14603 matches found
BrainCert – HTML5 Virtual Classroom <= 2.0 - Reflected Cross-Site Scripting
Description The BrainCert – HTML5 Virtual Classroom plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 2.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...
WP Cleanfix < 5.7.0 - Subscriber+ Post/Comment/Post Meta Content Replacement
Description The plugin is vulnerable to unauthorized access of data and modification of data due to a missing capability check on the register function, allowing authenticated attackers, with subscriber-level access and above, to find and replace post, comment, and postmeta content as well as...
Grab & Save <= 1.0.4 - Cross-Site Request Forgery
Description The Grab & Save plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.4. This is due to missing or incorrect nonce validation on the mediaprocess function. This makes it possible for unauthenticated attackers to upload images via a forg...
WP Shortcodes Plugin — Shortcodes Ultimate < 7.0.0 - Insecure Direct Object Reference to Information Disclosure
Description The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.13.3 via the sumeta shortcode due to missing validation on the user controlled keys 'key' and 'postid'. This makes it possible...
Preloader for Website < 1.3 - Missing Authorization via plwao_register_settings()
Description The Preloader for Website plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the plwaoregistersettings function in versions up to, and including, 1.2.2. This makes it possible for unauthenticated attackers to reset the plugin's...
WCFM Marketplace < 3.6.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
Description The WCFM Marketplace plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'wcfmstores' shortcode in versions up to, and including, 3.6.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
Big File Uploads < 2.1.2 - Cross-Site Request Forgery via actions
Description The Big File Uploads plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.1.1. This is due to missing or incorrect nonce validation on the actions function. This makes it possible for unauthenticated attackers to dismiss or delay admin...
WooCommerce < 7.0.1 - Authenticated(Shop Manager+) Sensitive Information Exposure
Description The WooCommerce plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 7.0.0. This can allow authenticated attackers with Shop Manager privileges or above to extract sensitive user metadata including session tokens...
Phlox Portfolio < 2.3.2 - Unauthenticated Local File Inclusion
Description The Phlox Portfolio plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.3.1. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files...
WP Maintenance < 6.1.4 - IP Restriction Bypass
Description The WP Maintenance plugin for WordPress is vulnerable to IP Address Restriction Bypass in versions up to, and including, 6.1.3. This can be used to bypass settings that may have blocked out an IP address from accessing a page on the site...
SearchIQ < 4.5 - Unauthenticated Sensitive Information Disclosure
Description The plugin is vulnerable to unauthorized access of data due to a missing capability check on the getSIQPluginSettings function, allowing unauthenticated attackers to view information such as the plugin settings, theme, and WordPress and PHP version...
Community by PeepSo < 6.2.0.0 - Cross-Site Request Forgery via delete
Description The Community by PeepSo plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 6.1.6.0. This is due to missing or incorrect nonce validation on the delete function. This makes it possible for unauthenticated attackers to delete PeepSo posts...
Essential Grid < 3.0.19 - Missing Authorization
Description The Essential Grid plugin for WordPress is vulnerable to unauthorized access of functionality due to a missing capability check on several functions in versions up to, and including, 3.0.18. This makes it possible for authenticated attackers, with subscriber-level access and above, to...
Pricing Deals for WooCommerce <= 2.0.3.2 - Missing Authorization via vtprd_ajax_clone_rule
Description The Pricing Deals for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data| due to a missing capability check on the 'vtprdajaxclonerule' function in versions up to, and including, 2.0.3.2. This makes it possible for unauthenticated attackers to clone...
Admin and Site Enhancements (ASE) < 5.8.0 - Password Protection Mode Security Feature Bypass
Description The Admin and Site Enhancements ASE plugin for WordPress is vulnerable to security feature bypass in all versions up to, and including, 5.7.1. This is due to a flawed authentication mechanism within the maybeprocesslogin function. This makes it possible for unauthenticated attackers t...
Elementor Addon Elements < 1.12.8 - Unauthenticated Post ID/Tile Disclosure
Description The plugin does not have authorisation in its ajaxeaepostdata function, allowing unauthenticated users to retrieve arbitrary posts/pages such as draft, private etc IDs and tiles...
Church Admin < 3.8.0 - Server-Side Request Forgery (SSRF)
Description Server-Side Request Forgery SSRF vulnerability in Andy Moyle Church Admin.This issue affects Church Admin: from n/a through 3.7.56...
AI ChatBot < 4.9.3 - Cross-Site Request Forgery (CSRF)
Description The plugin does not protect some of its actions against CSRF attacks, allowing an unauthenticated attacker to perform actions on their behalf by tricking a logged in user to submit a crafted request. This vulnerability is the same as CVE-2023-5534, but was reintroduced in version 4.9....
WordPress Popular Posts < 6.3.3 - Contributor+ Stored XSS
Description The plugin does not validate and escape some parameters, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
PageLayer < 1.7.7 - Unauthenticated Stored XSS
Description The plugin doesn't prevent unauthenticated attackers from updating a post's header or footer code on scheduled posts. PoC Unauthenticated attacker Proof of Concept 1 As a legitimate administrator, schedule a post to be published in a few minutes. 2 Close every window to that site to...
File Manager Pro < 1.8.1 - Admin+ Remote Code Execution
Description The plugin allows admin users to upload arbitrary files, even in environments where such a user should not be able to gain full control of the server, such as a multisite installation. This leads to remote code execution. PoC As an admin, use the File Manager UI to upload a file...
Borderless < 1.4.9 - Admin+ Stored XSS
Description The plugin does not validate and escape some parameters, which could allow users with the admin role and above to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
Ninja Forms < 3.6.26 - Admin+ Stored HTML Injection
Description The plugin does not sanitize and escape its label fields, which could allow high privilege users such as admin to perform Stored HTML injection. Only users with the unfilteredhtml capability can perform this, and such users are already allowed to use JS in posts/comments etc however t...
Bus Ticket Booking with Seat Reservation < 5.2.4 - Reflected XSS
Description The plugin does not sanitise and escape the tabdate and tabdater parameters before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
Freemius SDK < 2.5.10 - Reflected Cross-Site Scripting
Description The Freemius SDK for WordPress does not adequately sanitize inputs or escape outputs, leading to Reflected Cross-Site Scripting. This directly affects over 1000 plugins and themes that use this SDK...
OAuth Single Sign On – SSO (OAuth Client) < 6.23.4 - Improper Authentication
Description The plugin does not have authorisation in various AJAX actions, which could allow users with a role as low as Subscriber to call them and perform unauthorised actions...
WooCommerce Ship to Multiple Addresses < 3.8.6 - Cross-Site Request Forgery
Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...
MultiParcels Shipping For WooCommerce < 1.15.4 - Reflected XSS
Description The plugin does not sanitise and escape various parameters before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin Note: The issue was fixed in 1.14.15 but re-introduced in 1.14.16 PoC Make a...
SMTP Mail <= 1.2.16 - Unauthenticated Stored Cross-Site Scripting
The plugin does not properly sanitize and escape input in email subjects when the 'Save Data SendMail' feature is enabled, leading to potential Stored Cross-Site Scripting issues...
WP-Members Membership < 3.4.8 - Subscriber+ Unauthorized Plugin Settings Update
The plugin does not correctly implement capability checks on the dofieldreorder function, allowing authenticated users with only subscriber-level access to reorder form elements on login forms...
Metform Elementor Contact Form Builder < Unauthenticated CSV Injection
The plugin does not properly escape user-supplied input which is output in CSV files, which could be abused in CSV Injection attacks...
USM Premium < 16.3 - Admin+ Stored XSS
The plugin does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example, in multisite setup. PoC Put the payload in any text field of the "8 ...
MStore API < 3.9.1 - Authentication Bypass
The plugin does not properly verify the user provided when redemption coupons via its REST API, allowing unauthenticated users to login as an arbitrary user by providing their ID...
Hide My WP Ghost – Security < 5.0.20 - IP Address Spoofing
The plugin does not adequately restrict where IP Address information is retrieved from, leading to an IP Address Spoofing vulnerabilities. Attackers may use this to bypass IP blocking features provided by the plugin...
Cart Lift < 3.1.6 - Reflected XSS
The plugin does not sanitise and escape the cartsearch parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
WP-CORS <= 0.2.1 - Admin+ Stored XSS
The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
Image Optimizer by 10web < 1.0.27 - Reflected Cross-Site Scripting
The plugin does not sanitise and escape the iowdtabsactive parameter before rendering it in the plugin admin panel, leading to a reflected Cross-Site Scripting vulnerability, allowing an attacker to trick a logged in admin to execute arbitrary javascript by clicking a link. PoC Make a logged in...
YARPP - Yet Another Related Posts Plugin < 5.30.3 - Subscriber+ SQLi
The plugin does not validate and escape some of its shortcode attributes before using them in SQL statement/s, which could allow any authenticated users, such as subscribers to perform SQL Injection attacks. PoC Run the below command in the developer console of the web browser while being on the...
ActiveCampaign < 8.1.12 - Contributor+ Stored XSS
The plugin does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks PoC As a contributor, add a "AC Forms" Gutenberg block ...
SparkPost <= 3.2.5 - Admin+ Stored XSS
The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
ShopEngine < 4.1.2 - CSRF
The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...
affiliate-toolkit – WordPress Affiliate < 3.3.4 - Editor+ Stored XSS
The plugin does not sanitise and escape some parameters, which could allow users with a role as low as Editor to perform Cross-Site Scripting attacks...
Contact Forms by Cimatti < 1.5.5 - Reflected XSS
The plugin does not sanitise and escape various parameters before outputting them back in pages, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
Lazy Social Comments <= 2.0.4 - Admin+ Stored Cross-Site Scripting
The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
WordPress Amazon S3 Plugin < 1.6 - Reflected XSS
The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin PoC...
Redirection < 1.1.4 - Redirect Creation via CSRF
The plugin does not add nonce verification in place when adding the redirect, which could allow attackers to add redirects via a CSRF attack. PoC POST /wp-admin/admin-ajax.php HTTP/2 Host: sawcup.s2-tastewp.com Cookie: test=test; User-Agent: useragent Accept: / Accept-Language: en-US,en;q=0.5...
GiveWP < 2.25.2 - Contributor+ Stored XSS
The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
Coming Soon & Maintenance < 4.1.7 - Unauthenticated Post/Page Access in Maintenance Mode
The plugin does not restrict access to published and non protected posts/pages when the maintenance mode is enabled, allowing unauthenticated users to access them PoC Run the below command in the developer console of the web browser while being on the blog as unauthenticated, when maintenance mod...
OAuth Single Sign On - SSO (OAuth Client) Premium < 38.4.9 - IdP Deletion via CSRF
The plugin does not have CSRF checks when deleting Identity Providers IdP, which could allow attackers to make logged in admins delete arbitrary IdP via a CSRF attack PoC https://example.com/wp-admin/admin.php?page=mooauthsettings=config=delete=wordpress...
For the visually impaired <= 0.58 - Cross-Site Request Forgery (CSRF)
The plugin does not protect its vipluginsetupmenu function against CSRF attacks, allowing an unauthenticated attacker to update plugin settings by tricking a logged in user to submit a crafted request...