin was affected by a wpf.class.php Multiple Parameter SQL Injection security vulnerability...
WP125 <= 1.4.9 - CSRF
The WP125 WordPress plugin was affected by a CSRF security vulnerability...
WordPress <= 3.3.2 - Cross-Site Scripting (XSS) in wp-includes/default-filters.php
...
WordPress 3.6 - SWF/EXE File Upload Cross-Site Scripting (XSS)
...
WordPress 2.1.2 - Authenticated XMLRPC SQL Injection
...
Wordpress 3.4 - 3.5.1 /wp-admin/users.php Malformed s Parameter Path Disclosure
...
WordPress 2.5 - 3.3.1 XSS in swfupload
...
Divi < 4.25.2 - Contributor+ Stored XSS
Description The theme is vulnerable to Stored Cross-Site Scripting due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesse...
Checkout Field Editor for WooCommerce (Pro) < 3.6.3 - Unauthenticated Arbitrary File Deletion
Description The Checkout Field Editor for WooCommerce Pro plugin for WordPress is vulnerable to arbitrary file deletion in all versions up to, and including, 3.6.2. This is due to the plugin not properly validating a file or it's path prior to deleting it. This makes it possible for unauthenticat...
Slider Revolution < 6.7.11 - Authenticated (Author+) Stored Cross-Site Scripting
Description The Slider Revolution plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 6.7.10 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to...
Praison SEO WordPress <= 4.0.15 - Authenticated (Author+) Stored Cross-Site Scripting
Description The Praison SEO WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 4.0.15 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level access and above, to...
WP-ViperGB < 1.6.2 - Cross-Site Request Forgery
Description The WP-ViperGB plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.6.1. This is due to missing or incorrect nonce validation when saving plugin settings. This makes it possible for unauthenticated attackers to change the plugin's...
Tutor LMS Pro < 2.7.1 - Missing Authorization
Description The Tutor LMS Pro plugin for WordPress is vulnerable to unauthorized access of data, modification of data, loss of data due to a missing capability check on multiple functions in all versions up to, and including, 2.7.0. This makes it possible for unauthenticated attackers to add,...
LearnPress – WordPress LMS Plugin < 4.2.6.6 - Unauthenticated Time-Based SQL Injection
Description The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to time-based SQL Injection via the ‘termid’ parameter in versions up to, and including, 4.2.6.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL...