14603 matches found
Pretty Link Lite <= 1.6.2 - XSS in SWF
The Pretty Links – Link Management, Branding, Tracking & Sharing Plugin WordPress plugin was affected by a XSS in SWF security vulnerability...
Contextual Related Posts < 1.8.7 - Cross-Site Request Forgery
The Contextual Related Posts WordPress plugin was affected by a Cross-Site Request Forgery security vulnerability, which could lead to Cross-Site Scripting issues...
Count Per Day <= 3.2.3 - notes.php note Parameter XSS
The Count per Day WordPress plugin was affected by a notes.php note Parameter XSS security vulnerability...
Chat <= 1.0.8 - Cross-Site Scripting (XSS) in 'message' Parameter
The chat WordPress plugin was affected by a Cross-Site Scripting XSS in 'message' Parameter security vulnerability...
Download Monitor < 3.3.6.2 - Multiple XSS
The Download Monitor WordPress plugin was affected by a Multiple XSS security vulnerability...
Backupbuddy - importbuddy.php Restore Operation Persistence Weakness
The backupbuddy WordPress plugin was affected by an importbuddy.php Restore Operation Persistence Weakness security vulnerability...
White Label CMS - Cross-Site Request Forgery
The White Label CMS WordPress plugin was affected by a Cross-Site Request Forgery security vulnerability...
Zingiri Web Shop < 2.4.0 - Multiple Unspecified Issues
The zingiri-web-shop WordPress plugin was affected by a Multiple Unspecified Issues security vulnerability...
WP Postratings < 1.62 - Authenticated SQL Injection
The WP-PostRatings WordPress plugin was affected by a SQL Injection security vulnerability allowing authenticated users author+ to execute SQL commands via the id attribute of the ratings shortcode when creating a post...
Ultimate Addons for WPBakery Page Builder < 3.19.20.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
Description The Ultimate Addons for WPBakery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's ultimateinfotable shortcode in all versions up to, and including, 3.19.20 due to insufficient input sanitization and output escaping on user supplied attributes. This...
Newspaper < 12.6.6 - Authenticated (Author+) Stored Cross-Site Scripting via Attachment Meta
Description The Newspaper theme for WordPress is vulnerable to Stored Cross-Site Scripting via attachment meta in the archive page in all versions up to, and including, 12.6.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
Tainacan < 0.21.4 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The Tainacan plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 0.21.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject...
Oxygen Builder < 4.8.3 - Authenticated (Contributor+) Remote Code Execution
Description The Oxygen Builder plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 4.8.2 via post metadata. This is due to the plugin storing custom data in post metadata without an underscore prefix. This makes it possible for lower privileged users,...
Contact Form Plugin by Fluent Forms < 5.1.14 - Subscriber+ Stored XSS
Description The plugin is vulnerable to Stored Cross-Site Scripting via form settings due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with access to the Fluent Forms settings, to inject arbitrary web scripts in pages that will execut...
Contact Form Plugin by Fluent Forms < 5.1.17 - Contributor+ Stored XSS
Description The plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘subject’ parameter due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, and access granted by an...
AI Engine: ChatGPT Chatbot < 2.2.70 - Authenticated (Editor+) Arbitrary File Upload
Description The AI Engine plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 2.2.63. This makes it possible for authenticated attackers, with Editor-level access and above, to upload arbitrary files on the affecte...
Table Maker <= 1.9.1 - Authenticated (Author+) Stored Cross-Site Scripting
Description The Table Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.9.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject...
Insert or Embed Articulate Content into WordPress <= 4.3000000023 - Iframe Injection
Description The plugin lacks validation of URLs when adding iframes, allowing attackers to inject an iFrame in the page and thus load arbitrary content from any page. PoC 1 Create a new post 2 Add and e-Learning block and upload a zip file 3 Select the "Insert As: Iframe" option 4 Intercept the...
LearnPress – WordPress LMS Plugin < 4.2.6.6 - Authenticated (Instructor+) Arbitrary File Upload
Description The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'savepostmaterials' function in versions up to, and including, 4.2.6.5. This makes it possible for authenticated attackers, with Instructor-lev...
Porto < 7.1.1 - Unauthenticated Local File Inclusion via porto_ajax_posts
Description The Porto theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 7.1.0 via the 'portoajaxposts' function. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any P...
WholesaleX – WooCommerce Wholesale Plugin (Wholesale Prices, Dynamic Pricing, Tiered Pricing) < 1.3.3 - Unauthenticated PHP Object Injection
Description The WholesaleX – WooCommerce Wholesale Plugin Wholesale Prices, Dynamic Pricing, Tiered Pricing plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.3.2 via deserialization of untrusted input. This makes it possible for unauthenticated...
Exclusive Addons Elementor < 2.6.9.2 - Missing Authorization to Post Duplication
Description The Exclusive Addons Elementor plugin for WordPress is vulnerable to unauthorized access of datadue to an insufficient capability check on the duplicatepost function in versions up to, and including, 2.6.9.1. This makes it possible for authenticated attackers, with contributor-level...
WTI Like Post <= 1.4.6 - IP Spoofing
Description The WTI Like Post plugin for WordPress is vulnerable to IP Address Spoofing in all versions up to, and including, 1.4.6 due to insufficient IP address validation and/or use of user-supplied HTTP headers as a primary method for IP retrieval. This makes it possible for unauthenticated...
WooCommerce Amazon Affiliates - Wordpress Plugin <= 14.0.10 - Authenticated (Subscriber+) Privilege Escalation
Description The WooCommerce Amazon Affiliates - Wordpress Plugin plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 14.0.10. This makes it possible for authenticated attackers, with subscriber-level access and above, to elevate their privileges...
Barcode Scanner with Inventory & Order Manager < 1.5.4 - Missing Authorization
Description The Barcode Scanner with Inventory & Order Manager plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in versions up to, and including, 1.5.3. This makes it possible for unauthenticated attackers to perform an unauthorized action...
Knowledge Base documentation & wiki plugin – BasePress < 2.16.2.1 - Missing Authorization
Description The Knowledge Base documentation & wiki plugin – BasePress plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several AJAX actions in versions up to, and including, 2.16.1. This makes it possible for authenticated attackers, with...
All in One SEO < 4.6.1.1 - Contributor+ Stored XSS
Description The plugin does not validate and escape some of its Post fields before outputting them back, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks PoC As a contributor, create a post and put the following payload in the "Meta...
Subway – Private Site Option <= 2.1.4 - Improper Access Control to Sensitive Information Exposure via REST API
Description The Subway – Private Site Option plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.1.4 via the REST API. This makes it possible for unauthenticated attackers to bypass the plugin's private site feature and view restricted page...
Post Grid Gutenberg Blocks and WordPress Blog Plugin – PostX < 4.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The Post Grid Gutenberg Blocks and WordPress Blog Plugin – PostX plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 4.0.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible...
HUSKY – Products Filter for WooCommerce (formerly WOOF) < 1.3.5.3 - Subscriber+ Remote Code Execution
Description The HUSKY – Products Filter Professional for WooCommerce plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.3.5.2. This makes it possible for authenticated attackers, with subscriber-level access and above, to execute code on the server...
Theme My Login < 7.1.7 - Missing Authorization to Notice Dismissal
Description The Theme My Login plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the tmladminajaxdismissnotice function in all versions up to, and including, 7.1.6. This makes it possible for authenticated attackers, with subscriber-level...
Meta Slider < 3.70.1 - Contributor+ Stored Cross-Site Scripting via metaslider Shortcode
Description The plugin is vulnerable to Stored Cross-Site Scripting via the plugin's 'metaslider' shortcode in all versions up to, and including, 3.70.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with...
RapidLoad Power-Up for Autoptimize < 2.2.12 - Unauthenticated Server-Side Request Forgery
Description The RapidLoad 2.2 – Speed Monster in One Plugin plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.2.11. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web...
Modal Window < 5.3.10 - Modal Deletion via CSRF
Description The plugin does not have CSRF check in place when bulk deleting modals, which could allow attackers to make a logged in admin delete them via a CSRF attack PoC Have a logged in admin open an HTML file containing where ID is an existing modal: action...
WordPress Gallery Plugin – NextGEN Gallery < 3.59.1 - Missing Authorization to Unauthenticated Information Disclosure
Description The WordPress Gallery Plugin – NextGEN Gallery plugin is vulnerable to unauthorized access of data due to a missing capability check on the getitem function. This makes it possible for unauthenticated attackers to extract sensitive data including EXIF and other metadata of any image...
ProfileGrid < 5.7.9 - Authenticated (Subscriber+) SQL Injection
Description The ProfileGrid plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 5.7.8 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, wit...
WP-CRM System < 3.2.9.1 - Authenticated (Administrator+) Stored Cross-Site Scripting
Description The WordPress CRM Plugin – WP-CRM System plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 3.2.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, wit...
Finale Lite < 2.18.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Installation and Activation
Description The Finale Lite – Sales Countdown Timer & Discount for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check in all versions up to, and including, 2.18.0. This makes it possible for authenticated attackers, with...
LearnPress < 4.2.6.4 - Authenticated(LP Instructor+) Stored Cross-Site Scripting
Description The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Course, Lesson, and Quiz title and content in all versions up to, and including, 4.2.6.3 due to insufficient input sanitization and output escaping. This makes it possible f...
Easy Digital Downloads – Sell Digital Files & Subscriptions (eCommerce Store + Payments Made Easy) < 3.2.10 - Sensitive Information Exposure
Description The Easy Digital Downloads – Sell Digital Files & Subscriptions eCommerce Store + Payments Made Easy plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.2.9. This makes it possible for unauthenticated attackers to download the...
WP Hotel Booking < 2.0.9.3 - Improper Authorization on Multiple REST API Routes
Description The WP Hotel Booking plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to an improper capability check on the 'pricingplans', 'blockdate', 'managerbookings', and 'updatefieldroom' functions for the 'pricing-plans', 'block-date',...
YITH WooCommerce Account Funds Premium < 1.34.0 - Missing Authorization
Description The YITH WooCommerce Account Funds Premium plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 1.33.0. This makes it possible for authenticated attackers, with customer-level access and above, ...
Save as PDF by Pdfcrowd < 3.2.2 - Admin+ Stored XSS
Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC 1. Go to "Settings Save as Image"...
ReviewX < 1.6.23 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The ReviewX plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.6.22 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject...
HUSKY < 1.3.5.3 - Admin+ Local File Inclusion
Description The plugin is vulnerable to Local File Inclusion via the 'type' parameter. This makes it possible for authenticated attackers, with administrator-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This c...
Ultimate Addons for Beaver Builder – Lite < 1.5.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Heading Widget
Description The Ultimate Addons for Beaver Builder – Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Heading widget in all versions up to, and including, 1.5.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...
WP Go Maps < 9.0.35 - Information Exposure to Potential Denial of Service
Description The plugin is vulnerable to unauthenticated API key disclosure due to the plugin adding the API key to several plugin files. This makes it possible for unauthenticated attackers to obtain the developer's Google API key. While this does not affect the security of sites using this plugi...
BetterDocs – Best Documentation, FAQ & Knowledge Base Plugin with AI Support & Instant Answer For Elementor & Gutenberg < 3.5.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
Description The BetterDocs – Best Documentation, FAQ & Knowledge Base Plugin with AI Support & Instant Answer For Elementor & Gutenberg plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 3.4.2 due to insufficient inp...
MJM Clinic < 1.1.23 - Authenticated (Administrator+) Stored Cross-Site Scripting
Description The MJM Clinic plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.1.22 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...
Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder < 1.15.23 - Sensitive Information Exposure
Description The Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.15.22 via the signature functionality. This makes it possible for unauthenticated attackers to extrac...