14603 matches found
Simple Membership < 4.4.3 - Unauthenticated Stored Self-Based Cross-Site Scripting
Description The Simple Membership plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Display Name' parameter in all versions up to, and including, 4.4.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inje...
WPvivid Backup for MainWP < 0.9.33 - Reflected Cross-Site Scripting
Description The WPvivid Backup for MainWP plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'id' parameter in all versions up to, and including, 0.9.32 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to...
Events Manager < 6.4.7 - Authenticated(Administator+) Stored Cross-Site Scripting via settings
Description The Events Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 6.4.6.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-leve...
Download Media <= 1.4.2 - Missing Authorization via generate_link_for_media
Description The Download Media plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'generatelinkformedia' function in versions up to, and including, 1.4.2. This makes it possible for authenticated attackers, with subscriber-level access and...
Disable Json API, Login Lockdown, XMLRPC, Pingback, Stop User Enumeration Anti Hacker Scan < 4.52 - Missing Authorization to Unauthenticated IP Address Whitelist
Description The Disable Json API, Login Lockdown, XMLRPC, Pingback, Stop User Enumeration Anti Hacker Scan plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the antihackeraddwhitelist function in all versions up to, and including, 4.51...
Conversios < 7.0.8 - Subscriber+ SQL Injection
Description The plugin is vulnerable to SQL Injection via the 'valueData' parameter due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with subscriber-level access and above,...
WP Activity Log < 4.6.2 - Unauthenticated Stored Cross-Site Scripting
Description The WP Activity Log plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the user agent header in versions up to, and including, 4.6.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary...
Heureka < 1.1.0 - Cross-Site Request Forgery
Description The plugin is vulnerable to Cross-Site Request Forgery. This is due to missing or incorrect nonce validation on an unknown function. This makes it possible for unauthenticated attackers to perform an unknown action granted they can trick a site administrator into performing an action...
Play.ht – Make Your Blog Posts Accessible With Text to Speech Audio <= 3.6.4 - Authenticated (Contributor+) PHP Object Injection
Description The Play.ht – Make Your Blog Posts Accessible With Text to Speech Audio plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.6.4 via deserialization of untrusted input from the playpodcastdata post meta. This makes it possible for...
Sassy Social Share < 3.3.57 - Contributor+ Stored XSS
Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
WP Setup Wizard < 1.0.8.2 - Authenticated (Subscriber+) Full Database Download
Description The WP Setup Wizard plugin for WordPress is vulnerable to unauthorized access of datadue to a missing capability check in all versions up to, and including, 1.0.8.1. This makes it possible for authenticated attackers, with subscriber-level access and above, to download the entire...
My Private Site < 3.1.0 - Improper Access Control to Sensitive Information Exposure via REST API
Description The My Private Site plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.0.14 via the REST API. This makes it possible for unauthenticated attackers to bypass the plugin's site privacy feature and view restricted page and post...
Login Lockdown – Protect Login Form < 2.09 - Subscriber+ Options Leak
Description The plugin does not prevent logged-in users of any role e.g. subscribers from leaking its settings, which may include allowlisted IP addresses as well as a global unlock key, with which they could add their own IP address to the plugin's list. PoC As a logged-in subscriber, visit the...
Awesome Support – WordPress HelpDesk & Support Plugin < 6.1.8 - Missing Authorization via editor_html()
Description The Awesome Support – WordPress HelpDesk & Support Plugin plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the editorhtml function in all versions up to, and including, 6.1.7. This makes it possible for authenticated attackers, wit...
CP Polls < 1.0.72 - Unauthenticated Content Injection
Description The Polls CP plugin for WordPress is vulnerable to content injection in all versions up to, and including, 1.0.71. This is due to insufficient validation on poll answers. This makes it possible for unauthenticated attackers to inject arbitrary content...
CP Polls < 1.0.72 - Unauthenticated Poll Limit Bypass
Description The Polls CP plugin for WordPress is vulnerable to Poll Limit Bypass in all versions up to, and including, 1.0.71. This is due to insufficient controls on on the voting system. This makes it possible for unauthenticated attackers to vote multiple times...
WP SMS < 6.5.3 - Reflected Cross-Site Scripting via 'page'
Description The WP SMS plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in versions up to, and including, 6.5.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...
Booking Calendar < 9.9.1 - Unauthenticated SQL Injection
Description The WP Booking Calendar plugin for WordPress is vulnerable to SQL Injection via the 'calendarrequestparamsdatesddmmyycsv' parameter in all versions up to, and including, 9.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing...
TablePress < 2.2.5 - Authenticated(Author+) Server Side Request Forgery(SSRF) via _get_import_files
Description The TablePress – Tables in WordPress made easy plugin for WordPress is vulnerable to Server-Side Request Forgery in versions up to and including 2.2.4 via the 'getimportfiles' function. This makes it possible for authenticated attackers, with author access and above, to make web...
Spiffy Calendar < 4.9.9 - Broken Access Control
Description The plugin doesn't check the eventauthor parameter, and allows any user to alter it when creating an event, leading to deceiving users/admins that a page was created by a Contributor+. PoC Using a Contributor+ account and a proxy interceptor such as Burp Suite, create an event. Change...
Cookie Information < 2.0.23 - Subscriber+ Arbitrary Options Update
Description The plugin is vulnerable to arbitrary option updates due to a missing capability check on its AJAX request handler, allowing any authenticated users, such as subscriber to update arbitrary site options PoC Run the below command in the developer console of the web browser while being o...
Contact Form Entries < 1.3.3 - Admin+ Arbitrary File Upload
Description The plugin is vulnerable to arbitrary file uploads due to insufficient file validation on the 'viewpage' function, allowing authenticated attackers with administrator-level capabilities or above, to upload arbitrary files on the affected site's server which may make remote code...
Form-Maker (twb_form-maker) < 1.15.22 - CSRF to limited RCE
Description The plugin is vulnerable to Cross-Site Request Forgery due to missing or incorrect nonce validation on the 'execute' function. This makes it possible for unauthenticated attackers to execute arbitrary methods in the 'BoosterController' class via a forged request granted they can trick...
10Web AI Assistant – AI content writing assistant < 1.0.19 - Missing Authorization to Arbitrary Plugin Installation
Description The 10Web AI Assistant – AI content writing assistant plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the installplugin AJAX action in all versions up to, and including, 1.0.18. This makes it possible for authenticated...
Paid Memberships Pro < 2.12.8 - Cross-Site Request Forgery
Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...
ChatBot < 5.1.1 - Unauthenticated PHP Object Injection
Description The ChatBot with AI plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 5.1.0 via deserialization of untrusted input via the lastfiveprompt cookies. This makes it possible for unauthenticated attackers to inject a PHP Object. No POP chain i...
WolfNet IDX for WordPress <= 1.19.1 - Admin+ Stored XSS
Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC 1. In the settings of the plugin,...
Import and export users and customers < 1.24.7 - Missing Authorization via fire_cron REST endpoint
Description The plugin is vulnerable to unauthorized modification of data due to an improper capability check on the firecron function in versions up to, and including, 1.24.6. This makes it possible for unauthenticated attackers to trigger the plugin's cron job...
Getwid – Gutenberg Blocks < 2.0.5 - Missing Authorization to Recaptcha API Key Modification
Description The plugin is vulnerable to unauthorized modification of data due to a missing capability check on the recaptchaapikeymanage function in all versions up to, and including, 2.0.3. This makes it possible for authenticated attackers, with subscriber-level access and above, to add, modify...
BA Plus <= 1.0.3 - Reflected Cross-Site Scripting
Description The BA Plus plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via an unknown parameter in versions up to, and including, 1.0.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...
EditorsKit < 1.40.4 - Authenticated (Administrator+) Arbitrary File Upload
Description The EditorsKit plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation on the 'importstyles' function in versions up to, and including, 1.40.3. This makes it possible for authenticated attackers with administrator-level capabilities or above, t...
Barcode Scanner with Inventory & Order Manager < 1.5.2 - Unauthenticated Arbitrary File Upload via uploadFile
Description The Simple Inventory Management – just scan barcode to manage products and orders. For WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'uploadFile' function in all versions up to, and including, 1.5.1. This makes it...
WooCommerce Tranzila Gateway <= 1.0.8 - Unauthenticated PHP Object Injection
Description The Woocommerce Tranzila Payment Gateway plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.0.8 via deserialization of untrusted input. This makes it possible for unauthenticated attackers to inject a PHP Object. No POP chain is present ...
Booster Plus for WooCommerce < 7.1.2 - Missing Authorization to Order Information Disclosure
Description The Booster Plus for WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on an unknown function in all versions up to 7.1.2 exclusive. This makes it possible for authenticated attackers, with susbcriber-level access and above...
EventON (Free < 2.2.8, Premium < 4.5.6) - Unauthenticated Arbitrary Post Metadata Update
Description The plugins do not have authorisation in an AJAX action, and does not ensure that the post to be updated belong to the plugin, allowing unauthenticated users to update arbitrary post metadata. Note: Such issue could lead to Unauthenticated Stored XSS due to the lack of sanitisation in...
ARMember < 4.0.11 - Subscriber+ Privilege Escalation
Description The plugin is vulnerable to privilege escalation due to insufficient input validation, allowing subscriber users and above to escalate their privileges...
Easy Digital Downloads < 3.2.6 - Contributor+ Stored XSS
Description The plugin does not sanitise and escape some parameters, which could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks...
ARI Stream Quiz < 1.3.1 - Authenticated (Contributor+) PHP Object Injection
Description The ARI Stream Quiz – WordPress Quizzes Builder plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.3.0 via deserialization of untrusted input. This makes it possible for authenticated attackers, with contributor access or higher to injec...
Quiz And Survey Master < 8.1.17 - Unauthenticated Unauthorised Action
Description The plugin is vulnerable to unauthorized access, modification or loss of data due to a missing capability check on one of its functions allowing unauthenticated attackers to invoke this function...
RegistrationMagic Plugin < 5.2.4.6 - Authenticated(Administrator+) SQL Injection
Description The RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login plugin for WordPress is vulnerable to SQL Injection via an unknown parameter in all versions up to and including 5.2.4.5 due to insufficient escaping on the user supplied parameter and lack o...
Biteship for WooCommerce < 2.2.25 - Reflected Cross-Site Scripting
Description The plugin does not sanitise and escape the biteshiperror and biteshipmessage parameters before outputting them back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin PoC Make a logged in admin open one of the URLs...
MC4WP < 4.9.10 - Unauthenticated Unpublished Form Preview
Description The plugin is vulnerable to unauthorized access of data due to a missing capability check on the 'listen' function, allowing unauthenticated attackers to preview unpublished forms...
WP Compress < 6.10.34 - Unauthenticated Arbitrary File Read
Description The plugin is vulnerable to Directory Traversal via the css parameter. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive information...
CSS & JavaScript Toolbox < 11.9 - Contributor+ Stored XSS
Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
Slick Social Share Buttons <= 2.4.11 - Authenticated (Subscriber+) Arbitrary Option Update
Description The Slick Social Share Buttons plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'dcssbajaxupdate' function in versions up to, and including, 2.4.11. This makes it possible for authenticated attackers, with subscriber-leve...
Essential Real Estate < 4.4.0 - Subscriber+ Arbitrary File Upload
Description The plugin does not properly validate uploaded files via the ajaxUploadFonts function, allowing any authenticated users, such as subscriber to upload arbitrary files...
Export and Import Users and Customers < 2.4.9 - Shop Manager+ Arbitrary File Upload
Description The plugin does not properly check uploaded files via the uploadimportfile function, allowing users with the Shop Manager role and above to upload arbitrary files...
Advanced Page Visit Counter <= 8.0.6 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The Advanced Page Visit Counter plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 8.0.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and...
BC Menu Bar Cart Icon For WooCommerce By Binary Carpenter <= 1.49.3 - Cross-Site Request Forgery
Description The BC Menu Bar Cart Icon For WooCommerce By Binary Carpenter plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.49.3. This is due to missing or incorrect nonce validation on an unknown function. This makes it possible for...
GDPR Cookie Consent by Supsystic <= 2.1.2 - Authenticated (Administrator+) Stored Cross-Site Scripting
Description The GDPR Cookie Consent by Supsystic plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.1.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...