14602 matches found
Wechat Broadcast <= 1.2.0 - Local/Remote File Inclusion
This bug was found in the file: /wechat-broadcast/wechat/Image.php echo filegetcontentsisset$GET"url" ? $GET"url" : ''; The parameter "url" it is not sanitized allowing include local or remote files To exploit the vulnerability only is needed use the version 1.0 of the HTTP protocol to interact...
Ninja Forms < 3.3.9 - Insufficient Restrictions during Export Personal Data requests
The Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress WordPress plugin was affected by an Insufficient Restrictions during Export Personal Data requests security vulnerability...
Simple Membership < 3.5.7 - XSS
The Simple Membership WordPress plugin was affected by a XSS security vulnerability...
Mailchimp For WP < 4.1.8 - XSS
The MC4WP: Mailchimp for WordPress WordPress plugin was affected by a XSS security vulnerability...
WordPress 4.2-4.7.2 - Press This CSRF DoS
...
Nelio Ab Testing < 4.5.11 - SSRF
The Nelio AB Testing WordPress plugin was affected by a SSRF security vulnerability...
Icegram <= 1.9.18 - Cross-Site Request Forgery (CSRF) & XSS
The Popups, Welcome Bar, Optins and Lead Generation Plugin – Icegram WordPress plugin was affected by a Cross-Site Request Forgery CSRF & XSS security vulnerability...
WordPress <= 4.5.1 - Pupload Same Origin Method Execution (SOME)
Description Affects 'wp-includes/js/plupload/plupload.flash.swf'...
Ninja Forms 2.9.36 to 2.9.42 - Multiple Vulnerabilities
The Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress WordPress plugin was affected by a Multiple Vulnerabilities security vulnerability...
Admin Font Editor <= 1.8 - Unauthenticated Reflected Cross-Site Scripting (XSS)
The admin-font-editor WordPress plugin was affected by an Unauthenticated Reflected Cross-Site Scripting XSS security vulnerability. PoC http://www.example.com/wp-content/plugins/admin-font-editor/css.php?size=""...
WP-Invoice <= 4.1.0 - Multiple Vulnerabilities
WP-Invoice plugin = 4.1.0 contains multiple security vulnerabilities that include information disclosure, unauthorised updating of meta data, and privilege escalation...
WordPress 3.7-4.4 - Authenticated Cross-Site Scripting (XSS)
PoC http://www.example.com/wp-admin/customize.php?theme= source: https://twitter.com/brutelogic/status/685105483397619713...
Captain Slider 1.0.6 - Cross-Site Scripting (XSS)
The captain-slider WordPress plugin was affected by a Cross-Site Scripting XSS security vulnerability...
Nextend Facebook Connect <= 1.5.4 - Reflected Cross-Site Scripting (XSS)
The Nextend Social Login and Register WordPress plugin was affected by a Reflected Cross-Site Scripting XSS security vulnerability...
Slideshow 2.2.8-2.2.21 - Option Value Disclosure
The SlideshowPluginSlideshowStylesheet::loadStylesheetByAJAX function, accessible by unauthenticated users as an AJAX action, can be abused to force the disclosure of arbitrary Wordpress option values...
Backupbuddy - importbuddy.php step Parameter Remote PHP Information Disclosure
The backupbuddy WordPress plugin was affected by an importbuddy.php step Parameter Remote PHP Information Disclosure security vulnerability...
Huge IT Slider <= 2.6.8 - SQL Injection
The slider-image WordPress plugin was affected by a SQL Injection security vulnerability...
Photo Gallery <= 1.2.5 - Unrestricted File Upload
The Photo Gallery by 10Web – Mobile-Friendly Image Gallery WordPress plugin was affected by an Unrestricted File Upload security vulnerability...
Simple Sticky Footer < 1.3.3 - Multiple CSRF
The Simple Sticky Footer WordPress plugin was affected by a Multiple CSRF security vulnerability...
VideoWhisper Video Presentation 3.25 - vp/c_login.php room_name Parameter Reflected XSS
The VideoWhisper Video Presentation WordPress plugin was affected by a vp/clogin.php roomname Parameter Reflected XSS security vulnerability...
WordPress 3.4.2 - 3.9.2 Does Not Invalidate Sessions Upon Logout
...
WordPress 3.9 & 3.9.1 Unlikely Code Execution
...
LightSpeed - Valums Uploader Shell Upload Exploit
The lightspeed WordPress theme was affected by a Valums Uploader Shell Upload Exploit security vulnerability...
GTranslate 1.0.12 - gtranslate.php Widget Code Editing CSRF
The Translate WordPress with GTranslate WordPress plugin was affected by a gtranslate.php Widget Code Editing CSRF security vulnerability...
JS MultiHotel 2.2.1 - refreshDate.php roomid Parameter Reflected XSS
The js-multihotel WordPress plugin was affected by a refreshDate.php roomid Parameter Reflected XSS security vulnerability...
SexyBookmarks - Setting Manipulation CSRF
The sexybookmarks WordPress plugin was affected by a Setting Manipulation CSRF security vulnerability...
Dropdown Menu Widget 1.9.1 - Script Insertion CSRF
The Dropdown Menu Widget WordPress plugin was affected by a Script Insertion CSRF security vulnerability...
wppygments <= 0.3.2 - XSS in ZeroClipboard
The wppygments WordPress plugin was affected by a XSS in ZeroClipboard security vulnerability...
GD Star Rating 1.9.22 - SQL Injection
The gd-star-rating WordPress plugin was affected by a SQL Injection security vulnerability...
NextGEN Gallery 1.9.12 - Arbitrary File Upload
The WordPress Gallery Plugin – NextGEN Gallery WordPress plugin was affected by an Arbitrary File Upload security vulnerability...
WP Forum Server 1.6.5 - feed.php topic Parameter SQL Injection
The WP Forum Server WordPress plugin was affected by a feed.php topic Parameter SQL Injection security vulnerability...
WP Symposium 13.04 - Unvalidated Redirect
The wp-symposium WordPress plugin was affected by an Unvalidated Redirect security vulnerability...
Wordfence 3.8.6 - lib/IPTraf.php User-Agent Header Stored XSS
The Wordfence Security – Firewall & Malware Scan WordPress plugin was affected by a lib/IPTraf.php User-Agent Header Stored XSS security vulnerability...
Oberliga - team.php team Parameter SQL Injection
The oberligatheme WordPress theme was affected by a team.php team Parameter SQL Injection security vulnerability...
VideoWhisper Live Streaming Integration 4.29.6 - videowhisper_streaming.php Multiple Parameter XSS
The Broadcast Live Video – Live Streaming : HTML5, WebRTC, HLS, RTSP, RTMP WordPress plugin was affected by a videowhisperstreaming.php Multiple Parameter XSS security vulnerability...
st_newsletter - (stnl_iframe.php) SQL Injection
The stnewsletter WordPress plugin was affected by a stnliframe.php SQL Injection security vulnerability...
WordPress 3.5.2 - SWFUpload Content Spoofing
...
Cforms <= 13.1 - 'lib_ajax.php' Cross-Site Scripting (XSS)
The cforms plugin has a XSS vulnerability in file libajax.php with rs and rsargs parameters. It is fixed in version 13.2. The cforms2 fork was forked at 14.6, so it is not affected...
WP Cumulus < 1.22 - XSS
The wp-cumulus WordPress plugin was affected by a XSS security vulnerability...
Tubepress < 1.6.5 - XSS
The TubePress WordPress plugin was affected by a XSS security vulnerability...
HTML5 Video Player < 2.5.27 - Unauthenticated SQLi
Description The plugin does not sanitize and escape a parameter from a REST route before using it in a SQL statement, allowing unauthenticated users to perform SQL injection attacks PoC % time curl "https://example.com/?restroute=/h5vp/v1/video/1=1'+OR+SELECT+1+FROM+SELECTSLEEP5xyz--+-"...
LuckyWP Table of Contents <= 2.1.4 - Authenticated(Administrator+) Cross-Site Scripting
Description The LuckyWP Table of Contents plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘Header Title' field in all versions up to and including 2.1.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
Startklar Elementor Addons < 1.7.14 - Unauthenticated Arbitrary File Upload
Description The Startklar Elementor Addons plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'process' function in the 'startklarDropZoneUploadProcess' class in versions up to, and including, 1.7.13. This makes it possible for...
Pricing Table by Supsystic < 1.9.13 - Admin+ Content Injection
Description The Pricing Table by Supsystic plugin for WordPress is vulnerable to content injection in all versions up to, and including, 1.9.12. This makes it possible for authenticated attackers, with admin-level access and above, to inject arbitrary content. This is not a security issue by...
Crelly Slider <= 1.4.5 - Authenticated (Subscriber+) Insecure Direct Object Reference
Description The Crelly Slider plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.4.5 due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with subscriber-level access and above, to perfo...
Payment Gateway Based Fees and Discounts for WooCommerce < 2.12.2 - Cross-Site Request Forgery to Notice Dismissal
Description The Payment Gateway Based Fees and Discounts for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.12.1. This is due to missing or incorrect nonce validation on the dismissnotice function. This makes it possible for...
Import Content in WordPress & WooCommerce with Excel < 4.3 - Reflected Cross-Site Scripting
Description The Import Content in WordPress & WooCommerce with Excel plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 4.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to...
Ivory Search – WordPress Search Plugin < 5.5.6 - Subscriber+ Index Creation
Description The plugin is vulnerable to unauthorized modification of data due to a missing capability check on the ajaxcreateindex function in all versions up to, and including, 5.5.5. This makes it possible for authenticated attackers, with subscriber-level access and above, to trigger index...
Ultimate Maps by Supsystic < 1.2.17 - Cross-Site Request Forgery
Description The Ultimate Maps by Supsystic plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.16. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to perform an unauthorized...
Rehub < 19.6.2 - Unauthenticated Local File Inclusion
Description The Rehub theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 19.6.1. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can ...